Configuring an authentication subnet – H3C Technologies H3C S7500E Series Switches User Manual

8-10

z

If you specify both a VLAN and an interface in a portal-free rule, the interface must belong

to the VLAN.

z

You cannot configure two or more portal-free rules with the same filtering conditions.

Otherwise, the system prompts that the rule already exists.

z

No matter whether portal authentication is enabled, you can only add or remove a

portal-free rule, rather than modifying it.

Configuring an Authentication Subnet

By configuring authentication subnets, you can allow portal authentication to be triggered by

only packets from users on the authentication subnets. If a user does not initiate portal

authentication before accessing the external network and the user’s packets are neither

matching the portal-free rules nor from authentication subnets, the user packets will be

discarded by the access device.

Follow these steps to configure an authentication subnet:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter interface view

interface interface-type

interface-number

—

Configure an authentication

subnet

portal auth-network

network-address { mask-length |

mask }

Optional

By default, the authentication

subnet is 0.0.0.0/0, which

means that users with any

source IP addresses are to be

authenticated.

z

Configuration of authentication subnets applies to only Layer 3 portal authentication.

z

In direct authentication mode, the authentication subnet is 0.0.0.0/0.

z

In re-DHCP authentication mode, the authentication subnet of an interface is the subnet to

which the private IP address of the interface belongs.