Authentication and authorization in network layer two and network layer three

摘要

A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.

主权项

1. A method comprising:
receiving, by a first device, identification information of a user of a second device that is different than the first device; providing, by the first device and to the second device, layer 2 access in a network when the second device is authenticated over layer 2 based on the identification information; determining, by the first device and based on the identification information, one or more resources, in the network, that the user is authorized to access; sending to the second device and when the second device is authenticated:
a network address of the first device,first information that is based on the determined one or more resources, andsecond information that is used by the second device to verify an identity of the first device; receiving, by the first device and from the second device, a request to verify the identity of the first device after sending the second information to the second device,
the request to verify the identity of the first device being sent by the second device using the network address of the first device; providing, by the first device and to the second device, the second information to verify the identity of the first device, after receiving the request to verify the identity of the first device; receiving, by the first device and from the second device, third information after providing the second information to verify the identity of the first device; and providing, by the first device and to the second device, layer 3 access in the network, when the third information corresponds to the first information.