Portal Authentication Modes
In different networking modes, the available Portal authentication modes are different, distinguished by the network layers that implements the Portal authentication in the network. The Portal authentication modes are divided to two kinds: L2 authentication mode and L3 authentication mode.
- L2 authentication mode
Support enabling the Portal authentication function on the L2 interface of the authentication device connecting the user. Users can only access the Portal server by manually configuring or DHCP to directly get an IP address before authentication; after authentication, they can access network resources. The L2 authentication mode is based on the source MAC control, which allows the packets with the valid source MAC address to pass after passing the authentication.
- L3 authentication mode
Support enabling the Portal authentication function on the L3 interface of the authentication device connecting the user. The L3 authentication mode can be divided into ordinary L3 authentication mode and secondary address assignment authentication mode.
- Ordinary L3 authentication mode
Users can only access the Portal server and the set free access address by manually configuring or DHCP to directly get an IP address before authentication; after authentication, they can access network resources. The ordinary L3 authentication mode has two control modes:
- Control based on source IP: Permit the packet with the valid source IP to pass after passing the authentication
- Control based on source IP + source MAC: Permit the packet with the valid source IP and source MAC to pass after passing the authentication
- Secondary address assignment authentication mode
The user gets one private IP address via DHCP before authentication, and can only access the Portal server, as well the set free access address. After passing the authentication, the user applies for one public IP address, and then, can access network resources. The authentication mode controls based on source IP + source MAC, permitting the packet with the valid source IP + source MAC to pass after passing the authentication. The authentication mode can effectively solve the problem of insufficient public addresses, and improve the utilization of the public addresses.