Enabling dynamic authentication with different protocols on the same port for a switch
First Claim
1. One or more non-transitory, computer readable media, the computer readable media comprising code for execution that, when executed, causes one or more processors to:
- detect a request to join a network from a client device at a network device;
initiate a backoff timer with a backoff time-limit based on the request to join the network; and
apply a first policy to grant access to a network resource associated with a local area network based on determining the client device is capable of supporting an 802.1X authentication protocol before the backoff timer expires and on the client device being authenticated according to the 802.1X authentication protocol, whereina second policy is applied based, at least in part, on a determination that the client device is incapable of supporting the 802.1X authentication protocol and on the client device being authenticated according to another authentication protocol.
9 Assignments
0 Petitions
Accused Products
Abstract
The invention enables a client device that does not support IEEE 802.1X authentication to access at least some resources provided through a switch that supports 802.1X authentication by using dynamic authentication with different protocols. When the client device attempts to join a network, the switch monitors for an 802.1X authentication message from the client device. In one embodiment, if the client fails to send an 802.1X authentication message, respond to an 802.1X request from the switch, or a predefined failure condition is detected the client may be deemed incapable of supporting 802.1X authentication. In one embodiment, the client may be initially placed on a quarantine VLAN after determination that the client fails to perform an 802.1X authentication within a backoff time limit. However, the client may still gain access to resources based on various non-802.1X authentication mechanisms, including name/passwords, digital certificates, or the like.
-
Citations
22 Claims
-
1. One or more non-transitory, computer readable media, the computer readable media comprising code for execution that, when executed, causes one or more processors to:
-
detect a request to join a network from a client device at a network device; initiate a backoff timer with a backoff time-limit based on the request to join the network; and apply a first policy to grant access to a network resource associated with a local area network based on determining the client device is capable of supporting an 802.1X authentication protocol before the backoff timer expires and on the client device being authenticated according to the 802.1X authentication protocol, wherein a second policy is applied based, at least in part, on a determination that the client device is incapable of supporting the 802.1X authentication protocol and on the client device being authenticated according to another authentication protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a network device to route network traffic from a client device; and an enforcer element comprising instructions executable by at least one processor to detect a request to join a network from a client device; initiate a backoff timer with a backoff time-limit based on the request to join the network; and apply a first policy to grant access to a network resource associated with a local area network based on determining the client device is capable of supporting an 802.1X authentication protocol before the backoff timer expires and on the client device being authenticated according to the 802.1X authentication protocol, wherein a second policy is applied based, at least in part, on a determination that the client device is incapable of supporting the 802.1X authentication protocol and on the client device being authenticated according to another authentication protocol. - View Dependent Claims (16, 17, 18)
-
-
19. An apparatus, comprising:
-
a memory element for storing code; and at least one processor configured to execute instructions associated with the code to; detect a request to join a network from a client device to a network device associated with the network; initiate a backoff timer with a backoff time-limit based on the request to join the network; and apply a first policy to grant access to a network resource associated with a local area network based on determining the client device is capable of supporting a an 802.1X authentication protocol before the backoff timer expires and on the client device being authenticated according to the 802.1X authentication protocol, wherein a second policy is applied based, at least in part, on a determination that the client device is incapable of supporting the 802.1X authentication protocol and on the client device being authenticated according to another authentication protocol. - View Dependent Claims (20)
-
-
21. A method, comprising:
-
detecting a request to join a network from a client device at a network device; initiating a backoff timer with a backoff time-limit based on the request to join the network; and applying a first policy to grant access to a network resource associated with a local area network based on determining the client device is capable of supporting an 802.1X authentication protocol before the backoff timer expires and on the client device being authenticated according to the 802.1X authentication protocol, wherein a second policy is applied based, at least in part, on a determination that the client device is incapable of supporting the 802.1X authentication protocol and on the client device being authenticated according to another authentication protocol. - View Dependent Claims (22)
-
Specification