3com S7906E Instruccion De Instalación

 

1-4 

authentication. This solves the problem about IP address planning and allocation and proves to be 

useful. For example, a service provider can allocate public IP addresses to broadband users only when 

they access networks beyond the residential community network. 

Layer 3 portal authentication is similar to direct authentication. However, in Layer-3 portal 

authentication mode, Layer 3 forwarding devices can be present between the authentication client and 

the access device. 

z 

Networking mode 

From this point of view, the difference between these two authentication modes lies in whether or not a 

Layer 3 forwarding device can be present between the authentication client and the access device. The 

former supports Layer 3 forwarding devices, while the latter does not.  

z 

User identifier 

In Layer 3 authentication mode, a client is uniquely identified by an IP address. This is because the 

mode supports Layer 3 forwarding devices between the authentication client and the access device but 

the access device does not learn the MAC address of the authentication client. In non-Layer 3 

authentication mode, a client is uniquely identified by the combination of its IP address and MAC 

address because the access device can learn the MAC address of the authentication client. 

Due to the above differences, when the MAC address of an authentication client remains the same but 

the IP address changes, a new portal authentication will be triggered in Layer-3 authentication mode 

but will not be triggered in non-Layer 3 authentication mode. In non-Layer 3 authentication mode, a new 

portal authentication will be triggered only when both the MAC and IP address of the authentication 

client are changed. 

Direct authentication and Layer 3 authentication share the same authentication process, while 

re-DHCP authentication has a different process because of the presence of two address allocation 

procedures.