Integration of network admission control functions in network access devices
First Claim
Patent Images
1. A method comprising:
- receiving a communication from an endpoint device at a network access device located within a data path between the endpoint device and a network;
identifying a network admission control policy for the endpoint device, wherein identifying said network admission control policy comprises receiving policy information from a network admission control manager in communication with the network;
enforcing at the network access device, said network admission control policy for traffic received from the endpoint device, wherein enforcing said network admission control policy at the network access device comprises utilizing a service template downloaded from the network admission control manager and locally configured at the network access device, the network admission control manager selecting the service template for the endpoint device and instructing the network access device to apply said service template to the endpoint device;
performing continuous profiling operations at the network access device to identify the endpoint device, wherein said network admission control policy is based on identification of the endpoint device; and
forwarding at the network access device, traffic from the endpoint device to the network, in accordance with said network admission control policy.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method includes receiving a communication from an endpoint device at a network access device located within a data path between the endpoint device and a network, identifying a network admission control policy for the endpoint device, enforcing at the network access device, the network admission control policy for traffic received from the endpoint device, and forwarding at the network access device, traffic from the endpoint device to the network in accordance with the network admission control policy. An apparatus is also disclosed.
36 Citations
19 Claims
-
1. A method comprising:
-
receiving a communication from an endpoint device at a network access device located within a data path between the endpoint device and a network; identifying a network admission control policy for the endpoint device, wherein identifying said network admission control policy comprises receiving policy information from a network admission control manager in communication with the network; enforcing at the network access device, said network admission control policy for traffic received from the endpoint device, wherein enforcing said network admission control policy at the network access device comprises utilizing a service template downloaded from the network admission control manager and locally configured at the network access device, the network admission control manager selecting the service template for the endpoint device and instructing the network access device to apply said service template to the endpoint device; performing continuous profiling operations at the network access device to identify the endpoint device, wherein said network admission control policy is based on identification of the endpoint device; and forwarding at the network access device, traffic from the endpoint device to the network, in accordance with said network admission control policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
a forwarding engine for receiving traffic from an endpoint device and forwarding the traffic to a network; and a network admission control server for identifying a network admission control policy for the endpoint device and enforcing said network admission control policy for traffic received from the endpoint device; a profiler for performing continuous profiling operations at the network access device to identify the endpoint device, wherein said network admission control policy is based on identification of the endpoint device; and memory for storing said network admission control policy; wherein the apparatus is configured for operation within a data path between the endpoint device and the network, wherein identifying said network admission control policy comprises receiving policy information from a network admission control manager in communication with the network, and wherein enforcing said network admission control policy at the network access device comprises utilizing a service template downloaded from the network admission control manager and locally configured at the network access device, the network admission control manager selecting the service template for the endpoint device and instructing the network access device to apply said service template to the endpoint device. - View Dependent Claims (10, 11, 12)
-
-
13. An apparatus comprising:
-
a forwarding engine for receiving traffic from an endpoint device and forwarding the traffic to a network;
a profiler for identifying an endpoint device in communication with the apparatus and providing identification information for each of the endpoint devices in communication with the apparatus to a manager;a network admission control server for enforcing a network admission control policy for each of the endpoint devices in communication with the apparatus, said network admission control policy based on said identification information, wherein enforcing said network admission control policy at the network access device comprises utilizing a service template downloaded from the network admission control manager and locally configured at the network access device, the network admission control manager selecting the service template for the endpoint device and instructing the network access device to apply said service template to the endpoint device; and memory for storing said identification information; wherein the apparatus is configured for operation within a data path between the endpoint device and the network. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification