Portal support for eap authentication process – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

153

Authentication process with the local portal server

Figure 72 Authentication process with the local portal server

With the local portal server, the direct/cross-subnet authentication takes the following procedure:

1.

A portal client initiates authentication by sending an HTTP or HTTPS request. When the HTTP
packet arrives at an access device using the local portal server, it is redirected to the local portal

server, which then pushes a web authentication page for the user to enter the username and

password. The listening IP address of the local portal server is the IP address of a Layer 3 interface
on the access device that can communicate with the portal authentication client.

2.

The access device and the RADIUS server exchange RADIUS packets to authenticate the user.

3.

If the user passes authentication, the local portal server pushes a logon success page to the
authentication client, informing the user of the authentication (logon) success.

Portal support for EAP authentication process

Figure 73 Portal support for EAP authentication process

All portal authentication modes share the same EAP authentication steps. The following takes the direct

portal authentication as an example to show the EAP authentication process:

1.

The authentication client sends an EAP Request/Identity message to the portal server to initiate an

EAP authentication process.

Authentication/

Accounting server

Authentication

client

Portal server

Access

device

1) EAP request

2) Authentication request

4) Certificate request

3) RADIUS

authentication

10) Authentication reply

ACK

Authorization

Timer

Security check

5) EAP response

…

6) EAP authentication

…

7) Authentication

success

8) Authentication reply

9) Login success

Security

policy server