Configuring The Portal Fail-Permit Feature; Configuring Bas-Ip For Unsolicited Portal Packets Sent To The Portal Authentication Server - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
Configuring the portal fail-permit feature
Perform this task to configure the portal fail-permit feature on an interface. When the access device
detects that the portal authentication server or portal Web server is unreachable, it allows users on
the interface to have network access without portal authentication.
If you enable fail-permit for both a portal authentication server and a portal Web server on an
interface, the interface does the following:
•
Disables portal authentication when either server is unreachable.
•
Resumes portal authentication when both servers are reachable.
After portal authentication resumes, unauthenticated users must pass portal authentication to
access the network. Users who have passed portal authentication before the fail-permit event can
continue accessing the network.
To configure portal fail-permit:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Enable portal
fail-permit for a portal
authentication server.
4.
Enable portal
fail-permit for a portal
Web server.
Configuring BAS-IP for unsolicited portal packets
sent to the portal authentication server
If the device runs Portal 2.0, the unsolicited packets sent to the portal authentication server must
carry the BAS-IP attribute. If the device runs Portal 3.0, the unsolicited packets sent to the portal
authentication server must carry the BAS-IP or BAS-IPv6 attribute.
If IPv4 portal authentication is enabled on an interface, you can configure the BAS-IP attribute on the
interface. If IPv6 portal authentication is enabled on an interface, you can configure the BAS-IPv6
attribute on the interface.
If you configure the BAS-IP or BAS-IPv6 attribute on an interface, the device uses the configured
BAS-IP or BAS-IPv6 address as the source IP address of the portal notifications sent from the
interface to the portal authentication server. Otherwise, the source IP address is the IP address of the
interface.
During a re-DHCP portal authentication or mandatory user logout process, the device sends portal
notification packets to the portal authentication server. For the authentication or logout process to
complete, make sure the BAS-IP/BAS-IPv6 attribute is the same as the device IP or IPv6 address
specified on the portal authentication server.
To configure the BAS-IP attribute for unsolicited portal packets sent to the portal authentication
server:
Step
1.
Enter system view.
Command
system-view
interface interface-type
interface-number
portal [ ipv6 ] fail-permit server
server-name
portal [ ipv6 ] apply web-server
server-name fail-permit
Command
system-view
153
Remarks
N/A
N/A
By default, portal fail-permit is
disabled for a portal
authentication server.
By default, portal fail-permit is
disabled for a portal Web server.
Remarks
N/A
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
