Manualsbrain.com
  1. 매뉴얼
  2. 브랜드
  3. 3com
  4. S7906E
  5. 설치 설명서

3com S7906E 설치 설명서

다운로드
페이지 2621
 
1-3 
Security policy server 
Server that interacts with portal clients and access devices for security authentication and resource 
authorization. 
The above five components interact in the following procedure: 
1)  When an unauthenticated user enters a website address in the address bar of the IE to access the 
Internet, an HTTP request is created and sent to the access device, which redirects the HTTP 
request to the web authentication homepage of the portal server. For extended portal functions, 
authentication clients must run the portal client. 
2)  On the authentication homepage/authentication dialog box, the user enters and submits the 
authentication information, which the portal server then transfers to the access device.  
3)  Upon receipt of the authentication information, the access device communicates with the 
authentication/accounting server for authentication and accounting.  
4)  After successful authentication, the access device checks whether there is corresponding security 
policy for the user. If not, it allows the user to access the Internet. Otherwise, the client, the access 
device and the security policy server communicates to perform security authentication of the user, 
and the security policy server authorizes the user to access resources depending on the security 
authentication result. 
 
 
Since a portal client uses an IP address as its ID, ensure that there is no Network Address 
Translation (NAT) device between the authentication client, access device, portal server, and 
authentication/accounting server when deploying portal authentication. This is to avoid 
authentication failure due to NAT operations. 
Currently, only a RADIUS server can serve as the remote authentication/accounting server in a 
portal system. 
Currently, security authentication requires the cooperation of the iNode client. 
 
Portal Authentication Modes 
Portal authentication supports two modes: non-Layer 3 authentication and Layer 3 authentication. 
Non-Layer 3 authentication 
Non-Layer 3 authentication falls into two categories: direct authentication and Re-DHCP authentication. 
Direct authentication 
Before authentication, a user manually configures an IP address or directly obtains a public IP address 
through DHCP, and can access only the portal server and predefined free websites. After passing 
authentication, the user can access the network resources. The process of direct authentication is 
simpler than that of re-DHCP authentication. 
Re-DHCP authentication 
Before authentication, a user gets a private IP address through DHCP and can access only the portal 
server and predefined free websites. After passing authentication, the user is allocated a public IP 
address and can access the network resources. No public IP address is allocated to those who fails