Manualshelf

H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
881882883884885886887888889890
Operation Manual – Portal
H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration
1-4
Caution:
z Because a portal client uses an IP address as its ID, ensure that there is no Network
Address Translation (NAT) device between the authentication client, access device,
portal server, and authentication/accounting server when deploying portal
authentication. This is to avoid authentication failure due to NAT operations.
z Currently, only a RADIUS server can serve as the authentication/accounting server
in a portal system.
1.1.4 Portal Authentication Modes
Portal authentication supports two modes: non-Layer 3 authentication and Layer 3
authentication.
I. Non-Layer 3 authentication
Non-Layer 3 authentication falls into two categories: direct authentication and
Re-DHCP authentication.
z Direct authentication
Before authentication, a user manually configures a public IP address or directly
obtains a public IP address through DHCP, and can access only the portal server and
predefined free websites. After passing authentication, the user can access the Internet.
The process of direct authentication is simpler than that of re-DHCP authentication.
z Re-DHCP authentication
Before authentication, a user gets a private IP address through DHCP and can access
only the portal server and predefined free websites. After passing authentication, the
user is allocated a public IP address and can access the Internet. No public IP address
is allocated to those who fails authentication. This solves the problem about IP address
planning and allocation and proves to be useful. For example, a service provider can
allocate public IP addresses to broadband users only when they access networks
beyond the residential community network.
II. Layer 3 authentication
Layer 3 portal authentication is similar to direct authentication. However, in Layer-3
portal authentication mode, a Layer 3 forwarding device can be present between the
authentication client and the access device.
III. Differences between Layer 3 and non-Layer 3 authentication modes
z Networking mode