No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Setting the Offline Detection Interval for Portal Authentication Users

(Optional) Setting the Offline Detection Interval for Portal Authentication Users

Context

If a Portal authentication user goes offline due to power failure or network interruption, the device and Portal server may still store user information, which leads to incorrect accounting. In addition, a limit number of users can access the device. If a user goes offline improperly but the device still stores user information, other users cannot access the network.

After the offline detection interval is set for Portal authentication users, if a user does not respond within the interval, the device considers the user offline. The device and Portal server then delete the user information and release the occupied resources to ensure efficient resource use.

NOTE:

This function applies only to Layer 2 Portal authentication, and takes effect on external Portal servers.

The heartbeat detection function of the authentication server can be used to ensure the normal online status of PC users for whom Layer 3 Portal authentication is used. If the authentication server detects that a user goes offline, it instructs the device to disconnect the user.

If the number of offline detection packets (ARP packets) exceeds the default CAR value, the detection fails and the users are logged out. To resolve the problem, the following methods are recommended:
  • Increase the detection interval based on the number of users. The default detection interval is recommended when there are less than 8000 users; the detection interval should be no less than 600 seconds when there are more than 8000 users.
  • Deploy the port attack defense function on the access device and limit the rate of packets sent to the CPU.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run portal timer offline-detect time-length

    The period for detecting Portal authentication user logout is set.

    By default, the interval for detecting Portal authentication user logout is 300s. When the interval is set to 0, offline detection is not performed.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 23160

Downloads: 6

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next