R3303-HP HSR6800 Routers Security Configuration Guide
133
Configuring an authentication destination subnet
By configuring authentication destination subnets, you specify that only users accessing the specified
subnets (excluding the destination IP addresses and subnets specified in portal-free rules) trigger portal
authentication. Users can access other subnets without portal authentication.
If both authentication source subnets and destination subnets are configured on an interface, only the
authentication destination subnet takes effect.
To configure an authentication destination subnet:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Configure an authentication
destination subnet.
portal auth-network destination
network-address { mask-length |
mask }
Optional.
By default, the authentication
destination subnet is 0.0.0.0/0,
which means that users accessing
any subnets must pass portal
authentication.
You can configure multiple
authentication destination subnets
by executing this command.
The system supports up to 16
authentication source subnets and
destination subnets.
Setting the maximum number of online portal users
You can use this feature to control the total number of online portal users in the system.
If the maximum number of online portal you set is less than that of the current online portal users, the limit
can be set successfully and does not impact the online portal users, but the system does not allow new
portal users to log on until the number drops down below the limit.
To set the maximum number of online portal users allowed in the system:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the maximum number of
online portal users.
portal max-user max-number
By default, the maximum number of
online portal users is the maximum
number of online portal users
supported by the system.
Specifying an authentication domain for portal users
After you specify an authentication domain for portal users on an interface, the device uses the
authentication domain for authentication, authorization, and accounting (AAA) of all portal users on the