Method and apparatus for registering auto-configured network addresses based on connection authentication

US 7,143,435 B1
Filed: 07/31/2002
Issued: 11/28/2006
Est. Priority Date: 07/31/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method of registering auto-configured network addresses, the method comprising:

receiving, at a networking device connected to a host at a physical connection, from a first server, first data indicating at least some authentication information associated with the host;

receiving at the networking device from the host, a first message requesting configuration information, the first message including a logical network address for the host determined at least in part by the host;

generating a second message based on the first message and the first data; and

sending the second message to a second, dynamic host control protocol (DHCP) server that registers the host by associating the logical network address with the first data;

wherein the first server provides authentication and authorization in response to a request for authentication for the physical connection;

an authenticator process sends the request for authentication and performs receiving the first data;

a DHCP relay agent process for the second server performs receiving the first message and sending the second message; and

generating the second message further comprises sending a third message from the authenticator process to the relay agent process based on the first data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for registering auto-configured network addresses includes receiving first data at a networking device connected to a host at a physical connection. The first data is received from a first server and indicates authentication information associated with the host. A first message is received at the networking device from the host. The first message requests configuration information and includes a logical network address for the host determined at least in part by the host. A second message is generated based on the first message and the first data. The second message is sent to a second server that registers the host by associating the logical network address with the first data.

Citations

29 Claims

1. A computer-implemented method of registering auto-configured network addresses, the method comprising:
- receiving, at a networking device connected to a host at a physical connection, from a first server, first data indicating at least some authentication information associated with the host;
  
  receiving at the networking device from the host, a first message requesting configuration information, the first message including a logical network address for the host determined at least in part by the host;
  
  generating a second message based on the first message and the first data; and
  
  sending the second message to a second, dynamic host control protocol (DHCP) server that registers the host by associating the logical network address with the first data;
  
  wherein the first server provides authentication and authorization in response to a request for authentication for the physical connection;
  
  an authenticator process sends the request for authentication and performs receiving the first data;
  
  a DHCP relay agent process for the second server performs receiving the first message and sending the second message; and
  
  generating the second message further comprises sending a third message from the authenticator process to the relay agent process based on the first data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method as recited in claim 1, whereinthe step of generating the second message further comprises the steps of:
    - storing second data based on the first data by the authenticator process; and
      
      retrieving the second data by the relay agent process in response to the step of receiving the first message.
  - 3. A method as recited in claim 1, wherein the first server is an authentication, authorization and accounting server.
  - 4. A method as recited in claim 3, wherein the first server is a RADIUS (Remote Access Dial-In User Service) protocol server.
  - 5. A method as recited in claim 1, wherein the physical connection comprises an Ethernet interface card on the networking device.
  - 6. A method as recited in claim 1, wherein the physical connection comprises a wireless Ethernet encryption key and time slot.
  - 7. A method as recited in claim 1, wherein receiving the first data is performed according to an Institute of Electrical and Electronics Engineers (IEEE) 802.1x standard.
  - 8. A method as recited in claim 1, wherein generating the second message is performed according to dynamic host configuration protocol (DHCP).
  - 9. A method as recited in claim 1, wherein:
    - the first data includes user class data indicating a particular group of one or more authorized users of the host; and
      
      the step of generating the second message is further based on the user class data.
  - 10. A method as recited in claim 1, wherein:
    - the first data includes credential data indicating authentication is performed by the first server; and
      
      the step of generating the second message is further based on the credential data.
  - 11. A method as recited in claim 1, wherein:
    - the first data includes a user identification that indicates a particular user; and
      
      the step of generating the second message is further based on the user identification.
  - 12. A method as recited in claim 1, further comprising:
    - based on the first data, enabling the physical connection to forward subsequent messages between the host and a network connected to the networking device; and
      
      storing the first data at least until a third request is received from the host for configuration information for the host, the third request including a logical network address for the host determined at least in part by the host, for associating the first data with the logical network address.

13. A computer-readable tangible storage medium carrying one or more sequences of instructions for registering auto-configured network addresses, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- receiving, at a networking device connected to a host at a physical connection, from a first server, first data indicating at least some authentication information associated with the host;
  
  receiving at the networking device from the host, a first message requesting configuration information, the first message including a logical network address for the host determined at least in part by the host;
  
  generating a second message based on the first message and the first data; and
  
  sending the second message to a second, dynamic host control protocol (DHCP) server that registers the host by associating the logical network address with the first data;
  
  wherein the first server provides authentication and authorization in response to a request for authentication for the physical connection;
  
  an authenticator process sends the request for authentication and performs receiving the first data;
  
  a DHCP relay agent process for the second server performs receiving the first message and sending the second message; and
  
  generating the second message further comprises sending a third message from the authenticator process to the relay agent process based on the first data.
- View Dependent Claims (14)
- - 14. A computer-readable tangible storage medium as recited in claim 13 carrying one or more further sequences of instructions, which instructions, when executed by one or more processors, cause the one or more processors to carry out:
    - based on the first data, enabling the physical connection to forward subsequent messages between the host and a network connected to the networking device; and
      
      storing the first data at least until a third request is received from the host for configuration information for the host, the third request including a logical network address for the host determined at least in part by the host, for associating the first data with the logical network address.

15. An apparatus for registering auto-configured network addresses, comprising a networking device connected to a host at a physical connection, further comprising:
- means for receiving, from a first server, first data indicating at least some authentication information associated with the host;
  
  means for receiving, from the host, a first message requesting configuration information, the first message including a logical network address for the host determined at least in part by the host;
  
  means for generating a second message based on the first message and the first data; and
  
  means for sending the second message to a second, dynamic host control server that registers the host by associating the logical network address with the first data;
  
  wherein the first server provides authentication and authorization in response to a request for authentication for the physical connection;
  
  an authenticator process sends the request for authentication and performs receiving the first data;
  
  a DHCP relay agent process for the second server performs receiving the first message and sending the second message; and
  
  generating the second message further comprises sending a third message from the authenticator process to the relay agent process based on the first data.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The apparatus of claim 15, wherein the means for generating the second message further comprises means for storing second data based on the first data by the authenticator process;
    - and means for retrieving the second data by the relay agent process in response to the step of receiving the first message.
  - 18. The apparatus of claim 15, wherein the means for generating the second message operates according to dynamic host configuration protocol (DHCP).
  - 19. The apparatus of claim 15, wherein the first data includes user class data indicating a particular group of one or more authorized users of the host;
    - and the means for generating the second message performs generating the second message based on the user class data.
  - 20. The apparatus of claim 15, wherein the first data includes credential data indicating authentication is performed by the first server;
    - and the means for generating the second message performs generating the second message based on the credential data.
  - 21. The apparatus of claim 15, wherein the first data includes a user identification that indicates a particular user;
    - and the means for generating the second message performs generating the second message based on the user identification.
  - 22. The apparatus of claim 15, further comprising:
    - means for enabling the physical connection to forward subsequent messages between the host and a network connected to the intermediate device based on the first data;
      
      means for storing the first data at least until a third request is received from the host for configuration information for the host, the third request including a logical network address for the host determined at least in part by the host, for associating the first data with the logical network address.

16. An apparatus for registering auto-configured network addresses, comprising:
- a network interface that is coupled to a data network for receiving therefrom, and sending thereto, one or more packet flows;
  
  a physical connection that is coupled to a host;
  
  a processor;
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  receiving, from a first server, first data indicating at least some authentication information associated with the host;
  
  receiving, from the host, a first message requesting configuration information, the first message including a logical network address for the host determined at least in part by the host;
  
  generating a second message based on the first message and the first data; and
  
  sending the second message to a second, dynamic host control protocol (DHCP) server that registers the host by associating the logical network address with the first data;
  
  wherein the first server provides authentication and authorization in response to a request for authentication for the physical connection;
  
  an authenticator process sends the request for authentication and performs receiving the first data;
  
  a DHCP relay agent process for the second server performs receiving the first message and sending the second message; and
  
  generating the second message further comprises sending a third message from the authenticator process to the relay agent process based on the first data.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The apparatus of claim 16, wherein the instructions for generating the second message further comprise instructions for storing second data based on the first data by the authenticator process and instructions for retrieving the second data by the relay agent process in response to the step of receiving the first message.
  - 24. The apparatus of claim 16, wherein the instructions for generating the second message operate according to dynamic host configuration protocol (DHCP).
  - 25. The apparatus of claim 16, wherein the first data includes user class data indicating a particular group of one or more authorized users of the host;
    - and the instructions for generating the second message perform generating the second message based on the user class data.
  - 26. The apparatus of claim 16, wherein the first data includes credential data indicating authentication is performed by the first server;
    - and the instructions for generating the second message perform generating the second message based on the credential data.
  - 27. The apparatus of claim 16, wherein the first data includes a user identification that indicates a particular user;
    - and the instructions for generating the second message perform generating the second message based on the user identification.
  - 28. The apparatus of claim 16, further comprising instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - enabling the physical connection to forward subsequent messages between the host and a network connected to the intermediate device based on the first data;
      
      storing the first data at least until a third request is received from the host for configuration information for the host, the third request including a logical network address for the host determined at least in part by the host, for associating the first data with the logical network address.

29. A computer system, comprising:
- an Ethernet switch coupled to a network and coupled to a user host computer, the switch comprising an authenticator process and a dynamic host control protocol (DHCP) relay agent process;
  
  an authentication, authorization and accounting (AAA) server that is coupled to the switch;
  
  a DHCP server that is coupled to the switch and the AAA server;
  
  one or more sequences of computer program instructions stored in the switch, which instructions, when executed by one or more processors in the switch, cause the one or more processors to perform;
  
  sending, from the authenticator process of the switch to the AAA server, a request to authenticate the user host computer;
  
  receiving from the AAA server in response to the request, authentication information associated with the user host computer;
  
  sending the authentication information from the authenticator process to the DHCP relay agent process;
  
  receiving at the DHCP relay agent process, from the host, a first message requesting host configuration information, the first message including a logical network address for the host determined at least in part by the host;
  
  creating a second message that includes the logical network address for the host and the authentication information; and
  
  sending the second message to the dynamic host control protocol (DHCP) server, which registers the host by storing the logical network address for the host in association with the authentication information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Droms, Ralph, Schnizlein, John M.
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Cervetti, David Garcia

Application Number

US10/210,513
Time in Patent Office

1,581 Days
Field of Search

726/3
US Class Current

726/3
CPC Class Codes

H04L 61/5014   using dynamic host configur...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 61/59   using proxies for addressing

H04L 63/08   for authentication of entit...

Method and apparatus for registering auto-configured network addresses based on connection authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for registering auto-configured network addresses based on connection authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links