US 12,192,057 B2
Software defined access fabric without subnet restriction to a virtual network
Sanjay Kumar Hooda, Pleasanton, CA (US); Muninder Singh Sambi, Fremont, CA (US); Victor Moreno, Carlsbad, CA (US); Prakash C. Jain, Fremont, CA (US); Tarunesh Ahuja, Fremont, CA (US); and Satish Kondalam, Milpitas, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on May 29, 2024, as Appl. No. 18/677,720.
Application 18/677,720 is a continuation of application No. 18/360,451, filed on Jul. 27, 2023.
Application 18/360,451 is a continuation of application No. 18/304,890, filed on Apr. 21, 2023, granted, now 12,021,699.
Application 18/304,890 is a continuation of application No. 17/377,378, filed on Jul. 16, 2021, granted, now 11,658,876, issued on May 23, 2023.
Application 17/377,378 is a continuation of application No. 16/368,624, filed on Mar. 28, 2019, granted, now 11,102,074, issued on Aug. 24, 2021.
Claims priority of provisional application 62/791,212, filed on Jan. 11, 2019.
Prior Publication US 2024/0314036 A1, Sep. 19, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 41/0893 (2022.01); G06F 9/455 (2018.01); H04L 12/46 (2006.01)
CPC H04L 41/0893 (2013.01) [G06F 9/45558 (2013.01); H04L 12/4633 (2013.01); H04L 12/4641 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45595 (2013.01)] 21 Claims
OG exemplary drawing
 
1. A method comprising:
discovering that a plurality of endpoint hosts have joined an enterprise network, wherein the plurality of endpoint hosts comprise at least a first endpoint host and a second endpoint host;
wherein each of the first endpoint host and the second endpoint host are assigned a corresponding address within the enterprise network, and the first and second endpoint hosts are endpoints in the enterprise network;
after discovering the first endpoint host, assigning to the first endpoint host a first role from a plurality of roles within the enterprise network;
after discovering the second endpoint host, assigning to the second endpoint host a second role from the plurality of roles;
accessing a policy configuration defining allowable communications between endpoint hosts based on their respective roles,
wherein the allowable communications are defined as being only between hosts having different roles within the enterprise network;
generating instructions based on the policy; and
providing the instructions to one or more switches causing the one or more switches to permit or deny communication of data packets between the first and second endpoint hosts based on the first role and the second role.