4000 Router Series Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

321

322

323

324

325

326

327

328

329

330

310

During a re-DHCP portal authentication or mandatory user logout process, the device sends portal

notification packets to the portal authentication server. For the authentication or logout process to

complete, make sure the BAS-IP/BAS-IPv6 attribute is the same as the device IP or IPv4 address specified

on the portal authentication server.

To configure the BAS-IP attribute for unsolicited portal packets sent to the portal authentication server:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Configure BAS-IP for IPv4

portal packets sent to the

portal authentication

server.

portal bas-ip ipv4-address

By default, the BAS-IP attribute of an IPv4

portal response packet sent to the portal

authentication server is the source IPv4

address of the packet, and that of an IPv4

portal notification packet is the IPv4

address of the interface.

4. Configure BAS-IPv6 for

IPv6 portal packets sent to

the portal authentication

server.

portal bas-ipv6 ipv6-address

By default, the BAS-IPv6 attribute of an

IPv6 portal response packet sent to the

portal authentication server is the source

IPv6 address of the packet, and that of an

IPv6 portal notification packet is the IPv6

address of the interface.

Enabling portal roaming

Portal roaming takes effect only on portal users logging in from VLAN interfaces. It does not take effect

on portal users logging in from common Layer 3 interface.

If portal roaming is enabled on a VLAN interface, an online portal user can access resources from any

Layer 2 port in the VLAN without re-authentication.

If portal roaming is disabled, to access external network resources from a Layer 2 port different from the

current access port in the VLAN, the user must first log out from the current port and then re-authenticate

on the new Layer 2 port.

To enable portal roaming:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable portal

roaming.

portal roaming enable

By default, portal roaming is

disabled.

You cannot enable portal roaming

when login users exist on the device.

Logging out portal users

Logging out a user terminates the authentication process for the user or removes the user from the

authenticated users list.