公开(公告)号：US20220417742A1

公开(公告)日：2022-12-29

申请号：US17555295

申请日：2021-12-17

Applicant: Juniper Networks, Inc.

Inventor： Sanjoy Dey ,  Deanna Sue Hong ,  Jacob Thomas ,  Viacheslav Dementyev ,  Bo-Chieh Yang ,  Jordan Batch

IPC: H04W12/0433 ,  H04W12/0431 ,  H04W12/06

Abstract: Techniques are described that enable onboarding of a plurality of heterogeneous client devices with secure access to a wireless network using a network management system (NMS). The NMS has a memory to store a plurality of private pre-shared keys (PPSKs), where each PPSK is provisioned for a particular client device or a particular group of client devices. In response to a key lookup request from an access point (AP) device for a client device, the NMS performs a key lookup and, in response to identifying a PPSK provisioned for the client device, authenticates the client device to access the wireless network via the AP device. The NMS then manages one or more of tracking the client device, policy application to the client device, or handling of network traffic from the client device while connected to the wireless network using the PPSK as an identifier of the client device.

公开(公告)号：US12192241B2

公开(公告)日：2025-01-07

申请号：US17937208

申请日：2022-09-30

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.

公开(公告)号：US20230403305A1

公开(公告)日：2023-12-14

申请号：US17937208

申请日：2022-09-30

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40 ,  H04L41/22

CPC classification number: H04L63/20 ,  H04L41/22 ,  H04L63/104 ,  H04L63/0876

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.

公开(公告)号：US20250141932A1

公开(公告)日：2025-05-01

申请号：US19003918

申请日：2024-12-27

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.

公开(公告)号：US20230403272A1

公开(公告)日：2023-12-14

申请号：US17934124

申请日：2022-09-21

Applicant: Juniper Networks, Inc.

Inventor： Madhava Rao Cheethirala ,  Pavan Kumar Venkata Satish Bharathapudi ,  Natarajan Manthiramoorthy ,  Pavan Basetty ,  Raja Rao Tadimeti ,  Viacheslav Dementyev

IPC: H04L9/40 ,  H04L67/1097

CPC classification number: H04L63/0876 ,  H04L63/0823 ,  H04L63/166 ,  H04L67/1097

Abstract: A multi-tenant, cloud-hosted Network Access Control (NAC) system may receive an indicator from a Network Access Server (NAS) device to identify the tenant with which the NAS device is associated. The NAS device may put the identifier in the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) extension Server Name Indication (SNI) field. The NAC system may use the identifier to obtain tenant-specific configuration information for setting up a secure tunnel with the NAS device.