| CPC H04L 63/20 (2013.01) [H04L 63/0876 (2013.01); H04L 63/104 (2013.01)] | 20 Claims |
|
1. A system comprising:
a network management system (NMS) configured to manage a plurality of multi-vendor, network access server (NAS) devices associated with one or more organizations; and
at least one cloud-based network access control (NAC) system in communication with the NMS, wherein the at least one NAC system is configured to:
obtain, from the NMS, one or more intent-based NAC policies of an organization of the one or more organizations, wherein the one or more intent-based NAC policies comprise one or more sets of normalized match rules associated with corresponding sets of abstracted policy results that are vendor-agnostic;
receive an authentication request for an enterprise network of the organization from a NAS device;
identify a vendor of the NAS device based on the authentication request;
match one or more incoming attributes included in the authentication request from the NAS device to a set of normalized match rules of an intent-based NAC policy of the one or more intent-based NAC policies;
translate a set of abstracted policy results corresponding to the set of normalized match rules of the intent-based NAC policy into a vendor-specific set of return attributes based on the vendor of the NAS device; and
send the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.
|