NOTE:
The destination port number that the device uses for sending unsolicited packets to the portal server must
•
be the same as the port number that the remote portal server actually uses.
•
The portal server and its parameters can be deleted or modified only when the portal server is not
referenced by any interface.
Cross-subnet authentication mode (portal server
•
forwarding devices between the access device and the authentication clients. However, if Layer 3
forwarding devices exist between the authentication client and the access device, you must select the
cross-subnet portal authentication mode.
In re-DHCP authentication mode, a client can use a public IP address to send packets before passing
•
portal authentication. However, responses to the packets are restricted.
Controlling access of portal users
Configuring a portal-free rule
A portal-free rule allows specified users to access specified external websites without portal
authentication.
The matching items for a portal-free rule include the source and destination IP address, source MAC
address, inbound interface, and VLAN. Packets matching a portal-free rule will not trigger portal
authentication, so that users sending the packets can directly access the specified external websites.
For Layer 2 portal authentication, you can configure only a portal-free rule that is from any source
address to any or a specified destination address. If you configure a portal-free rule that is from any
source address to a specified destination address, users can access the specified address directly,
without being redirected to the portal authentication page for portal authentication. Usually, you can
configure the IP address of a server that provides certain services (such as software upgrading service)
as the destination IP address of a portal-free rule, so that Layer 2 portal authentication users can access
the services without portal authentication.
Follow these steps to configure a portal-free rule:
To do...
Enter system view
Configure a portal-free rule
server-name
Use the command...
system-view
portal free-rule rule-number
{ destination { any | ip { ip-address
mask { mask-length | netmask } |
any } } | source { any | [ interface
interface-type interface-number |
ip { ip-address mask { mask-length
| mask } | any } | mac
mac-address | vlan vlan-id ] * } } *
143
method layer3) does not require Layer 3
Remarks
—
Required