公开(公告)号：US11405843B2

公开(公告)日：2022-08-02

申请号：US17105266

申请日：2020-11-25

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Indermeet Gandhi ,  Shree Murthy ,  Malcolm Smith ,  Jerome Henry

IPC: H04W4/00 ,  H04W36/32 ,  H04W36/30 ,  H04W84/12

Abstract: This disclosure describes techniques for selecting network protocols using heatmaps. For instance, a system may receive radio frequency information from one or more sources located within an environment. The system may then generate heatmaps using the radio frequency information, where the heatmaps represent characteristics associated with different network protocols. The characteristics may include signal strengths, throughputs, data packet drop rates, data packet retry rates, and/or the like for various locations within the environment. A user device may then receive the heatmaps from the system. Using a location of the user device and the heatmaps, the user device may determine to communicate using a network protocol from the different network protocols. The user device may then establish a connection using the network protocol.

公开(公告)号：US20220167243A1

公开(公告)日：2022-05-26

申请号：US17105266

申请日：2020-11-25

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Indermeet Gandhi ,  Shree Murthy ,  Malcolm Smith ,  Jerome Henry

IPC: H04W36/32 ,  H04W36/30

Abstract: This disclosure describes techniques for selecting network protocols using heatmaps. For instance, a system may receive radio frequency information from one or more sources located within an environment. The system may then generate heatmaps using the radio frequency information, where the heatmaps represent characteristics associated with different network protocols. The characteristics may include signal strengths, throughputs, data packet drop rates, data packet retry rates, and/or the like for various locations within the environment. A user device may then receive the heatmaps from the system. Using a location of the user device and the heatmaps, the user device may determine to communicate using a network protocol from the different network protocols. The user device may then establish a connection using the network protocol.

公开(公告)号：US20210185517A1

公开(公告)日：2021-06-17

申请号：US17170982

申请日：2021-02-09

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Hooda ,  Vrushali Ashtaputre ,  Sudhir Jain ,  Johnson Leong ,  Shree Murthy

IPC: H04W8/26 ,  H04L12/755 ,  H04W8/08

Abstract: A system and method for fast roaming in one or more enterprise fabric network. The fast roaming involves correlation operations performed in one or more databases managed by control plane of the fabric network to update routing locator entries associated with L2-VNID and L3-VNID in one or more databases when a client moves from behind a first switch to behind a second switch. In some embodiments, the control plane finds the L3-VNID from the L2-VNID. The L3-VNID is used to search for all IP addresses corresponding to a client-MAC. At least new routing locator value that is used in the routing locator entries is provided to the first switch, the second switch, and border nodes associated with the fabric network.

公开(公告)号：US10555167B2

公开(公告)日：2020-02-04

申请号：US16273436

申请日：2019-02-12

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Hooda ,  Vrushali Ashtaputre ,  Sudhir Jain ,  Johnson Leong ,  Shree Murthy

IPC: H04W8/26 ,  H04L12/755 ,  H04W8/08

Abstract: A system and method for fast roaming in one or more enterprise fabric network. The fast roaming involves correlation operations performed in one or more databases to update routing values associated with L2-VNID and L3-VNID in the one or more databases when a client moves from a first network device to a second network device. In some embodiments, the control plane finds the L3-VNID from the L2-VNID.

公开(公告)号：US20240031808A1

公开(公告)日：2024-01-25

申请号：US17871737

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Stephen Orr ,  Shree Murthy ,  Pradeep Kumar Kathail

IPC: H04W12/06 ,  H04W12/08 ,  H04W12/76

CPC classification number: H04W12/068 ,  H04W12/08 ,  H04W12/76

Abstract: This disclosure describes techniques and mechanisms for performing user defined network (UDN) service authorization based on secondary identity credentials within a wireless network. For instance, the techniques may include receiving, from a user device, a first request to access a wireless network (e.g., such as a WLAN), where the first request may include primary access credentials for accessing the WLAN. Once primary access authentication of the user device is complete, the techniques may include receiving a second request from the user device to access a UDN group within the wireless network. The second request can include secondary credentials for accessing the UDN group. In response to the second request, a secondary EAP dialogue may be established to authenticate the user device using the secondary credentials. Once the secondary credentials are authenticated, the techniques may include granting the user device access to the UDN group.

公开(公告)号：US20230370453A1

公开(公告)日：2023-11-16

申请号：US17743758

申请日：2022-05-13

Applicant: Cisco Technology, Inc.

Inventor： Roberto Mitsuo Kobo ,  Zheng Li ,  Gopala Krishna Andagunda ,  Einar Nilsen-Nygaard ,  Shree Murthy ,  Parthiv Shah

IPC: H04L9/40 ,  H04L61/5014 ,  G06F9/455

CPC classification number: H04L63/0876 ,  H04L63/101 ,  H04L63/20 ,  H04L61/5014 ,  G06F9/45558 ,  G06F2009/45595 ,  G06F2009/45587

Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a wireless host device in a media access control (MAC)-based authentication network are described. In an example method a wireless host device is authorized to join a fabric enabled wireless network. A VM executes in bridge mode on the wireless host device. At the fabric edge, a source MAC address of the VM is determined. A session is created between the VM and an authentication server. The VM is authenticated. A policy for the VM is determined. A source internet protocol (IP) address is assigned to the VM to create a MAC-IP binding. A data-plane device in the fabric enabled wireless network is programmed to apply the policy to traffic communicated with the VM. Finally, the data-plane device applies the policy for the VM based at least in part on the MAC-IP binding.

公开(公告)号：US20230198990A1

公开(公告)日：2023-06-22

申请号：US17552394

申请日：2021-12-16

Applicant: Cisco Technology, Inc.

Inventor： Roberto Muccifora ,  Domenico Ficara ,  Amine Choukir ,  Ugo Mario Campiglio ,  Shree Murthy ,  Stephen M. Orr

IPC: H04L9/40 ,  H04L61/5038 ,  H04L45/74 ,  H04L101/622

CPC classification number: H04L63/102 ,  H04L63/0876 ,  H04L61/5038 ,  H04L63/104 ,  H04L45/74 ,  H04L2101/622

Abstract: Group identity assignment and policy enforcement may be provided. A User Defined Network Identifier (UDN ID) defining a group of client devices may be received. Next, a client identifier (ID) associated with a source client device that is associated with the group of client devices may be received. The UDN ID and the client ID may be encoded in an Extended Local Identifier (ELI) Media Access Control (MAC) address associated with the source client device. A source MAC address of a packet received from the source client device may then be substituted with the ELI MAC address. Then the packet may be forwarded.

公开(公告)号：US20230131771A1

公开(公告)日：2023-04-27

申请号：US17508731

申请日：2021-10-22

Applicant: Cisco Technology, Inc.

Inventor： Shree Murthy ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Roberto Kobo ,  Rajagopal Venkatraman

IPC: H04L9/40 ,  H04L61/5014 ,  G06F9/455

Abstract: Techniques for analyzing traffic originating from a host device in a wireless network to identify one or more virtual machines (VMs) running on the host device and connected to the network via the host device in bridge mode. When a VM is created in bridge mode behind a host device, the traffic originated by the VM will have the source Media Access Layer (MAC) address of the host device. According to techniques described herein, devices and/or components associated with the network may profile the traffic to identify an address of the VM, such as by analyzing dynamic host configuration protocol (DHCP) packets to determine the Internet Protocol (IP) address of the VM. Once the IP address and the MAC address of the VM is known, the components and/or devices may apply security policies to the VM that may be different than security policies applied to the host device.

公开(公告)号：US11582597B2

公开(公告)日：2023-02-14

申请号：US17170982

申请日：2021-02-09

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Hooda ,  Vrushali Ashtaputre ,  Sudhir Jain ,  Johnson Leong ,  Shree Murthy

IPC: H04W8/26 ,  H04L45/021 ,  H04W8/08 ,  H04L45/00

Abstract: A system and method for fast roaming in one or more enterprise fabric network. The fast roaming involves correlation operations performed in one or more databases managed by control plane of the fabric network to update routing locator entries associated with L2-VNID and L3-VNID in one or more databases when a client moves from behind a first switch to behind a second switch. In some embodiments, the control plane finds the L3-VNID from the L2-VNID. The L3-VNID is used to search for all IP addresses corresponding to a client-MAC. At least new routing locator value that is used in the routing locator entries is provided to the first switch, the second switch, and border nodes associated with the fabric network.

公开(公告)号：US20220322198A1

公开(公告)日：2022-10-06

申请号：US17846482

申请日：2022-06-22

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Indermeet Gandhi ,  Shree Murthy ,  Malcolm Muir Smith ,  Jerome Henry

IPC: H04W36/32 ,  H04W36/30

Abstract: This disclosure describes techniques for selecting network protocols using heatmaps. For instance, a system may receive radio frequency information from one or more sources located within an environment. The system may then generate heatmaps using the radio frequency information, where the heatmaps represent characteristics associated with different network protocols. The characteristics may include signal strengths, throughputs, data packet drop rates, data packet retry rates, and/or the like for various locations within the environment. A user device may then receive the heatmaps from the system. Using a location of the user device and the heatmaps, the user device may determine to communicate using a network protocol from the different network protocols. The user device may then establish a connection using the network protocol.