beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 135

background image

125

You can configure any combination of the configuration items described as needed, with respect to the

following:

If both detection methods are specified, a portal server will be regarded as unreachable as long as
one detection method fails, and an unreachable portal server will be regarded as recovered only

when both detection methods succeed.

If multiple actions are specified, the access device will execute all the specified actions when the
status of a portal server changes.

The detection function configured for a portal server takes effect on an interface only after you
enable portal authentication and reference the portal server on the interface.

To configure the portal server detection function:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure the portal

server detection
function.

portal server server-name server-detect
method { http | portal-heartbeat } * action
{ log | permit-all | trap } * [ interval

interval ] [ retry retries ]

Not configured by default.
The portal server specified in the
command must exist.

NOTE:

The portal heartbeat detection method works only when the portal server supports the portal server
heartbeat function. Currently, only the IMC portal server supports this function. To implement detection
with this method, you also need to configure the portal server heartbeat function on the IMC portal server

and make sure that the product of interval and retry is greater than or equal to the portal server heartbeat

interval. H3C recommends configuring the interval to be greater than the portal server heartbeat interval
configured on the portal server.

Configuring portal user information synchronization

Once the access device loses communication with a portal server, the portal user information on the

access device and that on the portal server may be inconsistent after the communication resumes. To

solve this problem, the firewall (access device) provides the portal user information synchronization
function. This function is implemented by sending and detecting the portal synchronization packet. The

process is as follows:

1.

The portal server sends the online user information to the access device in a user synchronization
packet at the user heartbeat interval, which is set on the portal server.

2.

Upon receiving the user synchronization packet, the access device checks the user information
carried in the packet with its own. If the access device finds a nonexistent user in the packet, it

informs the portal server of the information and the portal server will delete the user. If the access
device finds that one of its users does not appear in the user synchronization packets within N

consecutive synchronization probe intervals (N is equal to the value of retries configured in the

portal server user-sync command), it considers that the user does not exist on the portal server and

logs the user off.

To configure the portal user information synchronization function:

Step Command

Remarks

1.

Enter system view.

system-view

N/A