Network including snooping
First Claim
Patent Images
1. A computer network including:
- at least one switch connecting at least one edge device to the remainder of the network, said at least one switch including;
snooping apparatus using DHCP to monitor the signal traffic through the switch to or from each edge device to determine, without changing the traffic signals, for each edge device, the MAC address, the IP address, and the port of the switch to which it is connected, and a first dynamic table (14T) within said switch of, for each edge device, the MAC address, the IP address, and the port which it is connected, the contents of the first dynamic table being provided by said snooping apparatus.
8 Assignments
0 Petitions
Accused Products
Abstract
A computer network including: at least one switch connecting at least one edge device to the remainder of the network, said at least one switch including: snooping apparatus using DHCP to monitor the signal traffic through the switch to or from the each edge device to determine, without changing the traffic signals, for each edge device, the MAC address, the IP address, and the port of the switch to which it is connected, and a dynamic table within said switch of, for each edge device, the MAC address, the IP address, and the port which it is connected, the contents of the table being provided by said snooping apparatus
-
Citations
26 Claims
-
1. A computer network including:
-
at least one switch connecting at least one edge device to the remainder of the network, said at least one switch including;
snooping apparatus using DHCP to monitor the signal traffic through the switch to or from each edge device to determine, without changing the traffic signals, for each edge device, the MAC address, the IP address, and the port of the switch to which it is connected, and a first dynamic table (14T) within said switch of, for each edge device, the MAC address, the IP address, and the port which it is connected, the contents of the first dynamic table being provided by said snooping apparatus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer network including:
-
at least one switch connecting at least one edge device to the remainder of the network, said at least one switch including;
snooping apparatus using DHCP to monitor the signal traffic through the switch to or from the edge device to determine, without changing the traffic signals, for each edge device, the MAC address, the IP address, and the port of the switch to which it is connected, and a dynamic table within said switch of, for each edge device, the MAC address, the VLAN to which the edge device is to be connected, and/or the VLAN tag state of the port, and the port which it is connected, the contents of the table being provided by said snooping apparatus.
-
-
25. A method of operating a computer network including:
-
at least one switch connecting at least one edge device to the remainder of the network, said at least one switch including;
snooping apparatus using DHCP to monitor the signal traffic through the switch to or from each edge device to determine, without changing the traffic signals, for each edge device, the MAC address, the IP address, and the port of the switch to which it is connected, and a dynamic table within said switch of, for each edge device, the MAC address, the IP address, and the port which it is connected, the contents of the table being provided by said snooping apparatus, said method comprising the steps Step 100;
is MAC SA (source address) authenticated? If NO go to Step 101, if YES go to Step 108.Step 101;
Is MAC DA (destination address) the EAP MAC address? If NO go to Step 102, if YES go to Step 106.Step 102;
Perform RADA authentication and go to Step 103.Step 103;
Is MAC authenticated? If NO go to Step 104, if YES go to Step 105.Step 104;
Perform MAC Intrusion Action.Step 105;
Add User Name and/or MAC SA to Authenticated Table (in table 14T) Add any QoS and VLAN information configuration to the port and the Table 14T.Step 106;
Perform Network Login (802.1x) Authentication and go to Step 107.Step 107;
Is User Name Authenticated? If YES go to Step 105, if No go to Step 104.Step 108;
Perform QoS prioritization of the packet and go to Step 109.Step 109;
Tag the packet with VLAN information if necessary and go to Step 110.Step 110;
Is this packet a DHCP Packet? If NO go to Step 111, if YES go to Step 118.Step 111;
Is it an IP packet? If NO, forward packet normally to destination at step 115, if YES, go to step 112.Step 112;
Is packet an ARP Response? If NO go to Step 113, if YES go to Step 116.Step 113;
Does IP source address match the IP address assigned to this MAC in Table 14T? If NO go to Step 114, if YES go to Step 115.Step 114;
Perform IP Intrusion Action.Step 115;
Perform normal packet forwarding to destination.Step 116;
Does IP Source address match the IP assigned to this MAC in Table 14T? If YES go to Step 115, if NO go to Step 117.Step 117;
Perform Gratuitous ARP Action.Step 118;
Perform DHCP Processing and go to Step 115. - View Dependent Claims (26)
-
Specification