Specifying a preauthentication domain

The preauthentication domain takes effect only on portal users with IP addresses obtained through DHCP or DHCPv6.

After you configure a preauthentication domain on a portal-enabled interface, the device authorizes users on the interface as follows:

  1. After an unauthenticated user obtains an IP address, the user is assigned authorization attributes configured for the preauthentication domain.

    The authorization attributes in a preauthentication domain include ACL and CAR.

    An unauthenticated user who is authorized with the authorization attributes in a preauthentication domain is called a preauthentication user.

  2. After the user passes portal authentication, the user is assigned new authorization attributes from the AAA server.

  3. After the user goes offline, the user is reassigned the authorization attributes in the preauthentication domain.

The preauthentication domain does not take effect on interfaces enabled with cross-subnet portal authentication.

Make sure you specify an existing ISP domain as a preauthentication domain. If the specified ISP domain does not exist, the device might operate incorrectly.

You must delete a preauthentication domain (by using the undo portal [ ipv6 ] pre-auth domain command) and reconfigure it in the following situations:

To specify a preauthentication domain:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter interface view.

interface interface-type interface-number

N/A

3. Specify a preauthentication domain.

portal [ ipv6 ] pre-auth domain domain-name

By default, no preauthentication domain is specified on an interface.