R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

100

To do… Use the command…

Remarks

Configure a portal-free

rule

portal free-rule rule-number { destination { any | ip

{ ip-address mask { mask-length | netmask } | any } }

| source { any | [ interface interface-type

interface-number | ip { ip-address mask { mask-length

| mask } | any } | mac mac-address | vlan vlan-id ]

* } } *

Required

NOTE:

• If you specify both a VLAN and an interface in a portal-free rule, the interface must belon

to the VLAN.

• You cannot configure two or more portal-free rules with the same filtering conditions. Otherwise, the

system prompts that the rule already exists.

• Regardless of whether portal authentication is enabled, you can only add or remove a portal-free rule,

rather than modifying it.

Configuring an authentication subnet

By configuring authentication subnets, you specify that only HTTP packets from users on the

authentication subnets can trigger portal authentication. If an unauthenticated user is not on any

authentication subnet, the access device discards all the user’s HTTP packets that do not match any

portal-free rule.

Follow these steps to configure an authentication subnet:

To do… Use the command…

Remarks

Enter system view system-view —

Enter interface view

interface interface-type

interface-number

—

Configure an

authentication subnet

portal auth-network

network-address { mask-length |

mask }

Optional

By default, the authentication subnet is

0.0.0.0/0, which means that users from any

subnet must pass portal authentication.

NOTE:

• Configuration of authentication subnets applies to only Layer 3 portal authentication.

• In direct authentication mode, the authentication subnet is 0.0.0.0/0.

• In re-DHCP authentication mode, the authentication subnet of an interface is the subnet to which the

private IP address of the interface belongs.

Specifying the source IP address for outgoing portal

packets

After you specify the source IP address for outgoing portal packets on an interface, the IP address is used

as the source IP address of packets that the access device sends to the portal server and the destination

IP address of packets that the portal server sends to the access device.