beautypg.com

H3C Technologies H3C S6300 Series Switches User Manual

Page 108

background image

93

3.

The portal authentication server and the access device exchange CHAP messages. This step is

skipped for PAP authentication. The portal authentication server decides the method (CHAP or PAP)
to use.

4.

The portal authentication server adds the username and password into an authentication request
packet and sends it to the access device. Meanwhile, the portal authentication server starts a timer

to wait for an authentication reply packet.

5.

The access device and the RADIUS server exchange RADIUS packets.

6.

The access device sends an authentication reply packet to the portal authentication server to notify
authentication success or failure.

7.

The portal authentication server sends an authentication success or failure packet to the client.

8.

If the authentication is successful, the portal authentication server sends an authentication reply
acknowledgement packet to the access device.

If the client is an iNode client, the authentication process includes step 9 and step 10 for extended portal
functions. Otherwise the authentication process is complete.

9.

The client and the security policy server exchange security check information. The security policy
server detects whether or not the user host installs anti-virus software, virus definition file,

unauthorized software, and operating system patches.

10.

The security policy server authorizes the user to access certain network resources based on the
check result. The access device saves the authorization information and uses it to control access of

the user.

Re-DHCP authentication process (with CHAP/PAP authentication)

Figure 35 Re-DHCP authentication process

The re-DHCP authentication process is as follows:
Step 1 through step 7 are the same as those in the direct authentication/cross-subnet authentication

process.

AAA

server

Authentication

client

Portal authentication

server

Access

device

1) Initiate a connection

3) CHAP authentication

4) Authentication request

6) Authentication reply

5) RADIUS

authentication

7) Authentication success

Security

policy server

13) Security check

14) Authorization

8) The user obtains a new IP address

9) Discover user IP change

11) Notify login success

10) Detect user IP change

12) IP change

acknowledgement

Timer

Portal Web

server

2) Use information

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: