Configuring an authentication source subnet

Only Layer 3 portal authentication supports this feature.

By configuring authentication source subnets, you specify that only HTTP packets from users on the authentication source subnets can trigger portal authentication. If an unauthenticated user is not on any authentication source subnet, the access device discards all the user's HTTP packets that do not match any portal-free rule.

Configuration of authentication source subnets applies to only cross-subnet authentication. In direct authentication mode, the authentication source subnet is 0.0.0.0/0. In re-DHCP authentication mode, the authentication source subnet of an interface is the subnet to which the private IP address of the interface belongs.

To configure an authentication source subnet:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Configure an authentication source subnet.	portal auth-network { ipv4-network-address { mask-length \| mask } \| ipv6 ipv6-network-address prefix-length }	Optional. By default, the authentication source IPv4 and IPv6 subnets are 0.0.0.0/0 and ::/0, respectively, which mean that users from any subnets must pass portal authentication. You can configure multiple authentication source subnets.

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter interface view.

interface interface-type interface-number

N/A

3. Configure an authentication source subnet.

portal auth-network { ipv4-network-address { mask-length | mask } | ipv6 ipv6-network-address prefix-length }

Optional.

By default, the authentication source IPv4 and IPv6 subnets are 0.0.0.0/0 and ::/0, respectively, which mean that users from any subnets must pass portal authentication.

You can configure multiple authentication source subnets.

prev	up	next
Configuring a portal-free rule	home	Setting the maximum number of online portal users