Configuring Portal User Information Synchronization - HP 5120 SI Series Security Configuration Manual

NOTE:
The portal heartbeat detection method works only when the portal server supports the portal server
heartbeat function. Only the iMC portal server supports the portal server heartbeat function. To implement
detection with this method, you also need to configure the portal server heartbeat function on the iMC
portal server and make sure that the product of interval and retry is greater than or equal to the portal
server heartbeat interval. HP recommends configuring the interval to be greater than the portal server
heartbeat interval configured on the portal server.

Configuring portal user information synchronization

NOTE:
Only Layer 3 portal authentication supports this feature.
Once the device loses communication with a portal server, the portal user information on the device and
that on the portal server may be inconsistent after the communication resumes. To solve this problem, the
device provides the portal user information synchronization function. This function is implemented by
sending and detecting the portal synchronization packet. The process is as follows:
1. The portal server sends the online user information to the access device in a user synchronization
packet at the user heartbeat interval, which is set on the portal server.
2. Upon receiving the user synchronization packet, the access device checks the user information
carried in the packet with its own. If the device finds a nonexistent user in the packet, it informs the
portal server of the information and the portal server will delete the user. If the device finds that one
of its users does not appear in the user synchronization packets within N consecutive
synchronization probe intervals (N is equal to the value of retries configured in the portal server
user-sync command), it considers that the user does not exist on the portal server and logs the user
off.
Follow these steps to configure the portal user information synchronization function:
To do...
Enter system view
Configure the portal user
information
synchronization function
NOTE:
The user information synchronization function requires that a portal server supports the portal user
•
heartbeat function. Only the iMC portal server supports the portal user heartbeat function. To implement
the portal user synchronization function, you also need to configure the user heartbeat function on the
portal server and make sure that the product of interval and retry is greater than or equal to the portal
user heartbeat interval. HP recommends configuring the interval to be greater than the portal user
heartbeat interval configured on the portal server.
• For redundant user information on the device—information for users who are considered nonexistent on
the portal server, the device deletes the information during the (N+1)th interval, where N is equal to the
value of
Use the command...
system-view
portal server server-name
user-sync [ interval
interval ] [ retry retries ]
retries
configured in the portal server user-sync command.
Remarks
—
Required
Not configured by default.
The portal server specified in the command must
exist. This function can take effect only when the
specified portal server is referenced on the interface
connecting the users.
133