Configuring The Portal Fail-Permit Feature - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
If a user contained in the packet does not exist on the access device, the access device
informs the portal authentication server to delete the user. The access device starts the
synchronization detection timer (timeout timeout) immediately when a user logs in.
If the user does not appear in any synchronization packet within a synchronization detection
interval, the access device considers the user does not exist on the portal authentication
server and logs the user out.
Portal user synchronization requires a portal authentication server to support the portal user
heartbeat function. Only the IMC portal authentication server supports the portal user heartbeat
function. To implement the portal user synchronization feature, you also need to configure the user
heartbeat function on the portal authentication server. Make sure the user heartbeat interval
configured on the portal authentication server is not greater than the synchronization detection
timeout configured on the access device.
Deleting a portal authentication server on the access device also deletes the user synchronization
configuration for the portal authentication server.
To configure portal user information synchronization:
Step
1.
Enter system view.
2.
Enter portal authentication
server view.
3.
Configure portal user
synchronization.
Configuring the portal fail-permit feature
Perform this task to configure the portal fail-permit feature on an interface. When the access device
detects that the portal authentication server or portal Web server is unreachable, it allows users on
the interface to have network access without portal authentication.
If you enable fail-permit for both a portal authentication server and a portal Web server on an
interface, the interface does the following:
•
Disables portal authentication when either server is unreachable.
•
Resumes portal authentication when both servers are reachable.
After portal authentication resumes, unauthenticated users must pass portal authentication to
access the network. Users who have passed portal authentication before the fail-permit event can
continue accessing the network.
To configure portal fail-permit on an interface:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Enable portal
fail-permit for a portal
authentication server.
4.
Enable portal
fail-permit for a portal
Web server.
Command
system-view
portal server server-name
user-sync timeout timeout
Command
system-view
interface interface-type
interface-number
portal [ ipv6 ] fail-permit server
server-name
portal [ ipv6 ] apply web-server
server-name [ fail-permit ]
173
Remarks
N/A
N/A
By default, portal user
synchronization is disabled.
Remarks
N/A
N/A
By default, portal fail-permit is
disabled for a portal
authentication server.
By default, portal fail-permit is
disabled for a portal Web server.
Advertisement
Table of Contents
Troubleshooting
