A user's usage of network resources is controlled, after the user has been authenticated,
without using any network resources beyond the user's entry point to the network.
Packet rules may be provisioned to the user's entry point to the network, and the
packet rules may be applied to each packet received from the user before any network
resources beyond the entry point are used. These packet rules may be associated
with an identity of the user and then provisioned to the user's entry point in
response to the user being authenticated. Usage of network resources of a communications
network by a user beyond a network device of the communications network that serves
as the user's entry point to the communications network is controlled. The port
module of the network device is configured with one or more packet rules corresponding
to an identity of the user. A packet is received from a device used by the user
at the port module, and, before using any of the network resources beyond the network
device, the one or more packet rules are applied to the received packet. Another
embodiment is provided for controlling usage of network resources of a communications
network by a user. The user has an assigned role with respect to the communications
network, and the assigned role is associated with one or more packet rules, each
packet rule including a condition and action to be taken if a packet received at
a device satisfies the condition. A packet including identification information
of the user is received from a device of the user at a port module of a network
device. The assigned role of the user is determined based on the identification
information, and the port module is configured with the one or more packet rules
associated with the assigned role of the user.
