Table of Contents
Advertisement
Configuring portal authentication server detection
About portal authentication server detection
During portal authentication, if the communication between the access device and portal
authentication server is broken, new portal users are not able to log in. Online portal users are not
able to log out normally.
To address this problem, the access device needs to be able to detect the reachability changes of the
portal server quickly and take corresponding actions to deal with the changes.
The portal authentication server detection feature enables the device to periodically detect portal
packets sent by a portal authentication server to determine the reachability of the server. If the device
receives a portal packet within a detection timeout (timeout timeout) and the portal packet is valid,
the device considers the portal authentication server to be reachable. Otherwise, the device
considers the portal authentication server to be unreachable.
Portal packets include user login packets, user logout packets, and heartbeat packets. Heartbeat
packets are periodically sent by a server. By detecting heartbeat packets, the device can detect the
server's actual status more quickly than by detecting other portal packets.
Restrictions and guidelines
When you configure portal authentication server detection, follow these restrictions and guidelines:
•
The portal authentication server detection feature takes effect only when the device has a
portal-enabled interface.
•
Only the IMC portal authentication server supports sending heartbeat packets. To test server
reachability by detecting heartbeat packets, you must enable the server heartbeat feature on
the IMC portal authentication server.
•
You can configure the device to take one or more of the following actions when the server
reachability status changes:
Sending a trap message to the NMS. The trap message contains the name and current
state of the portal authentication server.
Sending a log message, which contains the name, the current state, and the original state of
the portal authentication server.
Enabling portal fail-permit. When the portal authentication server is unreachable, the portal
fail-permit feature on an interface allows users on the interface to have network access.
When the server recovers, it resumes portal authentication on the interface. For more
information, see
Make sure the detection timeout configured on the device is greater than the server
heartbeat interval configured on the portal authentication server.
Procedure
To configure portal authentication server detection:
Step
1.
Enter system view.
2.
Enter portal authentication
server view.
3.
Configure portal
authentication server
detection.
"Configuring the portal fail-permit
Command
system-view
portal server server-name
server-detect [ timeout timeout ]
{ log | trap } *
320
feature."
Remarks
N/A
N/A
By default, portal authentication
server detection is disabled.
This feature takes effect
regardless of whether portal
authentication is enabled on an
interface or not.
Advertisement
Table of Contents
Troubleshooting
