公开(公告)号：US20170041343A1

公开(公告)日：2017-02-09

申请号：US14817401

申请日：2015-08-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Pok Sze Wong ,  Ramesh Nampelly ,  Aaron Rodriguez

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/101 ,  H04L63/102 ,  H04L63/105 ,  H04L63/107

Abstract: In one embodiment, a method includes receiving at an enforcement node, a request to access a network from an endpoint, transmitting at the enforcement node, the access request to a policy server, receiving at the enforcement node from the policy server, a dynamic authorization comprising a plurality of ranks, each of the ranks comprising a policy for access to the network by the endpoint, assigning the endpoint to one of the ranks and applying the policy associated with the rank to traffic received from the endpoint at the enforcement node during a communication session between the endpoint and the network, assigning the endpoint to a different rank, and applying the policy associated with the rank to traffic received from the endpoint during the communication session. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在执行节点处接收从端点接入网络的请求，在执行节点向策略服务器发送访问请求，在执行节点从策略服务器接收动态授权 包括多个等级，每个等级包括由端点访问网络的策略，将端点分配给其中一个等级，并且在一个执行节点期间将与该等级相关联的策略应用于在执行节点处从端点接收到的流量 在端点和网络之间的通信会话，将端点分配给不同的等级，以及在通信会话期间将与等级相关联的策略应用于从端点接收的业务。 本文还公开了一种装置和逻辑。

公开(公告)号：US10171504B2

公开(公告)日：2019-01-01

申请号：US14817401

申请日：2015-08-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Pok Sze Wong ,  Ramesh Nampelly ,  Aaron Rodriguez

IPC: H04L29/06

Abstract: In one embodiment, a method includes receiving at an enforcement node, a request to access a network from an endpoint, transmitting at the enforcement node, the access request to a policy server, receiving at the enforcement node from the policy server, a dynamic authorization comprising a plurality of ranks, each of the ranks comprising a policy for access to the network by the endpoint, assigning the endpoint to one of the ranks and applying the policy associated with the rank to traffic received from the endpoint at the enforcement node during a communication session between the endpoint and the network, assigning the endpoint to a different rank, and applying the policy associated with the rank to traffic received from the endpoint during the communication session. An apparatus and logic are also disclosed herein.