公开(公告)号：US08677478B2

公开(公告)日：2014-03-18

申请号：US11083434

申请日：2005-03-17

申请人： Susan M. Sauter ,  Jason D. Frazier ,  Ian Foo ,  Gregory A. Moore ,  Troy H. Sherman

发明人： Susan M. Sauter ,  Jason D. Frazier ,  Ian Foo ,  Gregory A. Moore ,  Troy H. Sherman

IPC分类号： G06F11/00

CPC分类号： H04L63/08

摘要： According to one embodiment, a method for removing authentication of a supplicant includes monitoring communication between the supplicant and an authenticator. The method also includes determining, based on the monitored communication, the MAC address for the supplicant and an attachment port of the supplicant to the intermediate network device disposed between the supplicant and the authenticator through which the monitored communication occurs. The method also includes determining that the supplicant no longer has a link connection with the intermediate network device, and in response, sending via the intermediate network device a logoff message having a spoofed source address of the supplicant to the authenticator.

摘要翻译： 根据一个实施例，一种用于去除请求方的认证的方法包括监视请求方与认证者之间的通信。 该方法还包括基于所监视的通信，将被请求者的MAC地址和请求者的附加端口确定到被设置在请求方与认证者之间的中间网络设备，通过该认证方发送被监控的通信。 该方法还包括确定请求者不再具有与中间网络设备的链路连接，并且作为响应，通过中间网络设备向认证者发送具有请求者的欺骗源地址的注销消息。

公开(公告)号：US07539189B2

公开(公告)日：2009-05-26

申请号：US11582786

申请日：2006-10-17

申请人： Susan M. Sauter ,  Jason D. Frazier ,  Cynthia D. Melter ,  Gregory Alan Moore ,  Ian Foo

发明人： Susan M. Sauter ,  Jason D. Frazier ,  Cynthia D. Melter ,  Gregory Alan Moore ,  Ian Foo

IPC分类号： H04L12/28

CPC分类号： H04L63/0272 ,  H04L63/10

摘要： Disclosed are apparatus and methods for authenticating a device to access a network through an access control port. In one embodiment, one or more first authentication packets for authenticating a first device or user to access a first network domain via a particular access port of a network device are received, for example, by an access control port. The particular access port is configured to control access for packets attempting to ingress into one or more network domains. When the first device or user is authorized to access the first domain, a first binding between the first device and the first domain is formed. The first binding specifies that the first device is allowed to access the first domain and the first binding is associated with the particular access port of the network device. When a packet is received that is attempting to ingress into the first domain and the ingressing packet matches the first binding, the ingressing packet is allowed to access the first domain. In contrast, when a packet is received that is attempting to ingress into the first domain and the ingressing packet does not match the first binding, the ingressing packet is blocked from accessing the first domain.

摘要翻译： 公开了用于认证通过访问控制端口访问网络的设备的装置和方法。 在一个实施例中，例如通过访问控制端口接收用于通过网络设备的特定接入端口认证第一设备或用户访问第一网络域的一个或多个第一认证分组。 特定的访问端口被配置为控制尝试进入一个或多个网络域的分组的访问。 当第一设备或用户被授权访问第一域时，形成第一设备和第一域之间的第一绑定。 第一个绑定指定允许第一个设备访问第一个域，而第一个绑定与网络设备的特定访问端口相关联。 当接收到尝试进入第一域并且入口分组与第一绑定匹配的分组时，允许入口分组访问第一个域。 相反，当接收到尝试进入第一域并且入口分组与第一绑定不匹配的分组时，入口分组被阻止访问第一域。

公开(公告)号：US20080034407A1

公开(公告)日：2008-02-07

申请号：US11582786

申请日：2006-10-17

申请人： Susan M. Sauter ,  Jason D. Frazier ,  Cynthia D. Melter ,  Gregory Alan Moore

发明人： Susan M. Sauter ,  Jason D. Frazier ,  Cynthia D. Melter ,  Gregory Alan Moore

IPC分类号： H04L9/32

CPC分类号： H04L63/0272 ,  H04L63/10

摘要： Disclosed are apparatus and methods for authenticating a device to access a network through an access control port. In one embodiment, one or more first authentication packets for authenticating a first device or user to access a first network domain via a particular access port of a network device are received, for example, by an access control port. The particular access port is configured to control access for packets attempting to ingress into one or more network domains. When the first device or user is authorized to access the first domain, a first binding between the first device and the first domain is formed. The first binding specifies that the first device is allowed to access the first domain and the first binding is associated with the particular access port of the network device. When a packet is received that is attempting to ingress into the first domain and the ingressing packet matches the first binding, the ingressing packet is allowed to access the first domain. In contrast, when a packet is received that is attempting to ingress into the first domain and the ingressing packet does not match the first binding, the ingressing packet is blocked from accessing the first domain.

摘要翻译： 公开了用于认证通过访问控制端口访问网络的设备的装置和方法。 在一个实施例中，例如通过访问控制端口接收用于通过网络设备的特定接入端口认证第一设备或用户访问第一网络域的一个或多个第一认证分组。 特定的访问端口被配置为控制尝试进入一个或多个网络域的分组的访问。 当第一设备或用户被授权访问第一域时，形成第一设备和第一域之间的第一绑定。 第一个绑定指定允许第一个设备访问第一个域，而第一个绑定与网络设备的特定访问端口相关联。 当接收到尝试进入第一域并且入口分组与第一绑定匹配的分组时，允许入口分组访问第一个域。 相反，当接收到尝试进入第一域并且入口分组与第一绑定不匹配的分组时，入口分组被阻止访问第一域。

公开(公告)号：US08108673B2

公开(公告)日：2012-01-31

申请号：US11119244

申请日：2005-04-29

申请人： Jason D. Frazier ,  Ramesh V N Ponnapalli ,  Shyam Kaluve ,  Rajasekhar Manam ,  Jacob F. Jensen

发明人： Jason D. Frazier ,  Ramesh V N Ponnapalli ,  Shyam Kaluve ,  Rajasekhar Manam ,  Jacob F. Jensen

IPC分类号： H04L9/32

CPC分类号： H04L41/0806 ,  H04L63/08

摘要： Configuring an interface of a switch includes sending an authentication request requesting authentication for an endpoint from a switch to an authentication server. The switch comprises interfaces and is operable to access templates, where a template is operable to generate one or more interface commands for an interface. An instruction is received from the authentication server. The instruction instructs the switch to apply an identified template to an interface, where the identified template is identified by the authentication server as associated with the endpoint. The identified template is applied to configure the interface according to the instruction.

摘要翻译： 配置交换机的接口包括从交换机向认证服务器发送请求端点认证的认证请求。 交换机包括接口并且可操作以访问模板，其中模板可操作以为接口生成一个或多个接口命令。 从认证服务器接收到指令。 该指令指示交换机将识别的模板应用于接口，其中识别的模板由认证服务器标识为与端点相关联。 应用指定的模板根据指令配置接口。