Network including snooping
First Claim
Patent Images
1. A method for controlling access to a computer network, comprising the following computer-implemented steps:
- monitoring signal traffic through at least one switch connecting at least one edge device to a remainder of the computer network to determine, without changing the signal traffic, for each of the at least one edge device, a MAC address, an IP address, and a port of the switch to which it is connected;
providing to a first dynamic table within said at least one switch for each edge device, a MAC address, an IP address, and a port to which it is connected;
providing an authentication server which includes a second table of user names and their relevant passwords used by Network Login, in which the second table, which includes User and Password information, also includes for each user name and password the corresponding virtual local network (VLAN) and/or VLAN tag membership and/or the Quality of Service (QoS);
adding to the first dynamic table the user name, membership VLAN, VLAN tag and QoS information learnt from the authentication server in the second table.
7 Assignments
0 Petitions
Accused Products
Abstract
A computer network including:
- at least one switch connecting at least one edge device to the remainder of the network, said at least one switch including:
- snooping apparatus using DHCP to monitor the signal traffic through the switch to or from the each edge device to determine, without changing the traffic signals, for each edge device, the MAC address, the IP address, and the port of the switch to which it is connected, and
- a dynamic table within said switch of, for each edge device, the MAC address, the IP address, and the port which it is connected, the contents of the table being provided by said snooping apparatus.
23 Citations
20 Claims
-
1. A method for controlling access to a computer network, comprising the following computer-implemented steps:
-
monitoring signal traffic through at least one switch connecting at least one edge device to a remainder of the computer network to determine, without changing the signal traffic, for each of the at least one edge device, a MAC address, an IP address, and a port of the switch to which it is connected; providing to a first dynamic table within said at least one switch for each edge device, a MAC address, an IP address, and a port to which it is connected; providing an authentication server which includes a second table of user names and their relevant passwords used by Network Login, in which the second table, which includes User and Password information, also includes for each user name and password the corresponding virtual local network (VLAN) and/or VLAN tag membership and/or the Quality of Service (QoS); adding to the first dynamic table the user name, membership VLAN, VLAN tag and QoS information learnt from the authentication server in the second table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-implemented method for controlling access to a computer network, comprising:
-
with a snooping apparatus at a network switch, monitoring signal traffic through that switch, where the switch connects at least one edge device to a remainder of the computer network to determine, without changing the signal traffic, for an edge device, a Media Access Control (MAC) address, an Internet Protocol (IP) address, and a port of the switch to which that edge device is connected; maintaining a first dynamic table within the switch that lists, for said edge device, a MAC address, an IP address, and a port to which the edge device is connected; accessing an authentication server which maintains a second table that lists user names and passwords for Network Login, in which the second table also includes, for each user name and password, a corresponding virtual local network (VLAN) membership, VLAN tag, or Quality of Service (QoS) information; adding to the first dynamic table in the switch the user name, VLAN membership, VLAN tag and QoS information learnt from the authentication server in the second table. - View Dependent Claims (19, 20)
-
Specification