The terminal can go online without portal authentication

NULL

The V7 platform switch is configured with portal authentication, and the configuration is as follows:

interface Vlan-interface 10

  ip address 10.10.10.1 255.255.255.0

  packet-filter 3006 inbound

  portal enable method direct

  portal domain abc

  portal bas-ip 10.10.10.1

  portal apply web-server abc

#

acl number 3006

  rule 0 deny ip source 10.10.10.0 0.0.0.255 destination 172.16.0.0 0.0.0.255

  rule 5 permit ip

After the configuration is completed, it is found that the terminal can also access the Internet without portal authentication. If the authentication is performed, the authentication can be successful, and the portal authentication has no effect

null

It is confirmed that the priority of packet filtering is higher than that of portal. By default, all packets that do not match in this packet filtering are allowed to pass. An extra rule 5 permit ip is written on site. After rule 5 is removed, portal authentication is normal.