公开(公告)号：US12069051B2

公开(公告)日：2024-08-20

申请号：US17743758

申请日：2022-05-13

Applicant: Cisco Technology, Inc.

Inventor： Roberto Mitsuo Kobo ,  Zheng Li ,  Gopala Krishna Andagunda ,  Einar Nilsen-Nygaard ,  Shree Murthy ,  Parthiv Shah

IPC: H04L29/06 ,  G06F9/455 ,  H04L9/40 ,  H04L61/5014

CPC classification number: H04L63/0876 ,  G06F9/45558 ,  H04L61/5014 ,  H04L63/101 ,  H04L63/20 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a wireless host device in a media access control (MAC)-based authentication network are described. In an example method a wireless host device is authorized to join a fabric enabled wireless network. A VM executes in bridge mode on the wireless host device. At the fabric edge, a source MAC address of the VM is determined. A session is created between the VM and an authentication server. The VM is authenticated. A policy for the VM is determined. A source internet protocol (IP) address is assigned to the VM to create a MAC-IP binding. A data-plane device in the fabric enabled wireless network is programmed to apply the policy to traffic communicated with the VM. Finally, the data-plane device applies the policy for the VM based at least in part on the MAC-IP binding.

公开(公告)号：US20190037390A1

公开(公告)日：2019-01-31

申请号：US15660247

申请日：2017-07-26

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Hooda ,  Vrushali Ashtaputre ,  Sudhir Jain ,  Johnson Leong ,  Shree Murthy

IPC: H04W8/26 ,  H04L12/755 ,  H04W8/08

Abstract: A system and method for fast roaming in one or more enterprise fabric network. The fast roaming involves correlation operations performed in one or more databases managed by control plane of the fabric network to update routing locator entries associated with L2-VNID and L3-VNID in one or more databases when a client moves from behind a first switch to behind a second switch. In some embodiments, the control plane finds the L3-VNID from the L2-VNID. The L3-VNID is used to search for all IP addresses corresponding to a client-MAC. At least new routing locator value that is used in the routing locator entries is provided to the first switch, the second switch, and border nodes associated with the fabric network.

公开(公告)号：US20190174301A1

公开(公告)日：2019-06-06

申请号：US16273436

申请日：2019-02-12

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Hooda ,  Vrushali Ashtaputre ,  Sudhir Jain ,  Johnson Leong ,  Shree Murthy

IPC: H04W8/26 ,  H04L12/755 ,  H04W8/08

Abstract: A system and method for fast roaming in one or more enterprise fabric network. The fast roaming involves correlation operations performed in one or more databases managed by control plane of the fabric network to update routing locator entries associated with L2-VNID and L3-VNID in one or more databases when a client moves from behind a first switch to behind a second switch. In some embodiments, the control plane finds the L3-VNID from the L2-VNID. The L3-VNID is used to search for all IP addresses corresponding to a client-MAC. At least new routing locator value that is used in the routing locator entries is provided to the first switch, the second switch, and border nodes associated with the fabric network.

公开(公告)号：US10212583B1

公开(公告)日：2019-02-19

申请号：US15660247

申请日：2017-07-26

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Hooda ,  Vrushali Ashtaputre ,  Sudhir Jain ,  Johnson Leong ,  Shree Murthy

IPC: H04W4/00 ,  H04W8/26 ,  H04L12/755 ,  H04W8/08

Abstract: A system and method for fast roaming in one or more enterprise fabric network. The fast roaming involves correlation operations performed in one or more databases managed by control plane of the fabric network to update routing locator entries associated with L2-VNID and L3-VNID in one or more databases when a client moves from behind a first switch to behind a second switch. In some embodiments, the control plane finds the L3-VNID from the L2-VNID. The L3-VNID is used to search for all IP addresses corresponding to a client-MAC. At least new routing locator value that is used in the routing locator entries is provided to the first switch, the second switch, and border nodes associated with the fabric network.

公开(公告)号：US20240340283A1

公开(公告)日：2024-10-10

申请号：US18746555

申请日：2024-06-18

Applicant: Cisco Technology, Inc.

Inventor： Roberto Mitsuo Kobo ,  Zheng Li ,  Gopala Krishna Andagunda ,  Einar Nilsen-Nygaard ,  Shree Murthy ,  Parthiv Shah

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/5014

CPC classification number: H04L63/0876 ,  G06F9/45558 ,  H04L61/5014 ,  H04L63/101 ,  H04L63/20 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a host device are described. In an example method a fabric edge device determines a MAC address of the VM executing on the host device. The fabric edge device transmits an access request to create a session for the VM to an authentication server. The fabric edge device receives an indication that the VM is authenticated and a session for the VM has been created from the authentication server. The authentication server determines a policy to apply to packets communicated from the VM and assigns an IP address to the VM to create a MAC-IP binding for the VM. The fabric edge device applies the policy for the VM to packets with a source IP address corresponding to an IP address assigned to the VM.

公开(公告)号：US12069098B2

公开(公告)日：2024-08-20

申请号：US17508731

申请日：2021-10-22

Applicant: Cisco Technology, Inc.

Inventor： Shree Murthy ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Roberto Kobo ,  Rajagopal Venkatraman

IPC: G06F15/16 ,  G06F9/455 ,  H04L9/40 ,  H04L61/5007 ,  H04L61/5014

CPC classification number: H04L63/20 ,  G06F9/45558 ,  H04L61/5007 ,  H04L61/5014

Abstract: Techniques for analyzing traffic originating from a host device in a wireless network to identify one or more virtual machines (VMs) running on the host device and connected to the network via the host device in bridge mode. When a VM is created in bridge mode behind a host device, the traffic originated by the VM will have the source Media Access Layer (MAC) address of the host device. According to techniques described herein, devices and/or components associated with the network may profile the traffic to identify an address of the VM, such as by analyzing dynamic host configuration protocol (DHCP) packets to determine the Internet Protocol (IP) address of the VM. Once the IP address and the MAC address of the VM is known, the components and/or devices may apply security policies to the VM that may be different than security policies applied to the host device.

公开(公告)号：US20240205793A1

公开(公告)日：2024-06-20

申请号：US18068898

申请日：2022-12-20

Applicant: Cisco Technology, Inc.

Inventor： Vincent Cuissard ,  Amine Choukir ,  Domenico Ficara ,  Shree Murthy ,  Simone Arena

IPC: H04W40/24 ,  G06F16/23 ,  G06F16/29

CPC classification number: H04W40/248 ,  G06F16/2379 ,  G06F16/29

Abstract: A method of updating map server entries may include generating a map server database (DB) at a map server. The map server DB may include a plurality of relational fields for a plurality of entries. The method may further include, based at least in part on a first entry of the plurality of entries being updated including a change to a first network location of the first entry, updating a second network location of a second entry of the plurality of entries that has a relation with the first entry based on the relational fields.

公开(公告)号：US10952068B2

公开(公告)日：2021-03-16

申请号：US16779903

申请日：2020-02-03

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Hooda ,  Vrushali Ashtaputre ,  Sudhir Jain ,  Johnson Leong ,  Shree Murthy

IPC: H04W8/26 ,  H04L12/755 ,  H04W8/08 ,  H04L12/721

Abstract: A system and method for fast roaming in one or more enterprise fabric network. The fast roaming involves correlation operations performed in one or more databases managed by control plane of the fabric network to update routing locator entries associated with L2-VNID and L3-VNID in one or more databases when a client moves from behind a first switch to behind a second switch. In some embodiments, the control plane finds the L3-VNID from the L2-VNID. The L3-VNID is used to search for all IP addresses corresponding to a client-MAC. At least new routing locator value that is used in the routing locator entries is provided to the first switch, the second switch, and border nodes associated with the fabric network.

公开(公告)号：US20200169872A1

公开(公告)日：2020-05-28

申请号：US16779903

申请日：2020-02-03

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Hooda ,  Vrushali Ashtaputre ,  Sudhir Jain ,  Johnson Leong ,  Shree Murthy

IPC: H04W8/26 ,  H04W8/08 ,  H04L12/755

Abstract: A system and method for fast roaming in one or more enterprise fabric network. The fast roaming involves correlation operations performed in one or more databases managed by control plane of the fabric network to update routing locator entries associated with L2-VNID and L3-VNID in one or more databases when a client moves from behind a first switch to behind a second switch. In some embodiments, the control plane finds the L3-VNID from the L2-VNID. The L3-VNID is used to search for all IP addresses corresponding to a client-MAC. At least new routing locator value that is used in the routing locator entries is provided to the first switch, the second switch, and border nodes associated with the fabric network.

公开(公告)号：US11838822B2

公开(公告)日：2023-12-05

申请号：US17846482

申请日：2022-06-22

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Indermeet Gandhi ,  Shree Murthy ,  Malcolm Muir Smith ,  Jerome Henry

IPC: H04W4/00 ,  H04W36/32 ,  H04W36/30 ,  H04W84/12

CPC classification number: H04W36/32 ,  H04W36/30 ,  H04W84/12

Abstract: This disclosure describes techniques for selecting network protocols using heatmaps. For instance, a system may receive radio frequency information from one or more sources located within an environment. The system may then generate heatmaps using the radio frequency information, where the heatmaps represent characteristics associated with different network protocols. The characteristics may include signal strengths, throughputs, data packet drop rates, data packet retry rates, and/or the like for various locations within the environment. A user device may then receive the heatmaps from the system. Using a location of the user device and the heatmaps, the user device may determine to communicate using a network protocol from the different network protocols. The user device may then establish a connection using the network protocol.