beautypg.com

Controlling access of portal users, Configuring a portal-free rule, Configuring an authentication subnet – H3C Technologies H3C SecPath F1000-E User Manual

Page 10

background image

9

Controlling Access of Portal Users

Configuring a Portal-Free Rule

A portal-free rule allows specified users to access specified external websites without portal

authentication.
The matching items for a portal-free rule include the source and destination IP address, source MAC

address, inbound interface, and VLAN. Packets matching a portal-free rule will not trigger portal

authentication, so that users sending the packets can directly access the specified external websites.
Follow these steps to configure a portal-free rule:

To do…

Use the command…

Remarks

Enter system view

system-view

Configure a portal-free rule

portal free-rule rule-number
{ destination { any | ip
{ ip-address mask { mask-length |
netmask } | any } } | source
{ any | [ interface interface-type
interface-number | ip { ip-address
mask { mask-length | mask } |
any } | mac mac-address | vlan

vlan-id ] * } } *

Required

NOTE:

If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the VLAN.
Otherwise, the rule does not take effect.

You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise, the system
prompts that the rule already exists.

No matter whether portal authentication is enabled, you can only add or remove a portal-free rule,
rather than modifying it.

A Layer 2 interface in an aggregation group cannot be specified as the source interface of a portal-free
rule, and the source interface of a portal-free rule cannot be added to an aggregation group.

Configuring an Authentication Subnet

By configuring authentication subnets, you specify that only HTTP packets from users on the

authentication subnets can trigger portal authentication. If an unauthenticated user is not on any

authentication subnet, the access device discards all the user’s HTTP packets that do not match any
portal-free rule.
Follow these steps to configure an authentication subnet:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter interface view

interface interface-type
interface-number