No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FAQ-How to Configure Layer 3 Authentication to Allow Authentication-free Network Access for Some User Addresses

Publication Date:  2019-07-17 Views:  101 Downloads:  0

Issue Description

How do I configure Layer 3 web authentication on an ME60 to allow authentication-free network access for authentication on some user addresses.



The ME60 has been configured with Layer 3 web authentication for user access.

Layer 3 web authentication is configured based on the source IP address.

Global configuration:

[ME60]layer3-subscriber domain-name huawei  //Create an authentication domain named huawei that provides none authentication and none accounting.


1. In case of normal Layer 3 web authentication for user access, run the layer3-subscriber command specify user access from the pre-authentication domain. After user data is forwarded to the BRAS, the user data matches the global access control policy for a user group bound to the pre-authentication domain. User access is allowed only after a dialog box indicating successful authentication is displayed.

2. In case of authentication-free user access, run the layer3-subscriber command to specify user access from a non-pre-authentication domain. This pre-authentication domain also needs to be bound to the none authentication and none accounting template and an address pool (which does not need to be bound to a user group). After authentication-free users access the network, the device does not match the access control policy of the global pre-authentication domain for a user group. That is, user access is allowed with no need for authentication or accounting.