Layer 2 Portal Authentication Process - HP A6600 Configuration Manual
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
Layer 2 portal authentication process
The router does not support Layer 2 portal authentication and local portal server.
Figure 45
illustrates the process of local Layer 2 portal authentication.
Figure 45 Local Layer 2 portal authentication process
Local Layer 2 portal authentication works as follows:
The portal authentication client sends an HTTP or HTTPS request. Upon receiving the HTTP request,
1.
the access device redirects it to the listening IP address of the local portal server, which then pushes
a web authentication page to the authentication client. The user types the username and password
on the web authentication page. The listening IP address of the local portal server is the IP address
of a Layer 3 interface on the access device that can communicate with the portal client. Usually, it
is a loopback interface's IP address.
The access device and the RADIUS server exchange RADIUS packets to authenticate the user.
2.
If the user passes RADIUS authentication, the local portal server pushes a logon success page to the
3.
authentication client.
Authorized VLAN
Layer 2 portal authentication supports VLAN assignment by the authentication server. After a user passes
portal authentication, if the authentication server is configured with an authorized VLAN for the user, the
authentication server assigns the authorized VLAN to the access device. Then, the access device adds
the user to the authorized VLAN and generates a MAC VLAN entry. If the authorized VLAN does not
exist, the access device first creates the VLAN.
By deploying the authorized VLAN assignment function, control which authenticated users can access
which network resources.
Auth-Fail VLAN
The Auth-Fail VLAN feature allows users who fail authentication to access a VLAN that accommodates
network resources such as the patches server, virus definitions server, client software server, and anti-
virus software server, so that the users can upgrade their client software or other programs. Such a
VLAN is called an "Auth-Fail VLAN."
Layer 2 portal authentication supports MAFV. With an Auth-Fail VLAN configured on a port, if a user on
the port fails authentication, the access device creates a MAC VLAN entry based on the MAC address
of the user and adds the user to the Auth-Fail VLAN. Then, the user can access the non-HTTP resources in
the Auth-Fail VLAN, and all HTTP requests of the user are redirected to the authentication page. If the
user passes authentication, the access device adds the user to the assigned VLAN or returns the user to
the initial VLAN of the port, depending on whether the authentication server assigns a VLAN. If the user
fails authentication, the access device keeps the user in the Auth-Fail VLAN. If an access port receives no
119
Advertisement
Table of Contents
Troubleshooting
