Abstract: A device associated with the authentication of a user on a network, i.e., an “authentication device,” initiates lawful interception of network traffic associated with the user. The authentication device communicates with a network service device, such as an edge router, providing network access or other services to the user to enable and disable monitoring of the network user. The authentication device may issue intercept requests to the network service device upon authenticating the network user during login or at any time while the network user's session is in progress. Upon receiving an intercept request from the authentication device, the network service device mirrors data packets flowing to and from the network user for which interception has been designated. The mirrored packets are sent to an analyzer, which analyzes the packets and provides packet analysis information to a law enforcement agency.

Abstract: Techniques are described for dynamically building an Ethernet virtual local area network (VLAN) interface in a network device. The techniques allow dynamic building of a second VLAN interface over a first VLAN interface statically built over an Ethernet port configured to support dynamic VLANs in a network device. A network device may receive a plurality of Ethernet packets from subscriber devices and dynamically build a second VLAN interface over the first VLAN interface for each of the subscribers. Once the second VLAN interface is built, the network device dynamically builds interface columns over the second VLAN interface for each protocol associated with the Ethernet packets. The network device may then authenticate a user associated with the plurality of Ethernet packets. Once the user has logged out of the network device, the network device may tear down the interface columns while persistently maintaining the corresponding second VLAN interface.

Abstract: Methods and systems consistent with the present invention provide a dynamic mechanism to support wholesale access for broadband subscribers. This mechanism involves dynamically discovering a retail ISP for a subscriber, and dynamically cross-connecting a subscriber's connection to a logical connection corresponding to a retail ISP, and is equally applicable to static, PPP and DHCP-based subscribers. Furthermore, dynamic steering of subscribers can be performed at layer 2 or layer 3 of the OSI model.

Abstract: Dynamic subscriber interfaces in a network device are provided. An input port receives data units from multiple subscribers. A primary interface extracts source identifiers from headers associated with the received data units and creates dynamic subscriber interfaces to allocate network device resources to each of the multiple subscribers based on the extracted source identifiers.

Abstract: Techniques are described that allow a network device, such as a router, to dynamically build VLAN interfaces based on subscriber information strings included within packets. In particular, the network device comprises an interface controller and a forwarding controller, where the forwarding controller receives the packet over an Ethernet port and forwards the received packet to the interface controller. The packet includes both Ethernet tagging information and a subscriber information string. The interface controller comprises an Ethernet module that dynamically builds a primary virtual local area network (VLAN) sub-interface (PVS) based on the Ethernet tagging information. The Ethernet module also dynamically builds a subscriber VLAN sub-interface (SVS) based on the subscriber information string. The SVS allows the network device to distinguish between subscribers residing on the same VLAN, and, therefore, to provide subscriber specific services.

Abstract: Techniques are described for dynamically configuring an interface in a network service provider. The techniques allow dynamic configuration of, for example, a dual stacked interface that includes both Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4) on the same layer 2 link. In this way, a customer network having an existing IPv4 connection to a network service provider will be able to run both IPv4 and IPv6 over the same interface. A network device within the network service provider may receive a control packet from a subscriber device. The packet may be received on an ATM hybrid permanent virtual circuit (PVC) that supports multiple interface columns. The network device is capable of auto-sensing multiple packet protocols and may dynamically create multiple interface columns over the same ATM interface based on the encapsulation type of the received packets.

Abstract: Techniques are described that allow a network device, such as a router, to dynamically build VLAN interfaces based on subscriber information strings included within packets. In particular, the network device comprises an interface controller and a forwarding controller, where the forwarding controller receives the packet over an Ethernet port and forwards the received packet to the interface controller. The packet includes both Ethernet tagging information and a subscriber information string. The interface controller comprises an Ethernet module that dynamically builds a primary virtual local area network (VLAN) sub-interface (PVS) based on the Ethernet tagging information. The Ethernet module also dynamically builds a subscriber VLAN sub-interface (SVS) based on the subscriber information string. The SVS allows the network device to distinguish between subscribers residing on the same VLAN, and, therefore, to provide subscriber specific services.

Abstract: Techniques are described that allow a network device, such as a router, to dynamically build VLAN interfaces based on subscriber information strings included within packets. In particular, the network device comprises an interface controller and a forwarding controller, where the forwarding controller receives the packet over an Ethernet port and forwards the received packet to the interface controller. The packet includes both Ethernet tagging information and a subscriber information string. The interface controller comprises an Ethernet module that dynamically builds a primary virtual local area network (VLAN) sub-interface (PVS) based on the Ethernet tagging information. The Ethernet module also dynamically builds a subscriber VLAN sub-interface (SVS) based on the subscriber information string. The SVS allows the network device to distinguish between subscribers residing on the same VLAN, and, therefore, to provide subscriber specific services.

Abstract: A communications system includes a base station and mobile terminals. Voice data are transmitted within data packets in asynchronous transmission. The base station has an air interface for implementing first partial connections to the mobile terminals and a network interface to a communication network via which second partial connections to further terminals can be implemented. The base station also contains a router for allocating data packets which arrive in existing first or second partial connections to second or first partial connections. The allocation is done in dependence on an address information item which specifies a terminal in the sense of a transmission destination and is in each case contained in the individual data packets. The mobile terminals also contain in each case a voice compression device and/or a voice decompression device.

Abstract: A network layer device controls provision of data link layer functionality by a data link layer device to provide a requested multimedia service to a subscriber. For example, the network layer device may control the performance of multicast elaboration by the data link layer device, or the queuing and forwarding of packets by the data link layer device to facilitate transmission of packets according to a Quality of Service class. The network layer device may send control messages to the data link layer device to dynamically configure a control object stored by the data link layer device, such as multicast filter information or a Quality of Service profile. The network layer device may be a service edge router, and the data link layer device may be a customer premises equipment device, e.g., a modem or wireless access point, or a switch, e.g., a digital subscriber line access multiplier.

Abstract: A communications system includes a base station and mobile terminals. Voice data are transmitted within data packets in asynchronous transmission. The base station has an air interface for implementing first partial connections to the mobile terminals and a network interface to a communication network via which second partial connections to further terminals can be implemented. The base station also contains a router for allocating data packets which arrive in existing first or second partial connections to second or first partial connections. The allocation is done in dependence on an address information item which specifies a terminal in the sense of a transmission destination and is in each case contained in the individual data packets. The mobile terminals also contain in each case a voice compression device and/or a voice decompression device.