Configuring a portal-free rule

A portal-free rule allows specified users to access specified external websites without portal authentication.

The matching items for a portal-free rule include the host name, source/destination IP address, TCP/UDP port number, source MAC address, access interface, and VLAN. Packets matching a portal-free rule will not trigger portal authentication, so users sending the packets can directly access the specified external websites.

You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise, the system prompts that the rule already exists.

Regardless of whether portal authentication is enabled or not, you can only add or remove a portal-free rule. You cannot modify it.

To configure an IP-based portal-free rule:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Configure an IPv4-based portal-free rule.

portal free-rule rule-number { destination ip { ip-address { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] | source ip { ip-address { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] } * [ interface interface-type interface-number ]

By default, no IPv4-based portal-free rule exists.

3. Configure an IPv6-based portal-free rule.

portal free-rule rule-number { destination ipv6 { ipv6-address prefix-length | any } [ tcp tcp-port-number | udp udp-port-number ] | source ipv6 { ipv6-address prefix-length | any } [ tcp tcp-port-number | udp udp-port-number ] } * [ interface interface-type interface-number ]

By default, no IPv6-based portal-free rule exists.

To configure a source-based portal-free rule:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Configure a source-based portal-free rule.

portal free-rule rule-number source { interface interface-type interface-number | mac mac-address | vlan vlan-id } *

By default, no source-based portal-free rule exists.

The vlan vlan-id option takes effect only on portal users that access the network through VLAN interfaces.

If you specify both a VLAN and an interface, the interface must belong to the VLAN. Otherwise, the portal-free rule does not take effect.

To configure a destination-based portal-free rule:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Configure a destination-based portal-free rule.

portal free-rule rule-number destination host-name

By default, no destination-based portal-free rule exists.