PRESERVING SECURITY ASSOCATION IN MACSEC PROTECTED NETWORK THROUGH VLAN MAPPING
First Claim
1. A method of using a network device comprising:
- receiving, via an ingress port, a data packet that includes a payload portion, a source network address and a destination network address,determining if the data packet includes a security tag that includes a role based authentication tag; and
if the data packet includes a security tag that includes a role based authentication tag, transmitting, via an egress port, at least the payload portion and the role based authentication tag towards, in a topological sense, the destination network address.
7 Assignments
0 Petitions
Accused Products
Abstract
According to one general aspect, a method of using a network device may include receiving, via an ingress port, a data packet that includes a payload portion, a source network address and a destination network address. In various embodiments, the method may also include determining if the data packet includes a security tag that includes a role based authentication tag. In some embodiments, the method may include, if the data packet includes a security tag that includes a role based authentication tag, transmitting, via an egress port, at least the payload portion and the role based authentication tag towards, in a topological sense, the destination network address.
-
Citations
20 Claims
-
1. A method of using a network device comprising:
-
receiving, via an ingress port, a data packet that includes a payload portion, a source network address and a destination network address, determining if the data packet includes a security tag that includes a role based authentication tag; and if the data packet includes a security tag that includes a role based authentication tag, transmitting, via an egress port, at least the payload portion and the role based authentication tag towards, in a topological sense, the destination network address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
an ingress port configured to; receive a data packet that includes a payload portion, a source network address and a destination network address, a processor configured to; determine if the data packet includes a security tag that includes a role based authentication tag; and an egress port configured to; if the data packet includes a security tag that includes a role based authentication tag, transmit at least the payload portion and the role based authentication tag towards, in a topological sense, the destination network address. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product for communicating information, the computer program product being tangibly embodied on a computer-readable medium and including executable code that, when executed, is configured to cause a network apparatus to:
-
receive, via an ingress port, a data packet that includes a payload portion, a source network address and a destination network address, determine if the data packet includes a security tag that includes a role based authentication tag; and if the data packet includes a security tag that includes a role based authentication tag, transmit, via an egress port, at least the payload portion and the role based authentication tag towards, in a topological sense, the destination network address. - View Dependent Claims (20)
-
Specification