Abstract: A system for collaborative deep packet inspection in a network uses a coarse grain mechanism to perform deep packet inspection on sample packets sampled from a plurality of traffic flows received at a network device using a plurality of signatures and develop a profile of the network and a fine grain mechanism to perform real-time inspection of a traffic flow against a small set of the signatures that is updated based on the profile. The fine grain mechanism further enables at least one policy action to be applied to a traffic flow when the traffic flow matches one of the signatures in the set of signatures.

Abstract: A method comprises an operation for facilitating authentication of a client device attempting to connect to a port of a network element. Facilitating authentication includes determining whether the client device is configured for being authenticated using a first authentication mechanism and, in response to determining that the client device is not configured for being authenticated using the first authentication mechanism, determining whether the client device is configured for being authenticated using at least one other authentication mechanism.

Abstract: Example embodiments are directed to methods of configuring a virtual private local area network service for an enterprise. At least one method includes assigning a virtual private local area network instance to a first node within a network. A first node attempts to establish a label distribution protocol session between the first node and at least one other node within the network based on an interior gateway protocol map. The interior gateway protocol map identifies the at least one other node and nodes connected to the at least one other node. The virtual private local area network service is established based on the label distribution protocol sessions that are established.

Abstract: Customer virtual local area networks (C-VLANs) connecting multiple LAN segments are set up through a provider network (12). Provider edge bridges (PEs) are coupled to customer edge bridges (CEs) to provide a transparent link between LAN segments. To determine whether a backdoor link is used in the C-VLAN topology, PEs monitor MAC address from a predetermined time after a TCN is received to determine if there are contradictory addresses or new addresses relative to the existing MAC address tables (or forwarding databases) that are indicative of a backdoor link. If so, an unlearning message is sent to bridges in the provider domain. In another embodiment, CEs set a snoop bit to indicate which TCNs must be snooped.

Abstract: A method comprises an operation for facilitating authentication of a client device attempting to connect to a port of a network element. Facilitating authentication includes determining whether the client device is configured for being authenticated using a first authentication mechanism and, in response to determining that the client device is not configured for being authenticated using the first authentication mechanism, determining whether the client device is configured for being authenticated using at least one other authentication mechanism.

Abstract: Example embodiments are directed to methods of configuring a virtual private local area network service for an enterprise. At least one method includes assigning a virtual private local area network instance to a first node within a network. A first node attempts to establish a label distribution protocol session between the first node and at least one other node within the network based on an interior gateway protocol map. The interior gateway protocol map identifies the at least one other node and nodes connected to the at least one other node. The virtual private local area network service is established based on the label distribution protocol sessions that are established.

Abstract: An exemplary method directs client devices client devices in a computing network to a remediation node. A subset of the client devices to receives remediation services is identified with a single common label. Upon determining that one of the client devices originating a communication request packet is identified by the single common label, processing the communication request packet by routing the communication request packet to a redirection server, and transmitting from the redirection server to the one client device a hypertext transfer protocol (HTTP) command specifying that the one client device redirect communications to the remediation node so that remediation services can be supplied to the one client device via the remediation node.

Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network.

Abstract: The invention integrates a plurality of separate stack switches into a unified system of switches under a common configuration and management architecture. The switches, preferably stack switches, may be distributed throughout a local area network (LAN) and need not be co-located. One preferred embodiment supports fail-safe operations to minimize the disruption caused when a stack switch becomes inoperative. In another preferred embodiment, the stack switches are enabled with a system-wide address table and quality of service mapping matrix with which each switch can effectively provision system bandwidth.

Abstract: Customer virtual local area networks (C-VLANs) connecting multiple LAN segments are set up through a provider network (12). Provider edge bridges (PEs) are coupled to customer edge bridges (CEs) to provide a transparent link between LAN segments. To determine whether a backdoor link is used in the C-VLAN topology, PEs monitor MAC address from a predetermined time after a TCN is received to determine if there are contradictory addresses or new addresses relative to the existing MAC address tables (or forwarding databases) that are indicative of a backdoor link. If so, an unlearning message is sent to bridges in the provider domain. In another embodiment, CEs set a snoop bit to indicate which TCNs must be snooped.

Abstract: A switching node configuring different traffic management protocols via a single centralized set of policies. The switching node includes a central policy repository, a central policy engine, and a central management engine. The central policy repository stores a single set of policies used to manage a plurality of different traffic management protocols in a consistent and predictable manner. The different traffic management protocols may include QoS, NAT, ACL, and the like. The central policy engine evaluates inbound traffic flows based on the policies in the central policy repository, and configures one or more traffic management protocol entities based on a selected policy. The management engine configures and manages the single set of policies via a common set of commands helping to eliminate the danger of creating conflicting policies that may lead to unpredictable results.

Abstract: VLAN Advertisement Protocol (VAP) is provided to a communication network as an inter-switch VLAN communication protocol. VAP is used to synchronize the VLAN membership databases stored on a switch to be synchronized with other switches in the network. VAP also provides a mechanism for automatically discovering other network nodes.