公开(公告)号：US20150288603A1

公开(公告)日：2015-10-08

申请号：US14246351

申请日：2014-04-07

Applicant: Cisco Technology, Inc.

Inventor： Thamilarasu Kandasamy ,  Scott Fluhrer ,  Lewis Chen ,  Brian Weis

IPC: H04L12/741 ,  H04L12/805

CPC classification number: H04L45/74 ,  H04L12/4633 ,  H04L12/4641 ,  H04L47/36 ,  H04L63/0272 ,  H04W28/0257

Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.

Abstract translation: 这里描述了用于优化网络中的通信的技术。 在虚拟专用网络中的路由器处，从由路由器保护的子网络中的设备接收分组。 路由器检查数据包以确定标识设备的源地址和标识数据包的目标网络设备的目标地址。 路由器还分析数据包以确定数据包的大小，并确定数据包的大小是否大于最大传输单元大小。 如果分组的大小大于最大传输单元大小，路由器将包含目标地址的报头和标识路由器的新源地址封装在一起。

公开(公告)号：US12184648B2

公开(公告)日：2024-12-31

申请号：US18167593

申请日：2023-02-10

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Shree N. Murthy ,  Pradeep Kumar Kathail ,  Brian Weis

IPC: H04L9/40 ,  H04L47/2441 ,  H04L65/1073 ,  H04W80/02

Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

公开(公告)号：US11818572B2

公开(公告)日：2023-11-14

申请号：US17590440

申请日：2022-02-01

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Dhananjay Shrikrishna Patki ,  Brian Weis ,  Pradeep Kathail

IPC: H04W12/06 ,  H04L9/40

CPC classification number: H04W12/06 ,  H04L63/0876 ,  H04L63/0892

Abstract: Multiple authenticated identities for a single wireless association may be provided. First, an Access Point (AP) may provide an association with a client device. The AP may then establish, on the association, a first authenticated session for the client device based on a first media access control (MAC) address and a first identity. Next, the AP may establish, on same the association, a second authenticated session for the client device based on a second MAC address and a second identity.

公开(公告)号：US20220159459A1

公开(公告)日：2022-05-19

申请号：US17590440

申请日：2022-02-01

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Dhananjay Shrikrishna Patki ,  Brian Weis ,  Pradeep Kathail

IPC: H04W12/06 ,  H04L9/40

Abstract: Multiple authenticated identities for a single wireless association may be provided. First, an Access Point (AP) may provide an association with a client device. The AP may then establish, on the association, a first authenticated session for the client device based on a first media access control (MAC) address and a first identity. Next, the AP may establish, on same the association, a second authenticated session for the client device based on a second MAC address and a second identity.

公开(公告)号：US11277424B2

公开(公告)日：2022-03-15

申请号：US16296373

申请日：2019-03-08

Applicant: Cisco Technology, Inc.

Inventor： Pengywan Wang ,  Brian Weis

IPC: H04L29/06 ,  G06N20/00

Abstract: In one embodiment, a monitoring process identifies a set of counters maintained by a networking device by comparing a configuration of the networking device to an object relationship model. The monitoring process obtains counter values from the identified set of counters maintained by the networking device. The monitoring process detects an anomaly by using the obtained counter values as input to a machine learning-based anomaly detector. The monitoring process generates an anomaly detection alert for the detected anomaly.

公开(公告)号：US20210266316A1

公开(公告)日：2021-08-26

申请号：US17307446

申请日：2021-05-04

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Shree N. Murthy ,  Pradeep Kumar Kathail ,  Brian Weis

IPC: H04L29/06 ,  H04L12/851 ,  H04W80/02

Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

公开(公告)号：US20200244655A1

公开(公告)日：2020-07-30

申请号：US16260455

申请日：2019-01-29

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Shree N. Murthy ,  Pradeep Kumar Kathail ,  Brian Weis

IPC: H04L29/06 ,  H04W80/02 ,  H04L12/851

Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

公开(公告)号：US10595320B2

公开(公告)日：2020-03-17

申请号：US15726961

申请日：2017-10-06

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Brian Weis ,  Richard Lee Barnes, II

IPC: H04L12/00 ,  H04W72/04 ,  H04W48/04 ,  H04W92/10 ,  H04W88/12 ,  H04W48/16 ,  H04W12/08 ,  H04W8/24

Abstract: A process for implementing temporary rules for network devices is described. In one embodiment, the process includes a controller receiving a manufacturer usage description (MUD) identifier from a first device. The controller retrieves a MUD file associated with the MUD identifier. The controller registers a device identifier associated with the first device with a delegated controller determined based on the MUD file. The delegated controller is configured to generate a dynamic policy for the first device. The controller receives a dynamic policy from the delegated controller for the first device. The dynamic policy may be configured to permit a communication session between the first device and a second device. The controller forwards the dynamic policy to an access control device in communication with the first device to enable the access control device to permit the communication session between the first device and the second device.

公开(公告)号：US20190288842A1

公开(公告)日：2019-09-19

申请号：US16005990

申请日：2018-06-12

Applicant: Cisco Technology, Inc.

Inventor： Brian Weis ,  David M. Carrel ,  Michael L. Sullenberger

IPC: H04L9/12 ,  H04L29/06 ,  H04L9/08

Abstract: Techniques are presented for encryption key rollover synchronization in a network. In one embodiment, a method includes generating a new set of public-key encryption keys for a first network element. Based on the new set of public-key encryption keys, a set of new security associations between the first network element and each other network element in the network is generated. The method includes providing a new public key from the new set of public-key encryption keys to a network controller and using security associations associated with a previous set of public-key encryption keys for encrypted communication between the first network element and each other network element. Upon obtaining, from a second network element, traffic protected by a security association from the set of new security associations, the method includes using the new security associations for subsequent encrypted communication between the first network element and the second network element.

公开(公告)号：US20180115611A1

公开(公告)日：2018-04-26

申请号：US15333313

申请日：2016-10-25

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Brian Weis ,  Mordechai Alon

IPC: H04L29/08 ,  H04L29/12 ,  H04L29/06

Abstract: Presented herein are techniques in which one or more network devices can use information provided by a special purpose network connected device to retrieve a usage profile (i.e., configuration file) associated with the special purpose network connected device. The retrieved usage profile, which includes/describes preselected (predetermined) usage descriptions associated with the special purpose network connected device, can then be used to configure one or more network devices. For example, the predetermined usage descriptions associated with the special purpose network connected device can be instantiated and enforced at a network device or the predetermined usage descriptions can be used for auditing the special purpose network connected device (e.g., monitoring of traffic within the network).