R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

301

302

303

304

305

306

307

308

309

310

293

2. The portal server and the access device exchange CHAP messages. This step is skipped for PAP

authentication.

3. The portal server assembles the username and password into an authentication request message

and sends it to the access device. Meanwhile, the portal server starts a timer to wait for an

authentication reply message.

4. The access device and the RADIUS server exchange RADIUS packets to authenticate the user.

5. The access device sends an authentication reply to the portal server.

6. The portal server sends an authentication success message to the authentication client to notify it of

logon success.

7. The portal server sends an authentication reply acknowledgment message to the access device.

With extended portal functions, the process includes additional steps:

8. The security policy server exchanges security check information with the authentication client to

check whether the authentication client meets the security requirements.

9. Based on the security check result, the security policy server authorizes the user to access certain

resources, and sends the authorization information to the access device. The access device then

controls access of the user based on the authorization information.

Re-DHCP authentication process (with CHAP/PAP authentication)

Figure 88 Re-DHCP authentication process

The re-DHCP authentication process is as follows:

Step 1 through step 6 are the same as those in the direct authentication/cross-subnet authentication

process.

7. After receiving the authentication success message, the authentication client obtains a new public

IP address through DHCP and notifies the portal server that it has obtained a public IP address.

Authentication/

accounting server

Authentication

client

Portal server

Access device

6) Authentication

succeeds

Security

policy server

12) Security check

13) Authorization

7) The user obtains

a new IP address

8) Discover user IP change

10) Notify login

success

9) Detect user IP change

11) IP change

acknowledgment

Timer

1) Initiate a connection

2) CHAP authentication

3) Authentication request

5) Authentication reply

4) RADIUS

authentication