portal auth-network
Syntax
portal auth-network { ipv4-network-address { mask-length | mask } | ipv6 ipv6-network-address prefix-length }
undo portal auth-network { ipv4-network-address | all | ipv6 ipv6-network-address }
View
VLAN interface view
Default level
2: System level
Parameters
ipv4-network-address: Specifies the IPv4 address of the authentication source subnet.
mask-length: Specifies the length of the subnet mask, in the range of 0 to 32.
mask: Specifies the subnet mask, in dotted decimal notation.
ipv6 ipv6-network-address: Specifies the IPv6 address of the authentication source subnet.
prefix-length: IPv6 address prefix length, in the range of 0 to 128.
all: Specifies all authentication source subnets.
Description
Use portal auth-network to configure a portal authentication source subnet on an interface. You can use this command to configure multiple portal authentication source subnets on an interface. Then, only HTTP packets from the subnets can trigger portal authentication on the interface. If an unauthenticated user is not on any authentication source subnet, the access device discards all the user's packets that do not match any portal-free rule.
Use undo portal auth-network to remove a specified portal authentication source subnet or all portal authentication subnets.
By default, the source IPv4 subnet is 0.0.0.0/0, and the source IPv6 subnet is ::/0, meaning that users from any IPv4 or IPv6 subnet must pass portal authentication to access network resources.
This command is only applicable for cross-subnet authentication (layer3). The portal authentication source subnet for direct authentication (direct) can be any source IP address, and the portal authentication source subnet for re-DHCP authentication (redhcp) is the one determined by the private IP address of the interface connecting the users.
You can configure multiple authentication source subnets by executing the portal auth-network command repeatedly.
Examples
# Configure a portal authentication source subnet of 10.10.10.0/24 on interface VLAN-interface 2 to allow users from subnet 10.10.10.0/24 to trigger portal authentication.
<Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname–Vlan-interface2] portal auth-network 10.10.10.0 24