R0106-HP MSR Router Series Security Configuration Guide(V7)
124
With the portal authentication server detection function, the device periodically detects portal packets
sent by a portal authentication server to determine the reachability of the server.
If the portal authentication server receives a portal packet within a detection timeout (timeout timeout)
and the portal packet is valid, the device considers the portal authentication server to be reachable.
Otherwise, the device considers the portal authentication server to be unreachable.
You can configure the device to take one or more of the following actions when the server reachability
status changes:
• Sending a trap message to the NMS. The trap message contains the name and current state of the
portal authentication server.
• Sending a log message, which contains the name, the current state, and the original state of the
portal authentication server.
• Enabling portal fail-permit. When the portal authentication server is unreachable, the portal
fail-permit function on an interface allows users on the interface to have network access. When the
server recovers, it resumes portal authentication on the interface. For more information, see
"Configuring the portal fail-permit function."
Portal packets for the detection function include user login packets, user logout packets, and heartbeat
packets. Heartbeat packets are periodically sent by a server. By detecting heartbeat packets, the device
can detect the server's actual status sooner than by detecting other portal packets.
Only the IMC portal authentication server supports sending heartbeat packets. To test server reachability
by detecting heartbeat packets, you must enable the server heartbeat function on the IMC portal
authentication server.
To configure the portal authentication server detection function:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A-
2. Enter portal
authentication server
view.
portal server server-name N/A
3. Configure the portal
authentication server
detection function.
server-detect [ timeout timeout ] { log |
trap } *
By default, portal authentication
server detection is disabled.
This function takes effect
regardless of whether portal
authentication is enabled on an
interface or not.
Configuring portal Web server detection
A portal authentication process cannot complete if the communication between the access device and
the portal Web server is broken. To address this problem, you can enable portal Web server detection
on the access device.
With the portal Web server detection function, the access device simulates a Web access process to
initiate a TCP connection to the portal Web server. If the TCP connection can be established successfully,
the access device considers the detection succeeds, and the portal Web server is reachable. Otherwise,
it considers the detection to have failed. Portal authentication status on interfaces of the access device
does not affect the portal Web server detection function.
You can configure the following detection parameters: