-
公开(公告)号:US20120291098A1
公开(公告)日:2012-11-15
申请号:US13107743
申请日:2011-05-13
Applicant: Ramsundar Janakiraman , Rajesh Mirukula , Brijesh Nambiar
Inventor: Ramsundar Janakiraman , Rajesh Mirukula , Brijesh Nambiar
IPC: G06F21/00
CPC classification number: H04L61/2015 , H04L12/4641 , H04L63/08
Abstract: Assigning clients to VLANs on a digital network. A client attaching to a digital network through a network device is initially assigned to a first VLAN. This VLAN may have restricted access and is used for authentication. The device snoops DHCP traffic on this first VLAN rewriting DHCP traffic from the client to request a short lease time for the client. A short lease time may be on the order of 30 seconds. The device optionally rewrites DHCP traffic to the client on the first VLAN to assure a short lease time is returned; this rewriting supports DHCP servers which do not issue short leases. Traffic on this first VLAN may be limited to authentication such as captive portals, 802.1x, Kerberos, and the like. If client authentication on the first VLAN does not succeed, when the short lease expires, the client will receive another short lease on the first VLAN. The network device snoops authentication traffic. When authentication succeeds, the device snoops this traffic and derives information such as roles and the target VLAN for the client, saving this information. When the short DHCP lease expires for the client, and the client restarts the DHCP process, the device assigns the client to the target VLAN and all further processing occurs on this target VLAN.
Abstract translation: 将客户端分配给数字网络上的VLAN。 首先将通过网络设备连接到数字网络的客户端分配给第一个VLAN。 该VLAN可能具有受限访问权限,用于认证。 该设备在此第一个VLAN上侦听DHCP流量,重写客户端的DHCP流量,为客户端请求一个短租约时间。 短租约时间可能在30秒左右。 该设备可选地在第一个VLAN上重写DHCP流量到客户端,以确保返回较短的租期; 此重写支持不发布短租赁的DHCP服务器。 此第一个VLAN上的流量可能会限制为诸如强制门户,802.1x,Kerberos等认证。 如果第一个VLAN的客户端认证不成功,则在短租期届满时,客户端将在第一个VLAN上收到另一个短租约。 网络设备窥探认证流量。 当认证成功时,设备会窥探此流量,并为客户端导出角色和目标VLAN等信息,保存此信息。 当客户端的短DHCP租期过期,客户端重新启动DHCP进程时,设备将客户端分配给目标VLAN,并在此目标VLAN上进行所有进一步的处理。
-
公开(公告)号:US08887237B2
公开(公告)日:2014-11-11
申请号:US13107743
申请日:2011-05-13
Applicant: Ramsundar Janakiraman , Rajesh Mirukula , Brijesh Nambiar
Inventor: Ramsundar Janakiraman , Rajesh Mirukula , Brijesh Nambiar
CPC classification number: H04L61/2015 , H04L12/4641 , H04L63/08
Abstract: Assigning clients to VLANs on a digital network. A client attaching to a digital network through a network device is initially assigned to a first VLAN. This VLAN may have restricted access and is used for authentication. The device snoops DHCP traffic on this first VLAN rewriting DHCP traffic from the client to request a short lease time for the client. A short lease time may be on the order of 30 seconds. The device optionally rewrites DHCP traffic to the client on the first VLAN to assure a short lease time is returned; this rewriting supports DHCP servers which do not issue short leases. Traffic on this first VLAN may be limited to authentication such as captive portals, 802.1x, Kerberos, and the like. If client authentication on the first VLAN does not succeed, when the short lease expires, the client will receive another short lease on the first VLAN. The network device snoops authentication traffic. When authentication succeeds, the device snoops this traffic and derives information such as roles and the target VLAN for the client, saving this information. When the short DHCP lease expires for the client, and the client restarts the DHCP process, the device assigns the client to the target VLAN and all further processing occurs on this target VLAN.
Abstract translation: 将客户端分配给数字网络上的VLAN。 首先将通过网络设备连接到数字网络的客户端分配给第一个VLAN。 该VLAN可能具有受限访问权限,用于认证。 该设备在此第一个VLAN上侦听DHCP流量,重写客户端的DHCP流量,为客户端请求一个短租约时间。 短租约时间可能在30秒左右。 该设备可选地在第一个VLAN上重写DHCP流量到客户端,以确保返回较短的租期; 此重写支持不发布短租赁的DHCP服务器。 此第一个VLAN上的流量可能会限制为诸如强制门户,802.1x,Kerberos等认证。 如果第一个VLAN的客户端认证不成功,则在短租期届满时,客户端将在第一个VLAN上收到另一个短租约。 网络设备窥探认证流量。 当认证成功时,设备会窥探此流量,并为客户端导出角色和目标VLAN等信息,保存此信息。 当客户端的短DHCP租期过期,客户端重新启动DHCP进程时,设备将客户端分配给目标VLAN,并在此目标VLAN上进行所有进一步的处理。
-
Search Results
2
records
(took 0.009 seconds)
