F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
163
205BConfiguring an authentication source subnet
By configuring authentication source subnets, you specify that only HTTP packets from users on the
authentication source subnets can trigger portal authentication. If an unauthenticated user is not on any
authentication source subnet, the access device discards all the user's HTTP packets that do not match
any portal-free rule.
Configuration of authentication source subnets applies to only cross-subnet authentication. In direct
authentication mode, the authentication source subnet is 0.0.0.0/0. In re-DHCP authentication mode,
the authentication source subnet of an interface is the subnet to which the private IP address of the
interface belongs.
To configure an authentication source subnet:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Configure an
authentication source
subnet.
portal auth-network
ipv4-network-address { mask-length |
mask }
Optional.
By default, the authentication
source IPv4 is 0.0.0.0/0, which
means that users from any subnets
must pass portal authentication.
You can configure up to 16
authentication source subnets.
206BSetting the maximum number of online portal users
You can use this feature to control the total number of online portal users in the system.
If the maximum number of online portal you set is less than that of the current online portal users, the limit
can be set successfully and does not impact the online portal users, but the system does not allow new
portal users to log on until the number drops down below the limit.
To set the maximum number of online portal users allowed in the system:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the maximum number of
online portal users.
portal max-user
max-number
The default maximum number of online portal
users varies with device models. For more
information, see the command reference.
207BSpecifying a portal authentication domain
After you specify an authentication domain for portal users on an interface, the device uses the
authentication domain for AAA of all portal users on the interface, ignoring the domain names carried
in the usernames. This allows you to specify different authentication domains for different interfaces as
needed.
To specify the authentication domain for portal users on an interface: