Abstract: A method is disclosed for authenticating multiple network elements that access a network through a single network switch port. Certain authentication protocols, such as EAPoE, leave a port of a network switch indefinitely opened when one particular host is authenticated and authorized to transmit network frames through the port. In one embodiment of the invention, a network frame from a second host that is received by the open port is not automatically transmitted to the network. Instead, techniques are employed locally by the network switch to grant or deny transmission of the network frame received from the second host. An authentication server is contacted only when the network switch cannot locally employ techniques to authorize the transmission of the network frame received from the second host.

Abstract: A method is disclosed for authenticating multiple network elements that access a network through a single network switch port. Certain authentication protocols, such as EAPoE, leave a port of a network switch indefinitely opened when one particular host is authenticated and authorized to transmit network frames through the port. In one embodiment of the invention, a network frame from a second host that is received by the open port is not automatically transmitted to the network. Instead, techniques are employed locally by the network switch to grant or deny transmission of the network frame received from the second host. An authentication server is contacted only when the network switch cannot locally employ techniques to authorize the transmission of the network frame received from the second host.

Abstract: A method and apparatus is provided for retrieving and storing quality of service policy management information using a directory service in a manner that enforces read/write consistency and enables read/write concurrency. A directory information tree manager is created and stored in the directory service. One or more directory information trees are created in the directory service in association with the directory information tree manager. Each directory information tree is associated with a sub-tree that represents quality of service policy information, and each directory information tree has a validity period value. When a process needs quality of service policy management information, the system determines which of the directory information trees is a currently active directory information tree. The QoS information is retrieved from the currently active directory information tree only during a time period within the validity period value thereof.

Abstract: A method and apparatus for storing policies for use in policy-based management of quality of service treatments of network data traffic flows are described. The policies are stored in the form of policy statements. Each policy statement applies to a specific application that runs in the network. Policy statements are stored in a Repository, which may be a Directory Server or an X.500 directory. A policy server may create and store policies in the Repository based on information about the application, the network devices, and the quality of service treatments that the network devices can apply to a traffic flow. An application program and the policy server network device can retrieve the policy information from the Repository using appropriate function calls or an access protocol such as LDAP.

Abstract: A method and apparatus for storing policies for use in policy-based management of quality of service treatments of network data traffic flows are described. The policies are stored in the form of policy statements. Each policy statement applies to a specific application that runs in the network. Each policy statement includes a condition and a network service to be applied to all traffic matching the condition. Each condition comprises one or more basic condition components connected by operators. Each basic condition comprises a basic policy parameter identifier, an operator and an operand. Policy statements are stored in a Repository, which may be a Directory Server or an X.500 directory. A policy server may create and store policies in the Repository based on information about the application, the network devices, and the quality of service treatments that the network devices can apply to a traffic flow.