公开(公告)号：US10397141B2

公开(公告)日：2019-08-27

申请号：US15721914

申请日：2017-10-01

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Atri Indiresan ,  Da-Yuan Tung ,  Kaushik Kumar Dam ,  Anand Pulicat Gopalakrishnan

IPC: H04L12/931 ,  H04L12/24 ,  H04L12/46 ,  H04L29/06

Abstract: In one embodiment a network device includes a plurality of ports. The network device is adapted to receive at least one configuring instruction, and adapted, after receipt of any of the at least one configuring instruction, to configure one or more access ports, of the plurality of ports, for endpoint virtual local area network (VLAN) assignment that is in accordance with at least one VLAN assignment algorithm. The at least one VLAN assignment algorithm allows at least two endpoints to be assigned to at least two different respective VLANs of a plurality of VLANs in a network, the at least one VLAN assignment algorithm enabling the at least two endpoints to connect to a same access port of the one or more access ports and provide data which is not VLAN tagged when received at the same access port.

公开(公告)号：US10721133B2

公开(公告)日：2020-07-21

申请号：US16058541

申请日：2018-08-08

Applicant: Cisco Technology, Inc.

Inventor： Praveen Nagarajan ,  Shashank Vinchurkar ,  Rajesh Arora ,  Anand Pulicat Gopalakrishnan ,  Leena Shrirang Chunekar ,  Nayan Seth ,  Sanjay Hooda ,  Amey Magar

IPC: H04L12/24

Abstract: In one embodiment, a supervisory device designates a particular networking device among a set of networking devices as a seed device and one or more interfaces of the seed device as discovery interfaces. The supervisory device coordinates, starting from the one or more discovery interfaces of the seed device, discovery of a Layer 2 topology of the set of networking devices, by designating one or more interfaces of a discovered networking device as discovery interfaces. The supervisory device converts, starting from at least one of the network devices farthest from the seed device in the Layer 2 topology and ending with the seed device, links of the Layer 2 topology into Layer 3 links, to form an underlay network.

公开(公告)号：US10205738B2

公开(公告)日：2019-02-12

申请号：US15208176

申请日：2016-07-12

Applicant: Cisco Technology, Inc.

Inventor： Sindhu Subramanya ,  Anand Pulicat Gopalakrishnan ,  Payal Shah Rambhia ,  Amey Magar ,  Lio Cheng ,  Ningjia Huang

IPC: H04L29/06 ,  H04L12/24 ,  G06F21/57 ,  G06F21/55

Abstract: A method is presented in which a system reduces the risk of an advanced persistent threat (“APT”) detected at one or more network devices by implementing one or more mitigation actions depending on the nature of the detected threat. Accordingly, in response to detecting the risk of an APT at one or more network devices, a centralized controller implements one or more mitigation actions to minimize the vulnerability of an enterprise network to unauthorized access to one or more network resources. A centralized controller may therefore instruct one or more network devices to take appropriate mitigation actions depending on the nature of an APT detected on one or more network devices.

公开(公告)号：US11165636B2

公开(公告)日：2021-11-02

申请号：US16203949

申请日：2018-11-29

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Atri Indiresan ,  Jerish Sam David ,  Anand Pulicat Gopalakrishnan

IPC: H04L12/24 ,  H04L12/933 ,  H04L12/751

Abstract: In one embodiment, a method is performed at a controller of a fabric that is connected to a first seed device in the fabric. The method includes obtaining a connectivity graph of the fabric including the first seed device. The method further includes causing the first seed device to send a first request to a first neighboring device in the connectivity graph via a first interface of the first seed device connectable to the first neighboring device. The method also includes assigning fabric component properties to devices in the fabric based at least in part on a first message from the first seed device, where the first seed device generates the first message based at least in part on a first response from the first neighboring device received via the first interface. The method additionally includes converting the first neighboring device to a second seed device in the fabric.

公开(公告)号：US20200177447A1

公开(公告)日：2020-06-04

申请号：US16203949

申请日：2018-11-29

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Atri Indiresan ,  Jerish Sam David ,  Anand Pulicat Gopalakrishnan

IPC: H04L12/24 ,  H04L12/751 ,  H04L12/933

Abstract: In one embodiment, a method is performed at a controller of a fabric that is connected to a first seed device in the fabric. The method includes obtaining a connectivity graph of the fabric including the first seed device. The method further includes causing the first seed device to send a first request to a first neighboring device in the connectivity graph via a first interface of the first seed device connectable to the first neighboring device. The method also includes assigning fabric component properties to devices in the fabric based at least in part on a first message from the first seed device, where the first seed device generates the first message based at least in part on a first response from the first neighboring device received via the first interface. The method additionally includes converting the first neighboring device to a second seed device in the fabric.

公开(公告)号：US20200052971A1

公开(公告)日：2020-02-13

申请号：US16058541

申请日：2018-08-08

Applicant: Cisco Technology, Inc.

Inventor： Praveen Nagarajan ,  Shashank Vinchurkar ,  Rajesh Arora ,  Anand Pulicat Gopalakrishnan ,  Leena Shrirang Chunekar ,  Nayan Seth ,  Sanjay Hooda ,  Amey Magar

IPC: H04L12/24

Abstract: In one embodiment, a supervisory device designates a particular networking device among a set of networking devices as a seed device and one or more interfaces of the seed device as discovery interfaces. The supervisory device coordinates, starting from the one or more discovery interfaces of the seed device, discovery of a Layer 2 topology of the set of networking devices, by designating one or more interfaces of a discovered networking device as discovery interfaces. The supervisory device converts, starting from at least one of the network devices farthest from the seed device in the Layer 2 topology and ending with the seed device, links of the Layer 2 topology into Layer 3 links, to form an underlay network.

公开(公告)号：US20180020017A1

公开(公告)日：2018-01-18

申请号：US15208176

申请日：2016-07-12

Applicant: Cisco Technology, Inc.

Inventor： Sindhu Subramanya ,  Anand Pulicat Gopalakrishnan ,  Payal Shah Rambhia ,  Amey Magar ,  Lio Cheng ,  Ningjia Huang

IPC: H04L29/06 ,  H04L12/24 ,  G06F21/57

CPC classification number: H04L63/1433 ,  G06F21/552 ,  G06F21/575 ,  H04L41/0816 ,  H04L41/0853 ,  H04L41/0863 ,  H04L41/28 ,  H04L63/101 ,  H04L63/1441

Abstract: A method is presented in which a system reduces the risk of an advanced persistent threat (“APT”) detected at one or more network devices by implementing one or more mitigation actions depending on the nature of the detected threat. Accordingly, in response to detecting the risk of an APT at one or more network devices, a centralized controller implements one or more mitigation actions to minimize the vulnerability of an enterprise network to unauthorized access to one or more network resources. A centralized controller may therefore instruct one or more network devices to take appropriate mitigation actions depending on the nature of an APT detected on one or more network devices.