公开(公告)号：US11716284B2

公开(公告)日：2023-08-01

申请号：US17308224

申请日：2021-05-05

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Ashwin Kumar

IPC: H04L12/741 ,  H04L45/74 ,  H04L9/40

CPC classification number: H04L45/74 ,  H04L63/205

Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.

公开(公告)号：US20210119971A1

公开(公告)日：2021-04-22

申请号：US16985664

申请日：2020-08-05

Applicant: Cisco Technology, Inc.

Inventor： Saravanan Radhakrishnan ,  Anand Oswal ,  Ashwin Kumar ,  Paul Wayne Bigbee ,  Darrin Joseph Miller

IPC: H04L29/06

Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.

公开(公告)号：US11985110B2

公开(公告)日：2024-05-14

申请号：US17932092

申请日：2022-09-14

Applicant: Cisco Technology, Inc.

Inventor： Saravanan Radhakrishnan ,  Anand Oswal ,  Ashwin Kumar ,  Paul Wayne Bigbee ,  Darrin Joseph Miller

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/101 ,  H04L63/20

Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.

公开(公告)号：US12267238B2

公开(公告)日：2025-04-01

申请号：US18198104

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Ashwin Kumar

IPC: H04L45/74 ,  H04L9/40

Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.

公开(公告)号：US20220360528A1

公开(公告)日：2022-11-10

申请号：US17308224

申请日：2021-05-05

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Ashwin Kumar

IPC: H04L12/741 ,  H04L29/06

Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.

公开(公告)号：US20230014351A1

公开(公告)日：2023-01-19

申请号：US17932092

申请日：2022-09-14

Applicant: Cisco Technology, Inc.

Inventor： Saravanan Radhakrishnan ,  Anand Oswal ,  Ashwin Kumar ,  Paul Wayne Bigbee ,  Darrin Joseph Miller

IPC: H04L9/40

Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.

公开(公告)号：US09860257B1

公开(公告)日：2018-01-02

申请号：US15619701

申请日：2017-06-12

Applicant: Cisco Technology, Inc.

Inventor： Ashwin Kumar ,  Saravanan Radhakrishnan

IPC: H04L12/26 ,  H04L29/06 ,  G06F11/30 ,  G06F1/26 ,  G06F11/34

CPC classification number: H04L63/14 ,  G06F1/26 ,  G06F1/263 ,  G06F1/28 ,  G06F11/3062 ,  G06F11/34 ,  H04L43/08 ,  H04L43/16 ,  H04L63/1425 ,  H04L63/1458

Abstract: A network device communicates network traffic in one or more network flows via a plurality of ports. Each port is connected to a corresponding computing device. The network device collects flow-based network data associated with each corresponding computing device. The network device supplies electrical power to the corresponding computing devices via one or more of the ports, and collects power data associated with each corresponding computing device based on the electrical power supplied to each of the ports. The network device combines the flow-based network data for each corresponding computing device and the power data for each corresponding computer device to generate combined data associated with each corresponding computing device. The network device then exports the combined data for the corresponding computing devices to a security server, which detects anomalous behavior in the computing devices.

公开(公告)号：US20170318460A1

公开(公告)日：2017-11-02

申请号：US15142061

申请日：2016-04-29

Applicant: Cisco Technology, Inc.

Inventor： Ashwin Kumar ,  Sarat Pollakattu ,  John D. Parello ,  Padmanabhan Ramanujam

IPC: H04W12/06 ,  H04L29/06 ,  H04B10/116 ,  H04L9/32 ,  H04L9/30 ,  H04W84/12

CPC classification number: H04W12/06 ,  H04B10/116 ,  H04L9/302 ,  H04L9/3249 ,  H04L9/3252 ,  H04L63/083 ,  H04L2463/082

Abstract: A method is provided in which a network access system receives an initial request from a device requesting access to the network. In response to successfully authenticating the initial access request, the system causes a code to be transmitted in light emitted by one or more light fixtures within a physical space in which access to the network is to be restricted. The system receives information from the device requesting access to the network and determines whether to permit the device access to the network based on the initial request and on whether the received information is derived from the code transmitted by the one or more light fixtures, thereby indicating that the requesting device is within the physical space.

公开(公告)号：US20230291687A1

公开(公告)日：2023-09-14

申请号：US18198104

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Prakash C. Jain ,  Sanjay Kumar Hooda ,  Darrin Joseph Miller ,  Ashwin Kumar

IPC: H04L45/74 ,  H04L9/40

CPC classification number: H04L45/74 ,  H04L63/205

Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.

公开(公告)号：US11483290B2

公开(公告)日：2022-10-25

申请号：US16985664

申请日：2020-08-05

Applicant: Cisco Technology, Inc.

Inventor： Saravanan Radhakrishnan ,  Anand Oswal ,  Ashwin Kumar ,  Paul Wayne Bigbee ,  Darrin Joseph Miller

IPC: H04L29/06 ,  H04L9/40

Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.