Table of Contents
Advertisement
Web authentication page provided by the portal Web server. The user can also visit the
authentication website to log in. The user must log in through the H3C iNode client for extended
portal functions.
2.
The user enters the authentication information on the authentication page/dialog box and
submits the information. The portal Web server forwards the information to the portal
authentication server. The portal authentication server processes the information and forwards
it to the access device.
3.
The access device interacts with the AAA server to implement authentication, authorization,
accounting for the user.
4.
If security policies are not imposed on the user, the access device allows the authenticated user
to access networks.
If security policies are imposed on the user, the portal client, the access device, and the security
policy server interact to check the user host. If the user passes the security check, the security
policy server authorizes the user to access resources based on the check result.
Local portal service
System components
As shown in
AAA server. The access device acts as both the portal Web server and the portal authentication
server to provide the local portal Web service for the authentication client. The authentication client
can only be a Web browser, and it cannot be a user host that runs a portal client. Therefore,
extended portal functions are not supported and no security policy server is required.
Figure 96 System components
Portal page customization
To provide the local portal web service, you must customize a set of authentication pages that the
device will push to users. You can customize multiple sets of authentication pages, compress each
set of the pages to a .zip file, and upload the compressed files to the storage medium of the device.
On the device, you must specify one of the files as the default authentication page file by using the
default-logon-page command.
For more information about authentication page customization, see
pages."
Portal authentication modes
Portal authentication has three modes: direct authentication, re-DHCP authentication, and
cross-subnet authentication. In direct authentication and re-DHCP authentication, no Layer 3
forwarding devices exist between the authentication client and the access device. In cross-subnet
authentication, Layer 3 forwarding devices can exist between the authentication client and the
access device.
Direct authentication
A user manually configures a public IP address or obtains a public IP address through DHCP. Before
authentication, the user can access only the portal Web server and predefined authentication-free
Figure
96, a local portal system consists of an authentication client, access device, and
296
"Customizing authentication
Advertisement
Table of Contents
Troubleshooting
