公开(公告)号：US20210092021A1

公开(公告)日：2021-03-25

申请号：US16576387

申请日：2019-09-19

Applicant: Cisco Technology Inc.

Inventor： Amine Choukir ,  Roberto Muccifora ,  Antonio Trifilo ,  Domenico Ficara ,  Vincent Cuissard ,  Salvatore Valenza

IPC: H04L12/24 ,  H04L29/12 ,  H04W12/06

Abstract: A method is provided in a wireless local area network controller in a wireless communication network. The wireless communication network includes one or more virtual networks identified with virtual network IDs, VNIDs. A request is received from a wireless client to onboard onto the network and the wireless client is mapped to an onboarding VNID. The onboarding VNID is associated with an onboarding virtual network that does not require an authentication of the wireless client. An Internet Protocol address assignment is forwarded to the wireless client. The wireless client is remapped from the onboarding VNID to the destination VNID after authenticating the wireless client. The wireless client maintains the assigned IP address after moving from the onboarding VNID to the destination VNID. Access to the wireless client on a virtual network identified by the destination VNID is provided via the assigned IP address.

公开(公告)号：US11489875B2

公开(公告)日：2022-11-01

申请号：US16774950

申请日：2020-01-28

Applicant: Cisco Technology, Inc.

Inventor： Antonio Trifilo ,  Maria Carpen Amarie ,  Thomas Vegas ,  Anirban Karmakar ,  Shree N. Murthy

IPC: G06F13/00 ,  H04L9/40 ,  H04L47/70 ,  H04L61/4511

Abstract: The use of device context in applying security policies is provided by receiving a Domain Name Service (DNS) query for a network resource from a user device (UD) at a DNS analysis server, the DNS query including a functional label describing a context of the UD; analyzing the DNS query to determine whether the UD is permitted to access the network resource based on the functional label; and in response to the functional label indicating that the UD is not permitted to access the network resource, transmitting a block page to the UD. The functional label can be added to the DNS query by a Mobile Device Management application on the UD, a router associated with the UD, or an enterprise server. Contexts for previously blocked DNS queries can be aggregated to identify UDs sharing at least one value with the previously blocked DNS queries as security compromised devices.

公开(公告)号：US11140043B2

公开(公告)日：2021-10-05

申请号：US16576387

申请日：2019-09-19

Applicant: Cisco Technology Inc.

Inventor： Amine Choukir ,  Roberto Muccifora ,  Antonio Trifilo ,  Domenico Ficara ,  Vincent Cuissard ,  Salvatore Valenza

IPC: H04L12/24 ,  H04W12/06 ,  H04L29/12 ,  H04W84/12

Abstract: A method is provided in a wireless local area network controller in a wireless communication network. The wireless communication network includes one or more virtual networks identified with virtual network IDs, VNIDs. A request is received from a wireless client to onboard onto the network and the wireless client is mapped to an onboarding VNID. The onboarding VNID is associated with an onboarding virtual network that does not require an authentication of the wireless client. An Internet Protocol address assignment is forwarded to the wireless client. The wireless client is remapped from the onboarding VNID to the destination VNID after authenticating the wireless client. The wireless client maintains the assigned IP address after moving from the onboarding VNID to the destination VNID. Access to the wireless client on a virtual network identified by the destination VNID is provided via the assigned IP address.