Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
171172173174175176177178179180
160
Users logged out by the access device still exist on the portal
authentication server
Symptom
After you log out a portal user on the access device, the user still exists on the portal authentication server.
Analysis
When you execute the portal delete-user command on the access device to log out a user, the access
device sends an unsolicited logout notification to the portal authentication server. If the BAS-IP or
BAS-IPv6 address carried in the logout notification is different from the portal device IP address specified
on the portal authentication server, the portal authentication server discards the logout notification.
When sending of the logout notifications times out, the access device logs out the user. However, the
portal authentication server does not receive the logout notification successfully, and therefore it regards
the user is still online.
Solution
Configure the BAS-IP or BAS-IPv6 attribute on the interface enabled with portal authentication. Make
sure the attribute value is the same as the portal device IP address specified on the portal authentication
server.
Re-DHCP portal authenticated users cannot log in successfully
Symptom
The device performs re-DHCP portal authentication for users. A user enters the correct username and
password, and the client successfully obtains the private and public IP addresses. However, the
authentication result for the user is failure.
Analysis
When the access device detects that the client IP address is changed, it sends an unsolicited portal
packet to notify of the IP change to the portal authentication server. The portal authentication server
notifies of the authentication success only after it receives the IP change notification from both the access
device and the client.
If the BAS-IP or BAS-IPv6 address carried in the portal notification packet is different from the portal
device IP address specified on the portal authentication server, the portal authentication server discards
the portal notification packet. As a result, the portal authentication server considers that the user has
failed the authentication.
Solution
Configure the BAS-IP or BAS-IPv6 attribute on the interface enabled with portal authentication. Make
sure the attribute value is the same as the portal device IP address specified on the portal authentication
server.