Abstract: Controlling access to managed objects associated with a networked device. A method comprises receiving a request from a principal for access to a managed object associated with the networked device. The managed objects are accessible based on membership in access groups that are compliant with a Simple Network Management Protocol (SNMP). A first and a second of the access groups associated with the principal are determined. Access privileges for the principal are determined, based on the first and the second access groups. Access to the managed object is granted if permitted based on the access privileges for the principal.

Abstract: Controlling access to managed objects associated with a networked device. A method comprises receiving a request from a principal for access to a managed object associated with the networked device. The managed objects are accessible based on membership in access groups that are compliant with a Simple Network Management Protocol (SNMP). A first and a second of the access groups associated with the principal are determined. Access privileges for the principal are determined, based on the first and the second access groups. Access to the managed object is granted if permitted based on the access privileges for the principal.

Abstract: Controlling access to managed objects associated with a networked device. A method comprises receiving a request from a principal for access to a managed object associated with the networked device. The managed objects are accessible based on membership in access groups that are compliant with a Simple Network Management Protocol (SNMP). A first and a second of the access groups associated with the principal are determined. Access privileges for the principal are determined, based on the first and the second access groups. Access to the managed object is granted if permitted based on the access privileges for the principal.

Abstract: An apparatus is disclosed for creating and storing policy data records comprising data identifying network policy decisions. After a data packet is received, a network policy decision is made based on information in the packet and one or more network policies. A policy data record identifying the network policy decision is created, and the policy data record is stored.

Abstract: A system and method for implementing telephony devices in a distributed network environment is disclosed. The present invention provides for voice transmissions to be given a dedicated virtual local area network (“VLAN”) for packet transmission and reception to prevent poor quality of service. Non-voice data packets are transmitted on a separate VLAN.

Abstract: A system and method for implementing telephony devices in a distributed network environment is disclosed. The present invention provides for checking data packets to ensure that non-voice data packets are properly tagged to be transmitted on a native virtual local area network (“VLAN”). Voice data packets transmitted on a separate VLAN with a higher priority.

Abstract: A method and apparatus for communicating a COPS protocol policy to a non-COPS-enabled network device is provided. A COPS proxy is connected between a policy server and a non-COPS-enabled network device. The policy server is configured to communicate COPS protocol policies to the COPS proxy, which is, in turn, configured to translate the COPS protocol policy into a policy that is in accordance with a policy protocol that the non-COPS-enabled network device can receive and correctly interpret (“non-COPS protocol”). The translation of the policy utilizes a mapping database that delineates predetermined relationships between COPS protocol policies and the non-COPS protocol policies. More specifically, the mapping database can include relationships between COPS protocol policy information base variables, network device roles and characteristics, and non-COPS protocol parameters and associated values. Further, the COPS proxy can be configured to detect and reconcile policy conflicts for one or more network devices.

Abstract: A method and system for monitoring objects in a plurality of management information bases (MIBs) is provided. The objects required for functioning of an application are identified from the MIBs. The application identifies these objects. The identified OIDs are grouped in a group depending on grouping rules provided by the application. A rate for detecting changes in the group is provided. The changes in the group are detected at the provided rate. A notification is generated on detecting a change in the group. The notification is sent to the application. The notification reports a change in the identified OIDs in the group.

Abstract: A method for operating a computer network includes: a become_root_primary command is issued to a first router to set an ID so that a spanning tree protocol (STP) selects the first router as a primary root router; a become_root_secondary command is issued to a second router to set an ID so that STP selects the second router as a secondary root router; transitioning, in response to failure of the first router, the second router to become the root router. An enable_uplinkfast command is issued to a router, and the router selects a backup designated port for a designated port, and selects a backup root port for a root port. Ports transmit BPDU messages as heartbeat messages, and a failure to detect the BPDU messages results in a backup port assuming the role of a port not detecting the BPDU messages.

Abstract: Controlling access to managed objects associated with a networked device. A method comprises receiving a request from a principal for access to a managed object associated with the networked device. The managed objects are accessible based on membership in access groups that are compliant with a Simple Network Management Protocol (SNMP). A first and a second of the access groups associated with the principal are determined. Access privileges for the principal are determined, based on the first and the second access groups. Access to the managed object is granted if permitted based on the access privileges for the principal.

Abstract: A system and method for implementing telephony devices in a distributed network environment is disclosed. The present invention provides for voice transmissions to be given a dedicated virtual local area network (“VLAN”) for packet transmission and reception to prevent poor quality of service. Non-voice data packets are transmitted on a separate VLAN.

Abstract: A method and apparatus for determining a network performance metric in a network is described. The network includes a number of network elements and a number of links. Each of the network elements is coupled to at least one other of the network elements by at least one of the links. The method includes forming a first set of network element pairs, ordering a first number of network element pairs, forming a second set of network element pairs, measuring a measured network performance metric between a first network element pair and computing a computed network performance metric. The first set of network element pairs include a number of pairs of the network elements. The ordering of a first number of network element pairs includes network element pairs in the first set of network element pairs. The second set of network element pairs includes network element pairs in the first set of network element pairs. The measurement is taken between a first network element pair.

Abstract: Controlling access to managed objects associated with a networked device. A method comprises receiving a request from a principal for access to a managed object associated with the networked device. The managed objects are accessible based on membership in access groups that are compliant with a Simple Network Management Protocol (SNMP). A first and a second of the access groups associated with the principal are determined. Access privileges for the principal are determined, based on the first and the second access groups. Access to the managed object is granted if permitted based on the access privileges for the principal.

Abstract: A system and method for implementing telephony devices in a distributed network environment is disclosed. The present invention provides for voice transmissions to be given a dedicated virtual local area network (“VLAN”) for packet transmission and reception to prevent poor quality of service. Non-voice data packets are transmitted on a separate VLAN.

Abstract: A method is disclosed for Simple Network Management Protocol (SNMP) bulk information processing. A request for a plurality of object instances stored in a storage space is received. The request specifies a condition and a maximum number of repetitions. The values of one or more object instances of the plurality of object instances are retrieved. The retrieval of object instance values is terminated when the condition is satisfied even though the maximum number of repetitions is not reached. For example, the condition may be specified by one or more pairs of Object Identifier (OID) values, wherein each pair is represented by a starting OID value and an ending OID value. In this example, the condition is satisfied when an OID value of an object instance that is retrieved is not lexicographically between the starting OID value and the ending OID value of any pair of the one or more pairs.

Abstract: A method and apparatus for auto-configuring layer 3 intermediate devices in computer networks by extending the Dynamic Host Configuration Protocol (DHCP). The devices generate, transmit and receive DHCP messages having novel options embedded therein. The options permit a layer 3 device to request and receive from a DHCP server a unique, overall IP address that may be assigned to the device. The device may also request and receive one or more IP subnets and corresponding IP addresses for each of its interfaces. The device may further receive the routing protocols to be used on the various subnets. The layer 3 device can thus be auto-configured with IP configuration parameters, including IP subnets, IP addresses and routing protocols without the time-consuming, manual involvement of a network administrator.

Abstract: A solution is provided wherein physical link parameters may be negotiated after a link is brought up by having the two devices involved in the link exchange identifiers when the link is initially brought up. These identifiers may be saved in the devices and then utilized upon receipt of subsequent physical link parameter negotiation packets to ensure that these packets are received by a partner who is connected via a physical link.

Abstract: A system for setting expressions at an agent including a processor configured to receive a SNMP message from a management station specifying objects for notifications supported by the agent and expressions based on the objects, set expressions for the notification, evaluate expressions when the notification containing the expression is generated, and send the notification to the management station.

Abstract: A system for rapidly switching at least one virtual local area network (VLAN) from a first loop-free topology to a second loop-free topology in response to a failure within the first loop-free topology. Each VLAN has one “logical” VLAN which represents the network entities organized into the VLAN and a set of “physical” VLANs each having its own VLAN designation. For each physical VLAN, a different loop-free topology is defined, although only one physical VLAN is “active” at any given time. Messages associated with the logical VLAN are tagged with the designation of the currently active physical VLAN, and forwarded along its loop-free topology. Upon detecting a failure in the loop-free topology, the logical VLAN is rapidly switched to the loop-free topology defined by a second, back-up physical VLAN. Following the switch, messages associated with the logical VLAN are tagged with the designation of this back-up VLAN and are forwarded along its loop-free topology.

Abstract: A method of operating a fault tolerant connection in a network is described. The network includes a number of network elements and a number of links. Each of the network elements is coupled to at least one other of the network elements by at least one of the links. The method identifies a first path and a second path. The first path is between a first one of the network elements and a second one of the network elements, as is the second path. Moreover, the first path and the second path are disjoint. This disjointedness can be any difference between the two paths (e.g., any combination of different network elements or links). A packet is sent from the first one of the network elements via the first path, while a duplicate packet is sent from the first one of the network elements via the second path. The duplicate packet is a duplicate of the packet. Once these packets have been sent, at least one of the packet and the duplicate packet are received at the second one of the network elements.