Abstract: A system and method for provisionally authenticating a host moving from a source port of a switch device to a destination port of the switch device is disclosed. The host is initially authenticated at the source port and blocked from forwarding network traffic at the destination port. During a provisional authentication session, an authentication agent executing on the switch intercepts one or more authentication packets sourced by the host and headed for the destination port of the switch device and redirects the authentication packets to an authentication server for validating the host at the destination port of the switch device. The switch device removes the block at the destination port in response to receiving an acknowledgment of successful authentication at the destination port from the authentication server.

Abstract: A system and method for provisionally authenticating a host moving from a source port of a switch device to a destination port of the switch device is disclosed. The host is initially authenticated at the source port and blocked from forwarding network traffic at the destination port. During a provisional authentication session, an authentication agent executing on the switch intercepts one or more authentication packets sourced by the host and headed for the destination port of the switch device and redirects the authentication packets to an authentication server for validating the host at the destination port of the switch device. The switch device removes the block at the destination port in response to receiving an acknowledgment of successful authentication at the destination port from the authentication server.

Abstract: A system and method for provisionally authenticating a host moving from one router to another router in a network using border gateway protocol (BGP) is disclosed. A host is initially authenticated at a first BGP router, this discovery is advertised to a second BGP router pursuant to BGP with a new extended community indicating successful authentication (or pre-authentication) of the host at the first BGP router. An indication for re-authentication of the host at the second BGP router is then received, which blocks network traffic from the host to the second BGP router. Due to the notification of a previous authentication of the host, the second BGP router begins a provisional authentication session. In response to a successful completion of the provisional authentication session, the host is authorized to transmit network traffic on the second BGP router and subsequently blocked from doing the same at the first BGP router.

Abstract: A system and method for provisionally authenticating a host moving from a source port of a switch device to a destination port of the switch device is disclosed. The host is initially authenticated at the source port and blocked from forwarding network traffic at the destination port. During a provisional authentication session, an authentication agent executing on the switch intercepts one or more authentication packets sourced by the host and headed for the destination port of the switch device and redirects the authentication packets to an authentication server for validating the host at the destination port of the switch device. The switch device removes the block at the destination port in response to receiving an acknowledgment of successful authentication at the destination port from the authentication server.

Abstract: A system and method for provisionally authenticating a host moving from a source port of a switch device to a destination port of the switch device is disclosed. The host is initially authenticated at the source port and blocked from forwarding network traffic at the destination port. During a provisional authentication session, an authentication agent executing on the switch intercepts one or more authentication packets sourced by the host and headed for the destination port of the switch device and redirects the authentication packets to an authentication server for validating the host at the destination port of the switch device. The switch device removes the block at the destination port in response to receiving an acknowledgment of successful authentication at the destination port from the authentication server.

Abstract: A system and method for provisionally authenticating a host moving from one router to another router in a network using border gateway protocol (BGP) is disclosed. A host is initially authenticated at a first BGP router, this discovery is advertised to a second BGP router pursuant to BGP with a new extended community indicating successful authentication (or pre-authentication) of the host at the first BGP router. An indication for re-authentication of the host at the second BGP router is then received, which blocks network traffic from the host to the second BGP router. Due to the notification of a previous authentication of the host, the second BGP router begins a provisional authentication session. In response to a successful completion of the provisional authentication session, the host is authorized to transmit network traffic on the second BGP router and subsequently blocked from doing the same at the first BGP router.