A10E/A28E/A28F Configuration Guide
Figure 6-11 Accessing the network through PPPoE authentication
To access the network through PPPoE authentication, you need to pass through the following
2 stages: discovery stage (authentication stage) and session stage. PPPoE+ is used to process
packets at the discovery stage. The following steps show the whole discovery stage.
To access the network through PPPoE authentication, the client sends a broadcast packet
PPPoE Active Discovery Initiation (PADI). This packet is used to query the
authentications server.
After receiving the PADI packet, the authentication server replies a unicast packet
PPPoE Active Discovery Offer (PADO).
If multiple authentication servers reply PADO packets, the client selects one from them
and then sends a unicast PPPoE Active Discovery Request (PADR) to the authentication
server.
After receiving the PADR packet, if the authentication server believes that the user is
legal, it sends a unicast packet PPPoE Active Discovery Session-confirmation (PADS) to
the client.
PPPoE is mainly used to add user identification information in to PADI and PADR. Therefore,
the server can identify whether the user identification information is identical to the user
account for assigning resources.
6.9.2 Preparing for configurations
Scenario
To prevent illegal client access during PPPoE authentication, you need to configure PPPoE+
to add additional user identification information in PPPoE packet for network security.
Because the added user identification information is related to the specified switch and
interface, the authentication server can bind the user with the switch and interface to
effectively prevent account sharing and theft. In addition, this helps locate users to ensure
network security.
Prerequisite
N/A
To Next Page
Loading...