| 发明名称 | Secure DHCP processing for layer two access networks | ||
| 摘要 | In general, this disclosure describes network security techniques that may accommodate legitimate movement of a subscriber device while preventing MAC collisions that may result from configuration errors or MAC spoofing attempts. MAC spoofing may result in packets directed to one subscriber device being sent instead to another subscriber device. By modifying an access node or a Dynamic Host Configuration Protocol (DHCP) server to allow only authorized subscriber devices on the access network, layer two collisions (“MAC collisions”) may be prevented. | ||
| 申请公布号 | US8862705(B2) | 申请公布日期 | 2014.10.14 |
| 申请号 | US200912512245 | 申请日期 | 2009.07.30 |
| 申请人 | Calix, Inc. | 发明人 | Baykal Berkay;Butler Duane M.;Conner Michael W.;Missett Shaun Noel |
| 分类号 | G06F15/177;H04L29/12;H04L29/06 | 主分类号 | G06F15/177 |
| 代理机构 | Fogg & Powers LLC | 代理人 | Fogg & Powers LLC |
| 主权项 | 1. A method comprising: receiving a layer two domain identifier of a layer two domain in which a first subscriber device resides; storing an association between the layer two domain identifier of the first subscriber device and a layer two address of the first subscriber device; comparing a layer two domain identifier and a layer two address of a second subscriber device attempting to acquire a layer three address with the layer two domain identifier and the layer two address of the first subscriber device; denying a layer three address to the second subscriber device based on the comparison if the first subscriber device and the second subscriber device share the same layer two address and share the same layer two domain identifier; and offering the second subscriber device a layer three address based on the comparison if the first subscriber device and the second subscriber device share the same layer two address but have different layer two domain identifiers. | ||
| 地址 | Petaluma CA US | ||