4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

451

452

453

454

455

456

457

458

459

460

441

interval interval: Sets a detection interval in the range of 1 to 1200 seconds. The default interval is 3

seconds.

idle time: Sets the user idle timeout in the range of 60 to 3600 seconds. The default is 180 seconds.

When the timeout expires, online detection of portal users is restarted.

Usage guidelines

After online detection of portal users is enabled on the interface, the device periodically sends detection

packets of the specified type to login portal users to verify if they are online. The detection process is as

follows:

When the device receives no packet from a portal user within the configured idle time, the device sends

detection packets to the user.

• If the device receives no reply from the user after sending detection packets to the user for the

maximum number of times, the device logs out the portal user.

• If the device receives a reply, it stops sending detection packets and waits for the user idle timeout

to expire.

Direct authentication and re-DHCP authentication support both ND detection and ICMPv6 detection.

Cross-subnet authentication only supports ICMPv6 detection.

If firewall policies on the access device filter out ICMPv6 packets, ICMPv6 detection might fail and result

in the logout of portal users. Make sure the access device does not block ICMPv6 packets before you

enable ICMPv6 detection on an interface.

Examples

# Enable online detection of IPv6 portal users on interface Ethernet 1/1. Configure the detection type as

ICMPv6, the maximum number of detection attempts as 5, the detection interval as 10 seconds, and the

user idle timeout as 300 seconds.

<Sysname> system-view

[Sysname] interface Ethernet1/1

[Sysname–Ethernet1/1] portal ipv6 user-detect type icmpv6 retry 5 interval 10 idle 300

Related commands

display portal interface

portal layer3 source

Use portal layer3 source to configure an IPv4 portal authentication source subnet on an interface.

Use undo portal layer3 source to delete IPv4 portal authentication source subnets.

Syntax

portal layer3 source ipv4-network-address { mask-length | mask }

undo portal layer3 source [ ipv4-network-address ]

Default

No IPv4 portal authentication source subnet is configured on the interface. Portal users from any IPv4

subnet must pass portal authentication.

Views

Interface view