Portal system components, Authentication client, Access device – H3C Technologies H3C WX6000 Series Access Controllers User Manual

36-2

Resource access limit: A user passing identity authentication can access only network resources

like the anti-virus server or OS patch server, which are called the restricted resources. Only users

passing security authentication can access more network resources, which are called the

unrestricted resources.

Portal System Components

As shown in

Figure 36-1

, a typical portal system consists of five basic components: authentication client,

access device, portal server, authentication/accounting server, and security policy server.

A portal server can be an entity independent of the access device or an entity embedded in the access

device. In this document, the term portal server refers to an independent portal server, and the term

local portal server refers to an embedded one.

Figure 36-1 Portal system components

Authentication client

Client system of a user to be authenticated. It can be a browser using the Hypertext Transfer Protocol

(HTTP), or a host running the portal client software. The security authentication of a client depends on

the communications between the portal client and the security policy server.

Access device

Device for broadband access. It can be a switch or a router that provides the following three functions:

Before authentication, redirecting all HTTP requests from users in the subnet to be authenticated to

the portal server.

During authentication, interacting with the portal server, security policy server and the

authentication/accounting server for identity authentication, security authentication and

accounting.

After authentication, allowing users to access granted Internet resources.