A method and apparatus that provide network access control are disclosed. In one embodiment, a network device is configured to intercept network traffic initiated from a client and directed toward a network resource, and to locally authenticate the client. Authentication is carried out by comparing information identifying the client to authentication information stored in the network device. In one embodiment, an authentication cache in the network device stores the authentication information. If the client identifying information is authenticated successfully against the stored authentication information, the network device is dynamically re-configured to allow network traffic initiated by the client to reach the network resource. If local authentication fails, new stored authentication is created for the client, and the network device attempts to authenticate the client using a remote authentication server. If remote authentication is successful, the local authentication information is updated so that subsequent requests can authenticate locally. As a result, a client may be authenticated locally at a router or similar device, reducing network traffic to the authentication server.
CROSS-REFERENCE TO RELATED APPLICATIONS; PRIORITY CLAIM
This application claims priority under 35 U.S.C. .sctn.120 as a Continuation of prior application Ser. No. 10/264,655, filed on Oct. 3, 2002 now U.S. Pat. No. 6,69,154, which is a Continuation of prior application Ser. No. 09/347,433, filed Jul. 2, 1999, now U.S. Pat. No. 6,463,474, the entire contents of which are hereby incorporated by reference as if fully set forth herein.
