US20080240104A1 - Port management system - Google Patents

Port management system Download PDF

Info

Publication number
US20080240104A1
US20080240104A1 US11/731,135 US73113507A US2008240104A1 US 20080240104 A1 US20080240104 A1 US 20080240104A1 US 73113507 A US73113507 A US 73113507A US 2008240104 A1 US2008240104 A1 US 2008240104A1
Authority
US
United States
Prior art keywords
switch
port
event
profile
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US11/731,135
Other versions
US8751649B2 (en
US20110243133A9 (en
Inventor
Anil Villait
Nick G. Suizo
Govind raj Desur
Deepika Dwivedi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Extreme Networks Inc
Original Assignee
Extreme Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/147,143 external-priority patent/US8775571B2/en
Application filed by Extreme Networks Inc filed Critical Extreme Networks Inc
Priority to US11/731,135 priority Critical patent/US8751649B2/en
Assigned to EXTREME NETWORKS, INC. reassignment EXTREME NETWORKS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DESUR, GOVIND RAJ, DWIVEDI, DEEPIKA, SUIZO, NICK G., VILLAIT, ANIL
Priority to US11/772,031 priority patent/US8279874B1/en
Publication of US20080240104A1 publication Critical patent/US20080240104A1/en
Publication of US20110243133A9 publication Critical patent/US20110243133A9/en
Application granted granted Critical
Publication of US8751649B2 publication Critical patent/US8751649B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/0816Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/65Re-configuration of fast packet switches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/86Event-based monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30098Register arrangements
    • G06F9/30141Implementation provisions of register files, e.g. ports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0681Configuration of triggering conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • H04L41/0809Plug-and-play configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/351Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • H04L67/5682Policies or rules for updating, deleting or replacing the stored data
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks

Definitions

  • the present invention relates to the field of computer networks and internetworking communications technologies.
  • the present invention relates to management of ports in a network.
  • a network switch such as a bridge (layer 2 switch) or a router (layer 3 switch), is a device that determines the destination of individual data packets (such as Ethernet frames) and selectively forwards them across a local area network (LAN) according to the best route for their destination.
  • the best route is typically associated with one of a number of ports on the switch, which are the switch's external interface to the network.
  • the port is a mission critical part of a network because the port oftentimes is an uplink, collapsing thousands of users in a local area network (LAN) onto a backbone such as the Internet.
  • the port may also be used to control access to the LAN and LAN resources through the use of port-based network access control protocols.
  • One such protocol is the Institute of Electrical and Electronics Engineers (IEEE) Ethernet-based standard for port-based network access control, IEEE 802.1X.
  • IEEE 802.1X specifies a general method for the provision of port-based network access control.
  • the IEEE 802.1X protocol may be used to authenticate and authorize devices and device users that are connected to a LAN port, where the LAN port is a single point of attachment to the LAN infrastructure, such as a port of a Media Access Control (MAC) Bridge or, in the case of a wireless LAN, an association between an end station and an IEEE 802.11 access point in the wireless LAN.
  • MAC Media Access Control
  • the switch must be provisioned with the appropriate network resources based on the type of device and/or identity of the user. Provisioning the switch primarily involves configuring the port to which a device is connected with the proper configuration and policy data for that device and/or device user.
  • the switch port to which a VoIP phone is connected must be configured with the appropriate Link Layer Data Protocol (LLDP) parameters, Virtual Local Area Network (VLAN) name, port VLAN ID, power conservation mode, call server name, 802.1Q framing parameter, and Access Control List (ACL).
  • LLDP Link Layer Data Protocol
  • VLAN Virtual Local Area Network
  • ACL Access Control List
  • NMS proprietary centralized network management systems
  • the NMS typically operates in conjunction with an authentication server, such as the RADIUS server, to dynamically deploy the proper configuration and policy data to the switch upon successful authentication and authorization of the device and/or user on the network.
  • One of the challenges presented by relying on the NMS to deploy the proper policy and configuration data to the switch is the delay between the time that the device and/or user is detected/authenticated, and the time that the policy is deployed on the switch. Such a delay can expose the LAN to malicious attack which may result is a denial or degradation of service on the LAN.
  • a switch in a network is automatically provisioned with network resources using a port management system.
  • the port management system is a flexible framework of components that may be used to implement a method for automatically provisioning a switch with a network resource based on the occurrence of a defined network event.
  • the network resource may include any device or service accessible on the network.
  • the defined network event may include any network event associated with a device or user connected to the network.
  • the method for automatically provisioning a switch with network resources based on the occurrence of a defined network event includes executing a profile associated with the defined network event when the event occurs.
  • a profile contains one or more commands, the execution of which cause a dynamic port configuration change.
  • the dynamic port configuration change enforces a particular policy on the affected port or ports.
  • the port management system provides for the creation, editing and storing of profiles on the switch using the switch's command line interface (CLI).
  • the port management system provides for the creation, editing and storing of profiles using a network management system (NMS) for later deployment to the switch.
  • NMS network management system
  • profiles may be associated with a particular port or port list and configured to execute upon the occurrence of one or more defined network events.
  • the defined network events may include user events, such as NetLogin events occurring when a user is authenticated or unauthenticated, or device events, such as Link Layer Data Protocol (LLDP) events occurring when a device is detected or undetected.
  • Profiles may also be configured to execute upon the occurrence of timer events, i.e., to execute at a specified time, or after a specified interval has occurred.
  • profiles may be static or dynamic.
  • Static profiles are typically not event-driven, but rather manually executed on the switch, using the CLI, in order to implement a set of commands that parameterize and simplify complex configuration tasks, such as Netlogin, or to test a profile that is otherwise considered a dynamic profile.
  • most profiles are dynamic in that they are event-driven, meaning that they are automatically executed upon the occurrence of a defined network event associated with the profile, such as a user logon, or a device detection.
  • profiles may be executed in persistent or non-persistent mode.
  • Static profiles are generally executed in persistent mode, i.e., the configuration and policy changes implemented by static profiles are saved in the switch configuration and preserved when the switch is rebooted.
  • Dynamic profiles are generally executed in non-persistent mode, meaning that the changes to the affected ports are not saved in the switch configuration, and therefore not preserved when the switch is rebooted. Regardless of whether a change is persistent or non-persistent, however, changes implemented by both static and dynamic profiles may be synchronized to the redundant switch backup in the case of a failover.
  • the commands contained in the profile may contain references to variables, the values of which may be made available to the profile at the time the profile is executed on the switch.
  • the values may include the values of arguments made available to the network when a defined network event occurs, such as the security profile variables that are made available to the network by an authentication server when a user has been authenticated on a device connected to the network.
  • the values of certain variables may be determined at the time of execution by reference to values previously stored in the switch, including the values of common variables that are available to all profiles, as well as the values of session variables that are available to a particular profile to, for example, save the current state of the profile to facilitate testing and/or to facilitate restoring the affected port's configuration and policy when a user logs off or a device times out.
  • profiles may contain control structures to conditionally modify command execution during the execution of the profile.
  • control structures may include, among others, conditional execution and recursive logic that can be used in conjunction with variable expression evaluation operators to conditionally modify the execution of the commands in the profile.
  • the profiles may also contain references to certain built-in functions to perform common tasks.
  • the port management system may support execution of profiles in different error-handling modes, including the ability to ignore errors or abort execution.
  • the port management system may further support access to a particular profile's execution history, such as in the form of a profile execution log that may be stored on the switch for later inspection via the CLI or other facility.
  • FIG. 1 is a block diagram illustrating certain aspects of a switch in a Local Area Network (LAN), an example of an operating environment in which the invention may be practiced;
  • LAN Local Area Network
  • FIG. 2 is a block diagram illustrating certain aspects of a port management system, including a switch incorporating a port manager and other components for automatically provisioning the switch with network resources in accordance with an embodiment of the invention
  • FIG. 3 is a block diagram illustrating certain aspects of profiles for automatically provisioning the switch with network resources in accordance with an embodiment of the invention
  • FIG. 4 is a block diagram illustrating certain other aspects of profiles for automatically provisioning the switch with network resources in accordance with an embodiment of the invention
  • FIG. 5 is a block diagram illustrating certain aspects of port management execution modes for automatically provisioning the switch with network resources in accordance with an embodiment of the invention
  • FIG. 6 is a block diagram illustrating certain aspects of port management variables for automatically provisioning the switch with network resources in accordance with an embodiment of the invention
  • FIG. 7 is a block diagram illustrating certain aspects of a port management profile editor for automatically provisioning the switch with network resources in accordance with an embodiment of the invention
  • FIG. 8 is a block diagram illustrating certain aspects of the operation of a port management system for automatically provisioning the switch with network resources in accordance with an embodiment of the invention
  • FIG. 9 is a block diagram illustrating certain other aspects of the operation of a port management system for automatically provisioning the switch with network resources in accordance with an embodiment of the invention.
  • FIG. 10 is a flow diagram illustrating certain aspects of a method to be performed in a port management system for automatically provisioning the switch with network resources in accordance with an embodiment of the invention
  • FIG. 11 is a flow diagram illustrating certain other aspects of a method to be performed in a port management system for automatically provisioning the switch with network resources in accordance with an embodiment of the invention.
  • FIG. 12 illustrates one embodiment of a suitable computing environment in which certain aspects of the invention illustrated in FIGS. 1-11 may be practiced.
  • FIG. 1 is a block diagram illustrating certain aspects of a switch in a Local Area Network (LAN), and serves as an example of an operating environment in which the invention may be practiced.
  • a network device 100 such as a switch, connects a local area network LAN 102 serving virtual LANs VLANA 106 and VLANB 108 to inter-network 104 .
  • the switch 100 comprises several ports, including the illustrated ports 110 numbered “1,” “2,” and so forth, each having a Media Access Control MAC chip 111 or similar component to connect the port 110 to LAN 102 .
  • the switch 100 further comprises a switch fabric 112 that typically includes, among other components, a bus 128 , a central processing unit (CPU) 130 , a packet forwarder 114 , a routing table 116 , a bridging table 118 , and a port description table 117 for carrying out packet-forwarding operations on behalf of the devices and hosts connected to the LAN and VLANs.
  • a switch fabric 112 typically includes, among other components, a bus 128 , a central processing unit (CPU) 130 , a packet forwarder 114 , a routing table 116 , a bridging table 118 , and a port description table 117 for carrying out packet-forwarding operations on behalf of the devices and hosts connected to the LAN and VLANs.
  • FIG. 2 is a block diagram illustrating certain aspects of a port management system 200 , including a switch 204 incorporating various components for automatically provisioning the switch with network resources in accordance with an embodiment of the invention.
  • the port management system 200 complements a port-based network access control system implemented on the LAN 202 , such as port-based network access control implemented using the IEEE 802.1X standard.
  • the port management system 200 may operate in conjunction with a network management system (NMS) 226 having access to configuration policy data 228 for the LAN and/or an authentication server 234 having access to a security policy data 236 for the LAN.
  • NMS network management system
  • the switch 204 is provided with a port manager 206 having components that are typically accessed via a command line interface (CLI) 238 to the switch.
  • the NMS 226 is provided with a port manager 230 that is similar to the switch port manager 206 , but having components that are typically accessed via a graphical user interface (GUI) 242 instead of a CLI 238 .
  • GUI graphical user interface
  • the NMS port manager 230 is similar to the switch port manager 206 , but generally supports only a subset of the features that are supported by the switch port manager 206 .
  • references to a port manager in the description that follows refers primarily to capabilities provided in the switch port manager 206 , but can also refer to capabilities that are provided in the NMS port manager 230 .
  • Both the CLI 238 and GUI 242 are capable of receiving and dispatching port management commands 240 entered by a user to exploit the capabilities of the port management system 200 using the port managers 206 / 230 .
  • the port manager 206 includes, among other components, a profile editor 212 that supports the creation, editing, and viewing of profiles 214 , typically through the use of various port management commands 224 .
  • a profile 214 is a set of commands that are applied to a switch 204 , i.e., executed on a switch, to configure the switch, such as to change a port configuration, or to update a policy that is enforced on the port.
  • a profile may be configured to execute in response to a user event, such as a user authentication by an authentication server.
  • a profile may also be configured to execute in response to a device event, such as the detection of a device.
  • a profile may instead be static, meaning that it is applied to the switch, not in response to an event 216 or timer 218 , but rather on demand to parameterize and simplify an otherwise complex configuration task.
  • the profile is typically executed on demand by entering a port management command 240 using the switch's CLI 238 , or remotely from the NMS 226 , using the GUI 242 .
  • profiles 214 are generally stored on the switch 204 for later execution on a processor in the switch, referred to here as a port management processor 210 .
  • profiles 232 may be created, edited, stored and viewed on the NMS 226 and later deployed to the switch 204 and stored with profiles 214 for later execution on the port management processor 210 .
  • profiles 214 stored on the switch 204 may be viewed and edited via the NMS port manager 230 .
  • the profile editor 212 may be implemented as part of a scripting component that may already be provided on the switch 204 , while in other embodiments the profile editor 212 may be implemented as a separate component. The types and uses of profiles 214 will be described in further detail below.
  • the port manager 206 includes a repository to store not only the profiles 214 , but also to store the port management network events 216 and/or timers 218 to which the profiles may be configured to respond.
  • Events 216 and timers 218 are typically defined on the switch 204 through the use of port management commands 224 , but may also be defined elsewhere and deployed to the switch using other means.
  • defined network events 216 such as the detection of a device or the authentication of a user connected to the LAN 202 , can trigger the execution of one or more profiles.
  • the timers 218 also describe events that can trigger the execution of one or more profiles, specifically the time at which, or interval after which, a profile is executed. The types and uses of events 216 and timers 218 will be described in further detail below.
  • the port manager 206 further includes a repository in which to store the values of certain variables, referred to here as port management variables 220 , where such values may be accessed by the profiles 214 at the time of execution.
  • the values of the port management variables 220 are typically automatically provided by the originator of the event upon the event's occurrence in the form of arguments or parameters communicated to the switch 204 via the LAN 202 , such as in a vendor specific attribute (VSA) string provided by an authentication server upon authentication of a user.
  • VSA vendor specific attribute
  • the values of the port management variables 220 may also be manually set by a user, such as for testing purposes, through the use of the various port management commands 240 or through other means, or may be saved from a prior execution of a profile or other command on the switch 204 .
  • the types and uses of port management variables 224 will be described in further detail below.
  • the port management processor 210 dynamically configures the affected switch ports 208 and updates their respective policies 222 as specified in the profile.
  • profiles 214 may be static or dynamic. Profiles may also be executed in persistent or non-persistent mode. Static profiles are generally executed in persistent mode, i.e., the configuration and policy changes implemented by static profiles are saved in the switch configuration 224 and preserved when the switch 204 is rebooted. Dynamic profiles 214 , however, are generally executed in non-persistent mode, meaning that the changes to the affected switch ports 208 and policy 222 are not saved in the switch configuration, and therefore not preserved when the switch is rebooted.
  • any dynamic port configuration and policy changes implemented through the execution of a profile 214 may be synchronized to the redundant switch backup (not shown) in the case of a failover, even though they may not have been saved in the switch configuration 114 .
  • FIG. 3 is a block diagram illustrating certain aspects of profiles 214 / 232 for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention.
  • profiles 214 / 232 may be categorized as device profiles 302 , so named because they are typically executed in response to an event 216 associated with a device, such as the detection or un-detection of a device connecting to the LAN 202 .
  • Device profiles 302 may also be executed in response to a timer 218 .
  • a device profile 302 is typically associated with a particular switch port 208 .
  • LLDP Link Layer Data Protocol
  • Profiles 214 / 232 may also be categorized as user profiles 304 , also referred to as security profiles, so named because they are typically executed in response to an event 216 associated with a user, such as the authentication or un-authentication of a user signing on to the LAN 202 using, for example, a MAC-based, 802.1X-based, or web-based NetLogin process.
  • a user profile 304 may also be executed in response to a timer 218 .
  • a user profile 304 may be associated with more than one switch port 208 using a switch port list 306 .
  • multiple user profiles 304 may be associated with a particular switch port, such as one profile for logon events, and another profile for logoff events.
  • the same user profile 304 may be applied at logon or logoff, but the commands contained in the user profile 304 may be configured to take different actions based on which event triggered execution.
  • Numerous parameters of a switch port 208 may be configured by the commands contained in user profiles 304 , such as the security parameters provided through an authentication server, such as a RADIUS server.
  • the RADIUS server will use a vendor-specific attribute (VSA) string in which to specify the name of the user profile 304 and a list of parameters and values that are associated with that user profile, such as the quality of service profile name, an ACL, and the name of alternate user profile to execute when the user logs off the LAN.
  • VSA vendor-specific attribute
  • the list of parameters and values in the VSA are made available to the switch at the time the user profile 304 is executed.
  • FIG. 4 is a block diagram illustrating certain other aspects of profiles 214 / 232 for automatically provisioning the switch with network resources in accordance with an embodiment of the invention.
  • profiles 214 / 232 may be further categorized as static profiles 402 or dynamic profiles 404 .
  • a dynamic profile 404 is dynamically applied to the switch in response to the occurrence of an event 216 , or upon the expiration of a timer 218 .
  • a static profile 402 is applied to the switch, not in response to an event 216 or timer 218 , but rather on demand to parameterize and simplify an otherwise complex configuration task.
  • a static profile 402 may be executed on demand by entering a port management command 240 directly on the switch using the switch's CLI 238 , or remotely from the NMS 226 , using the GUI 242 .
  • FIG. 5 is a block diagram illustrating certain aspects of port management execution modes 502 for automatically provisioning the switch with network resources in accordance with an embodiment of the invention.
  • port management execution modes 502 there are two types of port management execution modes 502 , persistent mode 504 , and non-persistent mode 506 .
  • dynamic profiles 404 are generally executed in non-persistent mode 506 , meaning that the changes to the affected switch ports 208 and policy 222 are not saved in the switch configuration, and therefore not preserved when the switch 204 is rebooted.
  • Static profiles 402 are generally executed in persistent mode 504 , meaning that the configuration and policy changes implemented by static profiles are saved in the switch configuration 224 and preserved when the switch 204 is rebooted.
  • FIG. 6 is a block diagram illustrating certain aspects of port management variables 220 for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention.
  • Port management variables 220 the values of which may be stored on the switch 204 and/or made available to the switch 204 at the time a profile is executed, may be categorized as common variables 602 , user profile variables 604 , device profile variables 606 , and CLI session variables 608 .
  • a common variable 602 is a variable that is generally available for use in any profile 214 / 232 , the values being set prior to execution of the profile.
  • Common variables 602 may be used to store values for numerous data, including but not limited to, the status of the last command execution, the name of the user in the current session of the CLI, a CLI session type, the name of the current profile, as well as the name of the event that triggered execution of the current profile, the time that the event occurred, and, if applicable, the name and type of timer that triggered the execution of the current profile and the timer's delta value, i.e., the difference between the time the timer expired and the time the profile began execution.
  • a user profile variable 604 is a variable that is generally available for use only in user profiles 304 .
  • User profile variables 604 may be used to store values for numerous data, including but not limited to, the name of the user that was authenticated, provided, for example, in the MAC address string for MAC-based NetLogin events, the number of authenticated users on the affected switch port after the occurrence of the current event, the MAC and/or IP address of the user, as well as the port and VLAN associated with the current event.
  • a device profile variable 606 is a variable that is generally available for use only in device profiles 302 .
  • Device profile variables 606 may be used to store values for numerous data, including but not limited to, the device identification, which is typically contained in the values reported in the LLDP parameters referenced earlier, the IP and MAC address of the device, as well as the power, manufacturer, and model name of the device.
  • a session variable 608 is a variable that is generally available for use only by a particular execution of a profile 214 / 232 on the switch 204 , and are used in conjunction with certain port management commands 240 used for variable management, such as commands to load, save, and delete the session variables.
  • the values of the session variables may be saved using a unique key generated during the current profile execution, and may be later retrieved and restored in a subsequent session using the same unique key. Session variables may be used in this manner to, for example, save the current profile state in order to restore the profile when a user logs off, or a device times out.
  • FIG. 7 is a block diagram illustrating certain aspects of a port management profile editor for automatically provisioning the switch with network resources in accordance with an embodiment of the invention.
  • a profile editor 212 may be used to create, edit, view and store profiles 214 / 232 in a switch 204 and/or an NMS 226 .
  • the profile editor 212 enables a user to compose commands in a profile 214 / 232 that contain, among other things, control structures 702 , built-in functions 704 , operators 706 , and variables 708 .
  • the control structures 702 allow a user to craft commands that execute conditionally or recursively based on the evaluation of expressions containing references to the various port management variables 220 described with reference to FIG. 6 .
  • the control structures 702 include, for example, “IF ( ⁇ expression>) THEN ⁇ statements>ELSE ⁇ statements>ENDIF” structures and WHILE ( ⁇ expression>) DO ⁇ statements>ENDWHILE structures.
  • the structures may be nested for additional control over command execution.
  • the expressions used in the structures may be composed of operators 706 and references to variables 708 , which may be references to port management variables 220 , the values of which are made available at the time of execution.
  • the operators 706 may include, but are not limited to, various string and integer operands, as well as Boolean and other logic operands.
  • the expressions used in the structures may also be composed of built-in functions 704 that are invoked at the time of execution, and are used to simplify common tasks in a profile, including but not limited to, string manipulation, such as matching two strings or changing a string to uppercase format.
  • FIG. 8 is a block diagram illustrating certain aspects of the operation of a port management system 200 for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention.
  • a user may enter a port management command 240 via a CLI 238 to a switch 204 to invoke the functions of a port manager 206 , including but not limited to, using the profile editor 212 to create, edit, view and store profiles 214 , to define events 216 and timers 218 , to execute profiles 214 on demand, and to create and manipulate port management variables 220 .
  • FIG. 9 is a block diagram illustrating certain other aspects of the operation of a port management system 200 for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention.
  • an event 214 may occur as a result of an authentication performed by an authentication server 902 , such as a RADIUS server.
  • the RADIUS server 902 may provide an event message 904 in the form of a vendor specific attribute (VSA) string that specifies the profile name 906 to be triggered in response to the user authentication event 214 , as well as various event parameters 908 , such as the quality of service profile specified for the user and the logoff profile.
  • VSA vendor specific attribute
  • the port management processor 210 processes the specified profile, in this case profile “p 1 ,” after substituting the event parameters 908 for the corresponding port management variables 912 , in this case quality of service profile “qp 8 ” and logoffprofile “p 2 .”
  • profile “p 1 ” the port management processor 210 configures the switch port 208 associated with the profile “p 1 ” and updates the policy 220 to be enforced on the switch port 208 , in accordance with the instructions provided by the commands contained in profile “p 1 .”
  • the port management processor 210 will update the switch configuration 222 with the configuration and policy changes made to the switch port 208 and policy 220 .
  • the port management processor 210 may also generate and execution log 914 in which to store a log of commands executed in the profile “p 1 ” 910 for subsequent use and debugging.
  • FIG. 10 is a flow diagram illustrating certain aspects of a method 1000 to be performed in a port management system 200 for automatically provisioning the switch with network resources in accordance with an embodiment of the invention.
  • a port management system 200 receives a port management command 240 via an interface, such as a CLI 238 or a GUI 242 .
  • the port management system 200 may create/edit/view a profile 214 / 232 in accordance with the port management command.
  • the port management system 200 may assign a profile to a port 208 or port list 306 in accordance with the port management command.
  • the port management system 200 may define an event 216 to trigger an execution of a profile in accordance with the port management command.
  • the port management system 200 may define a timer, the expiration of which may trigger an execution of a profile in accordance with the port management command.
  • the port management system 200 may store a profile locally on a switch for subsequent execution upon occurrence of one or more defined events and/or expiration of one or more timers.
  • FIG. 11 is a flow diagram illustrating certain other aspects of a method 1100 to be performed in a port management system 200 for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention.
  • a port management system 200 detects the occurrence of a defined event and/or the expiration of a timer.
  • the port management system 200 obtains a profile or profiles that have been configured to respond to the event.
  • the port management system 200 uses the facilities of a port management processor 210 to interpret and/or compile the obtained profile(s) to prepare them for execution, including but not limited to, substituting the values of the port management variables reference in the profiles with the current event's parameters, evaluating expressions present in the profile's control structures, and invoking the referenced built-in functions.
  • the port management processor 210 executes the interpreted/compiled profile(s) and proceeds to change the configuration and policy of the affected port or ports in accordance with the instructions in the commands of the executed profile.
  • the port management processor 210 saves the configuration and policy changes in the current switch configuration repository for preservation in case the switch is rebooted.
  • FIG. 12 illustrates one embodiment of a suitable computing environment in which certain aspects of the invention illustrated in FIGS. 1-11 may be practiced.
  • the port management system 200 and methods and apparatus for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention may be implemented on a computer system 1200 having components 1202 - 1212 , including a processor 1202 , a memory 1204 , an Input/Output device 1206 a data storage 1210 , and a network interface 1212 , coupled to each other via a bus 1208 .
  • the components perform their conventional functions known in the art and provide the means for implementing the port management system 200 . Collectively, these components represent a broad category of hardware systems, including but not limited to general purpose computer systems, servers, switches and other specialized packet-forwarding devices.
  • the memory component 1204 may include one or more of random access memory (RAM), and nonvolatile storage devices (e.g., magnetic or optical disks) on which are stored instructions and data for use by processor 1202 , including the instructions and data that comprise the port management system 200 components, including the profile editor 212 , port management processor 210 , profiles 214 , events 216 , timers 218 , and port management variables 220 .
  • the data storage component 1210 may also represent the instructions and data that comprise the port management system 200 components, including the profile editor 212 , port management processor 210 , profiles 214 , events 216 , timers 218 , and port management variables 220 .
  • the network interface component 1012 may include the switch ports 208 .
  • system 1200 may be rearranged, and that certain implementations of the present invention may not require nor include all of the above components.
  • additional components may be included in system 1200 , such as additional processors (e.g., a digital signal processor), storage devices, memories, network/communication interfaces, etc.
  • the method and apparatus for a port management system 200 in accordance with one embodiment of the invention as discussed above may be implemented as a series of software routines executed by computer system 1200 .
  • the software routines may comprise a plurality or series of instructions, code sequences, configuration information, or other data to be accessed and/or executed by a processing system such as one or more of processor 1202 .
  • a processing system such as one or more of processor 1202 .
  • the series of instructions, code sequences, configuration information, or other data may be stored on a data storage 1210 and transferred to memory 1204 via bus 1208 .
  • the series of instructions, code sequences, configuration information, or other data can be stored a data storage 1210 using any conventional computer-readable or machine-accessible storage medium, such as a diskette, CD-ROM, magnetic tape, DVD, ROM, etc. It is also to be appreciated that the series of instructions, code sequences, configuration information, or other data need not be stored locally, and could be stored on a propagated data signal received from a remote storage device, such as a server on a network, via a network/communication interface 1012 . The instructions, code sequences, configuration information, or other data may be copied from the data storage 1210 , such as mass storage, or from the propagated data signal into a memory 1204 and accessed and executed by processor 1202 .
  • the present invention is implemented in discrete hardware or firmware.
  • one or more application specific integrated circuits could be programmed with some or all of the above-described functions of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

A method is provided for a port management system in which a switch is automatically provisioned with network resources. A command or set of commands are stored and automatically executed on the switch upon the occurrence of a defined network event. The command or set of commands may be associated with one or more ports on the switch. When executed, the commands cause a change to a port configuration and/or policy on the switch to control access to a network resource. The network resource may include any device or service accessible on the network. The defined network event may include any network event associated with a device or user connected to the network. The command or set of commands may reference variables, control structures, and functions to modify command execution.

Description

    TECHNICAL FIELD
  • The present invention relates to the field of computer networks and internetworking communications technologies. In particular, the present invention relates to management of ports in a network.
    • COPYRIGHT NOTICE/PERMISSION
  • A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. The following notice applies to the software and data as described below and in the drawings hereto: Copyright © 2007, Extreme Networks, Inc., All Rights Reserved.
    • BACKGROUND
  • A network switch, such as a bridge (layer 2 switch) or a router (layer 3 switch), is a device that determines the destination of individual data packets (such as Ethernet frames) and selectively forwards them across a local area network (LAN) according to the best route for their destination. The best route is typically associated with one of a number of ports on the switch, which are the switch's external interface to the network. The port is a mission critical part of a network because the port oftentimes is an uplink, collapsing thousands of users in a local area network (LAN) onto a backbone such as the Internet.
  • The port may also be used to control access to the LAN and LAN resources through the use of port-based network access control protocols. One such protocol is the Institute of Electrical and Electronics Engineers (IEEE) Ethernet-based standard for port-based network access control, IEEE 802.1X. The IEEE 802.1X standard specifies a general method for the provision of port-based network access control. Among other uses, the IEEE 802.1X protocol may be used to authenticate and authorize devices and device users that are connected to a LAN port, where the LAN port is a single point of attachment to the LAN infrastructure, such as a port of a Media Access Control (MAC) Bridge or, in the case of a wireless LAN, an association between an end station and an IEEE 802.11 access point in the wireless LAN.
  • Once the connected device has been authenticated, the switch must be provisioned with the appropriate network resources based on the type of device and/or identity of the user. Provisioning the switch primarily involves configuring the port to which a device is connected with the proper configuration and policy data for that device and/or device user.
  • In today's complex converged network environments that support both wired and wireless access to a variety of resources, including voice, video, and data, ensuring that the switch is properly provisioned can be burdensome. For example, in order to provision the switch with the correct network resources, quality of service, and security policy for successful voice operation, the switch port to which a VoIP phone is connected must be configured with the appropriate Link Layer Data Protocol (LLDP) parameters, Virtual Local Area Network (VLAN) name, port VLAN ID, power conservation mode, call server name, 802.1Q framing parameter, and Access Control List (ACL).
  • Managing the deployment of network configuration and policy data to insure that a switch is properly provisioned has typically been the responsibility of proprietary centralized network management systems (NMS), such as the network management system sold under the trademark “EpiCenter” by Extreme Networks, Inc., of Santa Clara, Calif., the assignee of the present application. The NMS typically operates in conjunction with an authentication server, such as the RADIUS server, to dynamically deploy the proper configuration and policy data to the switch upon successful authentication and authorization of the device and/or user on the network.
  • One of the challenges presented by relying on the NMS to deploy the proper policy and configuration data to the switch is the delay between the time that the device and/or user is detected/authenticated, and the time that the policy is deployed on the switch. Such a delay can expose the LAN to malicious attack which may result is a denial or degradation of service on the LAN.
    • SUMMARY
  • According to one aspect of the invention, a switch in a network is automatically provisioned with network resources using a port management system. The port management system is a flexible framework of components that may be used to implement a method for automatically provisioning a switch with a network resource based on the occurrence of a defined network event. The network resource may include any device or service accessible on the network. The defined network event may include any network event associated with a device or user connected to the network.
  • According to one aspect of the invention, the method for automatically provisioning a switch with network resources based on the occurrence of a defined network event includes executing a profile associated with the defined network event when the event occurs. A profile contains one or more commands, the execution of which cause a dynamic port configuration change. The dynamic port configuration change enforces a particular policy on the affected port or ports.
  • According to one aspect of the invention, the port management system provides for the creation, editing and storing of profiles on the switch using the switch's command line interface (CLI). Alternatively, the port management system provides for the creation, editing and storing of profiles using a network management system (NMS) for later deployment to the switch. Once created, profiles may be associated with a particular port or port list and configured to execute upon the occurrence of one or more defined network events.
  • According to one aspect of the invention, the defined network events may include user events, such as NetLogin events occurring when a user is authenticated or unauthenticated, or device events, such as Link Layer Data Protocol (LLDP) events occurring when a device is detected or undetected. Profiles may also be configured to execute upon the occurrence of timer events, i.e., to execute at a specified time, or after a specified interval has occurred.
  • According to one aspect of the invention, profiles may be static or dynamic. Static profiles are typically not event-driven, but rather manually executed on the switch, using the CLI, in order to implement a set of commands that parameterize and simplify complex configuration tasks, such as Netlogin, or to test a profile that is otherwise considered a dynamic profile. For the purpose of managing the dynamic configuration and policy changes as described in the present application, however, most profiles are dynamic in that they are event-driven, meaning that they are automatically executed upon the occurrence of a defined network event associated with the profile, such as a user logon, or a device detection.
  • According to one aspect of the invention, profiles may be executed in persistent or non-persistent mode. Static profiles are generally executed in persistent mode, i.e., the configuration and policy changes implemented by static profiles are saved in the switch configuration and preserved when the switch is rebooted. Dynamic profiles are generally executed in non-persistent mode, meaning that the changes to the affected ports are not saved in the switch configuration, and therefore not preserved when the switch is rebooted. Regardless of whether a change is persistent or non-persistent, however, changes implemented by both static and dynamic profiles may be synchronized to the redundant switch backup in the case of a failover.
  • According to one aspect of the invention, the commands contained in the profile may contain references to variables, the values of which may be made available to the profile at the time the profile is executed on the switch. The values may include the values of arguments made available to the network when a defined network event occurs, such as the security profile variables that are made available to the network by an authentication server when a user has been authenticated on a device connected to the network. Alternatively, the values of certain variables may be determined at the time of execution by reference to values previously stored in the switch, including the values of common variables that are available to all profiles, as well as the values of session variables that are available to a particular profile to, for example, save the current state of the profile to facilitate testing and/or to facilitate restoring the affected port's configuration and policy when a user logs off or a device times out.
  • According to one aspect of the invention, profiles may contain control structures to conditionally modify command execution during the execution of the profile. For example, the control structures may include, among others, conditional execution and recursive logic that can be used in conjunction with variable expression evaluation operators to conditionally modify the execution of the commands in the profile. The profiles may also contain references to certain built-in functions to perform common tasks.
  • According to one aspect of the invention, the port management system may support execution of profiles in different error-handling modes, including the ability to ignore errors or abort execution. The port management system may further support access to a particular profile's execution history, such as in the form of a profile execution log that may be stored on the switch for later inspection via the CLI or other facility.
  • In addition to the aspects and advantages of the present invention described in this summary, further aspects and advantages of the invention will become apparent to one skilled in the art to which the invention pertains from a review of the detailed description that follows, including aspects and advantages of an apparatus to carry out the above-described port management system and methods.
    • BRIEF DESCRIPTION OF DRAWINGS
  • The present invention will be described by way of exemplary embodiments, but not limitations, illustrated in the accompanying drawings in which like references denote similar elements, and in which:
  • FIG. 1 is a block diagram illustrating certain aspects of a switch in a Local Area Network (LAN), an example of an operating environment in which the invention may be practiced;
  • FIG. 2 is a block diagram illustrating certain aspects of a port management system, including a switch incorporating a port manager and other components for automatically provisioning the switch with network resources in accordance with an embodiment of the invention;
  • FIG. 3 is a block diagram illustrating certain aspects of profiles for automatically provisioning the switch with network resources in accordance with an embodiment of the invention;
  • FIG. 4 is a block diagram illustrating certain other aspects of profiles for automatically provisioning the switch with network resources in accordance with an embodiment of the invention;
  • FIG. 5 is a block diagram illustrating certain aspects of port management execution modes for automatically provisioning the switch with network resources in accordance with an embodiment of the invention;
  • FIG. 6 is a block diagram illustrating certain aspects of port management variables for automatically provisioning the switch with network resources in accordance with an embodiment of the invention;
  • FIG. 7 is a block diagram illustrating certain aspects of a port management profile editor for automatically provisioning the switch with network resources in accordance with an embodiment of the invention;
  • FIG. 8 is a block diagram illustrating certain aspects of the operation of a port management system for automatically provisioning the switch with network resources in accordance with an embodiment of the invention;
  • FIG. 9 is a block diagram illustrating certain other aspects of the operation of a port management system for automatically provisioning the switch with network resources in accordance with an embodiment of the invention;
  • FIG. 10 is a flow diagram illustrating certain aspects of a method to be performed in a port management system for automatically provisioning the switch with network resources in accordance with an embodiment of the invention;
  • FIG. 11 is a flow diagram illustrating certain other aspects of a method to be performed in a port management system for automatically provisioning the switch with network resources in accordance with an embodiment of the invention; and
  • FIG. 12 illustrates one embodiment of a suitable computing environment in which certain aspects of the invention illustrated in FIGS. 1-11 may be practiced.
    •  DETAILED DESCRIPTION OF THE INVENTION
  • In the following description various aspects of the present invention, a method and apparatus for a port management system, will be described. Specific details will be set forth in order to provide a thorough understanding of the present invention. However, it will be apparent to those skilled in the art that the present invention may be practiced with only some or all of the described aspects of the present invention, and with or without some or all of the specific details. In some instances, well known architectures, steps, and techniques have not been shown to avoid unnecessarily obscuring the present invention. For example, specific details are not provided as to whether the method, system and apparatus is implemented in a router, bridge, server or gateway, or as a software routine, hardware circuit, firmware, or a combination thereof.
  • Parts of the description will be presented using terminology commonly employed by those skilled in the art to convey the substance of their work to others skilled in the art, including terms of operations performed by a computer system, switch, or other network device, and their operands. As well understood by those skilled in the art, these operands take the form of electrical, magnetic, or optical signals, and the operations involve storing, transferring, combining, and otherwise manipulating the signals through electrical, magnetic or optical components of a system. The term system includes general purpose as well as special purpose arrangements of these components that are standalone, adjunct or embedded.
  • Various operations will be described as multiple discrete steps performed in turn in a manner that is most helpful in understanding the present invention. However, the order of description should not be construed as to imply that these operations are necessarily performed in the order they are presented, or even order dependent. Lastly, reference throughout this specification to “one embodiment,” “an embodiment,” or “an aspect,” means that the particular feature, structure, or characteristic that is described is included in at least one embodiment of the invention, but not necessarily in the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
  • FIG. 1 is a block diagram illustrating certain aspects of a switch in a Local Area Network (LAN), and serves as an example of an operating environment in which the invention may be practiced. A network device 100, such as a switch, connects a local area network LAN 102 serving virtual LANs VLANA 106 and VLANB 108 to inter-network 104. The switch 100 comprises several ports, including the illustrated ports 110 numbered “1,” “2,” and so forth, each having a Media Access Control MAC chip 111 or similar component to connect the port 110 to LAN 102. The switch 100 further comprises a switch fabric 112 that typically includes, among other components, a bus 128, a central processing unit (CPU) 130, a packet forwarder 114, a routing table 116, a bridging table 118, and a port description table 117 for carrying out packet-forwarding operations on behalf of the devices and hosts connected to the LAN and VLANs.
  • FIG. 2 is a block diagram illustrating certain aspects of a port management system 200, including a switch 204 incorporating various components for automatically provisioning the switch with network resources in accordance with an embodiment of the invention. In a typical embodiment, the port management system 200 complements a port-based network access control system implemented on the LAN 202, such as port-based network access control implemented using the IEEE 802.1X standard. The port management system 200 may operate in conjunction with a network management system (NMS) 226 having access to configuration policy data 228 for the LAN and/or an authentication server 234 having access to a security policy data 236 for the LAN.
  • In the illustrated embodiment of the port management system 200, the switch 204 is provided with a port manager 206 having components that are typically accessed via a command line interface (CLI) 238 to the switch. Alternatively, or in addition, the NMS 226 is provided with a port manager 230 that is similar to the switch port manager 206, but having components that are typically accessed via a graphical user interface (GUI) 242 instead of a CLI 238. In a typical embodiment, the NMS port manager 230 is similar to the switch port manager 206, but generally supports only a subset of the features that are supported by the switch port manager 206. Accordingly, references to a port manager in the description that follows refers primarily to capabilities provided in the switch port manager 206, but can also refer to capabilities that are provided in the NMS port manager 230. Both the CLI 238 and GUI 242 are capable of receiving and dispatching port management commands 240 entered by a user to exploit the capabilities of the port management system 200 using the port managers 206/230.
  • In one embodiment, the port manager 206 includes, among other components, a profile editor 212 that supports the creation, editing, and viewing of profiles 214, typically through the use of various port management commands 224. A profile 214 is a set of commands that are applied to a switch 204, i.e., executed on a switch, to configure the switch, such as to change a port configuration, or to update a policy that is enforced on the port.
  • In a typical embodiment, a profile may be configured to execute in response to a user event, such as a user authentication by an authentication server. A profile may also be configured to execute in response to a device event, such as the detection of a device. As such, most profiles are dynamic, since they are dynamically applied to the switch in response to the occurrence of an event 216, or upon the expiration of a timer 218. In some cases, however, a profile may instead be static, meaning that it is applied to the switch, not in response to an event 216 or timer 218, but rather on demand to parameterize and simplify an otherwise complex configuration task. In such cases, the profile is typically executed on demand by entering a port management command 240 using the switch's CLI 238, or remotely from the NMS 226, using the GUI 242.
  • In a typical embodiment, profiles 214 are generally stored on the switch 204 for later execution on a processor in the switch, referred to here as a port management processor 210. In one embodiment, profiles 232 may be created, edited, stored and viewed on the NMS 226 and later deployed to the switch 204 and stored with profiles 214 for later execution on the port management processor 210. In some cases, profiles 214 stored on the switch 204 may be viewed and edited via the NMS port manager 230. In one embodiment, the profile editor 212 may be implemented as part of a scripting component that may already be provided on the switch 204, while in other embodiments the profile editor 212 may be implemented as a separate component. The types and uses of profiles 214 will be described in further detail below.
  • In one embodiment, the port manager 206 includes a repository to store not only the profiles 214, but also to store the port management network events 216 and/or timers 218 to which the profiles may be configured to respond. Events 216 and timers 218 are typically defined on the switch 204 through the use of port management commands 224, but may also be defined elsewhere and deployed to the switch using other means. As noted earlier, defined network events 216, such as the detection of a device or the authentication of a user connected to the LAN 202, can trigger the execution of one or more profiles. The timers 218 also describe events that can trigger the execution of one or more profiles, specifically the time at which, or interval after which, a profile is executed. The types and uses of events 216 and timers 218 will be described in further detail below.
  • In one embodiment, the port manager 206 further includes a repository in which to store the values of certain variables, referred to here as port management variables 220, where such values may be accessed by the profiles 214 at the time of execution. The values of the port management variables 220 are typically automatically provided by the originator of the event upon the event's occurrence in the form of arguments or parameters communicated to the switch 204 via the LAN 202, such as in a vendor specific attribute (VSA) string provided by an authentication server upon authentication of a user. In some cases, the values of the port management variables 220 may also be manually set by a user, such as for testing purposes, through the use of the various port management commands 240 or through other means, or may be saved from a prior execution of a profile or other command on the switch 204. The types and uses of port management variables 224 will be described in further detail below.
  • During operation of the port management system 200, upon execution of a profile 214 on the switch 204, the port management processor 210 dynamically configures the affected switch ports 208 and updates their respective policies 222 as specified in the profile. As noted earlier, profiles 214 may be static or dynamic. Profiles may also be executed in persistent or non-persistent mode. Static profiles are generally executed in persistent mode, i.e., the configuration and policy changes implemented by static profiles are saved in the switch configuration 224 and preserved when the switch 204 is rebooted. Dynamic profiles 214, however, are generally executed in non-persistent mode, meaning that the changes to the affected switch ports 208 and policy 222 are not saved in the switch configuration, and therefore not preserved when the switch is rebooted. It is contemplated that most of the commands in the profiles used to make dynamic port configuration and policy changes using the port management system 200 will be executed in non-persistent mode, meaning that such changes will not be permanently saved in the switch configuration 114. In a typical embodiment, however, any dynamic port configuration and policy changes implemented through the execution of a profile 214 may be synchronized to the redundant switch backup (not shown) in the case of a failover, even though they may not have been saved in the switch configuration 114.
  • FIG. 3 is a block diagram illustrating certain aspects of profiles 214/232 for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention. As shown, profiles 214/232 may be categorized as device profiles 302, so named because they are typically executed in response to an event 216 associated with a device, such as the detection or un-detection of a device connecting to the LAN 202. Device profiles 302 may also be executed in response to a timer 218. A device profile 302 is typically associated with a particular switch port 208. Numerous parameters of the particular switch port 208 may be configured by the commands contained in the device profile 302, such as Link Layer Data Protocol (LLDP) parameters, the values of which are made available at the time the profile is executed, including the VLAN name, port VLAN ID, power conservation mode, file server name, call server name, 802.1Q framing parameters, and Access Control List (ACL).
  • Profiles 214/232 may also be categorized as user profiles 304, also referred to as security profiles, so named because they are typically executed in response to an event 216 associated with a user, such as the authentication or un-authentication of a user signing on to the LAN 202 using, for example, a MAC-based, 802.1X-based, or web-based NetLogin process. Like device profiles 302, a user profile 304 may also be executed in response to a timer 218. Unlike device profiles 302, however, a user profile 304 may be associated with more than one switch port 208 using a switch port list 306. Unlike device profiles 302, multiple user profiles 304 may be associated with a particular switch port, such as one profile for logon events, and another profile for logoff events. Alternatively, the same user profile 304 may be applied at logon or logoff, but the commands contained in the user profile 304 may be configured to take different actions based on which event triggered execution. Numerous parameters of a switch port 208 may be configured by the commands contained in user profiles 304, such as the security parameters provided through an authentication server, such as a RADIUS server. In a typical embodiment, the RADIUS server will use a vendor-specific attribute (VSA) string in which to specify the name of the user profile 304 and a list of parameters and values that are associated with that user profile, such as the quality of service profile name, an ACL, and the name of alternate user profile to execute when the user logs off the LAN. The list of parameters and values in the VSA are made available to the switch at the time the user profile 304 is executed.
  • FIG. 4 is a block diagram illustrating certain other aspects of profiles 214/232 for automatically provisioning the switch with network resources in accordance with an embodiment of the invention. As shown, profiles 214/232 may be further categorized as static profiles 402 or dynamic profiles 404. As earlier described, a dynamic profile 404 is dynamically applied to the switch in response to the occurrence of an event 216, or upon the expiration of a timer 218. In contrast, a static profile 402 is applied to the switch, not in response to an event 216 or timer 218, but rather on demand to parameterize and simplify an otherwise complex configuration task. As such, a static profile 402 may be executed on demand by entering a port management command 240 directly on the switch using the switch's CLI 238, or remotely from the NMS 226, using the GUI 242.
  • FIG. 5 is a block diagram illustrating certain aspects of port management execution modes 502 for automatically provisioning the switch with network resources in accordance with an embodiment of the invention. As shown, there are two types of port management execution modes 502, persistent mode 504, and non-persistent mode 506. As noted earlier, dynamic profiles 404 are generally executed in non-persistent mode 506, meaning that the changes to the affected switch ports 208 and policy 222 are not saved in the switch configuration, and therefore not preserved when the switch 204 is rebooted. Static profiles 402 are generally executed in persistent mode 504, meaning that the configuration and policy changes implemented by static profiles are saved in the switch configuration 224 and preserved when the switch 204 is rebooted.
  • FIG. 6 is a block diagram illustrating certain aspects of port management variables 220 for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention. Port management variables 220, the values of which may be stored on the switch 204 and/or made available to the switch 204 at the time a profile is executed, may be categorized as common variables 602, user profile variables 604, device profile variables 606, and CLI session variables 608.
  • A common variable 602 is a variable that is generally available for use in any profile 214/232, the values being set prior to execution of the profile. Common variables 602 may be used to store values for numerous data, including but not limited to, the status of the last command execution, the name of the user in the current session of the CLI, a CLI session type, the name of the current profile, as well as the name of the event that triggered execution of the current profile, the time that the event occurred, and, if applicable, the name and type of timer that triggered the execution of the current profile and the timer's delta value, i.e., the difference between the time the timer expired and the time the profile began execution.
  • A user profile variable 604 is a variable that is generally available for use only in user profiles 304. User profile variables 604 may be used to store values for numerous data, including but not limited to, the name of the user that was authenticated, provided, for example, in the MAC address string for MAC-based NetLogin events, the number of authenticated users on the affected switch port after the occurrence of the current event, the MAC and/or IP address of the user, as well as the port and VLAN associated with the current event.
  • A device profile variable 606 is a variable that is generally available for use only in device profiles 302. Device profile variables 606 may be used to store values for numerous data, including but not limited to, the device identification, which is typically contained in the values reported in the LLDP parameters referenced earlier, the IP and MAC address of the device, as well as the power, manufacturer, and model name of the device.
  • Lastly, a session variable 608 is a variable that is generally available for use only by a particular execution of a profile 214/232 on the switch 204, and are used in conjunction with certain port management commands 240 used for variable management, such as commands to load, save, and delete the session variables. The values of the session variables may be saved using a unique key generated during the current profile execution, and may be later retrieved and restored in a subsequent session using the same unique key. Session variables may be used in this manner to, for example, save the current profile state in order to restore the profile when a user logs off, or a device times out.
  • FIG. 7 is a block diagram illustrating certain aspects of a port management profile editor for automatically provisioning the switch with network resources in accordance with an embodiment of the invention. In a typical embodiment, a profile editor 212 may be used to create, edit, view and store profiles 214/232 in a switch 204 and/or an NMS 226. The profile editor 212 enables a user to compose commands in a profile 214/232 that contain, among other things, control structures 702, built-in functions 704, operators 706, and variables 708. The control structures 702 allow a user to craft commands that execute conditionally or recursively based on the evaluation of expressions containing references to the various port management variables 220 described with reference to FIG. 6. The control structures 702 include, for example, “IF (<expression>) THEN <statements>ELSE <statements>ENDIF” structures and WHILE (<expression>) DO<statements>ENDWHILE structures. In some cases, the structures may be nested for additional control over command execution. The expressions used in the structures may be composed of operators 706 and references to variables 708, which may be references to port management variables 220, the values of which are made available at the time of execution. The operators 706 may include, but are not limited to, various string and integer operands, as well as Boolean and other logic operands. The expressions used in the structures may also be composed of built-in functions 704 that are invoked at the time of execution, and are used to simplify common tasks in a profile, including but not limited to, string manipulation, such as matching two strings or changing a string to uppercase format.
  • FIG. 8 is a block diagram illustrating certain aspects of the operation of a port management system 200 for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention. In the illustrated embodiment, during operation of the port management system 200, a user may enter a port management command 240 via a CLI 238 to a switch 204 to invoke the functions of a port manager 206, including but not limited to, using the profile editor 212 to create, edit, view and store profiles 214, to define events 216 and timers 218, to execute profiles 214 on demand, and to create and manipulate port management variables 220.
  • FIG. 9 is a block diagram illustrating certain other aspects of the operation of a port management system 200 for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention. In the illustrated embodiment, during operation of the port management system 200, an event 214 may occur as a result of an authentication performed by an authentication server 902, such as a RADIUS server. The RADIUS server 902 may provide an event message 904 in the form of a vendor specific attribute (VSA) string that specifies the profile name 906 to be triggered in response to the user authentication event 214, as well as various event parameters 908, such as the quality of service profile specified for the user and the logoff profile. At the switch 204, the port management processor 210 processes the specified profile, in this case profile “p1,” after substituting the event parameters 908 for the corresponding port management variables 912, in this case quality of service profile “qp8” and logoffprofile “p2.” Upon execution of profile “p1” the port management processor 210 configures the switch port 208 associated with the profile “p1” and updates the policy 220 to be enforced on the switch port 208, in accordance with the instructions provided by the commands contained in profile “p1.” In some cases, should the port management processor 210 be instructed to execute in persistent mode, then the port management processor 210 will update the switch configuration 222 with the configuration and policy changes made to the switch port 208 and policy 220. In one embodiment, the port management processor 210 may also generate and execution log 914 in which to store a log of commands executed in the profile “p1910 for subsequent use and debugging.
  • FIG. 10 is a flow diagram illustrating certain aspects of a method 1000 to be performed in a port management system 200 for automatically provisioning the switch with network resources in accordance with an embodiment of the invention. In one embodiment, at block 1002, a port management system 200 receives a port management command 240 via an interface, such as a CLI 238 or a GUI 242. At block 1004, the port management system 200 may create/edit/view a profile 214/232 in accordance with the port management command. At block 1006, the port management system 200 may assign a profile to a port 208 or port list 306 in accordance with the port management command. At block 1008, the port management system 200 may define an event 216 to trigger an execution of a profile in accordance with the port management command. Similarly, at block 1010, the port management system 200 may define a timer, the expiration of which may trigger an execution of a profile in accordance with the port management command. At block 1012 the port management system 200 may store a profile locally on a switch for subsequent execution upon occurrence of one or more defined events and/or expiration of one or more timers.
  • FIG. 11 is a flow diagram illustrating certain other aspects of a method 1100 to be performed in a port management system 200 for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention. In one embodiment, at block 1102, a port management system 200 detects the occurrence of a defined event and/or the expiration of a timer. At block 1104, the port management system 200 obtains a profile or profiles that have been configured to respond to the event. At block 1106, the port management system 200 uses the facilities of a port management processor 210 to interpret and/or compile the obtained profile(s) to prepare them for execution, including but not limited to, substituting the values of the port management variables reference in the profiles with the current event's parameters, evaluating expressions present in the profile's control structures, and invoking the referenced built-in functions. At block 1108, the port management processor 210 executes the interpreted/compiled profile(s) and proceeds to change the configuration and policy of the affected port or ports in accordance with the instructions in the commands of the executed profile. In one embodiment, at block 1110, if the port management execution mode is persistent, then the port management processor 210 saves the configuration and policy changes in the current switch configuration repository for preservation in case the switch is rebooted.
  • FIG. 12 illustrates one embodiment of a suitable computing environment in which certain aspects of the invention illustrated in FIGS. 1-11 may be practiced. In one embodiment, the port management system 200, and methods and apparatus for automatically provisioning the switch 204 with network resources in accordance with an embodiment of the invention may be implemented on a computer system 1200 having components 1202-1212, including a processor 1202, a memory 1204, an Input/Output device 1206 a data storage 1210, and a network interface 1212, coupled to each other via a bus 1208. The components perform their conventional functions known in the art and provide the means for implementing the port management system 200. Collectively, these components represent a broad category of hardware systems, including but not limited to general purpose computer systems, servers, switches and other specialized packet-forwarding devices.
  • In one embodiment, the memory component 1204 may include one or more of random access memory (RAM), and nonvolatile storage devices (e.g., magnetic or optical disks) on which are stored instructions and data for use by processor 1202, including the instructions and data that comprise the port management system 200 components, including the profile editor 212, port management processor 210, profiles 214, events 216, timers 218, and port management variables 220. The data storage component 1210 may also represent the instructions and data that comprise the port management system 200 components, including the profile editor 212, port management processor 210, profiles 214, events 216, timers 218, and port management variables 220. In one embodiment, the network interface component 1012 may include the switch ports 208.
  • It is to be appreciated that various components of computer system 1200 may be rearranged, and that certain implementations of the present invention may not require nor include all of the above components. Furthermore, additional components may be included in system 1200, such as additional processors (e.g., a digital signal processor), storage devices, memories, network/communication interfaces, etc.
  • In the illustrated embodiment of FIG. 12, the method and apparatus for a port management system 200 in accordance with one embodiment of the invention as discussed above may be implemented as a series of software routines executed by computer system 1200. The software routines may comprise a plurality or series of instructions, code sequences, configuration information, or other data to be accessed and/or executed by a processing system such as one or more of processor 1202. Initially, the series of instructions, code sequences, configuration information, or other data may be stored on a data storage 1210 and transferred to memory 1204 via bus 1208. It is to be appreciated that the series of instructions, code sequences, configuration information, or other data can be stored a data storage 1210 using any conventional computer-readable or machine-accessible storage medium, such as a diskette, CD-ROM, magnetic tape, DVD, ROM, etc. It is also to be appreciated that the series of instructions, code sequences, configuration information, or other data need not be stored locally, and could be stored on a propagated data signal received from a remote storage device, such as a server on a network, via a network/communication interface 1012. The instructions, code sequences, configuration information, or other data may be copied from the data storage 1210, such as mass storage, or from the propagated data signal into a memory 1204 and accessed and executed by processor 1202.
  • In alternate embodiments, the present invention is implemented in discrete hardware or firmware. For example, one or more application specific integrated circuits (ASICs) could be programmed with some or all of the above-described functions of the present invention.
  • Accordingly, a novel method and system is described for a method and apparatus for a port management system 200. From the foregoing description, those skilled in the art will recognize that many other variations of the present invention are possible. In particular, while the present invention has been described as being implemented in a network environment comprising one or more switches 100 connecting a LAN 102 and a network 104, some of the logic may be distributed in other components of a network or inter-network application. Thus, the present invention is not limited by the details described. Instead, the present invention can be practiced with modifications and alterations within the spirit and scope of the appended claims.

Claims (55)

1. A method for automatically provisioning a switch in a network, the method comprising:
storing a command on a switch having a port configuration;
detecting an occurrence of an event associated with the command; and
executing the command in response to the occurrence of the event to change the port configuration.
2. The method of claim 1, further comprising:
referencing a variable in the command, the variable having a value determined upon the occurrence of the event associated with the command;
determining the value of the referenced variable upon the occurrence of the event associated with the command; and
executing the command to change the port configuration in accordance with the determined value of the referenced variable.
3. The method of claim 2, wherein determining the value of the referenced variable is based on parameter values contained in a message for communicating the event to the network.
4. The method of claim 3, wherein the parameter values contained in the message for communicating the event to the network conform to a protocol.
5. The method of claim 3, wherein the message for communicating the event to the network was sent from an authentication server connected to the network.
6. The method of claim 2, further comprising:
referencing a control structure in the command, the control structure to modify the command's execution based on the determined value of the variable; and
modifying the command execution to change the port configuration in accordance with the referenced control structure.
7. The method of claim 2, further comprising:
referencing a function in the command, wherein the function returns a value to modify the command's execution based on the returned value; and
modifying the command execution to change the port configuration in accordance with the returned value of the referenced function.
8. The method of claim 1, wherein the event associated with the command is an event associated with a device connecting to the network.
9. The method of claim 8, wherein the event associated with the device is one of a detection and un-detection of the device connecting to the network.
10. The method of claim 8, wherein the event associated with the device is communicated to the switch using a Link Layer Data Protocol (LLDP).
11. The method of claim 1, wherein the event associated with the command is an event associated with a user connecting to the network.
12. The method of claim 11, wherein the event associated with the user connecting to the network is one of authenticating and un-authenticating the user connecting to the network.
13. The method of claim 12, wherein the event associated with the user is communicated to the switch using a NetLogin authentication protocol.
14. The method of claim 13, wherein the NetLogin authentication protocol is one of a MAC-based protocol, a web-based protocol, and an IEEE 802.1X-based protocol.
15. The method of claim 1, further comprising:
associating the command with a port on the switch; and
executing the command in response to the occurrence of the event to change the port configuration of the associated port.
16. The method of claim 1, further comprising:
executing the command in one of a persistent and non-persistent modes.
17. The method of claim 16, further comprising:
determining that the command is executing in persistent mode; and
saving the port configuration change to a persistent repository on the switch to preserve the port configuration change if the switch is re-booted.
18. The method of claim 1, further comprising:
receiving a request to execute the command from a command line interface; and
executing the command in response to the request.
19. A port management system to control access to a network resource, the system comprising:
a repository in which is stored a profile containing a set of commands, the execution of which controls access to a network resource via a port on a switch;
a definition of an event, the occurrence of which triggers execution of the profile;
a port manager having an interface to create the profile, define the event, and associate the profile with a port on the switch; and
a processor in which to operate the port manager, and in which to execute the profile upon the occurrence of the event to control access to the network resource via the associated port on the switch.
20. The port management system of claim 19, wherein the profile containing the set of commands includes a command that references a variable, the variable having a value that is determined upon the occurrence of the event, and wherein the processor executes the profile in accordance with the value of the variable.
21. The port management system of claim 20, wherein the profile containing the set of commands further includes a command that references a control structure to conditionally modify the profile execution depending on the value of the variable.
22. The port management system of claim 19, wherein the profile containing the set of commands includes a command that references a function that returns a value, and wherein the processor executes the profile in accordance with the returned value.
23. The port management system of claim 19, wherein the defined event is an event associated with a device accessing the network.
24. The port management system of claim 23, wherein the event associated with the device is one of a detection and un-detection of the device accessing the network.
25. The port management system of claim 23, wherein the event associated with the device is communicated to the switch using a Link Layer Data Protocol (LLDP).
26. The port management system of claim 19, wherein the defined event is an event associated with a user accessing the network.
27. The port management system of claim 26, wherein the event associated with the user is one of authenticating and un-authenticating the user accessing the network.
28. The port management system of claim 26, wherein the event associated with the user is communicated to the switch using a NetLogin authentication protocol.
29. The port management system of claim 28, wherein the NetLogin authentication protocol is one of a MAC-based protocol, a web-based protocol, and an IEEE 802.1X-based protocol.
30. The port management system of claim 19, in which to execute the profile upon the occurrence of the event to control access to the network resource via the associated port on the switch includes executing a command in the profile that causes a port configuration change.
31. The port management system of claim 19, in which to execute the profile upon the occurrence of the event to control access to the network resource via the associated port on the switch includes executing a command in the profile that causes a policy change.
32. The port management system of claim 19, wherein the defined event is a timer, the expiration of which triggers execution of the profile.
33. The port management system of claim 32, wherein the timer specifies a time at which the timer expires.
34. The port management system of claim 32, wherein the timer specifies an interval after which the timer expires.
35. The port management system of claim 19, wherein the network resource is a device accessible via the network.
36. The port management system of claim 19, wherein the network resource is a service accessible via the network.
37. A switch to control access to a network resource, the network device comprising:
a port having a configuration, the port configuration for controlling access to a network resource via the port;
a repository in which is stored a profile associated with the port, the profile containing a set of commands, the execution of which changes the port configuration controlling access to the network resource;
a repository in which is stored a definition of an event, the occurrence of which triggers execution of the profile; and
a processor in which to execute the profile upon the occurrence of the event to change the port configuration controlling access to the network resource via the associated port.
38. The switch of claim 37, further comprising:
a port manager having an interface, wherein the processor is to operate the port manager to create the profile in response to an input received via the interface.
39. The switch of claim 38, wherein the processor is to operate the port manager to define the event in response to the input received via the interface.
40. The switch of claim 38, wherein the processor is to associate the profile with a port on the switch in response to the input received via the interface.
41. The switch of claim 37, wherein the profile containing the set of commands includes a command that references a variable, the variable having a value that is determined upon the occurrence of the event, and wherein the processor executes the profile in accordance with the value of the variable.
42. The switch of claim 37, wherein the profile containing the set of commands further includes a command that references a control structure to conditionally modify the profile execution depending on the value of the variable.
43. The switch of claim 37, wherein the profile containing the set of commands includes a command that references a function that returns a value, and wherein the processor executes the profile in accordance with the returned value.
44. The switch of claim 37, wherein the event definition associates the event with a device connecting to the network.
45. The switch of claim 44, wherein the event definition is one of a detection and un-detection of the device connecting to the network.
46. The switch of claim 44, wherein the event is communicated to the switch using a Link Layer Data Protocol (LLDP).
47. The switch of claim 37, wherein the event definition associates the event with a user logging on to the network.
48. The switch of claim 47, wherein the event definition is one of authenticating and un-authenticating the user logging on to the network.
49. The switch of claim 47, wherein the event is communicated to the switch using a NetLogin authentication protocol.
50. The switch of claim 49, wherein the NetLogin authentication protocol is one of a MAC-based protocol, a web-based protocol, and an IEEE 802.1X-based protocol.
51. The switch of claim 37, wherein the event definition sets a timer, the expiration of which triggers execution of the profile.
52. The switch of claim 51, wherein the timer specifies a time at which the timer expires.
53. The switch of claim 51, wherein the timer specifies an interval after which the timer expires.
54. The switch of claim 37, wherein the network resource is a device accessible via the network.
55. The switch of claim 37, wherein the network resource is a service accessible via the network.
US11/731,135 2005-06-07 2007-03-30 Port management system Active 2027-01-17 US8751649B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US11/731,135 US8751649B2 (en) 2005-06-07 2007-03-30 Port management system
US11/772,031 US8279874B1 (en) 2007-03-30 2007-06-29 Self-configuring network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/147,143 US8775571B2 (en) 2005-06-07 2005-06-07 Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies
US11/731,135 US8751649B2 (en) 2005-06-07 2007-03-30 Port management system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/147,143 Continuation-In-Part US8775571B2 (en) 2005-06-07 2005-06-07 Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/772,031 Continuation-In-Part US8279874B1 (en) 2007-03-30 2007-06-29 Self-configuring network

Publications (3)

Publication Number Publication Date
US20080240104A1 true US20080240104A1 (en) 2008-10-02
US20110243133A9 US20110243133A9 (en) 2011-10-06
US8751649B2 US8751649B2 (en) 2014-06-10

Family

ID=39794199

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/731,135 Active 2027-01-17 US8751649B2 (en) 2005-06-07 2007-03-30 Port management system

Country Status (1)

Country Link
US (1) US8751649B2 (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060274774A1 (en) * 2005-06-07 2006-12-07 Extreme Networks, Inc. Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies
US20080010315A1 (en) * 2005-12-30 2008-01-10 Augmentix Corporation Platform management of high-availability computer systems
US20090010180A1 (en) * 2007-07-03 2009-01-08 Qualcomm Incorporated Methods and apparatus for resource provisioning and planning in a communication network
US20090180389A1 (en) * 2008-01-10 2009-07-16 Futurewei Technologies, Inc. Value-Adoption and Value-Translation for Automatic Provisioning of Port Parameters
US20100165876A1 (en) * 2008-12-30 2010-07-01 Amit Shukla Methods and apparatus for distributed dynamic network provisioning
US20100169467A1 (en) * 2008-12-30 2010-07-01 Amit Shukla Method and apparatus for determining a network topology during network provisioning
US20110142065A1 (en) * 2009-12-10 2011-06-16 Juniper Networks Inc. Bandwidth management switching card
US8054832B1 (en) 2008-12-30 2011-11-08 Juniper Networks, Inc. Methods and apparatus for routing between virtual resources based on a routing location policy
US8190769B1 (en) 2008-12-30 2012-05-29 Juniper Networks, Inc. Methods and apparatus for provisioning at a network device in response to a virtual resource migration notification
WO2012136261A1 (en) * 2011-04-07 2012-10-11 Nokia Siemens Networks Oy Optimization of network configuration
US8331362B2 (en) 2008-12-30 2012-12-11 Juniper Networks, Inc. Methods and apparatus for distributed dynamic network provisioning
US8443065B1 (en) 2010-11-08 2013-05-14 Adtran, Inc. System and method for locating, identifying and provisioning newly deployed network devices
US8442048B2 (en) 2009-11-04 2013-05-14 Juniper Networks, Inc. Methods and apparatus for configuring a virtual network switch
US8891406B1 (en) 2010-12-22 2014-11-18 Juniper Networks, Inc. Methods and apparatus for tunnel management within a data center
US20140359127A1 (en) * 2013-06-03 2014-12-04 Microsoft Corporation Zero touch deployment of private cloud infrastructure
US8953603B2 (en) 2009-10-28 2015-02-10 Juniper Networks, Inc. Methods and apparatus related to a distributed switch fabric
US20150163173A1 (en) * 2013-12-06 2015-06-11 Dell Products L.P. Systems and methods for integrating wireless local area networks on extended bridges
US20160091913A1 (en) * 2014-09-30 2016-03-31 Cisco Technology, Inc. Smart power management in switches and routers
US20160182295A1 (en) * 2013-05-23 2016-06-23 Netapp, Inc. Multi-Protocol Storage Network I/O Devices and Methods
WO2017076476A1 (en) * 2015-11-06 2017-05-11 Telefonaktiebolaget Lm Ericsson (Publ) Configuration technique for a network element in a communication network
US20180013798A1 (en) * 2016-07-07 2018-01-11 Cisco Technology, Inc. Automatic link security
US20230089819A1 (en) * 2021-09-22 2023-03-23 Hewlett Packard Enterprise Development Lp Source port-based identification of client role

Families Citing this family (84)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8751649B2 (en) * 2005-06-07 2014-06-10 Extreme Networks Port management system
US8279874B1 (en) 2007-03-30 2012-10-02 Extreme Networks, Inc. Self-configuring network
DE102007039516A1 (en) * 2007-08-21 2009-02-26 Deutsche Telekom Ag Method for user-specific configuration of a communication port
US8665886B2 (en) 2009-03-26 2014-03-04 Brocade Communications Systems, Inc. Redundant host connection in a routed network
JP5398410B2 (en) * 2009-08-10 2014-01-29 アラクサラネットワークス株式会社 Network system, packet transfer apparatus, packet transfer method, and computer program
US8369335B2 (en) 2010-03-24 2013-02-05 Brocade Communications Systems, Inc. Method and system for extending routing domain to non-routing end stations
US8989186B2 (en) 2010-06-08 2015-03-24 Brocade Communication Systems, Inc. Virtual port grouping for virtual cluster switching
US9769016B2 (en) 2010-06-07 2017-09-19 Brocade Communications Systems, Inc. Advanced link tracking for virtual cluster switching
US9231890B2 (en) 2010-06-08 2016-01-05 Brocade Communications Systems, Inc. Traffic management for virtual cluster switching
US8867552B2 (en) 2010-05-03 2014-10-21 Brocade Communications Systems, Inc. Virtual cluster switching
US9270486B2 (en) 2010-06-07 2016-02-23 Brocade Communications Systems, Inc. Name services for virtual cluster switching
US9716672B2 (en) 2010-05-28 2017-07-25 Brocade Communications Systems, Inc. Distributed configuration management for virtual cluster switching
US8625616B2 (en) 2010-05-11 2014-01-07 Brocade Communications Systems, Inc. Converged network extension
US9001824B2 (en) 2010-05-18 2015-04-07 Brocade Communication Systems, Inc. Fabric formation for virtual cluster switching
US9461840B2 (en) * 2010-06-02 2016-10-04 Brocade Communications Systems, Inc. Port profile management for virtual cluster switching
US8634308B2 (en) 2010-06-02 2014-01-21 Brocade Communications Systems, Inc. Path detection in trill networks
US8885488B2 (en) 2010-06-02 2014-11-11 Brocade Communication Systems, Inc. Reachability detection in trill networks
US9608833B2 (en) 2010-06-08 2017-03-28 Brocade Communications Systems, Inc. Supporting multiple multicast trees in trill networks
US9806906B2 (en) 2010-06-08 2017-10-31 Brocade Communications Systems, Inc. Flooding packets on a per-virtual-network basis
US9246703B2 (en) 2010-06-08 2016-01-26 Brocade Communications Systems, Inc. Remote port mirroring
US9628293B2 (en) 2010-06-08 2017-04-18 Brocade Communications Systems, Inc. Network layer multicasting in trill networks
US8446914B2 (en) 2010-06-08 2013-05-21 Brocade Communications Systems, Inc. Method and system for link aggregation across multiple switches
US9807031B2 (en) 2010-07-16 2017-10-31 Brocade Communications Systems, Inc. System and method for network configuration
US9270572B2 (en) 2011-05-02 2016-02-23 Brocade Communications Systems Inc. Layer-3 support in TRILL networks
US9407533B2 (en) 2011-06-28 2016-08-02 Brocade Communications Systems, Inc. Multicast in a trill network
US9401861B2 (en) 2011-06-28 2016-07-26 Brocade Communications Systems, Inc. Scalable MAC address distribution in an Ethernet fabric switch
US8948056B2 (en) 2011-06-28 2015-02-03 Brocade Communication Systems, Inc. Spanning-tree based loop detection for an ethernet fabric switch
US8879549B2 (en) 2011-06-28 2014-11-04 Brocade Communications Systems, Inc. Clearing forwarding entries dynamically and ensuring consistency of tables across ethernet fabric switch
US9007958B2 (en) 2011-06-29 2015-04-14 Brocade Communication Systems, Inc. External loop detection for an ethernet fabric switch
US8885641B2 (en) 2011-06-30 2014-11-11 Brocade Communication Systems, Inc. Efficient trill forwarding
US9736085B2 (en) 2011-08-29 2017-08-15 Brocade Communications Systems, Inc. End-to end lossless Ethernet in Ethernet fabric
US9699117B2 (en) 2011-11-08 2017-07-04 Brocade Communications Systems, Inc. Integrated fibre channel support in an ethernet fabric switch
US9450870B2 (en) 2011-11-10 2016-09-20 Brocade Communications Systems, Inc. System and method for flow management in software-defined networks
US8995435B2 (en) * 2011-12-09 2015-03-31 Brocade Communication Systems, Inc. Port profile analytics
US8995272B2 (en) 2012-01-26 2015-03-31 Brocade Communication Systems, Inc. Link aggregation in software-defined networks
US9742693B2 (en) 2012-02-27 2017-08-22 Brocade Communications Systems, Inc. Dynamic service insertion in a fabric switch
US9154416B2 (en) 2012-03-22 2015-10-06 Brocade Communications Systems, Inc. Overlay tunnel in a fabric switch
US9374301B2 (en) 2012-05-18 2016-06-21 Brocade Communications Systems, Inc. Network feedback in software-defined networks
US10277464B2 (en) 2012-05-22 2019-04-30 Arris Enterprises Llc Client auto-configuration in a multi-switch link aggregation
EP2853066B1 (en) 2012-05-23 2017-02-22 Brocade Communications Systems, Inc. Layer-3 overlay gateways
US9602430B2 (en) 2012-08-21 2017-03-21 Brocade Communications Systems, Inc. Global VLANs for fabric switches
US20140089492A1 (en) * 2012-09-27 2014-03-27 Richard B. Nelson Data collection and control by network devices in communication networks
US9401872B2 (en) 2012-11-16 2016-07-26 Brocade Communications Systems, Inc. Virtual link aggregations across multiple fabric switches
US9548926B2 (en) 2013-01-11 2017-01-17 Brocade Communications Systems, Inc. Multicast traffic load balancing over virtual link aggregation
US9413691B2 (en) 2013-01-11 2016-08-09 Brocade Communications Systems, Inc. MAC address synchronization in a fabric switch
US9350680B2 (en) 2013-01-11 2016-05-24 Brocade Communications Systems, Inc. Protection switching over a virtual link aggregation
US9565113B2 (en) 2013-01-15 2017-02-07 Brocade Communications Systems, Inc. Adaptive link aggregation and virtual link aggregation
US9565099B2 (en) 2013-03-01 2017-02-07 Brocade Communications Systems, Inc. Spanning tree in fabric switches
WO2014145750A1 (en) 2013-03-15 2014-09-18 Brocade Communications Systems, Inc. Scalable gateways for a fabric switch
US9699001B2 (en) 2013-06-10 2017-07-04 Brocade Communications Systems, Inc. Scalable and segregated network virtualization
US9565028B2 (en) 2013-06-10 2017-02-07 Brocade Communications Systems, Inc. Ingress switch multicast distribution in a fabric switch
US9806949B2 (en) 2013-09-06 2017-10-31 Brocade Communications Systems, Inc. Transparent interconnection of Ethernet fabric switches
US9912612B2 (en) 2013-10-28 2018-03-06 Brocade Communications Systems LLC Extended ethernet fabric switches
US20150172156A1 (en) * 2013-12-18 2015-06-18 Cisco Technology, Inc. Detecting end hosts in a distributed network environment
US9548873B2 (en) 2014-02-10 2017-01-17 Brocade Communications Systems, Inc. Virtual extensible LAN tunnel keepalives
US10581758B2 (en) 2014-03-19 2020-03-03 Avago Technologies International Sales Pte. Limited Distributed hot standby links for vLAG
US10476698B2 (en) 2014-03-20 2019-11-12 Avago Technologies International Sales Pte. Limited Redundent virtual link aggregation group
US10063473B2 (en) 2014-04-30 2018-08-28 Brocade Communications Systems LLC Method and system for facilitating switch virtualization in a network of interconnected switches
US9800471B2 (en) 2014-05-13 2017-10-24 Brocade Communications Systems, Inc. Network extension groups of global VLANs in a fabric switch
US10616108B2 (en) 2014-07-29 2020-04-07 Avago Technologies International Sales Pte. Limited Scalable MAC address virtualization
US9544219B2 (en) 2014-07-31 2017-01-10 Brocade Communications Systems, Inc. Global VLAN services
US9807007B2 (en) 2014-08-11 2017-10-31 Brocade Communications Systems, Inc. Progressive MAC address learning
US9524173B2 (en) 2014-10-09 2016-12-20 Brocade Communications Systems, Inc. Fast reboot for a switch
US9699029B2 (en) 2014-10-10 2017-07-04 Brocade Communications Systems, Inc. Distributed configuration management in a switch group
US9626255B2 (en) 2014-12-31 2017-04-18 Brocade Communications Systems, Inc. Online restoration of a switch snapshot
US9628407B2 (en) 2014-12-31 2017-04-18 Brocade Communications Systems, Inc. Multiple software versions in a switch group
US10003552B2 (en) 2015-01-05 2018-06-19 Brocade Communications Systems, Llc. Distributed bidirectional forwarding detection protocol (D-BFD) for cluster of interconnected switches
US9942097B2 (en) 2015-01-05 2018-04-10 Brocade Communications Systems LLC Power management in a network of interconnected switches
US10038592B2 (en) 2015-03-17 2018-07-31 Brocade Communications Systems LLC Identifier assignment to a new switch in a switch group
US9807005B2 (en) 2015-03-17 2017-10-31 Brocade Communications Systems, Inc. Multi-fabric manager
US9860114B2 (en) 2015-03-31 2018-01-02 Cisco Technology, Inc. Rapid provisioning in a dynamic network environment
US10579406B2 (en) 2015-04-08 2020-03-03 Avago Technologies International Sales Pte. Limited Dynamic orchestration of overlay tunnels
US10756984B2 (en) 2015-04-13 2020-08-25 Wirepath Home Systems, Llc Method and apparatus for creating and managing network device port VLAN configurations
US10439929B2 (en) 2015-07-31 2019-10-08 Avago Technologies International Sales Pte. Limited Graceful recovery of a multicast-enabled switch
US10171303B2 (en) 2015-09-16 2019-01-01 Avago Technologies International Sales Pte. Limited IP-based interconnection of switches with a logical chassis
US9912614B2 (en) 2015-12-07 2018-03-06 Brocade Communications Systems LLC Interconnection of switches based on hierarchical overlay tunneling
US11018947B2 (en) 2016-01-27 2021-05-25 Oracle International Corporation System and method for supporting on-demand setup of local host channel adapter port partition membership in a high-performance computing environment
US10440152B2 (en) * 2016-01-27 2019-10-08 Oracle International Corporation System and method of initiating virtual machine configuration on a subordinate node from a privileged node in a high-performance computing environment
US10972375B2 (en) 2016-01-27 2021-04-06 Oracle International Corporation System and method of reserving a specific queue pair number for proprietary management traffic in a high-performance computing environment
US10237090B2 (en) 2016-10-28 2019-03-19 Avago Technologies International Sales Pte. Limited Rule-based network identifier mapping
US11277407B2 (en) * 2017-09-15 2022-03-15 Hewlett Packard Enterprise Development Lp Disabling MAC address aging time for an internet of things (IoT) device on a network switch
JP7380671B2 (en) * 2019-03-05 2023-11-15 住友電気工業株式会社 Management device, vehicle communication system, vehicle communication management method, and vehicle communication management program
JP7384198B2 (en) 2019-03-05 2023-11-21 住友電気工業株式会社 Management device, communication system, vehicle, vehicle communication management method, and vehicle communication management program
US20230224213A1 (en) * 2022-01-13 2023-07-13 Target Brands, Inc. Network switch with automated port provisioning

Citations (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5561763A (en) * 1994-02-10 1996-10-01 Fujitsu Limited Method and apparatus for testing an application in a client/server database system using pseudo-database server and debugger processes
US5751967A (en) * 1994-07-25 1998-05-12 Bay Networks Group, Inc. Method and apparatus for automatically configuring a network device to support a virtual network
US6070187A (en) * 1998-03-26 2000-05-30 Hewlett-Packard Company Method and apparatus for configuring a network node to be its own gateway
US6307544B1 (en) * 1998-07-23 2001-10-23 International Business Machines Corporation Method and apparatus for delivering a dynamic context sensitive integrated user assistance solution
US20020009078A1 (en) * 2000-05-12 2002-01-24 Tim Wilson Server and method for providing specific network services
US6456306B1 (en) * 1995-06-08 2002-09-24 Nortel Networks Limited Method and apparatus for displaying health status of network devices
US20020194407A1 (en) * 2001-04-25 2002-12-19 Kim Hyon T. Maintaining fabric device configuration through dynamic reconfiguration
US20030217148A1 (en) * 2002-05-16 2003-11-20 Mullen Glen H. Method and apparatus for LAN authentication on switch
US20040003600A1 (en) * 2002-04-30 2004-01-08 Lancer Partnership, Ltd. Cooling bank control assembly for a beverage dispensing system
US6816897B2 (en) * 2001-04-30 2004-11-09 Opsware, Inc. Console mapping tool for automated deployment and management of network devices
US6904424B1 (en) * 1999-10-21 2005-06-07 International Business Machines Corporation Method and a system for managing shell script file development and execution
US20050195949A1 (en) * 2004-02-26 2005-09-08 Frattura David E. Status transmission system and method
US20050204176A1 (en) * 1999-03-12 2005-09-15 Fujitsu Limited Power control of remote apparatus via network
US20050264420A1 (en) * 2004-05-13 2005-12-01 Cisco Technology, Inc. A Corporation Of California Automated configuration of network device ports
US20060133383A1 (en) * 2004-12-22 2006-06-22 Russell Homer Communications system with scan table identification
US20060168203A1 (en) * 2001-11-07 2006-07-27 Phillippe Levillain Policy rule management for QoS provisioning
US20060187849A1 (en) * 2005-02-22 2006-08-24 Mohamed Hamedi Interpreter engine
US20060236095A1 (en) * 2005-02-14 2006-10-19 Smith Robert D Systems and methods for automatically configuring and managing network devices and virtual private networks
US20060274774A1 (en) * 2005-06-07 2006-12-07 Extreme Networks, Inc. Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies
US20070038699A1 (en) * 2005-07-12 2007-02-15 Capricode Oy Method and device arrangement for managing a user application/device management server/client device environment
US20070064624A1 (en) * 2005-09-20 2007-03-22 Finn Norman W System and method for floating port configuration
US20080101240A1 (en) * 2006-10-26 2008-05-01 Cisco Technology, Inc. Apparatus and methods for authenticating voice and data devices on the same port
US7380025B1 (en) * 2003-10-07 2008-05-27 Cisco Technology, Inc. Method and apparatus providing role-based configuration of a port of a network element
US20080147455A1 (en) * 2006-12-14 2008-06-19 Sap Ag Enterprise verification and certification framework
US7411915B1 (en) * 2004-07-21 2008-08-12 Cisco Technology, Inc. Automatically configuring switch ports with appropriate features
US20080219184A1 (en) * 2007-03-05 2008-09-11 Fowler Jeffery L Discovery of network devices
US20110243133A9 (en) * 2005-06-07 2011-10-06 Anil Villait Port management system
US8279874B1 (en) * 2007-03-30 2012-10-02 Extreme Networks, Inc. Self-configuring network

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6104700A (en) 1997-08-29 2000-08-15 Extreme Networks Policy based quality of service
CA2308261A1 (en) 2000-05-12 2001-11-12 Solution Inc. Limited Vlan implementation system and on-demand routable ip address service
US6985956B2 (en) 2000-11-02 2006-01-10 Sun Microsystems, Inc. Switching system
US7092943B2 (en) 2002-03-01 2006-08-15 Enterasys Networks, Inc. Location based data
RU2305906C2 (en) 2002-07-08 2007-09-10 Пэкитфрант Свидн Аб Method for dynamically configuring a network equipment port
EP1558002B1 (en) 2004-01-23 2008-10-08 Siemens Aktiengesellschaft Method for assigning an IP-address to a device
US7735140B2 (en) 2004-06-08 2010-06-08 Cisco Technology, Inc. Method and apparatus providing unified compliant network audit

Patent Citations (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5561763A (en) * 1994-02-10 1996-10-01 Fujitsu Limited Method and apparatus for testing an application in a client/server database system using pseudo-database server and debugger processes
US5751967A (en) * 1994-07-25 1998-05-12 Bay Networks Group, Inc. Method and apparatus for automatically configuring a network device to support a virtual network
US6456306B1 (en) * 1995-06-08 2002-09-24 Nortel Networks Limited Method and apparatus for displaying health status of network devices
US6070187A (en) * 1998-03-26 2000-05-30 Hewlett-Packard Company Method and apparatus for configuring a network node to be its own gateway
US6307544B1 (en) * 1998-07-23 2001-10-23 International Business Machines Corporation Method and apparatus for delivering a dynamic context sensitive integrated user assistance solution
US20050204176A1 (en) * 1999-03-12 2005-09-15 Fujitsu Limited Power control of remote apparatus via network
US6904424B1 (en) * 1999-10-21 2005-06-07 International Business Machines Corporation Method and a system for managing shell script file development and execution
US20020009078A1 (en) * 2000-05-12 2002-01-24 Tim Wilson Server and method for providing specific network services
US20020194407A1 (en) * 2001-04-25 2002-12-19 Kim Hyon T. Maintaining fabric device configuration through dynamic reconfiguration
US6816897B2 (en) * 2001-04-30 2004-11-09 Opsware, Inc. Console mapping tool for automated deployment and management of network devices
US20060168203A1 (en) * 2001-11-07 2006-07-27 Phillippe Levillain Policy rule management for QoS provisioning
US20040003600A1 (en) * 2002-04-30 2004-01-08 Lancer Partnership, Ltd. Cooling bank control assembly for a beverage dispensing system
US20030217148A1 (en) * 2002-05-16 2003-11-20 Mullen Glen H. Method and apparatus for LAN authentication on switch
US7380025B1 (en) * 2003-10-07 2008-05-27 Cisco Technology, Inc. Method and apparatus providing role-based configuration of a port of a network element
US20050195949A1 (en) * 2004-02-26 2005-09-08 Frattura David E. Status transmission system and method
US20050264420A1 (en) * 2004-05-13 2005-12-01 Cisco Technology, Inc. A Corporation Of California Automated configuration of network device ports
US7411915B1 (en) * 2004-07-21 2008-08-12 Cisco Technology, Inc. Automatically configuring switch ports with appropriate features
US20060133383A1 (en) * 2004-12-22 2006-06-22 Russell Homer Communications system with scan table identification
US20060236095A1 (en) * 2005-02-14 2006-10-19 Smith Robert D Systems and methods for automatically configuring and managing network devices and virtual private networks
US20060187849A1 (en) * 2005-02-22 2006-08-24 Mohamed Hamedi Interpreter engine
US20060274774A1 (en) * 2005-06-07 2006-12-07 Extreme Networks, Inc. Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies
US20110243133A9 (en) * 2005-06-07 2011-10-06 Anil Villait Port management system
US20070038699A1 (en) * 2005-07-12 2007-02-15 Capricode Oy Method and device arrangement for managing a user application/device management server/client device environment
US20070064624A1 (en) * 2005-09-20 2007-03-22 Finn Norman W System and method for floating port configuration
US20080101240A1 (en) * 2006-10-26 2008-05-01 Cisco Technology, Inc. Apparatus and methods for authenticating voice and data devices on the same port
US20080147455A1 (en) * 2006-12-14 2008-06-19 Sap Ag Enterprise verification and certification framework
US20080219184A1 (en) * 2007-03-05 2008-09-11 Fowler Jeffery L Discovery of network devices
US8279874B1 (en) * 2007-03-30 2012-10-02 Extreme Networks, Inc. Self-configuring network

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060274774A1 (en) * 2005-06-07 2006-12-07 Extreme Networks, Inc. Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies
US8775571B2 (en) 2005-06-07 2014-07-08 Extreme Networks, Inc. Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies
US20080010315A1 (en) * 2005-12-30 2008-01-10 Augmentix Corporation Platform management of high-availability computer systems
US7805734B2 (en) * 2005-12-30 2010-09-28 Augmentix Corporation Platform management of high-availability computer systems
US20090010180A1 (en) * 2007-07-03 2009-01-08 Qualcomm Incorporated Methods and apparatus for resource provisioning and planning in a communication network
US20090180389A1 (en) * 2008-01-10 2009-07-16 Futurewei Technologies, Inc. Value-Adoption and Value-Translation for Automatic Provisioning of Port Parameters
US8351348B2 (en) * 2008-01-10 2013-01-08 Futurewei Technologies, Inc. Value-adoption and value-translation for automatic provisioning of port parameters
US8190769B1 (en) 2008-12-30 2012-05-29 Juniper Networks, Inc. Methods and apparatus for provisioning at a network device in response to a virtual resource migration notification
US8565118B2 (en) * 2008-12-30 2013-10-22 Juniper Networks, Inc. Methods and apparatus for distributed dynamic network provisioning
US20100165876A1 (en) * 2008-12-30 2010-07-01 Amit Shukla Methods and apparatus for distributed dynamic network provisioning
US8255496B2 (en) 2008-12-30 2012-08-28 Juniper Networks, Inc. Method and apparatus for determining a network topology during network provisioning
US9032054B2 (en) 2008-12-30 2015-05-12 Juniper Networks, Inc. Method and apparatus for determining a network topology during network provisioning
US8054832B1 (en) 2008-12-30 2011-11-08 Juniper Networks, Inc. Methods and apparatus for routing between virtual resources based on a routing location policy
US8331362B2 (en) 2008-12-30 2012-12-11 Juniper Networks, Inc. Methods and apparatus for distributed dynamic network provisioning
US20100169467A1 (en) * 2008-12-30 2010-07-01 Amit Shukla Method and apparatus for determining a network topology during network provisioning
US9813359B2 (en) 2009-10-28 2017-11-07 Juniper Networks, Inc. Methods and apparatus related to a distributed switch fabric
US9356885B2 (en) 2009-10-28 2016-05-31 Juniper Networks, Inc. Methods and apparatus related to a distributed switch fabric
US8953603B2 (en) 2009-10-28 2015-02-10 Juniper Networks, Inc. Methods and apparatus related to a distributed switch fabric
US8442048B2 (en) 2009-11-04 2013-05-14 Juniper Networks, Inc. Methods and apparatus for configuring a virtual network switch
US9882776B2 (en) 2009-11-04 2018-01-30 Juniper Networks, Inc. Methods and apparatus for configuring a virtual network switch
US8937862B2 (en) 2009-11-04 2015-01-20 Juniper Networks, Inc. Methods and apparatus for configuring a virtual network switch
US8315254B2 (en) * 2009-12-10 2012-11-20 Juniper Networks, Inc. Bandwidth management switching card
US20110142065A1 (en) * 2009-12-10 2011-06-16 Juniper Networks Inc. Bandwidth management switching card
US8443065B1 (en) 2010-11-08 2013-05-14 Adtran, Inc. System and method for locating, identifying and provisioning newly deployed network devices
US8891406B1 (en) 2010-12-22 2014-11-18 Juniper Networks, Inc. Methods and apparatus for tunnel management within a data center
WO2012136261A1 (en) * 2011-04-07 2012-10-11 Nokia Siemens Networks Oy Optimization of network configuration
US20160182295A1 (en) * 2013-05-23 2016-06-23 Netapp, Inc. Multi-Protocol Storage Network I/O Devices and Methods
US10587469B2 (en) * 2013-05-23 2020-03-10 Netapp, Inc. Multi-protocol storage network I/O devices and methods
US20140359127A1 (en) * 2013-06-03 2014-12-04 Microsoft Corporation Zero touch deployment of private cloud infrastructure
US20150163173A1 (en) * 2013-12-06 2015-06-11 Dell Products L.P. Systems and methods for integrating wireless local area networks on extended bridges
US9473425B2 (en) * 2013-12-06 2016-10-18 Dell Products L.P. Systems and methods for integrating wireless local area networks on extended bridges
US9749934B2 (en) 2013-12-06 2017-08-29 Dell Products L.P. Systems and methods for integrating wireless local area networks on extended bridges
US20160091913A1 (en) * 2014-09-30 2016-03-31 Cisco Technology, Inc. Smart power management in switches and routers
WO2017076476A1 (en) * 2015-11-06 2017-05-11 Telefonaktiebolaget Lm Ericsson (Publ) Configuration technique for a network element in a communication network
US20180013798A1 (en) * 2016-07-07 2018-01-11 Cisco Technology, Inc. Automatic link security
US20230089819A1 (en) * 2021-09-22 2023-03-23 Hewlett Packard Enterprise Development Lp Source port-based identification of client role

Also Published As

Publication number Publication date
US8751649B2 (en) 2014-06-10
US20110243133A9 (en) 2011-10-06

Similar Documents

Publication Publication Date Title
US8751649B2 (en) Port management system
US6981174B1 (en) Method and apparatus for a redundant port
RU2620995C2 (en) Method and system for distributed resilient network interconnect (drni) status update
US7751416B2 (en) Virtual network device
US7710903B2 (en) System and method for floating port configuration
US20220353684A1 (en) System And Methods For Transit Path Security Assured Network Slices
US8279874B1 (en) Self-configuring network
CN112235123A (en) Business function registration mechanism and capability indexing
US20110200041A1 (en) Intelligent Adjunct Network Device
US9350628B2 (en) Dynamic management of maintenance association membership in a computer network
CN115699696A (en) Support device for Time Sensitive Network (TSN) operation using TSN configuration verification
JP2019057905A (en) Role-based automatic configuration system and method for ethernet(r) switches
EP3200398B1 (en) Automated mirroring and remote switch port analyzer (rspan)/encapsulated remote switch port analyzer (erspan) functions using fabric attach (fa) signaling
US9929878B1 (en) Auto detection and prevention of loop, segmentation and traffic outage in a G.8032 ring network
US20240106708A1 (en) Fabric availability and synchronization
US11296931B2 (en) Method of deploying a network configuration in a datacenter having a point of presence
US20100189010A1 (en) Network edge switch configuration based on connection profile
US20100191852A1 (en) Source configuration based on connection profile
Cisco Release Notes for Catalyst 6000 Family Software Release 6.x
Cisco Catalyst 6000 and Cisco 7600 Supervisor Engine and MSFC - Cisco IOS Release 12.2(9)YO
Cisco Release Notes for the Catalyst 3550 Multilayer Switch, Cisco IOS Release 12.1(9)EA1c
Cisco Release Notes for the Catalyst 3550 Multilayer Switch, Cisco IOS Release 12.1(9)EA1a
Cisco Release Notes for Catalyst 2948G-L3 and Catalyst 4908G-L3 for Cisco IOS Release 12.0(10)W5(18g)
US20200366672A1 (en) Authentication in a software defined network
EP3432518B1 (en) Remote management method and circuitry for mobile broadband router

Legal Events

Date Code Title Description
AS Assignment

Owner name: EXTREME NETWORKS, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:VILLAIT, ANIL;SUIZO, NICK G.;DESUR, GOVIND RAJ;AND OTHERS;REEL/FRAME:019373/0167

Effective date: 20070520

STCF Information on status: patent grant

Free format text: PATENTED CASE

CC Certificate of correction
AS Assignment

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: SECURITY AGREEMENT;ASSIGNOR:EXTREME NETWORKS, INC.;REEL/FRAME:036189/0284

Effective date: 20150724

AS Assignment

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: AMENDED AND RESTATED PATENT AND TRADEMARK SECURITY AGREEMENT;ASSIGNOR:EXTREME NETWORKS, INC.;REEL/FRAME:040521/0762

Effective date: 20161028

AS Assignment

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: SECOND AMENDED AND RESTATED PATENT AND TRADEMARK SECURITY AGREEMENT;ASSIGNOR:EXTREME NETWORKS, INC.;REEL/FRAME:043200/0614

Effective date: 20170714

AS Assignment

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: THIRD AMENDED AND RESTATED PATENT AND TRADEMARK SECURITY AGREEMENT;ASSIGNOR:EXTREME NETWORKS, INC.;REEL/FRAME:044639/0300

Effective date: 20171027

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551)

Year of fee payment: 4

AS Assignment

Owner name: BANK OF MONTREAL, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNOR:EXTREME NETWORKS, INC.;REEL/FRAME:046050/0546

Effective date: 20180501

Owner name: EXTREME NETWORKS, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:SILICON VALLEY BANK;REEL/FRAME:046051/0775

Effective date: 20180501

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

AS Assignment

Owner name: BANK OF MONTREAL, NEW YORK

Free format text: AMENDED SECURITY AGREEMENT;ASSIGNORS:EXTREME NETWORKS, INC.;AEROHIVE NETWORKS, INC.;REEL/FRAME:064782/0971

Effective date: 20230818