1-5Direct authentication/Layer 3 authentication processFigure 1-2 Direct authentication/Layer 3 authentication processThe direct authentication/Layer 3 authentication process is as follows:1) A portal user initiates an authentication request through HTTP. When the HTTP packet arrives atthe access device, the access device allows it to pass if it is destined for the portal server or apredefined free website, or redirects it to the portal server if it is destined for other websites. Theportal server provides a web page for the user to enter the username and password.2) The portal server and the access device exchange Challenge Handshake Authentication Protocol(CHAP) messages. For Password Authentication Protocol (PAP) authentication, this step isskipped.3) The portal server assembles the username and password into an authentication request messageand sends it to the access device. Meanwhile, the portal server starts a timer to wait for anauthentication acknowledgment message.4) The access device and the RADIUS server exchange RADIUS packets to authenticate the user.5) If the user passes authentication, the access device sends an authentication acknowledgmentmessage to the portal server.6) The portal server sends an authentication acknowledgment message to the authentication client tonotify it of logon success.7) The portal server sends an affirmation message to the access device.With extended portal functions, the process includes two additional steps:8) The security policy server exchanges security authentication information with the client to checkwhether the authentication client meets the security requirements.9) The security policy server authorizes the user to access unrestricted resources based on thesecurity configuration for the user. The authorization information is stored on the access deviceand used by the access device to control user access.
