1. Field of the Invention
This invention generally relates to computer communication systems and, more particularly, to limiting access to a local area network (LAN). The invention is described in terms of a particular type of LAN, specifically the IBM Personal Computer (PC) Token Ring LAN; however, the techniques employed may find application in other and different LANs. Further, the invention is not limited to PCs but is more broadly applicable to workstations or terminals connected to the LAN.
2. Description of the Prior Art
With the proliferation of PCs and microprocessor based workstations and the vastly improved performance to price ratio of these computers, there has been a dramatic increase in the networking of PCs and workstations. LANs allow users to share files, support electronic mail and perform other functions which were previously identified as mainframe or minicomputer functions supporting a plurality of terminals. Now, even the most modest enterprise can afford a computing system that just a few short years ago would not have been economically feasible.
LANs generally are implemented in one of several topologies, referred to as star, ring or bus. The star topology is characterized by a central hub to which the several PCs or workstations in the LAN are connected. In the ring topology, messages circulate around the ring from workstation to workstation. The bus topology requires a headend server which receives transmissions from individual workstations and retransmits those messages on the bus.
LANs are also distinguished by the manner in which arbitration is accomplished among the several workstations connected to the network. In a token-ring LAN of the type announced by IBM in October 1985, a token is circulated around the ring. In order to transmit on the network, a workstation connected to a node of the ring must have the token. A workstation having the token can attach addressing information and data to the token and request service from another workstation in the network. IEEE standard 802.5 specifies a token in a ring topology; however, IEEE standard 802.4 also specifies a token in a bus topology. Thus, the token approach to arbitration is not limited to a specific topology, although the preferred embodiment of the invention disclosed and claimed herein is implemented on IBM's Token-Ring Network.
All Token-Ring adapter cards respond to a specific 6-byte address. There are two types of these addresses: locally administered addresses which can be assigned by the user, and universally administered addresses which are unalterable. These unalterable addresses are administered by the IEEE and are guaranteed by that body to be unique. During all communication between two adapters, the Token-Ring adapter ensures that the address of the sender appears in all frames, independent of the workstation software. These addresses are guaranteed to be unique within a LAN ring.
The NETBIOS (NETwork Basic Input/Output System) protocol layer provides workstation applications with a more convenient addressing scheme through the ability to define one or more 16-byte alphanumeric name to which communications from other adapters may be directed. Using NETBIOS, workstations around the ring can be known by any of several names such as the user's name, the office location, the application running on the workstation, among other things.
When a given workstation, say client-1, wishes to use a specific ring name, the NETBIOS in client-1 broadcasts to all workstations on the ring an add-name or add-group-name query message. If no other workstation responds saying that it is already using that name, the client-1 workstation is then free to use that name. There is no provision in the NETBIOS software for assigning and enforcing adapter-specific user ID (identification) and passwords and it does not maintain a ring name transaction log.
It is desirable to have fixed names for specific workstations on the ring. Applications like file and print servers must be known to the network by a publicized name so that users may make use of them. Users also should have the option of being known on the ring by their own name or other unique ID. The NETBIOS name support described above is designed to meet both of these goals. However, it does not provide any way of reserving certain names for specific workstations. For example, suppose that a printer server workstation has been established on the ring and is referred to via the name PRSERVER. If for some reason this print server goes down, its name is then no longer in use. This would allow some other workstation to ask for and be given the use of that same name. If this happens, then when the printer server is brought up, most probably in a turn-key type mode, it would not be allowed to be known on the ring by the name PRSERVER. As a result, all applications that normally send output to the printer server via the name PRSERVER will now be sending output to this imposter workstation. Similarly, if a manager's workstation is typically known on the LAN by the name ASHTON, then any workstation user that accesses the LAN before that manager does could claim the name ASHTON for its own name or misuse.