Configuring a portal-free rule
A portal-free rule allows specified users to access specified external websites without portal authentication.
The matching items for a portal-free rule include the source and destination IP address, TCP/UDP port number, source MAC address, inbound interface, and VLAN. Packets matching a portal-free rule will not trigger portal authentication, so that users sending the packets can directly access the specified external websites.
For Layer 2 portal authentication, you can configure only a portal-free rule that is from any source address to any or a specified destination address. If you configure a portal-free rule that is from any source address to a specified destination address, users can access the specified address directly, without being redirected to the portal authentication page for portal authentication. Usually, you can configure the IP address of a server that provides certain services (such as software upgrading service) as the destination IP address of a portal-free rule, so that Layer 2 portal authentication users can access the services without portal authentication.
Follow these guidelines when you configure a portal-free rule:
If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the VLAN. Otherwise, the rule does not take effect.
You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise, the system prompts that the rule already exists.
A Layer 2 interface in an aggregation group cannot be specified as the source interface of a portal-free rule, and the source interface of a portal-free rule cannot be added to an aggregation group.
To configure a portal-free rule:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Configure a portal-free rule. |
| Configure at least one command. |
![[NOTE: ]](images/note.png) | NOTE: Regardless of whether portal authentication is enabled or not, you can only add or remove a portal-free rule. You cannot modify it. | |