Abstract: Methods for provisioning and managing Internet-of-Things (IoT) devices over a network using device based tunneled nodes are provided. In one aspect, a method includes receiving, by a first network device in a network, data originated from an Internet-of-Things (IoT) device; identifying a device type of the IoT device by analyzing data packets of the received data; obtaining, by the first network device, a device profile for the IoT device, wherein the device profile is used for provisioning the IoT device to access the network; and provisioning the IoT device using the device profile, wherein the provisioning includes at least one of (1) identifying a tunneling attribute in the device profile; and (2) identifying a constrained application protocol (CoAP) parameter in the device profile, wherein the CoAP parameter is used to zero touch provision one or more device attributes of the IoT device. Systems and machine-readable media are also provided.

Abstract: Methods for provisioning and managing Internet-of-Things (IoT) devices over a network using device based tunneled nodes are provided. In one aspect, a method includes receiving, by a first network device in a network, data originated from an Internet-of-Things (IoT) device; identifying a device type of the IoT device by analyzing data packets of the received data; obtaining, by the first network device, a device profile for the IoT device, wherein the device profile is used for provisioning the IoT device to access the network; and provisioning the IoT device using the device profile, wherein the provisioning includes at least one of (1) identifying a tunneling attribute in the device profile; and (2) identifying a constrained application protocol (CoAP) parameter in the device profile, wherein the CoAP parameter is used to zero touch provision one or more device attributes of the IoT device. Systems and machine-readable media are also provided.

Abstract: Examples disclosed herein relate to configuring a connectivity association key and a connectivity association name in a MACsec capable device. In an example, a first MACsec device may receive a MAC address and a device identifier of a second MACsec capable device. First MACsec capable device may authenticate the second MACsec capable device based on the device identifier. First MACsec capable device may generate a CAK, a CKN, and a nonce. The CAK, the CKN, and the nonce may be encrypted using a public key of the second MACsec capable device to generate an encrypted packet. The encrypted packet may be sent to the second MACsec capable device. The first MACsec capable device may receive a decrypted nonce from the second MACsec capable device. In response to a determination that the decrypted nonce matches with the nonce, CAK and CKN may be configured on first MACsec capable device.

Abstract: Methods for provisioning and managing Internet-of-Things (IoT) devices over a network using device based tunneled nodes are provided. In one aspect, a method includes receiving, by a first network device in a network, data originated from an Internet-of-Things (IoT) device; identifying a device type of the IoT device by analyzing data packets of the received data; obtaining, by the first network device, a device profile for the IoT device, wherein the device profile is used for provisioning the IoT device to access the network; and provisioning the IoT device using the device profile, wherein the provisioning includes at least one of (1) identifying a tunneling attribute in the device profile; and (2) identifying a constrained application protocol (CoAP) parameter in the device profile, wherein the CoAP parameter is used to zero touch provision one or more device attributes of the IoT device. Systems and machine-readable media are also provided.

Abstract: Examples disclosed herein relate to configuring a connectivity association key and a connectivity association name in a MACsec capable device. In an example, a first MACsec device may receive a MAC address and a device identifier of a second MACsec capable device. First MACsec capable device may authenticate the second MACsec capable device based on the device identifier. First MACsec capable device may generate a CAK, a CKN, and a nonce. The CAK, the CKN, and the nonce may be encrypted using a public key of the second MACsec capable device to generate an encrypted packet. The encrypted packet may be sent to the second MACsec capable device. The first MACsec capable device may receive a decrypted nonce from the second MACsec capable device. In response to a determination that the decrypted nonce matches with the nonce, CAK and CKN may be configured on first MACsec capable device.