Cannot Log Out Portal Users On The Radius Server; Users Logged Out By The Access Device Still Exist On The Portal Authentication Server - HP 5920 Series Configuration Manual
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (322 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
destination port number in the logout notification is the listening port number of the portal authentication
server configured on the access device. If this listening port number is not the actual listening port number
configured on the server, the server cannot receive the notification. As a result, the portal server does not
log out the user.
When a user uses the Disconnect button on the authentication client to log out, the portal authentication
server sends an unsolicited logout request message to the access device. The access device uses the
source port in the logout request as the destination port in the logout ACK message. As a result, the portal
authentication server can definitely receive the logout ACK message and log out the user.
Solution
1.
Use the display portal server command to display the listening port of the portal authentication
server configured on the access device.
2.
Use the portal server command in system view to change the listening port number to the actual
listening port of the portal authentication server.
Cannot log out portal users on the RADIUS server
Symptom
The access device uses the HP IMC server as the RADIUS server to perform identity authentication for
portal users. You cannot log out the portal users on the RADIUS server.
Analysis
The HP IMC server uses session control packets to send disconnection requests to the access device. On
the access device, the listening UDP port for session control packets is disabled by default. Therefore, the
access device cannot receive the portal user logout requests from the RADIUS server.
Solution
On the access device, execute the radius session-control enable command in system view to enable the
RADIUS session control function.
Users logged out by the access device still exist on the portal
authentication server
Symptom
After you log out a portal user on the access device, the user still exists on the portal authentication server.
Analysis
When you execute the portal delete-user command on the access device to log out a user, the access
device sends an unsolicited logout notification to the portal authentication server. If the BAS-IP or
BAS-IPv6 address carried in the logout notification is different from the portal device IP address specified
on the portal authentication server, the portal authentication server discards the logout notification.
When sending of the logout notifications times out, the access device logs out the user. However, the
portal authentication server does not receive the logout notification successfully, and therefore it regards
the user is still online.
143
- Quick Links:
- Configuration Guide
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
