公开(公告)号：US07861076B2

公开(公告)日：2010-12-28

申请号：US11020754

申请日：2004-12-27

申请人： Ramesh V N Ponnapalli ,  Vandateshwar Pullela

发明人： Ramesh V N Ponnapalli ,  Vandateshwar Pullela

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  Y10T70/5819 ,  Y10T70/5832 ,  Y10T70/5836 ,  Y10T70/5854

摘要： A common security database is maintained by a RADIUS server based on the attributes the RADIUS server receives through accounting packets. When the common security database has conflicting entries, for example a MAC address and/or IP address appearing at two different network devices such as switches or routers, the RADIUS server can notify the associated network access devices to take corrective action.

摘要翻译： RADIUS服务器根据RADIUS服务器通过计费报文接收的属性维护一个普通的安全数据库。 当公共安全数据库具有冲突条目时，例如出现在两个不同网络设备（如交换机或路由器）的MAC地址和/或IP地址时，RADIUS服务器可以通知相关联的网络接入设备采取纠正措施。

公开(公告)号：US08108673B2

公开(公告)日：2012-01-31

申请号：US11119244

申请日：2005-04-29

申请人： Jason D. Frazier ,  Ramesh V N Ponnapalli ,  Shyam Kaluve ,  Rajasekhar Manam ,  Jacob F. Jensen

发明人： Jason D. Frazier ,  Ramesh V N Ponnapalli ,  Shyam Kaluve ,  Rajasekhar Manam ,  Jacob F. Jensen

IPC分类号： H04L9/32

CPC分类号： H04L41/0806 ,  H04L63/08

摘要： Configuring an interface of a switch includes sending an authentication request requesting authentication for an endpoint from a switch to an authentication server. The switch comprises interfaces and is operable to access templates, where a template is operable to generate one or more interface commands for an interface. An instruction is received from the authentication server. The instruction instructs the switch to apply an identified template to an interface, where the identified template is identified by the authentication server as associated with the endpoint. The identified template is applied to configure the interface according to the instruction.

摘要翻译： 配置交换机的接口包括从交换机向认证服务器发送请求端点认证的认证请求。 交换机包括接口并且可操作以访问模板，其中模板可操作以为接口生成一个或多个接口命令。 从认证服务器接收到指令。 该指令指示交换机将识别的模板应用于接口，其中识别的模板由认证服务器标识为与端点相关联。 应用指定的模板根据指令配置接口。

公开(公告)号：US08397278B2

公开(公告)日：2013-03-12

申请号：US13323885

申请日：2011-12-13

申请人： Jason R. Frazier ,  Ramesh V. N. Ponnapalli ,  Shyam Kaluve ,  Rajasekhar Manam ,  Jacob F. Jensen

发明人： Jason R. Frazier ,  Ramesh V. N. Ponnapalli ,  Shyam Kaluve ,  Rajasekhar Manam ,  Jacob F. Jensen

IPC分类号： G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC分类号： H04L41/0806 ,  H04L63/08

摘要： Configuring an interface of a switch includes sending an authentication request requesting authentication for an endpoint from a switch to an authentication server. The switch comprises interfaces and is operable to access templates, where a template is operable to generate one or more interface commands for an interface. An instruction is received from the authentication server. The instruction instructs the switch to apply an identified template to an interface, where the identified template is identified by the authentication server as associated with the endpoint. The identified template is applied to configure the interface according to the instruction.

摘要翻译： 配置交换机的接口包括从交换机向认证服务器发送请求端点认证的认证请求。 交换机包括接口并且可操作以访问模板，其中模板可操作以为接口生成一个或多个接口命令。 从认证服务器接收到指令。 该指令指示交换机将识别的模板应用于接口，其中识别的模板由认证服务器标识为与端点相关联。 应用指定的模板根据指令配置接口。

公开(公告)号：US07724728B2

公开(公告)日：2010-05-25

申请号：US11122612

申请日：2005-05-05

申请人： Venkateshwar Rao Pullela ,  Ambarish Kenghe ,  Ramesh V N Ponnapalli ,  Dileep Kumar Devireddy ,  Suresh Gurajapu

发明人： Venkateshwar Rao Pullela ,  Ambarish Kenghe ,  Ramesh V N Ponnapalli ,  Dileep Kumar Devireddy ,  Suresh Gurajapu

IPC分类号： H04L12/66 ,  H04L12/28 ,  G06F7/04 ,  G06F9/00

CPC分类号： H04L12/4641

摘要： Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, and mechanisms, for policy-based processing of packets, including mechanisms for managing the policies. A user is authenticated and its user group identifier is identified. A packet is received and is associated with the user group identifier, and one or more fields (typically other than the source address field) of the packet are used to identify a second group identifier. A lookup operation is then performed on a policy based on the first and second group identifiers to identify a packet processing action to be performed on the packet. These identifiers are typically not network addresses, which disassociates the policy from physical network addresses (which often are dynamically assigned and may also vary based on the access point into the network of a user), and allows a switching device to process packets based on a policy stated using group identifiers.

摘要翻译： 公开了用于分组的基于策略的处理的方法，装置，数据结构，计算机可读介质和机制，包括用于管理策略的机制。 用户被认证，并且其用户组标识符被识别。 接收到分组并与用户组标识符相关联，并且使用分组的一个或多个字段（通常不是源地址字段）来标识第二组标识符。 然后基于第一组标识符和第二组标识符对策略执行查找操作，以识别要对分组执行的分组处理动作。 这些标识符通常不是网络地址，其将策略与物理网络地址（其通常被动态地分配，并且还可以基于到用户的网络的接入点）而变化），并且允许交换设备基于 政策声明使用组标识符。