Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
161162163164165166167168169170
162
Layer 3 forwarding devices exist between the authentication client and the access device, you must
select the cross-subnet portal authentication mode.
In re-DHCP authentication mode, a client can use a public IP address to send packets before
passing portal authentication. However, responses to the packets are restricted.
203BConfiguration procedure
To enable Layer 3 portal authentication:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
The interface must be a Layer 3
Ethernet interface.
3. Enable Layer 3 portal
authentication on the interface.
portal server server-name method
{ direct | layer3 | redhcp }
Not enabled by default.
68B
Controlling access of portal users
204BConfiguring a portal-free rule
A portal-free rule allows specified users to access specified external websites without portal
authentication.
The matching items for a portal-free rule include the source and destination IP address, source MAC
address, inbound interface, and VLAN. Packets matching a portal-free rule will not trigger portal
authentication, so users sending the packets can directly access the specified external websites.
383BConfiguration guidelines
If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the
VLAN. Otherwise, the rule does not take effect.
You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise, the
system prompts that the rule already exists.
Regardless of whether portal authentication is enabled or not, you can only add or remove a
portal-free rule. You cannot modify it.
384BConfiguration procedure
To configure a portal-free rule:
Ste
p
Command
1. Enter system view.
system-view
2. Configure a portal-free
rule.
portal free-rule rule-number { destination { any | ip { ip-address mask
{ mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] } |
source { any | [ interface interface-type interface-number | ip { ip-address mask
{ mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] |
mac mac-address | vlan vlan-id ] * } } *