Abstract: In general, the disclosure relates to a method for redirecting a user to a captive portal. The method includes trapping an incoming frame originating from a host, where the incoming frame comprises a L2 header and a payload, wherein the payload specifies information associated with an external server, wherein the user of the host has not been authenticated by the captive portal at a time when the incoming frame is trapped, extracting the L2 header, an L3 header, and the payload from the incoming frame, forwarding the L3 header and the payload towards a redirection server executing on the network device, wherein the redirection server is configured to generate a redirection response based on the payload; encapsulating the redirection response to obtain an L3 response packet, encapsulating the L3 response packet using information from the L2 header to obtain an output frame, and transmitting the output frame towards the host.

Abstract: In general, the disclosure relates to a method for redirecting a user to a captive portal. The method includes trapping an incoming frame originating from a host, where the incoming frame comprises a L2 header and a payload, wherein the payload specifies information associated with an external server, wherein the user of the host has not been authenticated by the captive portal at a time when the incoming frame is trapped, extracting the L2 header, an L3 header, and the payload from the incoming frame, forwarding the L3 header and the payload towards a redirection server executing on the network device, wherein the redirection server is configured to generate a redirection response based on the payload; encapsulating the redirection response to obtain an L3 response packet, encapsulating the L3 response packet using information from the L2 header to obtain an output frame, and transmitting the output frame towards the host.

Abstract: Embodiments of a method for redirecting, by a network device, a host to a captive portal are disclosed. The method includes receiving an incoming frame originating from the host. The incoming frame has a payload specifying information associated with an external server. A user of the host has not been authenticated by the captive portal at a time when the incoming frame is received by the network device. The network device matches at least a portion of the incoming frame to a custom redirect rule of a unified access control list (ACL) implemented by the network device. In response to the matching, the network device forwards the incoming frame towards an internal redirection server executing on the network device. The network device receives a redirection frame from the internal redirection server. The payload of the redirection frame is generated by the internal redirection server using at least a portion of the incoming frame. The redirection frame is transmitted towards the host.

Abstract: In general, the disclosure relates to a method for redirecting, by a network device, a host to a captive portal. The method includes receiving an incoming frame originating from the host. The incoming frame has a payload specifying information associated with an external server. A user of the host has not been authenticated by the captive portal at a time when the incoming frame is received by the network device. The network device matches at least a portion of the incoming frame to a custom redirect rule of a unified access control list (ACL) implemented by the network device. In response to the matching, the network device forwards the incoming frame towards an internal redirection server executing on the network device. The network device receives a redirection frame from the internal redirection server. The payload of the redirection frame is generated by the internal redirection server using at least a portion of the incoming frame. The redirection frame is transmitted towards the host.

Abstract: In general, the disclosure relates to a method for redirecting a user to a captive portal. The method includes trapping an incoming frame originating from a host, where the incoming frame comprises a L2 header and a payload, wherein the payload specifies information associated with an external server, wherein the user of the host has not been authenticated by the captive portal at a time when the incoming frame is trapped, extracting the L2 header, an L3 header, and the payload from the incoming frame, forwarding the L3 header and the payload towards a redirection server executing on the network device, wherein the redirection server is configured to generate a redirection response based on the payload; encapsulating the redirection response to obtain an L3 response packet, encapsulating the L3 response packet using information from the L2 header to obtain an output frame, and transmitting the output frame towards the host.

Abstract: Methods and apparatus for segregating traffic are disclosed. In accordance with one embodiment, a traffic splitter identifies a set of links coupled to the traffic splitter, where the set of links includes two or more uplinks, wherein each of the two or more uplinks are implemented in a common physical media. The two or more uplinks include a LAN uplink coupled to a LAN and a SAN uplink coupled to a SAN. The traffic splitter prevents SAN traffic from reaching the LAN via the LAN uplink. In addition, the traffic splitter prevents LAN traffic from reaching the SAN via the SAN uplink.

Abstract: Methods and apparatus for segregating traffic are disclosed. In accordance with one embodiment, a traffic splitter identifies a set of links coupled to the traffic splitter, where the set of links includes two or more uplinks, wherein each of the two or more uplinks are implemented in a common physical media. The two or more uplinks include a LAN uplink coupled to a LAN and a SAN uplink coupled to a SAN. The traffic splitter prevents SAN traffic from reaching the LAN via the LAN uplink. In addition, the traffic splitter prevents LAN traffic from reaching the SAN via the SAN uplink.

Abstract: Methods and apparatus for segregating traffic are disclosed. In accordance with one embodiment, a traffic splitter identifies a set of links coupled to the traffic splitter, where the set of links includes two or more uplinks, wherein each of the two or more uplinks are implemented in a common physical media. The two or more uplinks include a LAN uplink coupled to a LAN and a SAN uplink coupled to a SAN. The traffic splitter prevents SAN traffic from reaching the LAN via the LAN uplink. In addition, the traffic splitter prevents LAN traffic from reaching the SAN via the SAN uplink.

Abstract: Methods and apparatus are provided for injecting Fiber Channel over Ethernet (FCoE) discovery packets, such as FCoE Initialization Protocol (FIP) or Data Center Bridge Exchange (DCBX) Protocol packets, by proxy or by spoofing into data center networks supporting FCoE in certain switchover, In-Service Software Upgrade (ISSU), and error scenarios. The transmission by proxy or by spoofing may occur at an intermediate FIP snooping bridge for communicating between FCoE devices. In this manner, the robustness of an FCoE path from one end of the data center network to another may be increased.

Abstract: Techniques are provided herein for receiving at a first network device, a virtual local area network (VLAN) discovery frame from a second network device. The second network device is configured to encapsulate Fiber Channel over Ethernet. The hardware media access control (MAC) address or Port World Wide Name (PWWN) of the second network device is extracted from the VLAN discovery frame. A mapping is identified between the second network device and a corresponding virtual storage area network (VSAN) based on the hardware MAC address or PWWN. The mapping identifies a corresponding VLAN for the second network device to use for login in order to communicate with the corresponding VSAN. Information representing the identified VLAN is sent to the second network device.

Abstract: Techniques are provided herein for receiving at a first network device, a virtual local area network (VLAN) discovery frame from a second network device. The second network device is configured to encapsulate Fiber Channel over Ethernet. The hardware media access control (MAC) address or Port World Wide Name (PWWN) of the second network device is extracted from the VLAN discovery frame. A mapping is identified between the second network device and a corresponding virtual storage area network (VSAN) based on the hardware MAC address or PWWN. The mapping identifies a corresponding VLAN for the second network device to use for login in order to communicate with the corresponding VSAN. Information representing the identified VLAN is sent to the second network device.

Abstract: Methods and apparatus are provided for injecting Fibre Channel over Ethernet (FCoE) discovery packets, such as FCoE Initialization Protocol (FIP) or Data Center Bridge Exchange (DCBX) Protocol packets, by proxy or by spoofing into data center networks supporting FCoE in certain switchover, In-Service Software Upgrade (ISSU), and error scenarios. The transmission by proxy or by spoofing may occur at an intermediate FIP snooping bridge for communicating between FCoE devices. In this manner, the robustness of an FCoE path from one end of the data center network to another may be increased.

Abstract: Methods and apparatus for segregating traffic are disclosed. In accordance with one embodiment, a traffic splitter identifies a set of links coupled to the traffic splitter, where the set of links includes two or more uplinks, wherein each of the two or more uplinks are implemented in a common physical media. The two or more uplinks include a LAN uplink coupled to a LAN and a SAN uplink coupled to a SAN. The traffic splitter prevents SAN traffic from reaching the LAN via the LAN uplink. In addition, the traffic splitter prevents LAN traffic from reaching the SAN via the SAN uplink.