F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

161

162

163

164

165

166

167

168

169

170

155

2. The portal server sends a portal authentication request to the access device, and starts a timer to

wait for the portal authentication reply. The portal authentication request contains several

EAP-Message attributes, which are used to encapsulate the EAP packet sent from the

authentication client and carry the certificate information of the client.

3. After the access device receives the portal authentication request, it constructs a RADIUS

authentication request and sends it to the RADIUS server. The EAP-Message attributes in the

RADIUS authentication request are those carried in the received portal authentication request.

4. The access device sends a certificate request to the portal server according to the reply received

from the RADIUS server. The certificate request also contains several EAP-Message attributes,

which are used to transfer the certificate information of the RADIUS server. The EAP-Message

attributes in the certificate request are those carried in the RADIUS authentication reply.

5. After receiving the certificate request, the portal server sends an EAP authentication reply to the

authentication client, carrying the EAP-Message attribute values.

6. The authentication client sends another EAP request to continue the EAP authentication with the

RADIUS server, during which there may be several portal authentication requests. The subsequent

authentication processes are the same as that initiated by the first EAP request, except that the EAP

request types vary with the EAP authentication phases.

7. After the authentication client passes the EAP authentication, the RADIUS server sends an

authentication reply to the access device. This reply carries the EAP-Success message in the

EAP-Message attribute.

8. The access device sends an authentication reply to the portal server. This reply carries the

EAP-Success message in the EAP-Message attribute.

9. The portal server notifies the authentication client of the authentication success.

10. The portal server sends an authentication reply acknowledgment to the access device.

The remaining steps are for extended portal authentication. For more information about the steps, see the

portal authentication process with CHAP/PAP authentication.

63B

Portal configuration task list

Task Remarks

660H

Specifying the portal server for Layer 3 portal authentication Required.

661H

Configuring the protocol type and welcome banner for the local portal server Optional.

662H

Enabling Layer 3 portal authentication Required.

663H

Controlling access of portal

users

664H

Configuring a portal-free rule

Optional.

665H

Configuring an authentication source subnet

666H

Setting the maximum number of online portal users

667H

Specifying a portal authentication domain

668H

Configuring RADIUS related

attributes

669H

Specifying NAS-Port-Type for an interface

Optional.

670H

Specifying the NAS-Port-ID for an interface

671H

Specifying a NAS ID profile for an interface

672H

Specifying a source IP address for outgoing portal packets Optional.

673H

Specifying an autoredirection URL for authenticated portal users Optional.