Portal stateful failover, Overview – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

154

2.

The portal server sends a portal authentication request to the access device, and starts a timer to

wait for the portal authentication reply. The portal authentication request contains several
EAP-Message attributes, which are used to encapsulate the EAP packet sent from the

authentication client and carry the certificate information of the client.

3.

After the access device receives the portal authentication request, it constructs a RADIUS
authentication request and sends it to the RADIUS server. The EAP-Message attributes in the

RADIUS authentication request are those carried in the received portal authentication request.

4.

The access device sends a certificate request to the portal server according to the reply received

from the RADIUS server. The certificate request also contains several EAP-Message attributes,
which are used to transfer the certificate information of the RADIUS server. The EAP-Message

attributes in the certificate request are those carried in the RADIUS authentication reply.

5.

After receiving the certificate request, the portal server sends an EAP authentication reply to the
authentication client, carrying the EAP-Message attribute values.

6.

The authentication client sends another EAP request to continue the EAP authentication with the
RADIUS server, during which there may be several portal authentication requests. The subsequent

authentication processes are the same as that initiated by the first EAP request, except that the EAP
request types vary with the EAP authentication phases.

7.

After the authentication client passes the EAP authentication, the RADIUS server sends an
authentication reply to the access device. This reply carries the EAP-Success message in the

EAP-Message attribute.

8.

The access device sends an authentication reply to the portal server. This reply carries the
EAP-Success message in the EAP-Message attribute.

9.

The portal server notifies the authentication client of the authentication success.

10.

The portal server sends an authentication reply acknowledgment to the access device.

The remaining steps are for extended portal authentication. For more information about the steps, see the

portal authentication process with CHAP/PAP authentication.

Portal stateful failover

Overview

The stateful failover feature supports hot backup of services on two devices. It can be configured on key
devices to avoid service interruptions caused by single point failures. When operating normally, the two

devices synchronize the service information of each other. If one device fails, the other device takes over

the services.
To implement stateful failover, you need to specify an stateful failover interface on each device and
connect the two stateful failover interfaces through a failover link, or specify a dedicated VLAN (called

the "backup VLAN") on each device for stateful failover packets. If both a failover link and a backup

VLAN are configured, add the physical ports at the two ends of the failover link to the backup VLAN. For

more information about the stateful failover feature, see High Availability Configuration Guide.