143
NOTE:
• The destination port number that the device uses for sending unsolicited packets to the portal server mus
be the same as the port number that the remote portal server actually uses.
• The portal server and its parameters can be deleted or modified only when the portal server is not
referenced by any interface.
• Cross-subnet authentication mode (portal server
server-name
method layer3) does not require Layer 3
forwarding devices between the access device and the authentication clients. However, if Layer 3
forwarding devices exist between the authentication client and the access device, you must select the
cross-subnet portal authentication mode.
• In re-DHCP authentication mode, a client can use a public IP address to send packets before passing
portal authentication. However, responses to the packets are restricted.
Controlling access of portal users
Configuring a portal-free rule
A portal-free rule allows specified users to access specified external websites without portal
authentication.
The matching items for a portal-free rule include the source and destination IP address, source MAC
address, inbound interface, and VLAN. Packets matching a portal-free rule will not trigger portal
authentication, so that users sending the packets can directly access the specified external websites.
For Layer 2 portal authentication, you can configure only a portal-free rule that is from any source
address to any or a specified destination address. If you configure a portal-free rule that is from any
source address to a specified destination address, users can access the specified address directly,
without being redirected to the portal authentication page for portal authentication. Usually, you can
configure the IP address of a server that provides certain services (such as software upgrading service)
as the destination IP address of a portal-free rule, so that Layer 2 portal authentication users can access
the services without portal authentication.
Follow these steps to configure a portal-free rule:
To do… Use the command…
Remarks
Enter system view system-view —
Configure a portal-free rule
portal free-rule rule-number
{ destination { any | ip { ip-address
mask { mask-length | netmask } |
any } } | source { any | [ interface
interface-type interface-number |
ip { ip-address mask { mask-length
| mask } | any } | mac
mac-address | vlan vlan-id ] * } } *
Required
To Next Page
Loading...
Need help?
General