System and method for flexible network access control policies in a network environment
First Claim
1. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- configuring an access control policy for a network environment, wherein the access control policy includes one or more attributes and a level of access restriction;
setting an access control policy rule that implements the access control policy to an audit mode;
monitoring health of the network environment to determine whether the health of the network environment is appropriate based on the level of access restriction;
modifying the access control policy if the health of the network environment is inappropriate; and
setting the access control policy rule to an enforce mode if the health of the network environment is appropriate.
9 Assignments
0 Petitions
Accused Products
Abstract
An example method includes capturing session attributes associated with a communication session initiated by a node in a network environment, querying external attributes associated with the node, deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes, and applying the response attribute to the communication session. The session attributes can include remote authentication dial in user service RADIUS vendor specific attribute information from an unknown vendor. The method may further include auditing the communication session, enforcing the response attribute, or ignoring the access control policy. Enforcing the response attribute can include taking an access control action according to the response attribute. The access control action may include allowing the node to access a virtual local area network in the network environment, denying access to the network environment, etc.
-
Citations
20 Claims
-
1. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
configuring an access control policy for a network environment, wherein the access control policy includes one or more attributes and a level of access restriction; setting an access control policy rule that implements the access control policy to an audit mode; monitoring health of the network environment to determine whether the health of the network environment is appropriate based on the level of access restriction; modifying the access control policy if the health of the network environment is inappropriate; and setting the access control policy rule to an enforce mode if the health of the network environment is appropriate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus, comprising:
-
a memory element configured to store instructions; and a processor that executes the instructions, such that the apparatus is configured for; configuring an access control policy for a network environment, wherein the access control policy includes one or more attributes and a level of access restriction; setting an access control policy rule that implements the access control policy to an audit mode; monitoring health of the network environment to determine whether the health of the network environment is appropriate based on the level of access restriction; modifying the access control policy if the health of the network environment is inappropriate; and setting the access control policy rule to an enforce mode if the health of the network environment is appropriate. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
configuring an access control policy for a network environment, wherein the access control policy includes one or more attributes and a level of access restriction; setting an access control policy rule that implements the access control policy to an audit mode; monitoring health of the network environment to determine whether the health of the network environment is appropriate based on the level of access restriction; modifying the access control policy if the health of the network environment is inappropriate; and setting the access control policy rule to an enforce mode if the health of the network environment is appropriate. - View Dependent Claims (19, 20)
-
Specification