Configuring Portal Authentication Server Detection - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Step
3.
Configure online
detection of IPv6
portal users.
Configuring portal authentication server detection
During portal authentication, if the communication between the access device and portal
authentication server is broken, both of the following occur:
•
New portal users are not able to log in.
•
The online portal users are not able to log out normally.
To address this problem, the access device needs to be able to detect the reachability changes of the
portal server quickly and take corresponding actions to deal with the changes.
With the portal authentication server detection feature, the device periodically detects portal packets
sent by a portal authentication server to determine the reachability of the server. If the device
receives a portal packet within a detection timeout (timeout timeout) and the portal packet is valid,
the device considers the portal authentication server to be reachable. Otherwise, the device
considers the portal authentication server to be unreachable.
Portal packets include user login packets, user logout packets, and heartbeat packets. Heartbeat
packets are periodically sent by a server. By detecting heartbeat packets, the device can detect the
server's actual status more quickly than by detecting other portal packets.
Only the IMC portal authentication server supports sending heartbeat packets. To test server
reachability by detecting heartbeat packets, you must enable the server heartbeat feature on the
IMC portal authentication server.
You can configure the device to take one or more of the following actions when the server
reachability status changes:
•
Sending a trap message to the NMS. The trap message contains the name and current state of
the portal authentication server.
•
Sending a log message, which contains the name, the current state, and the original state of the
portal authentication server.
•
Enabling portal fail-permit. When the portal authentication server is unreachable, the portal
fail-permit feature on an interface allows users on the interface to have network access. When
the server recovers, it resumes portal authentication on the interface. For more information, see
"Configuring the portal fail-permit
To configure portal authentication server detection:
Step
1.
Enter system view.
2.
Enter portal
authentication server
view.
3.
Configure portal
authentication server
detection.
Command
portal ipv6 user-detect type { icmpv6 |
nd } [ retry retries ] [ interval interval ]
[ idle time ]
feature."
Command
system-view
portal server server-name
server-detect [ timeout timeout ] { log |
trap } *
171
Remarks
By default, this feature is disabled
on the interface.
Remarks
N/A-
N/A
By default, portal authentication
server detection is disabled.
This feature takes effect
regardless of whether portal
authentication is enabled on an
interface or not.
Advertisement
Table of Contents
Troubleshooting
