Configuration procedure, Controlling access of portal users, Configuring a portal-free rule – H3C Technologies H3C SecPath F1000-E User Manual

Page 129

119

there are Layer 3 forwarding devices between the authentication client and the access device, you

must select the cross-subnet portal authentication mode.

•

In re-DHCP authentication mode, a client can use a public IP address to send packets before
passing portal authentication. However, responses to the packets are restricted.

Configuration procedure

To enable Layer 3 portal authentication:

Step Command

Remarks

Enter system view.

system-view

N/A

Enter interface view.

interface interface-type
interface-number

The interface must be a Layer 3
Ethernet interface.

Enable Layer 3 portal
authentication on the

interface.

portal server server-name method
{ direct | layer3 | redhcp }

Not enabled by default.

Controlling access of portal users

Configuring a portal-free rule

A portal-free rule allows specified users to access specified external websites without portal

authentication.
The matching items for a portal-free rule include the source and destination IP address, source MAC
address, inbound interface, and VLAN. Packets matching a portal-free rule will not trigger portal

authentication, so that users sending the packets can directly access the specified external websites.
When you configure a portal-free rule, follow these guidelines:

•

If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the
VLAN. Otherwise, the rule does not take effect.

•

You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise, the

system prompts that the rule already exists.

•

A Layer 2 interface in an aggregation group cannot be specified as the source interface of a
portal-free rule, and the source interface of a portal-free rule cannot be added to an aggregation

group.

To configure a portal-free rule:

Step Command

Enter system view.

system-view

Configure a portal-free rule.

portal free-rule rule-number { destination { any | ip { ip-address mask
{ mask-length | netmask } | any } } | source { any | [ interface

interface-type interface-number | ip { ip-address mask { mask-length |
mask } | any } | mac mac-address | vlan vlan-id ] * } } *

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS