To do...
Configure a portal-free rule
If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the
VLAN.
You cannot configure two or more portal-free rules with the same filtering conditions. Otherwise,
the system prompts that the rule already exists.
No matter whether portal authentication is enabled, you can only add or remove a portal-free rule,
rather than modifying it.
Configuring an Authentication Subnet
By configuring authentication subnets, you can allow portal authentication to be triggered by only
packets from users on the authentication subnets. If a user does not initiate portal authentication before
accessing the external network and the user's packets are neither matching the portal-free rules nor
from authentication subnets, the user packets will be discarded by the access device.
Follow these steps to configure an authentication subnet:
To do...
Enter system view
Enter interface view
Configure an authentication
subnet
Use the command...
portal free-rule rule-number
{ destination { any | ip
{ ip-address mask
{ mask-length | netmask } |
any } } | source { any |
[ interface interface-type
interface-number | ip
{ ip-address mask
{ mask-length | mask } | any } |
mac mac-address | vlan
vlan-id ] * } } *
Use the command...
system-view
interface interface-type
interface-number
portal auth-network
network-address { mask-length
| mask }
1-9
Remarks
Required
Remarks
—
—
Optional
By default, the authentication
subnet is 0.0.0.0/0, which
means that users with any
source IP addresses are to be
authenticated.