Can free IP subnets be configured for Portal authentication on the AC

5

Users cannot access the network before passing Portal authentication. You can set authentication-free rules for Portal authentication users so that the users can access specified network resources without being authenticated or when the users fail the authentication. Authentication-free rules based on IP addresses are called free IP subnets.
Enter the system view, and configure a free IP subnet to allow packets from any source IP addresses to access network segment 10.1.1.0/24.
V200R005:
<AC6605> system-view
[AC6605] portal free-rule 1 destination ip 10.1.1.1 24 source ip any
V200R006:
<AC6605> system-view
[AC6605] free-rule-template name f1
[AC6605-free-rule-f1] free-rule 1 destination ip 10.1.1.1 mask 24 source ip any

Other related questions:
Can authentication-free domain names be configured for Portal authentication on the AC
From V200R006, ACs support authentication-free domain names for Portal authentication. Network access rights of users can be configured through ACLs. If the administrator wants to control a user's access to a domain name, configure the user's access rights to the IP address corresponding to the domain name. If the domain name corresponds to multiple IP addresses, maintenance of the administrator may be complicated. In this case, configure a global domain name. Access rights control can then be implemented directly through the global domain name in the ACL. 1. Enter the system view, and configure a global domain name. system-view [AC6605] passthrough-domain name weixin.com id 1 2. Create a user ACL, and allow access to the global domain name in the ACL. system-view [AC6605] acl number 6001 [AC6605-acl-adv-6001] rule permit ip source user-group name user1

How to configure an authentication-free rule for Portal authentication users on S series switch
For S series switches (except the S1700) running all versions, NAC can be configured in common mode. For switches running V200R005C00 and later versions, NAC can be configured in unified mode. For switches running V200R009C00, the configuration model of NAC unified mode changes. Query the appropriate product manual based on the switch model and version. The following links are for reference only. In NAC common mode, configure an authentication-free rule to allow all Portal authentication users to access the network segment 10.1.1.1/24 without authentication. [HUAWEI] portal free-rule 1 destination ip 10.1.1.1 mask 24 source ip any For details, see "NAC Configuration (Common Mode) - (Optional) Setting Access Control Parameters for Portal Authentication Users" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. In NAC unified mode, configure an authentication-free rule to allow all NAC authentication users to access the network segment 10.1.1.1/24 without authentication. [HUAWEI] authentication free-rule 1 destination ip 10.1.1.1 mask 24 source ip any For details, see "NAC Configuration (Unified Mode) - (Optional) Configuring Authentication Free Rules to Assign Network Access Rights to Users" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. In NAC unified mode, configure an authentication-free rule to allow all NAC authentication users to access the network segment 10.1.1.1/24 without authentication. [HUAWEI] free-rule-template name default_free_rule [HUAWEI-free-rule-default_free_rule] free-rule 1 destination ip 10.1.1.1 mask 24 source ip any For details, see "NAC Configuration (Unified Mode) - (Optional) Configuring Authorization Information for Authentication-free Users" in .

Do ACs support Portal authentication
Portal authentication, also called web authentication, is classified into internal and external Portal authentication. Both ACs and Fat APs support Portal authentication.

Do ACs support MAC address-prioritized Portal authentication
Yes. ACs and Fat APs support this function. When configuring external Portal authentication, run the web-authentication first-mac command on a WLAN-ESS interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top