Method and Apparatus for Network Access Control (NAC) in Roaming Services
First Claim
1. A network access control (NAC) method for roaming services applicable to a local network comprising at least a local authentication server, a local security policy server, and a local access device, the method comprising:
- authenticating a roaming terminal by the local authentication server, the local authentication server instructing the local access device to apply a roaming quarantine access policy to the roaming terminal after the roaming terminal is authenticated;
the local access device applying the roaming quarantine access policy according to the instruction;
executing a security check on the roaming terminal carried out by the local security policy server, the local security policy server instructing the local access device to apply a roaming secure access policy to the roaming terminal after the roaming terminals passes the security check;
the local access device applying the roaming secure access policy according to the instruction.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention discloses a method and apparatus for network access control (NAC) in roaming services. In embodiments of the present invention, roaming quarantine access policies and roaming secure access policies are defined on access devices to control access of roaming terminals, instead of defining unified access policies on network-wide access devices. Embodiments of the present invention allow each branch network to enforce and update access policies as needed without restrictions of network identification and adaptation, making it easier to implement NAC on a distributed network, and improving NAC development. Embodiments of the present invention provide widely applicable, easy-to-implement NAC solutions for roaming.
-
Citations
27 Claims
-
1. A network access control (NAC) method for roaming services applicable to a local network comprising at least a local authentication server, a local security policy server, and a local access device, the method comprising:
-
authenticating a roaming terminal by the local authentication server, the local authentication server instructing the local access device to apply a roaming quarantine access policy to the roaming terminal after the roaming terminal is authenticated; the local access device applying the roaming quarantine access policy according to the instruction; executing a security check on the roaming terminal carried out by the local security policy server, the local security policy server instructing the local access device to apply a roaming secure access policy to the roaming terminal after the roaming terminals passes the security check; the local access device applying the roaming secure access policy according to the instruction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An authentication server for authenticating a roaming terminal in a network system implementing network access control (NAC), comprising:
-
a processing unit, which, after the roaming terminal passes authentication, configured to inform an execution unit to apply to the roaming terminal a roaming quarantine access policy preconfigured for access terminals that roam to the local network; and the execution unit, which, after receiving the notification from the processing unit, configured to instruct a local access device to apply to the roaming terminal the preconfigured roaming quarantine access policy. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A security policy server for executing a security check on a roaming terminal in a NAC network system, comprising;
-
a control unit, which notifies an operation unit to deliver to the roaming terminal a roaming secure access policy preconfigured for access terminals that roam to the local network after the roaming terminal passes the security check; the operation unit, which, after receiving the notification from the control unit, instructs a local access device to deliver the roaming secure access policy to the roaming terminal. - View Dependent Claims (24, 25, 26, 27)
-
Specification