Remote client remediation
First Claim
Patent Images
1. A method for remote client remediation, comprising:
- identifying, by a local network device, a client connected to the local network device and associated with an original VLAN and needing remediation;
creating at the local network device an entry in a lookup table, said entry including a MAC address of the client, a flag indicating a remediation status of the client, information of the original VLAN, and a tunnel-encapsulation IP address of a remote switch connected to a remote remediation functionality;
receiving at the local network device packets from the client during remediation;
performing a lookup in the lookup table using information in the packets;
if the information in the packets matches with the entry in the lookup table, determining whether the flag in the entry indicates the client needs remediation;
if the flag in the entry indicates the client needs remediation, tunnel-encapsulating the packets; and
forwarding the tunnel-encapsulated packets to the remote remediation functionality different from an original destination address of the packets and having membership in a remediation VLAN different from the original VLAN.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention may include network devices, systems, and methods, including executable instructions and/or logic, for remote client remediation. One method includes identifying a client needing remediation, tunnel-encapsulating packets originating from the client during remediation, and forwarding the tunnel-encapsulated packets to a remote remediation functionality different from an original destination address of the packets and having membership in a remediation VLAN different from the original VLAN.
-
Citations
20 Claims
-
1. A method for remote client remediation, comprising:
-
identifying, by a local network device, a client connected to the local network device and associated with an original VLAN and needing remediation; creating at the local network device an entry in a lookup table, said entry including a MAC address of the client, a flag indicating a remediation status of the client, information of the original VLAN, and a tunnel-encapsulation IP address of a remote switch connected to a remote remediation functionality; receiving at the local network device packets from the client during remediation; performing a lookup in the lookup table using information in the packets; if the information in the packets matches with the entry in the lookup table, determining whether the flag in the entry indicates the client needs remediation; if the flag in the entry indicates the client needs remediation, tunnel-encapsulating the packets; and forwarding the tunnel-encapsulated packets to the remote remediation functionality different from an original destination address of the packets and having membership in a remediation VLAN different from the original VLAN. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network, comprising:
-
a first network device; a client associated with an original VLAN and connected to the first network device; a second network device; and a virtual remediation tunnel having a first destination associated with the first network device, and a second destination associated with the second network device; wherein the first network device has logic to; identify the client needing remediation; create an entry in a lookup table, wherein said entry includes a MAC address of the client, a flag indicating a remediation status of the client, information of the original VLAN, and a tunnel-encapsulation IP address of the second network device; receive packets from the client during remediation; perform a lookup in the lookup table using information in the packets; if the information in the packets matches with the entry in the lookup table, determine whether the flag in the entry indicates the client needs remediation; if the flag in the entry indicates the client needs remediation, force the packets through the virtual remediation tunnel to a remediation VLAN associated with the second network device. - View Dependent Claims (12, 13, 14)
-
-
15. A network device, comprising:
a network chip including a number of network ports for receiving and transmitting packets therefrom, and logic to; identify a client, associated with a first VLAN, needing remediation; create an entry in a lookup table, said entry including a MAC address of the client, a flag indicating a remediation status of the client, information of the first VLAN, and a tunnel-encapsulation IP address of a remote switch connected to a remote remediation VLAN; receive packets from the client during remediation; perform a lookup in the lookup table using information in the packets; if the information in the packets matches with the entry in the lookup table, determine whether the flag in the entry indicates the client needs remediation; if the flag in the entry indicates the client needs remediation, tunnel-encapsulate the packets; force the tunnel-encapsulated packets into a bridging tunnel having a destination end associated with the remote remediation VLAN during remediation; and wherein the first VLAN is different from the remote remediation VLAN. - View Dependent Claims (16, 17, 18, 19, 20)
Specification