Configuring an authentication source subnet – H3C Technologies H3C S6300 Series Switches User Manual
Page 114
99
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure a
source-based
portal-free rule.
portal free-rule rule-number source
{ interface interface-type
interface-number | mac mac-address |
vlan vlan-id } *
By default, no source-based
portal-free rule exists.
If you specify both a VLAN and an
interface, the interface must belong
to the VLAN. Otherwise, the
portal-free rule does not take effect.
Configuring an authentication source subnet
By configuring authentication source subnets, you specify that only HTTP packets from users on the
authentication source subnets can trigger portal authentication. If an unauthenticated user is not on any
authentication source subnet, the access device discards all the user's HTTP packets that do not match
any portal-free rule.
When you configure a portal authentication source subnet, follow these restrictions and guidelines:
•
Authentication source subnets apply only to cross-subnet portal authentication.
•
In direct or re-DHCP portal authentication mode, a portal user and its access interface
(portal-enabled) are on the same subnet. It is not necessary to specify the subnet as the
authentication source subnet. If the specified authentication source subnet is different from the
access subnet of the users, the users will fail the portal authentication.
{
In direct mode, the access device regards the authentication source subnet as any source IP
address.
{
In re-DHCP mode, the access device regards the authentication source subnet on an interface
as the subnet to which the private IP address of the interface belongs.
•
If both authentication source subnets and destination subnets are configured on an interface, only
the authentication destination subnets take effect.
•
You can configure multiple authentication source subnets. If the source subnets overlap, the subnet
with the largest address scope (with the smallest mask or prefix) takes effect.
To configure an IPv4 portal authentication source subnet:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type
interface-number
N/A
3.
Configure an IPv4 portal
authentication source subnet.
portal layer3 source
ipv4-network-address
{ mask-length | mask }
By default, no IPv4 portal
authentication source subnet is
configured, and users from any
subnets must pass portal
authentication.
To configure an IPv6 portal authentication source subnet: