Portal User-Detect - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
portal user-detect
Use portal user-detect to enable online detection of IPv4 portal users.
Use undo portal user-detect to disable online detection of IPv4 portal users.
Syntax
portal user-detect type { arp | icmp } [ retry retries ] [ interval interval ] [ idle time ]
undo portal user-detect
Default
Online detection of IPv4 portal users is disabled.
Views
Interface view
Predefined user roles
network-admin
Parameters
type: Specifies the detection type.
•
arp—ARP detection.
•
icmp—ICMP detection.
retry retries: Sets the maximum number of detection attempts, in the range of 1 to 10. The default
value is 3.
interval interval: Sets a detection interval in the range of 1 to 1200 seconds. The default interval is 3
seconds.
idle time: Sets a user idle timeout in the range of 60 to 3600 seconds. The default idle timeout is 180
seconds. When the timeout expires, online detection of IPv4 portal users is started.
Usage guidelines
If the device receives no packets from a portal user within the configured idle time, the device detects
the user's online status as follows:
•
ICMP detection—Sends ICMP requests to the user at configurable intervals to detect the user
status.
If the device receives a reply within the maximum number of detection attempts, it considers
that the user is online and stops sending detection packets. Then the device resets the idle
timer and repeats the detection process when the timer expires.
If the device receives no reply after the maximum number of detection attempts, the device
logs out the user.
•
ARP detection—Sends ARP requests to the user and detects the ARP entry status of the user
at configurable intervals.
If the ARP entry of the user is refreshed within the maximum number of detection attempts,
the device considers that the user is online and stops detecting the user's ARP entry. Then
the device resets the idle timer and repeats the detection process when the timer expires.
If the ARP entry of the user is not refreshed after the maximum number of detection
attempts, the device logs out the user.
Direct authentication and re-DHCP authentication support both ARP detection and ICMP detection.
Cross-subnet authentication only supports ICMP detection.
If firewall policies on the access device filter out ICMP packets, ICMP detection might fail and result
in the logout of portal users. Make sure the access device does not block ICMP packets before you
enable ICMP detection on an interface.
375
Advertisement
Table of Contents
