Portal Configuration Task List 185712 The access device checks ARP packets to see whether the user IP address ischanged. If so, the access device notifies the portal server of the change.13 The portal server notifies the authentication client of login success.14 The portal server sends a user IP address change acknowledgment message to theaccess device.For portal+ authentication, in addition to above mentioned steps, the processincludes:15 The client and the security policy server exchange security information. Thesecurity policy server verifies the security of the access device, for example,whether anti-virus software is installed, whether virus bases are updated, whetherunauthorized software is installed, or whether OS patches are updated.16 The security policy server authorizes the user to access unrestricted resources bysecurity level. The authorization information is stored on the access device andused by the access device to take control of user access.Portal ConfigurationTask ListBasic PortalConfigurationConfigurationprerequisitesThe portal feature provides a solution for user authentication and securityauthentication. However, the portal feature cannot implement this solution byitself. Currently, RADIUS authentication is required to cooperate with the portalfeature to complete user authentication.The prerequisites for portal authentication are as follows:■ The portal-enabled interface is configured with a valid IP address or it hasobtained a valid IP address through DHCP.■ The portal server and the RADIUS server have been installed and configuredproperly.■ If the re-DHCP authentication mode is adopted, the invalid address checkfunction is enabled on the access device as a DHCP relay, and DHCP server isinstalled and configured properly.■ If RADIUS authentication is adopted, username and password are configuredon the RADIUS server, and the RADIUS client configurations are performed onthe access device. For information about RADIUS client configuration, refer to“Configuring RADIUS” on page 1769.Task Remarks“Basic Portal Configuration” on page 1857 Required“Configuring an Authentication-Free Rule” on page 1858 Optional“Configuring an Authentication Subnet” on page 1859 Optional“Forcing a User to Log Out” on page 1859 Optional“Configuring the Name of the Resource to be Protected” on page1860Optional
