HP VPN Firewall Appliances Access Control Configuration Guide

150

Authentication process with the local portal server

Figure 119 Authentication process with the local portal server

With the local portal server, the direct/cross-subnet authentication process is as follows:

1. A portal client initiates authentication by sending an HTTP request. When the HTTP packet arrives

at an access device using the local portal server, it is redirected to the local portal server, which

then pushes a Web authentication page for the user to enter the username and password. The

listening IP address of the local portal server is the IP address of a Layer 3 interface on the access

device that can communicate with the portal authentication client.

2. The access device and the RADIUS server exchange RADIUS packets to authenticate the user.

3. If the user passes authentication, the local portal server pushes a logon success page to the

authentication client, informing the user of the authentication (logon) success.

Portal support for EAP authentication process

Figure 120 Portal support for EAP authentication process

All portal authentication modes share the same EAP authentication steps. The following example uses

direct portal authentication to show the EAP authentication process:

1. The authentication client sends an EAP Request/Identity message to the portal server to initiate an

EAP authentication process.