R3303-HP HSR6800 Routers Security Configuration Guide
132
Ste
p
Command
2. Configure a portal-free
rule.
portal free-rule rule-number { destination { any | ip { ip-address mask
{ mask-length | mask } | any } [ tcp tcp-port-number [ to tcp-port-number ] |
udp udp-port-number [ to udp-port-number ] ] } | source { any | [ interface
interface-type interface-number | ip { ip-address mask { mask-length | mask }
| any } [ tcp tcp-port-number [ to tcp-port-number ] | udp udp-port-number [ to
udp-port-number ] ] | mac mac-address | vlan vlan-id ] ] * } } *
Configuring an authentication source subnet
By configuring authentication source subnets, you specify that only HTTP packets from users on the
authentication source subnets can trigger portal authentication. If an unauthenticated user is not on any
authentication source subnet, the access device discards all the user's HTTP packets that do not match
any portal-free rule.
Configuration of authentication source subnets applies to only cross-subnet authentication. In direct
authentication mode, the authentication source subnet is 0.0.0.0/0. In re-DHCP authentication mode,
the authentication source subnet of an interface is the subnet to which the private IP address of the
interface belongs.
If both an authentication source subnet and destination subnet are configured on an interface, only the
authentication destination subnet takes effect.
To configure an authentication source subnet:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface
view.
interface interface-type interface-number N/A
3. Configure an
authentication
source subnet.
portal auth-network network-address
{ mask-length | mask }
Optional.
By default, the authentication
source subnet is 0.0.0.0/0, which
means that users from any subnets
must pass portal authentication.
You can configure multiple
authentication source subnets by
executing this command.
The system supports up to 16
authentication source subnets and
destination subnets.