109
Figure 40
Portal system components
Authentication client
Authentication/accounting
server
Security policy server
Access device
Portal server
Authentication client
Authentication client
Authentication client
An authentication client is an entity seeking access to network resources. It is typically an end-user
terminal, such as a PC. The client can use a browser or a portal client software for portal authentication.
Client security check is implemented through communications between the client and the security policy
server.
Access device
An access device controls user access. It can be a switch or router that provides the following three
functions:
Redirecting all HTTP requests from unauthenticated users in authentication subnets to the portal
server.
Interacting with the portal server, security policy server and authentication/accounting server for
identity authentication, security check, and accounting.
Allowing users who have passed identity authentication and security check to access granted
Internet resources.
Portal server
A portal server listens to authentication requests from authentication clients and exchanges client
authentication information with the access device. It provides free portal services and pushes web
authentication pages to users.
Authentication/accounting server
An authentication/accounting server implements user authentication and accounting through interaction
with the access device.
Security policy server
A security policy server interacts with authentication clients and access devices for security check and
resource authorization.
The five components interact in the following procedure:
1.
When an unauthenticated user enters a website address in the browser’s address bar to access the
Internet, an HTTP request is created and sent to the access device, which redirects the HTTP request