In a shared network environment such as a corporate network, a public network or the like, it is essential to secure network security. Also in a wired LAN environment, client authentication, which applies an authentication technology based on the IEEE 802.1X specification, becomes prevailing. A client authentication system based on IEEE 802.1X includes a client terminal (Supplicant) of a user, a server (Authentication Server) which holds user authentication information on the user and carries out authentication, and an authentication switch (Authenticator) which relays authentication information exchanged between the client terminal and the authentication server and controls network connection of the client terminal.
However, there is a trade-off between security and convenience, and thus a method for coping with both of securing security and making management convenient becomes an issue.
As an art related to the above, PTL (Patent Literature) 1 (Japanese Patent Application Laid-Open Publication No. 2004-350052) discloses an art for specifying at least one out of multi-cast groups to which a data block is sent from a wireless access point apparatus having the heaviest load in order to distribute loads among wireless access points while avoiding wasting communication band in a wireless section. Moreover, PTL 1 discloses an art for switching of connection to a wireless access point apparatus which has the lightest load on a wireless terminal which participates in the multi-cast group.
Moreover, PTL 2 (Japanese Patent Application Laid-Open Publication No. 2014-171078) discloses an art for flexibly changing an authentication switch, which passes an authentication packet, in an authentication network. In order to realize that change, a filter generation and notification unit is included. This unit determines the authentication switch which passes the authentication packet sent from a client terminal, based on checking health between an authentication server and the authentication switch, and generates a receiving port filter based on the determination, and sends the receiving port filter to each of the authentication switches.