公开(公告)号：US10454882B2

公开(公告)日：2019-10-22

申请号：US15638413

申请日：2017-06-30

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Aniket Ghule ,  Vimarsh Puneet ,  Atri Indiresan

IPC: H04L12/46 ,  H04L29/06 ,  H04L29/12

Abstract: Address support and network address transparency may be provided. First, a border device may receive a processed network configuration parameter request having an address of a subnet to which a client device is associated and information data in an information field of the network configuration parameter request. The information data may comprise an address of a network device and an identifier of the subnet to which the client device is associated. Next, the border device may encapsulate the processed network configuration parameter request with the information data extracted from the processed network configuration parameter request. The border device may then forward the encapsulated network configuration parameter response to the network device.

公开(公告)号：US20180255017A1

公开(公告)日：2018-09-06

申请号：US15447291

申请日：2017-03-02

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Syam Sundar V Appala ,  Kaushik Kumar Dam ,  Vimarsh Puneet

IPC: H04L29/12 ,  H04L29/08 ,  H04L12/24

CPC classification number: H04L41/0893 ,  H04L61/2514 ,  H04L61/2521 ,  H04L61/2571 ,  H04L67/306

Abstract: A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. The policy server receives a first message from a network element connected to the client device. The first message requests an identity-based policy for the client device, and includes a first network address. The policy server receives a second message from an identity server. The second message includes information indicating an identity role and a second network address. The policy server receives a third message from a NAT device. The third message includes a NAT mapping that correlates the first network address with the second network address. After the policy server determines the identity-based policy based on a combination of the first message, the second message, and the third message, the policy server implements the identity-based policy in the network element.

公开(公告)号：US10887175B2

公开(公告)日：2021-01-05

申请号：US16502554

申请日：2019-07-03

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Syam Sundar V Appala ,  Kaushik Kumar Dam ,  Vimarsh Puneet

IPC: G06F15/16 ,  H04L12/24 ,  H04L29/08 ,  H04L29/12

Abstract: A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. A network element connected to the client device obtains an authentication message including a first network address from the client device. The network element provides the authentication device to an identity server via a Network Address Translation (NAT) device, which translates the first network address to a second network address. The network element also provides a first message including the first network address to the policy server to request an identity-based policy for network communications of the client device. The network element implements the identity-based policy authorized by the policy server.

公开(公告)号：US20190327150A1

公开(公告)日：2019-10-24

申请号：US16502554

申请日：2019-07-03

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Syam Sundar V Appala ,  Kaushik Kumar Dam ,  Vimarsh Puneet

IPC: H04L12/24 ,  H04L29/12 ,  H04L29/08

Abstract: A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. A network element connected to the client device obtains an authentication message including a first network address from the client device. The network element provides the authentication device to an identity server via a Network Address Translation (NAT) device, which translates the first network address to a second network address. The network element also provides a first message including the first network address to the policy server to request an identity-based policy for network communications of the client device. The network element implements the identity-based policy authorized by the policy server.

公开(公告)号：US10397060B2

公开(公告)日：2019-08-27

申请号：US15447291

申请日：2017-03-02

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Syam Sundar V Appala ,  Kaushik Kumar Dam ,  Vimarsh Puneet

IPC: G06F15/16 ,  H04L12/24 ,  H04L29/08 ,  H04L29/12

Abstract: A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. The policy server receives a first message from a network element connected to the client device. The first message requests an identity-based policy for the client device, and includes a first network address. The policy server receives a second message from an identity server. The second message includes information indicating an identity role and a second network address. The policy server receives a third message from a NAT device. The third message includes a NAT mapping that correlates the first network address with the second network address. After the policy server determines the identity-based policy based on a combination of the first message, the second message, and the third message, the policy server implements the identity-based policy in the network element.

公开(公告)号：US20190007368A1

公开(公告)日：2019-01-03

申请号：US15638413

申请日：2017-06-30

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  Aniket Ghule ,  Vimarsh Puneet ,  Atri Indiresan

IPC: H04L29/12 ,  H04W88/04 ,  H04L29/06

CPC classification number: H04L61/2015 ,  H04L12/4633 ,  H04L12/4645 ,  H04L63/0272 ,  H04L63/0471

Abstract: Address support and network address transparency may be provided. First, a border device may receive a processed network configuration parameter request having an address of a subnet to which a client device is associated and information data in an information field of the network configuration parameter request. The information data may comprise an address of a network device and an identifier of the subnet to which the client device is associated. Next, the border device may encapsulate the processed network configuration parameter request with the information data extracted from the processed network configuration parameter request. The border device may then forward the encapsulated network configuration parameter response to the network device.

公开(公告)号：US20150334652A1

公开(公告)日：2015-11-19

申请号：US14571466

申请日：2014-12-16

Applicant: Cisco Technology, Inc.

Inventor： Saurav Prasad ,  Kabiraj Sethi ,  Vimarsh Puneet

IPC: H04W52/02 ,  H04W8/24

CPC classification number: H04W8/005 ,  H04W8/24 ,  H04W52/0212 ,  Y02D70/142

Abstract: A network device includes ports to communicate with and provide power to devices connected thereto. The network device serves access points (APs) that connect wirelessly to client devices. The network device detects that a client device has wirelessly connected to or disconnected from an AP that is connected to the network device. Responsive to the detecting, the network device accesses predetermined power control information associated with the client device. If the power control information identifies one or more of the multiple ports, the network device selectively provides power to the identified one or more ports when the client device is detected as being connected to the AP and removes power from the identified one or more ports when the client device is detected as not being connected to the AP.

Abstract translation: 网络设备包括与其连接的设备进行通信和向其提供电力的端口。 网络设备提供无线连接到客户端设备的接入点（AP）。 网络设备检测到客户端设备已经与连接到网络设备的AP无线连接或断开连接。 响应于检测，网络设备访问与客户端设备相关联的预定功率控制信息。 如果功率控制信息识别多个端口中的一个或多个，则当客户端设备被检测为连接到AP时，网络设备选择性地向所识别的一个或多个端口提供电力，并且当从所识别的一个或多个端口移除电力时， 检测到客户端设备未连接到AP。