Dynamic firewall and dynamic host configuration protocol configuration
First Claim
1. A dynamic network interfaces system, comprising:
- an at least one computer system;
a configuration database comprising a subnet interface pool and a virtual local area network tag pool; and
a dynamic network interfaces application that, when executed on the at least one computer system,receives a message from a network access component containing a request to authenticate a client device accessing a network service,determines that a policy requires the client device to be associated with a virtual local area network to access the network service,authenticates the client device for association with the virtual local area network,obtains subnet interface information from the subnet interface pool and a virtual local area network tag from the virtual local area network tag pool to provision the virtual local area network, wherein the virtual local area network tag is unrelated to and randomly combined with the subnet interface information,assigns the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to the client device, the network access component, and a firewall component,sends a reply containing the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to the network access component and the firewall component in response to the request, wherein the reply further includes instructions to the network access component and the firewall component to use the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to provision the virtual local area network, andactivates the virtual local area network in response to receiving at least one message from the access device and the firewall device indicating that interfaces have been configured on each device and associated with the virtual local area network tag and a physical interface.
6 Assignments
0 Petitions
Accused Products
Abstract
A system is provided comprising a computer system, a configuration database, and a dynamic network interfaces application that receives a message from a network access component containing a request to authenticate a client device accessing a network service, determines that a policy requires the client device to be associated with a virtual local area network to access the network service, and authenticates the client device for association with the virtual local area network. The dynamic network interfaces application also searches the configuration database for configuration information to provision the virtual local area network, assigns the configuration information to the client device, the network access component, and a firewall component, and sends a reply containing the configuration information to the network access component and the firewall component in response to the request, wherein the configuration information comprises settings to provision the virtual local area network.
-
Citations
20 Claims
-
1. A dynamic network interfaces system, comprising:
-
an at least one computer system; a configuration database comprising a subnet interface pool and a virtual local area network tag pool; and a dynamic network interfaces application that, when executed on the at least one computer system, receives a message from a network access component containing a request to authenticate a client device accessing a network service, determines that a policy requires the client device to be associated with a virtual local area network to access the network service, authenticates the client device for association with the virtual local area network, obtains subnet interface information from the subnet interface pool and a virtual local area network tag from the virtual local area network tag pool to provision the virtual local area network, wherein the virtual local area network tag is unrelated to and randomly combined with the subnet interface information, assigns the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to the client device, the network access component, and a firewall component, sends a reply containing the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to the network access component and the firewall component in response to the request, wherein the reply further includes instructions to the network access component and the firewall component to use the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to provision the virtual local area network, and activates the virtual local area network in response to receiving at least one message from the access device and the firewall device indicating that interfaces have been configured on each device and associated with the virtual local area network tag and a physical interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of dynamically provisioning a virtual local area network, comprising:
-
receiving a message from an access device containing a request to authenticate a client device accessing a network service; determining that a policy requires the client device to be associated with a virtual local area network to access the network service; obtaining subnet interface information from a subnet interface pool and a virtual local area network tag from a virtual local area network tag pool in a configuration database, wherein the virtual local area network tag is unrelated to and randomly combined with the subnet interface information; creating messages comprising the subnet interface information from the subnet interface pool, the virtual local area network tag from the virtual local area network tag pool, the policy, physical interface designations, and a plurality of instructions to configure a subnet interface using the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool and associate the subnet interface with the designated physical interfaces on the access device and the firewall device to provision the virtual local area network; sending the messages to the access device and the firewall device using a messaging framework; receiving messaging from the access device and the firewall device indicating that the subnet interface has been configured on the access device and the firewall device as directed in the messages received; and activating the virtual local area network in response to receiving the messages from the access device and the firewall device. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method of dynamically provisioning a virtual local area network, comprising:
-
receiving a message from an access device comprising a request to authenticate a client device accessing a network service; determining that a policy requires the client device to be associated with a virtual local area network to access the network service; determining that the client device is a member of a group wherein members of the group are associated with a single virtual local area network tag; determining that the client device is one of the first member of the group to request access and one of the second and subsequent members of the group to request access to the network service and receive authentication; when the client device is the first member of the croup to request access to the network service associated with the group, obtaining subnet interface information from a subnet interface pool and the virtual local area network tag from a virtual local area network tag pool, wherein the virtual local area network tag is unrelated to and randomly combined with the subnet interface information, sending to the access device and a firewall device the subnet interface information from the subnet interface pool, the virtual local area network tag from the virtual local area network tag pool, the policy, physical interface designations, and instructions to configure a subnet interface using the subnet interface information and the virtual local area network tag and associate the subnet interface with the designated physical interfaces on the access device and the firewall device to provision the virtual local area network, and activating the virtual local area network in response to receiving at least one message from the access device and the firewall device indicating that the subnet interface has been configured on each device and associated with the virtual local area network tag and the designated physical interfaces; and when the client device is one of the second and subsequent members of the group to request access to the network service associated with the group, joining the client device to the existing virtual local area network designated for the group. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification