Method and system for the assignment of security group information using a proxy
First Claim
1. A method comprising:
- receiving address information regarding a network device and security group information regarding said network device, whereinsaid address information and said security group information are configured to be received from a first network device,said address information and said security group information are received at a second network device,said address information identifies an address of said network device,said security group information identifies a security group of said network device, andsaid security group information indicates said network device is a member of said security group;
associating said address information and said security group information, whereinsaid second network device is configured to perform said associating,said associating comprisesstoring said address information and said security group information such that said address information and said security group information are associated with one another, andsaid address information and said security group information are configured to allow said security group information to be used in performing access control processing of a packet;
receiving another packet at said second network device, whereinsaid another packet is received from said first network device;
determining whether said security group information should be associated with said another packet, whereinsaid another packet comprises packet address information,said packet address information is address information associated with said network device, andsaid determining uses said packet address information; and
in response to an indication that said security group information should be associated with said another packet, associating said security group information with said another packet, whereinsaid associating said security group information with said another packet comprisesadding said security group information to said another packet.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for the assignment of security group information using a proxy is disclosed. The method includes receiving an address of a network device at a first network device, receiving a security group of the network device at the first network device and associating the address information and the security group information with one another at the first network device. The first network device is coupled to a second network device. The address is represented by address information, which is received from the second network device. The security group is identified using the security group information, which indicates the network device is a member of the security group. The address information and the security group information are associated with one another by storing the address information and the security group information at the first network device.
-
Citations
13 Claims
-
1. A method comprising:
-
receiving address information regarding a network device and security group information regarding said network device, wherein said address information and said security group information are configured to be received from a first network device, said address information and said security group information are received at a second network device, said address information identifies an address of said network device, said security group information identifies a security group of said network device, and said security group information indicates said network device is a member of said security group; associating said address information and said security group information, wherein said second network device is configured to perform said associating, said associating comprises storing said address information and said security group information such that said address information and said security group information are associated with one another, and said address information and said security group information are configured to allow said security group information to be used in performing access control processing of a packet; receiving another packet at said second network device, wherein said another packet is received from said first network device; determining whether said security group information should be associated with said another packet, wherein said another packet comprises packet address information, said packet address information is address information associated with said network device, and said determining uses said packet address information; and in response to an indication that said security group information should be associated with said another packet, associating said security group information with said another packet, wherein said associating said security group information with said another packet comprises adding said security group information to said another packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
a distribution layer network device, wherein said distribution layer network device is configured to be communicatively coupled to an access layer network device, and said distribution layer network device is configured to receive address information regarding a network device and security group information regarding said network device, wherein said address information and said security group information are received from said access layer network device, associate said address information and said security group information, wherein said address information identifies an address of said network device, said security group information identifies a security group of said network device, said security group information indicates said network device is a member of said security group, said distribution layer network device is configured to associate said address information and said security group information by virtue of being configured to
store said address information and said security group information such that said address information and said security group information are associated with one another, andsaid address information and said security group information are configured to allow said security group information to be used in performing access control processing of packet, receive another packet from said access layer network device, wherein said another packet is received from said first network device, determine whether said security group information is associated with said another packet, wherein said another packet comprises packet address information, said packet address information is address information associated with said network device, and said determining uses said packet address information, and in response to an indication that said security group information should be associated with said another packet, associate said security group information with said another packet, wherein security group information is associated with said another packet, at least in part, by
adding said security group information to said another packet.- View Dependent Claims (10)
-
11. An apparatus comprising:
-
means for receiving address information regarding a network device and security group information regarding said network device, wherein said address information and said security group information are configured to be received from a first network device, said address information and said security group information are received at a second network device comprising said means for receiving, said address information identifies an address of said network device, said security group information identifies a security group of said network device, and said security group information indicates said network device is a member of said security group; means for associating said address information and said security group information, wherein said second network device comprises said means for associating, said means for associating comprises means for storing said address information and said security group information such that said address information and said security group information are associated with one another, and said address information and said security group information are configured to allow said security group information to be used in performing access control processing of a packet; means for receiving another packet at said second network device, wherein said another packet is received from said first network device; means for determining whether said security group information should be associated with said another packet, wherein said another packet comprises packet address information, said packet address information is address information associated with said network device, and said means for determining is configured to use said packet address information to determine whether said security group information should be associated with said another packet; and means, responsive to an indication that said security group information should be associated with said another packet, for associating said security group information with said another packet, wherein said means for associating said security group information with said another packet comprises means for adding said security group information to said another packet. - View Dependent Claims (12, 13)
-
Specification