Controlling access of portal users, Configuring a portal-free rule, Configuring an authentication subnet – H3C Technologies H3C SecPath F1000-E User Manual
Page 10

9
Controlling Access of Portal Users
Configuring a Portal-Free Rule
A portal-free rule allows specified users to access specified external websites without portal
authentication.
The matching items for a portal-free rule include the source and destination IP address, source MAC
address, inbound interface, and VLAN. Packets matching a portal-free rule will not trigger portal
authentication, so that users sending the packets can directly access the specified external websites.
Follow these steps to configure a portal-free rule:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Configure a portal-free rule
portal free-rule rule-number
{ destination { any | ip
{ ip-address mask { mask-length |
netmask } | any } } | source
{ any | [ interface interface-type
interface-number | ip { ip-address
mask { mask-length | mask } |
any } | mac mac-address | vlan
vlan-id ] * } } *
Required
NOTE:
•
If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the VLAN.
Otherwise, the rule does not take effect.
•
You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise, the system
prompts that the rule already exists.
•
No matter whether portal authentication is enabled, you can only add or remove a portal-free rule,
rather than modifying it.
•
A Layer 2 interface in an aggregation group cannot be specified as the source interface of a portal-free
rule, and the source interface of a portal-free rule cannot be added to an aggregation group.
Configuring an Authentication Subnet
By configuring authentication subnets, you specify that only HTTP packets from users on the
authentication subnets can trigger portal authentication. If an unauthenticated user is not on any
authentication subnet, the access device discards all the user’s HTTP packets that do not match any
portal-free rule.
Follow these steps to configure an authentication subnet:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter interface view
interface interface-type
interface-number
—