3com 8807 User Guide
268
C
HAPTER
27: P
ORTAL
C
ONFIGURATION
■
Portal server is a Web server. Users can access it by using standard WWW
browsers. The portal server provides free portal service and
Web-authentication-based interface. The access device exchanges the
authentication information of the authentication client with the Portal server.
Internet content provider (ICP) can provide related information about its own
website to users through this website.
browsers. The portal server provides free portal service and
Web-authentication-based interface. The access device exchanges the
authentication information of the authentication client with the Portal server.
Internet content provider (ICP) can provide related information about its own
website to users through this website.
■
Authentication/accounting server implements the authentication and
accounting function for the users. The access device interacts with the
authentication/accounting server through the RADIUS protocol.
accounting function for the users. The access device interacts with the
authentication/accounting server through the RADIUS protocol.
Portal Authentication
Procedure
Portal authentication procedure on 3Com series switches is:
■
When the switch receives the login user’s HTTP packets for the first time, it will
judge whether this user is Portal user at first. For Portal users, the switch allows
the user to access only the contents of the specified website servers (the Portal
server and the authentication-free addresses).
judge whether this user is Portal user at first. For Portal users, the switch allows
the user to access only the contents of the specified website servers (the Portal
server and the authentication-free addresses).
■
For the HTTP packets of the Portal user to access other websites, the switch will
redirect them to the Portal server in the way of TCP cheat.
redirect them to the Portal server in the way of TCP cheat.
■
The Portal server provides a Web interface for users to input usernames and
passwords. The input usernames and passwords are forwarded to the switch
through the Portal server.
passwords. The input usernames and passwords are forwarded to the switch
through the Portal server.
■
The switch sends the usernames and passwords to the authentication server
for authentication. The switch allows a user to access Internet only after he
passes the authentication, and then the switch will not redirect HTTP packets of
this user.
for authentication. The switch allows a user to access Internet only after he
passes the authentication, and then the switch will not redirect HTTP packets of
this user.
c
CAUTION: Portal and 802.1x cannot be enabled on the same switch at the same
time.
time.
Running Methods of
Portal
In 3Com series switches, Portal runs in one of the following three methods: Direct
authentication method, ReDHCP authentication method and Layer 3
authentication method.
authentication method, ReDHCP authentication method and Layer 3
authentication method.
■
Direct authentication method: In this method, the user gets a public address
directly. Before passing authentication, the user can access only the Portal
server and the set authentication-free addresses. The user can access Internet
after passing authentication.
directly. Before passing authentication, the user can access only the Portal
server and the set authentication-free addresses. The user can access Internet
after passing authentication.
■
ReDHCP authentication method: In this method, the user gets a private address
through DHCP before passing authentication. Before passing authentication,
the user can access only the Portal server and the set authentication-free
addresses. The user can apply for a public address and access Internet after
passing authentication.
through DHCP before passing authentication. Before passing authentication,
the user can access only the Portal server and the set authentication-free
addresses. The user can apply for a public address and access Internet after
passing authentication.
■
Layer 3 Portal authentication method: This method expands the Direct
authentication method. In this method, the user can access the Portal-enabled
switch across network segments.
authentication method. In this method, the user can access the Portal-enabled
switch across network segments.
n
■
Considering security problems, both the Direct authentication method and the
ReDHCP authentication method require checking MAC addresses of the user.
So Portal can be enabled only on the first Layer 3 interface that the user
ReDHCP authentication method require checking MAC addresses of the user.
So Portal can be enabled only on the first Layer 3 interface that the user