公开(公告)号：US20210044622A1

公开(公告)日：2021-02-11

申请号：US16532385

申请日：2019-08-05

Applicant: Cisco Technology, Inc.

Inventor： Gautam Venkataramanan ,  Umamaheswararao Karyampudi ,  Murukanandam K. Panchalingam ,  Ajay K. Modi ,  Maurizio Portolani

IPC: H04L29/06 ,  H04L12/24

Abstract: Techniques for hierarchical security policies are disclosed. A first network configuration is received, where the first network configuration includes a plurality of subnets and a plurality of security zones. An updated network configuration is generated based on the first network configuration by generating, for a first security zone of the plurality of security zones, a first master class, and generating, for each respective subnet of the plurality of subnets, a respective bridge domain. For each respective bridge domain, a respective local endpoint group (EPG) corresponding to the first security zone is created, and the first master class is assigned to the respective local EPG. Finally, one or more contracts are generated for the first master class based on the first network configuration.

公开(公告)号：US09100350B2

公开(公告)日：2015-08-04

申请号：US14021402

申请日：2013-09-09

Applicant: Cisco Technology, Inc.

Inventor： Maurizio Portolani ,  Christian Elsen

IPC: H04L12/701 ,  H04L12/741 ,  H04L12/713 ,  H04L12/721 ,  G06F9/50 ,  H04L12/46

CPC classification number: H04L45/74 ,  G06F9/5077 ,  H04L12/4633 ,  H04L12/4641 ,  H04L45/00 ,  H04L45/586 ,  H04L45/66 ,  H04L2212/00

Abstract: There is provided a router for use in a datacenter, the router including a frame receiving module operative to receive a traffic frame and a frame forwarding module operative to forward the traffic frame to a second router in a second datacenter if a Destination Media Access Control (DMAC) address included in the traffic frame is different from all of the following: a Burned in Address of the router; a Burned in Address of at least one server associated with the router; a Media Access Control (MAC) address of one of a Hot Standby Routing Protocol (HSRP) group and a Virtual Router Redundancy Protocol (VRRP) group of the router; and a MAC address of one of a HSRP group and a VRRP group of a subnet hosted by the router.

Abstract translation: 提供了一种在数据中心中使用的路由器，路由器包括可操作以接收业务帧的帧接收模块和可在第二数据中心中将业务帧转发到第二路由器的帧转发模块，如果目的地媒体访问控制（ 包含在流量帧中的DMAC地址与以下所有不同：a路由器的已烧录地址; 与路由器相关联的至少一个服务器的已烧录地址; 路由器的热备份路由协议（HSRP）组和虚拟路由器冗余协议（VRRP）组之一的媒体访问控制（MAC）地址; 以及由路由器托管的子网的HSRP组和VRRP组之一的MAC地址。

公开(公告)号：US20140181279A1

公开(公告)日：2014-06-26

申请号：US13721738

申请日：2012-12-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Yves Louis ,  Patrick Wetterwald ,  Patrick Grossetete ,  Maurizio Portolani

IPC: H04L12/24 ,  H04L9/08

CPC classification number: H04L41/28 ,  H04L12/2807 ,  H04L63/0272 ,  H04W12/02 ,  H04W12/06

Abstract: Techniques are providing for managing and optimizing the configuration of network devices. At a management device in a network, a message is received from a first network device via a wireless link or a power line communication link between the management device and the first network device. The new network device is classified as belonging to one of a plurality of network device zones based on evaluating the message. A response message is then sent to the new network device via the wireless link or the power line communication link to ensure secure access to a virtual console-port is provided for the management device and the network devices in the network device zones.

Abstract translation: 技术提供管理和优化网络设备的配置。 在网络中的管理设备处，经由无线链路或管理设备与第一网络设备之间的电力线通信链路从第一网络设备接收消息。 基于评估消息，将新的网络设备分类为属于多个网络设备区域中的一个。 然后通过无线链路或电力线通信链路将响应消息发送到新网络设备，以确保为网络设备区域中的管理设备和网络设备提供对虚拟控制台端口的安全访问。

公开(公告)号：US11336694B2

公开(公告)日：2022-05-17

申请号：US16532385

申请日：2019-08-05

Applicant: Cisco Technology, Inc.

Inventor： Gautam Venkataramanan ,  Umamaheswararao Karyampudi ,  Murukanandam K. Panchalingam ,  Ajay K. Modi ,  Maurizio Portolani

IPC: G06F17/30 ,  H04L29/06 ,  H04L41/0893 ,  H04L41/0803 ,  H04L41/0813

Abstract: Techniques for hierarchical security policies are disclosed. A first network configuration is received, where the first network configuration includes a plurality of subnets and a plurality of security zones. An updated network configuration is generated based on the first network configuration by generating, for a first security zone of the plurality of security zones, a first master class, and generating, for each respective subnet of the plurality of subnets, a respective bridge domain. For each respective bridge domain, a respective local endpoint group (EPG) corresponding to the first security zone is created, and the first master class is assigned to the respective local EPG. Finally, one or more contracts are generated for the first master class based on the first network configuration.

公开(公告)号：US09118588B2

公开(公告)日：2015-08-25

申请号：US13721738

申请日：2012-12-20

Applicant: Cisco Technology, Inc.

Inventor： Yves Louis ,  Patrick Wetterwald ,  Patrick Grossetete ,  Maurizio Portolani

IPC: H04L12/24 ,  H04W12/02 ,  H04W12/06 ,  H04L12/28 ,  H04L29/06

CPC classification number: H04L41/28 ,  H04L12/2807 ,  H04L63/0272 ,  H04W12/02 ,  H04W12/06

Abstract: Techniques are providing for managing and optimizing the configuration of network devices. At a management device in a network, a message is received from a first network device via a wireless link or a power line communication link between the management device and the first network device. The new network device is classified as belonging to one of a plurality of network device zones based on evaluating the message. A response message is then sent to the new network device via the wireless link or the power line communication link to ensure secure access to a virtual console-port is provided for the management device and the network devices in the network device zones.

Abstract translation: 技术提供管理和优化网络设备的配置。 在网络中的管理设备处，经由无线链路或管理设备与第一网络设备之间的电力线通信链路从第一网络设备接收消息。 基于评估消息，将新的网络设备分类为属于多个网络设备区域中的一个。 然后通过无线链路或电力线通信链路将响应消息发送到新网络设备，以确保为网络设备区域中的管理设备和网络设备提供对虚拟控制台端口的安全访问。