1518 results about "Virtual LAN" patented technology

The invention relates to a system and method for efficiently distributing multicast messages within computer networks configured to have one or more virtual local area network (VLAN) domains. A multicast network device (MND), having a plurality of interfaces, includes a multicast controller for efficiently distributing multicast messages among subscribing entities associated with various VLAN domains. The multicast controller, which is in communicating relationship with the interfaces, includes a VLAN assignment engine for assigning responsibility for the VLAN domains to the extent there are multiple MNDs. The multicast controller also accesses a multicast tag source to establish a plurality of novel VLAN tags for efficiently distributing multicast messages, including a sub-regional Multicast VLAN Identifier (MVLAN-ID) that encompasses all of the VLAN domains for which the respective MND is responsible, and one or more color-limited MVLAN-IDs that encompass all of the VLAN domains for which the MND is responsible except for one. The multicast controller then tags multicast messages with its sub-regional or a color-limited MVLAN-ID depending on whether the message is considered internal or external by the respective MND. The tagged messages are then forwarded for distribution to the subscribers associated with the various VLAN domains.

A method of determining local multicast information of a local area network (LAN), comprising dividing the LAN to a number of segments larger than the number of virtual LANs (VLANs) in the network and creating a layer-3 multicast routing table, which relates to each of the segments separately.

A network virtualization layer for an information handling system in which a physical machine coupled to a network is divided into a plurality of logical partitions, each of which has a host system residing thereon. In response to receiving a set command from one of the host systems specifying a data link layer (layer 2) address, the virtualization layer associates the data link layer address with the host system and forwards to the host system data packets specifying the data link layer address as a destination address. Unicast packets are forwarded to the single host system specifying the destination address as an individual MAC address, while multicast packets are forwarded to each host system specifying the destination address as a group MAC address. A host system may also specify a virtual LAN (VLAN) ID, which is used to scope the forwarding of packets to host systems sharing that VLAN ID.

A multiple instance spanning tree protocol (MI-STP) creates a plurality of active topologies (i.e., loop-free paths) within a computer network. These active topologies may be established through the exchange and processing of multiple instance spanning tree bridge protocol data unit messages (MI-STP BPDUs) by the intermediate network devices within the network. The active topologies are preferably created independently of any virtual local area network (VLAN) designations defined within the network. Once the active topologies are defined, each VLAN designation is then mapped to a single active topology, although multiple VLAN designations are preferably mapped to the same active topology to provide load balancing.

A communication system in which multiple protocols and proxy services are executed by an access point. In one embodiment of the invention, GVRP and GMRP registrations are combined in a single packet when a wireless device roams to a different VLAN. In addition, outbound GVRP and GMRP multicast messages are handled by an access point (also referred to as a GVRP and GMRP “gateway”) such that the wireless device is not burdened with the associated computational overhead. In a further embodiment, a wireless device may dynamically switch between a VLAN-aware state and a VLAN-unaware state depending on the nature of a detected access point. For example, if a relevant access point supports GVRP, the wireless device may operate as a VLAN terminal. If a wireless device is not attached to an access point with a matching VLAN ID, the wireless device sends and receives VLAN tagged frames. If a wireless device configured with a VLAN ID is attached to an access point with a matching VLAN ID, or if the wireless device is attached to a non-VLAN access point, then the wireless device may send and receive raw/untagged frames. In addition to the gateways described below, the ability of a wireless device to detect when it can send untagged frames is considered novel. In another embodiment of the invention, a special ID that is different than the native VLAN ID for a switch port is used for VLAN-unaware devices. This allows such devices that do not issue tagged frames to belong to a single VLAN ID.

A method and apparatus for implementing location-based identification in a communication network. The method comprises establishing a network connection between a host and a network, transmitting network data packets from the host through a connection port, transmitting data packets from the host through a location-specific connection port and identifying the port at an access concentrator in the form of a port identifier. The port identifier is then communicated to a network device, typically a gateway device, and stored in a database in communication with the network device. The method may include tagging the network packets at the access concentrator with a port identifier that corresponds to a media access control (MAC) address. The access concentrator and the network device will tag and communicate port numbers by assigning VLAN (Virtual Local Area Network) identifiers to the ports.

A method and an arrangement in an access network for preventing hosts (5;A,B) connected to the access network from communicating directly with each other. Said method comprises the steps of defining Virtual Local Area Networks, VLANs, in switches (3;12;12′;35,36,37;83) such that traffic arriving in the switches from said hosts is forced to an access router (1;11;11′;11″;81) and defining in the switches one asymmetrical downlink VLAN for downlink traffic from the access router to the hosts, said downlink VLAN being common to said hosts. According to the invention the method comprises the further steps of configuring the VLANs such that said hosts connected to the access network belong to the same IP subnet and configuring the access router to perform intra-subnet routing and to be an Address Resolution Protocol proxy.

The invention in the preferred embodiment features a system (200) and method for automatically segregating harmful traffic from other traffic at a plurality of network nodes including switches and routers. In the preferred embodiment, the system (200) comprises an intrusion detection system (105) to determine the identity of an intruder and a server (130) adapted to automatically install an isolation rule on the one or more network nodes (114, 115, 116) to quarantine packets from the intruder. The isolation rule in the preferred embodiment is a virtual local area network (VLAN) rule or access control list (ACL) rule that causes the network node to route any packets from the intruder into a quarantine VLAN or otherwise isolate the traffic from other network traffic. In large networks, the isolation rule may be installed on a select plurality of network nodes under the gateway router (104) associated with the node at which the intruder first entered the network (100).

Methods, apparatus, and products are disclosed for forwarding frames in a computer network using shortest path bridging (‘SPB’). The network includes multiple bridges, and each edge bridge is assigned a unique service virtual local area network (‘VLAN’) identifier. One of the bridges receives a frame for transmission to a destination node. The received frame includes a service VLAN identifier for the ingress bridge through which the frame entered the network and a customer VLAN identifier. The one bridge identifies an SPB forwarding tree in dependence upon the service VLAN identifier. The SPB forwarding tree specifies a shortest route in the network from the ingress bridge through the one bridge to the other bridges in the network. The one bridge then forwards the received frame to the egress bridge without MAC-in-MAC encapsulation in dependence upon the SPB forwarding tree and the customer VLAN identifier.

One embodiment of the present invention provides a switch. The switch includes a virtual local area network (VLAN) configuration module. During operation, the VLAN configuration module maps local resources of the switch and/or locally coupled end device information to a global VLAN identifier, wherein the global VLAN is persistent across a fabric switch. The fabric switch is operable to accommodate a plurality of switches and operates as a single logical switch.

In a network device such as a network switch having a port coupled to a communications medium dedicated to a single virtual local area network and another port coupled to a communications medium shared among multiple virtual local area networks for transmitting data frames between the dedicated communications medium and the shared communications medium, a method of identifying the virtual network associated with each data frame received by the network switch when transmitting the data frames over the shared communications medium. The method comprises receiving data frames from the dedicated communications medium coupled to one port, and, with respect to each data frame so received, inserting a new type field and a virtual network identifier field. The contents of the new type field indicate the data frame comprises a virtual network identifier field. The method further includes placing a value in the virtual network identifier field identifying the virtual network associated with the data frame and transmitting the data frame over the shared communications medium. Upon receipt of the data frames from over the shared communications medium, another network device can discern from the virtual network identifier field in each data frame the virtual network from which the data frames were received and determine whether to forward the data frames accordingly.

A fast protection mechanism capable of maintaining end-to-end and fast local protection on the order of sub 50 ms for both VLAN only based connections and for connections that are based partially on VLAN technology and partially on MPLS technology. The present invention is suitable for use edge switches configured in a stack or ring topology. The NMS provisions both the main and alternative VLANs in each edge switch in the stack portions of the network. When a link failure occurs, the edge switches on either end of the failed link immediately switch all protected traffic going through that link to the alternative VLAN. The packets are then returned on the links over which they were received. Hello messages are used to signal the remote end that a link failure has occurred and that protected traffic must be switched to the main or alternative VLAN in accordance with the VLAN the Hello message was received on.

A wireless virtual local area network (VLAN) and a device selectively connecting to the wireless VLAN over a second wireless network that may be independent of the wireless VLAN. The device is capable of connecting to at least the wireless VLAN and to the second wireless network. Wireless VLAN access points are each connected to an Ethernet aggregation switch, which is VLAN aware and matches client traffic from connected access points with access VLANs. A wireless VLAN switch maintains an association table between access VLANs and core VLANs. The second wireless network may be remotely connected over the Internet or a private network to a tunnel endpoint. The tunnel endpoint is connected to the VLAN switch, which uses the association table to manage free-form client traffic between connected devices and other mobile stations at access VLANs and appropriate core VLANs.

Methods, apparatuses and systems directed to the integration of VLANs and wireless access points operating in a Multiple BSSID mode of operation. According to one implementation of the present invention, a wireless access point dynamically maps an SSID provided by a mobile station to a BSSID based on a VLAN assignment corresponding to the mobile station. In one implementation, the wireless access point learns the correct VLAN/BSSID for a given mobile station, while proxying an authentication session between the mobile station and an authentication server.

System and method for repeater in a power line network. According to an embodiment, the present invention provides a method for power line communication network. The method includes providing a virtual local area network (VLAN), which VLAN includes at least a repeater, a client, and a gateway. The VLAN is associated with a network encryption key. The repeater is associated with a first identification. The client is associated with a second identification. The gateway is associated with a third identification. The first identification and the third identification are a service identification type. The second identification is a client identification type. The method also includes providing a power line network that is configured to transmit data through OFDM signaling. The method includes sending a first data packet in first format from the client through the power line network. The method additionally includes receiving the first data packet by the repeater through the power line network at through a first network interface.

An arbitrary node that belongs to a virtual LAN sends a request packet including a count value indicating the number of communication hops across nodes to each of its adjacent nodes that belong to the virtual LAN and are adjacent. Upon receiving the request packet, each of the adjacent nodes sends the request packet in which the count value is incremented or decremented, as predetermined, to each of its adjacent nodes that belong to the virtual LAN and are adjacent to the node, excluding a sender of the request packet received, and sends a reply packet including the sender's address (sender address), an address of the node that is a replying node (replying node address), and the count value to a given return destination. The return destination collects reply packets sent thereto and keeps track of the topology of the nodes constituting the virtual LAN from information contained in the reply packets.

An access node for an Ethernet network is connected between an access point of user devices and a broadband remote access server for access to a plurality of service providing networks. It includes a VLAN handling unit having a memory for storing identifications of Ethernet frames transmitted in a first VLAN including the access node and a local virtual router function unit of the access server in a second VLANs. Each of the second VLANs including the access node, the local virtual router function unit and one of the virtual router function units of the access server for each of the virtual router function units. A control unit commands the handling unit to transmit frames from a new user device that has connected itself to the access point into the first virtual local area network. The control unit also receives information from the access server in respect of routing frames and its commands to the handling unit to transmit frames from user device which is connected to the access point and the frames from which are transmitted into the first VLAN to be instead transmitted into one of the second VLAN as given by the information received from the broadband remote access server, the frames thereby being transmitted to the server of the respective service providing network.

Various embodiments are described herein that provide a network system comprising a first network element coupled to a network and a second network element directly coupled to the first network element. The first network element and the second network element are to connect to form a link aggregation group. The system additionally includes a network management device including a control agent, where the control agent is configured to configure the link aggregation group as a logical virtual tunnel end point (VTEP) of a virtual local area network (VLAN).

A method of operation for a provider edge device of a core network includes receiving a customer frame from an access network; the customer frame having a first Virtual Local Area Network (VLAN) tag of a first predetermined bit length. The first VLAN tag including a service instance identifier. The service instance identifier of the first VLAN tag is then mapped into a second VLAN tag of a second predetermined bit length greater than the first predetermined bit length. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. 37 CFR 1.72(b).

A system and method for sharing network resources; the system comprising: (1) at least one network switch; (2) a plurality of computing devices, where the computing device comprises (i) at least one network connection; (ii) a plurality of processing nodes; and (iii) at least one storage device containing software for (a) initializing and maintaining a plurality of top-layer virtual local area networks (VLANs), (b) initializing and maintaining a plurality of client VLANs; and (c) using an empty VLAN as a virtual wire between the client VLAN and a shared network resource.