Configuring a portal-free rule
A portal-free rule allows specified users to access specified external websites without portal authentication.
The matching items for a portal-free rule include the source and destination IP address, source MAC address, inbound interface, and VLAN. Packets matching a portal-free rule will not trigger portal authentication, so users sending the packets can directly access the specified external websites.
For Layer 2 portal authentication, you can configure only a portal-free rule that is from any source address to any or a specific destination address. If you configure a portal-free rule that is from any source address to a specific destination address, users can access the specified address directly, without being redirected to the portal authentication page for portal authentication. Usually, you can configure the IP address of a server that provides certain services (such as software upgrading service) as the destination IP address of a portal-free rule, so that Layer 2 portal authentication users can access the services without portal authentication.
Configuration guidelines
If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the VLAN. Otherwise, the rule does not take effect.
You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise, the system prompts that the rule already exists.
Regardless of whether portal authentication is enabled or not, you can only add or remove a portal-free rule. You cannot modify it.
A Layer 2 interface in an aggregation group cannot be specified as the source interface of a portal-free rule, and the source interface of a portal-free rule cannot be added to an aggregation group.
Configuration procedure
To configure a portal-free rule:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Configure a portal-free rule. |
| Configure at least one command. |