AUTHENTICATION SURVIVABILITY FOR ASSIGNING ROLE AND VLAN BASED ON CACHED RADIUS ATTRIBUTES

摘要

A system and method is described that allows the assignment of roles and/or VLANs to an authenticated client device even when an external remote authentication dial in user service (RADIUS) server is inaccessible. In particular, using RADIUS key-reply attributes stored locally after a previous successful authentication using the external RADIUS server, an internal RADIUS server may perform authentication and pass the stored RADIUS key-reply attributes to an authentication module for assignment of a role and/or VLAN to the client device. Accordingly, roles and/or VLANs may be assigned to enforce access privileges of the client device even when an external RADIUS server is inaccessible.

主权项

1. A method for authenticating a client device in a network system, comprising:
determining, by a network controller within a local network of the network system, whether an external remote authentication dial in user service (RADIUS) server, located outside the local network, is accessible; and in response to determining that the external RADIUS server is inaccessible, an internal RADIUS server of the network controller:
attempting to authenticate the client device within the local network based on credentials of the client device, andin response to successfully authenticating the client device, attempting to locate RADIUS attributes stored locally within the local network; and in response to locating the locally stored RADIUS attributes, an authentication module of the network controller assigning a role or virtual local area network (VLAN) to the client device based on the locally stored RADIUS attributes.