Method and apparatus for securing a layer II bridging switch/switch of subscriber aggregation
First Claim
Patent Images
1. A method, comprising:
- receiving a packet from an input circuit on a layer II bridging switch, the packet including a source address and a destination address; and
making a forwarding decision for the packet based on at least, one of the addresses of the packet being currently assigned to a second circuit, and, the type of that second circuit.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for securing a layer II bridging switch for subscriber aggregation is described. The method includes receiving packets from a circuit on the layer II bridging switch and making a forwarding decision for the packet based on at least one of the addresses of the packet being currently assigned to a second circuit.
-
Citations
20 Claims
-
1. A method, comprising:
-
receiving a packet from an input circuit on a layer II bridging switch, the packet including a source address and a destination address; and
making a forwarding decision for the packet based on at least, one of the addresses of the packet being currently assigned to a second circuit, and, the type of that second circuit. - View Dependent Claims (2, 3, 4)
-
-
5. A method, comprising:
-
receiving a packet from a first untrusted circuit on a layer II bridging switch, the packet including a source address and a destination address;
dropping the packet upon determining, the source address is assigned to a trusted circuit, or the source address is assigned to a second untrusted circuit and cannot be reassigned to the first untrusted circuit; and
forwarding the packet to the destination address upon determining the destination address is assigned to a trusted circuit. - View Dependent Claims (6, 7)
-
-
8. A method, comprising:
-
receiving a packet from an input circuit, the packet including a source address and a destination address;
upon determining the input circuit is a trusted input circuit, forwarding the packet to the destination address; and
upon determining the input circuit is an untrusted input circuit, restricting network flow of the packet based upon circuit management rules. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method for forwarding a packet, comprising:
-
receiving the packet from an input circuit, wherein the packet includes a source address and a destination address;
dropping the packet if, the source address is associated with a first untrusted circuit, and the destination address is associated with a second untrusted circuit; and
forwarding the packet if, the source address is associated with a third untrusted circuit, and the destination address is associated with a first trusted circuit. - View Dependent Claims (15, 16, 17)
-
-
18. A layer II bridging switch, comprising:
-
a plurality of interfaces to transmit and receive packets over circuits; and
an inter-circuit and circuit type security management module to make forwarding decisions for the packets received on at least some of the circuits, the receiving circuit type and addresses assigned to others of the circuits and their type. - View Dependent Claims (19)
-
-
20. A method to forward a packet from an untrusted circuit to a trusted circuit, comprising:
-
receiving a packet from the untrusted circuit;
upon determining the untrusted circuit is unknown in a bridge table, entering the untrusted circuit into the bridge table, and examining the data packet to determine its destination;
upon determining the destination of the data packet is a different untrusted circuit, dropping the data packet;
forwarding the data packet to the trusted circuit
-
Specification