How to configure an authentication-free rule for Portal authentication users on S series switch

20

For S series switches (except the S1700) running all versions, NAC can be configured in common mode. For switches running V200R005C00 and later versions, NAC can be configured in unified mode. For switches running V200R009C00, the configuration model of NAC unified mode changes. Query the appropriate product manual based on the switch model and version. The following links are for reference only.
In NAC common mode, configure an authentication-free rule to allow all Portal authentication users to access the network segment 10.1.1.1/24 without authentication.
[HUAWEI] portal free-rule 1 destination ip 10.1.1.1 mask 24 source ip any
For details, see "NAC Configuration (Common Mode) - (Optional) Setting Access Control Parameters for Portal Authentication Users" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication.

In NAC unified mode, configure an authentication-free rule to allow all NAC authentication users to access the network segment 10.1.1.1/24 without authentication.
[HUAWEI] authentication free-rule 1 destination ip 10.1.1.1 mask 24 source ip any
For details, see "NAC Configuration (Unified Mode) - (Optional) Configuring Authentication Free Rules to Assign Network Access Rights to Users" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication.

In NAC unified mode, configure an authentication-free rule to allow all NAC authentication users to access the network segment 10.1.1.1/24 without authentication.
[HUAWEI] free-rule-template name default_free_rule
[HUAWEI-free-rule-default_free_rule] free-rule 1 destination ip 10.1.1.1 mask 24 source ip any
For details, see "NAC Configuration (Unified Mode) - (Optional) Configuring Authorization Information for Authentication-free Users" in .

Other related questions:
Authentication-free rules applied to users through dot1x on S series switch
For S series switches except S1700 switches, after 802.1x authentication is enabled globally and on an interface, non-authentication can be implemented for specific users based on their MAC addresses. To implement this function, configure user devices' MAC addresses as static MAC addresses of a specified VLAN on the interface connected to user devices.

Can authentication-free domain names be configured for Portal authentication on the AC
From V200R006, ACs support authentication-free domain names for Portal authentication. Network access rights of users can be configured through ACLs. If the administrator wants to control a user's access to a domain name, configure the user's access rights to the IP address corresponding to the domain name. If the domain name corresponds to multiple IP addresses, maintenance of the administrator may be complicated. In this case, configure a global domain name. Access rights control can then be implemented directly through the global domain name in the ACL. 1. Enter the system view, and configure a global domain name. system-view [AC6605] passthrough-domain name weixin.com id 1 2. Create a user ACL, and allow access to the global domain name in the ACL. system-view [AC6605] acl number 6001 [AC6605-acl-adv-6001] rule permit ip source user-group name user1

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top