R2511-HP MSR Router Series Security Configuration Guide(V5)
294
8. The portal server notifies the access device that the authentication client has obtained a new public
IP address.
9. Detecting the change of the IP address by examining ARP packets received, the access device
notifies the portal server of the change.
10. The portal server notifies the authentication client of logon success.
11. The portal server sends a user IP address change acknowledgment message to the access device.
With extended portal functions, the process includes additional steps:
12. The security policy server exchanges security check information with the authentication client to
check whether the authentication client meets the security requirements.
13. Based on the security check result, the security policy server authorizes the user to access certain
resources, and sends the authorization information to the access device. The access device then
controls access of the user based on the authorization information.
Authentication process with the local portal server
Figure 89 Authentication process with the local portal server
With the local portal server, the direct/cross-subnet authentication process is as follows:
1. A portal client initiates authentication by sending an HTTP request. When the HTTP packet arrives
at an access device using the local portal server, it is redirected to the local portal server, which
then pushes a Web authentication page for the user to enter the username and password. The
listening IP address of the local portal server is the IP address of a Layer 3 interface on the access
device that can communicate with the portal authentication client.
2. The access device and the RADIUS server exchange RADIUS packets to authenticate the user.
3. If the user passes authentication, the local portal server pushes a logon success page to the
authentication client, informing the user of the authentication (logon) success.