317• Configure portal-free rules to allow user packets destined for the WPAD server to pass withoutauthentication.If portal users enable Web proxy in their browsers, the users must add the IP address of the portalauthentication server as a proxy exception in their browsers. Thus, HTTP packets that the userssend to the portal authentication server will not be sent to Web proxy servers.You cannot specify Web proxy server port 443 on the device.You can execute this command multiple times to specify multiple port numbers of Web proxy servers.ProcedureTo configure support of Web proxy for portal authentication:Step Command Remarks1. Enter system view. system-view N/A2. Specify the port number of aWeb proxy server.portal web-proxy portport-numberBy default, no port numbers ofWeb proxy servers are specified.Proxied HTTP requests aredropped.Blocking portal users that fail portal authenticationThis feature prevents exhaustive password cracking. It blocks a portal user if the user consecutivelyfails authentication for the specified times within the failure detection period. All authenticationrequests from the user are dropped by the device till the blocking times out. The blocked portal usercan perform portal authentication again when the blocking timeout time expires.This feature does not block preauthentication portal users.To block portal users that fail portal authentication:Step Command Remarks1. Enter system view. system-view N/A2. Configure the device to blockportal users that fail portalauthentication for thespecified times within thespecified period.portal user-block failed-timesfailed-times period periodBy default, the device does notblock portal users that fail portalauthentication.If you set the failed-timesargument to 0, the device doesnot block portal users that failportal authentication.3. Set the portal user blockingtimeout time.portal user-block reactiveperiodBy default, the portal userblocking timeout time is 30minutes.If you set the portal user blockingtimeout time to 0 minutes, blockedportal users cannot perform portalauthentication.Enabling portal roamingAbout portal roamingIf portal roaming is enabled on a VLAN interface, an online portal user can access resources fromany Layer 2 port in the VLAN without re-authentication.