公开(公告)号：US10397060B2

公开(公告)日：2019-08-27

申请号：US15447291

申请日：2017-03-02

申请人： Cisco Technology, Inc.

发明人： Sanjay Kumar Hooda ,  Syam Sundar V Appala ,  Kaushik Kumar Dam ,  Vimarsh Puneet

IPC分类号： G06F15/16 ,  H04L12/24 ,  H04L29/08 ,  H04L29/12

摘要： A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. The policy server receives a first message from a network element connected to the client device. The first message requests an identity-based policy for the client device, and includes a first network address. The policy server receives a second message from an identity server. The second message includes information indicating an identity role and a second network address. The policy server receives a third message from a NAT device. The third message includes a NAT mapping that correlates the first network address with the second network address. After the policy server determines the identity-based policy based on a combination of the first message, the second message, and the third message, the policy server implements the identity-based policy in the network element.

公开(公告)号：US20180255017A1

公开(公告)日：2018-09-06

申请号：US15447291

申请日：2017-03-02

申请人： Cisco Technology, Inc.

发明人： Sanjay Kumar Hooda ,  Syam Sundar V Appala ,  Kaushik Kumar Dam ,  Vimarsh Puneet

IPC分类号： H04L29/12 ,  H04L29/08 ,  H04L12/24

CPC分类号： H04L41/0893 ,  H04L61/2514 ,  H04L61/2521 ,  H04L61/2571 ,  H04L67/306

摘要： A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. The policy server receives a first message from a network element connected to the client device. The first message requests an identity-based policy for the client device, and includes a first network address. The policy server receives a second message from an identity server. The second message includes information indicating an identity role and a second network address. The policy server receives a third message from a NAT device. The third message includes a NAT mapping that correlates the first network address with the second network address. After the policy server determines the identity-based policy based on a combination of the first message, the second message, and the third message, the policy server implements the identity-based policy in the network element.

公开(公告)号：US20180255002A1

公开(公告)日：2018-09-06

申请号：US15446802

申请日：2017-03-01

申请人： Cisco Technology, Inc.

发明人： Sanjay Kumar Hooda ,  Kaushik Kumar Dam ,  Sandesh Kumar Narappa Bheemanakone ,  Victor M. Moreno ,  Shivangi Sharma

IPC分类号： H04L12/931 ,  H04W72/12 ,  H04W74/00

CPC分类号： H04L49/201 ,  H04W72/121 ,  H04W74/002

摘要： Group based multicasts may be provided. First, a request may be received. The request may comprise a receiver tag, a request source identifier, and a request multicast group identifier. Next, a source tag corresponding to the request source identifier may be obtained and then it may be determined that a group corresponding to the receiver tag is allowed to access content from a source corresponding to the obtained source tag. In response to determining that the group corresponding to the receiver tag is allowed to access content from the source corresponding to the obtained source tag, content may be received from the source at a multicast group corresponding to the request multicast group identifier. The content may then be forwarded to a receiver corresponding to the request.

公开(公告)号：US10432578B2

公开(公告)日：2019-10-01

申请号：US15276818

申请日：2016-09-27

申请人： Cisco Technology, Inc.

发明人： Sanjay Kumar Hooda ,  Sandesh Kumar Narappa Bheemanakone ,  Shivangi Sharma ,  Atri Indiresan ,  Kaushik Kumar Dam

IPC分类号： H04L29/12 ,  H04L12/46 ,  H04L12/24

摘要： Client address based forwarding of dynamic host configuration protocol response packets may be provided. First, a first relay agent on a first network device may receive a first discovery message associated with a first client device. The first discovery message may include a first discovery message identifier field comprising a first identifier corresponding to the first client device. The first client device may be associated with a subnet. Then the first relay agent may register, with a map server, the first identifier with an address of the first network device and add a gateway address corresponding to the first relay agent to the first discovery message. Next, the first relay agent may encapsulate the first discovery message and forward the encapsulated first discovery message over a network to a border device.

公开(公告)号：US10397141B2

公开(公告)日：2019-08-27

申请号：US15721914

申请日：2017-10-01

申请人： Cisco Technology, Inc.

发明人： Sanjay Kumar Hooda ,  Atri Indiresan ,  Da-Yuan Tung ,  Kaushik Kumar Dam ,  Anand Pulicat Gopalakrishnan

IPC分类号： H04L12/931 ,  H04L12/24 ,  H04L12/46 ,  H04L29/06

摘要： In one embodiment a network device includes a plurality of ports. The network device is adapted to receive at least one configuring instruction, and adapted, after receipt of any of the at least one configuring instruction, to configure one or more access ports, of the plurality of ports, for endpoint virtual local area network (VLAN) assignment that is in accordance with at least one VLAN assignment algorithm. The at least one VLAN assignment algorithm allows at least two endpoints to be assigned to at least two different respective VLANs of a plurality of VLANs in a network, the at least one VLAN assignment algorithm enabling the at least two endpoints to connect to a same access port of the one or more access ports and provide data which is not VLAN tagged when received at the same access port.

公开(公告)号：US10887175B2

公开(公告)日：2021-01-05

申请号：US16502554

申请日：2019-07-03

申请人： Cisco Technology, Inc.

发明人： Sanjay Kumar Hooda ,  Syam Sundar V Appala ,  Kaushik Kumar Dam ,  Vimarsh Puneet

IPC分类号： G06F15/16 ,  H04L12/24 ,  H04L29/08 ,  H04L29/12

摘要： A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. A network element connected to the client device obtains an authentication message including a first network address from the client device. The network element provides the authentication device to an identity server via a Network Address Translation (NAT) device, which translates the first network address to a second network address. The network element also provides a first message including the first network address to the policy server to request an identity-based policy for network communications of the client device. The network element implements the identity-based policy authorized by the policy server.

公开(公告)号：US20190327150A1

公开(公告)日：2019-10-24

申请号：US16502554

申请日：2019-07-03

申请人： Cisco Technology, Inc.

发明人： Sanjay Kumar Hooda ,  Syam Sundar V Appala ,  Kaushik Kumar Dam ,  Vimarsh Puneet

IPC分类号： H04L12/24 ,  H04L29/12 ,  H04L29/08

摘要： A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. A network element connected to the client device obtains an authentication message including a first network address from the client device. The network element provides the authentication device to an identity server via a Network Address Translation (NAT) device, which translates the first network address to a second network address. The network element also provides a first message including the first network address to the policy server to request an identity-based policy for network communications of the client device. The network element implements the identity-based policy authorized by the policy server.

公开(公告)号：US10069762B1

公开(公告)日：2018-09-04

申请号：US15446802

申请日：2017-03-01

申请人： Cisco Technology, Inc.

发明人： Sanjay Kumar Hooda ,  Kaushik Kumar Dam ,  Sandesh Kumar Narappa Bheemanakone ,  Victor M. Moreno ,  Shivangi Sharma

IPC分类号： H04H20/71 ,  H04L12/931 ,  H04W72/12 ,  H04W74/00

摘要： Group based multicasts may be provided. First, a request may be received. The request may comprise a receiver tag, a request source identifier, and a request multicast group identifier. Next, a source tag corresponding to the request source identifier may be obtained and then it may be determined that a group corresponding to the receiver tag is allowed to access content from a source corresponding to the obtained source tag. In response to determining that the group corresponding to the receiver tag is allowed to access content from the source corresponding to the obtained source tag, content may be received from the source at a multicast group corresponding to the request multicast group identifier. The content may then be forwarded to a receiver corresponding to the request.

公开(公告)号：US20180091471A1

公开(公告)日：2018-03-29

申请号：US15276818

申请日：2016-09-27

申请人： Cisco Technology, Inc.

发明人： Sanjay Kumar Hooda ,  Sandesh Kumar Narappa Bheemanakone ,  Shivangi Sharma ,  Atri Indiresan ,  Kaushik Kumar Dam

IPC分类号： H04L29/12 ,  H04L29/06 ,  H04L29/08 ,  H04L12/24 ,  H04L12/46

CPC分类号： H04L61/2015 ,  H04L12/4633 ,  H04L41/046 ,  H04L61/6022

摘要： Client address based forwarding of dynamic host configuration protocol response packets may be provided. First, a first relay agent on a first network device may receive a first discovery message associated with a first client device. The first discovery message may include a first discovery message identifier field comprising a first identifier corresponding to the first client device. The first client device may be associated with a subnet. Then the first relay agent may register, with a map server, the first identifier with an address of the first network device and add a gateway address corresponding to the first relay agent to the first discovery message. Next, the first relay agent may encapsulate the first discovery message and forward the encapsulated first discovery message over a network to a border device.