< Home

action (authentication policy rule view)

Function

The action command sets the action in an authentication policy rule.

Format

action { auth [ portal-template template-name ] | exempt-auth | none | anonymous-auth }

Parameters

Parameter Description Value

auth

Indicates that portal authentication is implemented on the traffic matching this rule.

-

portal-template template-name

Specifies a portal authentication template. If no template is specified, the default one will be used.

The value must be the name of an existing portal authentication template.

exempt-auth

Indicates that authentication exemption is implemented on the traffic matching this rule.

Authentication exemption needs to be configured in the following scenarios:
  • The FW identifies user identities based on bindings between IP/MAC addresses and users.
  • The FW identifies user identities based on SSO messages.
  • Policy-based control needs to be implemented for users who access the FW through VPN to access intranet resources.

If a user fails to be identified, the FW permits the traffic.

-

none

Indicates that no authentication is implemented on the traffic matching this rule and that the FW cannot implement policy control by users.

-

anonymous-auth

Indicates that the traffic that matches the policy is authenticated anonymously. The user can be authenticated without entering the user name or password. In this case, the FW identifies the user by IP address.

In anonymous authentication, the device pushes a page to the user. Currently, page push is not supported for an HTTPS request.

NOTE:

When the user-manage redirect url command is used in the anonymous authentication scenario to configure the URL of a pushed page, do not specify the URL port number. Otherwise, the page cannot be pushed.

In anonymous authentication, do not import the user to the local host. If the user exists locally, the user fails to go online.

Only USG6510E/6510E-POE/6530E, USG6515E/6550E/6560E/6580E, USG6610E/6620E, USG6630E/6650E, USG6680E and USG6712E/6716E support this function.

-

Views

Authentication policy rule view

Default Level

2: Configuration level

Usage Guidelines

By default, no action is specified in an authentication policy rule.

If packets from one IP address match multiple portal authentication policies, the FW pushes only the portal authentication template specified in the portal authentication policy that is matched in the first time.

If the FW does not need to perform policy control based on an existing user on the FW, configure the authentication-free mode instead of the no authentication mode. Otherwise, the FW session may fail to match the user's policy-based route and user-related services.

Example

# Configure authentication exemption for traffic matching authentication policy rule authen_rule.

<sysname> system-view
[sysname] auth-policy
[sysname-policy-auth] rule name authen_rule
[sysname-policy-auth-rule-authen_rule] action none
Parent Topic: User and Authentication Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >