< Home

Portal Protocol

Packet Format

A Portal packet consists of a fixed-length header and variable-length attribute fields in the type, length, value (TLV) format. Figure 1 shows the Portal packet format.

Figure 1 Portal packet format

Packet Fields

Version

Portal protocol version. The length is 1 byte, and the default value is 0x02.

Type

Portal protocol packet type. The length is 1 byte.

Packet Type Value Description
REQ_CHALLENGE 0x01 Challenge request packet sent from the Portal server to an access device.
ACK_CHALLENGE 0x02 Packet sent from the access device to the Portal server in response to a challenge request packet.
REQ_AUTH 0x03 Authentication request packet sent from the Portal server to the access device.
ACK_AUTH 0x04 Packet sent from the access device to the Portal server in response to an authentication request packet.
REQ_LOGOUT 0x05 Logout request packet sent from the Portal server to the access device.
ACK_LOGOUT 0x06 Packet sent from the access device to the Portal server in response to a logout request packet.
AFF_ACK_AUTH 0x07 Authentication success response packet sent from the Portal server to the access device.
NTF_LOGOUT 0x08 Packet sent from the access device to the Portal server to notify forcible user logout.
REQ_INFO 0x09 Information query packet sent from the Portal server to the access device.
ACK_INFO 0x0a Packet sent from the access device to the Portal server in response to an information query packet.
ACK_NTF_LOGOUT 0x0e Packet sent from the Portal server to notify the access device that users have been forced to go offline.
USER_SYN 0x10 User information synchronization request packet sent from the Portal server to the access device.
ACK_USER_SYN 0x11 Packet sent from the access device to the Portal server in response to a user information synchronization request packet.
STATUS_NOTIFY 0x81 Status notification packet periodically sent from the Portal server to the access device.
ACK_STATUS_NOTIFY 0x82 Packet sent from the access device to the Portal server in response to a status notification packet.
MAC_QUERY 0x30 MAC cache query packet sent from the access device to the Portal server.
ACK_MAC_QUERY 0x31 MAC cache query response packet sent by the Portal server to the access device.

AuthType

Authentication mode. The length is 1 byte. Two authentication modes are supported:

  • CHAP authentication: is three-way handshake authentication and transmits user names and passwords in cipher text. The AuthType field for CHAP authentication is 0.

  • PAP authentication: is two-way handshake authentication and transmits user names and passwords in plain text. The AuthType field for PAP authentication is 0x01.

REQ_CHALLENGE and ACK_CHALLENGE are exchanged only in CHAP authentication. CHAP authentication is more secure and reliable than PAP, and is recommended if high security is required.

Rsvd

Reserved for future use. It is 1 byte in length and is 0 in all packets.

SerialNo

Serial number of a packet. It is 2 bytes in length and is randomly generated by the Portal server. The Portal server must ensure that the serial numbers of all packets in the same authentication process are the same and that the serial numbers of packets in different authentication processes are different within a certain period.

RequestID

Packet ID. It is 2 bytes in length and is generated by an access device. A packet ID must be unique.

UserIP

IP address of a Portal user. It is 4 bytes in length.

UserPort

Reserved for future use. It is 2 bytes in length and is 0 in all packets.

ErrCode

Error code. It is 1 byte in length and is used together with the Type field.

  • When the Type field displays 0x01, 0x03, 0x07, 0x09, 0x0e, 0x10, 0x11, 0x30, 0x31, 0x81, or 0x82:

    The ErrCode field is meaningless and the value is 0.

  • When the Type field displays 0x02:

    • If the ErrCode field displays 0, the access device notifies the Portal server that the challenge request is successful.
    • If the ErrCode field displays 0x01, the access device notifies the Portal server that the challenge request is denied.
    • If the ErrCode field displays 0x02, the access device notifies the Portal server that the connection has been established.
    • If the ErrCode field displays 0x03, the access device notifies the Portal server that a user is being authenticated and it should try again later.
    • If the ErrCode field displays 0x04, the access device notifies the Portal server that the challenge request of the user fails.
    • If the ErrCode field displays 0xfd, the access device notifies the Portal server that the user is not found (the user has roamed or gone offline).

  • When the Type field displays 0x04:

    • If the ErrCode field displays 0, the access device notifies the Portal server that the user has been authenticated successfully.
    • If the ErrCode field displays 0x01, the access device notifies the Portal server that the user authentication request is denied.
    • If the ErrCode field displays 0x02, the access device notifies the Portal server that the connection has been established.
    • If the ErrCode field displays 0x03, the access device notifies the Portal server that a user is being authenticated and it should try again later.
    • If the ErrCode field displays 0x04, the access device notifies the Portal server that the user fails the authentication due to an error, for example, incorrect user name.
    • If the ErrCode field displays 0x05, the access device notifies the Portal server that the user fails the authentication because the number of online Portal users has reached the maximum value.
    • If the ErrCode field displays 0x06, the access device notifies the Portal server that the user authentication fails because it is authenticating the user in another mode.
    • If the ErrCode field displays 0xfd, the access device notifies the Portal server that the user is not found (the user has roamed or gone offline).

  • When the Type field displays 0x05:

    • If the ErrCode field displays 0, the Portal server sends a logout request packet to the access device.
    • If the ErrCode field displays 0x01, the Portal server sends a packet to the access device if the Portal server does not receive any response packet from the access device with the period defined by the corresponding timer.

  • When the Type field displays 0x06:

    • If the ErrCode field displays 0, the access device notifies the Portal server that the user has gone offline.
    • If the ErrCode field displays 0x01, the access device notifies the Portal server that the user's logout request is denied.
    • If the ErrCode field displays 0x02, the access device notifies the Portal server that the user fails to go offline.

  • When the Type field displays 0x08:

    If the ErrCode field displays 0x02, the access device notifies the Portal server that the user is forced to go offline.

  • When the Type field displays 0x0a:

    • If the ErrCode field displays 0, the access device notifies the Portal server that the information query packet has been processed successfully.
    • If the ErrCode field displays 0x01, the access device notifies the Portal server that the information query packet fails to be processed because this function is not supported.
    • If the ErrCode field displays 0x02, the access device notifies the Portal server that the information query packet fails to be processed due to an error, for example, incorrect information query packet format.

AttrNum

Number of attributes in the Attribute field. It is 1 byte in length. The Attribute field contains a maximum of 255 attributes.

Authenticator

Authentication key. It is 16 bytes and is calculated using the MD5 algorithm.

Attribute

Variable-length field. It is composed of multiple attributes in the TLV format.

  • AttrType: indicates an attribute type. The length is 1 byte.

  • AttrLen: indicates the length (1 byte) of the Attribute field, which is the sum of the lengths of the AttrType, AttrLen, and AttrValue fields.

  • AttrValue: indicates a specific attribute value, for example, user name and password. The length cannot exceed 253 bytes.

AttrValue AttrType AttrValue Length (Bytes) Description Packet Type Carrying This Attribute
UserName 0x01 1-253 User name in the format of user name@domain name, for example, test@huawei.com. REQ_AUTH
PassWord 0x02

1-128

 User-entered password. REQ_AUTH
Challenge 0x03 16 Authentication key encrypted in CHAP mode. ACK_CHALLENGE
ChapPassWord 0x04 16 Password encrypted in CHAP mode. REQ_AUTH
TextInfo 0x05 2-253 Used to transparently transmit the prompt information provided by a third-party authentication device, such as a RADIUS server, to the Portal server. This attribute carries a character string without the end character \0. A packet may carry multiple such attributes but is recommended to carry only one attribute. ACK_AUTH, REQ_AUTH (only in Portal 1.0)
Port 0x08 1-51

Port number in the following formats:

  • Type + length (in REQ_INFO packets)
  • Type + length + content (in ACK_INFO packets)
 REQ_INFO, ACK_INFO
Bas_IP 0x0a 4 IP address of the AC to which a user roams. ACK_AUTH, ACK_CHALLENGE
User_Mac 0x0b 6 User MAC address. ACK_AUTH, ACK_LOGOUT, NTF_LOGOUT, ACK_CHALLENGE, ACK_INFO, REQ_CHALLENGE, REQ_AUTH, REQ_LOGOUT
User_Private_IP 0x0d 4-252 User IPv4 address. USER_SYN, ACK_USER_SYN
WebAuthenInfo 0x40 1-247 Used to transmit the user input on web pages to the RADIUS server. A packet may carry multiple such attributes. REQ_AUTH
User_IPV6 0xf1 16 User IPv6 address. REQ_CHALLENGE, ACK_CHALLENGE, REQ_AUTH, ACK_AUTH, REQ_LOGOUT, ACK_LOGOUT, AFF_ACK_AUTH, NTF_LOGOUT, REQ_INFO, ACK_INFO
Parent Topic: Portal Authentication Protocol
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >