摘要 |
A Distributed Subscriber Management system is disclosed which controls acces s to a network preventing unauthorized traffic through the access network and providing centralized access control between User Networks. The system in accordance with the invention provides controlled access through the use of one of several technologies including user authentication, using PAP, CHAP, RADIUS, TACACS+, or other standard authentication means. The preferred system allows setup maintenance , and tear- down of the user connection and allows users to choose their destination as opposed to tying a user to a single destination. The system also preferably provides fo r the administration of the assignment and release of network addresses. The invention also provides a Distributed Subscriber Management (DSM) method for performing use r authentication for an external network at an access control node, which external network is connected to the access control node by means of an Access Network while the access control node is connected to a plurality of User Networks. The method includ es the steps of receiving a connection request from a user located on one of the User Networks; interrogating the user for userid and password information; encrypting the userid and password information; transmitting the encrypted information, via the Access network, to an authentication server attached to one of a plurality of external networks ; decrypting the information at the authentication server; and transmitting an authentication message from the authentication server of the external network to the access control node via the Access Network. The preferred method includes the additional step of challenging al l data leaving the access control node. The authentication server of the external network normally employs one of Radius, PAP, CHAP, and TACACS or TACACS+.
|