R3303-HP HSR6800 Routers Security Command Reference
176
server-detect method { http | portal-heartbeat }: Specifies the portal server detection method. Two
detection methods are available:
• http: Probes HTTP connections. In this method, the access device periodically sends TCP connection
requests to the HTTP service port of the portal servers enabled on its interfaces. If the TCP
connection with a portal server can be established, the access device considers that the HTTP
service of the portal server is open and the portal server is reachable—the detection succeeds. If the
TCP connection cannot be established, the access device considers that the detection fails—the
portal server is unreachable. If a portal server does not support the portal server heartbeat function,
you can configure the device to use the HTTP probe method to detect the reachability of the portal
server.
• portal-heartbeat: Probes portal heartbeat packets. Portal servers periodically send portal heartbeat
packets to the access devices. If the access device receives a portal heartbeat packet from a portal
server within the specified interval, the access device considers that the probe succeeds and the
portal server is reachable; otherwise, it considers that the probe fails and the portal server is
unreachable. This method is effective only on portal servers that support the portal heartbeat
function. Currently, only the IMC portal server supports this function. To implement detection with
this method, you also need to configure the portal server heartbeat function on the IMC portal
server and make sure that the server heartbeat interval configured on the portal server is shorter
than or equal to the probe interval configured on the device.
action { log | permit-all | trap }: Specifies the actions to be taken when the status of a portal server
changes. The following actions are available:
• log: Specifies the action as sending a log message. When the status (reachable/unreachable) of a
portal server changes, the access device sends a log message. The log message contains the portal
server name and the current state and original state of the portal server.
• permit-all: Specifies the action as disabling portal authentication—enabling portal authentication
bypass. When the device detects that a portal server is unreachable, it disables portal
authentication on the interface referencing the portal server, allowing all portal users on this
interface to access network resources. When the access device receives the portal server heartbeat
packets or authentication packets (such as login requests and logout requests), it re-enables the
portal authentication function.
• trap: Specifies the action as sending a trap message. When the status (reachable/unreachable) of
a portal server changes, the access device sends a trap message to the network management
server (NMS). Trap message contains the portal server name and the current state of the portal
server.
interval interval: Interval at which probe attempts are made. The interval argument ranges from 20 to
600 and defaults to 20, in seconds.
retry retries: Maximum number of probe attempts. The retries argument ranges from 1 to 5 and defaults
to 3. If the number of consecutive, failed probes reaches this value, the access device considers that the
portal server is unreachable.
Usage guidelines
You can specify one or more detection methods and the actions to be taken.
If both detection methods are specified, a portal server is regarded as unreachable as long as one
detection method fails, and an unreachable portal server is regarded as recovered only when both
detection methods succeed.
If multiple actions are specified, the system executes all the specified actions when the status of a portal
server changes.