HP MSR2000/3000/4000 Router Series Security Command Reference
440
Usage guidelines
With IPv6 authentication source subnets configured, only packets from IPv6 users on the authentication
source subnets can trigger portal authentication. If an unauthenticated IPv6 user is not on any
authentication source subnet, the access device discards all the user's packets that do not match any
portal-free rule.
If you do not specify the ipv6-network-address argument in the undo portal ipv6 layer3 source command,
this command deletes all IPv6 portal authentication source subnets on the interface.
Only cross-subnet authentication supports authentication source subnets.
If you configure both an authentication source subnet and an authentication destination subnet on an
interface, only the authentication destination subnet takes effect.
Examples
# Configure an IPv6 portal authentication source subnet of 1::1/16 on interface Ethernet 1/1. Only portal
users from subnet 1::1/16 trigger portal authentication.
<Sysname> system-view
[Sysname] interface ethernet1/1
[Sysname–Ethernet1/1] portal ipv6 layer3 source 1::1 16
Related commands
• display portal interface
• portal ipv6 free-all except destination
portal ipv6 user-detect
Use portal ipv6 user-detect to enable online detection of IPv6 portal users on an interface.
Use undo portal user-detect to restore the default.
Syntax
portal ipv6 user-detect type { nd | icmpv6 } [ retry retries] [ interval interval ] [ idle time ]
undo portal ipv6 user-detect
Default
Online detection of IPv6 portal users is disabled on the interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
type: Specifies the type of detection packets.
• nd—ND packets.
• icmpv6—ICMPv6 packets.
retry retries: Sets the maximum number of detection attempts, in the range of 1 to 10, and the default is
3. If the device receives no reply from a portal user when this threshold is reached, it logs out the portal
user.