Configuring an authentication source subnet

Only Layer 3 portal authentication supports this feature.

By configuring authentication source subnets, you specify that only HTTP packets from users on the authentication source subnets can trigger portal authentication. If an unauthenticated user is not on any authentication source subnet, the access device discards all the user's HTTP packets that do not match any portal-free rule.

To configure an authentication source subnet:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter interface view.

interface interface-type interface-number

N/A

3. Configure an authentication source subnet.

portal auth-network { ipv4-network-address { mask-length | mask } | ipv6 ipv6-network-address prefix-length }

Optional.

By default, the source IPv4 subnet is 0.0.0.0/0, and the source IPv6 subnet is ::/0, meaning that users from any IPv4 or IPv6 subnet must pass portal authentication to access network resources.

You can configure multiple authentication source subnets by executing the portal auth-network command repeatedly.


[NOTE: ]

NOTE:

Configuration of authentication source subnets applies to only cross-subnet authentication. In direct authentication mode, the authentication source subnet is 0.0.0.0/0. In re-DHCP authentication mode, the authentication source subnet of an interface is the subnet to which the private IP address of the interface belongs.