beautypg.com

Cross-subnet authentication, Portal authentication process – H3C Technologies H3C S6300 Series Switches User Manual

Page 107

background image

92

can allocate public IP addresses to broadband users only when they access networks beyond the

residential community network.
Only the H3C iNode client supports re-DHCP authentication. IPv6 portal authentication does not support

the re-DHCP authentication mode.

Cross-subnet authentication

Cross-subnet authentication is similar to direct authentication, except it allows Layer 3 forwarding devices

to exist between the authentication client and the access device.
In direct authentication, re-DHCP authentication, and cross-subnet authentication, a user's IP address

uniquely identifies the user. After a user passes authentication, the access device generates an ACL for

the user based on the user's IP address to control forwarding of the packets from the user. Because no

Layer 3 forwarding device exists between authentication clients and the access device in direct
authentication and re-DHCP authentication, the access device can learn the user MAC addresses. The

access device can enhance its capability of controlling packet forwarding by using the learned MAC

addresses.

Portal authentication process

Direct authentication and cross-subnet authentication share the same authentication process. Re-DHCP

authentication has a different process as it has two address allocation procedures.

Direct authentication/cross-subnet authentication process (with CHAP/PAP authentication)

Figure 34 Direct authentication/cross-subnet authentication process

The direct/cross-subnet authentication process is as follows:

1.

A portal user access the Internet through HTTP, and the HTTP packet arrives at the access device.

{

If the packet matches a portal free rule, the access device allows the packet to pass.

{

If the packet does not match any portal-free rule, the access device redirects the packet to the
portal Web server. The portal Web server pushes the Web authentication page to the user for

him to enter his username and password.

2.

The portal Web server submits the user authentication information to the portal authentication
server.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: