3com S7906E Installationsanweisungen
1-9
To do…
Use the command…
Remarks
Configure a portal-free rule
portal free-rule rule-number
{ destination { any | ip
{ ip-address mask
{ mask-length | netmask } |
any } } | source { any |
[ interface interface-type
interface-number | ip
{ ip-address mask
{ mask-length | mask } | any } |
mac mac-address | vlan
vlan-id ] * } } *
{ destination { any | ip
{ ip-address mask
{ mask-length | netmask } |
any } } | source { any |
[ interface interface-type
interface-number | ip
{ ip-address mask
{ mask-length | mask } | any } |
mac mac-address | vlan
vlan-id ] * } } *
Required
z
If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the
VLAN.
z
You cannot configure two or more portal-free rules with the same filtering conditions. Otherwise,
the system prompts that the rule already exists.
z
No matter whether portal authentication is enabled, you can only add or remove a portal-free rule,
rather than modifying it.
Configuring an Authentication Subnet
By configuring authentication subnets, you can allow portal authentication to be triggered by only
packets from users on the authentication subnets. If a user does not initiate portal authentication before
accessing the external network and the user’s packets are neither matching the portal-free rules nor
from authentication subnets, the user packets will be discarded by the access device.
Follow these steps to configure an authentication subnet:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter interface view
interface interface-type
interface-number
interface-number
—
Configure an authentication
subnet
subnet
portal auth-network
network-address { mask-length
| mask }
network-address { mask-length
| mask }
Optional
By default, the authentication
subnet is 0.0.0.0/0, which
means that users with any
source IP addresses are to be
authenticated.
subnet is 0.0.0.0/0, which
means that users with any
source IP addresses are to be
authenticated.