The Web Authentication Protocol (WPP) is a protocol running between a BNG and a Web portal server. WPP is used for web portal authentication of WLAN users (DHCP Host). It can function like a web portal that can trigger BNG to perform RADIUS authentication for WLAN users, or send user disconnection notification to BNG.
The Figure: WPP authentication illustrates high level of call flow of WPP authentication.
The following describes WPP authentication call flow:
When the WLAN user starts a DHCP exchange with a 7750 SR, the router creates a DHCP host from following configurations:
Sub-id is the default subscriber ID configured in the sap>sub-sla-mgmt context.
sla-profile/sub-profile/aa-profile takes the configuration from CLI command grp-if>wpp>initial-sla-profile/initial-sub-profile/initial-app-profile.
IP address from local or external DHCP server is assigned to the host.
When the user sends an HTTP request to visit a website by browser, the router redirects the HTTP request to the web portal.
The portal server sends an authentication page to the WLAN user.
WLAN user enters username and password in the authentication page and submit to the portal server.
The portal server sends a WPP request to router together with the user credentials.
The 7750 SR sends an access-request to RADIUS server with user credentials.
RADIUS returns an access-accept if authentication succeeds.
The 7750 SR returns a WPP ACK to the portal server.
If it was access-accept, then the router can optionally override the following host properties:
sub-id
This is the subscriber ID from RADIUS. If there is no sub-id from RADIUS, then the host keeps using current sub-id.
sla-profile, sub-profile, or aa-profile
The system uses the RADIUS server returned values. If the RADIUS server did not return these then the system tries to use the LUDB (in local DHCP server) return values if they are available. If not, the system tries to use the default values configured under SAP.