| 发明名称 |
Method and apparatus for network login authorization |
| 摘要 |
A method and apparatus is provided to control the admission of a user to a network by preventing a port through which the user connects to the network from forwarding data packets until the user is authorized. A network login controller operates in conjunction with a user interface to receive a user identification data from the port user. The network login controller further operates in conjunction with an authorization server to authenticate the user by sending a user authentication request containing the user identification data to the authentication server. The network login controller grants or denies permission to the user to access the network based on the user authentication response from the authentication server. If permission is granted, then the network login controller unblocks the port through which the user is connected to place it in packet-forwarding mode. If permission is denied, then the port remains in packet non-forwarding mode (i.e. it remains blocked). |
| 申请公布号 |
US8751647(B1) |
申请公布日期 |
2014.06.10 |
| 申请号 |
US20010895144 |
申请日期 |
2001.06.30 |
| 申请人 |
Extreme Networks |
发明人 |
Yip Michael;Bagchi Indranil;Bunker Brian;Polo Michael |
| 分类号 |
G06F15/16;G06F15/173;H04L12/46;H04L29/12 |
主分类号 |
G06F15/16 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
blocking a port on a packet forwarding device to prevent a user connected to the port from sending and receiving data packets, the port belonging to a plurality of virtual local area networks (VLANs), wherein blocking comprises setting a port state of the port on the packet forwarding device to unauthorized for one or more of the plurality of VLANs to which it belongs; generating an authentication Internet Protocol (IP) address capable of being used to authenticate the user connected to the blocked port from an endstation belonging to one of the plurality of VLANs for which the port is blocked; authenticating the user connected to the port via the authentication IP address assigned to the user by an authentication server; and in response to successfully authenticating the user, unblocking the port to enable the user to send and receive data packets, wherein unblocking comprises setting the port state of the port on the packet forwarding device to authorized for the VLAN to which the endstation belongs.
|
| 地址 |
San Jose CA US |
