3com S7906E Installationsanweisungen

 

1-5 

Figure 1-2 Direct authentication/Layer 3 authentication process 

 

 

The direct authentication/Layer 3 authentication process is as follows: 

1)  A portal user initiates an authentication request through HTTP. When the HTTP packet arrives at 

the access device, the access device allows it to pass if it is destined for the portal server or a 

predefined free website, or redirects it to the portal server if it is destined for other websites. The 

portal server provides a web page for the user to enter the username and password. 

2)  The portal server and the access device exchange Challenge Handshake Authentication Protocol 

(CHAP) messages. For Password Authentication Protocol (PAP) authentication, this step is 

skipped. 

3)  The portal server assembles the username and password into an authentication request message 

and sends it to the access device. Meanwhile, the portal server starts a timer to wait for an 

authentication acknowledgment message. 

4)  The access device and the RADIUS server exchange RADIUS packets to authenticate the user. 

5)  If the user passes authentication, the access device sends an authentication acknowledgment 

message to the portal server. 

6)  The portal server sends an authentication acknowledgment message to the authentication client to 

notify it of logon success. 

7)  The portal server sends an affirmation message to the access device. 

With extended portal functions, the process includes two additional steps:  

8)  The security policy server exchanges security authentication information with the client to check 

whether the authentication client meets the security requirements. 

9)  The security policy server authorizes the user to access unrestricted resources based on the 

security configuration for the user. The authorization information is stored on the access device 

and used by the access device to control user access.