Portal authentication process – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 402

Advertising
background image

36-6

Portal Authentication Process

Direct authentication and Layer 3 authentication share the same authentication process, while

re-DHCP authentication has a different process because of the presence of two address allocation

procedures.

Direct authentication/Layer 3 authentication process

Figure 36-3 Direct authentication/Layer 3 authentication process

The direct authentication/Layer 3 authentication process is as follows:

1) A portal user initiates an authentication request through HTTP. When the HTTP packet arrives at

the access device, the access device allows it to pass if it is destined for the portal server or a

predefined free website, or redirects it to the portal server if it is destined for other websites. The

portal server provides a web page for the user to enter the username and password.

2) The portal server and the access device exchange Challenge Handshake Authentication Protocol

(CHAP) messages. For Password Authentication Protocol (PAP) authentication, this step is

skipped.

3) The portal server assembles the username and password into an authentication request message

and sends it to the access device. Meanwhile, the portal server starts a timer to wait for an

authentication acknowledgment message.

4) The access device and the RADIUS server exchange RADIUS packets to authenticate the user.

5) If the user passes authentication, the access device sends an authentication acknowledgment

message to the portal server.

6) The portal server sends an authentication acknowledgment message to the authentication client to

notify it of logon success.

7) The portal server sends an affirmation message to the access device.

With extended portal functions, the process includes two additional steps:

8) The security policy server exchanges security authentication information with the client to check

whether the authentication client meets the security requirements.

9) The security policy server authorizes the user to access unrestricted resources based on the

security configuration for the user. The authorization information is stored on the access device

and used by the access device to control user access.

Advertising
This manual is related to the following products:

H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module

Popular Brands
Popular manuals