公开(公告)号：US20060262798A1

公开(公告)日：2006-11-23

申请号：US11494084

申请日：2006-07-26

申请人： Monica Joshi ,  Pauline Shuen

发明人： Monica Joshi ,  Pauline Shuen

IPC分类号： H04L12/56

CPC分类号： H04L49/351 ,  H04L12/4641 ,  H04L12/467 ,  H04L49/354

摘要： This invention provides for an apparatus and method to isolate ports on layer 2 switches on the same VLAN to restrict traffic flow. The apparatus comprises a switch having said plurality of ports, each port configured as a protected port or a non-protected port. An address table memory stores an address table having a destination address and port number pair. A forwarding map generator generates a forwarding map which is responsive to a destination address of a data packet. The method for isolating ports on a layer 2 switch comprises configuring each of the ports on the layer 2 switch as a protected port or a non-protected port. A destination address on an data packet is matched with a physical address on said layer 2 switch and a forwarding map is generated for the data packet based upon the destination address on the data packet. The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or nonprotected port.

公开(公告)号：US20060245351A1

公开(公告)日：2006-11-02

申请号：US11120668

申请日：2005-05-02

申请人： Moni Pande ,  Jie Jiang ,  Navindra Yadav ,  Gnanaprakasam Pandian ,  Pauline Shuen

发明人： Moni Pande ,  Jie Jiang ,  Navindra Yadav ,  Gnanaprakasam Pandian ,  Pauline Shuen

IPC分类号： H04J3/14 ,  H04L12/26 ,  H04L1/00 ,  H04L12/56 ,  H04L12/28 ,  H04J1/16

CPC分类号： H04L12/437 ,  H04L12/1868 ,  H04L45/18 ,  H04L45/28

摘要： One embodiment in accordance with the invention is a method that includes detecting a failure in a ring network and transmitting a multicast message across the ring network that includes information regarding the failure. Additionally, a new ring master of the ring network is designated. Furthermore, a ring port coupled to the failure is blocked.

摘要翻译： 根据本发明的一个实施例是一种方法，其包括检测环网中的故障并且跨越环网发送包括关于故障的信息的多播消息。 另外，指定环形网络的新环形主机。 此外，与故障相连的环形端口被阻塞。

公开(公告)号：US07095741B1

公开(公告)日：2006-08-22

申请号：US09745280

申请日：2000-12-20

申请人： Monica Joshi ,  Pauline Shuen

发明人： Monica Joshi ,  Pauline Shuen

IPC分类号： H04L12/28 ,  H04L9/00

CPC分类号： H04L49/351 ,  H04L12/4641 ,  H04L12/467 ,  H04L49/354

摘要： This invention provides for an apparatus and method to isolate ports on layer 2 switches on the same VLAN to restrict traffic flow. The apparatus comprises a switch having said plurality of ports, each port configured as a protected port or a non-protected port. An address table memory stores an address table having a destination address and port number pair. A forwarding map generator generates a forwarding map which is responsive to a destination address of a data packet. The method for isolating ports on a layer 2 switch comprises configuring each of the ports on the layer 2 switch as a protected port or a non-protected port. A destination address on an data packet is matched with a physical address on said layer 2 switch and a forwarding map is generated for the data packet based upon the destination address on the data packet. The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or nonprotected port.

摘要翻译： 本发明提供了隔离同一VLAN上第2层交换机上端口的装置和方法，以限制流量。 该装置包括具有所述多个端口的开关，每个端口被配置为受保护端口或非保护端口。 地址表存储器存储具有目的地地址和端口号对的地址表。 转发地图生成器生成响应于数据分组的目的地地址的转发映射。 用于隔离第2层交换机端口的方法包括将第2层交换机上的每个端口配置为受保护端口或非保护端口。 数据分组上的目的地地址与所述第二层交换机上的物理地址相匹配，并且基于数据分组上的目的地址为数据分组生成转发映射。 然后根据基于入口端口是否配置为受保护端口或非保护端口生成的转发映射，将数据包发送到多个端口。

公开(公告)号：US07881296B2

公开(公告)日：2011-02-01

申请号：US11494084

申请日：2006-07-26

申请人： Monica Joshi ,  Pauline Shuen

发明人： Monica Joshi ,  Pauline Shuen

IPC分类号： H04L12/28

CPC分类号： H04L49/351 ,  H04L12/4641 ,  H04L12/467 ,  H04L49/354

摘要： This invention provides for an apparatus and method to isolate ports on layer 2 switches on the same VLAN to restrict traffic flow. The apparatus comprises a switch having said plurality of ports, each port configured as a protected port or a non-protected port. An address table memory stores an address table having a destination address and port number pair. A forwarding map generator generates a forwarding map which is responsive to a destination address of a data packet. The method for isolating ports on a layer 2 switch comprises configuring each of the ports on the layer 2 switch as a protected port or a non-protected port. A destination address on an data packet is matched with a physical address on said layer 2 switch and a forwarding map is generated for the data packet based upon the destination address on the data packet. The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or nonprotected port.

摘要翻译： 本发明提供了隔离同一VLAN上第2层交换机上端口的装置和方法，以限制流量。 该装置包括具有所述多个端口的开关，每个端口被配置为受保护端口或非保护端口。 地址表存储器存储具有目的地地址和端口号对的地址表。 转发地图生成器生成响应于数据分组的目的地地址的转发映射。 用于隔离第2层交换机端口的方法包括将第2层交换机上的每个端口配置为受保护端口或非保护端口。 数据分组上的目的地地址与所述第二层交换机上的物理地址相匹配，并且基于数据分组上的目的地址为数据分组生成转发映射。 然后根据基于入口端口是否配置为受保护端口或非保护端口生成的转发映射，将数据包发送到多个端口。

公开(公告)号：US07590120B2

公开(公告)日：2009-09-15

申请号：US11283269

申请日：2005-11-18

申请人： Pauline Shuen ,  James P. Rivers

发明人： Pauline Shuen ,  James P. Rivers

IPC分类号： H04L12/56

CPC分类号： H04L12/2856 ,  H04L12/2861 ,  H04L12/2881 ,  H04L12/4645 ,  H04L49/354

摘要： A method and apparatus utilized in layer 2 access switches of an Ethernet ring-based network to bridge multicast packets between a multicast VLAN and a selected VLAN coupled to a VLAN trunk port of the layer 2 access switch. The duplication of multicast streams over the ring technology is avoided while maintaining isolation between subscribers.

摘要翻译： 一种在以太网环网的二层接入交换机中使用的方法和装置，用于跨组播VLAN和耦合到第二层接入交换机的VLAN中继端口的选定VLAN之间的组播数据包。 避免在环形技术上重复组播流，同时保持用户之间的隔离。

公开(公告)号：US07558960B2

公开(公告)日：2009-07-07

申请号：US11029987

申请日：2005-01-05

申请人： Nancy Cam Winget ,  Mark Krishcer ,  Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Sheausong Yang

发明人： Nancy Cam Winget ,  Mark Krishcer ,  Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Sheausong Yang

IPC分类号： H04L9/00

CPC分类号： H04W12/04 ,  H04L41/00 ,  H04L63/062 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L63/126 ,  H04L63/1408 ,  H04W12/10 ,  H04W12/12 ,  H04W84/12 ,  H04W88/08

摘要： A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

摘要翻译： 基于检测的无线网络防御。 基础设施的元件，例如接入点或仅扫描接入点，通过检测欺骗性帧（例如从流氓接入点）来检测入侵者。 接入点包括诸如消息完整性检查之类的签名，以及其管理帧的方式使得相邻接入点能够验证管理帧，并且检测被欺骗的帧。 当相邻接入点接收到管理帧时，获取发送帧的接入点的密钥，并使用密钥验证管理帧。

公开(公告)号：US20080313724A1

公开(公告)日：2008-12-18

申请号：US11762575

申请日：2007-06-13

申请人： Krishna Doddapaneni ,  Chaitanya Kodeboyina ,  J.R. Rivers ,  Pauline Shuen

发明人： Krishna Doddapaneni ,  Chaitanya Kodeboyina ,  J.R. Rivers ,  Pauline Shuen

IPC分类号： H04L9/32

CPC分类号： H04L49/357 ,  H04L49/70

摘要： Embodiments of an N-Port ID virtualization (NPIV) proxy module, NPIV proxy switching system, and methods are generally described herein. Other embodiments may be described and claimed. In some embodiments, login requests are distributed over a plurality of available N-ports to allow servers to be functionally coupled to F-ports of a plurality of fiber-channel (FC) switches. Fiber-channel identifiers (FCIDs) are assigned to the servers in response to the logon requests to provide single end-host operations for each of the servers.

摘要翻译： 这里通常描述N端口ID虚拟化（NPIV）代理模块，NPIV代理交换系统和方法的实施例。 可以描述和要求保护其他实施例。 在一些实施例中，登录请求分布在多个可用N端口上，以允许服务器功能地耦合到多个光纤信道（FC）交换机的F端口。 光纤通道标识符（FCID）被分配给服务器以响应登录请求，为每个服务器提供单个终端主机操作。

公开(公告)号：US07411915B1

公开(公告)日：2008-08-12

申请号：US10896410

申请日：2004-07-21

申请人： Christopher Spain ,  Pauline Shuen ,  Shashi Kumar ,  Glen Robert Fisher ,  Ujjal Bajaj

发明人： Christopher Spain ,  Pauline Shuen ,  Shashi Kumar ,  Glen Robert Fisher ,  Ujjal Bajaj

IPC分类号： G01R31/08 ,  H04L12/28

CPC分类号： H04L41/0886 ,  H04L29/12839 ,  H04L41/0806 ,  H04L41/0843 ,  H04L49/351 ,  H04L49/90 ,  H04L61/2061 ,  H04L61/6022 ,  H04L69/18

摘要： A method and apparatus for automatically configuring a physical port of a switch with features appropriate to a connection type snoops incoming packets to determine the connection type and executes a port configuration macro installed on the switch to apply appropriate features for the connection type.

摘要翻译： 一种用于自动配置具有适合于连接类型的特征的交换机的物理端口的方法和装置，其中，所述连接类型窥探进入的分组以确定所述连接类型并执行安装在所述交换机上的端口配置宏以对所述连接类型应用适当的特征。

公开(公告)号：US07370362B2

公开(公告)日：2008-05-06

申请号：US11073317

申请日：2005-03-03

申请人： Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Nancy Winget ,  Pejman Roshan

发明人： Timothy Olson ,  Pauline Shuen ,  Ajit Sanzgiri ,  Nancy Winget ,  Pejman Roshan

IPC分类号： G06F11/00 ,  G06F12/16

CPC分类号： H04W12/12 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/1466 ,  H04W48/08 ,  H04W48/16 ,  H04W88/08

摘要： Methods and apparatus are disclosed for locating and disabling the switch port of a rogue wireless access point. In one embodiment, a network management device is configured to detect the presence of a rogue access point on a managed wireless network. Once detected, the management device may then instruct a special client, such as a scanning AP, to associate with the rogue access point and send a discovery packet through the rogue access point to network management device. The network management device upon receiving the discovery packet may thereby determine that the rogue access point is connected to a network managed by said network device. The network device may then utilize information contained in the discovery packet to locate the switch port to which the rogue access point is connected, and ultimately disable the switch port to which the rogue access point is connected.

摘要翻译： 公开了用于定位和禁用流氓无线接入点的交换机端口的方法和装置。 在一个实施例中，网络管理设备被配置为检测被管理无线网络上的恶意接入点的存在。 一旦检测到，管理设备然后可以指示诸如扫描AP的特殊客户端与流氓接入点关联，并通过流氓接入点将发现分组发送到网络管理设备。 因此，网络管理装置在接收到发现分组时可以确定恶意接入点连接到由所述网络设备管理的网络。 然后，网络设备可以利用包含在发现分组中的信息来定位与恶意接入点连接的交换机端口，并且最终禁用与恶意接入点连接的交换机端口。

公开(公告)号：US20070047472A1

公开(公告)日：2007-03-01

申请号：US11218886

申请日：2005-09-02

申请人： Lionel Florit ,  Robert Klessig ,  Pauline Shuen ,  Francois Tallet

发明人： Lionel Florit ,  Robert Klessig ,  Pauline Shuen ,  Francois Tallet

IPC分类号： H04L12/28 ,  H04L12/56

CPC分类号： H04L12/462 ,  H04L12/437 ,  H04L41/0654 ,  H04L41/12 ,  H04L45/48

摘要： Various systems and methods for implementing virtual ports within ring networks are disclosed. For example, one method involves allocating a logical port that corresponds to a first port and a second port and instantiating a spanning tree protocol instance. The first port and the second port are both assigned to a first ring network. The spanning tree protocol instance selectively blocks the logical port; however, the spanning tree protocol instance is unable to block the first port independently of blocking the second port. Events (e.g., link failures and recoveries) that occur within the ring network are communicated to spanning tree by transitioning the state of the logical port in response to receiving a ring protocol control packet. The spanning tree protocol instance initiates a bridge protocol data unit (BPDU) exchange from the logical port in response to a transition in the state of the logical port.

摘要翻译： 公开了用于在环网内实现虚拟端口的各种系统和方法。 例如，一种方法包括分配对应于第一端口和第二端口的逻辑端口并实例化生成树协议实例。 第一个端口和第二个端口都分配给第一个环网。 生成树协议实例选择性地阻止逻辑端口; 但是，生成树协议实例无法阻止第一个端口，而是阻止第二个端口。 响应于接收到环形协议控制分组，通过转换逻辑端口的状态来将发生在环网内的事件（例如，链路故障和恢复）传送到生成树。 生成树协议实例响应于逻辑端口状态的转换，从逻辑端口发起桥协议数据单元（BPDU）交换。