153
To do… Use the command…
Remarks
Set the Layer 2 portal user
detection interval
portal offline-detect interval
offline-detect-interval
Required
300 seconds by default
Configuring the portal server detection function
NOTE:
Only Layer 3 portal authentication supports this feature.
During portal authentication, if the communication between the access device and portal server is
broken, new portal users are not able to log on and the online portal users are not able to log off normally.
To address this problem, the access device needs to be able to detect the reachability changes of the
portal server quickly and take corresponding actions to deal with the changes. For example, once
detecting that the portal server is unreachable, the access device allows portal users to access network
resources without authentication. This function is referred to as portal authentication bypass. It allows for
flexible user access control.
With the portal server detection function, the device can detect the status of a specific portal server. The
specific configurations include:
1. Detection methods (you can choose either or both)
• Probing HTTP connections: The access device periodically sends TCP connection requests to the
HTTP service port of the portal servers configured on its interfaces. If the TCP connection with a
portal server can be established, the access device considers that the probe succeeds (the HTTP
service of the portal server is open and the portal server is reachable). If the TCP connection cannot
be established, the access device considers that the probe fails and the portal server is
unreachable.
• Probing portal heartbeat packets: A portal server that supports the portal heartbeat function, (only
the portal server of iMC supports this function), sends portal heartbeat packets to portal access
devices periodically. If an access device receives a portal heartbeat packet or an authentication
packet within a probe interval, the access device considers that the probe succeeds and the portal
server is reachable; otherwise, it considers that the probe fails and the portal server is unreachable.
2. Probe parameters
• Probe interval: Interval at which probe attempts are made.
• Maximum number of probe attempts: Maximum number of consecutive probe attempts allowed. If
the number of consecutive probes reaches this value, the access device considers that the portal
server is unreachable.
3. Actions to be taken when the server reachability status changes (you can choose one or more)
• Sending a trap message: When the status of a portal server changes, the access device sends a
trap message to the network management server (NMS). The trap message contains the portal
server name and the current state of the portal server.
• Sending a log: When the status of a portal server changes, the access device sends a log message.
The log message indicates the portal server name and the current state and original state of the
portal server.
• Disabling portal authentication—enabling portal authentication bypass: When the device detects
that a portal server is unreachable, it disables portal authentication on the interfaces that use the
portal server (allows all portal users on the interfaces to access network resources). When the
To Next Page
Loading...
Need help?
General