Portal authentication process – H3C Technologies H3C S7500E Series Switches User Manual
Page 142
8-5
Portal Authentication Process
Direct authentication and Layer 3 authentication share the same authentication process, while
re-DHCP authentication has a different process because of the presence of two address
allocation procedures.
Direct authentication/Layer 3 authentication process
Figure 8-2 Direct authentication/Layer 3 authentication process
The direct authentication/Layer 3 authentication process is as follows:
1) An authentication client initiates authentication by sending an HTTP request. When the
HTTP packet arrives at the access device, the access device allows it to pass if it is
destined for the portal server or a predefined free website, or redirects it to the portal server
if it is destined for other websites. The portal server pushes a web authentication page to
the user and the user enters the username and password.
2) The portal server and the access device exchange Challenge Handshake Authentication
Protocol (CHAP) messages. For Password Authentication Protocol (PAP) authentication,
this step is skipped.
3) The portal server assembles the username and password into an authentication request
message and sends it to the access device. Meanwhile, the portal server starts a timer to
wait for an authentication acknowledgment message.
4) The access device and the RADIUS server exchange RADIUS packets to authenticate the
user.
5) If the user passes authentication, the access device sends an authentication
acknowledgment message to the portal server.
6) The portal server sends an authentication acknowledgment message to the authentication
client to notify it of logon success.
7) The portal server sends a confirmation message to the access device.
With extended portal functions, the process includes two additional steps:
8) The security policy server exchanges security checking information with the client to check
whether the authentication client meets the security requirements.