Configuring an authentication destination subnet
By configuring authentication destination subnets, you specify that users trigger portal authentication only when they accessing the specified subnets (excluding the destination IP addresses and subnets specified in portal-free rules). Users can access other subnets without portal authentication.
If both authentication source subnets and destination subnets are configured on an interface, only the authentication destination subnets take effect.
You can configure multiple authentication destination subnets. If the destination subnets overlap, the subnet with the largest address scope (with the smallest mask or prefix) takes effect.
To configure an IPv4 portal authentication destination subnet:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Configure an IPv4 portal authentication destination subnet. | portal free-all except destination ipv4-network-address { mask-length | mask } | By default, no IPv4 portal authentication destination subnet is configured, and users accessing any subnets must pass portal authentication. |
To configure an IPv6 portal authentication destination subnet:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Configure an IPv6 portal authentication destination subnet. | portal ipv6 free-all except destination ipv6-network-address prefix-length | By default, no IPv6 portal authentication destination subnet is configured, and users accessing any subnets must pass portal authentication. |