The present invention relates to a packet communication apparatus for controlling communication in which user authentication is conducted on a network to control the communication based on a result of the user authentication.
In operation of a packet communication apparatus for which user authentication is conducted on a network, when an authentication request is received from a user terminal, it is required for the packet communication apparatus to issue an inquiry to a user authentication server for user's authentication information.
For the authentication processing, Institute of Electrical And Electronic Engineers (IEEE) has prescribed an authentication standard “IEEE802.1X”. According to the standard, when a user terminal connects to a network, user authentication is conducted. The system rejects communication from the terminals which have failed in the authentication and allows communication only for the terminals for which the authentication has been successfully terminated.
Specifically, according to IEEE802.1X, a user terminal is called “supplicant”, a packet communication apparatus to conduct authentication is called “authenticator”, and Extensible Authentication Protocol over Local Area Network (LAN), namely, EAPOL is used for authentication information between the supplicant and the authenticator. Between the authenticator and a general authentication server, Remote Authentication Dial In User Service (RADIUS) sever, there is employed an EAP over RADIUS protocol to exchange information. If the result of the processing executed by the RADIUS server is “reject”, the communication is interrupted for the port coupled with the user terminal of the authenticator. If the result is “accept”, the communication is allowed for the port. JP-A-2002-84306 describes a technique to control communication for a user terminal on the basis of an authentication result from a user authentication server.