Configuring The Portal Fail-Permit Function; Configuring Bas-Ip For Unsolicited Portal Packets Sent To The Portal Authentication Server - HP VSR1000 Security Configuration Manual

Virtual services router

Hide thumbs Also See for VSR1000:

Configuration manual (463 pages)

High availability configuration manual (91 pages)

Layer 2 - wan access command reference (50 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

Table of Contents

Configuring the portal fail-permit function

Perform this task to configure the portal fail-permit function on an interface. When the access device

detects that the portal authentication server or portal Web server is unreachable, it allows users on the

interface to have network access without portal authentication.

If you enable fail-permit for both a portal authentication server and a portal Web server on an interface,

the interface disables portal authentication when either server is unreachable and resumes portal

authentication when both servers are reachable. After portal authentication resumes, unauthenticated

users must pass portal authentication to access the network. Users who have passed portal authentication

before the fail-permit event can continue accessing the network.

To configure portal fail-permit:

Step

Enter system view.

Enter interface view.

Enable portal

fail-permit for a portal

authentication server.

Enable portal

fail-permit for a portal

Web server.

Configuring BAS-IP for unsolicited portal packets

sent to the portal authentication server

If the device runs Portal 2.0, the unsolicited packets sent to the portal authentication server must carry the

BAS-IP attribute. If the device runs Portal 3.0, the unsolicited packets sent to the portal authentication

server must carry the BAS-IP or BAS-IPv6 attribute.

If IPv4 portal authentication is enabled on an interface, you can configure the BAS-IP attribute on the

interface. If IPv6 portal authentication is enabled on an interface, you can configure the BAS-IPv6

attribute on the interface.

If you configure the BAS-IP or BAS-IPv6 attribute on an interface, the device uses the configured BAS-IP

or BAS-IPv6 address as the source IP address of the portal notifications sent from the interface to the

portal authentication server. Otherwise, the source IP address is the IP address of the interface.

During a re-DHCP portal authentication or mandatory user logout process, the device sends portal

notification packets to the portal authentication server. For the authentication or logout process to

complete, make sure the BAS-IP/BAS-IPv6 attribute is the same as the device IP or IPv4 address specified

on the portal authentication server.

To configure the BAS-IP attribute for unsolicited portal packets sent to the portal authentication server:

Step

Enter system view.

Command

system-view

interface interface-type interface-number

portal [ ipv6 ] fail-permit server

server-name

portal [ ipv6 ] apply web-server

server-name fail-permit

Command

system-view

Remarks

N/A

By default, portal fail-permit is

disabled for a portal

authentication server.

By default, portal fail-permit is

disabled for a portal Web server.

Remarks

N/A

Table of Contents

Show Quick Links

Quick Links:
Configuring the Device as an Ssh...

Hide quick links:

Table of Contents

Configuring The Portal Fail-Permit Function; Configuring Bas-Ip For Unsolicited Portal Packets Sent To The Portal Authentication Server - HP VSR1000 Security Configuration Manual

Configuring the portal fail-permit function

Hide quick links:

Troubleshooting

Related Manuals for HP VSR1000

Related Content for HP VSR1000

Table of Contents