Enabling Dynamic Authentication With Different Protocols on the Same Port for a Switch
11 Assignments
0 Petitions
Accused Products
Abstract
The invention enables a client device that does not support IEEE 802.1X authentication to access at least some resources provided through a switch that supports 802.1X authentication by using dynamic authentication with different protocols. When the client device attempts to join a network, the switch monitors for an 802.1X authentication message from the client device. In one embodiment, if the client fails to send an 802.1X authentication message, respond to an 802.1X request from the switch, or a predefined failure condition is detected the client may be deemed incapable of supporting 802.1X authentication. In one embodiment, the client may be initially placed on a quarantine VLAN after determination that the client fails to perform an 802.1X authentication within a backoff time limit. However, the client may still gain access to resources based on various non-802.1X authentication mechanisms, including name/passwords, digital certificates, or the like.
-
Citations
56 Claims
-
1-23. -23. (canceled)
-
24. A method, comprising:
-
monitoring network traffic associated with a port of a network device; identifying an authentication request within the network traffic, wherein the authentication request is associated with a client device; and evaluating a first policy associated with the client device in order to determine whether to authenticate the client device, wherein if the client device is authenticated then it is granted access to a network resource associated with a first local area network, and wherein if the client device is not authenticated then the client device is prohibited from accessing the network resource, and the client device is relegated to a second local area network that does not include the network resource. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. Logic encoded in one or more tangible media that includes code for execution and when executed by a processor operable to perform operations comprising:
-
monitoring network traffic associated with a port of a network device; identifying an authentication request within the network traffic, wherein the authentication request is associated with a client device; and evaluating a first policy associated with the client device in order to determine whether to authenticate the client device, wherein if the client device is authenticated then it is granted access to a network resource associated with a first local area network, and wherein if the client device is not authenticated then the client device is prohibited from accessing the network resource, and the client device is relegated to a second local area network that does not include the network resource. - View Dependent Claims (40, 41, 42, 43, 44, 45)
-
-
46. An apparatus, comprising:
-
a memory element configured to store code; a processor operable to execute instructions associated with the code; and an enforcer element configured to interface with the memory element and the processor such that the apparatus can; monitor network traffic associated with a port of a network device; identify an authentication request within the network traffic, wherein the authentication request is associated with a client device; and evaluate a first policy associated with the client device in order to determine whether to authenticate the client device, wherein if the client device is authenticated then it is granted access to a network resource associated with a first local area network, and wherein if the client device is not authenticated then the client device is prohibited from accessing the network resource, and the client device is relegated to a second local area network that does not include the network resource. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
Specification