System and method for flexible network access control policies in a network environment

摘要

An example method includes capturing session attributes associated with a communication session initiated by a node in a network environment, querying external attributes associated with the node, deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes, and applying the response attribute to the communication session. The session attributes can include remote authentication dial in user service RADIUS vendor specific attribute information from an unknown vendor. The method may further include auditing the communication session, enforcing the response attribute, or ignoring the access control policy. Enforcing the response attribute can include taking an access control action according to the response attribute. The access control action may include allowing the node to access a virtual local area network in the network environment, denying access to the network environment, etc.

主权项

1. A method comprising:
capturing session attributes associated with a session, wherein the session is initiated by a first node in an attempt to access a second node in a network environment; querying external attributes associated with the first node and the second node; deriving a response attribute according to an access control policy rule based on at least one of the session attributes and at least one of the external attributes that are included in a policy attribute group for the access control policy rule, wherein the policy attribute group includes one or more classes of attributes used to define the access control policy rule; and applying the response attribute to the session.