The authentication free-rule command configures the NAC authentication-free rule for users.
The undo authentication free-rule command restores the default configuration.
By default, no NAC authentication-free rule is configured.
authentication free-rule rule-id { destination { any | ip { ip-address mask { mask-length | ip-mask } [ tcp destination-port port | udp destination-port port ] | any } } | source { any | { interface interface-type interface-number | ip { ip-address mask { mask-length | ip-mask } | any } | vlan vlan-id } * } } *
undo authentication free-rule { rule-id | all }
| Parameter | Description | Value |
|---|---|---|
| rule-id | Specifies the ID of the NAC authentication-free rule. |
The value is an integer of which the range depends on product models |
| destination | Specifies the destination network resources that the authentication-free users can access. |
- |
| source | Specifies the source information of the authentication-free users. |
- |
| any | Specifies any condition. When any is used together with different keywords, the effect of the command is different. |
- |
| ip ip-address | Specifies the IP address in the rule. This parameter can specify the source or destination address depending on the keyword. |
The value is in dotted decimal notation. |
| mask mask-length | Specifies the mask length of an IP address. This parameter can specify the source or destination address mask depending on the keyword. |
The value is an integer that ranges from 1 to 32. |
| mask ip-mask | Specifies the IP address mask. This parameter can specify the source or destination address mask depending on the keyword. |
The value is in dotted decimal notation. |
| tcp destination-port port | Specifies the TCP destination port number. |
The value is an integer that ranges from 1 to 65535. |
| udp destination-port port | Specifies the UDP destination port number. |
The value is an integer that ranges from 1 to 65535. |
| interface interface-type interface-number | Specifies the type and number of the source interface in the rule.
|
- |
| vlan vlan-id | Specifies the VLAN ID of the source packet in the rule. |
The value is an integer that ranges from 1 to 4094. |
| all | Specifies all rules. |
- |
This command is available to aid upgrade compatibility. It can only be run during the configuration restoration phase of the upgrade.
After the upgrade, this command is no longer supported, and it is replaced by the free-rule rule-id { destination { any | ip { ip-address mask { mask-length | ip-mask } [ tcp destination-port port | udp destination-port port ] | any } } | source { any | { ip { ip-address mask { mask-length | ip-mask } | any } | vlan vlan-id } * } } * command in the authentication-free rule profile view.