Method for detecting dedicated link between an end station and a network device
First Claim
1. An apparatus for performing at least one authentication protocol at multiple network layers for authenticating an end station coupled to a switch in a network, the apparatus comprising:
- a switch, comprising, a first driver that executes a link detect protocol at a physical layer; and
a plurality of ports, wherein each port comprises a first link beat control circuit and a first medium access control (MAC) unit, and wherein the first link beat control circuit manages a physical layer link active signaling process to determine whether a device coupled to a link is active; and
an end station including a second driver that supports the link detect protocol and a higher layer authentication protocol, a second link beat control circuit, and a second MAC, wherein the switch communicates with the end station via a network link to execute the link detect protocol and the higher layer authentication protocol, wherein the link detect protocol comprises, the switch starting a test timer;
the switch monitoring a link beat on the network link;
the switch sending an encrypted message to the end station;
the end station decrypting the encrypted message;
the end station dropping the link beat in response to the message;
if the switch has not detected that the link beat has been dropped before the test timer expires, the switch determining whether a retry limit has been reached;
if the retry limit has not been reached, the switch resending the encrypted message;
the switch detecting that the link beat has been dropped;
the switch determining that the switch is coupled by a direct link to the end station in response to detecting that the link beat has been dropped; and
the switch initiating the higher layer authentication protocol, which comprises, sending at least one encrypted message to the end station at a network layer above the physical layer; and
if the end station participates successfully in the authentication protocol, the switch granting the end station access to the network.
6 Assignments
0 Petitions
Accused Products
Abstract
A dedicated link between the intermediate system or other network device and the end system is detected prior to exchanging the authentication/identification information of the user, thereby ensuring that the information is seen only by the network device and the end system and by no one else. The method determines whether a network device has a direct connection to an end station using a test of a physical layer link active signaling mechanism. The method includes sending a message via the network from the network device to the end station indicating initiation of a test of the physical layer link active signaling mechanism. The network device then determines whether the end station participates in the test prior to proceeding with the authentication/identification processes.
44 Citations
1 Claim
-
1. An apparatus for performing at least one authentication protocol at multiple network layers for authenticating an end station coupled to a switch in a network, the apparatus comprising:
-
a switch, comprising, a first driver that executes a link detect protocol at a physical layer; and
a plurality of ports, wherein each port comprises a first link beat control circuit and a first medium access control (MAC) unit, and wherein the first link beat control circuit manages a physical layer link active signaling process to determine whether a device coupled to a link is active; and
an end station including a second driver that supports the link detect protocol and a higher layer authentication protocol, a second link beat control circuit, and a second MAC, wherein the switch communicates with the end station via a network link to execute the link detect protocol and the higher layer authentication protocol, wherein the link detect protocol comprises, the switch starting a test timer;
the switch monitoring a link beat on the network link;
the switch sending an encrypted message to the end station;
the end station decrypting the encrypted message;
the end station dropping the link beat in response to the message;
if the switch has not detected that the link beat has been dropped before the test timer expires, the switch determining whether a retry limit has been reached;
if the retry limit has not been reached, the switch resending the encrypted message;
the switch detecting that the link beat has been dropped;
the switch determining that the switch is coupled by a direct link to the end station in response to detecting that the link beat has been dropped; and
the switch initiating the higher layer authentication protocol, which comprises, sending at least one encrypted message to the end station at a network layer above the physical layer; and
if the end station participates successfully in the authentication protocol, the switch granting the end station access to the network.
-
Specification