Portal Auth-Network Destination - HPE FlexNetwork HSR6800 Security Command Reference

Hide thumbs Also See for FlexNetwork HSR6800:
Table of Contents

Advertisement

mask-length: Length of the subnet mask, in the range of 0 to 32.
mask: Subnet mask, in dotted decimal notation.
all: Specifies all authentication source subnets.
Usage guidelines
This command is only applicable for cross-subnet authentication (layer3). The portal authentication
source subnet for direct authentication (direct) can be any source IP address, and the portal
authentication source subnet for re-DHCP authentication (redhcp) is the one determined by the
private IP address of the interface connecting the users.
You can configure multiple authentication source subnets by executing the portal auth-network
command. The system supports up to 16 authentication source subnets and destination subnets.
Examples
# Configure a portal authentication source subnet of 10.10.10.0/24 on GigabitEthernet 3/0/1 to allow
users from subnet 10.10.10.0/24 to trigger portal authentication.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet3/0/1] portal auth-network 10.10.10.0 24

portal auth-network destination

Use portal auth-network destination to configure an authentication destination subnet on an
interface. Then, only users accessing the specified subnet (excluding the destination IP addresses
and subnets specified in portal-free rules) trigger portal authentication on the interface. Users can
access other networks through the interface without portal authentication.
Use undo portal auth-network destination to cancel the specified or all authentication destination
subnets.
Syntax
portal auth-network destination network-address { mask-length | mask }
undo portal auth-network destination { network-address | all }
Default
The authentication destination subnet is 0.0.0.0/0, meaning that users accessing any subnets must
pass portal authentication.
Views
Interface view
Default command level
2: System level
Parameters
network-address: IP address of the authentication destination subnet.
mask-length: Length of the subnet mask, in the range of 0 to 32.
mask: Subnet mask, in dotted decimal notation.
all: Removes all authentication destination subnets.
Usage guidelines
Only the three Layer 3 portal authentication modes (direct, re-DHCP, and cross-subnet) support
configuring authentication destination subnets.
156

Advertisement

Table of Contents
loading

Table of Contents