Controlling Access Of Portal Users; Configuring A Portal-Free Rule - HP 5120 SI Series Security Configuration Manual
Hide thumbs
Also See for 5120 SI Series:
- Command reference manual (395 pages) ,
- Installation manual (48 pages) ,
- Specification (33 pages)
Table of Contents
Advertisement
Cross-subnet authentication mode (portal server server-name method layer3) does not require
•
Layer 3 forwarding devices between the access device and the authentication clients. However, if
Layer 3 forwarding devices exist between the authentication client and the access device, you must
select the cross-subnet portal authentication mode.
•
You can enable both an IPv4 portal server and an IPv6 portal server for Layer 3 portal
authentication on an interface, but you cannot enable two IPv4 or two IPv6 portal servers on the
interface.
Configuration prerequisites
Before enabling Layer 3 portal authentication on an interface, make sure that:
•
An IP address is configured for the interface.
The interface is not added to any port aggregation group.
•
The portal server to be referenced on the interface exists.
•
•
Layer 2 portal authentication is not enabled on any ports.
Configuration procedure
Follow these steps to enable Layer 3 portal authentication:
To do...
Enter system view
Enter interface view
Enable Layer 3 portal
authentication on the interface
Controlling access of portal users
Configuring a portal-free rule
A portal-free rule allows specified users to access specified external websites without portal
authentication.
The matching items for a portal-free rule include the source and destination IP address, source MAC
address, inbound interface, and VLAN. Packets matching a portal-free rule will not trigger portal
authentication, so that users sending the packets can directly access the specified external websites.
For Layer 2 portal authentication, you can configure only a portal-free rule that is from any source
address to any or a specific destination address. If you configure a portal-free rule that is from any source
address to a specific destination address, users can access the specified address directly, without being
redirected to the portal authentication page for portal authentication. Usually, you can configure the IP
address of a server that provides certain services (such as software upgrading service) as the destination
IP address of a portal-free rule, so that Layer 2 portal authentication users can access the services without
portal authentication.
Follow these steps to configure a portal-free rule:
To do...
Enter system view
Use the command...
system-view
interface interface-type
interface-number
portal server server-name method
{ direct | layer3 }
Use the command...
system-view
124
Remarks
—
The interface must be a Layer 3
interface.
Required
Not enabled by default.
Remarks
—
Advertisement
Table of Contents
Troubleshooting
