Configuring Portal Authentication; Overview; Extended Portal Functions - HP 5920 Series Configuration Manual

Configuring portal authentication

The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces
and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port
link-mode route command (see Layer 2—LAN Switching Configuration Guide).

Overview

Portal authentication controls user access to the Internet. Portal authenticates a user by the username and
password the user enters on a portal authentication page. Therefore, portal authentication is also known
as Web authentication. When portal authentication is deployed on a network, an access device
redirects unauthenticated users to the website provided by a portal Web server. The users can access the
resources on the website without authentication. If the users want to access the Internet, they must pass
authentication on the website.
Portal authentication is classified into the following types:
Active authentication—Users visit the authentication website provided by the portal Web server
•
and enter their username and password for authentication.
Forced authentication—Users are redirected to the portal authentication website for authentication
•
when they visit other websites.
Portal authentication flexibly imposes access control on the access layer and vital data entries. It has the
following advantages:
Allows users to perform authentication through Web pages without installing client software.
•
Provides ISPs with diversified management choices and extended functions. For example, the ISPs
•
can place advertisements, provide community services, and publish information on the
authentication page.
• Supports multiple authentication modes. For example, re-DHCP authentication implements a
flexible address assignment scheme and saves public IP addresses. Cross-subnet authentication can
authenticate users who reside in a different subnet than the access device.
The device supports Portal 1.0, Portal 2.0, and Portal 3.0.

Extended portal functions

By forcing patching and anti-virus policies, extended portal functions help hosts to defend against viruses.
Portal supports the following extended functions:
Security check—Detects after authentication whether or not a user host installs anti-virus software,
•
virus definition file, unauthorized software, and operating system patches.
Resource access restriction—Allows an authenticated user to access certain network resources such
•
as the virus server and the patch server. Users can access more Internet resources after passing
security check.
Security check must cooperate with the HP IMC security policy server and the iNode client.
88