| 发明名称 |
System and method for restricting network access using forwarding databases |
| 摘要 |
This specification describes a system that can offer, among other advantages, dynamically allowing or rejecting non-DHCP packets entering a switch. In addition, a FDB is commonly used by a bridge or switch to store an incoming packet's source MAC address and its port number, then later on if the destination MAC address of another incoming packet matching any entry in FDB will be forwarded to its associated port. Using the techniques described herein, not only this will be completely transparent to user, the techniques can also result in an increase in switch performance by blocking unwanted traffic at an earlier stage of forwarding process and freeing up other processing units at a later stage, like switch fabric or packet processing stages. |
| 申请公布号 |
US8964747(B2) |
申请公布日期 |
2015.02.24 |
| 申请号 |
US200912370562 |
申请日期 |
2009.02.12 |
| 申请人 |
Trapeze Networks, Inc. |
发明人 |
Albert Hu Tyng Jar |
| 分类号 |
H04L12/28;H04L12/56;H04J3/16;H04J3/22;H04L29/12;H04L29/06;H04L12/935;H04L12/931 |
主分类号 |
H04L12/28 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method, comprising:
receiving a data unit including layer 2 client-identification data; if the data unit does include layer 3 address data, forwarding the data unit, and if the included layer 3 address data confirms a layer 3 address assignment and if a layer 3 address assignment status restriction attribute associated with the received data unit is enabled, disabling the layer 3 address assignment status restriction attribute associated with the received data unit; and if the data unit does not include layer 3 address data and if the layer 3 address assignment status restriction attribute associated with the received data unit is enabled, discarding the data unit. |
| 地址 |
Pleasanton CA US |
