Table of Contents
Advertisement
•
If a key is configured, use the ip or ipv6 command in the portal authentication server view to
correct the key, or correct the key configured for the access device on the portal authentication
server.
Cannot log out portal users on the access device
Symptom
You cannot use the portal delete-user command on the access device to log out a portal user, but
the portal user can log out by clicking the Disconnect button on the portal authentication client.
Analysis
When you execute the portal delete-user command on the access device to log out a user, the
access device sends an unsolicited logout notification message to the portal authentication server.
The destination port number in the logout notification is the listening port number of the portal
authentication server configured on the access device. If this listening port number is not the actual
listening port number configured on the server, the server cannot receive the notification. As a result,
the server does not log out the user.
When a user uses the Disconnect button on the authentication client to log out, the portal
authentication server sends an unsolicited logout request message to the access device. The
access device uses the source port in the logout request as the destination port in the logout ACK
message. As a result, the portal authentication server can definitely receive the logout ACK message
and log out the user.
Solution
1.
Use the display portal server command to display the listening port of the portal
authentication server configured on the access device.
2.
Use the portal server command in system view to change the listening port number to the
actual listening port of the portal authentication server.
Cannot log out portal users on the RADIUS server
Symptom
The access device uses the H3C IMC server as the RADIUS server to perform identity
authentication for portal users. You cannot log out the portal users on the RADIUS server.
Analysis
The H3C IMC server uses session control packets to send disconnection requests to the access
device. On the access device, the listening UDP port for session control packets is disabled by
default. Therefore, the access device cannot receive the portal user logout requests from the
RADIUS server.
Solution
On the access device, execute the radius session-control enable command in system view to
enable the RADIUS session control function.
Users logged out by the access device still exist on the portal
authentication server
Symptom
After you log out a portal user on the access device, the user still exists on the portal authentication
server.
382
Advertisement
Table of Contents
Troubleshooting
