In an enterprise data network, known authentication methodologies have required that the network administrator select and configure a particular authentication methodology (i.e. configured authentication methodology) that is to be used on a network access port of a particular switch or router. In some instances, the network access port might be configured with one default authentication methodology to classify a client device should the client device fail authentication under the configured authentication methodology. Examples of such known authentication methodologies include, but are not limited to, 802.1x authentication protocol, Media Access Control (MAC) authentication protocol, Web-based login and the like. This need to manually determine and configure the particular authentication methodology limits the device connected to a network access port to only use the configured authentication methodology because client devices connected to a network access port would be limited to only the configured authentication methodology and extensive manual administration would be necessary to support heterogeneous authentication methodologies whenever a client device compatible with one of many potential authentication methodologies moved in the network.
In accordance with 802.1x authentication protocol during a port start-up event on a network access port of a switch or router, an Extensible Authentication Protocol (EAP)-Request/Identity frame is sent to an 802.1x group MAC address in order to solicit start of authentication from supplicants connected to the port. After that, EAP-Request-Identity frames are sent only to the specific MAC addresses of the client devices sending data traffic on the port. This will trigger the start of the client device authentication if a client device is a supplicant (i.e., an 802.1X compliant device). If the client device is a supplicant, it should return an EAP-Response/Identity frame to start the authentication. If no EAP-Response/Identity frame is received, after a number of tries, the client device is considered to be a non-supplicant and, by default, is blocked. This scenario exemplifies the shortcoming associated with authentication of a client device that is attempting to connect to a network access port of a router or switch being limited to only a single authentication methodology. Similar shortcomings exist for authentication methodologies for non-supplicants.
Therefore, facilitating authentication of a client device in a manner that allows several different authentication methodologies to be automatically and sequentially applied in an effort to identify an authentication methodology that is compatible with authentication abilities of the client device would be advantageous, desirable and useful.