Specifying a preauthentication IP address pool
About preauthentication IP address pools
You must specify a preauthentication IP address pool on a portal-enabled interface in the following situation:
Portal users access the network through a subinterface of the portal-enabled interface.
The subinterface does not have an IP address.
Portal users need to obtain IP addresses through DHCP.
After a user connects to a portal-enabled interface, the user uses an IP address for portal authentication according to the following rules:
If the interface is configured with a preauthentication IP address pool, the user uses the following IP address:
If the client is configured to obtain an IP address automatically through DHCP, the user obtains an address from the specified IP address pool.
If the client is configured with a static IP address, the user uses the static IP address. However, if the interface does not have an IP address, users using static IP addresses cannot pass authentication.
If the interface has an IP address but no preauthentication IP pool specified, the user uses the static IP address or the IP address obtained from a DHCP server.
If the interface has no IP address or preauthentication IP pool specified, the user cannot perform portal authentication.
After the user passes portal authentication, the AAA server authorizes an IP address pool for re-assigning an IP address to the user. If no authorized IP address pool is deployed, the user continues using the previous IP address.
Restrictions and guidelines
This configuration takes effect only when the direct IPv4 portal authentication is enabled on the interface.
Make sure the specified IP address pool exists and is complete. Otherwise, the user cannot obtain the IP address and cannot perform portal authentication.
If the portal user does not perform authentication or fails to pass authentication, the assigned IP address is still retained.
Procedure
Enter system view.
system-view
Enter Layer 3 interface view.
interface interface-type interface-number
Specify a preauthentication IP address pool on the interface.
portal [ ipv6 ] pre-auth ip-pool pool-name
By default, no preauthentication IP address pool is specified on an interface.