R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG TAA-compliant Router

151

152

153

154

155

156

157

158

159

160

141

• Specify the portal group to which the portal service backup interface belongs. Be sure to specify the

same portal group for the portal service backup interfaces that back up each other on the two

devices.

• Specify the device ID. Make sure that the device ID of the local device is different from that of the

peer device.

• Specify the backup source IP address for outgoing RADIUS packets as the source IP address for

RADIUS packets that is configured on the peer device, so that the peer device can receive packets

from the server. (This configuration is optional.)

• Specify the stateful failover interface, and enable stateful failover on the interface. For related

configuration, see High Availability Configuration Guide.

After the stateful failover state of the two devices changes from independence to synchronization and the

portal group takes effect, the two devices start to back up the data of online portal users for each other.

Configuration guidelines

• In stateful failover mode, the device does not support re-DHCP portal authentication on the portal

service backup interface.

• In stateful failover mode, if a user on either device is logged out, information about the user on the

other device is deleted, too. You can log off a user on the device or on the portal server. For example,

you can use the cut connection and portal delete-user commands on the device to log off users.

• The AAA and portal configuration must be consistent on the two devices that back up each other.

For example, you must configure the same portal server on the two devices.

Configuration procedure

To configure stateful failover:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Specify the portal group to

which the portal service

backup interface belongs.

portal backup-group group-id

By default, the portal service

backup interface does not belong

to any portal group.

The portal service backup

interfaces on the two devices for

stateful failover must belong to the

same portal group.

4. Return to system view.

quit N/A

5. Specify the device ID in

stateful failover mode.

nas device-id device-id

By default, the device operates in

stand-alone mode, and thus has no

device ID configured.

For more information about the

command, see Security Command

Reference.