Picking Up the Survival Server for Authentication
The Survival Server performs an authentication or query request when authentication survivability is enabled,
and one of the following is true:
1. All servers are out of service in the server group if fail-through is disabled
2. All in-service servers failed the authentication and at least one server is out of service when fail-through is
enabled.
Access Credential Data Stored
In addition to the username, the following access credential data is stored:
n Password Authentication Protocol (PAP): authmgr receives the password provided by the client and then
stores the encrypted SHA-1 hashed value of the password.
n When employing 802.1X with disabled termination using EAP-TLS, the EAP indicator is stored.
n The CN lookup EXIST indicator is stored.
Authentication for Captive Portal Clients
This section describes the authentication procedures for Captive Portal clients us, both when the branch's
authentication servers are available and when they are not available. When the authentication servers are not
available, the Survival Server takes over the handling of authentication requests.
This section describes the following authentication scenarios:
n Captive Portal clients authentication using Password Authentication Protocol (PAP)
n External Captive Portal clients authentication using the XML-API
Captive Portal Client Authentication Using PAP
Table 56 describes what occurs for Captive Portal clients using PAP as the authentication method.
Table 56: Captive Portal Authentication Using PAP
When Authentication Servers Are
Available
When Authentication Servers Are Not Available
n If authentication succeeds, the associated
access credential with an encrypted SHA-1
hash of the password and Key Reply
attributes are stored in the Survival Server
database.
n If authentication fails, the associated access
credential and Key Reply attributes
associated with the PAP method (if they
exist) are deleted from the Survival Server
database.
When no in-service server in the associated server group is
available, the Survival Server is used to authenticate the Captive
portal client using PAP.
The Survival Server uses the previously stored unexpired access
credential to perform authentication and, upon successful
authentication, returns the previously stored Key Reply
attributes.
External Captive Portal Client Authentication Using the XML-API
Table 57 describes the authentication procedures for External Captive Portal clients using the XML-API, both
when the branch's authentication servers are available and when they are not available. When the
authentication servers are not available, the Survival Server takes over the handling of authentication requests.
AOS-W 6.5.3.x | User Guide BranchSwitch Config for Cloud Services Switches | 221
To Next Page
Loading...