131
NOTE:
• To use this feature for remote Layer 3 portal authentication, the portal server must be the iMC portal
server and the iMC portal server must support the page auto-redirection function.
• The wait-time
period
option is effective to only local portal authentication.
• When no auto redirection URL is specified for authenticated portal users, an authenticated user is
usually redirected to the URL the user typed in the address bar before portal authentication. However,
with local portal authentication, if the URL a user typed in the address bar before portal authentication
is more than 255 characters, the user cannot be redirected to the pa
e of the URL after passin
portal
authentication.
Configuring portal detection functions
Configuring online Layer 2 portal user detection
After a Layer 2 portal user gets online, the device starts a detection timer for the user, and checks whether
the user's MAC address entry has been aged out or the user's MAC address entry has been matched (a
match means a packet has been received from the user) at the interval. If the device finds no MAC
address entry for the user or receives no packets from the user during two successive detection intervals,
the device considers that the user has gone offline and clears the authentication information of the user.
Follow these steps to set the Layer 2 portal user detection interval:
To do… Use the command…
Remarks
Enter system view system-view —
Enter interface view interface interface-type interface-number —
Set the Layer 2 portal user
detection interval
portal offline-detect interval
offline-detect-interval
Required
300 seconds by default
Configuring the portal server detection function
NOTE:
Only Layer 3 portal authentication supports this feature.
During portal authentication, if the communication between the access device and portal server is
broken, new portal users are not able to log on and the online portal users are not able to log off normally.
To address this problem, the access device needs to be able to detect the reachability changes of the
portal server quickly and take corresponding actions to deal with the changes. For example, once
detecting that the portal server is unreachable, the access device allows portal users to access network
resources without authentication. This function is referred to as portal authentication bypass. It allows for
flexible user access control.
With the portal server detection function, the device can detect the status of a specific portal server. The
specific configurations include:
1. Detection methods (you can choose either or both)
• Probing HTTP connections: The access device periodically sends TCP connection requests to the
HTTP service port of the portal servers configured on its interfaces. If the TCP connection with a
To Next Page
Loading...
Need help?
General
