Network access devices, such as network switches and routers, typically include a plurality of communications ports by which user devices, such as wireless access points (WAPs), IP phones, and personal computers, physically connect to the network. In conventional network access devices, each port must be manually configured by a network administrator for each type of device that is to be connected to each port. For example, if it is desirable to connect a user device, such as an IP phone, to port 1 of a network switch, the port must be configured with the VLAN ID, quality of service, and access control list for the IP phone. In addition, the IP phone must be configured with the call server ID of the call server that the IP phone uses to make and receive calls.
If the IP phone is unplugged from the port and another type of device, such as a wireless access point, is connected to the same port, the administrator must manually log in to the switch, reconfigure the port for access by the wireless access point, log in to the wireless access point, and configure the wireless access point. Requiring such manual configuration and reconfiguration each time a device is connected to a network is undesirable as it unnecessarily increases the time required to connect user devices to networks. In addition, as the number of ports in a network access device increases, the time required to configure the network access device is further increased.
FIG. 1 illustrates conventional network access device and port configuration. Referring to FIG. 1, a network access device 100 includes a plurality of communication ports numbered 1-26 in this example. A network management server 102 allows an administrator 104 to configure network access device 100 and a user device 106 that connects to a port of network access device 100. In the illustrated example, user device 106 is a wireless access point.
In order to configure user device 106 and the port of network access device 100 to which user device 106 is connected, as indicated in step 1, administrator 104 defines port configuration for the port to which user device 106 will be connected. In step 2, network management server 102 downloads the port configuration to network access device 100. In step 3, the user connects user device 106 to the port. Because the port was configured in advance to correspond to the user device type, the port configuration matches the user device type. In step 4, the administrator logs into user device 106 and manually configures user device 106. If a new user device is connected to port 1 of network access device 100, both the user device and the port must be manually reconfigured.
Another problem associated with configuration of network access devices is configuring ports to implement user-based network access policies. Similar to the device-based configuration example described above, when a user logs in to a network via a user device connected to a port associated with a switch, that port must be manually configured in advance to provide appropriate network access to the user. For example, if the user is a guest with limited network access privileges, the port must be preconfigured as a guest port so that the user will not exceed that user's access. One example of a guest access policy is to allow the guest to only access the Internet, rather than a corporate network. If a different user logs in to the same port of the network access device, the administrator must manually reconfigure the port with access parameters for the second user. For example, if the second user has full access privileges, the administrator must manually reconfigure the port to remove the previous restrictions provided by the guest access policy. Requiring such manual port configuration each time a new user logs in to a port of a network access device is undesirable as it unnecessarily increases the labor required to connect users to a network via ports of a network access device. Moreover, due to increased user mobility provided by wireless and other technologies, the labor required to manually connect users to the network is further increased.
Accordingly, in light of these difficulties associated with network access device port and user device configuration, there exists a need for improved methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies.