3Com Router 3000 Ethernet FamilyConfiguration Guide Chapter 3 Portal Configuration3Com Corporation3-2The access device communicates with the authentication/accounting server toperform authentication and accounting. The access device in this manual refers toa 3Com router.z Portal server: A web server, which can be accessed using a standard web browser.The portal server provides free portal services and the web-based authenticationinterface. The access device and the portal server interact to authenticate theclients. Internet content providers (ICPs) can use portal servers to provide userswith services such as information inquiry and online shopping.z Authentication/Accounting server: Performs user authentication and accounting.The access device and the authentication/accounting server communicate witheach other through the remote authentication dial-in user service (RADIUS)protocol.Caution:z With portal services, no network address translation (NAT) devices can exist amongauthentication clients, access device, portal server, and authentication/accountingserver.z Currently, only RADIUS servers can be configured as authentication/accountingservers. TACACS authentication/accounting servers and local authentication do notsupport portal services.3.1.3 Portal Authentication ProceduresOn a 3Com router, the procedures for normal portal authentication are as follows:z When receiving the first HTTP packet from a user logging in, the router determineswhether this user is a portal user. If yes, the router only allows the user to accessthe contents of the specified websites (portal servers and the predefined freeaccess addresses).z When receiving HTTP packets for access to other sites from a portal user, therouter redirects the packets to the portal server by TCP spoofing.z The portal server provides web pages for the user to enter the user name andpassword, which are then forwarded to the router.z The router sends the user name and password to the RADIUS server forauthentication. Upon successful RADIUS authentication, the user is allowed toaccess the Internet. From then on, the router no longer redirects HTTP packetsfrom the user.With fast portal authentication, a user is also redirected to the portal server whenopening a web page. However, the user only needs to click the connection button,