The invention relates generally to exchanging data over a local area network and more specifically to secure port access to a device on a local area network.
Local Area Networks (LANs) are commonly used to interconnect computers or other devices. One computer may transmit a packet of data to another computer over the network. The packet includes a source address field, a destination address field, a data field, and other fields. The destination address field is used to route the packet to the appropriate destination.
A LAN may grow to include a large number of devices and to reach a large physical area. For example, a large number of personal computers may be interconnected over a LAN. The personal computers may be spread across a number of locations. Network devices such as routers, hubs, switches, bridges, repeaters and others may be used to divide network traffic and boost network signals. For example, a network switch may be used to divide a network into sub-networks. As a packet may not need to be transmitted to every sub-network, the switch routes the packet to the appropriate sub-network (i.e. the sub-network having a device address which matches the packet""s destination address). In this way, a switch is able to reduce traffic within a sub-network.
In order to route the packets, the switch must monitor which devices are connected to the sub-network. This allows the switch to route a packet to the proper sub-network. During operation of a LAN, devices may be added or removed. The switch must monitor this activity so that it is able to properly route packets.
A switch maintains a list of active devices in a memory. As devices are added to the LAN they are added to the list of active devices in the switch""s memory. Eventually, the number of devices that have been added to the LAN may exceed the memory capacity of the switch. In some implementations, a switch simply stops learning new addresses after its memory is full. This provides a simple solution to the problem of limited memory, however, the devices stored in memory may no longer be in use. Thus, the switch will not allow for the connection of additional devices even though many of the devices in its memory are no longer in use.
In other implementations, a switch overwrites old addresses when its memory is full. Typically, a switch will attempt to overwrite the oldest entry. To this end, the switch will monitor the entries so that it can identify the oldest. This monitoring can require a significant amount of resources. For example, the switch can monitor the age of an entry using one or more counters. However, the use of such counters adds to the cost and complexity of the device.
In one preferred embodiment of the invention, a network device receives a plurality of new source addresses through a first port. The network device writes the plurality of new source addresses to a memory. The network device sequentially accesses memory locations within the memory, where at least one of the memory locations is associated with the first port. The network device determines whether a first pointer associated with the first port contains a valid address. Finally, the network device updates the first pointer to select one of the at least one memory locations associated with the first port.
In another preferred embodiment of the invention, a network device provides a plurality of memory locations for storing source address information. The network device cycles through the plurality of memory locations. The network device determines a port identifier for a current memory location. The network device determines when a port associated with the port identifier has an invalid pointer. Finally, the network device updates the invalid pointer with the current memory location.
According to another preferred embodiment of the invention, a network device includes a plurality of ports configured to receive data through a network, where the data includes source address information. The network device also includes a memory operationally coupled with the plurality of ports and having a plurality of memory locations configured to save the source address information. The network device further includes a plurality of pointers each associated with a respective one of the plurality of ports and configured to identify one of the plurality of memory locations. Finally, the network device includes a counter operationally coupled with the memory and configured to identify one of the plurality of memory locations.