System and method for flexible network access control policies in a network environment
First Claim
1. A method comprising:
- capturing session attributes associated with a session, wherein the session is initiated by a first node in an attempt to access a second node in a network environment;
querying external attributes associated with the first node and the second node;
deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes that are included in a policy attribute group for the access control policy rule, wherein the policy attribute group includes one or more classes of attributes used to define the access control policy rule; and
applying the response attribute to the session.
10 Assignments
0 Petitions
Accused Products
Abstract
An example method includes capturing session attributes associated with a communication session initiated by a node in a network environment, querying external attributes associated with the node, deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes, and applying the response attribute to the communication session. The session attributes can include remote authentication dial in user service RADIUS vendor specific attribute information from an unknown vendor. The method may further include auditing the communication session, enforcing the response attribute, or ignoring the access control policy. Enforcing the response attribute can include taking an access control action according to the response attribute. The access control action may include allowing the node to access a virtual local area network in the network environment, denying access to the network environment, etc.
10 Citations
20 Claims
-
1. A method comprising:
-
capturing session attributes associated with a session, wherein the session is initiated by a first node in an attempt to access a second node in a network environment; querying external attributes associated with the first node and the second node; deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes that are included in a policy attribute group for the access control policy rule, wherein the policy attribute group includes one or more classes of attributes used to define the access control policy rule; and applying the response attribute to the session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a memory element configured to store instructions; and a processor that executes the instructions, such that the apparatus is configured for; capturing session attributes associated with a session, wherein the session is initiated by a first node in an attempt to access a second node in a network environment; querying external attributes associated with the first node and the second node; deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes that are included in a policy attribute group for the access control policy rule, wherein the policy attribute group includes one or more class of attributes used to define the access control policy rule; and applying the response attribute to the session. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
capturing session attributes associated with a session, wherein the session is initiated by a first node in an attempt to access a second node in a network environment; querying external attributes associated with the first node and the second node; deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes that are included in a policy attribute group for the access control policy rule, wherein the policy attribute group includes one or more classes of attributes used to define the access control policy rule; and applying the response attribute to the session. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification