•
Specify the source IP address as 2000::1/64, the destination IP address as 2001::1, and the
destination TCP port number as 23.
•
Specify the interface as VLAN-interface 1.
<Sysname> system-view
[Sysname] portal free-rule 2 destination ipv6 2001::1 128 tcp 23 source ip 2000::1 64
interface vlan-interface 1
With this rule, users in subnet 2000::1/64 do not need to pass portal authentication on
VLAN-interface 1 when they access services provided on TCP port 23 of host 2001::1.
Related commands
display portal rule
portal free-rule destination
Use portal free-rule destination to configure a destination-based portal-free rule.
Use undo portal free-rule to delete portal-free rules.
Syntax
portal free-rule rule-number destination host-name
undo portal free-rule { rule-number | all }
Default
No destination-based portal-free rule is configured.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
rule-number: Specifies a portal-free rule number. The value range for this argument is 0 to
4294967295.
destination: Specifies the destination host.
host-name: Specifies the destination host by its name, a case-insensitive string of 1 to 253
characters. Valid characters are letters, digits, hyphens (-), underscores (_), dots (.), and asterisks (*).
The host name string cannot be ip and ipv6.
all: Specifies all portal-free rules.
Usage guidelines
You can configure a host name in one of the following ways:
•
For exact match—Specify a complete host name. For example, if you configure the host name
as abc.com.cn in the portal-free rule, only packets that contain the host name abc.com.cn
match the rule. Packets that carry any other host names (such as dfabc.com.cn) do not match
the rule.
•
For fuzzy match—Specify a host name by placing the asterisk (*) wildcard character at the
beginning or end of the host name string. For example, if you configure the host name as
*abc.com.cn, abc*, or *abc*, packets that carry the host name ending with abc.com.cn,
starting with abc, or including abc match the rule.
The asterisk (*) wildcard character represents any characters. The device treats multiple
consecutive asterisks as one.
275