Configuring an authentication subnet
By configuring authentication subnets, you can allow portal authentication to be triggered by only
packets from users on the authentication subnets. If a user does not initiate portal authentication
before accessing the external network and the user's packets are neither matching the portal-free
rules nor from authentication subnets, the user packets will be discarded by the access device.
Follow these steps to configure an authentication subnet:
To do...
1.
Enter system view
2.
Enter interface view
3.
Configure an
authentication
subnet
Configuration of authentication subnets applies to only Layer 3 portal authentication.
Logging out users
Logging out a user terminates the authentication process for the user or removes the user from the
authenticated users list.
Follow these steps to log out users:
To do...
1.
Enter system view
2.
Log out users
Specifying a mandatory authentication domain
After you specify a mandatory authentication domain for an interface, the switch will use the
mandatory authentication domain for authentication, authorization, and accounting (AAA) of the
portal users on the interface, ignoring the domain names carried in the usernames. Thereby, you
can specify different authentication domains for different interfaces as needed.
Follow these steps to specify an authentication domain for an interface:
To do...
1.
Enter system view
2.
Enter interface view
Use the command...
system-view
interface interface-type interface-
number
portal auth-network network-
address { mask-length | mask }
Use the command...
system-view
portal delete-user { ip-address | all | interface
interface-type interface-number }
Use the command...
system-view
interface interface-type
interface-number
101
Remarks
—
—
Optional
By default, the authentication subnet is
0.0.0.0/0, which means that users with any
source IP addresses are to be authenticated.
Remarks
—
Required
Remarks
—
—