4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

441

442

443

444

445

446

447

448

449

450

435

Usage guidelines

When portal fail-permit is enabled for a portal authentication server and a portal Web server on an

interface, the interface disables portal authentication for portal users if either server is unreachable.

Portal authentication resumes on the interface when both servers become reachable. After portal

authentication resumes, unauthenticated portal users need to pass authentication to access network

resources. Portal users who has passed authentication can continue accessing network resources.

You can enable portal fail-permit for at most one portal authentication server and one portal Web server

on an interface.

Examples

# Enable portal fail-permit for portal authentication server pts1 on interface Ethernet 1/1.

<Sysname> system-view

[Sysname] interface ethernet 1/1

[Sysname-Ethernet1/1] portal fail-permit server pts1

Related commands

display portal interface

portal free-all except destination

Use portal free-all except destination to configure an IPv4 portal authentication destination subnet on an

interface.

Use undo portal free-all except destination to delete the IPv4 portal authentication destination subnets

on the interface.

Syntax

portal free-all except destination ipv4-network-address { mask-length | mask }

undo portal free-all except destination [ ipv4-network-address ]

Default

No IPv4 portal authentication destination subnet is configured on the interface. Portal users must pass

portal authentication to access any subnet.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv4-network-address: Specifies an IPv4 portal authentication subnet address.

mask-length: Specifies the subnet mask length for the authentication subnet address, in the range of 0 to

32.

mask: Specifies the subnet mask in dotted decimal format.

Usage guidelines

Portal users on the interface are authenticated when accessing the specified authentication destination

subnet (except IP addresses and subnets specified in portal-free rules). The users can access other subnets

without portal authentication.