HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

161

162

163

164

165

166

167

168

169

170

159

Configuration procedure

To configure an IPv4 portal-free rule:

Ste

Command

1. Enter system view.

system-view

2. Configure a portal-free

rule.

portal free-rule rule-number { destination { any | ip { ipv4-address mask

{ mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] } |

source { any | [ interface interface-type interface-number | ip { ipv4-address

mask { mask-length | mask } | any } [ tcp tcp-port-number | udp

udp-port-number ] | mac mac-address | vlan vlan-id ] * } } *

Configuring an IPv4 authentication source subnet

By configuring authentication source subnets, you specify that only HTTP packets from users on the

authentication source subnets can trigger portal authentication. If an unauthenticated user is not on any

authentication source subnet, the access device discards all the user's HTTP packets that do not match

any portal-free rule.

Configuration of authentication source subnets applies to only cross-subnet authentication. In direct

authentication mode, the authentication source subnet is 0.0.0.0/0. In re-DHCP authentication mode,

the authentication source subnet of an interface is the subnet to which the private IP address of the

interface belongs.

To configure an IPv4 authentication source subnet:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type interface-number N/A

3. Configure an IPv4

authentication source

subnet.

portal auth-network

ipv4-network-address { mask-length |

mask }

By default, the authentication

source IPv4 is 0.0.0.0/0, which

means that users from any subnets

must pass portal authentication.

You can configure up to 16

authentication source subnets.

Setting the maximum number of online portal users

You can use this feature to control the total number of online portal users in the system.

If the maximum number of online portal you set is less than that of the current online portal users, the limit

can be set successfully and does not impact the online portal users, but the system does not allow new

portal users to log on until the number drops down below the limit.

To set the maximum number of online portal users allowed in the system:

Ste

Command

Remarks

1. Enter system view.

system-view N/A