No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
free-rule

free-rule

Function

The free-rule command configures authentication-free rules for NAC authentication users.

The undo free-rule command restores the default settings.

By default, no authentication-free rule is configured for NAC authentication users.

Format

Common authentication-free rule:

free-rule rule-id { destination { any | ip { ip-address mask { mask-length | ip-mask } [ tcp destination-port port | udp destination-port port ] | any } } | source { any | ip { ip-address mask { mask-length | ip-mask } | any } } } *

undo free-rule { rule-id | all }

Authentication-free rule defined by ACL:

free-rule acl acl-id

undo free-rule { acl | all }

Parameters

Parameter Description Value
rule-id

Specifies the number of an authentication-free rule for NAC authentication users.

The value is an integer that ranges from 0 to 63.

destination

Specifies the destination network resource that NAC authentication users can access without authentication.

-

source

Specifies source information for NAC authentication users without authentication.

-

any

Indicates any condition. When any is used together with different keywords, the effect of the command is different.

-

ip ip-address

Specifies the source or destination IP address depending on the keyword.

The value is in dotted decimal notation.

mask mask-length

Specifies the mask length of the source or destination IP address depending on the keyword.

The value is an integer that ranges from 1 to 32.

mask ip-mask

Specifies the mask of the source or destination IP address depending on the keyword.

The value is in dotted decimal notation.

tcp destination-port port

Specifies a TCP destination port number.

The value is an integer that ranges from 1 to 65535.

udp destination-port port

Specifies the UDP destination port number.

The value is an integer that ranges from 1 to 65535.

acl

Specifies an authentication-free rule defined by ACL.

-

acl-id

Specifies the number of an ACL.

The value is an integer that ranges from 6000 to 6031.

all

Specifies all rules.

-

Views

Authentication-free rule profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To meet basic network access requirements of users who have not passed authentication, the users need to obtain some network access rights without authentication, for example, download 802.1X client software and update the antivirus database. After running the free-rule-template (system view) command to create an authentication-free rule profile, run the free-rule command to configure authentication-free rules in the profile. The users then can obtain some network access rights without authentication.

Precautions

Wireless 802.1X authentication does not support this function.

A common authentication-free rule cannot be configured together with an authentication-free rule defined by ACL.

Pay attention to the following when you use a common authentication-free rule:

  • Authentication-free authorization information takes effect only for Portal authentication users.
  • When multiple rules are configured at the same time, the system matches the rules one by one.
Pay attention to the following when you define the authentication-free rule by ACL:
  • Authentication-free authorization information takes effect only for Portal authentication users.
  • When multiple authentication-free rules are configured at the same time, only the last one takes effect.
  • The device does not support ACL rules that contain the deny action.
  • If multiple domain names correspond to the same IP address and one matches the authentication-free rule, other domain names also match the authentication-free rule.

The priority of the ACL rule delivered by the RADIUS server is higher than that of the authentication-free rule configured on the device.

Example

# In the authentication-free rule profile default_free_rule, allow all NAC authentication users to access the network with the IP address 10.1.1.1/24 without authentication.
<Huawei> system-view
[Huawei] free-rule-template name default_free_rule
[Huawei-free-rule-default_free_rule] free-rule 1 destination ip 10.1.1.1 mask 24 source ip any
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 207796

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next