Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
61626364656667686970
61
Examples
# Configure the authentication domain to be used for portal users on GigabitEthernet 0/1 as
my-domain.
<Sysname> system-view
[Sysname] interface gigabitethernet 0/1
[Sysname-GigabitEthernet0/1] portal domain my-domain
portal free-rule
Syntax
portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | netmask } | any } }
| source { any | [ interface interface-type interface-number | ip { ip-address mask { mask-length |
netmask } | any } | mac mac-address | vlan vlan-id ] * } } *
undo portal free-rule { rule-number | all }
View
System view
Default level
2: System level
Parameters
rule-number: Number for the portal-free rule, in the range of 0 to 15.
any: Imposes no limitation on the previous keyword.
ip ip-address: Specifies an IP address.
mask { mask-length | netmask }: Specifies the mask of the IP address, which can be in dotted decimal
notation or an integer in the range of 0 to 32.
interface interface-type interface-number: Specifies a source interface.
mac mac-address: Specifies a source MAC address in the format H-H-H.
vlan vlan-id: Specifies a source VLAN ID.
all: Specifies all portal-free rules.
Description
Use portal free-rule to configure a portal-free rule and specify the source filtering condition, destination
filtering condition, or both.
Use undo portal free-rule to remove a specific portal-free rule or all portal-free rules.
If you specify both the source IP address and source MAC address, the IP address must be a host address
with a 32-bit mask. Otherwise, the specified MAC address does not take effect.
If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the VLAN.
Otherwise, the rule does not take effect.
You cannot configure a portal-free rule to have the same filtering criteria as that of an existing one. When
attempted, the system prompts that the rule already exists.
No matter whether portal authentication is enabled on an interface, you can only add or remove a
portal-free rule, rather than modifying it.