R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

181

182

183

184

185

186

187

188

189

190

167

portal free-rule

Use portal free-rule to configure a portal-free rule and specify the source filtering condition, destination

filtering condition, or both.

Use undo portal free-rule to remove a specific portal-free rule or all portal-free rules.

Syntax

portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | mask } | any } [ tcp

tcp-port-number [ to tcp-port-number ] | udp udp-port-number [ to udp-port-number ] ] } | source { any |

[ interface interface-type interface-number | ip { ip-address mask { mask-length

| mask } | any } [ tcp

tcp-port-number [ to tcp-port-number ] | udp udp-port-number [ to udp-port-number ] ] | mac mac-address

| vlan vlan-id ] ] * } } *

undo portal free-rule { rule-number | all

}

Views

System view

Default command level

2: System level

Parameters

rule-number: Number for the portal-free rule, in the range of 0 to 1023.

any: Imposes no limitation on the previous keyword.

ip ip-address: Specifies an IP address for the portal-free rule.

mask { mask-length | mask }: Specifies a mask or mask length for the IP address. The mask argument is

a subnet mask in dotted decimal notation. The mask-length argument is a subnet mask length, an integer

in the range of 0 to 32.

tcp tcp-port-number [ to tcp-port-number ]: Specifies a range of TCP port numbers. The value range for the

tcp-port-number argument is 0 to 65535.

udp udp-port-number [ to udp-port-number ]: Specifies a range of UDP port numbers. The value range for

the udp-port-number argument is 0 to 65535.

interface interface-type interface-number: Specifies a source interface.

mac mac-address: Specifies a source MAC address in the format H-H-H.

vlan vlan-id: Specifies a source VLAN ID. The vlan vlan-id option is supported by

HSR6802/HSR6804/HSR6808 configured with SAP modules that operate in bridge mode.

all: Specifies all portal-free rules.

Usage guidelines

If you specify both a source IP address and a source MAC address in a portal-free rule, the IP address

must be a host address with a 32-bit mask. Otherwise, the specified MAC address does not take effect.

If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the VLAN.

Otherwise, the rule does not take effect.

If you specify both a source port number and a destination port number for a portal-free rule, the source

and destination port numbers must belong to the same transport layer protocol.