Method and system for auto discovery of authenticator for network login

US 7,568,107 B1
Filed: 08/20/2003
Issued: 07/28/2009
Est. Priority Date: 08/20/2003
Status: Active Grant

First Claim

Patent Images

1. A method of autodiscovery of an authenticator and packet forwarding device for network login, the method comprising:

receiving a connection request from an unauthorized user device at the packet forwarding device, the unauthorized user device requesting access to a network interfaced to the packet forwarding device;

blocking all packets received from the unauthorized user device at the packet forwarding device from accessing the network;

intercepting and redirecting a network login page of a user request to access the network by an authenticator discovery controller and returning the packet forwarding device'"'"'s IP address;

assigning a temporary layer-3 address or a static layer-2 address to the unauthorized user device to gain access to the authenticator discovery controller, the network login controller, and user interface on the packet-forwarding device;

proceeding with the network login authentication and authorization using the network login controller upon receiving the packet forwarding device'"'"'s IP address from the authenticator discovery controller and using the temporary layer-3 address or the static layer-2 address assigned to the user device;

accessing the network login controller user interface and entering a user identification data;

determining whether the user identification data is authentic by the authentication server;

if the user has been denied permission to access the network by the authentication server;

the network login controller blocks the port to which the user is connected and leaves the port in an unauthorized state and the packet forwarding device in a non-forwarding mode;

if the user has been granted permission to access the network by the authentication server;

the network login controller unblocks the port to which the user connected by placing the port of the packet forwarding device into an authorized state and assigning the port to a permanent VLAN, andreplaces the temporary layer-3 address assigned to the user device with a permanent layer-3 address; and

resetting the port back into an unauthorized state and blocking the port, wherein the resetting is performed when at least one of the following occurs;

when a user successfully logs off the packet forwarding device,when a connection from the user to the port is disconnected,when no activity from the user occurs on the port for a duration of time, andwhen an administrator forces the port to change its state.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for auto discovery of authenticator for network login is described. The system includes an authenticator discovery controller of a packet forwarding device that helps a user discover the IP address of the packet forwarding device and directs the user to a network login page. The method includes intercepting a request for a web page from a user who is connected to a packet forwarding device that prevents the user from accessing a network, directing the user to a network login page, authenticating the user, and allowing the user to access the network when the user is authenticated.

Citations

14 Claims

1. A method of autodiscovery of an authenticator and packet forwarding device for network login, the method comprising:
- receiving a connection request from an unauthorized user device at the packet forwarding device, the unauthorized user device requesting access to a network interfaced to the packet forwarding device;
  
  blocking all packets received from the unauthorized user device at the packet forwarding device from accessing the network;
  
  intercepting and redirecting a network login page of a user request to access the network by an authenticator discovery controller and returning the packet forwarding device'"'"'s IP address;
  
  assigning a temporary layer-3 address or a static layer-2 address to the unauthorized user device to gain access to the authenticator discovery controller, the network login controller, and user interface on the packet-forwarding device;
  
  proceeding with the network login authentication and authorization using the network login controller upon receiving the packet forwarding device'"'"'s IP address from the authenticator discovery controller and using the temporary layer-3 address or the static layer-2 address assigned to the user device;
  
  accessing the network login controller user interface and entering a user identification data;
  
  determining whether the user identification data is authentic by the authentication server;
  
  if the user has been denied permission to access the network by the authentication server;
  
  the network login controller blocks the port to which the user is connected and leaves the port in an unauthorized state and the packet forwarding device in a non-forwarding mode;
  
  if the user has been granted permission to access the network by the authentication server;
  
  the network login controller unblocks the port to which the user connected by placing the port of the packet forwarding device into an authorized state and assigning the port to a permanent VLAN, andreplaces the temporary layer-3 address assigned to the user device with a permanent layer-3 address; and
  
  resetting the port back into an unauthorized state and blocking the port, wherein the resetting is performed when at least one of the following occurs;
  
  when a user successfully logs off the packet forwarding device,when a connection from the user to the port is disconnected,when no activity from the user occurs on the port for a duration of time, andwhen an administrator forces the port to change its state.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein intercepting and redirecting the network login page comprises:
    - intercepting the user request to access the network and redirecting to a web page comprising the network login page.
  - 3. The method of claim 1, wherein the user has been granted permission to access the network by the authentication server comprises the authentication server authenticating the user based on at least a user name and a password received from the unauthorized computing device.
  - 4. The method of claim 1, wherein accessing the network login controller user interface and entering the user identification data comprises the authenticator directing the unauthorized computing device to a Uniform Resource Locator (URL) address through which to access the user interface at a network login page.
  - 5. The method of claim 1, wherein determining whether the user identification data is authentic by the authentication server comprises:
    - sending the user identification data to the authentication server; and
      
      receiving an indication from the authentication server that the user identification data is authentic and that the user associated with the user identification data is authorized to access the network.
  - 6. The method of claim 5, wherein sending the user identification data to the authentication server comprises:
    - creating a packet comprising the user identification data in accordance with a Remote Authentication Dial-In User Service (RADIUS) communications protocol; and
      
      forwarding the packet to a RADIUS server for authentication.
  - 7. The method of claim 1, wherein the authenticator and packet forwarding device comprises a network switching device located at an edge of the network to provide packet-forwarding services into the network.

8. A computer-readable storage medium having instructions stored thereon that, when executed by a processor in an authenticator and packet forwarding device, the instructions cause the processor to perform an autodiscovery method comprising:
- receiving a connection request from an unauthorized user device at the packet forwarding device, the unauthorized user device requesting access to a network interfaced to the packet forwarding device;
  
  blocking all packets received from the unauthorized user device at the packet forwarding device from accessing the network;
  
  intercepting and redirecting a network login page of a user request to access the network by an authenticator discovery controller and returning the packet forwarding device'"'"'s IP address;
  
  assigning a temporary layer-3 address or a static layer-2 address to the unauthorized user device to gain access to the authenticator discovery controller, the network login controller, and user interface on the packet-forwarding device;
  
  proceeding with the network login authentication and authorization using the network login controller upon receiving the packet forwarding device'"'"'s IP address from the authenticator discovery controller and using the temporary layer-3 address or the static layer-2 address assigned to the user device;
  
  accessing the network login controller user interface and entering a user identification data;
  
  determining whether the user identification data is authentic by the authentication server;
  
  if the user has been denied permission to access the network by the authentication server;
  
  the network login controller blocks the port to which the user is connected and leaves the port in an unauthorized state and the packet forwarding device in a non-forwarding mode;
  
  if the user has been granted permission to access the network by the authentication server;
  
  the network login controller unblocks the port to which the user connected by placing the port of the packet forwarding device into an authorized state and assigning the port to a permanent VLAN, andreplaces the temporary layer-3 address assigned to the user device with a permanent layer-3 address; and
  
  resetting the port back into an unauthorized state and blocking the port, wherein the resetting is performed when at least one of the following occurs;
  
  when a user successfully logs off the packet forwarding device,when a connection from the user to the port is disconnected,when no activity from the user occurs on the port for a duration of time, andwhen an administrator forces the port to change its state.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage medium of claim 8, wherein intercepting and redirecting the network login page comprises:
    - intercepting the user request to access the network and redirecting to a web page comprising the network login page.
  - 10. The computer-readable storage medium of claim 8, wherein the user has been granted permission to access the network by the authentication server comprises the authentication server authenticating the user based on at least a user name and a password received from the unauthorized computing device.
  - 11. The computer-readable storage medium of claim 8, wherein accessing the network login controller user interface and entering the user identification data comprises the authenticator directing the unauthorized computing device to a Uniform Resource Locator (URL) address through which to access the user interface at a network login page.
  - 12. The computer-readable storage medium of claim 8, wherein determining whether the user identification data is authentic by the authentication server comprises:
    - sending the user identification data to the authentication server; and
      
      receiving an indication from the authentication server that the user identification data is authentic and that the user associated with the user identification data is authorized to access the network.
  - 13. The computer-readable storage medium of claim 12, wherein sending the user identification data to the authentication server comprises:
    - creating a packet comprising the user identification data in accordance with a Remote Authentication Dial-In User Service (RADIUS) communications protocol; and
      
      forwarding the packet to a RADIUS server for authentication.
  - 14. The computer-readable storage medium of claim 8, wherein the authenticator and packet forwarding device comprises a network switching device located at an edge of the network to provide packet-forwarding services into the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Extreme Networks, Inc.
Inventors
Rathi, Manish, Sharma, Rajesh
Primary Examiner(s)
Moise, Emmanuel L
Assistant Examiner(s)
GERGISO, TECHANE

Application Number

US10/645,459
Time in Patent Office

2,169 Days
Field of Search

713/182, 726/26, 725/31
US Class Current

713/182
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/4645   Details on frame tagging ro...

H04L 12/467   Arrangements for supporting...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1441   Countermeasures against mal...

Method and system for auto discovery of authenticator for network login

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for auto discovery of authenticator for network login

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links