Method and apparatus for assigning network addresses based on connection authentication
First Claim
1. A method of assigning a network address to a host based on authentication for a physical connection between the host and an intermediate device, the method comprising the computer-implemented steps of:
- receiving, at a router hosting an authenticator process for the host, from a first server that provides authentication and authorization, in response to a request for authentication for the physical connection, first data indicating at least some of authentication and authorization information;
receiving, at a DHCP relay agent process of the router, from the host, a DHCP discovery message for discovering a logical network address for the host;
generating at the DHCP relay agent process a second message that comprises the DHCP discovery message and the first data; and
sending the second message from the DHCP relay agent process to a DHCP server that provides the logical network address for the host;
wherein generating the second message further comprises sending a third message, from the authenticator process to the relay agent process, that contains at least some of the authentication and authorization information based on the first data.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for assigning a network address to a host are based on authentication for a connection between the host and an intermediate device. One approach involves receiving first data at the intermediate device from an authentication and authorization server in response to a request for authentication for the connection. The first data indicates at least some of authentication and authorization information. A configuration request message from the host is also received at the intermediate device. A second message is generated based on the configuration request message and the first data and is sent to a configuration server that provides the logical network address for the host. The configuration server provides the logical network address based on authorization and authentication information. The logical network address is thus based on the user, e.g., to limit access by the user to the Internet and other services.
-
Citations
27 Claims
-
1. A method of assigning a network address to a host based on authentication for a physical connection between the host and an intermediate device, the method comprising the computer-implemented steps of:
-
receiving, at a router hosting an authenticator process for the host, from a first server that provides authentication and authorization, in response to a request for authentication for the physical connection, first data indicating at least some of authentication and authorization information; receiving, at a DHCP relay agent process of the router, from the host, a DHCP discovery message for discovering a logical network address for the host; generating at the DHCP relay agent process a second message that comprises the DHCP discovery message and the first data; and sending the second message from the DHCP relay agent process to a DHCP server that provides the logical network address for the host; wherein generating the second message further comprises sending a third message, from the authenticator process to the relay agent process, that contains at least some of the authentication and authorization information based on the first data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for assigning a network address to a host based on authentication for a physical connection between the host and an intermediate device, comprising:
-
means for receiving, at a router hosting an authenticator process for the host, from a first server that provides authentication and authorization, in response to a request for authentication for the physical connection, first data indicating at least some of authentication and authorization information; means for receiving, at a DHCP relay agent process of the router, from the host, a DHCP discovery message for discovering a logical network address for the host; means for generating at the DHCP relay agent process a second message that comprises the DHCP discovery message and the first data; and means for sending the second message from the DHCP relay agent process to a DHCP server that provides the logical network address for the host; wherein generating the second message further comprises sending a third message, from the authenticator process to the relay agent process, that contains at least some of the authentication and authorization information based on the first data. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. An apparatus for assigning a network address to a host based on authentication for a physical connection between the host and an intermediate device, comprising:
-
a network interface that is coupled to a data network for receiving one or more packet flows therefrom; a physical connection that is coupled to the host; a processor; one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; receiving, at an authenticator process for the host, through the network interface from a first server that provides authentication and authorization, in response to a request for authentication for the physical connection, first data indicating at least some of authentication and authorization information; receiving, at a DHCP relay agent process, through the physical connection from the host, a DHCP discovery message for discovering a logical network address for the host; generating at the DHCP relay agent process a second message that comprises the DHCP discovery message and the first data; and sending through the network interface the second message from the DHCP relay agent process to a DHCP server that provides the logical network address for the host; wherein generating the second message further comprises sending a third message, from the authenticator process to the relay agent process, that contains at least some of the authentication and authorization information based on the first data. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A computer-readable storage medium carrying one or more sequences of instructions for assigning a network address to a host based on authentication for a physical connection between the host and an intermediate device, wherein the computer-readable storage medium is one of a volatile medium or non-volatile medium, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
receiving, at a router hosting an authenticator process for the host, from a first server that provides authentication and authorization, in response to a request for authentication for the physical connection, first data indicating at least some of authentication and authorization information; receiving, at a DHCP relay agent process of the router, from the host, a DHCP discovery message for discovering a logical network address for the host; generating at the DHCP relay agent process a second message that comprises the DHCP discovery message and the first data; and sending the second message from the DHCP relay agent process to a DHCP server that provides the logical network address for the host; wherein generating the second message further comprises sending a third message, from the authenticator process to the relay agent process, that contains at least some of the authentication and authorization information based on the first data. - View Dependent Claims (23, 24, 25, 26, 27)
-
Specification