Dynamic access control lists
First Claim
Patent Images
1. A method of developing an access control list, comprising:
- developing an enhanced access control list including data related to at least one of user names, DNS names, Windows domain names, and physical addresses;
converting at least one of, user names into corresponding IP and physical addresses according to data in the enhanced access control list;
DNS names into corresponding IP addresses according to data in the enhanced access control list; and
physical addresses into IP addresses according to data in the enhanced access control list; and
developing the access control list from each of the operations of converting.
3 Assignments
0 Petitions
Accused Products
Abstract
A method controls access of a user to a network including a plurality of hosts coupled together through a network switch. The method includes storing in the network switch an enhanced access control list containing data related to at least one of user names, DNS names, domain names, and physical addresses. A dynamic access control list is generated from the enhanced access control list, with the dynamic access control list containing a plurality of IP addresses that restrict access of the user to the network.
166 Citations
25 Claims
-
1. A method of developing an access control list, comprising:
-
developing an enhanced access control list including data related to at least one of user names, DNS names, Windows domain names, and physical addresses;
converting at least one of, user names into corresponding IP and physical addresses according to data in the enhanced access control list;
DNS names into corresponding IP addresses according to data in the enhanced access control list; and
physical addresses into IP addresses according to data in the enhanced access control list; and
developing the access control list from each of the operations of converting. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of controlling access of a user to a network including a plurality of hosts coupled together through a network switch, the method comprising:
-
storing in the network switch an enhanced access control list containing data related to at least one of user names, DNS names, Windows domain names, and physical addresses; and
generating a dynamic access control list from the enhanced access control list, the dynamic access control list containing a plurality of IP addresses that restrict access of the user to the network. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A network switching circuit, comprising:
-
a forwarding circuit operable to detect specific received packets and to provide the specific packets on a processor port, and further operable to receive packets on one of a plurality of ports including the processor port and to forward each received packet to a port corresponding to a destination address contained in the packet subject to access restrictions contained in a dynamic access control list;
a memory circuit coupled to the forwarding circuit, the memory circuit operable to store packets and operable to store an enhanced access control list and a dynamic access control list; and
a processor coupled to the forwarding circuit and to the memory circuit, the processor operable to define the specific packets detected by the forwarding circuit and operable to process the specific packets stored in the memory circuit using the enhanced access control list to generate the dynamic access control list and store the dynamic access control list in the memory circuit, and further operable to provide the specific packets to the processor port of the forwarding circuit after processing the packets. - View Dependent Claims (19, 20, 21)
-
-
22. A computer network, comprising:
-
a network switch, including, a forwarding circuit operable to detect specific received packets and to provide the specific packets on a processor port, and further operable to receive packets on one of a plurality of ports including the processor port and to forward each received packet to a port corresponding to a destination address contained in the packet subject to access restrictions contained in a dynamic access control list;
a memory circuit coupled to the forwarding circuit, the memory circuit operable to store packets and operable to store an enhanced access control list and a dynamic access control list; and
a processor coupled to the forwarding circuit and to the memory circuit, the processor operable to define the specific packets detected by the forwarding circuit and operable to process the specific packets stored in the memory circuit using the enhanced access control list to generate the dynamic access control list and store the dynamic access control list in the memory circuit, and further operable to provide the specific packets to the processor port of the forwarding circuit after processing the packets; and
a plurality of hosts, each host coupled to a respective port of the network switch. - View Dependent Claims (23, 24, 25)
-
Specification