Browse Prior Art Database

An Authentication Server as the Policy Decision Point for Authentication Failures

IP.com Disclosure Number: IPCOM000146701D
Publication Date: 2007-Feb-19
Document File: 2 page(s) / 58K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method that modifies the authentication server to send a success message to the Network Access Server (NAS) after an authentication failure, with details about which network to connect the client to. Benefits include a solution that has all Policy Decision Points (PDPs) taken on a single service.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 61% of the total text.

An Authentication Server as the Policy Decision Point for Authentication Failures

Disclosed is a method that modifies the authentication server to send a success message to the Network Access Server (NAS) after an authentication failure, with details about which network to connect the client to. Benefits include a solution that has all Policy Decision Points (PDPs) taken on a single service.

Background

In 802.1x, clients attempt to connect to a network via a NAS. A NAS can be a LAN switch or a WLAN Access Point. The 802.1x facilitates the Extensible Authentication Protocol (EAP) over the Ethernet. The EAP enables the authenticating of the client when the port is still closed (i.e. no TCP/IP traffic is allowed between the client and the network, apart from authentication packets). The authentication server (AS)—also known as a “Radius server”—authenticates the client, and if the authentication is successful, the AS sends a success message to the NAS. The NAS then opens the port. If the authentication fails, the NAS sends a failure message to the AS. The protocol between the AS and the NAS is RADIUS (Remote Dial In User Service). The method to transfer the success/failure message from the AS to the NAS is an EAP-TLV (Type, Length, Variable) also known as AVP (Attribute Value Pair) with IETF RADIUS standard (RFC #2869, #3579) (see Figur...