[x]

Portal configuration commands > portal free-rule

 

 Next

portal free-rule

Syntax

portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | netmask } | any } [ tcp tcp-port-number | udp udp-port-number ] | ipv6 { ipv6-address prefix-length | any } } | source { any | [ interface interface-type interface-number | ip { ip-address mask { mask-length | netmask } | any } [ tcp tcp-port-number | udp udp-port-number ] | ipv6 { ipv6-address prefix-length | any } | mac mac-address | vlan vlan-id ] * } } *

undo portal free-rule { rule-number | all }

View

System view

Default level

2: System level

Parameters

rule-number: Specifies a number for the portal-free rule, in the range 0 to 63.

any: Imposes no limitation on the previous keyword.

ip ip-address: Specifies an IP address.

mask { mask-length | netmask }: Specifies the mask of the IP address, which can be in dotted decimal notation or an integer in the range of 0 to 32.

ipv6 ipv6-address: Specifies an IPv6 address for the portal-free rule.

prefix-length: Specifies the prefix length of the IPv6 address, in the range of 1 to 128.

tcp tcp-port-number: Specifies a TCP port number in the range of 0 to 65535.

udp udp-port-number: Specifies a UDP port number in the range of 0 to 65535.

interface interface-type interface-number: Specifies a source interface.

mac mac-address: Specifies a source MAC address in the format H-H-H.

vlan vlan-id: Specifies a source VLAN ID.

all: Specifies all portal-free rules.

Description

Use portal free-rule to configure a portal-free rule and specify the source filtering condition, destination filtering condition, or both.

Use undo portal free-rule to remove a specified portal-free rule or all portal-free rules.

If you specify both the source IPv4 address and source MAC address, the IPv4 address must be a host address with a 32-bit mask. Otherwise, the specified MAC address does not take effect.

If you specify both a source IPv6 address and a source MAC address in a portal-free rule, the IPv6 address must be a host address with a 128-bit prefix. Otherwise, the specified MAC address does not take effect.

If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the VLAN. Otherwise, the rule does not take effect.

If you specify both a source port number and a destination port number for a portal-free rule, the source and destination port numbers must belong to the same transport layer protocol.

You cannot configure a portal-free rule to have the same filtering criteria as that of an existing one. When attempted, the system prompts that the rule already exists.

Regardless of whether portal authentication is enabled or not, you can only add or remove a portal-free rule. You cannot modify it.

A Layer 2 Ethernet port in an aggregation group cannot be specified as the source port of a portal-free rule, and the source port of a portal-free rule cannot be added to an aggregation group.

For Layer 2 portal authentication, you can configure only portal-free rules that are from any source address to any or a specific destination address. With such a portal-free rule configured, users can access the specified address without portal authentication.

Related commands: display portal free-rule.

Examples

# Configure a portal-free rule, allowing any packet whose source IP address is 10.10.10.1/24 and source interface is VLAN-interface 1 to bypass portal authentication.

<Sysname> system-view
[Sysname] portal free-rule 15 source ip 10.10.10.1 mask 24 interface vlan-interface 1 destination ip any

prev

 

up

 next

portal domain 

home

 portal local-server

© Copyright 2016 Hewlett Packard Enterprise Development LP