HP MSR2000 Configuration Manual page 308

4. The portal authentication server adds the username and password into an authentication request
packet and sends it to the access device. Meanwhile, the portal authentication server starts a timer
to wait for an authentication reply packet.
5. The access device and the RADIUS server exchange RADIUS packets.
6. The access device sends an authentication reply packet to the portal authentication server to notify
authentication success or failure.
7. The portal authentication server sends an authentication success or failure packet to the client.
8. If the authentication is successful, the portal authentication server sends an authentication reply
acknowledgement packet to the access device.
If the client is an iNode client, the authentication process includes step 9 and step 10 for extended portal
functions. Otherwise the authentication process is complete.
9. The client and the security policy server exchange security check information. The security policy
server detects whether or not the user host installs anti-virus software, virus definition file,
unauthorized software, and operating system patches.
10. The security policy server authorizes the user to access certain network resources based on the
check result. The access device saves the authorization information and uses it to control access of
the user.
Re-DHCP authentication process (with CHAP/PAP authentication)
Figure 87 Re-DHCP authentication process
Authentication
client
1) Initiate a connection
8) The user obtains a new IP address
The re-DHCP authentication process is as follows:
Step 1 through step 7 are the same as those in the direct authentication/cross-subnet authentication
process.
8. After receiving the authentication success packet, the client obtains a public IP address through
DHCP. The client then notifies the portal authentication server that it has a public IP address.
9. The portal authentication server notifies the access device that the client has obtained a public IP
address.
Portal Web Portal authentication
server
2) Use information
7) Authentication success
11) Notify login success
Access
server device
3) CHAP authentication
4) Authentication request
Timer
6) Authentication reply
9) Discover user IP change
10) Detect user IP change
12) IP change
acknowledgement
13) Security check
14) Authorization
297
AAA
server policy server
5) RADIUS
authentication
Security