This section describes how to configure online user information synchronization.
The configuration of online user information synchronization varies with device roles. For the configurations on devices with different roles, see online user information synchronization in User Organizational Structure.
Step |
Device That Sends Synchronization Messages |
Device That Receives Synchronization Messages |
Query Server |
Description |
|---|---|---|---|---|
1. Access the view for automatically synchronizing online user information. |
Y |
Y |
Y |
- |
2. Set a local ID. local-id id |
Y |
Y |
Y |
Ensure that each local ID is unique. Do not change the local ID unless necessary. |
3. Set a service port. The default port number is 8886. local-server port port-number |
Y |
Y |
Y |
- |
4. Configure a shared key. shared-key shared-key |
Y |
Y |
Y |
By default, automatic online user synchronization or query messages are transmitted in plain text. For security, you are advised to set a shared key for encrypted transmission. The two communication parties must use the same shared key. |
5. Specify the IP address and port number of the device that receives synchronization messages. advise-to address ip-address port port-number |
Y |
Y (mutual synchronization among devices) |
N |
The port number must be the same as local-server port on the peer. As online user entries are frequently matched on the query server, the server performance may deteriorate. Therefore, you are not advised to configure the query server to send synchronization messages to other devices. |
6. Specify the IP address of the query server. query-from address ip-address port port-number |
Y |
Y |
N |
Generally, a device with frequent user traffic, such as an egress firewall, is selected as the query server because entries on such a device are not easy to expire. |
7. Enable the automatic online user synchronization function. |
Y |
Y |
Y |
- |