R0106-HP MSR Router Series Security Configuration Guide(V7)
125
• Detection interval—Interval at which the device detects the server reachability.
• Maximum number of consecutive failures—If the number of consecutive detection failures reaches
this value, the access device considers that the portal Web server is unreachable.
You can configure the device to take one or more of the following actions when the server reachability
status changes:
• Sending a trap message to the NMS. The trap message contains the name and current state of the
portal Web server.
• Sending a log message, which contains the name, the current state, and the original state of the
portal Web server.
• Enabling portal fail-permit. When the portal Web server is unreachable, the portal fail-permit
function on an interface allows users on the interface to have network access. When the server
recovers, it resumes portal authentication on the interface. For more information, see "Configuring
the por
tal fail-permit function."
To configure the portal Web server detection function:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter portal Web
server view.
portal web-server server-name
N/A
3. Configure the portal
Web server detection
function.
server-detect [ interval interval ] [ retry
retries ] { log | trap } *
By default, portal Web server
detection is disabled.
This function takes effect regardless
of whether portal authentication is
enabled on an interface or not.
Configuring portal user synchronization
Once the access device loses communication with a portal authentication server, the portal user
information on the access device and that on the portal authentication server might be inconsistent after
the communication resumes. To address this problem, the device provides the portal user synchronization
function by sending and detecting portal synchronization packets, as follows:
1. The portal authentication server sends the online user information to the access device in a
synchronization packet at the user heartbeat interval, which is set on the portal authentication
server.
2. Upon receiving the synchronization packet, the access device compares the users carried in the
packet with its own user list. If a user contained in the packet does not exist on the access device,
the access device informs the portal authentication server to delete the user. The access device
starts the synchronization detection timer (timeout timeout) immediately when a user logs in. If the
user does not appear in any synchronization packet within a synchronization detection interval,
the access device considers the user does not exist on the portal authentication server and logs the
user out.
The user synchronization function requires a portal authentication server to support the portal user
heartbeat function. Only the IMC portal authentication server supports the portal user heartbeat function.
To implement the portal user synchronization function, you also need to configure the user heartbeat
function on the portal authentication server. Make sure the user heartbeat interval configured on the