System and method for authentication of SP Ethernet aggregation networks
First Claim
1. A processor-implemented method of operation for a user-facing provider edge (u-PE) device of an Ethernet access network, the method comprising:
- receiving a message from a subscriber-premises device, the message being compatible with an authentication protocol and being transported from the subscriber-premises device to the u-PE device in compliance with an IEEE 802.1x compatible protocol; and
allowing or denying access to the Ethernet access network based on a logical identifier contained in the message.
1 Assignment
0 Petitions
Accused Products
Abstract
A Service Provider (SP) authentication method includes receiving a message from a subscriber-premises device, the message being compatible with an authentication protocol and being transported from the subscriber-premises device to a u-PE device operating in compliance with an IEEE 802.1x compatible protocol. Access to the SP network is either allowed or denied access based on a logical identifier contained in the message. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. 37 CFR 1.72(b).
121 Citations
27 Claims
-
1. A processor-implemented method of operation for a user-facing provider edge (u-PE) device of an Ethernet access network, the method comprising:
-
receiving a message from a subscriber-premises device, the message being compatible with an authentication protocol and being transported from the subscriber-premises device to the u-PE device in compliance with an IEEE 802.1x compatible protocol; and
allowing or denying access to the Ethernet access network based on a logical identifier contained in the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A processor-implemented method of operation for a user-facing provider edge (u-PE) device of a Service Provider (SP) subscriber Ethernet aggregation network, the method comprising:
-
receiving a message from a subscriber-premises device, the message being compatible with a first protocol and being transported from the subscriber-premises device to the u-PE device in compliance with an IEEE 802.1x compatible protocol;
sending a network access request to a server in accordance with a second protocol, the network access request including subscriber identity information;
receiving a validation message from the server;
authorizing traffic associated with a particular application layer service between the subscriber-premises device and the SP subscriber Ethernet aggregation network based on a first logical identifier. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A user-facing provider edge (u-PE) device for association with an Ethernet access network, the u-PE device comprising:
-
a port;
an authenticator compatible with an IEEE 802.1x compatible protocol, the authenticator being configured to communicate with a supplicant device of a residential gateway (RG) device over the IEEE 802.1x compatible protocol, and with a network server that stores credential information of the supplicant device via a different authentication protocol, the authenticator opening the port to traffic between the RG device and the Ethernet access network on a per application layer service basis. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A user-facing provider edge (u-PE) device for association with an Ethernet access network, the u-PE device comprising:
-
a port;
means for communicating with a subscriber-premises device via Extensible Authentication Protocol (EAP) messages carried over an IEEE 802.1x compatible protocol, and for communicating with an authentication, authorization, and accounting (AAA) server that stores user credential information, the means opening the port to traffic between the subscriber-premises device and the Ethernet access network on a per application layer service basis upon validation of credential information provided by the subscriber-premises device.
-
-
25. A Service Provider (SP) subscriber Ethernet access network, comprising:
-
a Layer 1 (L1) transport device that connects with a subscriber-premises device;
an authentication, authorization, and accounting (AAA) server that stores user credential information;
a user-facing provider edge (u-PE) device coupled to the AAA server and to the subscriber-premises device through the L1 transport device, the u-PE having a physical port and including means for communicating with a subscriber-premises device via Extensible Authentication Protocol (EAP) messages carried over an IEEE 802.1x compatible protocol, and for communicating with the AAA server via a different protocol, the means opening the physical port to traffic between the subscriber-premises device and the SP subscriber Ethernet access network on a per application layer service basis upon validation of credential information provided by the subscriber-premises device, with individual application layer services being identified by a Media Access Control (MAC) address. - View Dependent Claims (27)
-
-
26. A computer program product comprising a computer useable medium and computer readable code embodied on the computer useable medium, execution of the computer readable code causing the computer program product to configure a user-facing provider edge (u-PE) device to:
-
communicate with a subscriber-premises device via Extensible Authentication Protocol (EAP) messages carried over an IEEE 802.1x compatible protocol; and
communicate with the AAA server via a different protocol;
open a physical port to traffic between the subscriber-premises device and an Ethernet access network on a per application layer service basis upon validation of credential information provided by the subscriber-premises device.
-
Specification