Local authentication of a client at a network device

Assignee

• Cisco Technology, Inc. · US

Inventors

• Tzong-Fen Fuh · Fremont, US
• Serene H. Fan · Palo Alto, US
• Diheng Qu · Palo Alto, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/10
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method and apparatus that provide network access control are disclosed. In one embodiment, a network device is configured to intercept network traffic initiated from a client and directed toward a network resource, and to locally authenticate the client. Authentication is carried out by comparing information identifying the client to authentication information stored in the network device. In one embodiment, an authentication cache in the network device stores the authentication information. If the client identifying information is authenticated successfully against the stored authentication information, the network device is dynamically re-configured to allow network traffic initiated by the client to reach the network resource. If local authentication fails, new stored authentication is created for the client, and the network device attempts to authenticate the client using a remote authentication server. If remote authentication is successful, the local authentication information is updated so that subsequent requests can authenticate locally. As a result, a client may be authenticated locally at a router or similar device, reducing network traffic to the authentication server…