HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

151

152

153

154

155

156

157

158

159

160

151

2. The portal server sends a portal authentication request to the access device, and starts a timer to

wait for the portal authentication reply. The portal authentication request contains several

EAP-Message attributes, which are used to encapsulate the EAP packet sent from the

authentication client and carry the certificate information of the client.

3. After the access device receives the portal authentication request, it constructs a RADIUS

authentication request and sends it to the RADIUS server. The EAP-Message attributes in the

RADIUS authentication request are those carried in the received portal authentication request.

4. The access device sends a certificate request to the portal server according to the reply received

from the RADIUS server. The certificate request also contains several EAP-Message attributes,

which are used to transfer the certificate information of the RADIUS server. The EAP-Message

attributes in the certificate request are those carried in the RADIUS authentication reply.

5. After receiving the certificate request, the portal server sends an EAP authentication reply to the

authentication client, carrying the EAP-Message attribute values.

6. The authentication client sends another EAP request to continue the EAP authentication with the

RADIUS server, during which there might be several portal authentication requests. The

subsequent authentication processes are the same as that initiated by the first EAP request, except

that the EAP request types vary with the EAP authentication phases.

7. After the authentication client passes the EAP authentication, the RADIUS server sends an

authentication reply to the access device. This reply carries the EAP-Success message in the

EAP-Message attribute.

8. The access device sends an authentication reply to the portal server. This reply carries the

EAP-Success message in the EAP-Message attribute.

9. The portal server notifies the authentication client of the authentication success.

10. The portal server sends an authentication reply acknowledgment to the access device.

The remaining steps are for extended portal authentication. For more information about the steps, see the

portal authentication process with CHAP/PAP authentication.

Portal configuration task list

Task Remarks

Specifying the portal server for Layer 3 portal authentication Required.

Configuring the protocol type and welcome banner for the local portal server Optional.

Enabling Layer 3 portal authentication Required.

Controlling access of portal

users

Configuring an IPv4 portal-free rule

Optional.

Configuring an IPv4 authentication source subnet

Setting the maximum number of online portal users

Specifying a portal authentication domain

Configuring RADIUS related

attributes

Specifying NAS-Port-Type for an interface

Optional. Specifying the NAS-Port-ID for an interface

Specifying a NAS ID profile for an interface

Specifying a source IPv4 address for outgoing portal packets Optional.