R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101
120
To configure a portal-free rule:
Ste
p
Command
1. Enter system view.
system-view
2. Configure a portal-free rule.
portal free-rule rule-number { destination { any | ip { ip-address mask
{ mask-length | netmask } | any } } | source { any | [ interface
interface-type interface-number | ip { ip-address mask { mask-length |
mask } | any } | mac mac-address | vlan vlan-id ] * } } *
NOTE:
Regardless of whether portal authentication is enabled, you can only add or remove a portal-free rule.
You cannot modify it.
Configuring an authentication source subnet
By configuring authentication source subnets, you specify that only HTTP packets from users on the
authentication source subnets can trigger portal authentication. If an unauthenticated user is not on any
authentication source subnet, the access device discards all the user's HTTP packets that do not match
any portal-free rule.
To configure an authentication source subnet:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Configure an authentication
source subnet.
portal auth-network
network-address { mask-length |
mask }
Optional.
By default, the authentication
source subnet is 0.0.0.0/0, which
means that users from any subnets
must pass portal authentication.
NOTE:
• Configuration of authentication source subnets applies to only cross-subnet authentication.
• In direct authentication mode, the authentication source subnet is 0.0.0.0/0.
• In re-DHCP authentication mode, the authentication source subnet of an interface is the subnet to which
the private IP address of the interface belongs.
Setting the maximum number of online portal users
You can use this feature to control the total number of online portal users in the system.
To set the maximum number of online portal users allowed in the system:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A