307
Configuring online Layer 3 portal user detection
This feature is available only for the direct and re-DHCP portal authentication configured on a Layer
3 interface.
With online portal user detection enabled on an interface, the device periodically sends probe
packets (ARP requests) to the portal users on the interface to check whether the portal users are still
online, to find portal users who get offline without logging off.
• If the device receives a reply from a portal user before sending probe packets to the portal user
for the maximum number of times, it considers that the portal user is online and keeps sending
probe packets to the portal user.
• If the device receives no reply from a portal user after sending probe packets to the portal user
for the maximum number of times, it considers that the portal user is offline and stops sending
probe packets to the portal user and deletes the user.
To configure online Layer 3 portal user detection:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Configure online Layer 3
portal user detection.
access-user detect type arp
retransmit
number
interval
interval
Not configured by default.
NOTE:
Adjust the maximum number of transmission attempts and the interval of sending probe packets
according to the actual network conditions.
Configuring the portal server detection function
Only Layer 3 portal authentication supports this feature.
During portal authentication, if the communication between the access device and portal server is
broken, new portal users are not able to log on and the online portal users are not able to log off. To
address this problem, the access device needs to be able to detect the reachability changes of the
portal server quickly and take corresponding actions to deal with the changes. For example, once
detecting that the portal server is unreachable, the access device allows portal users to access
network resources without authentication. This function is referred to as portal authentication bypass.
It allows for flexible user access control.
With the portal server detection function, the device can detect the status of a specific portal server.
The specific configurations include:
1. Detection methods (you can choose either or both)
{ Probing HTTP connections—The access device periodically sends TCP connection
requests to the HTTP service port of the portal servers configured on its interfaces. If the
TCP connection with a portal server can be established, the access device considers that
the probe succeeds (the HTTP service of the portal server is open and the portal server is
reachable). If the TCP connection cannot be established, the access device considers that
the probe fails and the portal server is unreachable.
{ Probing portal heartbeat packets—A portal server that supports the portal heartbeat
function (only the IMC portal server supports this function) sends portal heartbeat packets to
portal access devices periodically. If an access device receives a portal heartbeat packet or
an authentication packet within a probe interval, the access device considers that the probe
To Next Page
Loading...
Need help?
General
