Configuring Portal Authentication Server Detection - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
If the ARP or ND entry of the user is refreshed within the maximum number of detection
attempts, the device considers that the user is online and stops detecting the user's ARP or
ND entry. Then the device resets the idle timer and repeats the detection process when the
timer expires.
If the ARP or ND entry of the user is not refreshed after the maximum number of detection
attempts, the device logs out the user.
ARP and ND detections apply only to direct and re-DHCP portal authentication. ICMP detection
applies to all portal authentication modes.
To configure online detection of IPv4 portal users:
Step
1.
Enter system view.
2.
Enter VLAN
interface view.
3.
Configure online
detection of IPv4
portal users.
To configure online detection of IPv6 portal users:
Step
1.
Enter system view.
2.
Enter VLAN
interface view.
3.
Configure online
detection of IPv6
portal users.
Configuring portal authentication server detection
During portal authentication, if the communication between the access device and portal
authentication server is broken, both of the following occur:
•
New portal users are not able to log in.
•
The online portal users are not able to log out normally.
To address this problem, the access device needs to be able to detect the reachability changes of the
portal server quickly and take corresponding actions to deal with the changes.
With the portal authentication server detection feature, the device periodically detects portal packets
sent by a portal authentication server to determine the reachability of the server. If the device
receives a portal packet within a detection timeout (timeout timeout) and the portal packet is valid,
the device considers the portal authentication server to be reachable. Otherwise, the device
considers the portal authentication server to be unreachable.
Portal packets include user login packets, user logout packets, and heartbeat packets. Heartbeat
packets are periodically sent by a server. By detecting heartbeat packets, the device can detect the
server's actual status more quickly than by detecting other portal packets.
Only the IMC portal authentication server supports sending heartbeat packets. To test server
reachability by detecting heartbeat packets, you must enable the server heartbeat feature on the
IMC portal authentication server.
You can configure the device to take one or more of the following actions when the server
reachability status changes:
Command
system-view
interface interface-type
interface-number
portal user-detect type { arp | icmp }
[ retry retries ] [ interval interval ] [ idle
time ]
Command
system-view
interface interface-type
interface-number
portal ipv6 user-detect type { icmpv6 |
nd } [ retry retries ] [ interval interval ]
[ idle time ]
148
Remarks
N/A
N/A
By default, this feature is disabled
on the interface.
Remarks
N/A
N/A
By default, this feature is disabled
on the interface.
Advertisement
Table of Contents
Troubleshooting
