Configuring Portal Authentication Server Detection - HP FlexFabric 5700 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 5700 Series:
- Configuration manual (185 pages) ,
- Configuration manual (125 pages) ,
- Configuration manual (132 pages)
Table of Contents
Advertisement
If the ARP or ND entry of the user is refreshed within the maximum number of detection attempts,
the device considers that the user is online and stops detecting the user's ARP or ND entry. Then
the device resets the idle timer and repeats the detection process when the timer expires.
If the ARP or ND entry of the user is not refreshed after the maximum number of detection
attempts, the device logs out the user.
ARP and ND detections apply only to direct and re-DHCP portal authentication. ICMP detection applies
to all portal authentication modes.
To configure online detection of IPv4 portal users:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Configure online
detection of IPv4
portal users.
To configure online detection of IPv6 portal users:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Configure online
detection of IPv6
portal users.
Configuring portal authentication server detection
During portal authentication, if the communication between the access device and portal authentication
server is broken, both of the following occur:
New portal users are not able to log in.
•
The online portal users are not able to log out normally.
•
To address this problem, the access device needs to be able to detect the reachability changes of the
portal server quickly and take corresponding actions to deal with the changes.
With the portal authentication server detection feature, the device periodically detects portal packets sent
by a portal authentication server to determine the reachability of the server. If the device receives a portal
packet within a detection timeout (timeout timeout) and the portal packet is valid, the device considers
the portal authentication server to be reachable. Otherwise, the device considers the portal
authentication server to be unreachable.
You can configure the device to take the following actions when the server reachability status changes:
•
Sending a log message, which contains the name, the current state, and the original state of the
portal authentication server.
Enabling portal fail-permit. When the portal authentication server is unreachable, the portal
•
fail-permit feature on an interface allows users on the interface to have network access. When the
Command
system-view
interface interface-type interface-number
portal user-detect type { arp | icmp }
[ retry retries ] [ interval interval ] [ idle
time ]
Command
system-view
interface interface-type interface-number
portal ipv6 user-detect type { icmpv6 |
nd } [ retry retries ] [ interval interval ]
[ idle time ]
131
Remarks
N/A
N/A
By default, this feature is disabled on
the interface.
Remarks
N/A
N/A
By default, this feature is disabled on
the interface.
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
