Portal support for EAP
To use portal authentication that supports EAP, the portal authentication server and client must be the HPE IMC portal server and the HPE iNode portal client. Local portal authentication does not support EAP authentication.
Compared with username and password based authentication, digital certificate-based authentication ensures higher security.
The Extensible Authentication Protocol (EAP) supports several digital certificate-based authentication methods, for example, EAP-TLS. Working together with EAP, portal authentication can implement digital certificate-based user authentication.
Figure 54: Portal support for EAP working flow diagram
As shown in Figure 54, the authentication client and the portal authentication server exchange EAP authentication packets. The portal authentication server and the access device exchange portal authentication packets that carry the EAP-Message attributes. The access device and the RADIUS server exchange RADIUS packets that carry the EAP-Message attributes. The RADIUS server that supports the EAP server function processes the EAP packets encapsulated in the EAP-Message attributes, and provides the EAP authentication result.
The access device does not process but only transports EAP-Message attributes between the portal authentication server and the RADIUS server. Therefore, the access device requires no additional configuration to support EAP authentication.