公开(公告)号：US20060248335A1

公开(公告)日：2006-11-02

申请号：US11119244

申请日：2005-04-29

申请人： Jason Frazier ,  Ramesh Ponnapalli ,  Shyam Kaluve ,  Rajasekhar Manam ,  Jacob Jensen

发明人： Jason Frazier ,  Ramesh Ponnapalli ,  Shyam Kaluve ,  Rajasekhar Manam ,  Jacob Jensen

IPC分类号： H04L9/00

CPC分类号： H04L41/0806 ,  H04L63/08

摘要： Configuring an interface of a switch includes sending an authentication request requesting authentication for an endpoint from a switch to an authentication server. The switch comprises interfaces and is operable to access templates, where a template is operable to generate one or more interface commands for an interface. An instruction is received from the authentication server. The instruction instructs the switch to apply an identified template to an interface, where the identified template is identified by the authentication server as associated with the endpoint. The identified template is applied to configure the interface according to the instruction.

公开(公告)号：US07447166B1

公开(公告)日：2008-11-04

申请号：US10979536

申请日：2004-11-02

申请人： Shyamasundar S. Kaluve ,  Ian Foo ,  Shyam Murthy ,  Ramesh Ponnapalli ,  Rajasekhar Manam

发明人： Shyamasundar S. Kaluve ,  Ian Foo ,  Shyam Murthy ,  Ramesh Ponnapalli ,  Rajasekhar Manam

IPC分类号： H04L12/26

CPC分类号： H04L12/66

摘要： A technique optimizes the distribution of authenticated users among a plurality of broadcast domains, such as virtual local area networks (VLAN). Users are dynamically assigned to different broadcast domains based on various factors, including but not limited to the number of authenticated users already participating in each broadcast domain, the available bandwidth in each broadcast domain, user classes associated with users participating in each broadcast domain, etc. Based on one or more of these factors, authenticated users are optimally distributed (“load balanced”) among the plurality of broadcast domains, thereby reducing the amount of broadcast traffic and configuration within each domain.

摘要翻译： 一种技术优化了多个广播域（如虚拟局域网（VLAN））中的已认证用户的分布。 用户根据各种因素动态分配到不同的广播域，包括但不限于已经参与每个广播域的已认证用户的数量，每个广播域中的可用带宽，与参与每个广播域的用户相关联的用户类等 基于这些因素中的一个或多个，多个广播域中的经过认证的用户被最优地分布（“负载平衡”），从而减少每个域内的广播流量和配置的数量。

公开(公告)号：US20060143440A1

公开(公告)日：2006-06-29

申请号：US11020754

申请日：2004-12-27

申请人： Ramesh Ponnapalli ,  Vandateshwar Pullela

发明人： Ramesh Ponnapalli ,  Vandateshwar Pullela

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  Y10T70/5819 ,  Y10T70/5832 ,  Y10T70/5836 ,  Y10T70/5854

摘要： A common security database is maintained by a RADIUS server based on the attributes the RADIUS server receives through accounting packets. When the common security database has conflicting entries, for example a MAC address and/or IP address appearing at two different network devices such as switches or routers, the RADIUS server can notify the associated network access devices to take corrective action.

摘要翻译： RADIUS服务器根据RADIUS服务器通过计费报文接收的属性维护一个普通的安全数据库。 当公共安全数据库具有冲突条目时，例如出现在两个不同网络设备（如交换机或路由器）的MAC地址和/或IP地址时，RADIUS服务器可以通知相关联的网络接入设备采取纠正措施。

公开(公告)号：US20060233173A1

公开(公告)日：2006-10-19

申请号：US11122612

申请日：2005-05-05

申请人： Venkateshwar Pullela ,  Ambarish Kenghe ,  Ramesh Ponnapalli ,  Dileep Devireddy ,  Suresh Gurajapu

发明人： Venkateshwar Pullela ,  Ambarish Kenghe ,  Ramesh Ponnapalli ,  Dileep Devireddy ,  Suresh Gurajapu

IPC分类号： H04L12/28

CPC分类号： H04L12/4641

摘要： Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, and mechanisms, for policy-based processing of packets, including mechanisms for managing the policies. A user is authenticated and its user group identifier is identified. A packet is received and is associated with the user group identifier, and one or more fields (typically other than the source address field) of the packet are used to identify a second group identifier. A lookup operation is then performed on a policy based on the first and second group identifiers to identify a packet processing action to be performed on the packet. These identifiers are typically not network addresses, which disassociates the policy from physical network addresses (which often are dynamically assigned and may also vary based on the access point into the network of a user), and allows a switching device to process packets based on a policy stated using group identifiers.

摘要翻译： 公开了用于分组的基于策略的处理的方法，装置，数据结构，计算机可读介质和机制，包括用于管理策略的机制。 用户被认证，并且其用户组标识符被识别。 接收到分组并与用户组标识符相关联，并且使用分组的一个或多个字段（通常不是源地址字段）来标识第二组标识符。 然后基于第一组标识符和第二组标识符对策略执行查找操作，以识别要对分组执行的分组处理动作。 这些标识符通常不是网络地址，其将策略与物理网络地址（其通常被动态地分配，并且还可以基于到用户的网络的接入点）而变化），并且允许交换设备基于 政策声明使用组标识符。