beautypg.com

Portal configuration task list – H3C Technologies H3C SecPath F1000-E User Manual

Page 7

background image

6

The re-DHCP authentication process is as follows:
Step 1 through step 6 are the same as those in the direct authentication/cross-subnet authentication

process.

Step7

After receiving the authentication success message, the authentication client obtains a new public IP

address through DHCP and notifies the portal server that it has obtained a public IP address.

Step8

8The portal server notifies the access device that the authentication client has obtained a new public IP

address.

Step9

Detecting the change of the IP address by examining ARP packets received, the access device notifies

the portal server of the change.

Step10

The portal server notifies the authentication client of logon success.

Step11

The portal server sends a user IP address change acknowledgment message to the access device.

With extended portal functions, the process includes two additional steps:

Step12

The security policy server exchanges security check information with the client to check whether the

authentication client meets the security requirements.

Step13

Based on the security check result, the security policy server authorizes the user to access certain
resources, and sends the authorization information to the access device. The access device then controls

accesses of the user based on the authorization information.

Portal Configuration Task List

Complete these tasks to configure Layer 3 portal authentication:

Task Remarks

Specifying a Portal Server for Layer 3 Portal Authentication

Required

Enabling Layer 3 Portal Authentication

Required

Configuring a Portal-Free Rule

Configuring an Authentication Subnet

Setting the Maximum Number of Online Portal
Users

Controlling Access of Portal
Users

Specifying the Authentication Domain for Portal
Users

Optional

Specifying a NAS ID for an Interface

Specifying NAS-Port-Type for an Interface

Configuring RADIUS Related
Attributes

Specifying a NAS ID Profile for an Interface

Optional

Specifying the Source IP Address for Outgoing Portal Packets

Optional

Configuring Detection of Online Portal Users

Configuring the Portal Server Detection Function

Configuring Portal Detection

Functions

Configuring Portal User Information
Synchronization

Optional

Logging Off Portal Users

Optional