Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies

US 8,775,571 B2
Filed: 06/07/2005
Issued: 07/08/2014
Est. Priority Date: 06/07/2005
Status: Active Grant

First Claim

Patent Images

1. A method for dynamic network access device port configuration, the method comprising:

(a) storing, at a network switch, at least one mapping between a user device type and at least one port configuration command corresponding to the user device type and at least one user device configuration parameter corresponding to the user device type, wherein the port configuration command includes a dynamic attribute;

(b) determining, by the network switch, a device type of a user device plugged into a port of the network switch, wherein determining a user device type includes determining the user device type in response to the user device being connected to the port and exchanging messages with the user device over the port, and wherein exchanging messages with the user device includes exchanging discovery protocol messages with the user device;

(c) extracting, from storage of the network switch, the port configuration command corresponding to the user device type;

(d) dynamically configuring, by the network switch, the port using the configuration command, wherein dynamically configuring the port includes substituting a parameter of the user device for the dynamic attribute so that the port configuration command becomes specific to the user device and executing the user-device-specific port configuration command, wherein dynamically configuring the port includes configuring the port to implement a quality of service parameter and at least one of an access control list and a VLAN corresponding to the user device type; and

(e) extracting, from the at least one stored mapping at the network switch, a user device configuration parameter corresponding to the user device type and communicating the user device configuration parameter to the user device, wherein communicating the user device configuration parameter to the user device includes downloading the parameter to the user device using a link layer discovery protocol (LLDP) message and using the parameter in configuring the user device.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer program products for dynamic network access device port and user device configuration are disclosed. According to one method, when a user device is connected to a port of a network access device, the type of user device is determined. The type of user device is used to locate a corresponding port configuration policy. The port to which the device is connected is dynamically configured based on the port configuration policy.

42 Citations

View as Search Results

38 Claims

1. A method for dynamic network access device port configuration, the method comprising:
- (a) storing, at a network switch, at least one mapping between a user device type and at least one port configuration command corresponding to the user device type and at least one user device configuration parameter corresponding to the user device type, wherein the port configuration command includes a dynamic attribute;
  
  (b) determining, by the network switch, a device type of a user device plugged into a port of the network switch, wherein determining a user device type includes determining the user device type in response to the user device being connected to the port and exchanging messages with the user device over the port, and wherein exchanging messages with the user device includes exchanging discovery protocol messages with the user device;
  
  (c) extracting, from storage of the network switch, the port configuration command corresponding to the user device type;
  
  (d) dynamically configuring, by the network switch, the port using the configuration command, wherein dynamically configuring the port includes substituting a parameter of the user device for the dynamic attribute so that the port configuration command becomes specific to the user device and executing the user-device-specific port configuration command, wherein dynamically configuring the port includes configuring the port to implement a quality of service parameter and at least one of an access control list and a VLAN corresponding to the user device type; and
  
  (e) extracting, from the at least one stored mapping at the network switch, a user device configuration parameter corresponding to the user device type and communicating the user device configuration parameter to the user device, wherein communicating the user device configuration parameter to the user device includes downloading the parameter to the user device using a link layer discovery protocol (LLDP) message and using the parameter in configuring the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein storing at least one mapping includes storing a plurality of different mappings between a plurality of different user device types and corresponding port configurations.
  - 3. The method of claim 2 wherein storing a plurality of different mappings for a plurality of different device types includes storing mappings for at least one of an IP phone, a wireless access point, a personal computer, and a soft phone and corresponding port configuration information.
  - 4. The method of claim 1 wherein determining a user device type includes determining the user device type based on a medium access control (MAC) address of the user device.
  - 5. The method of claim 1 wherein determining a user device type includes determining the user device type based on an identifier assigned to the user device type.
  - 6. The method of claim 1 wherein the port configuration command implements a generic port configuration rule corresponding to the user device type.
  - 7. The method of claim 1 comprising detecting a new device being plugged into the port and repeating steps (b)-(d) for automatically configuring the port to function with the new device.
  - 8. The method of claim 7 wherein repeating steps (b)-(d) includes repeating steps (b)-(d) without requiring intervention from an administrator.
  - 9. The method of claim 1 wherein communicating the user device configuration parameter to the user device includes communicating the user device communication parameter to the user device in response to the user device being connected to the port.
  - 10. The method of claim 9 wherein communicating the user device communication parameter to the user device includes downloading the user device configuration parameter from the network switch to the user device via the port.
  - 11. The method of claim 1 wherein the network switch comprises an Ethernet switch.

12. A method for dynamically configuring a port of a network access device based on user group information, the method comprising:
- (a) storing, at a network switch, at least one association between a user group and a group-based network access policy and a mapping between the user device type and a user device configuration parameter;
  
  (b) detecting a user connecting a user device to a port of the network switch;
  
  (c) determining, by the network switch, a user group to which the user belongs, wherein determining a user group includes determining the user group in response to the user device being connected to the port and exchanging messages with the user device over the port, and wherein exchanging messages with the user device includes receiving an authentication request from the user device;
  
  (d) extracting, from the at least one association stored at the network switch, a port configuration command that implements a user-based network access policy corresponding to the user group, the port configuration command including a dynamic attribute;
  
  (e) dynamically configuring, by the network switch, the port to implement the user-based network access policy, wherein dynamically configuring the port includes substituting a parameter of the user device for the dynamic attribute so that the port configuration command becomes specific to the user device and executing the user-device-specific port configuration command, wherein dynamically configuring the port includes configuring the port to implement a quality of service parameter and at least one of an access control list and a VLAN corresponding to the user device type; and
  
  (f) extracting, from the at least one stored mapping at the network switch, the user device configuration parameter corresponding to the user device type and communicating the user device configuration parameter to the user device, wherein communicating the user device configuration parameter to the user device includes downloading the parameter to the user device using a link layer discovery protocol (LLDP) message and using the parameter in configuring the user device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The method of claim 12 wherein detecting a user connecting to a port of a network access device includes receiving an authentication request from a user connecting to the network access device via the user device.
  - 14. The method of claim 13 wherein the user device selected from a group consisting of:
    - a personal computer, an IP phone, and a soft phone.
  - 15. The system of claim 13 wherein determining a user group includes performing a lookup in a user group database based on information extracted from the authentication request.
  - 16. The method of claim 12 wherein dynamically configuring the port to implement the user-based network access policy includes dynamically configuring the port to implement at least one of a VLAN-based access restriction, a MAC-address-based access restriction, and an IP-address-based access restriction.
  - 17. The method of claim 12 wherein dynamically configuring the port to implement the user-based network access policy includes dynamically configuring the port to implement a time-based network access restriction.
  - 18. The method of claim 12 wherein dynamically configuring the port to implement a user-based network access policy includes dynamically configuring the port in response to receiving a user group identifier from an authentication server.
  - 19. The method of claim 12 comprising detecting a new network user connecting to the port of the network switch and repeating steps (c)-(e) for the new user.
  - 20. The method of claim 19 wherein repeating steps (c)-(e) includes repeating steps (c)-(e) without intervention from a network administrator.
  - 21. The method of claim 12 wherein the network switch comprises an Ethernet switch.

22. A system for dynamic network access device port configuration, the system comprising:
- a network switch device including;
  
  at least one port configured to provide physical access to a network;
  
  a device and port configuration database configured to store port and user device configuration data, the device and port configuration database configured to store at least one port configuration command including a dynamic attribute;
  
  a dynamic device/port configurator configured to determine a type of a user device connected to the at least one port, wherein determining a user device type includes determining the user device type in response to the user device being connected to the port and exchanging messages with the user device over the port, and wherein exchanging messages with the user device includes exchanging discovery protocol messages with the user device, the dynamic device/port configurator for dynamically configuring the at least one port based on the user device type using the at least one port configuration command, which corresponds to the user device type stored in the database and for communicating, to the user device, a user device configuration parameter corresponding to the user device type using at least one user device configuration parameter corresponding to the user device type stored in the database, wherein communicating the user device configuration parameter to the user device includes downloading the parameter to the user device using a link layer discovery protocol (LLDP) message and using the parameter in configuring the user device, wherein dynamically configuring the port includes substituting a parameter of the user device for the dynamic attribute so that the port configuration command becomes specific to the user device and executing the user-device-specific port configuration command, wherein dynamically configuring the port includes configuring the port to implement a quality of service parameter and at least one of an access control list and a VLAN corresponding to the user device type.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 23. The system of claim 22 wherein the dynamic device/port configurator is adapted to store mappings between a plurality of different device types and corresponding network access device port configuration data.
  - 24. The system of claim 23 wherein the plurality of different device types includes at least one of IP phones, wireless access points, personal computers, and soft phones.
  - 25. The system of claim 22 wherein the dynamic device/port configurator is adapted to determine the user device type based on a medium access control (MAC) address of the user device.
  - 26. The system of claim 22 wherein the dynamic device/port configurator is adapted to determine the user device type based on an identifier assigned to the user device.
  - 27. The system of claim 22 wherein the dynamic device/port configurator is adapted to dynamically reconfigure the port in response to detecting a new user device being connected to the port.
  - 28. The system of claim 22 wherein the dynamic device/port configurator is adapted to communicate the user device configuration parameter to the user device in response to the user device being connected to the port.
  - 29. The system of claim 22 wherein the dynamic device/port configurator is adapted to detect a user connecting to the port device via the user device and to dynamically configure the port to implement a first user-based network access policy for the user.
  - 30. The system of claim 29 wherein the first user-based network access policy includes at least one of a MAC-address-based, a VLAN-based, and an IP-address-based network access restriction.
  - 31. The system of claim 29 wherein the first user-based network access policy includes a time-based network access restriction.
  - 32. The system of claim 29 wherein the dynamic device/port configurator is adapted to select the first user-based network access policy based on a user group to which the user belongs.
  - 33. The system of claim 29 comprising, in response to detecting a new user connecting to the port, the dynamic device/port configurator is adapted to dynamically configure the port to implement a second user-based network access policy different from the first user-based network access policy.
  - 34. The system of claim 29 wherein the dynamic device/port configurator is adapted to implement the first user-based network access policy in response to an authentication request from the user.
  - 35. The system of claim 29 wherein the dynamic device/port configurator is adapted to implement the first user-based network access policy in response to receiving a user group ID from a server.
  - 36. The system of claim 22 wherein the port comprises a port of an Ethernet switch.

37. A non-transitory computer readable medium having stored thereon computer executable instructions that when executed by a processor of a computer perform steps comprising:
- (a) storing, at a network switch, at least one mapping between a user device type and;
  
  at least one port configuration command corresponding to the user device type and at least one user device configuration parameter corresponding to the user device type, the port configuration command including a dynamic attribute;
  
  (b) determining, by the network switch, a device type of a user device plugged into a port of the network switch, wherein determining a user device type includes determining the user device type in response to the user device being connected to the port and exchanging messages with the user device over the port, and wherein exchanging messages with the user device includes exchanging discovery protocol messages with the user device;
  
  (c) extracting, from storage of the network switch, the port configuration command corresponding to the device type;
  
  (d) dynamically configuring, by the network switch, the port using the configuration, wherein dynamically configuring the port includes substituting a parameter of the user device for the dynamic attribute so that the port configuration command becomes specific to the user device and executing the user-device-specific port configuration command, wherein dynamically configuring the port includes configuring the port to implement a quality of service parameter and at least one of an access control list and a VLAN corresponding to the user device type; and
  
  (e) extracting, by the network switch, a user device configuration parameter corresponding to the user device type from the at least one stored mapping at the network switch and communicating the user device configuration parameter to the user device, wherein communicating the user device configuration parameter to the user device includes downloading the parameter to the user device using a link layer discovery protocol (LLDP) message and using the parameter in configuring the user device.

38. A non-transitory computer readable medium having stored thereon computer executable instructions that when executed by a processor of a computer perform steps comprising:
- (a) storing, at a network switch, at least one association between a user group and a group-based network access policy and a mapping between a user device type and a user device configuration parameter;
  
  (b) detecting, by the network switch, a user connecting a user device to a port of the network switch;
  
  (c) determining, by the network switch, a user group to which the user belongs, wherein determining a user group includes determining the user group in response to the user device being connected to the port and exchanging messages with the user device over the port, and wherein exchanging messages with the user device includes receiving an authentication request from the user device;
  
  (d) extracting, from the at least an association stored at the network switch, a port configuration command that implements a user-based network access policy corresponding to the user group, the port configuration command including a dynamic attribute;
  
  (e) dynamically configuring, by the network switch, the port to implement the user-based network access policy, wherein dynamically configuring the port includes substituting a parameter of the user device for the dynamic attribute so that the port configuration command becomes specific to the user device and executing the user-device-specific port configuration command, wherein dynamically configuring the port includes configuring the port to implement a quality of service parameter and at least one of an access control list and a VLAN corresponding to the user device type; and
  
  (f) extracting, by the network switch, a user device configuration parameter corresponding to the user device type from the stored mapping at the network switch and communicating the user device configuration parameter to the user device, wherein communicating the user device configuration parameter to the user device includes downloading the parameter to the user device using a link layer discovery protocol (LLDP) message and using the parameter in configuring the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Extreme Networks, Inc.
Inventors
Ronne, Jeffrey A., Lochner, Wolfgang, Nagarajan, Rajasekaran, Gidwani, Abhay, Suizo, Nick G., Saravanan, Desikan, Srinivasan, Balaji
Primary Examiner(s)
Follansbee, John
Assistant Examiner(s)
MADAMBA, GLENFORD J

Application Number

US11/147,143
Publication Number

US 20060274774A1
Time in Patent Office

3,318 Days
Field of Search

709/220
US Class Current

709/220
CPC Class Codes

H04L 41/0809   Plug-and-play configuration

H04L 41/0856   by backing up or archiving ...

Y02D 30/00   Reducing energy consumption...

Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links