R3303-HP HSR6800 Routers Security Configuration Guide
131
Configuration prerequisites
Before enabling Layer 3 portal authentication on an interface, make sure:
• An IP address is configured for the interface.
• The interface is not added to any port aggregation group.
• The portal server to be referenced on the interface exists.
Configuration procedure
To enable Layer 3 portal authentication:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
The interface must be a Layer 3
Ethernet interface.
3. Enable Layer 3 portal
authentication on the
interface.
portal server server-name method
{ direct | layer3 | redhcp }
Not enabled by default.
Controlling access of portal users
Configuring a portal-free rule
A portal-free rule allows specified users to access specified external websites without portal
authentication.
The matching items for a portal-free rule include the source and destination IP address, TCP/UDP port
number, source MAC address, inbound interface, and VLAN. Packets matching a portal-free rule will not
trigger portal authentication, so users sending the packets can directly access the specified external
websites.
Configuration guidelines
• If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the
VLAN. Otherwise, the rule does not take effect.
• You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise, the
system prompts that the rule already exists.
• Regardless of whether portal authentication is enabled or not, you can only add or remove a
portal-free rule. You cannot modify it.
• A Layer 2 interface in an aggregation group cannot be specified as the source interface of a
portal-free rule, and the source interface of a portal-free rule cannot be added to an aggregation
group.
Configuration procedure
To configure a portal-free rule:
Ste
p
Command
1. Enter system view.
system-view