Portal Authentication Modes - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
Authentication page customization support
The local portal server function allows you to customize authentication pages. You can customize
authentication pages by editing the corresponding HTML files and then compress and save the files to the
storage medium of the device. A set of customized authentication pages consists of six authentication
pages—the logon page, the logon success page, the online page, the logoff success page, the logon
failure page, and the system busy page. A local portal server will push a corresponding authentication
page at each authentication phase. If you do not customize the authentication pages, the local portal
server will push the default authentication pages.
NOTE:
For the rules of customizing authentication pages, see
Portal authentication modes
Portal authentication may work at Layer 2 or Layer 3 of the OSI model.
Layer 2 portal authentication
You can enable Layer 2 portal authentication on an access device's Layer 2 ports that connect
authentication clients, so that only clients whose MAC addresses pass authentication can access the
external network. Only the local portal server provided by the access device supports Layer 2 portal
authentication.
Layer 2 portal authentication allows the authentication server to assign different VLANs according to user
authentication results so that access devices can thereby control user access to resources. After a client
passes authentication, the authentication server can assign an authorized VLAN to allow the user to
access the resources in the VLAN. If a client fails authentication, the authentication server can assign an
Auth-Fail VLAN. Layer 3 portal authentication does not support VLAN assignment.
Layer 3 portal authentication
You can enable Layer 3 authentication on an access device's Layer 3 interfaces that connect
authentication clients. Portal authentication performed on a Layer 3 interface can be direct authentication,
re-DHCP authentication, or cross-subnet authentication. In direct authentication and re-DHCP
authentication, no Layer-3 forwarding devices exist between the authentication client and the access
device. In cross-subnet authentication, Layer-3 forwarding devices may exist between the authentication
client and the access device.
•
Direct authentication
Before authentication, a user manually configures a public IP address or directly obtains a public IP
address through DHCP, and can access only the portal server and predefined free websites. After
passing authentication, the user can access the network resources. The process of direct authentication
is simpler than that of re-DHCP authentication.
•
Re-DHCP authentication
Before authentication, a user gets a private IP address through DHCP and can access only the portal
server and predefined free websites. After passing authentication, the user is allocated a public IP
address and can access the network resources. No public IP address is allocated to those who fail
authentication. This solves the IP address planning and allocation problem and can be useful. For
example, a service provider can allocate public IP addresses to broadband users only when they access
networks beyond the residential community network.
"Customizing authentication
126
pages."
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
