The invention relates to a method for the authenticated establishment of a connection between a mobile subscriber and a WLAN radio communication system. The mobile subscriber signs on as a guest to an access point of the WLAN network via an insecure connection or via a secure connection that is only authenticated on the network side and an individual IP address is assigned to the mobile subscriber. Using the individual IP address, the mobile subscriber accesses a portal page and authenticates himself/herself in a person-related manner to the portal page. Person-related authentication data is assigned to the mobile subscriber using a Security Assertion Markup Language. In a new connection setup as part of a secure Link Layer connection, the person-related authentication data is transmitted to an AAA server for final authentication of the mobile subscriber.