CN102130919A - 个人虚拟桥接局域网 - Google Patents

个人虚拟桥接局域网 Download PDF

Info

Publication number
CN102130919A
CN102130919A CN2011100961113A CN201110096111A CN102130919A CN 102130919 A CN102130919 A CN 102130919A CN 2011100961113 A CN2011100961113 A CN 2011100961113A CN 201110096111 A CN201110096111 A CN 201110096111A CN 102130919 A CN102130919 A CN 102130919A
Authority
CN
China
Prior art keywords
vlan
authentication code
received frame
encryption
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011100961113A
Other languages
English (en)
Other versions
CN102130919B (zh
Inventor
丹尼斯·迈克尔·沃尔帕诺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN102130919A publication Critical patent/CN102130919A/zh
Application granted granted Critical
Publication of CN102130919B publication Critical patent/CN102130919B/zh
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/467Arrangements for supporting untagged frames, e.g. port-based VLANs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S370/00Multiplex communications
    • Y10S370/908Local area network
    • Y10S370/911Bridge, e.g. brouter, bus extender

Abstract

一种用于分离在与桥接器相关的STA中的业务的机制,这里称作个人虚拟桥接局域网(个人VLAN),是基于通过利用一个VLAN分离业务的。IEEE802.1Q一1998(虚拟桥接LAN)协议提供一个通过本发明扩展的机制以在理论上把一个局域网段划分为多个VLAN。在优选实施例中,VLAN桥接器仅仅转发单播和群播帧到服务于帧所属的VLAN的端口。本发明的一个实例扩展该标准VLAN桥接模型以提供一个适合于在AP内使用的机制。在一个优选实施例中,个人的VLAN桥接器在至少任何下列方法中扩展了标准VLAN桥接器:VLAN发现,其中一个个人VLAN桥接器提供一个用于VLAN发现的协议;VLAN扩展,其中一个个人VLAN允许一个站建立一个服务于新VLAN的新端口,或经由认证协议加入一个现存的VLAN;逻辑端口,其中一个个人VLAN桥接器保持每一物理端口多于一个逻辑端口,并且该桥接器桥接在任何种类的端口之间;和加密的VLAN分离。

Description

个人虚拟桥接局域网
本发明专利申请是国际申请号为PCT/US2002/002905,国际申请日为2002年2月1日,进入中国国家阶段的申请号为02825771.5,名称为“个人虚拟桥接局域网”的发明专利申请的分案申请。
技术领域
本发明涉及局域网。更特别地,本发明涉及一种个人虚拟桥接局域网。
背景技术
接入点(AP)是在一个或多个站(STA)和分布系统(DS)之间的链路层桥接器。参见IEEE 802.11,无线局域网媒体存取控制和物理层规范,ISO/IEC8802-11:1999(E),ANSI/IEEE Std 802.11、1999版本。一种DS的实例是一个局域网段,或一个企业内部互联网。AP启动将经由无线发送的分组,或者从发射站发送(STA)到DS的分组、或者从DS发送到STA的分组。因此,接入点至少具有两个物理端口。一个是DS接口,而另一个是一个无线电接口。每个具有他们自己无线接口的多个STA可以通过多路复用AP单独共享无线接口而发送分组到DS。该无线电接口在一个特殊的频率下操作,并且多个STA通过保证互相专用访问媒质的MAC PHY协议共享该媒质。DS同样通过利用相同的协议发送分组。
AP的STA具有一个基本服务组ID(BSSID)。理论上它用来划分802.11基本服务组。每一个和AP相关的STA共享AP的BSSID。去往由AP或STA接收的组地址的帧将丢弃,假如AP or STA所属的BSS不匹配该帧的BSSID。在这种意义上讲,该BSSID起一个虚拟LAN ID(VID)的作用。参看IEEE 802.1Q,用于本地和城域网IEEE标准:虚拟桥接局域网,IEEE Std 802.1Q-1998。由于和相同的AP相关,因此每个站是相同的虚拟局域网(VLAN)的成员。
然而,在BSS中的每个STA将不会共享相同的VLAN,除非这些STA彼此信任。然而,在公共区域配置中,当他们之间典型地不存在信任时,所有与AP有关的STA被请求共享相同的VLAN。这就导致了STA的易受攻击,例如一个不信任的STA发射地对各种链路层的攻击,例如地址解析协议(ARP)高速缓冲存储器再映射。
提供用于在与桥接器相关的多个STA中间分离业务的机制是有益的,因此例如一个与所述桥接器相关的不被信任的STA不能对与相同的桥接器相关的另一个STA发起链路层的(OSI层2)攻击。
发明内容
本发明提供用于在与桥接器相关的多个STA中分离业务的机制,因此例如一个与所述桥接器相关的不被信任的STA不能对与相同的桥接器相关的另一个STA发射链路层(OSI层2)攻击。本发明是基于通过利用VLAN分离业务的。IEEE 802.1Q-1998(虚拟桥接LAN)协议提供一个通过本发明扩展的机制以在理论上把一个的局域网段划分为多个VLAN。在优选实施例中,VLAN桥接器仅仅转发单播和群播帧(unicast and group frames)到服务于帧所属的VLAN端口。本发明的一个实例扩展该标准VLAN桥接模型以提供一个适合于在AP内使用的机制。
假定AP附属于DS。和AP相关的每个站将有机会建立一个具有它本身的新的VLAN,并且该DS也作为它的成员。这样在信任和不信任的STA之间的业务被分离,即使他们和相同的AP相关。通常,假如DS包括多个VLAN,则VLAN任何子集的成员可以是该新VLAN的成员。所以将有一个方法去发现现存的VLAN。此外,将有一个加入现存VLAN的协议。建立一个VLAN和加入现存的VLAN都需要认证操作。IEEE标准802.1Q-1998VLAN模型用于这种目的是有欠缺的,因为它不能提供这种能力。本发明的优选实施例包括一个提供这种能力的机制,在这里称为个人虚拟桥接局域网(个人VLAN)。
在优选实施例中,个人的VLAN桥接在至少任何下列方法中扩展了标准VLAN桥接器:
·VLAN发现:一个个人VLAN提供一个用于VLAN发现的协议(在下文中讨论)。
·VLAN扩展/建立:一个个人的VLAN桥接器允许一个站建立一个服务于新VLAN的新端口,或加入现存的VLAN或经由认证协议加入现存的VLAN。
·逻辑端口:一个个人的VLAN桥接可以保持每个物理端口超过一个逻辑端口。它桥接在任何种类的端口之间。一个VLAN的成员组按照逻辑与物理端口定义。每个逻辑端口具有通过桥接控制的生存期。
·密码的VLAN分离:在一个个人的VLAN中,一个逻辑端口至多服务一个VLAN。然而,因为每一物理端口可能有超过一个逻辑端口,多于一个VLAN就可能存在于一个物理端口上。在一个VLAN内的业务与在相同的物理端口上的另一个VLAN通过密码术分离。认证码唯一地识别业务所属的VLAN,同时加密的另一个等级用来保持除VLAN的成员之外的专用业务
·通过路由器支持的第2层VLAN:当STA可以漫游和再安装到在不同桥接器上的网络时,例如通过和新的AP相关,STA可以通知它已经所属的VLAN的桥接器。该VLAN可能已经通过站,例如其本身,在另一个桥接器上被建立,该另一个桥接器在该桥接器上将VLAN连接到一个或多个逻辑或物理端口。即使新的桥接可能是位于不同的子网,STA可以在第2层的VLAN保持它的会员资格。这些能力包含移动IP能力,因为移动IP目标是通过路由器对于站保留子网会员资格。一个子网可能相当于一个VLAN,但通常它不是。
·生成树维护:个人的VLAN桥接器允许站建立一个VLAN,这里STA本身就是一个桥接器。当授予会员资格时,生成树算法消除桥接器间的循环。加入个人VLAN的过程执行对VLAN拓扑的限制,使得在新的桥接器加入VLAN之后重新构造一个不必要的生成树。
附图说明
图1是一个按照本发明的框图,描述了在个人VLAN中的两个桥接器;
图2是一个框图,示出了一个实例,其中站A和桥接器1共享SA1;
图3是一个显示实例的框图,其中站D和E均属于VLAN5,然而不同于其它站,他们不与桥接器1共享安全关联,而是与个人VLAN桥接器2共享安全关联;
图4是一个按照本发明示出个人VLAN发现的框图;
图5是一个按照本发明示出请求服务用于新VLAN的流程图;
图6是一个按照本发明的流程图,示出在桥接器上通过逻辑端口服务的VLAN到在桥接器上通过物理端口服务的一个或多个VLAN的连接。
图7一个是按照本发明的流程图,示出当桥接器接收由逻辑端口服务的单个VLAN组成的目的地VLAN组的VLAN请求时被触发的站内认证;和
图8是一个按照本发明流程图,示出入口过虑逻辑端口。
具体实施方式
本发明目前的优选实施例提供用于在与桥接器相关的多个STA之间分离业务的机制,因此例如一个与所述桥接器相关的不信任STA不能用于在与相同桥接器有关的另一个STA上发射链路层(OSI层2)攻击。本领域有经验的技术人员将理解,于此披露的本发明可应用到各类的系统和网络,包括但不限于有线和无线网络。
个人VLAN桥接器模型
本发明是基于通过利用VLAN分离业务的。IEEE 802.1Q-1998(虚拟桥接LAN)协议提供一个通过本发明扩展的机制以在理论上把一个的局域网段划分为多个VLAN。在优选实施例中,VLAN桥接器仅仅转发单播和群播帧(unicastand group frames)到那些服务于帧所属的VLAN的端口。本发明的一个实例扩展该标准VLAN桥接器模型以提供一个适合于在AP内使用的机制。
假定AP附属于DS。和AP相关的每个站将有机会建立一个具有其本身的新VLAN,并且该DS作为它的成员。可见在信任和不信任的STA之间的业务能够被分离,即使他们和相同的AP相关。通常,假如DS包括多个VLAN,则他们任何子集的成员可以是该新VLAN的成员。所以将有一个方法去发现现存的VLAN。此外,将有一个用于加入现存VLAN的协议。建立一个VLAN和加入一个现存的VLAN都要求认证操作。IEEE标准802.1Q-1998VLAN模型用于这样的目的是有欠缺的,因为它不能提供这种能力。本发明的优选实施例包括一个提供这种能力的机制,在这里称为个人虚拟桥接局域网(个人的VLAN)。
本发明当前优选实施例于此结合图1-3进行讨论。本领域熟练的技术人员理解,图1-3示出的结构仅仅提供实例的目的,而不是打算限制本发明可能实践的结构。
图1是描述两个桥接器10、12的框图。个人VLAN桥接器1(10)具有四个物理端口11、13、15、17,其中两个11、13是有线以太网。有线端口分别服务于VLAN1和VLAN2。其它两个端口15、17是无线以太网端口。这些端口中的15符合高速(54Mbps)802.11g标准,而另外的端口17符合802.11a标准。有三个逻辑端口19、21、23与802.11g端口相关。每一个逻辑端口具有其自己的安全联合25、27、29,以构成一个单独的VLAN,上述的安全联合25、27、29通过一些数量的终端站20、2224共享。
如图2所述,站A20与桥接器110共享SA125。没有其它站共享SA1,因此STA A在一个唯一的VLAN中,也就是VLAN3中,并通过根是桥接器1的生成树代表。
另一方面,站B和C22、24属于VLAN4,因为他们与桥接器1共享SA227(见图2)。这个VLAN通过STA A或STA B中的一个建立。然后其它站在通过创建者验证之后加入。这描述了加入个人VLAN的情况(参见下文)。VLAN4也由具有作为根的桥接器1的生成树表示的。
站D 16和E 18属于VLAN5。然而,与其它站不同,他们不与桥接器1共享安全联合,而是与个人VLAN桥接器212共享(参见图3)。桥接器2是用于VLAN5的生成树的根直至该树被扩展,使得桥接器1作为新的根。
在一个实例中,个人VLAN桥接器在至少任何下列方法中扩展标准VLAN桥接器:
·VLAN发现:一个个人的VLAN提供一个用于VLAN发现的协议(在下文中讨论)。
·VLAN扩展/建立:一个个人的VLAN桥接器允许一个站建立一个服务于新VLAN的新端口,或加入现存的VLAN或经由认证协议加入现存的VLAN。
·逻辑端口:一个个人VLAN桥接器可以保持每个物理端口多于一个逻辑端口。它桥接在任何种类的两个端口之间。一个VLAN的成员组按照逻辑和物理端口定义。每个逻辑端口具有通过桥接器控制的使用期。
·密码的VLAN分离:在个人的VLAN中,逻辑端口至多服务于一个VLAN。然而,因为每一物理端口可能有超过一个逻辑端口,多于一个VLAN存在在一个物理端口上。在一个VLAN内的业务与相同的物理端口上的另一个VLAN中的业务通过密码术分离。认证码唯一地识别业务所属的VLAN,加密的另一个等级用来保持除VLAN的成员之外的专用业务
·通过路由器支持的第2层VLAN:当STA可以漫游和再安装到在不同桥接器上的网络时,例如通过和新的AP相关,STA可以通知它已经所属的VLAN的桥接器。该VLAN可以已经通过站,例如其本身,在另一个桥接器上被建立,该另一个桥接器在该桥接器上将VLAN连接到一个或多个逻辑或物理端口。即使新的桥接器可能是位于不同的子网,STA可以在第2层的VLAN保持它的会员资格。这些能力包含移动IP能力,因为移动IP目标是通过路由器对于站保留子网会员资格。一个子网可能相当于一个VLAN,但通常它不是。
·生成树维护:个人的VLAN桥接器允许站建立一个VLAN,这里该站本身就是一个桥接器。当授予会员资格时,生成树算法消除桥接器间的循环。加入个人VLAN的过程执行对VLAN拓扑的限制,使得在新的桥接器加入VLAN之后再构造一个不必要的生成树。
如在IEEE Std 802.1Q-1998所述,当前优选的个人VLAN桥接器模型按照它的标记帧规则和按照涉及中继MAC帧的元件并联VLAN模型,确定成员/未标记组,IEEE用于局域网和城域网的标准:虚拟桥接局域网,第28页。在个人VLAN桥接器中的元件扩展部分描述如下。
个人VLAN控制信道
每个物理端口具有一个个人VLAN控制信道40、42,用于发送和接收控制帧和认证协议帧。该信道没有安全关联,并且通过帧场识别,例如以太网类型编码。认证帧更适宜使用一个诸如EAPoL(查看IEEE 802.1X,用于局域网和城域网的IEEE标准:基于网络接入控制的端口,IEEE Std 802.1x-2001)的格式压缩,EAPoL可以处理各种认证协议。
VLAN发现
一个个人VLAN桥接器分别运行服务器和客户端VLAN发现代理26、28和30。当客户端代理发出信息请求时,服务器代理响应信息请求。这种代理的实例是服务定位协议v2IETF RFC 2608的客户机和服务器代理。因此,个人VLAN可以发现其它VLAN,和/或允许该个人VLAN服务的多个VLAN被发现。发现(参见图4)包括VLAN-DISCOVER帧的传输。在响应方面,VLAN-OFFER帧被发送给该发现帧的源MAC地址。提供帧(offer frame)列出全部或一些桥接器服务的VLAN和从他们中选出来被使用的信息。响应它发送的发现帧,可能有多于一个由客户端接收的提供帧。VLAN-OFFER帧的传输通过随机选择某些时段而被延迟以最小化应答者间的冲突。
服务新的VLAN
一个个人VLAN桥接器可以接收一个请求以服务新的VLAN。该请求包含新的VLAN的VID。请求是不准许的,除非请求者被授权,该请求是最新的,并且它可以通过控制信道认证。为了在桥接器服务一个新的VLAN,请求标记桥接器用于提名VLAN的生成树的根。用于新VLAN的请求服务包括下列步骤:
·桥接器通过某些物理端口的控制信道接收具有源MAC地址的请求帧。MAC地址的持有者是该请求者(100)。
·请求帧的接收通过控制信道(102)启动关于请求者的认证协议。
·假如请求者不能被认证,或从该桥接器不批准请求VLAN服务(104),那么丢弃该请求(106)。
·假如在使用请求的VID时没有冲突(105),新的逻辑端口建立并与接收请求帧的物理端口相关(108)。这是桥接器使用的逻辑端口以便服务VLAN。否则,桥接器与请求者的VID协商(110)。VLAN的过滤规则由用于请求者的政策确定。
·端口状态信息被更新用于该逻辑端口从而包括安全关联(SA),并与请求者共享该信息,其可以有效用于通过那些端口的全部业务(112)。仅仅SA的持有者可以改变逻辑端口状态。
当完成这些步骤时,新的逻辑端口存在用于服务新的VLAN,但是该VLAN没有连接到桥接器服务的其它VLAN,直到请求被做出以加入特殊的VLAN。直到这时,新的VLAN不在该桥接器上工作。
加入VLAN
通过桥接器服务的新VLAN扩展一个或多个通过该桥接器的端口服务的现存的VLAN将是有用的。换句话说,它必须连接一个或多个现存的VLAN。连接通过桥接器的逻辑端口服务的VLAN到通过桥接器的物理端口服务的一个或多个VLAN通过在控制信道上发送的join-VLAN请求而执行。该请求不桥接由物理端口服务的多个VLAN。更合适的,他们保持独立,但是同时新VLAN扩展了全部。
加入join-VLAN请求包含由桥接器的逻辑端口P′服务的VLAN的VID V′,此处称作源VLAN;和一组用于由一组物理端口P服务的VLAN的VID的V,此处称作目的地VLAN。该请求目的是连接V′到V中的每个VLAN ID,或换句话说,目的在于允许请求者加入V中每个VLAN。该请求者已经建立了V′。桥接器采用以下步骤(参见图6):
·第一请求是认证(200)。这可以根据与当桥接器被要求服务V′时建立的V′相关的SA完成。一个简单的询问-响应策略被用于该优选实施例,虽然也可以适当的使用其它方法。假如认证失败,则丢弃该请求。
·逻辑端口P′被增加到V中每个VID的成员组(202),而P中的每个物理端口被增加到V′中的成员组(204)。通过采用全部未加标签组的联合而形成用于V′中VID的V′的未加标签组(206)。假如该请求帧在它的标记头部包含一个空VID,或它是未加标签的,那么P′被增加到V中每个VID的未加标签组(208)。
服务于新的VLAN并链接它到其它VLAN的请求可以被合并成一个请求。因而,建立一个VLAN并加入另一个VLAN可以具体地通过一个认证过程完成,特别地,该过程需要服务于新VLAN。
加入个人VLAN
加入个人VLAN,也就是由逻辑端口服务的一个要求特殊处理。个人VLAN桥接器不批准链接由逻辑端口服务的VLAN,因为它不能建立该端口,这与它的物理端口不同。在这种情况下,逻辑端口的创建者通过一个相互双方商定协议认证,例如询问-响应。桥接器接收一个谁的目的地VLAN组包括单个由逻辑端口服务的VLAN的join-VLAN请求时,站内认证(参见图7)被触发(298)。
有三种情况:
·源和目的地VLAN具有相同创建者,并且该创建者发出join-VLAN请求(300)。在这种情况下,该请求被丢弃(302)。否则,可以在桥接地VLAN中产生循环。
·源和目的地VLAN是相同的,并且创建者没有发出请求(304)。在这种情况下,创建者对进入到个人VLAN内的请求者认证会员资格(306)。
·在全部其它情况下(308),桥接器首先认证该请求以确信该请求者是源VLAN的创建者(和步骤1一样,用于加入仅仅由物理端口服务的VLAN——参见上文)(310)。假如认证继续(312),创建者对进入到目的地VLAN内的请求者认证会员资格(314)。
当加入个人VLAN时,目的地VLAN组最好准确的限于一个VLAN,也就是源VLAN。因此它是被强制的,因为该请求将另外反应一种企图,即一个站桥接一个不拥有其它多个VLAN的VLAN,某些情况下它是不批准这么做的。VLAN的拥有者可以加入一个新的VLAN,从而它的所有成员站也成为新的VLAN的成员。
来自创建者的请求者的认证通过桥接器的控制信道和相应的Auth/Supplicant模块50、52、54变得更为方便。桥接器使用信道转播在创建者和请求者之间的认证协议信息。控制信道和转播信息的管理可以使用例如用于局域网和城域网的IEEE 802.1X IEEE标准:基于网络接入控制IEEE Std802.1X-2001的端口实现。在802.1x模式中,请求者是Supplicant,而创建者是Authenticator。假如创建者可以认证请求者,那么当SA持有桥接器时,创建者与请求者共享SA。当SA持有桥接器时,决定是否将创建者与请求者共享SA不是桥接器的职责。这是创建者的职责。有很多方法可以完成共享。一个方法是使用请求者的公用密钥去加密运输层安全(TLS v1.0)预主密(pre-master secret),其中SA可以得自请求者的站。
在逻辑端口的入口过滤
一个安全关联包含至少两个密钥,一个用于加密,另外一个用于计算认证码,此处称作消息完整性编码(MIC)。特别地,SA与VLAN相关。认证码在逻辑端口用来限制全部的VLAN的成员业务,加密用来保持除成员之外的专用业务。仅仅具有SA的站属于VLAN。有单个广播区域用于每一个SA。所有具有SA的站属于相同的广播范围。因此,没有独立的加密密钥需要广播。
根据多个逻辑端口与VLAN相关的优点,物理端口可以服务多于一个VLAN(参见图1)。因此,除非在这样的端口接收的帧载波一个VID,它的VLAN分类必须使用基于端口的分级之外的规则。参看IEEE 802.1Q,IEEE标准用于局域网和城域网:虚拟桥接局域网IEEE标准802.1Q-1998,D.2.2。否则,没有办法去知道眼下哪个VID应该从该端口服务的多个VLAN中被分配。必须通过接收帧识别逻辑端口。
结合下列论述参见图8。假如接收帧载波一个空VID或是未加标签的(400),那么它的源MAC地址用来确定一个初级的VLAN分类(402)。这是逻辑端口的PVID。假如该帧载波一个VID,那么VID被用作初级分类代替(404)。该初级分类用来索引进入给出MIC密钥的安全关联表(406)。接收帧载波一个MIC,所述MIC在使用例如HMAC-MD5的消息摘要算法的帧负载上计算以及由桥接器和请求者在认证时间同意并记录在SA中。该个人VLAN桥接器使用它的MIC密钥在接收帧的负载上重新计算MIC(408),然后把它与接收的MIC相比较(410)。如果他们匹配(412),那么初级的VLAN分类成为最终的VLAN分类(414)。最终的分类被用作任何相应原始数据请求的VLAN分类参数值(416)。于是使用SA解密帧,然后按照IEEE802.1Q前向转发和学习过程(41)。否则,该帧被丢弃。
在逻辑端口的出口过滤
在VLAN桥接器模式下,假如用于属于某些VLAN的帧的传输端口不是VLAN的成员组,那么该帧被丢弃。相同的规则应用于全部逻辑传输端口。
虽然本发明于此参照优选实施例进行了描述,但是本领域熟练的技术人员将很容易地理解在不脱离本发明的精神和范围的情况下,其它的申请可以代替这里的阐述。因此本发明将仅仅由下文包括的权利要求限制。

Claims (9)

1.一种用于在一个用于分离在多个与接入点有关的站中的业务的系统中加入由所述接入点服务的个人虚拟局域网的方法,所述方法包括:
由所述个人虚拟局域网的创建者提供一个用于请求者的认证的控制信道;
使用所述控制信道来中继所述创建者和所述请求者之间的认证协议消息;
如果所述创建者能够认证所述请求者,则所述创建者与所述请求者共享安全关联;
使用在所述个人虚拟局域网的成员之间共享的所述安全关联来标识来自所述成员的帧;
其中:如果一个接收帧载有一个空虚拟局域网ID或是未加标签的,则使用它的源MAC地址去确定一个所述接收帧的初级虚拟局域网分类;以及
如果所述接收帧载有一个虚拟局域网ID,则取而代之地使用所述虚拟局域网ID作为所述初级虚拟局域网分类代替;
使用所述初级虚拟局域网分类去索引进入给出认证码密钥的安全关联表;
所述接收帧载包括认证码,所述认证码通过在帧负载上使用在认证时间由所述个人VLAN桥接器和所述请求者双方商定的消息摘要算法来计算,所述消息摘要算法被记载在所述安全关联表中;
所述接收帧的接收器使用所述认证码密钥在所述接收帧的所述负载上重新计算认证码;
比较所述重新计算的认证码和所述接收的认证码;其中如果所述重新计算的认证码和所述接收的认证码匹配,则所述初级的虚拟局域网分类成为最终的虚拟局域网分类;
使用所述最终的分类作为任何通信数据请求基元的虚拟局域网分类参数的值;
使用所述安全关联对所述接收帧进行解密;以及
提交所述解密帧到一个前向转发和学习过程;否则,丢弃所述接收帧。
2.如权利要求1所述的方法,其特征在于,通过具有与所述接入点相关联的多个逻辑端口,所述接入点能够服务多于一个VLAN。
3.如权利要求2所述的方法,其特征在于,还包括步骤:提供在所述逻辑端口的入口过滤。
4.如权利要求2所述的方法,其特征在于,所述安全关联包含至少两个密钥,一个密钥用于加密,而另一个密钥用于计算认证码,其中所述安全关联与VLAN相关,其中所述认证码用来限制在连接全部VLAN的成员的逻辑端口上的业务,其中加密用来保持除成员之外的专用业务,其中只有具有所述安全关联的站属于所述VLAN,并且其中所有具有所述安全关联的站属于相同的广播范围。
5.一种用于分离在与网络接入点相关联的多个终端站之间的业务的方法,所述方法包括:
所述多个终端站中的一个终端站执行一初始认证操作;
在所述终端站接收帧;如果所述接收帧载有一个空虚拟局域网ID或是未加标签的,则使用它的源MAC地址去确定一个所述接收帧的初级虚拟局域网分类;以及
如果所述接收帧载有一个虚拟局域网ID,则取而代之地使用所述虚拟局域网ID作为所述初级虚拟局域网分类代替;
使用所述初级虚拟局域网分类去索引进入给出认证码密钥的安全关联表;
所述接收帧载包括加密的认证码,所述加密的认证码通过在帧负载上使用在所述初始认证操作期间确定的加密的消息摘要算法来计算,所述加密的消息摘要算法被记载在所述安全关联表中;
所述终端站使用所述认证码密钥在所述接收帧的所述负载上重新计算所述加密的认证码;
比较所述重新计算的加密的认证码和所述接收的加密的认证码;
其中如果所述重新计算的加密的认证码和所述接收的加密的认证码匹配,则:
使用所述初级虚拟局域网分类作为任何通信数据请求基元的虚拟局域网分类参数的值;
使用所述安全关联对所述接收帧进行解密;以及
提交所述解密帧到一个前向转发和学习过程;
其中如果所述重新计算的加密的认证码和所述接收的加密的认证码不匹配,则丢弃所述接收帧。
6.如权利要求5所述的方法,其特征在于,所述认证码是唯一地标识业务所属的VLAN的加密的认证码。
7.如权利要求5所述的方法,其特征在于,所述认证码是在所述初始认证期间生成的。
8.如权利要求5所述的方法,其特征在于,所述初始认证操作是由所述终端站和所述接入点执行的的。
9.如权利要求8所述的方法,其特征在于,所述加密的消息摘要算法是由所述接入点和所述终端站双方商定的。
CN2011100961113A 2001-12-20 2002-02-01 个人虚拟桥接局域网 Expired - Fee Related CN102130919B (zh)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US34330701P 2001-12-20 2001-12-20
US60/343,307 2001-12-20
US10/057,566 US7188364B2 (en) 2001-12-20 2002-01-25 Personal virtual bridged local area networks
US10/057,566 2002-01-25

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN028257715A Division CN1606849B (zh) 2001-12-20 2002-02-01 个人虚拟桥接局域网

Publications (2)

Publication Number Publication Date
CN102130919A true CN102130919A (zh) 2011-07-20
CN102130919B CN102130919B (zh) 2013-06-26

Family

ID=26736632

Family Applications (2)

Application Number Title Priority Date Filing Date
CN028257715A Expired - Fee Related CN1606849B (zh) 2001-12-20 2002-02-01 个人虚拟桥接局域网
CN2011100961113A Expired - Fee Related CN102130919B (zh) 2001-12-20 2002-02-01 个人虚拟桥接局域网

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN028257715A Expired - Fee Related CN1606849B (zh) 2001-12-20 2002-02-01 个人虚拟桥接局域网

Country Status (7)

Country Link
US (7) US7188364B2 (zh)
EP (4) EP2469772A3 (zh)
JP (1) JP4190421B2 (zh)
KR (1) KR100891041B1 (zh)
CN (2) CN1606849B (zh)
AU (1) AU2002240211A1 (zh)
WO (1) WO2003055151A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789364A (zh) * 2014-08-01 2017-05-31 阔地教育科技有限公司 一种应用资源控制架构的方法

Families Citing this family (177)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7093288B1 (en) 2000-10-24 2006-08-15 Microsoft Corporation Using packet filters and network virtualization to restrict network communications
US7113900B1 (en) 2000-10-24 2006-09-26 Microsoft Corporation System and method for logical modeling of distributed computer systems
US7606898B1 (en) * 2000-10-24 2009-10-20 Microsoft Corporation System and method for distributed management of shared computers
US6907395B1 (en) 2000-10-24 2005-06-14 Microsoft Corporation System and method for designing a logical model of a distributed computer system and deploying physical resources according to the logical model
US6915338B1 (en) * 2000-10-24 2005-07-05 Microsoft Corporation System and method providing automatic policy enforcement in a multi-computer service application
US6886038B1 (en) * 2000-10-24 2005-04-26 Microsoft Corporation System and method for restricting data transfers and managing software components of distributed computers
US7120791B2 (en) * 2002-01-25 2006-10-10 Cranite Systems, Inc. Bridged cryptographic VLAN
US7188364B2 (en) * 2001-12-20 2007-03-06 Cranite Systems, Inc. Personal virtual bridged local area networks
US7986937B2 (en) * 2001-12-20 2011-07-26 Microsoft Corporation Public access point
US7546458B1 (en) * 2002-05-04 2009-06-09 Atheros Communications, Inc. Method for organizing virtual networks while optimizing security
US8611363B2 (en) * 2002-05-06 2013-12-17 Adtran, Inc. Logical port system and method
US20030233580A1 (en) * 2002-05-29 2003-12-18 Keeler James D. Authorization and authentication of user access to a distributed network communication system with roaming features
JP3849929B2 (ja) * 2002-06-14 2006-11-22 Kddi株式会社 仮想lan対応の無線lanシステム
US7370350B1 (en) * 2002-06-27 2008-05-06 Cisco Technology, Inc. Method and apparatus for re-authenticating computing devices
US7230929B2 (en) * 2002-07-22 2007-06-12 Qlogic, Corporation Method and system for dynamically assigning domain identification in a multi-module fibre channel switch
US7154886B2 (en) * 2002-07-22 2006-12-26 Qlogic Corporation Method and system for primary blade selection in a multi-module fiber channel switch
US7397768B1 (en) * 2002-09-11 2008-07-08 Qlogic, Corporation Zone management in a multi-module fibre channel switch
EP1406414A1 (en) * 2002-09-12 2004-04-07 Thomson Licensing S.A. Method and device for connection of a device to a wireless network
EP1401154A3 (en) * 2002-09-12 2010-08-04 Thomson Licensing Device for connecting a wireless network to at least one other network
US6886141B1 (en) * 2002-10-07 2005-04-26 Qlogic Corporation Method and system for reducing congestion in computer networks
CA2501669A1 (en) * 2002-10-17 2004-04-29 Enterasys Networks, Inc. System and method for ieee 802.1x user authentication in a network entry device
US7567510B2 (en) * 2003-02-13 2009-07-28 Cisco Technology, Inc. Security groups
US20040160895A1 (en) * 2003-02-14 2004-08-19 At&T Corp. Failure notification method and system in an ethernet domain
JP3938582B2 (ja) * 2003-02-19 2007-06-27 富士通株式会社 仮想lan構築装置
US8122106B2 (en) 2003-03-06 2012-02-21 Microsoft Corporation Integrating design, deployment, and management phases for systems
US7689676B2 (en) 2003-03-06 2010-03-30 Microsoft Corporation Model-based policy application
US20040210623A1 (en) * 2003-03-06 2004-10-21 Aamer Hydrie Virtual network topology generation
US7890543B2 (en) 2003-03-06 2011-02-15 Microsoft Corporation Architecture for distributed computing system and automated design, deployment, and management of distributed applications
US7562390B1 (en) 2003-05-21 2009-07-14 Foundry Networks, Inc. System and method for ARP anti-spoofing security
US7516487B1 (en) 2003-05-21 2009-04-07 Foundry Networks, Inc. System and method for source IP anti-spoofing security
US20040255154A1 (en) * 2003-06-11 2004-12-16 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus
US7620059B2 (en) * 2003-07-16 2009-11-17 Qlogic, Corporation Method and apparatus for accelerating receive-modify-send frames in a fibre channel network
US7388843B2 (en) * 2003-07-16 2008-06-17 Qlogic, Corporation Method and apparatus for testing loop pathway integrity in a fibre channel arbitrated loop
US7525910B2 (en) * 2003-07-16 2009-04-28 Qlogic, Corporation Method and system for non-disruptive data capture in networks
US7471635B2 (en) * 2003-07-16 2008-12-30 Qlogic, Corporation Method and apparatus for test pattern generation
US7355966B2 (en) * 2003-07-16 2008-04-08 Qlogic, Corporation Method and system for minimizing disruption in common-access networks
US7463646B2 (en) * 2003-07-16 2008-12-09 Qlogic Corporation Method and system for fibre channel arbitrated loop acceleration
US7453802B2 (en) * 2003-07-16 2008-11-18 Qlogic, Corporation Method and apparatus for detecting and removing orphaned primitives in a fibre channel network
US7406092B2 (en) * 2003-07-21 2008-07-29 Qlogic, Corporation Programmable pseudo virtual lanes for fibre channel systems
US7525983B2 (en) * 2003-07-21 2009-04-28 Qlogic, Corporation Method and system for selecting virtual lanes in fibre channel switches
US7466700B2 (en) * 2003-07-21 2008-12-16 Qlogic, Corporation LUN based hard zoning in fibre channel switches
US7580354B2 (en) * 2003-07-21 2009-08-25 Qlogic, Corporation Multi-speed cut through operation in fibre channel switches
US7573909B2 (en) * 2003-07-21 2009-08-11 Qlogic, Corporation Method and system for programmable data dependant network routing
US7684401B2 (en) * 2003-07-21 2010-03-23 Qlogic, Corporation Method and system for using extended fabric features with fibre channel switch elements
US7583597B2 (en) * 2003-07-21 2009-09-01 Qlogic Corporation Method and system for improving bandwidth and reducing idles in fibre channel switches
US7447224B2 (en) * 2003-07-21 2008-11-04 Qlogic, Corporation Method and system for routing fibre channel frames
US7522529B2 (en) * 2003-07-21 2009-04-21 Qlogic, Corporation Method and system for detecting congestion and over subscription in a fibre channel network
US7630384B2 (en) * 2003-07-21 2009-12-08 Qlogic, Corporation Method and system for distributing credit in fibre channel systems
US7792115B2 (en) * 2003-07-21 2010-09-07 Qlogic, Corporation Method and system for routing and filtering network data packets in fibre channel systems
US7894348B2 (en) 2003-07-21 2011-02-22 Qlogic, Corporation Method and system for congestion control in a fibre channel switch
US7558281B2 (en) * 2003-07-21 2009-07-07 Qlogic, Corporation Method and system for configuring fibre channel ports
US7646767B2 (en) 2003-07-21 2010-01-12 Qlogic, Corporation Method and system for programmable data dependant network routing
US7430175B2 (en) * 2003-07-21 2008-09-30 Qlogic, Corporation Method and system for managing traffic in fibre channel systems
US7512067B2 (en) * 2003-07-21 2009-03-31 Qlogic, Corporation Method and system for congestion control based on optimum bandwidth allocation in a fibre channel switch
US7876772B2 (en) 2003-08-01 2011-01-25 Foundry Networks, Llc System, method and apparatus for providing multiple access modes in a data communications network
US7735114B2 (en) * 2003-09-04 2010-06-08 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US7774833B1 (en) 2003-09-23 2010-08-10 Foundry Networks, Inc. System and method for protecting CPU against remote access attacks
US7555002B2 (en) * 2003-11-06 2009-06-30 International Business Machines Corporation Infiniband general services queue pair virtualization for multiple logical ports on a single physical port
US20050101340A1 (en) * 2003-11-10 2005-05-12 Archiable Donald P. Wireless power control
US8528071B1 (en) 2003-12-05 2013-09-03 Foundry Networks, Llc System and method for flexible authentication in a data communications network
US20050138171A1 (en) * 2003-12-19 2005-06-23 Slaight Thomas M. Logical network traffic filtering
US7480293B2 (en) * 2004-02-05 2009-01-20 Qlogic, Corporation Method and system for preventing deadlock in fibre channel fabrics using frame priorities
US7564789B2 (en) * 2004-02-05 2009-07-21 Qlogic, Corporation Method and system for reducing deadlock in fibre channel fabrics using virtual lanes
US7778422B2 (en) 2004-02-27 2010-08-17 Microsoft Corporation Security associations for devices
US20050190788A1 (en) * 2004-02-27 2005-09-01 Wong Yu-Man M. System and method for VLAN multiplexing
US20050220096A1 (en) * 2004-04-06 2005-10-06 Robert Friskney Traffic engineering in frame-based carrier networks
US7340167B2 (en) 2004-04-23 2008-03-04 Qlogic, Corporation Fibre channel transparent switch for mixed switch fabrics
US7930377B2 (en) 2004-04-23 2011-04-19 Qlogic, Corporation Method and system for using boot servers in networks
US20050246529A1 (en) 2004-04-30 2005-11-03 Microsoft Corporation Isolated persistent identity storage for authentication of computing devies
JP2006033431A (ja) * 2004-07-16 2006-02-02 Matsushita Electric Ind Co Ltd アクセスポイント制御システム及びアクセスポイント制御方法
US7404020B2 (en) * 2004-07-20 2008-07-22 Qlogic, Corporation Integrated fibre channel fabric controller
JP4074283B2 (ja) * 2004-09-28 2008-04-09 株式会社東芝 通信装置、通信システム及び通信方法
US7411958B2 (en) * 2004-10-01 2008-08-12 Qlogic, Corporation Method and system for transferring data directly between storage devices in a storage area network
US8295299B2 (en) * 2004-10-01 2012-10-23 Qlogic, Corporation High speed fibre channel switch element
US7593997B2 (en) * 2004-10-01 2009-09-22 Qlogic, Corporation Method and system for LUN remapping in fibre channel networks
US7519058B2 (en) * 2005-01-18 2009-04-14 Qlogic, Corporation Address translation in fibre channel switches
US7627123B2 (en) * 2005-02-07 2009-12-01 Juniper Networks, Inc. Wireless network having multiple security interfaces
DE602005001318T2 (de) * 2005-03-07 2008-02-07 Alcatel Lucent Gesetzliche Abfangung in IP-Netzwerken
US8489728B2 (en) 2005-04-15 2013-07-16 Microsoft Corporation Model-based system monitoring
US7802144B2 (en) 2005-04-15 2010-09-21 Microsoft Corporation Model-based system monitoring
US7797147B2 (en) 2005-04-15 2010-09-14 Microsoft Corporation Model-based system monitoring
US8549513B2 (en) 2005-06-29 2013-10-01 Microsoft Corporation Model-based virtual system provisioning
DE102005035201B4 (de) * 2005-07-27 2009-02-26 Siemens Ag Netzknoteneinheit und Verfahren zur Weiterleitung von Datenpaketen
US7941309B2 (en) 2005-11-02 2011-05-10 Microsoft Corporation Modeling IT operations/policies
KR100728039B1 (ko) 2006-01-05 2007-06-14 삼성전자주식회사 무선랜에서 히든노드에게 제어 프레임을 전달하는 방법 및장치
US7898982B2 (en) * 2006-03-22 2011-03-01 Alcatel Lucent Logical group endpoint discovery for data communication network
US7953089B1 (en) * 2006-05-16 2011-05-31 Cisco Technology, Inc. Systems and methods for multicast switching in a private VLAN
US8818322B2 (en) 2006-06-09 2014-08-26 Trapeze Networks, Inc. Untethered access point mesh system and method
US9258702B2 (en) * 2006-06-09 2016-02-09 Trapeze Networks, Inc. AP-local dynamic switching
US8050273B2 (en) * 2006-06-22 2011-11-01 Alcatel Lucent Lawful interception in IP networks
US8332534B2 (en) * 2006-07-28 2012-12-11 Intel Corporation Techniques to improve multiple collocated device networking over single wireless communication networks
US7870600B2 (en) * 2006-08-25 2011-01-11 Cisco Technology, Inc. Apparatus and method for secure configuration of shared powerline devices
US20090086695A1 (en) * 2007-09-27 2009-04-02 Gilb James P K Mechanism for communication with multiple wireless video area networks
US9432213B2 (en) 2007-12-31 2016-08-30 Rpx Clearinghouse Llc IP forwarding across a link state protocol controlled ethernet network
US8490161B2 (en) * 2008-01-07 2013-07-16 Commscope Inc., Of North Carolina Methods, systems and computer program products for provisioning VLAN services in a network
WO2009128038A1 (en) * 2008-04-16 2009-10-22 Nxp B.V. System of devices of which some include an infrared remote control interface
US9009310B1 (en) * 2008-06-12 2015-04-14 Hlt Domestic Ip Llc System and method for provisioning of internet access services in a guest facility
US8341271B2 (en) * 2008-06-30 2012-12-25 Sibeam, Inc. Device discovery in a wireless communication system
US20090327547A1 (en) * 2008-06-30 2009-12-31 In Sung Cho I2c bus compatible with hdmi
US20090327572A1 (en) * 2008-06-30 2009-12-31 In Sung Cho Exchanging information between components coupled with an a i2c bus via separate banks
US8897719B2 (en) * 2008-06-30 2014-11-25 Sibeam, Inc. Initializing a transceiver in a wireless communication system
US9264762B2 (en) * 2008-06-30 2016-02-16 Sibeam, Inc. Dispatch capability using a single physical interface
US9531986B2 (en) * 2008-06-30 2016-12-27 Sibeam, Inc. Bitmap device identification in a wireless communication system
US8116333B2 (en) 2008-06-30 2012-02-14 Sibeam, Inc. Connection control in a wireless communication system
WO2010002412A1 (en) * 2008-06-30 2010-01-07 Sibeam, Inc. Exchanging information between components
GB0813298D0 (en) * 2008-07-19 2008-08-27 Univ St Andrews Multipad encryption
CN101789898B (zh) * 2009-01-23 2013-01-02 雷凌科技股份有限公司 用于转发包的方法和设备
US8243623B2 (en) * 2009-03-31 2012-08-14 Intel Corporation Combined device and service discovery technique in stations supporting tunneled direct link setup (TDLS)
US8213326B2 (en) * 2009-04-30 2012-07-03 Alcatel Lucent Method and apparatus for the classification of ports on a data communication network node
US8358597B2 (en) * 2009-10-01 2013-01-22 Hei Tao Fung Method for building scalable Ethernet switch network and huge Ethernet switch
US9483651B2 (en) * 2009-11-30 2016-11-01 Ncr Corporation Methods and apparatus for transfer of content to a self contained wireless media device
US8140735B2 (en) 2010-02-17 2012-03-20 Novell, Inc. Techniques for dynamic disk personalization
US8953621B2 (en) 2010-09-10 2015-02-10 Futurewei Technologies, Inc. Specifying priority on a virtual station interface discovery and configuration protocol response
CN102111320B (zh) * 2010-12-29 2013-04-10 武汉烽火网络有限责任公司 分布式系统中控制平面数据交互的方法
CN102684979B (zh) 2011-03-11 2018-08-14 中兴通讯股份有限公司 一种支持虚拟终端的组播数据转发方法及装置
US9736065B2 (en) 2011-06-24 2017-08-15 Cisco Technology, Inc. Level of hierarchy in MST for traffic localization and load balancing
CN102869012B (zh) * 2011-07-05 2018-11-06 横河电机株式会社 无线局域网接入点设备和系统以及相关方法
US9148781B2 (en) 2011-07-28 2015-09-29 Hewlett-Packard Development Company, L.P. Wireless transmission of data packets based on client associations
IL214830A0 (en) * 2011-08-25 2012-02-29 Elta Systems Ltd Network environment separation
US10165007B2 (en) 2011-09-15 2018-12-25 Microsoft Technology Licensing, Llc Securing data usage in computing devices
US8908698B2 (en) * 2012-01-13 2014-12-09 Cisco Technology, Inc. System and method for managing site-to-site VPNs of a cloud managed network
US9756682B2 (en) 2012-02-06 2017-09-05 Aruba Networks, Inc. Method and system for partitioning wireless local area network
US9504089B2 (en) * 2012-05-14 2016-11-22 Broadcom Corporation System and method for wireless station bridging
US8984201B2 (en) 2012-06-01 2015-03-17 International Business Machines Corporation Providing I2C bus over Ethernet
US8966148B2 (en) 2012-06-01 2015-02-24 International Business Machines Corporation Providing real-time interrupts over Ethernet
US10110417B1 (en) 2012-07-06 2018-10-23 Cradlepoint, Inc. Private networks overlaid on cloud infrastructure
US10135677B1 (en) 2012-07-06 2018-11-20 Cradlepoint, Inc. Deployment of network-related features over cloud network
US10601653B2 (en) 2012-07-06 2020-03-24 Cradlepoint, Inc. Implicit traffic engineering
US10560343B1 (en) 2012-07-06 2020-02-11 Cradlepoint, Inc. People centric management of cloud networks via GUI
US9992062B1 (en) 2012-07-06 2018-06-05 Cradlepoint, Inc. Implicit traffic engineering
US10177957B1 (en) * 2012-07-06 2019-01-08 Cradlepoint, Inc. Connecting a cloud network to the internet
US10880162B1 (en) 2012-07-06 2020-12-29 Cradlepoint, Inc. Linking logical broadcast domains
US9019967B2 (en) * 2012-07-30 2015-04-28 Dell Products L.P. VLAN advertisement and automated configuration
US8988987B2 (en) * 2012-10-25 2015-03-24 International Business Machines Corporation Technology for network communication by a computer system using at least two communication protocols
US9143582B2 (en) 2013-03-08 2015-09-22 International Business Machines Corporation Interoperability for distributed overlay virtual environments
US9432287B2 (en) 2013-03-12 2016-08-30 International Business Machines Corporation Virtual gateways and implicit routing in distributed overlay virtual environments
US9374241B2 (en) 2013-03-14 2016-06-21 International Business Machines Corporation Tagging virtual overlay packets in a virtual networking system
US9112801B2 (en) 2013-03-15 2015-08-18 International Business Machines Corporation Quantized congestion notification in a virtual networking system
US9842152B2 (en) 2014-02-19 2017-12-12 Snowflake Computing, Inc. Transparent discovery of semi-structured data schema
GB201410089D0 (en) * 2014-06-06 2014-07-23 Bae Systems Plc Secured network bridge
US10122605B2 (en) 2014-07-09 2018-11-06 Cisco Technology, Inc Annotation of network activity through different phases of execution
US9838337B1 (en) * 2014-09-30 2017-12-05 Juniper Networks, Inc. Automatic virtual local area network (VLAN) provisioning in data center switches
US10476982B2 (en) 2015-05-15 2019-11-12 Cisco Technology, Inc. Multi-datacenter message queue
CN105578464B (zh) * 2015-07-31 2019-04-12 宇龙计算机通信科技(深圳)有限公司 一种增强的wlan证书鉴别方法、装置及系统
US10205677B2 (en) 2015-11-24 2019-02-12 Cisco Technology, Inc. Cloud resource placement optimization and migration execution in federated clouds
US10084703B2 (en) 2015-12-04 2018-09-25 Cisco Technology, Inc. Infrastructure-exclusive service forwarding
US10397196B2 (en) 2017-02-28 2019-08-27 Cyber 2.0 (2015) Ltd. Port-scrambling-based networks
US10367914B2 (en) 2016-01-12 2019-07-30 Cisco Technology, Inc. Attaching service level agreements to application containers and enabling service assurance
US10523636B2 (en) * 2016-02-04 2019-12-31 Airwatch Llc Enterprise mobility management and network micro-segmentation
US10432532B2 (en) 2016-07-12 2019-10-01 Cisco Technology, Inc. Dynamically pinning micro-service to uplink port
US10382597B2 (en) 2016-07-20 2019-08-13 Cisco Technology, Inc. System and method for transport-layer level identification and isolation of container traffic
US10567344B2 (en) 2016-08-23 2020-02-18 Cisco Technology, Inc. Automatic firewall configuration based on aggregated cloud managed information
CN106330654B (zh) * 2016-09-14 2019-03-22 重庆邮电大学 一种基于wpa2-psk的虚拟局域网之间的无线数据传输方法
US10819524B2 (en) * 2016-10-19 2020-10-27 Qualcomm Incorporated Methods for header extension preservation, security, authentication, and protocol translation for RTP over MPRTP
US10554494B1 (en) 2017-01-04 2020-02-04 Juniper Networks, Inc. Automatic ICCP provisioning and VLAN provisioning on an inter-chassis link in a MC-LAG
US10320683B2 (en) 2017-01-30 2019-06-11 Cisco Technology, Inc. Reliable load-balancer using segment routing and real-time application monitoring
US10671571B2 (en) 2017-01-31 2020-06-02 Cisco Technology, Inc. Fast network performance in containerized environments for network function virtualization
EP3379807A1 (en) 2017-03-21 2018-09-26 Thomson Licensing Device and method for forwarding connections
US11005731B2 (en) 2017-04-05 2021-05-11 Cisco Technology, Inc. Estimating model parameters for automatic deployment of scalable micro services
US10641887B1 (en) * 2017-05-23 2020-05-05 Nxp Usa, Inc. Null data packet (NDP) ranging with unassociated stations
US10382274B2 (en) 2017-06-26 2019-08-13 Cisco Technology, Inc. System and method for wide area zero-configuration network auto configuration
US10439877B2 (en) 2017-06-26 2019-10-08 Cisco Technology, Inc. Systems and methods for enabling wide area multicast domain name system
US10425288B2 (en) 2017-07-21 2019-09-24 Cisco Technology, Inc. Container telemetry in data center environments with blade servers and switches
US10601693B2 (en) 2017-07-24 2020-03-24 Cisco Technology, Inc. System and method for providing scalable flow monitoring in a data center fabric
US10541866B2 (en) 2017-07-25 2020-01-21 Cisco Technology, Inc. Detecting and resolving multicast traffic performance issues
US11070392B2 (en) 2017-10-27 2021-07-20 Hilton International Holding Llc System and method for provisioning internet access
FR3076011B1 (fr) * 2017-12-21 2019-12-27 Safran Electronics & Defense Procede de controle du fonctionnement d'un composant electronique complexe
US10705882B2 (en) 2017-12-21 2020-07-07 Cisco Technology, Inc. System and method for resource placement across clouds for data intensive workloads
US11595474B2 (en) 2017-12-28 2023-02-28 Cisco Technology, Inc. Accelerating data replication using multicast and non-volatile memory enabled nodes
US10728361B2 (en) 2018-05-29 2020-07-28 Cisco Technology, Inc. System for association of customer information across subscribers
US10904322B2 (en) 2018-06-15 2021-01-26 Cisco Technology, Inc. Systems and methods for scaling down cloud-based servers handling secure connections
US10764266B2 (en) 2018-06-19 2020-09-01 Cisco Technology, Inc. Distributed authentication and authorization for rapid scaling of containerized services
US11019083B2 (en) 2018-06-20 2021-05-25 Cisco Technology, Inc. System for coordinating distributed website analysis
US10819571B2 (en) 2018-06-29 2020-10-27 Cisco Technology, Inc. Network traffic optimization using in-situ notification system
US10904342B2 (en) 2018-07-30 2021-01-26 Cisco Technology, Inc. Container networking using communication tunnels
CN109410592A (zh) * 2018-11-20 2019-03-01 武汉兰芯数据定向传媒有限公司 一种智能车辆动态监控管理系统
US11696129B2 (en) * 2019-09-13 2023-07-04 Samsung Electronics Co., Ltd. Systems, methods, and devices for association and authentication for multi access point coordination

Family Cites Families (135)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4919545A (en) 1988-12-22 1990-04-24 Gte Laboratories Incorporated Distributed security procedure for intelligent networks
EP0520709A3 (en) 1991-06-28 1994-08-24 Digital Equipment Corp A method for providing a security facility for remote systems management
US5577209A (en) 1991-07-11 1996-11-19 Itt Corporation Apparatus and method for providing multi-level security for communication among computers and terminals on a network
US5963556A (en) * 1993-06-23 1999-10-05 Digital Equipment Corporation Device for partitioning ports of a bridge into groups of different virtual local area networks
EP0789968B1 (en) 1994-10-27 2003-03-05 Index Systems, Inc. System and method for downloading recorder programming data in a video signal
US5550984A (en) 1994-12-07 1996-08-27 Matsushita Electric Corporation Of America Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information
US5764890A (en) 1994-12-13 1998-06-09 Microsoft Corporation Method and system for adding a secure network server to an existing computer network
US5790800A (en) 1995-10-13 1998-08-04 Digital Equipment Corporation Client application program mobilizer
US6339794B2 (en) * 1995-12-08 2002-01-15 Microsoft Corporation Wire protocol for a media server system
US6035105A (en) 1996-01-02 2000-03-07 Cisco Technology, Inc. Multiple VLAN architecture system
US5822431A (en) 1996-01-19 1998-10-13 General Instrument Corporation Of Delaware Virtual authentication network for secure processors
US6085238A (en) * 1996-04-23 2000-07-04 Matsushita Electric Works, Ltd. Virtual LAN system
US5918019A (en) 1996-07-29 1999-06-29 Cisco Technology, Inc. Virtual dial-up protocol for network communication
JP2974280B2 (ja) * 1996-09-11 1999-11-10 日本電気通信システム株式会社 ネットワーク接続のブリッジ装置における仮想グループ情報管理方法
US6311218B1 (en) 1996-10-17 2001-10-30 3Com Corporation Method and apparatus for providing security in a star network connection using public key cryptography
JPH10136438A (ja) 1996-10-24 1998-05-22 Oki Electric Ind Co Ltd 簡易型携帯無線システムおよびその基地局制御方法
US6157647A (en) 1996-11-06 2000-12-05 3Com Corporation Direct addressing between VLAN subnets
US6041358A (en) * 1996-11-12 2000-03-21 Industrial Technology Research Inst. Method for maintaining virtual local area networks with mobile terminals in an ATM network
FI104877B (fi) * 1997-03-27 2000-04-14 Nokia Networks Oy Resurssinvarausmekanismi pakettiradioverkossa
US6070243A (en) 1997-06-13 2000-05-30 Xylan Corporation Deterministic user authentication service for communication network
FI117366B (fi) 1997-06-30 2006-09-15 Sonera Smarttrust Oy Menetelmä tietoturvallisen palveluyhteyden muodostamiseksi tietoliikennejärjestelmässä
US6061796A (en) 1997-08-26 2000-05-09 V-One Corporation Multi-access virtual private network
US5978378A (en) 1997-09-11 1999-11-02 3Com Corporation Method and apparatus for VLAN support
US6675208B1 (en) 1997-10-14 2004-01-06 Lucent Technologies Inc. Registration scheme for network
US6047325A (en) 1997-10-24 2000-04-04 Jain; Lalit Network device for supporting construction of virtual local area networks on arbitrary local and wide area computer networks
US6035405A (en) * 1997-12-22 2000-03-07 Nortel Networks Corporation Secure virtual LANs
US6032194A (en) * 1997-12-24 2000-02-29 Cisco Technology, Inc. Method and apparatus for rapidly reconfiguring computer networks
US6112251A (en) * 1998-01-13 2000-08-29 Cabletron Systems, Inc. Virtual local network for sending multicast transmissions to trunk stations
NL1008351C2 (nl) 1998-02-19 1999-08-20 No Wires Needed B V Datacommunicatienetwerk.
US6317438B1 (en) * 1998-04-14 2001-11-13 Harold Herman Trebes, Jr. System and method for providing peer-oriented control of telecommunications services
US6226751B1 (en) 1998-04-17 2001-05-01 Vpnet Technologies, Inc. Method and apparatus for configuring a virtual private network
US6898791B1 (en) 1998-04-21 2005-05-24 California Institute Of Technology Infospheres distributed object system
US6728249B2 (en) 1998-06-27 2004-04-27 Intel Corporation System and method for performing cut-through forwarding in an ATM network supporting LAN emulation
US6181699B1 (en) * 1998-07-01 2001-01-30 National Semiconductor Corporation Apparatus and method of assigning VLAN tags
US6304973B1 (en) 1998-08-06 2001-10-16 Cryptek Secure Communications, Llc Multi-level security network system
US6311276B1 (en) * 1998-08-25 2001-10-30 3Com Corporation Secure system for remote management and wake-up commands
US6304575B1 (en) * 1998-08-31 2001-10-16 Cisco Technology, Inc. Token ring spanning tree protocol
EP1116132A2 (en) 1998-09-22 2001-07-18 Science Applications International Corporation User-defined dynamic collaborative environments
US6839759B2 (en) 1998-10-30 2005-01-04 Science Applications International Corp. Method for establishing secure communication link between computers of virtual private network without user entering any cryptographic information
US6714549B1 (en) * 1998-12-23 2004-03-30 Worldcom, Inc. High resiliency network infrastructure
US6615357B1 (en) * 1999-01-29 2003-09-02 International Business Machines Corporation System and method for network address translation integration with IP security
US6636898B1 (en) * 1999-01-29 2003-10-21 International Business Machines Corporation System and method for central management of connections in a virtual private network
US6081900A (en) 1999-03-16 2000-06-27 Novell, Inc. Secure intranet access
US6847620B1 (en) 1999-05-13 2005-01-25 Intermec Ip Corp. Mobile virtual LAN
US6970459B1 (en) 1999-05-13 2005-11-29 Intermec Ip Corp. Mobile virtual network system and method
US6675225B1 (en) 1999-08-26 2004-01-06 International Business Machines Corporation Method and system for algorithm-based address-evading network snoop avoider
US6917614B1 (en) * 1999-09-17 2005-07-12 Arris International, Inc. Multi-channel support for virtual private networks in a packet to ATM cell cable system
GB9922665D0 (en) * 1999-09-25 1999-11-24 Hewlett Packard Co A method of enforcing trusted functionality in a full function platform
JP2001160828A (ja) 1999-12-03 2001-06-12 Matsushita Electric Ind Co Ltd セキュリティ・ゲートウェイ装置におけるvpn通信方法
US6970941B1 (en) 1999-12-10 2005-11-29 Sun Microsystems, Inc. System and method for separating addresses from the delivery scheme in a virtual private network
US6697943B1 (en) 1999-12-17 2004-02-24 Cisco Technology, Inc. Use of cyclic redundancy checking for segregating control traffic
US6414956B1 (en) 1999-12-17 2002-07-02 Texas Instruments Incorporated VLAN tag transport within a switch
GB2364477B (en) 2000-01-18 2003-11-05 Ericsson Telefon Ab L M Virtual private networks
US6639901B1 (en) 2000-01-24 2003-10-28 3Com Corporation Apparatus for and method for supporting 802.1Q VLAN tagging with independent VLAN learning in LAN emulation networks
US7028186B1 (en) 2000-02-11 2006-04-11 Nokia, Inc. Key management methods for wireless LANs
US6961762B1 (en) 2000-02-14 2005-11-01 Sygate Technologies, Inc. Automatic switching network points based on configuration profiles
AU2001247295A1 (en) 2000-03-07 2001-09-17 General Instrument Corporation Authenticated dynamic address assignment
US7173923B2 (en) 2000-03-17 2007-02-06 Symbol Technologies, Inc. Security in multiple wireless local area networks
US6978364B1 (en) 2000-04-12 2005-12-20 Microsoft Corporation VPN enrollment protocol gateway
US7181542B2 (en) 2000-04-12 2007-02-20 Corente, Inc. Method and system for managing and configuring virtual private networks
US6981041B2 (en) 2000-04-13 2005-12-27 Aep Networks, Inc. Apparatus and accompanying methods for providing, through a centralized server site, an integrated virtual office environment, remotely accessible via a network-connected web browser, with remote network monitoring and management capabilities
US20020022483A1 (en) 2000-04-18 2002-02-21 Wayport, Inc. Distributed network communication system which allows multiple wireless service providers to share a common network infrastructure
US20020016926A1 (en) 2000-04-27 2002-02-07 Nguyen Thomas T. Method and apparatus for integrating tunneling protocols with standard routing protocols
US7356841B2 (en) 2000-05-12 2008-04-08 Solutioninc Limited Server and method for providing specific network services
US7055171B1 (en) 2000-05-31 2006-05-30 Hewlett-Packard Development Company, L.P. Highly secure computer system architecture for a heterogeneous client environment
JP3585422B2 (ja) 2000-06-01 2004-11-04 シャープ株式会社 アクセスポイント装置及びその認証処理方法
GB2363548A (en) 2000-06-15 2001-12-19 Int Computers Ltd Computer systems, in particular virtual private networks
US6981281B1 (en) * 2000-06-21 2005-12-27 Microsoft Corporation Filtering a permission set using permission requests associated with a code assembly
US7054329B2 (en) 2000-07-07 2006-05-30 Koninklijke Philips Electronics, N.V. Collision avoidance in IEEE 802.11 contention free period (CFP) with overlapping basic service sets (BSSs)
US7151762B1 (en) 2000-07-14 2006-12-19 At&T Corp. Virtual streams for QoS-driven wireless LANs
US20020143960A1 (en) 2000-08-02 2002-10-03 Erez Goren Virtual network generation system and method
US6904054B1 (en) 2000-08-10 2005-06-07 Verizon Communications Inc. Support for quality of service and vertical services in digital subscriber line domain
WO2002017571A1 (en) 2000-08-24 2002-02-28 Tiara Networks, Inc. System and method for connecting geographically distributed virtual local area networks
US7596223B1 (en) 2000-09-12 2009-09-29 Apple Inc. User control of a secure wireless computer network
US6954790B2 (en) 2000-12-05 2005-10-11 Interactive People Unplugged Ab Network-based mobile workgroup system
US20040054902A1 (en) 2000-12-06 2004-03-18 Yoshinori Fujimoto Virtual private network
US20020083344A1 (en) 2000-12-21 2002-06-27 Vairavan Kannan P. Integrated intelligent inter/intra networking device
US6912592B2 (en) 2001-01-05 2005-06-28 Extreme Networks, Inc. Method and system of aggregate multiple VLANs in a metropolitan area network
US7209479B2 (en) 2001-01-18 2007-04-24 Science Application International Corp. Third party VPN certification
US20020174335A1 (en) 2001-03-30 2002-11-21 Junbiao Zhang IP-based AAA scheme for wireless LAN virtual operators
US7174390B2 (en) 2001-04-20 2007-02-06 Egenera, Inc. Address resolution protocol system and method in a virtual network
US7061899B2 (en) 2001-05-01 2006-06-13 Hewlett-Packard Development Company, L.P. Method and apparatus for providing network security
US6387966B1 (en) 2001-05-21 2002-05-14 Vadim Goldshtein Method and composition for devulcanization of waste rubber
US20020178240A1 (en) * 2001-05-24 2002-11-28 International Business Machines Corporation System and method for selectively confirming digital certificates in a virtual private network
US7003662B2 (en) * 2001-05-24 2006-02-21 International Business Machines Corporation System and method for dynamically determining CRL locations and access methods
US20030206518A1 (en) 2001-05-25 2003-11-06 Yik James Ching-Shau Public access separation in a virtual networking environment
US20020199021A1 (en) 2001-06-26 2002-12-26 Niels Beier Method and apparatus for using the type/length field in an ethernet mac header for carrying generic tags/labels
US7107464B2 (en) * 2001-07-10 2006-09-12 Telecom Italia S.P.A. Virtual private network mechanism incorporating security association processor
US6981259B2 (en) 2001-08-02 2005-12-27 Hewlett-Packard Development Company, L.P. System and method for generating a virtual device
US7130904B2 (en) 2001-08-16 2006-10-31 Intel Corporation Multiple link layer wireless access point
US20030037258A1 (en) 2001-08-17 2003-02-20 Izchak Koren Information security system and method`
US7194622B1 (en) 2001-12-13 2007-03-20 Cisco Technology, Inc. Network partitioning using encryption
US7986937B2 (en) * 2001-12-20 2011-07-26 Microsoft Corporation Public access point
US7188364B2 (en) * 2001-12-20 2007-03-06 Cranite Systems, Inc. Personal virtual bridged local area networks
US7120791B2 (en) * 2002-01-25 2006-10-10 Cranite Systems, Inc. Bridged cryptographic VLAN
DE60209858T2 (de) * 2002-01-18 2006-08-17 Nokia Corp. Verfahren und Einrichtung zur Zugriffskontrolle eines mobilen Endgerätes in einem Kommunikationsnetzwerk
US7313135B2 (en) 2002-01-31 2007-12-25 Mosaid Technologies, Inc. Trunking in a matrix
US7203957B2 (en) * 2002-04-04 2007-04-10 At&T Corp. Multipoint server for providing secure, scaleable connections between a plurality of network devices
US7277442B1 (en) * 2002-04-26 2007-10-02 At&T Corp. Ethernet-to-ATM interworking that conserves VLAN assignments
US7546458B1 (en) 2002-05-04 2009-06-09 Atheros Communications, Inc. Method for organizing virtual networks while optimizing security
US7058796B2 (en) 2002-05-20 2006-06-06 Airdefense, Inc. Method and system for actively defending a wireless LAN against attacks
US7042852B2 (en) 2002-05-20 2006-05-09 Airdefense, Inc. System and method for wireless LAN dynamic channel change with honeypot trap
US7086089B2 (en) 2002-05-20 2006-08-01 Airdefense, Inc. Systems and methods for network security
US7113498B2 (en) * 2002-06-05 2006-09-26 Broadcom Corporation Virtual switch
US7093027B1 (en) 2002-07-23 2006-08-15 Atrica Israel Ltd. Fast connection protection in a virtual local area network based stack environment
US7453888B2 (en) * 2002-08-27 2008-11-18 Alcatel Lucent Stackable virtual local area network provisioning in bridged networks
US7062566B2 (en) * 2002-10-24 2006-06-13 3Com Corporation System and method for using virtual local area network tags with a virtual private network
US7284062B2 (en) * 2002-12-06 2007-10-16 Microsoft Corporation Increasing the level of automation when provisioning a computer system to access a network
JP4103611B2 (ja) * 2003-02-03 2008-06-18 ソニー株式会社 無線アドホック通信システム、端末、その端末における認証方法、暗号化方法及び端末管理方法並びにそれらの方法を端末に実行させるためのプログラム
WO2004079581A1 (en) 2003-03-05 2004-09-16 Intellisync Corporation Virtual private network between computing network and remote device
US7478427B2 (en) * 2003-05-05 2009-01-13 Alcatel-Lucent Usa Inc. Method and apparatus for providing adaptive VPN to enable different security levels in virtual private networks (VPNs)
US20050223111A1 (en) 2003-11-04 2005-10-06 Nehru Bhandaru Secure, standards-based communications across a wide-area network
US7164912B2 (en) 2004-01-07 2007-01-16 Research In Motion Limited Apparatus, and associated method, for facilitating selection by a mobile node of a network through which to communicate using a hierarchical selection process
US7392520B2 (en) * 2004-02-27 2008-06-24 Lucent Technologies Inc. Method and apparatus for upgrading software in network bridges
US20050226257A1 (en) * 2004-03-30 2005-10-13 Adc Broadband Access Systems, Inc. Virtual local area network
US20050283604A1 (en) * 2004-06-21 2005-12-22 Ipolicy Networks, Inc., A Delaware Corporation Security association configuration in virtual private networks
JP4407452B2 (ja) * 2004-09-29 2010-02-03 株式会社日立製作所 サーバ、vpnクライアント、vpnシステム、及びソフトウェア
US7292592B2 (en) 2004-10-08 2007-11-06 Telefonaktiebolaget Lm Ericsson (Publ) Home network-assisted selection of intermediary network for a roaming mobile terminal
US7434047B2 (en) * 2004-12-30 2008-10-07 Nokia, Inc. System, method and computer program product for detecting a rogue member in a multicast group
US7673068B2 (en) * 2005-04-18 2010-03-02 Alcatel Lucent Method and system for implementing a high availability VLAN
CN100377548C (zh) * 2005-07-15 2008-03-26 华为技术有限公司 一种实现虚交换的方法和装置
US7616579B2 (en) * 2005-07-21 2009-11-10 Netcordia, Inc. Voice over IP analysis system and method
US20070036165A1 (en) * 2005-08-11 2007-02-15 Laurence Rose Method and Network Element Configured for Limiting the Number of Virtual Local Area Networks Creatable by GVRP
US7920548B2 (en) * 2005-08-18 2011-04-05 Hong Kong Applied Science And Technology Research Institute Co. Ltd. Intelligent switching for secure and reliable voice-over-IP PBX service
US7746892B2 (en) * 2005-11-02 2010-06-29 Nortel Networks Limited Method and apparatus for transporting ethernet services
US7869371B2 (en) * 2005-12-20 2011-01-11 Ixia Method and system for testing a connection
US7957325B2 (en) * 2006-03-13 2011-06-07 Alcatel Lucent Method and network element configured for limiting the number virtual local area networks creatable by GVRP
US8565123B2 (en) * 2006-05-03 2013-10-22 Cisco Technology, Inc. System and method for running a multiple spanning tree protocol with a very large number of domains
US20070271606A1 (en) * 2006-05-17 2007-11-22 Amann Keith R Apparatus and method for establishing a VPN tunnel between a wireless device and a LAN
US7693985B2 (en) * 2006-06-09 2010-04-06 Cisco Technology, Inc. Technique for dispatching data packets to service control engines
US7792990B2 (en) * 2007-04-30 2010-09-07 Hewlett-Packard Development Company, L.P. Remote client remediation
KR100918398B1 (ko) * 2007-12-13 2009-09-21 한국전자통신연구원 Vlan 태그 프레임 처리 장치 및 방법
US8181009B2 (en) * 2009-03-03 2012-05-15 Harris Corporation VLAN tagging over IPSec tunnels
US8098656B2 (en) * 2009-06-26 2012-01-17 Avaya, Inc. Method and apparatus for implementing L2 VPNs on an IP network
US8837281B2 (en) 2010-09-10 2014-09-16 Futurewei Technologies, Inc. Use of partitions to reduce flooding and filtering database size requirements in large layer two networks

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789364A (zh) * 2014-08-01 2017-05-31 阔地教育科技有限公司 一种应用资源控制架构的方法
CN106789364B (zh) * 2014-08-01 2020-05-08 阔地教育科技有限公司 一种应用资源控制架构的方法

Also Published As

Publication number Publication date
EP1457004A1 (en) 2004-09-15
EP1457004B1 (en) 2018-10-24
US20060206944A1 (en) 2006-09-14
US7644437B2 (en) 2010-01-05
US8276198B2 (en) 2012-09-25
KR100891041B1 (ko) 2009-03-31
US8966611B2 (en) 2015-02-24
EP2469772A2 (en) 2012-06-27
EP2479936A1 (en) 2012-07-25
EP2640008A3 (en) 2014-12-10
AU2002240211A1 (en) 2003-07-09
JP2005513915A (ja) 2005-05-12
US7703132B2 (en) 2010-04-20
WO2003055151A1 (en) 2003-07-03
EP2640008B1 (en) 2017-08-02
US20080198863A1 (en) 2008-08-21
US20030120763A1 (en) 2003-06-26
EP2469772A3 (en) 2014-02-19
US20110126278A1 (en) 2011-05-26
CN1606849B (zh) 2011-06-08
KR20040066902A (ko) 2004-07-27
US7188364B2 (en) 2007-03-06
CN102130919B (zh) 2013-06-26
US20130024692A1 (en) 2013-01-24
US7886354B2 (en) 2011-02-08
US20080198821A1 (en) 2008-08-21
US7877080B2 (en) 2011-01-25
EP1457004A4 (en) 2011-04-27
JP4190421B2 (ja) 2008-12-03
EP2640008A2 (en) 2013-09-18
US20080301442A1 (en) 2008-12-04
CN1606849A (zh) 2005-04-13

Similar Documents

Publication Publication Date Title
CN1606849B (zh) 个人虚拟桥接局域网
US7986937B2 (en) Public access point
JP2005513915A6 (ja) パーソナル仮想ブリッジ・ローカル・エリア・ネットワーク

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150505

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150505

Address after: Washington State

Patentee after: Micro soft technique license Co., Ltd

Address before: Washington State

Patentee before: Microsoft Corp.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130626

Termination date: 20190201