Portal Support For Eap; Layer 3 Portal Authentication Process - HP 10500 Series Configuration Manual

clients and the access device in direct authentication and re-DHCP authentication, the access
device can directly learn the clients' MAC addresses and can enhance the capability of controlling
packet forwarding by also using the learned MAC addresses.

Portal support for EAP

Only Layer 3 portal authentication that uses a remote portal server supports EAP authentication.
Username and password authentication is less secure than digital certificate authentication. EAP
supports several digital certificate-based authentication methods, for example, EAP-TLS. Digital
certificate-based user authentication can be implemented using EAP and portal authentication together.
As shown in
packets. The portal server and the access device exchange portal authentication packets that carry the
EAP-Message attributes. The access device and the RADIUS server exchange RADIUS packets that carry
the EAP-Message attributes. The RADIUS server that supports the EAP server function processes the EAP
packets encapsulated in the EAP-Message attributes and provides the EAP authentication result.
Figure 50 Portal support for EAP process
During the EAP authentication process, the access device does not process the packets that carry the
EAP-Message attributes but only transports them between the portal server and the RADIUS server.
Therefore, no additional configuration is needed on the access device.
NOTE:
To use portal authentication that supports EAP, the portal server and client must be the HP IMC portal
server and the HP iNode portal client.

Layer 3 portal authentication process

Direct authentication and cross-subnet authentication share the same authentication process. Re-DHCP
authentication has a different process because of the presence of two address allocation procedures.
Figure 50, the authentication client and the portal server exchange EAP authentication
127