Specifying A Format For The Nas-Port-Id Attribute; Logging Out Online Portal Users - HPE FlexNetwork 7500 Series Security Configuration Manual

If portal roaming is disabled, to access external network resources from a Layer 2 port different from
the current access port in the VLAN, the user must do the following:
•
First log out from the current port.
•
Then re-authenticate on the new Layer 2 port.
To enable portal roaming:
Step
1. Enter system view.
2. Enable portal roaming.

Specifying a format for the NAS-Port-ID attribute

RADIUS servers from different vendors might require different formats of the NAS-Port-ID attribute in
the RADIUS packets. You can specify the NAS-Port-ID attribute format as required.
The device supports the NAS-Port-ID attribute in format 1, format 2, format 3, and format 4. For more
information about the formats, see Security Command Reference.
To specify a format for the NAS-Port-ID attribute:
Step
1. Enter system view.
2. Specify the format for the
NAS-Port-ID attribute.

Logging out online portal users

This feature deletes users that have passed portal authentication and terminates ongoing portal
authentications.
When the number of online users on the device exceeds 2000, executing the portal delete-user
command takes a few minutes. To ensure successful logout of online users, do not perform the
following operations during the command execution:
•
Master/backup device switchover.
•
Active/standby MPU switchover.
•
Disabling portal authentication on any interfaces.
To log out online users:
Command
system-view
portal roaming enable
Command
system-view
portal nas-port-id format { 1 | 2 |
3 | 4 }
175
Remarks
N/A
By default, portal roaming is
disabled.
You cannot enable portal roaming
when online portal users or
preauthentication portal users
exist on the device.
Remarks
N/A
By default, the format for the
NAS-Port-ID attribute is format 2.