Enabling Support For Portal User Moving - HP 5120 EI Switch Series Configuration Manual

NOTE:

If the port number of a web proxy server is 80, you do not need to configure the port number of the server on
the device.

If a user's browser uses the Web Proxy Auto-Discovery (WPAD) protocol to discover web proxy servers, you
need to add the port numbers of the web proxy servers on the device, and configure portal-free rules to allow
user packets destined for the IP address of the WPAD server to pass without authentication.

For Layer 2 portal authentication, you need to add the port numbers of the web proxy servers on the device and
users need to ensure that their browsers that use a web proxy server do not use the proxy server for the listening
IP address of the local portal server. Thus, HTTP packets that the portal user sends to the local portal server will
not be sent to the web proxy server.

Enabling support for portal user moving

NOTE:
Only Layer 2 portal authentication supports this feature.
In scenarios where there are hubs, Layer 2 switches, or APs between users and the access devices, if an
authenticated user moves from the current access port to another Layer 2-portal-authentication-enabled
port of the device without logging off, the user cannot get online when the original port is still up. The
reason is that the original port is still maintaining the authentication information of the user and the
device does not permit such a user to get online from another port by default.
To solve the problem, enable support for portal user moving on the device. Then, when a user moves from
a port of the device to another, the device provides services in either of the following two ways:
If the original port is still up and the two ports belong to the same VLAN, the device allows the user

to continue to access the network without re-authentication, and uses the new port information for
user accounting.
 If the original port is down or the two ports belong to different VLANs, the device removes the
authentication information of the user from the original port and authenticates the user on the new
port.
Follow these steps to enable support for portal user moving:
To do...
Enter system view
Enable support for portal user
moving
NOTE:
For a user with authorization information (such as authorized VLAN) configured, after the user moves
from a port to another, the device tries to assign the authorization information to the new port. If the
operation fails, the device deletes the user's information from the original port and re-authenticates the
user on the new port.
Use the command...
system-view
portal move-mode auto
121
Remarks
—
Required
Disabled by default