-
公开(公告)号:US20060262798A1
公开(公告)日:2006-11-23
申请号:US11494084
申请日:2006-07-26
申请人: Monica Joshi , Pauline Shuen
发明人: Monica Joshi , Pauline Shuen
IPC分类号: H04L12/56
CPC分类号: H04L49/351 , H04L12/4641 , H04L12/467 , H04L49/354
摘要: This invention provides for an apparatus and method to isolate ports on layer 2 switches on the same VLAN to restrict traffic flow. The apparatus comprises a switch having said plurality of ports, each port configured as a protected port or a non-protected port. An address table memory stores an address table having a destination address and port number pair. A forwarding map generator generates a forwarding map which is responsive to a destination address of a data packet. The method for isolating ports on a layer 2 switch comprises configuring each of the ports on the layer 2 switch as a protected port or a non-protected port. A destination address on an data packet is matched with a physical address on said layer 2 switch and a forwarding map is generated for the data packet based upon the destination address on the data packet. The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or nonprotected port.
-
公开(公告)号:US07095741B1
公开(公告)日:2006-08-22
申请号:US09745280
申请日:2000-12-20
申请人: Monica Joshi , Pauline Shuen
发明人: Monica Joshi , Pauline Shuen
CPC分类号: H04L49/351 , H04L12/4641 , H04L12/467 , H04L49/354
摘要: This invention provides for an apparatus and method to isolate ports on layer 2 switches on the same VLAN to restrict traffic flow. The apparatus comprises a switch having said plurality of ports, each port configured as a protected port or a non-protected port. An address table memory stores an address table having a destination address and port number pair. A forwarding map generator generates a forwarding map which is responsive to a destination address of a data packet. The method for isolating ports on a layer 2 switch comprises configuring each of the ports on the layer 2 switch as a protected port or a non-protected port. A destination address on an data packet is matched with a physical address on said layer 2 switch and a forwarding map is generated for the data packet based upon the destination address on the data packet. The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or nonprotected port.
摘要翻译: 本发明提供了隔离同一VLAN上第2层交换机上端口的装置和方法,以限制流量。 该装置包括具有所述多个端口的开关,每个端口被配置为受保护端口或非保护端口。 地址表存储器存储具有目的地地址和端口号对的地址表。 转发地图生成器生成响应于数据分组的目的地地址的转发映射。 用于隔离第2层交换机端口的方法包括将第2层交换机上的每个端口配置为受保护端口或非保护端口。 数据分组上的目的地地址与所述第二层交换机上的物理地址相匹配,并且基于数据分组上的目的地址为数据分组生成转发映射。 然后根据基于入口端口是否配置为受保护端口或非保护端口生成的转发映射,将数据包发送到多个端口。
-
公开(公告)号:US20070195774A1
公开(公告)日:2007-08-23
申请号:US11361012
申请日:2006-02-23
申请人: Troy Sherman , Bradley Dunsmore , Kevin McMenamy , Salah Nassar , Monica Joshi
发明人: Troy Sherman , Bradley Dunsmore , Kevin McMenamy , Salah Nassar , Monica Joshi
IPC分类号: H04L12/56
CPC分类号: H04L49/3009 , H04L63/1466 , H04L69/16
摘要: Systems and methods perform analysis of ICMP packets received at a network device port to determine if the ICMP packet is valid and thus should be forwarded. One aspect of the systems and methods includes configuring a port to be a trusted port in which any type of ICMP message may be considered valid. For untrusted ports, the system analyzes the ICMP packet to determine if the packet is one that should be received on an untrusted port. A further aspect of the systems and methods includes analyzing the ICMP packet data to determine if packet addresses have been spoofed or altered.
摘要翻译: 系统和方法对网络设备端口接收到的ICMP报文进行分析,确定ICMP报文是否有效,从而进行转发。 系统和方法的一个方面包括将端口配置为可信端,其中任何类型的ICMP消息可被认为是有效的。 对于不可信端口,系统将对ICMP报文进行分析,以确定该报文是否在不可信端口上应该接收的报文。 系统和方法的另一方面包括分析ICMP分组数据以确定分组地址是否被欺骗或改变。
-
4.发明授权Merging indications of matching items of multiple groups and possibly associated with skip conditions to identify winning entries of particular use for implementing access control lists 失效合并多组匹配项目的指示,并可能与跳过条件相关联,以识别用于实现访问控制列表的特定用途的获胜条目公开(公告)号:US07080195B2
公开(公告)日:2006-07-18
申请号:US10691401
申请日:2003-10-22
IPC分类号: G06F13/00
CPC分类号: G11C15/00
摘要: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable medium, mechanisms, and means for merging indications of matching items of multiple groups and possibly associated with skip conditions to identify winning entries of particular use for implementing access control lists. Indications are received typically from an associative memory bank indicating which locations were matched during a lookup operation. Each of the entries is typically associated with one or more hierarchical groups and a skip or no-skip condition. The matching entries are merged to identify one or more wining entries, these being matching entries not in a group that is skipped. A group is typically skipped if the highest priority matching entry of the particular group is associated with a skip condition. A priority encoder can be used to identify a single highest priority winning entry from the winning entries.
摘要翻译: 公开了方法,装置,数据结构,计算机可读介质,机制和用于合并多组匹配项目的指示并且可能与跳过条件相关联的装置,以识别用于实现访问控制列表的特定用途的获胜条目。 通常从联想存储体接收指示,以指示哪些位置在查找操作期间匹配。 每个条目通常与一个或多个分层组和跳过或无跳过条件相关联。 合并匹配的条目以标识一个或多个条目,这些条目是匹配不在跳过的组中的条目。 如果特定组的最高优先级匹配条目与跳过条件相关联,则通常跳过组。 优先级编码器可用于从获胜条目中识别单个最高优先级的获胜条目。
-
5.发明申请Merging indications of matching items of multiple groups and possibly associated with skip conditions to identify winning entries of particular use for implementing access control lists 失效合并多组匹配项目的指示,并可能与跳过条件相关联,以识别用于实现访问控制列表的特定用途的获胜条目公开(公告)号:US20050114602A1
公开(公告)日:2005-05-26
申请号:US10691401
申请日:2003-10-22
申请人: Philip Ngai , Monica Joshi , David Thornburg , Hyesook Lim
发明人: Philip Ngai , Monica Joshi , David Thornburg , Hyesook Lim
IPC分类号: G06F20060101 , G06F12/14 , G06F13/00 , G11C15/00
CPC分类号: G11C15/00
摘要: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable medium, mechanisms, and means for merging indications of matching items of multiple groups and possibly associated with skip conditions to identify winning entries of particular use for implementing access control lists. Indications are received typically from an associative memory bank indicating which locations were matched during a lookup operation. Each of the entries is typically associated with one or more hierarchical groups and a skip or no-skip condition. The matching entries are merged to identify one or more wining entries, these being matching entries not in a group that is skipped. A group is typically skipped if the highest priority matching entry of the particular group is associated with a skip condition. A priority encoder can be used to identify a single highest priority winning entry from the winning entries.
摘要翻译: 公开了方法,装置,数据结构,计算机可读介质,机制和用于合并多组匹配项目的指示并且可能与跳过条件相关联的装置,以识别用于实现访问控制列表的特定用途的获胜条目。 通常从联想存储体接收指示,以指示哪些位置在查找操作期间匹配。 每个条目通常与一个或多个分层组和跳过或无跳过条件相关联。 合并匹配的条目以标识一个或多个条目,这些条目是匹配不在跳过的组中的条目。 如果特定组的最高优先级匹配条目与跳过条件相关联,则通常跳过组。 优先级编码器可用于从获胜条目中识别单个最高优先级的获胜条目。
-
公开(公告)号:US07881296B2
公开(公告)日:2011-02-01
申请号:US11494084
申请日:2006-07-26
申请人: Monica Joshi , Pauline Shuen
发明人: Monica Joshi , Pauline Shuen
IPC分类号: H04L12/28
CPC分类号: H04L49/351 , H04L12/4641 , H04L12/467 , H04L49/354
摘要: This invention provides for an apparatus and method to isolate ports on layer 2 switches on the same VLAN to restrict traffic flow. The apparatus comprises a switch having said plurality of ports, each port configured as a protected port or a non-protected port. An address table memory stores an address table having a destination address and port number pair. A forwarding map generator generates a forwarding map which is responsive to a destination address of a data packet. The method for isolating ports on a layer 2 switch comprises configuring each of the ports on the layer 2 switch as a protected port or a non-protected port. A destination address on an data packet is matched with a physical address on said layer 2 switch and a forwarding map is generated for the data packet based upon the destination address on the data packet. The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or nonprotected port.
摘要翻译: 本发明提供了隔离同一VLAN上第2层交换机上端口的装置和方法,以限制流量。 该装置包括具有所述多个端口的开关,每个端口被配置为受保护端口或非保护端口。 地址表存储器存储具有目的地地址和端口号对的地址表。 转发地图生成器生成响应于数据分组的目的地地址的转发映射。 用于隔离第2层交换机端口的方法包括将第2层交换机上的每个端口配置为受保护端口或非保护端口。 数据分组上的目的地地址与所述第二层交换机上的物理地址相匹配,并且基于数据分组上的目的地址为数据分组生成转发映射。 然后根据基于入口端口是否配置为受保护端口或非保护端口生成的转发映射,将数据包发送到多个端口。
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.011 秒)
