R2511-HP MSR Router Series Security Command Reference(V5)
367
Usage guidelines
This command is only applicable for cross-subnet authentication (layer3). The portal authentication
source subnet for direct authentication (direct) can be any source IP address, and the portal
authentication source subnet for re-DHCP authentication (redhcp) is the one determined by the private IP
address of the interface connecting the users.
You can configure multiple authentication source subnets.
If both an authentication source subnet and destination subnet are configured on an interface, only the
authentication destination subnet takes effect.
Examples
# Configure a portal authentication source subnet of 10.10.10.0/24 on Ethernet 1/1 to allow users from
subnet 10.10.10.0/24 to trigger portal authentication.
<Sysname> system-view
[Sysname] interface ethernet 1/1
[Sysname-Ethernet1/1] portal auth-network 10.10.10.0 24
portal auth-network destination
Use portal auth-network destination to configure an authentication destination subnet on an interface.
Then, only users accessing the specified subnet (excluding the destination IP addresses and subnets
specified in portal-free rules) trigger portal authentication on the interface. Users can access other
networks through the interface without portal authentication.
Use undo portal auth-network destination to cancel the specified or all authentication destination
subnets.
Syntax
portal auth-network destination network-address { mask-length | mask }
undo portal auth-network destination { network-address | all }
Default
The authentication destination subnet is 0.0.0.0/0, which means users accessing any subnets must pass
portal authentication.
Views
Interface view
Default command level
2: System level
Parameters
network-address: IP address of the authentication destination subnet.
mask-length: Length of the subnet mask, in the range of 0 to 32.
mask: Subnet mask, in dotted decimal notation.
all: Removes all authentication destination subnets.
Usage guidelines
Only the three Layer 3 portal authentication modes (direct, re-DHCP, and cross-subnet) support
configuring authentication destination subnets.