122
5.
The access device and the RADIUS server exchange RADIUS packets.
6.
The access device sends an authentication reply packet to the portal authentication server to notify
authentication success or failure.
7.
The portal authentication server sends an authentication success or failure packet to the client.
8.
If the authentication is successful, the portal authentication server sends an authentication reply
acknowledgment packet to the access device.
If the client is an iNode client, the authentication process includes step 9 and step 10 for extended portal
functions. Otherwise the authentication process is complete.
9.
The client and the security policy server exchange security check information. The security policy
server detects whether or not the user host installs anti-virus software, virus definition files,
unauthorized software, and operating system patches.
10.
The security policy server authorizes the user to access certain network resources based on the
check result. The access device saves the authorization information and uses it to control access of
the user.
Re-DHCP authentication process (with CHAP/PAP authentication)
Figure 39
Re-DHCP authentication process
The re-DHCP authentication process is as follows:
Step 1 through step 7 are the same as those in the direct authentication/cross-subnet authentication
process.
8.
After receiving the authentication success packet, the client obtains a public IP address through
DHCP. The client then notifies the portal authentication server that it has a public IP address.
9.
The portal authentication server notifies the access device that the client has obtained a public IP
address.
10.
The access device detects the IP change of the client through DHCP and then notifies the portal
authentication server that it has detected an IP change of the client IP.