HPE FlexNetwork 10500 Series Security Configuration Manual page 189
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
2.
The portal Web server submits the user authentication information to the portal authentication
server.
3.
The portal authentication server and the access device exchange CHAP messages. This step
is skipped for PAP authentication. The portal authentication server decides the method (CHAP
or PAP) to use.
4.
The portal authentication server adds the username and password into an authentication
request packet and sends it to the access device. Meanwhile, the portal authentication server
starts a timer to wait for an authentication reply packet.
5.
The access device and the RADIUS server exchange RADIUS packets.
6.
The access device sends an authentication reply packet to the portal authentication server to
notify authentication success or failure.
7.
The portal authentication server sends an authentication success or failure packet to the client.
8.
If the authentication is successful, the portal authentication server sends an authentication
reply acknowledgment packet to the access device.
If the client is an iNode client, the authentication process includes step 9 and step 10 for extended
portal functions. Otherwise the authentication process is complete.
9.
The client and the security policy server exchange security check information. The security
policy server detects whether or not the user host installs anti-virus software, virus definition
files, unauthorized software, and operating system patches.
10. The security policy server authorizes the user to access certain network resources based on
the check result. The access device saves the authorization information and uses it to control
access of the user.
Re-DHCP authentication process (with CHAP/PAP authentication)
Figure 55 Re-DHCP authentication process
Authentication
client
1) Initiate a connection
8) The user obtains a new IP address
The re-DHCP authentication process is as follows:
Step 1 through step 7 are the same as those in the direct authentication/cross-subnet authentication
process.
Portal Web
authentication
server
2) User information
7) Authentication success
11) Notify login success
Portal
Access
device
server
3) CHAP authentication
4) Authentication request
Timer
6) Authentication reply
9) Discover user IP change
10) Detect user IP change
12) IP change
acknowledgment
13) Security check
14) Authorization
172
AAA server
5) RADIUS
authentication
Security
policy server
Advertisement
Table of Contents
Troubleshooting
