Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network.

Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network.

Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network.

Abstract: A LAN switch has a backplane matrix in which each controller has a dedicated packet bus for propagating packet data. Each bus has a root interfacing with the transmitting (root) controller and a plurality of leaves interfacing with receiving (leaf) controllers. This configuration enables each controller to simultaneously transmit packet data on the root of a bus and receive packet data off a plurality of leaves of other buses without contention. An efficient filtering and stalling system employed at the receive side of the backplane prevents the highly parallel traffic from causing receive side congestion.

Abstract: A LAN switch has a backplane matrix in which each controller has a dedicated packet bus for propagating packet data. Each bus has a root interfacing with the transmitting (root) controller and a plurality of leaves interfacing with receiving (leaf) controllers. This configuration enables each controller to simultaneously transmit packet data on the root of a bus and receive packet data off a plurality of leaves of other buses without contention. An efficient filtering and stalling system employed at the receive side of the backplane prevents the highly parallel traffic from causing receive side congestion.

Abstract: Methods for configuring, maintaining connectivity in and utilizing an ATM network. Neighboring switches share topology information and enable links to neighboring switches for tag switching. Point-to-point tagged virtual connections are established between switches on the best and next-best paths learned from topology information. Point-to-multipoint tagged virtual connections are established on the spanning tree path. Multiple tag allocation requests are included in a single message to preserve bandwidth. Next-best paths are established to reduce latency in event of link failure. Forwarding operations may be performed in hardware to reduce latency during message forwarding.

Abstract: A dedicated bandwidth switch backplane has efficient receive processing capable of handling highly parallel traffic. Packets must pass a filtering check and a watermark check before the receive port is allowed to release them to a queue. Highly efficient algorithms are applied to conduct the checks on the packets in a way which expedites receive processing and avoids contention. A hybrid priority/port-based arbitration algorithm is used to sequence filtering checks on pending packets. A watermark comparison algorithm performs preliminary calculations on the current packet using “projected” output queue write addresses for each possible outcome of the queueing decision on the preceding packet and using the actual outcome to select from among preliminary calculations to efficiently address the outcome-dependence of the current packet's watermark check on the queueing decision made on the preceding packet.

Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network.

Abstract: Methods for configuring, maintaining connectivity in and utilizing an ATM network. Neighboring switches share topology information and enable links to neighboring switches for tag switching. Point-to-point tagged virtual connections are established between switches on the best and next-best paths learned from topology information. Point-to-multipoint tagged virtual connections are established on the spanning tree path. Multiple tag allocation requests are included in a single message to preserve bandwidth. Next-best paths are established to reduce latency in event of link failure. Forwarding operations may be performed in hardware to reduce latency during message forwarding.

Abstract: A method and apparatus for maintaining packet order integrity in a switching engine wherein inbound packets are forwarded to different ones of parallel processing elements for switching. Order preservation for packets relating to the same conversation is guaranteed by checking for each inbound packet whether a previous packet from the same source is pending at a processing element and, if the check reveals that such a packet is pending, forwarding the inbound packet to the same processing element as the previous packet.

Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network.

Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network.

Abstract: A dedicated bandwidth switch backplane has efficient receive processing capable of handling highly parallel traffic. Packets must pass a filtering check and a watermark check before the receive port is allowed to release them to a queue. Highly efficient algorithms are applied to conduct the checks on the packets in a way which expedites receive processing and avoids contention. A hybrid priority/port-based arbitration algorithm is used to sequence filtering checks on pending packets. A watermark comparison algorithm performs preliminary calculations on the current packet using “projected” output queue write addresses for each possible outcome of the queueing decision on the preceding packet and using the actual outcome to select from among preliminary calculations to efficiently address the outcome-dependence of the current packet's watermark check on the queueing decision made on the preceding packet.

Abstract: A dedicated bandwidth switch backplane has efficient receive processing capable of handling highly parallel traffic. Packets must pass a filtering check and a watermark check before the receive port is allowed to release them to a queue. Highly efficient algorithms are applied to conduct the checks on the packets in a way which expedites receive processing and avoids contention. A hybrid priority/port-based arbitration algorithm is used to sequence filtering checks on pending packets. A watermark comparison algorithm performs preliminary calculations on the current packet using “projected” output queue write addresses for each possible outcome of the queueing decision on the preceding packet and using the actual outcome to select from among preliminary calculations to efficiently address the outcome-dependence of the current packet's watermark check on the queueing decision made on the preceding packet.

Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network.

Abstract: Methods for configuring, maintaining connectivity in and utilizing an ATM network. Neighboring switches share topology information and enable links to neighboring switches for tag switching. Point-to-point tagged virtual connections are established between switches on the best and next-best paths learned from topology information. Point-to-multipoint tagged virtual connections are established on the spanning tree path. Multiple tag allocation requests are included in a single message to preserve bandwidth. Next-best paths are established to reduce latency in event of link failure. Forwarding operations may be performed in hardware to reduce latency during message forwarding.

Abstract: A method and apparatus are provided to transfer protocol data units within a communication network. This transferring is accomplished with a protocol data unit processor that is operated in the communication network. The processor includes a preprocessor which establishes subsequent processing requirements of a particular protocol data unit received from the communication network to generate at least one associated directive for the particular protocol data unit. Subsequently, a synchronizing mechanism synchronizes the particular protocol data unit with the at least one associated directive to generate a synchronized protocol data unit. A restructuring device restructures the synchronized protocol data unit in accordance with the at least one associated directive for the protocol data unit to generate a restructured protocol data unit. In addition, a method of operating the protocol data unit processor in a heterogeneous communication network is provided.

Abstract: A physical switching device for use in a communication network to switch Open Systems Interconnection (OSI) network layer packets and method of use therefor is provided. The physical switching device includes at least a first and a second virtual switch. Each virtual switch includes a decision mechanism for determining an associated directive based on a destination identifier within a particular packet received at a data port. A processor is coupled to each virtual switch to insert the particular packet into an outgoing data stream on another data port to deliver the packet. Both data ports are associated with a plurality of data interfaces in the physical switching device. A management apparatus is coupled to each virtual switch to maintain information on an association between the plurality of data interfaces and the virtual switches.

Abstract: A decision process is optimized through selectively examining only those bits of a protocol data unit received from a communication network which affect the decision process. These decision-significant bits include two non-contiguous bits of the protocol data unit. Subsequently, a portion of the received protocol data unit is compared with a predetermined tuple to validate the decision process. The predetermined tuple includes known values for a specific portion of the protocol data unit having the two non-contiguous decision-significant bits. Associated directives are generated for the protocol data unit based upon the validated decision process. Alternatively, this processing is a radix tree-type decision process in which the decision-significant bits are grouped together into decision groups and decisions are made based on decision groups rather than individual decision-significant bits.