Re-dhcp authentication process – H3C Technologies H3C WX6000 Series Access Controllers User Manual

36-7

Re-DHCP authentication process

Figure 36-4 Re-DHCP authentication process

Authentication/

accounting server

Authentication

client

Portal server

Access device

6) Authentication

succeeds

Security

policy server

12) Security authentication

13) Authorization

7) The user obtains

a new IP address

8) Discover user IP change

10) Notify the user of

login success

9) Detect user IP change

11) IP change

acknowledgement

Timer

1) Initiate a connection

2) CHAP authentication

3) Authentication request

5) Authentication

acknowledgement

4) RADIUS

authentication

The re-DHCP authentication process is as follows:

Step 1 through step 6 are the same as those in the direct authentication/Layer 3 portal authentication

process.

7) After receiving an authentication acknowledgment message, the authentication client obtains a

new public IP address through DHCP and notifies the portal server that it has obtained a public IP

address.

8) The portal server notifies the access device that the authentication client has obtained a new public

IP address.

9) Detecting the change of the IP address by examining ARP packets received, the access device

notifies the portal server of the change.

10) The portal server notifies the authentication client of logon success.

11) The portal server sends a user IP address change acknowledgment message to the access

device.

With extended portal functions, the process includes two additional steps:

12) The security policy server exchanges security authentication information with the client to check

whether the authentication client meets the security requirements.

13) The security policy server authorizes the user to access unrestricted resources based on the

security configuration for the user. The authorization information is stored on the access device

and used by the access device to take control of user access.