The destination port number that the switch uses for sending unsolicited packets to the portal server
•
must be the same as that the remote portal server actually uses.
Cross-subnet authentication mode (portal server server-name method layer3) does not require
•
Layer 3 forwarding devices between the access device and the authentication clients. However, if
there are Layer 3 forwarding devices between the authentication client and the access device, you
must select the cross-subnet portal authentication mode.
In re-DHCP authentication mode, a client can use a public IP address to send packets before
•
passing portal authentication. However, responses to the packets are restricted.
•
An IPv6 portal server does not support the re-DHCP portal authentication mode.
You can enable both an IPv4 portal server and an IPv6 portal server for Layer 3 portal
•
authentication on an interface, but you cannot enable two IPv4 or two IPv6 portal servers on the
interface.
The portal server and its parameters can be deleted or modified only when the portal server is not
•
referenced by any interface.
Configuration procedure
To enable Layer 3 portal authentication:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Enable Layer 3 portal
authentication on the
interface.
Controlling access of portal users
Configuring a portal-free rule
A portal-free rule allows specified users to access specified external websites without portal
authentication.
The matching items for a portal-free rule include the source and destination IP address, and VLAN.
Packets matching a portal-free rule do not trigger portal authentication, so that users sending the packets
can directly access the specified external websites.
Follow these guidelines when you configure a portal-free rule:
•
You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise, the
system prompts that the rule already exists.
A Layer 2 interface in an aggregation group cannot be specified as the source interface of a
•
portal-free rule, and the source interface of a portal-free rule cannot be added to an aggregation
group.
To configure an IPv4 portal-free rule:
Command
system-view
interface interface-type
interface-number
portal server server-name method
{ direct | layer3 | redhcp }
111
Remarks
N/A
The interface must be a Layer 3
interface.
Disabled by default.