Enhanced trust relationship in an IEEE 802.1x network
First Claim
Patent Images
1. A system, comprising:
- an authentication server disposed on a network;
a switch coupled to the network and communicatively coupled to the authentication server via the network, the switch comprises a switch table containing a list of allowed addresses; and
an access point communicatively coupled to the switch;
wherein the switch is configured to allow packets having addresses listed in the switch table and the switch is configured to block packets having addresses that are not in the switch table;
wherein the switch is configured to be the authenticator for the access point and is configured to authenticate the access point with the authentication server and establish a secure communication session with the access point;
wherein the access point is configured to be the authenticator for a wireless client having an address, the access point communicates with the authentication server using the secure communication session established with the switch;
wherein the access point is configured to send a message to the switch via the secure communication session, the message comprising data indicating the wireless client is authenticated, responsive to successfully authenticating the wireless client with the authentication server;
wherein the switch is responsive to receiving the message from the access point indicating the wireless client is authenticated to add an address for the wireless client into the switch tablewherein the access point is configured to forward all communications received from the authenticated wireless client to the switch responsive to the wireless client successfully authenticating with the authentication server; and
wherein the switch is configured to forward all communications received from the wireless client via the access point onto the network after adding the address for the wireless client into the switch table.
1 Assignment
0 Petitions
Accused Products
Abstract
Architecture for providing access to an IEEE 802.1x network. A trust relationship is created between a switch of the network and an access point of the network such that the access point is authorized to communicate over the network. The trust relationship is then extended from the access point to a wireless client requesting connection to the network such that access to the network by said wireless client is authorized.
89 Citations
16 Claims
-
1. A system, comprising:
-
an authentication server disposed on a network; a switch coupled to the network and communicatively coupled to the authentication server via the network, the switch comprises a switch table containing a list of allowed addresses; and an access point communicatively coupled to the switch; wherein the switch is configured to allow packets having addresses listed in the switch table and the switch is configured to block packets having addresses that are not in the switch table; wherein the switch is configured to be the authenticator for the access point and is configured to authenticate the access point with the authentication server and establish a secure communication session with the access point; wherein the access point is configured to be the authenticator for a wireless client having an address, the access point communicates with the authentication server using the secure communication session established with the switch; wherein the access point is configured to send a message to the switch via the secure communication session, the message comprising data indicating the wireless client is authenticated, responsive to successfully authenticating the wireless client with the authentication server; wherein the switch is responsive to receiving the message from the access point indicating the wireless client is authenticated to add an address for the wireless client into the switch table wherein the access point is configured to forward all communications received from the authenticated wireless client to the switch responsive to the wireless client successfully authenticating with the authentication server; and wherein the switch is configured to forward all communications received from the wireless client via the access point onto the network after adding the address for the wireless client into the switch table. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a wireless switch configured to be in data communication with a network having an authentication server disposed thereon and the switch is configured to be in data communication with an access point; and a switch table coupled to the switch, the switch table containing a list of authorized addresses; wherein the switch is configured to verify an address of a packet received from the access point with the switch table; wherein the switch is configured to forward packets from the access point onto the network responsive to the verifying the address of the packet is in the switch table; wherein the switch is configured to block packets from the access point from reaching the network responsive to determining the address of the packet is not in the switch table; wherein the switch is configured to authenticate the access point with the authentication server and to store the address of the access point in the switch table responsive to successfully authenticating the access point; wherein the switch is configured to allow authentication packets between the access point and the authentication server on the network for a wireless client having an address attempting to associate with the access point after the switch has added the address of the access point to the switch table; wherein the switch is configured to add the address of the wireless client to the switch table responsive to receiving a message from the access point that the wireless client is authenticated after the switch has authenticated the access point; and wherein the switch is configured to allow packets from the wireless client to pass onto the network after adding the address of the wireless client to the switch table. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method, comprising:
-
configuring a switch disposed between an access point having an address and a network with a table of allowed addresses to allow a packet having an address received from the access point onto the network responsive to the address of the packet matching an address in the table of allowed addresses; configuring the switch to block a packet having an address received from the access point responsive to the address of the packet not matching an address in the table of allowed addresses; receiving a communication from an access point having an address; authenticating the access point with an authentication server, whereupon a successful authentication, the access point is an authenticated access point; adding the address of the authenticated access point to a table of authorized users; forwarding authentication packets from the authenticated access point onto the network; adding the address of a wireless client to the table of authorized users responsive to receiving a message from the authenticated access point that the wireless client is an authenticated wireless client; and forwarding packets received from the wireless client onto the wireless network after the wireless client is added to the table of authorized users. - View Dependent Claims (14, 15, 16)
-
Specification