Multiple tiered network security system, method and apparatus using dynamic user policy assignment
First Claim
1. A network access device for providing network security, comprising:
- a plurality of input ports;
a switching fabric for routing data received on said plurality of input ports to at least one output port; and
control logic adapted to authenticate a physical address of a user device coupled to one of said plurality of input ports, to authenticate user information provided by a user of said user device only if said physical address is valid, and to restrict access to said one of said plurality of input ports in accordance with a user policy associated with said user information only if said user information is valid.
7 Assignments
0 Petitions
Accused Products
Abstract
A multiple key, multiple tiered network security system, method and apparatus provides at least three levels of security. The first level of security includes physical (MAC) address authentication of a user device being attached to the network, such as a user device being attached to a port of a network access device. The second level includes authentication of the user of the user device, such as user authentication in accordance with the IEEE 802.1x standard. The third level includes dynamic assignment of a user policy to the port based on the identity of the user, wherein the user policy is used to selectively control access to the port. The user policy may identify or include an access control list (ACL) or MAC address filter. Also, the user policy is not dynamically assigned if insufficient system resources are available to do so. Failure to pass a lower security level results in a denial of access to subsequent levels of authentication.
-
Citations
34 Claims
-
1. A network access device for providing network security, comprising:
-
a plurality of input ports;
a switching fabric for routing data received on said plurality of input ports to at least one output port; and
control logic adapted to authenticate a physical address of a user device coupled to one of said plurality of input ports, to authenticate user information provided by a user of said user device only if said physical address is valid, and to restrict access to said one of said plurality of input ports in accordance with a user policy associated with said user information only if said user information is valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for providing network security, comprising:
-
authenticating a physical address of a user device coupled to a port of a network access device;
authenticating user information provided by a user of said user device only if said physical address is valid; and
restricting access to said port in accordance with a user policy associated with said user information only if said user information is valid. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A network system, comprising:
-
a data communications network;
a network access device coupled to said data communications network; and
a user device coupled to a port of said network access device;
wherein said network access device is adapted to authenticate a physical address of said user device, to authenticate user information provided by a user of said user device only if said physical address is valid, and to restrict access to said port in accordance with a user policy associated with said user information only if said user information is valid. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification