Remote client remediation

US 20080270606A1
Filed: 04/30/2007
Published: 10/30/2008
Est. Priority Date: 04/30/2007
Status: Active Grant

First Claim

Patent Images

1. A method for remote client remediation, comprising:

identifying a client, associated with an original VLAN, needing remediation;

tunnel-encapsulating packets originating from the client during remediation; and

forwarding tunnel-encapsulated packets to a remote remediation functionality different from an original destination address of the packets and having membership in a remediation VLAN different from the original VLAN.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention may include network devices, systems, and methods, including executable instructions and/or logic, for remote client remediation. One method includes identifying a client needing remediation, tunnel-encapsulating packets originating from the client during remediation, and forwarding the tunnel-encapsulated packets to a remote remediation functionality different from an original destination address of the packets and having membership in a remediation VLAN different from the original VLAN.

38 Citations

View as Search Results

20 Claims

1. A method for remote client remediation, comprising:
- identifying a client, associated with an original VLAN, needing remediation;
  
  tunnel-encapsulating packets originating from the client during remediation; and
  
  forwarding tunnel-encapsulated packets to a remote remediation functionality different from an original destination address of the packets and having membership in a remediation VLAN different from the original VLAN.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method recited in claim 1, wherein the method includes isolating the client during remediation to communication with a subset of its post-remediation network access.
  - 3. The method recited in claim 2, wherein the subset is limited to the remediation VLAN.
  - 4. The method recited in claim 1, wherein the method includes removing original VLAN information from packets before forwarding to the remediation VLAN.
  - 5. The method recited in claim 1, wherein all packets originating from the client during remediation are tunnel-encapsulated.
  - 6. The method recited in claim 5, wherein the method includes restoring original VLAN information to packets before forwarding to the client.
  - 7. The method recited in claim 6, wherein the method includes determining original VLAN information for each packet from a lookup table corresponding to a destination MAC address of the client as a key.
  - 8. The method recited in claim 1, wherein the client needing remediation is identified using a lookup table keyed to the MAC address of the client.
  - 9. The method recited in claim 1, wherein the method includes dropping a packet not addressed to the remediation functionality.
  - 10. The method recited in claim 1, wherein the method includes learning from a packet received from a remediation tunnel that the client is located during remediation at the other end of the remediation tunnel.

11. A network, comprising:
- a first network device;
  
  a client connected to the first network device;
  
  a second network device; and
  
  a virtual remediation tunnel having a first destination associated with the first network device, and a second destination associated with the second network device;
  
  wherein the first network device has logic to force packets originating from the client during remediation through the virtual remediation tunnel to a remediation VLAN associated with the second network device.
- View Dependent Claims (12, 13, 14)
- - 12. The network of claim 11, wherein the method includes a remote remediation functionality associated with the remediation VLAN.
  - 13. The network of claim 12, wherein the second network device has logic to drop packets forced to the remediation VLAN not addressed to the remote remediation functionality.
  - 14. The network of claim 11, wherein all packets originating from the client during remediation are forced to the remediation VLAN.

15. A network device, comprising:
- a network chip including a number of network ports for receiving and transmitting packets therefrom, and logic to;
  
  identify a client needing remediation;
  
  tunnel-encapsulate all packets originating from the client during remediation;
  
  force tunnel-encapsulated packets into a bridging tunnel having a destination end associated with a remote remediation VLAN during remediation; and
  
  wherein the client is a member of a first VLAN, the first VLAN being different from the remediation VLAN.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The network device of claim 15, wherein the network chip includes logic to determine information associated with a packet originating from the client during remediation, using a MAC address of the client as a lookup key, the information being selected from a group consisting of:
    - a remediation status;
      
      a tunnel encapsulation destination IP address; and
      
      a first VLAN identity.
  - 17. The network device of claim 15, wherein the network chip includes logic to forward packets to a remote remediation functionality having a destination address different from an original destination address of the packets.
  - 18. The network device of claim 15, wherein the network chip includes logic to remove first VLAN information from packets before forcing tunnel-encapsulated packets to the remediation VLAN.
  - 19. The network device of claim 15, wherein the network chip includes logic to:
    - determine a received packet is from a tunnel associated with the remediation VLAN;
      
      decapsulate the received packet; and
      
      assign first VLAN information to the packet before forwarding to the client.
  - 20. The network device of claim 15, wherein the bridging tunnel is a secure bridging tunnel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Albrecht, Alan R., Gooch, Mark, LaVigne, Bruce E., Jorgensen, Steven G., Sanchez, Mauricio

Granted Patent

US 7,792,990 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/029   Firewall traversal, e.g. tu...

Remote client remediation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Remote client remediation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others