98Portal authentication processFigure 30 Layer 3 portal authentication processThe Layer 3 authentication process is as follows:1. A portal user initiates an authentication request through HTTP. When the HTTP packet arrivesat the access device, the access device allows it to pass if it is destined for the portal serveror a predefined free website, or redirects it to the portal server if it is destined for otherwebsites. The portal server provides a web page for the user to enter the username andpassword.2. The portal server and the access device exchange Challenge Handshake AuthenticationProtocol (CHAP) messages. For Password Authentication Protocol (PAP) authentication, thisstep is skipped.3. The portal server assembles the username and password into an authentication requestmessage and sends it to the access device. Meanwhile, the portal server starts a timer towait for an authentication acknowledgment message.4. The access device and the RADIUS server exchange RADIUS packets to authenticate theuser.5. If the user passes authentication, the access device sends an authentication acknowledgmentmessage to the portal server.6. The portal server sends an authentication acknowledgment message to the authenticationclient to notify it of logon success.7. The portal server sends an affirmation message to the access device.8. With extended portal functions, the process includes two additional steps:9. The security policy server exchanges security checking information with the client to checkwhether the authentication client meets the security requirements.10. The security policy server authorizes the user to access restricted resources based on thesecurity configuration for the user. The authorization information is stored on the accessdevice and used by the access device to control user access.