Configuring portal authentication server detection
During portal authentication, if the communication between the access device and portal authentication server is broken, both of the following occur:
New portal users are not able to log in.
The online portal users are not able to log out normally.
To address this problem, the access device needs to be able to detect the reachability changes of the portal server quickly and take corresponding actions to deal with the changes.
With the portal authentication server detection feature, the device periodically detects portal packets sent by a portal authentication server to determine the reachability of the server. If the device receives a portal packet within a detection timeout (timeout timeout) and the portal packet is valid, the device considers the portal authentication server to be reachable. Otherwise, the device considers the portal authentication server to be unreachable.
Portal packets include user login packets, user logout packets, and heartbeat packets. Heartbeat packets are periodically sent by a server. By detecting heartbeat packets, the device can detect the server's actual status more quickly than by detecting other portal packets.
Only the IMC portal authentication server supports sending heartbeat packets. To test server reachability by detecting heartbeat packets, you must enable the server heartbeat feature on the IMC portal authentication server.
You can configure the device to take one or more of the following actions when the server reachability status changes:
Sending a trap message to the NMS. The trap message contains the name and current state of the portal authentication server.
Sending a log message, which contains the name, the current state, and the original state of the portal authentication server.
Enabling portal fail-permit. When the portal authentication server is unreachable, the portal fail-permit feature on an interface allows users on the interface to have network access. When the server recovers, it resumes portal authentication on the interface. For more information, see "Configuring the portal fail-permit feature."
To configure portal authentication server detection:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A- |
2. Enter portal authentication server view. | portal server server-name | N/A |
3. Configure portal authentication server detection. | server-detect [ timeout timeout ] { log | trap } * | By default, portal authentication server detection is disabled. This feature takes effect regardless of whether portal authentication is enabled on an interface or not. Make sure the detection timeout is greater than the portal server heartbeat interval on the portal authentication server. |