| 发明名称 | Managing command compliance in internetworking devices | ||
| 摘要 | In an embodiment, an internetworking device is configured with compliance proxy logic that is configured for sending, to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes the command; receiving a compliance response from the compliance server; in response to determining whether the compliance response indicates success, executing the command only when the compliance response indicates that the command conforms to the one or more compliance policies. Thus the device can determine actively whether a proposed user command or configuration change will violate established standards or policies, before the command or change is applied to the device. | ||
| 申请公布号 | US8856292(B2) | 申请公布日期 | 2014.10.07 |
| 申请号 | US200912634738 | 申请日期 | 2009.12.10 |
| 申请人 | Cisco Technology, Inc. | 发明人 | Srinivasan Shyam Sundar;Jayaraman Rajagopal |
| 分类号 | G06F15/173 | 主分类号 | G06F15/173 |
| 代理机构 | Hickman Palermo Truong Becker Bingham Wong LLP | 代理人 | Hickman Palermo Truong Becker Bingham Wong LLP |
| 主权项 | 1. An apparatus, comprising: one or more network interfaces configured to couple to a data network for sending and receiving one or more packets; one or more processors; a switching system and packet forwarding logic, wherein the switching system is coupled to the one or more processors, wherein the switching system and packet forwarding logic are configured to send and receive packets on the one or more network interfaces; a non-transitory computer-readable storage medium storing one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform: receiving a command to configure the apparatus; sending, from the apparatus over a network to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes all or part of the command and wherein each compliance policy of the one or more compliance policies includes a rule specifying one or more required device commands or parameters that must be configured on the apparatus before executing the command; sending, from the apparatus over the network to the compliance server, a copy of a then-currently running configuration for the apparatus, wherein the compliance server is configured to use the copy of the runninguration to determine whether the command would conform to the compliance policies when applied to the running configuration; receiving, over the network at the apparatus, a compliance response from the compliance server; in response to determining whether the compliance response indicates success, executing the command at the apparatus only when the compliance response indicates that the command conforms to the one or more compliance policies. | ||
| 地址 | San Jose CA US | ||