H3C S5500-EI Series Security Configuration Manual page 178
Hide thumbs
Also See for S5500-EI Series:
- Operation manual (1529 pages) ,
- Configuration manual (490 pages) ,
- Quick start manual (91 pages)
Table of Contents
Advertisement
After the working state of the two devices changes from independence to synchronization and the portal
group takes effect, the two devices start to back up the data of online portal users for each other.
The AAA and portal configuration must be consistent on the two devices that back up each other. For
example, you must configure the same portal server on the two devices.
To configure stateful failover:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Specify the portal group to
which the portal service
backup interface belongs.
4.
Return to system view.
5.
Specify the device ID in
stateful failover mode.
6.
Specify the backup source IP
address for RADIUS packets
to be sent.
After you configure portal stateful failover for two devices, note the following issues:
In stateful failover mode, the device does not support re-DHCP portal authentication on the portal
•
service backup interface.
In stateful failover mode, if a user on either device is logged out, the information of the user on the
•
other device is deleted, too. You can log off a user on the device or on the portal server. For example,
you can use the cut connection and portal delete-user commands on the device to log off users.
Specifying or changing the device ID of a device will log off all online users on the device. Therefore,
•
perform the configuration only when necessary and, after the configuration, save the configuration
and restart the device.
Command
system-view
interface interface-type
interface-number
portal backup-group group-id
quit
nas device-id device-id
radius nas-backup-ip ip-address
radius scheme
radius-scheme-name
nas-backup-ip ip-address
159
Remarks
N/A
N/A
By default, the portal service
backup interface does not belong
to any portal group.
The portal service backup
interfaces on the two devices for
stateful failover must belong to the
same portal group.
N/A
By default, the device operates in
stand-alone mode, and thus has no
device ID configured.
For more information about the
command, see Security Command
Reference.
Optional.
Use either approach.
By default, no backup source IP
address is specified.
You do not need to specify the
backup source IP address if the
device uses the virtual IP address of
the VRRP group to which the uplink
belongs as the source IP address of
outgoing RADIUS packets.
For more information about the
command, see Security Command
Reference.
Advertisement
Table of Contents
Troubleshooting
