< Home

HACA Authentication Process

HACA only supports MAC address-prioritized Portal authentication. iMaster NCE-Campus deployed on the cloud acts as an external Portal server and an HACA server to provide authentication and accounting services. A switch acts as a user authentication point to provide the user authentication function together with the HACA server. User authorization information is configured on the HACA server. After a user passes authentication, the HACA server authorizes network access rights to the user. Figure 1 shows the HACA authentication, authorization, and accounting process.

Figure 1 HACA authentication, authorization, and accounting process

  1. An access device sets up a persistent connection and register with the HACA server using HTTP/2.
  2. The client and device set up a pre-connection before authentication.
  3. The client initiates an authentication request using HTTP. The HACA server provides a web page for the client to enter the user name and password for authentication.
  4. The device and HACA server exchange authentication packets.
  5. After the client passes authentication, the HACA server sends an authorization packet to authorize network access rights to the client.
  6. When the client starts to access network resources, the access device sends an accounting-start request packet to the HACA server.
  7. The HACA server sends an accounting response packet to the access device and starts accounting.
  8. (Optional) If real-time accounting is enabled, the access device periodically sends real-time accounting request packets to the HACA server, preventing incorrect accounting results caused by unexpected user disconnection.
  9. (Optional) The HACA server returns real-time accounting response packets and performs real-time accounting.
  10. The client sends a logout request.
  11. The HACA server sends a logout request packet to the access device.
  12. The access device sends a logout response packet to the HACA server.
  13. The access device sends an accounting-stop request packet to the HACA server.
  14. The HACA server sends an accounting-stop response packet to the access device and stops accounting.
Parent Topic: HACA AAA
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic