Method and system for auto discovery of authenticator for network login
First Claim
Patent Images
1. A method of autodiscovery of an authenticator and packet forwarding device for network login, the method comprising:
- receiving a connection request from an unauthorized user device at the packet forwarding device, the unauthorized user device requesting access to a network interfaced to the packet forwarding device;
blocking all packets received from the unauthorized user device at the packet forwarding device from accessing the network;
intercepting and redirecting a network login page of a user request to access the network by an authenticator discovery controller and returning the packet forwarding device'"'"'s IP address;
assigning a temporary layer-3 address or a static layer-2 address to the unauthorized user device to gain access to the authenticator discovery controller, the network login controller, and user interface on the packet-forwarding device;
proceeding with the network login authentication and authorization using the network login controller upon receiving the packet forwarding device'"'"'s IP address from the authenticator discovery controller and using the temporary layer-3 address or the static layer-2 address assigned to the user device;
accessing the network login controller user interface and entering a user identification data;
determining whether the user identification data is authentic by the authentication server;
if the user has been denied permission to access the network by the authentication server;
the network login controller blocks the port to which the user is connected and leaves the port in an unauthorized state and the packet forwarding device in a non-forwarding mode;
if the user has been granted permission to access the network by the authentication server;
the network login controller unblocks the port to which the user connected by placing the port of the packet forwarding device into an authorized state and assigning the port to a permanent VLAN, andreplaces the temporary layer-3 address assigned to the user device with a permanent layer-3 address; and
resetting the port back into an unauthorized state and blocking the port, wherein the resetting is performed when at least one of the following occurs;
when a user successfully logs off the packet forwarding device,when a connection from the user to the port is disconnected,when no activity from the user occurs on the port for a duration of time, andwhen an administrator forces the port to change its state.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and system for auto discovery of authenticator for network login is described. The system includes an authenticator discovery controller of a packet forwarding device that helps a user discover the IP address of the packet forwarding device and directs the user to a network login page. The method includes intercepting a request for a web page from a user who is connected to a packet forwarding device that prevents the user from accessing a network, directing the user to a network login page, authenticating the user, and allowing the user to access the network when the user is authenticated.
-
Citations
14 Claims
-
1. A method of autodiscovery of an authenticator and packet forwarding device for network login, the method comprising:
-
receiving a connection request from an unauthorized user device at the packet forwarding device, the unauthorized user device requesting access to a network interfaced to the packet forwarding device; blocking all packets received from the unauthorized user device at the packet forwarding device from accessing the network; intercepting and redirecting a network login page of a user request to access the network by an authenticator discovery controller and returning the packet forwarding device'"'"'s IP address; assigning a temporary layer-3 address or a static layer-2 address to the unauthorized user device to gain access to the authenticator discovery controller, the network login controller, and user interface on the packet-forwarding device; proceeding with the network login authentication and authorization using the network login controller upon receiving the packet forwarding device'"'"'s IP address from the authenticator discovery controller and using the temporary layer-3 address or the static layer-2 address assigned to the user device; accessing the network login controller user interface and entering a user identification data; determining whether the user identification data is authentic by the authentication server; if the user has been denied permission to access the network by the authentication server; the network login controller blocks the port to which the user is connected and leaves the port in an unauthorized state and the packet forwarding device in a non-forwarding mode; if the user has been granted permission to access the network by the authentication server; the network login controller unblocks the port to which the user connected by placing the port of the packet forwarding device into an authorized state and assigning the port to a permanent VLAN, and replaces the temporary layer-3 address assigned to the user device with a permanent layer-3 address; and resetting the port back into an unauthorized state and blocking the port, wherein the resetting is performed when at least one of the following occurs; when a user successfully logs off the packet forwarding device, when a connection from the user to the port is disconnected, when no activity from the user occurs on the port for a duration of time, and when an administrator forces the port to change its state. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable storage medium having instructions stored thereon that, when executed by a processor in an authenticator and packet forwarding device, the instructions cause the processor to perform an autodiscovery method comprising:
-
receiving a connection request from an unauthorized user device at the packet forwarding device, the unauthorized user device requesting access to a network interfaced to the packet forwarding device; blocking all packets received from the unauthorized user device at the packet forwarding device from accessing the network; intercepting and redirecting a network login page of a user request to access the network by an authenticator discovery controller and returning the packet forwarding device'"'"'s IP address; assigning a temporary layer-3 address or a static layer-2 address to the unauthorized user device to gain access to the authenticator discovery controller, the network login controller, and user interface on the packet-forwarding device; proceeding with the network login authentication and authorization using the network login controller upon receiving the packet forwarding device'"'"'s IP address from the authenticator discovery controller and using the temporary layer-3 address or the static layer-2 address assigned to the user device; accessing the network login controller user interface and entering a user identification data; determining whether the user identification data is authentic by the authentication server; if the user has been denied permission to access the network by the authentication server; the network login controller blocks the port to which the user is connected and leaves the port in an unauthorized state and the packet forwarding device in a non-forwarding mode; if the user has been granted permission to access the network by the authentication server; the network login controller unblocks the port to which the user connected by placing the port of the packet forwarding device into an authorized state and assigning the port to a permanent VLAN, and replaces the temporary layer-3 address assigned to the user device with a permanent layer-3 address; and resetting the port back into an unauthorized state and blocking the port, wherein the resetting is performed when at least one of the following occurs; when a user successfully logs off the packet forwarding device, when a connection from the user to the port is disconnected, when no activity from the user occurs on the port for a duration of time, and when an administrator forces the port to change its state. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification