beautypg.com

Authentication process with local portal server, Configuring portal authentication, Configuration prerequisites – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 404

background image

36-8

Authentication process with local portal server

Figure 36-5 Authentication process with local portal server

With local portal server, the direct/Layer 3 authentication process is as follows:

1) When a portal user accesses a web page, the authentication client initiates an authentication

request through HTTP or HTTPS. When the HTTP or HTTPS packet arrives at an access device

using the local portal server, it is redirected to the local portal server, which then provides a Web

page for the user to enter the username and password for authentication.

2) The access device and the RADIUS server exchange RADIUS packets to authenticate the user.

3) If the user passes authentication, the local portal server pushes a logon success page to the

authentication client, informing the user of the authentication (logon) success.

If HTTPS is used, after the portal user initiates an authentication request through HTTPS, the

authentication client and the access device will first perform SSL negotiation to establish a secure path

that encrypts packets to be transferred.

Configuring Portal Authentication

Configuration Prerequisites

The portal feature provides a solution for user authentication and security authentication. However, the

portal feature cannot implement this solution by itself. Currently, RADIUS authentication needs to be

configured on the access device to cooperate with the portal feature to complete user authentication.

The prerequisites for portal authentication are as follows:

The portal-enabled interfaces of the access device are configured with valid IP addresses or have

obtained valid IP addresses through DHCP.

The portal server and the RADIUS server have been installed and configured properly. If you want

to use the local portal server, no independent portal server is required.

With re-DHCP authentication, the invalid IP address check function of DHCP relay is enabled on

the access device, and the DHCP server is installed and configured properly.

With RADIUS authentication, usernames and passwords of the users are configured on the

RADIUS server, and the RADIUS client configurations are performed on the access device. For

information about RADIUS client configuration, refer to

MAC Address Configuration

.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: