Method and system for removing authentication of a supplicant
    1.
    发明授权
    Method and system for removing authentication of a supplicant 有权
    消除认证请求方的方法和系统

    公开(公告)号:US08677478B2

    公开(公告)日:2014-03-18

    申请号:US11083434

    申请日:2005-03-17

    IPC分类号: G06F11/00

    CPC分类号: H04L63/08

    摘要: According to one embodiment, a method for removing authentication of a supplicant includes monitoring communication between the supplicant and an authenticator. The method also includes determining, based on the monitored communication, the MAC address for the supplicant and an attachment port of the supplicant to the intermediate network device disposed between the supplicant and the authenticator through which the monitored communication occurs. The method also includes determining that the supplicant no longer has a link connection with the intermediate network device, and in response, sending via the intermediate network device a logoff message having a spoofed source address of the supplicant to the authenticator.

    摘要翻译: 根据一个实施例,一种用于去除请求方的认证的方法包括监视请求方与认证者之间的通信。 该方法还包括基于所监视的通信,将被请求者的MAC地址和请求者的附加端口确定到被设置在请求方与认证者之间的中间网络设备,通过该认证方发送被监控的通信。 该方法还包括确定请求者不再具有与中间网络设备的链路连接,并且作为响应,通过中间网络设备向认证者发送具有请求者的欺骗源地址的注销消息。

    Apparatus and methods for supporting 802.1X in daisy chained devices
    3.
    发明申请
    Apparatus and methods for supporting 802.1X in daisy chained devices 有权
    用于在菊花链式设备中支持802.1X的设备和方法

    公开(公告)号:US20080034407A1

    公开(公告)日:2008-02-07

    申请号:US11582786

    申请日:2006-10-17

    IPC分类号: H04L9/32

    CPC分类号: H04L63/0272 H04L63/10

    摘要: Disclosed are apparatus and methods for authenticating a device to access a network through an access control port. In one embodiment, one or more first authentication packets for authenticating a first device or user to access a first network domain via a particular access port of a network device are received, for example, by an access control port. The particular access port is configured to control access for packets attempting to ingress into one or more network domains. When the first device or user is authorized to access the first domain, a first binding between the first device and the first domain is formed. The first binding specifies that the first device is allowed to access the first domain and the first binding is associated with the particular access port of the network device. When a packet is received that is attempting to ingress into the first domain and the ingressing packet matches the first binding, the ingressing packet is allowed to access the first domain. In contrast, when a packet is received that is attempting to ingress into the first domain and the ingressing packet does not match the first binding, the ingressing packet is blocked from accessing the first domain.

    摘要翻译: 公开了用于认证通过访问控制端口访问网络的设备的装置和方法。 在一个实施例中,例如通过访问控制端口接收用于通过网络设备的特定接入端口认证第一设备或用户访问第一网络域的一个或多个第一认证分组。 特定的访问端口被配置为控制尝试进入一个或多个网络域的分组的访问。 当第一设备或用户被授权访问第一域时,形成第一设备和第一域之间的第一绑定。 第一个绑定指定允许第一个设备访问第一个域,而第一个绑定与网络设备的特定访问端口相关联。 当接收到尝试进入第一域并且入口分组与第一绑定匹配的分组时,允许入口分组访问第一个域。 相反,当接收到尝试进入第一域并且入口分组与第一绑定不匹配的分组时,入口分组被阻止访问第一域。

    Apparatus and methods for supporting 802.1X in daisy chained devices
    6.
    发明授权
    Apparatus and methods for supporting 802.1X in daisy chained devices 有权
    用于在菊花链式设备中支持802.1X的设备和方法

    公开(公告)号:US07539189B2

    公开(公告)日:2009-05-26

    申请号:US11582786

    申请日:2006-10-17

    IPC分类号: H04L12/28

    CPC分类号: H04L63/0272 H04L63/10

    摘要: Disclosed are apparatus and methods for authenticating a device to access a network through an access control port. In one embodiment, one or more first authentication packets for authenticating a first device or user to access a first network domain via a particular access port of a network device are received, for example, by an access control port. The particular access port is configured to control access for packets attempting to ingress into one or more network domains. When the first device or user is authorized to access the first domain, a first binding between the first device and the first domain is formed. The first binding specifies that the first device is allowed to access the first domain and the first binding is associated with the particular access port of the network device. When a packet is received that is attempting to ingress into the first domain and the ingressing packet matches the first binding, the ingressing packet is allowed to access the first domain. In contrast, when a packet is received that is attempting to ingress into the first domain and the ingressing packet does not match the first binding, the ingressing packet is blocked from accessing the first domain.

    摘要翻译: 公开了用于认证通过访问控制端口访问网络的设备的装置和方法。 在一个实施例中,例如通过访问控制端口接收用于通过网络设备的特定接入端口认证第一设备或用户访问第一网络域的一个或多个第一认证分组。 特定的访问端口被配置为控制尝试进入一个或多个网络域的分组的访问。 当第一设备或用户被授权访问第一域时,形成第一设备和第一域之间的第一绑定。 第一个绑定指定允许第一个设备访问第一个域,而第一个绑定与网络设备的特定访问端口相关联。 当接收到尝试进入第一域并且入口分组与第一绑定匹配的分组时,允许入口分组访问第一个域。 相反,当接收到尝试进入第一域并且入口分组与第一绑定不匹配的分组时,入口分组被阻止访问第一域。