公开(公告)号：US20140123213A1

公开(公告)日：2014-05-01

申请号：US13952245

申请日：2013-07-26

申请人： Alexandru Z. Vank ,  Xin Shen ,  Matt B. Cobb ,  Brad Robel-Forrest ,  Evan M. Phoenix

发明人： Alexandru Z. Vank ,  Xin Shen ,  Matt B. Cobb ,  Brad Robel-Forrest ,  Evan M. Phoenix

IPC分类号： H04L29/06

CPC分类号： H04L63/205 ,  H04L63/08 ,  H04L63/10 ,  H04L63/162 ,  H04L63/20

摘要： The invention enables a client device that does not support IEEE 802.1X authentication to access at least some resources provided through a switch that supports 802.1X authentication by using dynamic authentication with different protocols. When the client device attempts to join a network, the switch monitors for an 802.1X authentication message from the client device. In one embodiment, if the client fails to send an 802.1X authentication message, respond to an 802.1X request from the switch, or a predefined failure condition is detected the client may be deemed incapable of supporting 802.1X authentication. In one embodiment, the client may be initially placed on a quarantine VLAN after determination that the client fails to perform an 802.1X authentication within a backoff time limit. However, the client may still gain access to resources based on various non-802.1X authentication mechanisms, including name/passwords, digital certificates, or the like.

摘要翻译： 本发明使得不支持IEEE 802.1X认证的客户端设备通过使用不同协议的动态认证来访问通过支持802.1X认证的交换机提供的至少一些资源。 当客户端设备尝试加入网络时，交换机会监控来自客户端设备的802.1X认证消息。 在一个实施例中，如果客户端不能发送802.1X认证消息，则从交换机响应802.1X请求，或者检测到预定义的故障条件，则客户端可能被认为不能支持802.1X认证。 在一个实施例中，客户端可以在确定客户端在退避时间限制内未能执行802.1X认证之前被初始化为隔离VLAN。 然而，客户端仍然可以基于各种非802.1X认证机制（包括名称/密码，数字证书等）获得对资源的访问。