The present invention relates to point-based network access control. More particularly, it relates to authentication and authorization of a device attached to a local area network (LAN) via an access control port in order to provide such network access.
A LAN may be set up to allow an unauthorized device to attach to the LAN infrastructure or an unauthorized user to attempt to access the LAN through a device that is attached to the LAN. For example, a business corporation may allow an outside visitor to connect to the corporation LAN. When an unauthorized user or device is allowed to attempt LAN connectivity, access may be restricted so that only particular authorized users and/or devices may utilize particular services offered by the LAN. That is, some form of network access control is typically implemented when providing LAN connectivity for unauthorized users and devices.
The 802.1X protocol describes a mechanism for providing network access control, and this protocol is described in “DRAFT Standard for Local and Metropolitan Area Networks—Port Based Access Control (Revision), IEEE P802.1X-REV/D11, Jul. 22, 2004, which document is incorporated herein by reference in its entirety. The 802.1X protocol describes a port-based network access control that makes use of the physical access characteristics of IEEE 802 Local Area Networks (LAN) infrastructures in order to provide a way of authenticating and authorizing a device attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in cases in which the authentication and authorization process fails. The 802.1X protocol currently assumes a single device is plugged into a port and, thereby, only supports one supplicant per port.