Enabling support for portal user moving
Only Layer 2 portal authentication supports this feature.
In cases where there are hubs, Layer 2 switches, or APs between users and the access devices and an authenticated user moves from the current access port to another Layer 2-portal-authentication-enabled port of the device without logging off, the user will not have access as long as the original port is still active. This occurs because the original port maintains the authentication information of the user and, by default, the device does not permit such users online access from another port by default.
When support for portal user moving is enabled on the device, either of the following occurs:
If the original port is still up and the two ports belong to the same VLAN, the device allows the user to continue to access the network without re-authentication, and uses the new port information for user accounting.
If the original port is down or the two ports belong to different VLANs, the device removes the authentication information of the user from the original port and authenticates the user on the new port.
To enable support for portal user moving:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable support for portal user moving. | portal move-mode auto | Disabled by default. |
![[NOTE: ]](images/note.png) | NOTE: For a user with authorization information (such as authorized VLAN) configured, after the user moves from a port to another, the device tries to assign the authorization information to the new port. If the operation fails, the device deletes the user's information from the original port and re-authenticates the user on the new port. | |