Method and apparatus for network login authorization
First Claim
1. A method comprising:
- blocking a port on a packet forwarding device to prevent a user connected to the port from sending and receiving data packets, the port belonging to a plurality of virtual local area networks (VLANs), wherein blocking comprises setting a port state of the port on the packet forwarding device to unauthorized for one or more of the plurality of VLANs to which it belongs;
generating an authentication Internet Protocol (IP) address capable of being used to authenticate the user connected to the blocked port from an endstation belonging to one of the plurality of VLANs for which the port is blocked;
authenticating the user connected to the port via the authentication IP address assigned to the user by an authentication server; and
in response to successfully authenticating the user, unblocking the port to enable the user to send and receive data packets, wherein unblocking comprises setting the port state of the port on the packet forwarding device to authorized for the VLAN to which the endstation belongs.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus is provided to control the admission of a user to a network by preventing a port through which the user connects to the network from forwarding data packets until the user is authorized. A network login controller operates in conjunction with a user interface to receive a user identification data from the port user. The network login controller further operates in conjunction with an authorization server to authenticate the user by sending a user authentication request containing the user identification data to the authentication server. The network login controller grants or denies permission to the user to access the network based on the user authentication response from the authentication server. If permission is granted, then the network login controller unblocks the port through which the user is connected to place it in packet-forwarding mode. If permission is denied, then the port remains in packet non-forwarding mode (i.e. it remains blocked).
94 Citations
25 Claims
-
1. A method comprising:
-
blocking a port on a packet forwarding device to prevent a user connected to the port from sending and receiving data packets, the port belonging to a plurality of virtual local area networks (VLANs), wherein blocking comprises setting a port state of the port on the packet forwarding device to unauthorized for one or more of the plurality of VLANs to which it belongs; generating an authentication Internet Protocol (IP) address capable of being used to authenticate the user connected to the blocked port from an endstation belonging to one of the plurality of VLANs for which the port is blocked; authenticating the user connected to the port via the authentication IP address assigned to the user by an authentication server; and in response to successfully authenticating the user, unblocking the port to enable the user to send and receive data packets, wherein unblocking comprises setting the port state of the port on the packet forwarding device to authorized for the VLAN to which the endstation belongs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus comprising:
-
a packet forwarding device coupled to the edge of a network, the packet forwarding device having a blocked port that prevents a user connected to the port from an endstation belonging to one of a plurality of virtual local area networks (VLANs) for which the port is blocked from accessing the network, the blocked port having a port state on the packet forwarding device of unauthorized for any one or more of the plurality of VLANs for which the port is blocked; and a network login controller coupled to the packet forwarding device to unblock the port for the VLAN to which the endstation belongs when the user is authenticated so that the user can access the network, wherein the network login controller in conjunction with an address server provides the user an authentication Internet Protocol (IP) address with which to authenticate the user of the port before the user is authorized, and further wherein to unblock the port is to set the blocked port'"'"'s port state on the packet forwarding device to authorized for the VLAN to which the endstation belongs. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A network login authorization apparatus comprising:
-
a network device, coupled to the edge of a network, having a blocked port, the blocked port tagged as belonging to more than one virtual local area network (VLAN) and having a port state on the network device of unauthorized for each VLAN for which the port is blocked; a network authentication server coupled to the network device, wherein the network authentication server provides user configuration data to configure the blocked port with an authentication Internet Protocol (IP) address for use by the network login authorization apparatus in authorizing users; and a processor, coupled to the network device and the network authentication server, to perform instructions for unblocking the blocked port in response to a request through the authentication Internet Protocol (IP) address by a user connected to the blocked port from an endstation belonging to a VLAN for which the port is blocked to access the network, wherein the request is granted when a user identification entered by the user matches a corresponding user authentication data obtained from the network authentication server, and further wherein to perform instructions for unblocking the blocked port is to perform instructions for setting the blocked port'"'"'s port state on the network device, for the VLAN to which the endstation belongs, to authorized.
-
Specification