A technique for periodically updating entries in a look-up table for directing data packets through a multi-port bridge in a local area network. For packets received during a first period, the number of the port receiving the packet is stored with the address of the node which generated the packet in a first memory and in a second memory. During the first period, the first memory is utilized for directing packets through the multi-port bridge. At the end of the first period, a third memory is cleared. For packets received during a second period, the number of the port receiving the packet is stored with the address of the node which generated the packet in the second memory and in the third memory. During the second period, the second memory is utilized for directing packets through the multi-port bridge. At the end of the second period, the first memory is cleared. For packets received during a third period, the number of the port receiving the packet is stored with the address of the node which generated the packet in the first memory and in the third memory. During the third period, the third memory is utilized for directing packets through the multi-port bridge. At the end of the third period, the second memory is cleared. This sequence is repeated such that no entry more than two periods old is utilized for directing a packet through the multi-port bridge, however, the age of each entry is not tracked.
This is a continuation-in-part of U.S. patent application Ser. No. 08/590,125, now U.S. Pat. No. 5,764,895, filed on Jan. 23, 1996, and a continuation-in-part of U.S. patent application Ser. No. 08/371,499, filed on Jan. 11, 1995. The contents of U.S. patent application Ser. No. 08/590,125 and the contents of U.S. patent application Ser. No. 08/371,499, now U.S. Pat. No. 5,857,075, are hereby incorporated by reference. This application claims the benefit of U.S. Provisional Application Ser. No. 60/059,171, filed Sep. 17, 1997, entitled, "MULTI-PORT BRIDGE FOR A LOCAL AREA NETWORK."
A method and apparatus for performing a lookup in a switching device of a packet switched network where the lookup includes a plurality of distinct operations each of which returns a result that includes a pointer to a next operation in a sequence of operations for the lookup. The method includes determining a first lookup operation to be executed, executing the first lookup operation including returning a result and determining if the result includes a pointer to another lookup operation in the sequence of operations. If the result includes a pointer to another lookup operation, the lookup operation indicated by the result is executed. Else, the lookup is terminated.
An Ethernet ADSL adapter controls data communication between an Ethernet port and an ADSL modem connected to an ADSL channel. The adapter includes a first buffer for storing data packets received at the Ethernet port, a second buffer for storing data packets received from the ADSL modem and a controller. When the first buffer contains a first predetermined number of data packets and data packets are not available for transmission to the Ethernet port, a jamming signal is transmitted from the Ethernet port. The jamming signal inhibits transmission of additional data packets to the Ethernet port by other Ethernet nodes until space is available in the first buffer. When the second buffer contains a second predetermined number of data packets, a pause signal is transmitted to the ADSL modem. The pause signal inhibits further transmission of data packets to the ADSL modem on the ADSL channel until space is available in the second+ buffer. When a pause signal is received from the ADSL modem, transmission of data packets to the ADSL modem is inhibited.
A network device including at least one network port, a clock, address resolution logic (ARL) tables, and address resolution logic. The clock generates a timing signal. The ARL tables are configured to store and maintain data related to port addresses of the network device. The address resolution logic is coupled to the ARL tables and the clock, and configured to search the ARL tables and to perform learning concurrently during alternating slots of the timing signal. Upon receiving a data packet at the at least one port, the address resolution logic is configured to search the ARL tables for a destination address based on the data packet. When the destination address is found, the address resolution logic is configured to update a related record of the ARL tables based on the learning, the address resolution logic configured to perform searches and updates.
Circuitry that includes blocks of memory can be used to emulate a content addressable memory ("CAM"). The CAM data is stored in enough blocks of memory so that all of that data can be gradually read out in the time allowed for completion of a CAM search. As the data is read out, it is compared to CAM search data. If and when a match is found, a CAM address associated with the CAM data found to match the search data is generated. Alternatively or in addition, a simple "match" signal may be generated. If desired, the contents of the emulated CAM may be changed. To do this, circuitry is provided for converting the CAM address of the new data to an appropriate physical address (in the above-mentioned memory blocks) for that data.
The present invention discloses a method for securely adding a new end station to a local area network (LAN) segmented into a number of virtual local area networks (VLANs). The invention is applicable to various types of LANs such as Ethernet and token ring. The LAN comprises an authentication server (AS) which interacts with each new end station before connection to a VLAN is allowed. The method involves the AS administering a test to the new end station, which may involve prompting the new end station for a password or asking it to encrypt a given number using a secret algorithm known only to the new end station and to the AS. The AS examines the results of this test and determines whether the new end station is permitted to join the VLAN. For added security, the new end station can verify authenticity of the AS by administering a test of its own, which may consist of prompting the AS for a password of its own or asking it to encrypt a new number, the new end station subsequently determining whether the AS is indeed genuine before beginning to transmit any further information. In this way, an end station cannot join a VLAN without authentication by the AS and a legitimate end station can verify whether the test it is asked to pass comes from a legitimate source, thereby avoiding network security breaches.
