The disclosure relates to a method for access control of a data flow in a software defined networking system. The method includes receiving a first packet associated with a first data flow between a client node and a server node, verifying authentication of the first packet, repeating the receiving and verifying for a number of subsequent packets of the first data flow, wherein the number of subsequent packets is set based on type of protocol used for the first data flow and/or a policy set in the controller device, and sending, to an intermediate node along a path of the first data flow, a respective verification message for each successfully verified authentication of the first packet and any subsequent packets, allowing the first packet and any subsequent packets of the first data flow for forwarding.