System and method for restricting network access using forwarding databases
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-012/28
H04L-012/56
H04J-003/16
H04J-003/22
출원번호
UP-0417993
(2006-05-03)
등록번호
US-7558266
(2009-07-15)
발명자
/ 주소
Hu, Tyng Jar Albert
출원인 / 주소
Trapeze Networks, Inc.
대리인 / 주소
Perkins Coie LLP
인용정보
피인용 횟수 :
25인용 특허 :
135
초록▼
This specification describes a system that can offer, among other advantages, dynamically allowing or rejecting non-DHCP packets entering a switch. In addition, a FDB is commonly used by a bridge or switch to store an incoming packet's source MAC address and its port number, then later on if the des
This specification describes a system that can offer, among other advantages, dynamically allowing or rejecting non-DHCP packets entering a switch. In addition, a FDB is commonly used by a bridge or switch to store an incoming packet's source MAC address and its port number, then later on if the destination MAC address of another incoming packet matching any entry in FDB will be forwarded to its associated port. Using the techniques described herein, not only this will be completely transparent to user, the techniques can also result in an increase in switch performance by blocking unwanted traffic at an earlier stage of forwarding process and freeing up other processing units at a later stage, like switch fabric or packet processing stages.
대표청구항▼
What is claimed is: 1. A method comprising: receiving a data unit including layer 2 client-identification data; determining whether the data unit includes layer 3 address data; if the data unit does not include any layer 3 address data: determining whether the layer 2 client-identification data has
What is claimed is: 1. A method comprising: receiving a data unit including layer 2 client-identification data; determining whether the data unit includes layer 3 address data; if the data unit does not include any layer 3 address data: determining whether the layer 2 client-identification data has been recorded; if the layer 2 client-identification data has not been recorded: recording the layer 2 client-identification data; enabling a layer 3 address assignment status restriction attribute; if the layer 2 client-identification data has been recorded, unless the address assignment status restriction attribute is enabled, forwarding the data unit; if the data unit includes layer 3 address data, determining whether the layer 3 address data confirms a layer 3 address assignment; if the layer 3 address data confirms a layer 3 address assignment: disabling the layer 3 address assignment status restriction attribute; forwarding the data unit. 2. The method claim 1, further comprising: if the layer 3 address data does not confirm a layer 3 address assignment, forwarding the data unit. 3. The method of claim 1, further comprising: if the layer 3 address assignment restriction attribute is enabled, discarding the data unit. 4. The method of claim 1 further comprising: if the layer 2 client-identification data has been recorded, determining whether the layer 3 address assignment restriction attribute is enabled. 5. The method of claim 1, wherein the data unit is a packet, further comprising preprocessing the packet. 6. The method of claim 1, further comprising executing switching functions with respect to the data unit. 7. A system comprising: a switching device capable of performing layer 2 functions; a memory coupled to the switching device, the memory having a forwarding database including an entry having an associated layer 2 address and a layer 3 address assignment status restriction attribute; a processor, coupled to the memory and the switching device, for executing memory access and packet forwarding functions wherein, in operation, when the processor enables the layer 3 address assignment status restriction attribute, data units that include the associated layer 2 address, other than data units having layer 3 address assignment data, are not forwarded by the switching device; wherein, in operation, if a data unit of the data units includes layer 3 address data, the processor determines whether the layer 3 address data confirms a layer 3 address assignment; wherein, in operation, if the layer 3 address data confirms a layer 3 address assignment; the processor disables the layer 3 address assignment status restriction attribute; the switching device forwards the data unit. 8. The system of claim 7, further comprising: a plurality of wireless access points coupled to the switching device. 9. The system of claim 7, further comprising: a plurality of clients coupled to the switching device through one or more wireless access points. 10. The system of claim 7, wherein the layer 2 address is a MAC address. 11. The system of claim 7, wherein the layer 3 address is an IP address. 12. The system of claim 7, wherein the data units are packets. 13. The system of claim 7, wherein the data units are frames. 14. The system of claim 7, wherein the entry of the forwarding database includes a port ID and a VLAN ID. 15. The system of claim 7, wherein the entry of the forwarding database includes an age parameter. 16. A system comprising: a switching device capable of performing layer 2 functions; a memory coupled to the switching device, the memory having a forwarding database including an entry wherein said entry having an associated layer 2 address and a layer 3 address assignment status restriction attribute; an address restriction engine, coupled to the memory and the switching device, for executing packet forwarding and data traffic filtering functions, said engine having: an address status restriction module having control logic for manipulating said layer 3 address assignment status restriction attribute, a packet forwarding module having logic for monitoring data traffic and for notifying the address status restriction module that it has received data with layer 3 address assignment data; wherein the address status restriction module determines whether to disable the layer 3 address assignment status restriction attribute based on data it receives from the packet forwarding module; wherein, in operation, if a data unit of the data includes layer 3 address data, the processor determines whether the layer 3 address data confirms the layer 3 address assignment; wherein, in operation, if the layer 3 address data confirms the layer 3 address assignment; the address restriction engine disables the layer 3 address assignment status restriction attribute; the switching device forwards the data unit. 17. The system of claim 16, wherein the layer 2 address is a MAC address. 18. The system of claim 16, wherein the layer 3 address is an IP address. 19. The system of claim 16, wherein the switching device is capable of performing layer 3 functions. 20. The method claim 7, wherein, in operation, if the layer 3 address data does not confirm a layer 3 address assignment, the switch forwards the data unit.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (135)
Kuhnel Thomas,CHX ; Varlese Christopher,CHX, ATM switching architecture for a wireless telecommunications network.
Brockel Kenneth H. ; Procopio ; Jr. Victor J. ; Major Paul A. ; Vigants Arvids ; Pasirstein Joseph ; Wood Richard W., Apparatus and processes for realistic simulation of wireless information transport systems.
Watanabe Fujio,FIX ; Buot Theodore,FIX ; Kuntze Roland,FIX ; Jokela Jari,FIX, Apparatus, and associated method for selecting a size of a contention window for a packet of data system.
Adachi Hideo,JPX, Base station apparatus for radiocommunication network, method of controlling communication across radiocommunication network, radiocommunication network system, and radio terminal apparatus.
Baker Murray C. (Toronto CAX) Cheung Roger Y. M. (Scarborough CAX) Bhattacharya Partha P. (Briarcliff NY) Kobo Roberto M. (Campinas BRX) Kolbe Eduardo M. (Campinas BRX) Naghshineh Mahmoud (Fishkill N, Broadcast/multicast filtering by the bridge-based access point.
Pickering Leslie W. (Atlanta GA) Barnhart Eric N. (Lawrenceville GA) Harvey Bruce A. (Norcross GA) Witten Michael L. (Decatur GA), Cell engineering tool and methods.
Tate Duncan Hartley,AUX ; Palmer Robert,AUX ; Heinze Garry Colin,AUX ; Shahbaz Mourad Christopher Manoug,AUX ; Mikelaitis Peter Ian,AUX ; Gorog Peter Alexander Ernest,AUX, Digital communication system for simultaneous transmission of data from constant and variable rate sources.
Gilhousen Klein S. (San Diego CA) Padovani Roberto (San Diego CA) Wheatly ; III Charles E. (Del Mar CA), Diversity receiver in a CDMA cellular telephone system.
Wah Benjamin W. (1109 Cumberland Ave. West Lafayette IN 47906) Juang Jie-Yong (32-7 Hilltop Dr. West Lafayette IN 47906), Efficient contention-resolution protocol for local multiaccess networks.
Lund Carsten (New Providence NJ) Phillips Steven (New York NY) Reingold Nicholas F. (Madison NJ), Fair prioritized scheduling in an input-buffered switch.
Wang Zhonghe (Lake Worth FL) Schwendeman Robert John (Pompano Beach FL), Flexible mobility management in a two-way messaging system and method therefor.
Huang Chia-Chi (Hsinchu NY TWX) Bantz David F. (Chappaqua NY) Bauchot Frederic (Saint Jeannet NY FRX) Natarajan Kadathur S. (Millwood NY) Narasimhan Anand (New York NY) Wetterwald Michele M. (Cagnes , Handoff monitoring in cellular communication networks using slow frequency hopping.
Tobagi Fouad A. (Los Altos CA) Fratta Luigi (Segrate ITX) Borgonovo Flaminio (Cant ITX), Local area communication network utilizing a round robin access scheme with improved channel utilization.
Bo S. P. Wallentin SE; Leif P. Lindskog SE; Thomas Rimhagen SE; Per O. G. Bark SE; Ulf A. Hansson SE; Harri Vilander FI, Method and apparatus for dynamically adapting a connection state in a mobile communications system.
Stratis Glafkos ; Mendoza Julian ; Mendoza Javier ; Anantha Veeraraghavan A., Method and apparatus for predicting signal characteristics in a wireless communication system.
Rappaport, Theodore; Skidmore, Roger; Reifsneider, Eric, Method and system for designing or deploying a communications network which considers frequency dependent effects.
Darryl Steven Richman ; Moshe Lichtman ; Mark R. Enstrom ; Thomas E. Lennon ; Ralph A. Lipe ; Pierre-Yves Santerre ; Robert T. Short ; David W. Voth, Method for automatically configuring devices including a network adapter without manual intervention and without prior configuration information.
Hluchyj Michael G. (Wellesley MA) Bhargave Amit (Somerville MA) Yin Nanying (Cambridge MA), Method for prioritizing, selectively discarding, and multiplexing differing traffic type fast packets.
Gitlin Richard D. (Little Silver NJ) Sabnani Krishan K. (Westfield NJ) Woo Thomas Y. C. (Red Bank NJ), Methods and apparatus for bandwidth reduction in a two-way paging system.
Doyle,Ronald P.; Hind,John R.; Narten,Thomas; Peters,Marcia L., Methods, systems and computer program products for detecting a spoofed source address in IP datagrams.
Blakeney ; II Robert D. (San Diego CA) Karmi Gadi (San Diego CA) Tiedemann ; Jr. Edward G. (San Diego CA) Weaver ; Jr. Lindsay A. (San Diego CA), Mobile station assisted soft handoff in a CDMA cellular communications system.
Wright Andrew S.,CAX ; Lai Cuong Hon,CAX ; Shin Soon S.,CAX ; Newton Helen R.,CAX, Multiple access communication network with combined contention and reservation mode access.
Shepard Howard M (Great River NY) Barkan Edward D. (South Setauket NY) Swartz Jerome (Stonybrook NY), Narrow bodied, single- and twin-windowed portable laser scanning head for reading bar code symbols.
Shepard Howard M. (Great River NY) Barkan Edward D. (South Setauket NY) Swartz Jerome (Stonybrook NY), Narrow-bodied, single- and twin-windowed portable laser scanning head for reading bar code symbols.
Shepard Howard M. (Great River NY) Barkan Edward D. (South Setauket NY) Swartz Jerome (Stonybrook NY), Narrow-bodied, single- and twin-windowed portable scanning head for reading bar code symbols.
Shepard Howard M. (Great River NY) Barkan Edward D. (South Setauket NY) Swartz Jerome (Stonybrook NY), Narrow-bodied, single-and twin-windowed portable laser scanning head for reading bar code symbols.
Shepard Howard M. (Great River NY) Barkan Edward D. (South Setauket NY) Swartz Jerome (Stonybrook NY), Narrow-bodied, single-and twin-windowed portable laser scanning head for reading bar code symbols.
Sprecher Jerry W. (Danville CA) Winters ; Jr. Donald J. (Danville CA) Rajwany Amirali S. (Walnut Creek CA) Dodson Michael W. (Walnut Creek CA) Penning Gene R. (Antioch CA) Harrington Darryl F. (Pitts, Network management system.
Zook Ronald E. (Boulder CO) Gombrich Peter P. (Boulder CO), Portable handheld terminal including optical bar code reader and electromagnetic transceiver means for interactive wirel.
Broekhoven Paul V. (Needham MA) Fitzmartin Daniel (Newton MA) Blasche Paul (Arlington MA) Cox ; Jr. Duncan B. (Manchester MA) Upadhyay Triveni (Burlington MA), Precorrelation digital spread spectrum receiver.
Fortune Steven J. (Summit NJ) Gay David M. (New Providence NJ) Kernighan Brian W. (Berkeley Heights NJ) Landron Orlando (Shrewsbury Township ; Monmouth County NJ) Valenzuela Reinaldo A. (Holmdel NJ) , Prediction of indoor electromagnetic wave propagation for wireless indoor systems.
Lockhart ; Jr. Robert K. (Lauderhill FL) Macko William J. (Tamarac FL) Bass Robert H. (Sunrise FL) Wallace Craig S. (Coral Springs FL) Moore Morris A. (Sunrise FL), Re-linked portable data terminal controller system.
Simpson Raymond W. (Hamilton Square NJ) Chandler Donald G. (Pennington NJ) Bowers John (Monmouth Junction NJ), Remote control system, components and methods.
Clarkson, Kenneth L.; Hampel, Karl Georg; Hobby, John D.; Polakos, Paul Anthony, Road-based evaluation and interpolation of wireless network parameters.
Weinberg Aaron (Potomac MD) Ebert Paul M. (Potomac MD) Fee Joseph J. (Wheaton MD) Kaminsky Yaroslav (Herndon VA) Keblawi Feisal S. (Vienna VA) Scales Walter C. (McLean VA), Spread spectrum communications method and apparatus.
Gilhousen Klein S. (San Diego CA) Jacobs Irwin M. (La Jolla CA) Weaver ; Jr. Lindsay A. (San Diego CA), Spread spectrum multiple access communication system using satellite or terrestrial repeaters.
Croft Thomas M. (Cary NC) Dent Paul W. (Stehag SEX) Harte Lawrence J. (Cary NC) Solve Torbjorn (Lund SEX), Standby power savings with cumulative parity check in mobile phones.
Rappaport, Theodore; Skidmore, Roger; Henty, Benjamin, System and method for design, tracking, measurement, prediction and optimization of data communication networks.
Gilhousen Klein S. (San Diego CA) Jacobs Irwin M. (La Jolla CA) Padovani Roberto (San Diego CA) Weaver ; Jr. Lindsay A. (San Diego CA) Wheatley ; III Charles E. (Del Mar CA) Viterbi Andrew J. (La Jol, System and method for generating signal waveforms in a CDMA cellular telephone system.
Seazholtz John W. ; Farris Robert D., Use of cellular digital packet data (CDPD) communications to convey system identification list data to roaming cellular.
Carter, Scott J.; Flanders, Edward L.; Hannah, Stephen E., Wireless LAN architecture for integrated time-critical and non-time-critical services within medical facilities.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.