Manualshelf

R0106-HP MSR Router Series Security Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router
181182183184185186187188189190
175
Usage guidelines
After online detection of portal users is enabled on the interface, the device periodically sends detection
packets of the specified type to login portal users to verify if they are online. The detection process is as
follows:
When the device receives no packets from a portal user within the configured idle time, the device sends
detection packets to the user.
If the device receives no reply from the user after sending detection packets to the user for the
maximum number of times, the device logs out the portal user.
If the device receives a reply, it stops sending detection packets. Then the device restarts the idle
timer and waits for the packets from the user.
Direct authentication and re-DHCP authentication support both ND detection and ICMPv6 detection.
Cross-subnet authentication only supports ICMPv6 detection.
If firewall policies on the access device filter out ICMPv6 packets, ICMPv6 detection might fail and result
in the logout of portal users. Make sure the access device does not block ICMPv6 packets before you
enable ICMPv6 detection on an interface.
Examples
# Enable online detection of IPv6 portal users on interface GigabitEthernet 2/1/1. Configure the
detection type as ICMPv6, the maximum number of detection attempts as 5, the detection interval as 10
seconds, and the user idle timeout as 300 seconds.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/1/1
[Sysname–GigabitEthernet2/1/1] portal ipv6 user-detect type icmpv6 retry 5 interval 10
idle 300
Related commands
display portal interface
portal layer3 source
Use portal layer3 source to configure an IPv4 portal authentication source subnet on an interface.
Use undo portal layer3 source to delete IPv4 portal authentication source subnets.
Syntax
portal layer3 source ipv4-network-address { mask-length | mask }
undo portal layer3 source [ ipv4-network-address ]
Default
No IPv4 portal authentication source subnet is configured on the interface. Portal users from any IPv4
subnet must pass portal authentication.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv4-network-address: Specifies an IPv4 portal authentication source subnet address.