Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed Action
This office action is responsive to communication filed on 11/12/2020. Claims 1-5, 10-19, 24-28 and 57-58 have been examined. Claims 6-9, 20-23, and 29-56 were cancelled.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.

Ascertaining the differences between the prior art and the claims at issue.

Resolving the level of ordinary skill in the pertinent art.

Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 5, 10-12, 14-15, 19, 24-26 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Gourlay et al. (US20140280846A1) hereinafter Gourlay-A in view of Gourlay et al. (US7516211B1) hereinafter Gourlay-B.

As per Claim 1. A method for automatically configuring a network port at a first network device with isolation parameters, the method comprising: (Gourlay-A, par0027 teaches a method and apparatus of a device that determines a network policy for an attached device based on one or more configuration characteristics of the attached device is described. In one embodiment, a network element discovers a device attached to the network element. The network element discovers one or more characteristics of this attached device…. Using these discovered device configuration characteristics, the network element creates a device configuration signature for the attached device. With the device configuration signature, the network element determines a network policy for the port that the device is attached to. The network element uses this policy to process network data communicated with the attached device through the port).
receiving, at the network port of the first network device from a second network device, a network access message, wherein the network access message comprises network access parameters to be used when the second network device communicates with the first network device; (Gourlay-A, par0036 teaches in one embodiment, the network element 104 discovers the characteristics of the device 106A-B prior to forwarding network data between the device 106A-B and the network 108. In one embodiment, after the device detection occurs, the network element 104 puts the port into a learning mode, where the network element 104 learns the configuration characteristics of the device 106A-B. In this learning mode, the port does not communicate network data with the device 106A-B, except for network data used to further configure the device).
determining, at the first network device, a network isolation parameter based on the retrieved mapping, wherein the network isolation parameter is to be used for a plurality of network packets received at the first network device from the second network device; (Gourlay-A, par0037 teaches once the network element 104 discovers the configuration characteristics of the device 106A-B, the network element 104 determines a configuration signature for the device 106A-B and retrieves a network policy for the device 106A-B based on the configuration signature. In one embodiment, the network 104 determines the network policy matching the configuration signature of the device 106A-B by finding a matching configuration signature in a policy database on a controller 102. In one embodiment, the controller 102 is a server or other type of device that includes a database of named policies. One or more of the named policies can be used for the network policy. The network element 104 applies this policy to the attached port. With this network policy in place, the network element 104 applies the network policy to network data being forwarded through this port. In one embodiment, after the network element applies the network policy to the port, the network element puts the port into a forwarding state, where the port communicates network data with the device using the applied network policy. In one embodiment, the controller 102 is not a separate device, and the functionality of the controller is hosted on the network element 104).
including a first identifier, retrieving, at the first network device, a mapping of the received first identifier to a second identifier; retrieved mapping, (Gourlay-A, par0037 teaches In one embodiment, the network 104 determines the network policy matching the configuration signature [first identifier] of the device 106A-B by finding a matching configuration signature [second identifier] in a policy database on a controller 102. In one embodiment, the controller 102 is a server or other type of device that includes a database of named policies. One or more of the named policies can be used for the network policy. The network element 104 applies [retrieved mapping] this policy to the attached port. With this network policy in place, the network element 104 applies the network policy to network data being forwarded through this port).
to isolate traffic that does not contain the first identifier (Gourlay-A, par0056 teaches at block 308, process 300 determines if a network policy match was found. If no network policy match was found, process 300 takes alternative action at block 310 (e.g., raise an alert or error, do not communicate network data, brings the link down, put the device into a quarantine (e.g., put the device into a private VLAN), assign a default set of policies, block the device by disabling the device, apply a redirecting policy so that the network data from the device goes to a security appliance or is mapped to a specific instance of a virtual routing and forwarding (VRF) table, etc.)
         Gourlay-A does not explicitly discloses determining, at the first network device whether the network port of the first network device is configured with the network isolation parameter; and in response to determining that the network port of the first network device is not configured with the network isolation parameter, the first network device automatically configuring the network port of the first network device with the network isolation parameter.
(Gourlay-B, col2 ln 42-61 teaches according to one embodiment, the processor monitors initial communications with the remote device based on a particular communications protocol. For example, the remote device generates one or more messages to the data communication device of this embodiment after it is connected via a network cable (or wireless link) to a port of the data communication device. The data communication device monitors the initial communications with the remote device without participating in the protocol. For example, the data communication device does not specifically send a message to the remote device requesting how to configure the port. Instead, the data communication device monitors the initial (or subsequent) communications to identify attributes of the remote device. In response to detecting an attribute of the remote device[determining, at the first network device whether the network port of the first network device is configured with the network isolation parameter], the processor automatically sets (by selecting an appropriate configuration profile) a corresponding port of the communication device for future communication with the remote device through the communication port [the first network device automatically configuring the network port of the first network device with the network isolation parameter]. In this way, the data communication device can automatically configure its own communication ports with reduced manual human intervention. The automatic configuration can be achieved by snooping one or more protocols that take place when coupling the remote device to the communication port via a network cable or wireless link.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of determining, at the first network device whether the network port of the first network device is configured with the network isolation parameter; and in response to determining that the network port of the first network device is not configured with the network isolation parameter, the first network device automatically configuring the network port of the first network device with the network isolation parameter, as taught by Gourlay-B in the method of Gourlay-A, so computerized devices typically include configurable state information within the device that controls an aspect of operation, see Gourlay-B col1 ln 6-11.

As per claim 5. Gourlay-A and Gourlay-B disclose the method of claim 1.
          Gourlay-A further discloses comprising determining the network isolation parameter based on the network access parameters comprises: retrieving a set of rules for mapping a plurality of the network access parameters to a plurality of network isolation parameters; and (Gourlay-A, par0050 teaches the policy application language (PAL) is a collection of matching criterion that is used against a port signature to determine which policies [enforcement rules] to apply.  In this embodiment, the PAL is the set of rules that determine which ACLs [traffic access control list rules], QoS, etc. to apply against a given interface [port of the network device].  This way, the policy database 214 can distribute policies as port profiles or global named instances of a policy.  In addition, the policy database 214 can also distribute PAL.  For example and in one embodiment, in a situation where a central controller or management station is disconnected, each switch will has enough information to correctly identify and bind policy to a new host).
running the set of rules against the network access parameters to obtain the network isolation parameter from the plurality of network isolation parameters.   (Gourlay-A, par0039 teaches the network policy element can be an ACL that can rewrite and/or remark the network data, and/or allow and/or disallow forwarding of network data with certain characteristics (e.g., source destination IP or MAC address, VLAN tag, and/or any other data that is in the network data header or payload). Furthermore, the network policy element can be a VLAN or VXLAN policy. In one embodiment, the VLAN policy is a policy that tags packets of the network data with a VLAN tag upon either entering or exiting the port, or allows/disallows network data forwarding based on a VLAN tag. A VXLAN policy is a policy that encapsulates or de-encapsulates the packets of the network data for a particular VXLAN identifier).

As per claim 10. Gourlay-A and Gourlay-B disclose the method of claim 5.
          Gourlay-A further discloses comprising applying one or more enforcement rules to the network port of the first network device. (Gourlay-A, par0050 teaches the policy application language (PAL) is a collection of matching criterion that is used against a port signature to determine which policies [enforcement rules] to apply.  In this embodiment, the PAL is the set of rules that determine which ACLs, QoS, etc. to apply against a given interface [port of the network device].  This way, the policy database 214 can distribute policies as port profiles or global named instances of a policy.  In addition, the policy database 214 can also distribute PAL.  For example and in one embodiment, in a situation where a central controller or management station is disconnected, each switch will has enough information to correctly identify and bind policy to a new host).

As per claim 11. Gourlay-A and Gourlay-B disclose the method of claim 10.
          Gourlay-A further discloses wherein the one or more enforcement rules comprise traffic access control list rules.  (Gourlay-A, par0050 teaches the policy application language (PAL) is a collection of matching criterion that is used against a port signature to determine which policies [enforcement rules] to apply.  In this embodiment, the PAL is the set of rules that determine which ACLs [traffic access control list rules], QoS, etc. to apply against a given interface [port of the network device].  This way, the policy database 214 can distribute policies as port profiles or global named instances of a policy.  In addition, the policy database 214 can also distribute PAL.  For example and in one embodiment, in a situation where a central controller or management station is disconnected, each switch will has enough information to correctly identify and bind policy to a new host).

As per claim 12. Gourlay-A and Gourlay-B disclose the method of claim 11.
          Gourlay-A further discloses wherein the traffic access control list rules are based on one or more parameters selected from the group consisting of internet protocol (Gourlay-A, par0039 teaches the network policy element can be an ACL that can rewrite and/or remark the network data, and/or allow and/or disallow forwarding of network data with certain characteristics (e.g., source destination IP or MAC address, VLAN tag, and/or any other data that is in the network data header or payload). Furthermore, the network policy element can be a VLAN or VXLAN policy. In one embodiment, the VLAN policy is a policy that tags packets of the network data with a VLAN tag upon either entering or exiting the port, or allows/disallows network data forwarding based on a VLAN tag. A VXLAN policy is a policy that encapsulates or de-encapsulates the packets of the network data for a particular VXLAN identifier).

As per claim 14. Gourlay-A and Gourlay-B disclose the method of claim 1.
          Gourlay-A further discloses comprising: receiving, from the second network device, a second network access message indicating that network isolation for network traffic originating from a plurality of network access devices associated with the network isolation parameter is not needed on the network port of the first network device; (Gourlay-A, par0051 teaches With a match for the device configuration signature of device 206, the network policy engine 212 retrieves a corresponding network policy from the policy database 214. The network policy engine 212 applies the corresponding network policy to the port 208, so that this corresponding network policy becomes the network policy 210. The network element 204 uses this network policy to process network data communicated through the port 208).
Gourlay-A, par0048 teaches With the device configuration signature of device 206, the network policy engine 212 finds a matching network policy for the port 208. In one embodiment, the network policy engine 212 finds a matching network policy from a policy database 214 on the controller 202.).
          Gourlay-A does not explicitly discloses removing, in response to determining that the network port of the first network device is configured with the network isolation parameter, configuration associated with the network isolation parameter from the network port of the first network device.
           Gourlay-B however teaches removing, in response to determining that the network port of the first network device is configured with the network isolation parameter, configuration associated with the network isolation parameter from the network port of the first network device.  (Gourlay-B, col2 ln 42-61 teaches according to one embodiment, the processor monitors initial communications with the remote device based on a particular communications protocol. For example, the remote device generates one or more messages to the data communication device of this embodiment after it is connected via a network cable (or wireless link) to a port of the data communication device. The data communication device monitors the initial communications with the remote device without participating in the protocol. For example, the data communication device does not specifically send a message to the remote device requesting how to configure the port. Instead, the data communication device monitors the initial (or subsequent) communications to identify attributes of the remote device. In response to detecting an attribute of the remote device[determining that the network port of the first network device is configured with the network isolation parameter], the processor automatically sets (by selecting an appropriate configuration profile) a corresponding port of the communication device for future communication with the remote device through the communication port [configuration associated with the network isolation parameter from the network port of the first network device]. In this way, the data communication device can automatically configure its own communication ports with reduced manual human intervention. The automatic configuration can be achieved by snooping one or more protocols that take place when coupling the remote device to the communication port via a network cable or wireless link.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of removing, in response to determining that the network port of the first network device is configured with the network isolation parameter, configuration associated with the network isolation parameter from the network port of the first network device, as taught by Gourlay-B in the method of Gourlay-A, so computerized devices typically include configurable state information within the device that controls an aspect of operation, see Gourlay-B col1 ln 6-11.

As per claim 15. A system for automatically configuring a network port at a first network device with isolation parameters, the system comprising: a network isolation engine configured to provide a network isolation parameter based on network access parameters, wherein the network isolation parameter is to be used for a plurality of network packets received at the first network device from a second network device; and Gourlay-A, par0027 teaches A method and apparatus of a device that determines a network policy for an attached device based on one or more configuration characteristics of the attached device is described. In one embodiment, a network element discovers a device attached to the network element. The network element discovers one or more characteristics of this attached device…. Using these discovered device configuration characteristics, the network element creates a device configuration signature for the attached device. With the device configuration signature, the network element determines a network policy for the port that the device is attached to. The network element uses this policy to process network data communicated with the attached device through the port).
receive, on the network port the first network device, a network access message from a second network device, wherein the network access message comprises the network access parameters to be used when the second network device communicates with the first network device; (Gourlay-A, par0036 teaches In one embodiment, the network element 104 discovers the characteristics of the device 106A-B prior to forwarding network data between the device 106A-B and the network 108. In one embodiment, after the device detection occurs, the network element 104 puts the port into a learning mode, where the network element 104 learns the configuration characteristics of the device 106A-B. In this learning mode, the port does not communicate network data with the device 106A-B, except for network data used to further configure the device).
obtain the network isolation parameter from the network isolation engine by communicating the first identifier to the network isolation engine; (Gourlay-A, par0037 teaches once the network element 104 discovers the configuration characteristics of the device 106A-B, the network element 104 determines a configuration signature for the device 106A-B and retrieves a network policy for the device 106A-B based on the configuration signature. In one embodiment, the network 104 determines the network policy matching the configuration signature of the device 106A-B by finding a matching configuration signature in a policy database on a controller 102. In one embodiment, the controller 102 is a server or other type of device that includes a database of named policies. One or more of the named policies can be used for the network policy. The network element 104 applies this policy to the attached port. With this network policy in place, the network element 104 applies the network policy to network data being forwarded through this port. In one embodiment, after the network element applies the network policy to the port, the network element puts the port into a forwarding state, where the port communicates network data with the device using the applied network policy. In one embodiment, the controller 102 is not a separate device, and the functionality of the controller is hosted on the network element 104).
 including a first identifier, retrieve, at the first network device, a mapping of the received first identifier to a second identifier; (Gourlay-A, par0037 teaches In one embodiment, the network 104 determines the network policy matching the configuration signature [first identifier] of the device 106A-B by finding a matching configuration signature [second identifier] in a policy database on a controller 102. In one embodiment, the controller 102 is a server or other type of device that includes a database of named policies. One or more of the named policies can be used for the network policy. The network element 104 applies [retrieved mapping] this policy to the attached port. With this network policy in place, the network element 104 applies the network policy to network data being forwarded through this port).
to isolate traffic that does not contain the first identifier (Gourlay-A, par0056 teaches at block 308, process 300 determines if a network policy match was found. If no network policy match was found, process 300 takes alternative action at block 310 (e.g., raise an alert or error, do not communicate network data, brings the link down, put the device into a quarantine (e.g., put the device into a private VLAN), assign a default set of policies, block the device by disabling the device, apply a redirecting policy so that the network data from the device goes to a security appliance or is mapped to a specific instance of a virtual routing and forwarding (VRF) table, etc.)
         Gourlay-A does not explicitly discloses determine, at the first network device whether the network port is configured with the network isolation parameter; and in response to determining that the network port of the first network device is not configured with the network isolation parameter, the first network device automatically configures its network port with the network isolation parameter.
           Gourlay-B however teaches determine, at the first network device whether the network port is configured with the network isolation parameter; and in response to determining that the network port of the first network device is not configured with the network isolation parameter, the first network device automatically configures its network port with the network isolation parameter.  (Gourlay-B, col2 ln 42-61 teaches according to one embodiment, the processor monitors initial communications with the remote device based on a particular communications protocol. For example, the remote device generates one or more messages to the data communication device of this embodiment after it is connected via a network cable (or wireless link) to a port of the data communication device. The data communication device monitors the initial communications with the remote device without participating in the protocol. For example, the data communication device does not specifically send a message to the remote device requesting how to configure the port. Instead, the data communication device monitors the initial (or subsequent) communications to identify attributes of the remote device. In response to detecting an attribute of the remote device [determine, at the first network device whether the network port is configured with the network isolation parameter], the processor automatically sets (by selecting an appropriate configuration profile) a corresponding port of the communication device for future communication with the remote device through the communication port [the first network device automatically configures its network port with the network isolation parameter]. In this way, the data communication device can automatically configure its own communication ports with reduced manual human intervention. The automatic configuration can be achieved by snooping one or more protocols that take place when coupling the remote device to the communication port via a network cable or wireless link.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of determine, at the first network device whether the network port is configured with the network isolation parameter; and in response to determining that the network port of the first network device is not configured with the network isolation parameter, the first network device automatically configures its network port with the network isolation parameter, as taught by Gourlay-B in the system of Gourlay-A, so computerized devices 

As per claim 19. Gourlay-A and Gourlay-B disclose the system of claim 15.
          Gourlay-A further discloses further comprising the network isolation engine i-s configured to determine network isolation parameter based on the network access parameters by: retrieving a set of rules for mapping a plurality of the network access parameters to a plurality of network isolation parameters; (Gourlay-A, par0050 teaches the policy application language (PAL) is a collection of matching criterion that is used against a port signature to determine which policies to apply.  In this embodiment, the PAL is the set of rules that determine which ACLs, QoS, etc. to apply against a given interface.  This way, the policy database 214 can distribute policies as port profiles or global named instances of a policy.  In addition, the policy database 214 can also distribute PAL.  For example and in one embodiment, in a situation where a central controller or management station is disconnected, each switch will has enough information to correctly identify and bind policy to a new host).
and running the set of rules against the network access parameters to obtain the network isolation parameter from the plurality of network isolation parameters. (Gourlay-A, par0039 teaches the network policy element can be an ACL that can rewrite and/or remark the network data, and/or allow and/or disallow forwarding of network data with certain characteristics (e.g., source destination IP or MAC address, VLAN tag, and/or any other data that is in the network data header or payload). Furthermore, the network policy element can be a VLAN or VXLAN policy. In one embodiment, the VLAN policy is a policy that tags packets of the network data with a VLAN tag upon either entering or exiting the port, or allows/disallows network data forwarding based on a VLAN tag. A VXLAN policy is a policy that encapsulates or de-encapsulates the packets of the network data for a particular VXLAN identifier).

As per claim 24. Gourlay-A and Gourlay-B disclose the system of claim 19.
          Gourlay-A discloses further comprising applying one or more enforcement rules to the network port of the first network device. (Gourlay-A, par0050 teaches the policy application language (PAL) is a collection of matching criterion that is used against a port signature to determine which policies [enforcement rules] to apply.  In this embodiment, the PAL is the set of rules that determine which ACLs, QoS, etc. to apply against a given interface [port of the network device].  This way, the policy database 214 can distribute policies as port profiles or global named instances of a policy.  In addition, the policy database 214 can also distribute PAL.  For example and in one embodiment, in a situation where a central controller or management station is disconnected, each switch will has enough information to correctly identify and bind policy to a new host).

As per claim 25. Gourlay-A and Gourlay-B disclose the system of claim 24.
          Gourlay-A further discloses wherein the one or more enforcement rules comprise traffic access control list rules.  (Gourlay-A, par0050 teaches the policy application language (PAL) is a collection of matching criterion that is used against a port signature to determine which policies [enforcement rules] to apply.  In this embodiment, the PAL is the set of rules that determine which ACLs [traffic access control list rules], QoS, etc. to apply against a given interface [port of the network device].  This way, the policy database 214 can distribute policies as port profiles or global named instances of a policy.  In addition, the policy database 214 can also distribute PAL.  For example and in one embodiment, in a situation where a central controller or management station is disconnected, each switch will has enough information to correctly identify and bind policy to a new host).

As per claim 26. Gourlay-A and Gourlay-B disclose the system of claim 25.
          Gourlay-A further discloses wherein the traffic access control list rules are based on one or more parameters selected from the group consisting of internet protocol address, protocol identifier, protocol port identifier, physical port identifier, and virtual local area network identifier. (Gourlay-A, par0039 teaches the network policy element can be an ACL that can rewrite and/or remark the network data, and/or allow and/or disallow forwarding of network data with certain characteristics (e.g., source destination IP or MAC address, VLAN tag, and/or any other data that is in the network data header or payload). Furthermore, the network policy element can be a VLAN or VXLAN policy. In one embodiment, the VLAN policy is a policy that tags packets of the network data with a VLAN tag upon either entering or exiting the port, or allows/disallows network data forwarding based on a VLAN tag. A VXLAN policy is a policy that encapsulates or de-encapsulates the packets of the network data for a particular VXLAN identifier).

As per claim 28. Gourlay-A and Gourlay-B disclose the system of claim 15.
Gourlay-A, par0051 teaches with a match for the device configuration signature of device 206, the network policy engine 212 retrieves a corresponding network policy from the policy database 214. The network policy engine 212 applies the corresponding network policy to the port 208, so that this corresponding network policy becomes the network policy 210. The network element 204 uses this network policy to process network data communicated through the port 208).
 determine whether the network port of the first network device is configured with the network isolation parameter; (Gourlay-A, par0048 teaches with the device configuration signature of device 206, the network policy engine 212 finds a matching network policy for the port 208. In one embodiment, the network policy engine 212 finds a matching network policy from a policy database 214 on the controller 202).
          Gourlay-A does not explicitly discloses remove, in response to determining that the network port of the first network device is configured with the network isolation parameter, configuration associated with the network isolation parameter from the network port of the first network device.
           Gourlay-B however teaches remove, in response to determining that the network port of the first network device is configured with the network isolation parameter, configuration associated with the network isolation parameter from the network port of the first network device.  (Gourlay-B, col2 ln 42-61 teaches according to one embodiment, the processor monitors initial communications with the remote device based on a particular communications protocol. For example, the remote device generates one or more messages to the data communication device of this embodiment after it is connected via a network cable (or wireless link) to a port of the data communication device. The data communication device monitors the initial communications with the remote device without participating in the protocol. For example, the data communication device does not specifically send a message to the remote device requesting how to configure the port. Instead, the data communication device monitors the initial (or subsequent) communications to identify attributes of the remote device. In response to detecting an attribute of the remote device[to determining that the network port of the first network device is configured with the network isolation parameter], the processor automatically sets (by selecting an appropriate configuration profile) a corresponding port of the communication device for future communication with the remote device through the communication port [configuration associated with the network isolation parameter from the network port of the first network device]. In this way, the data communication device can automatically configure its own communication ports with reduced manual human intervention. The automatic configuration can be achieved by snooping one or more protocols that take place when coupling the remote device to the communication port via a network cable or wireless link.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of remove, in response to determining that the network port of the first network device is configured with the network isolation parameter, configuration associated with the .

Claims 4 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Gourlay-A in view of Gurlay-B further in view of Wang et al. (US20190132152A1) hereinafter Wang.

As per claim 4. Gourlay-A and Gourlay-B disclose the method of claim 1.
          Gourlay-A and Gourlay-B do not explicitly disclose wherein the network access parameters comprise traffic class information associated with a plurality of network access devices connected to the second network device and wherein determining the network isolation parameter based on the retrieved mapping comprises: retrieving a mapping between a plurality of traffic classes and a plurality of virtual local area network identifiers; and determining which virtual local area network identifiers from the plurality of virtual local area network identifiers are mapped to the one or more traffic classes.  
           Wang however teaches wherein network access parameters comprise traffic class information associated with a plurality of network access devices connected to the second network device and wherein determining the network isolation parameter based on the retrieved mapping comprises: (Wang, par0038 teaches the customer network device 220 may be configured to identify packets or other communications that include CE-VLAN identifiers (or similar identifiers) associated with one of the VPCs 204-208 of the cloud environment 242 and to route such packets to the VPCs. A customer may also communicate with the network controller 236 to request connectivity to the VPCs 204-208 through the network 202. The network controller 236, in turn, may provision or configure network devices (such as provider edge 216 and provider edge 218) to create EVCs 210-214 for each VPC 204-208 associated with the customer communication device 222. The customer may also provide the CE-VLAN identifiers utilized by the customer for each VPC 204-208 such that components of the network 202 may be configured by the network controller 236 to route received communication packets to each VPC 204-208 using respective EVCs 210-214).
retrieving a mapping between a plurality of traffic classes and a plurality of virtual local area network identifiers; (Wang, par0039 teaches in response to the received information, the network controller 236 may determine that two EVCs 210, 212 are to be established through the network 202 to establish connects between the customer communication device 220 and the VPCs 204, 206. The network controller 236 may further determine which network devices (here, provider edge 216 and provider edge 218) are to be included in the EVCs 210, 212 and provision those devices to route packets that include CE-VLAN identifier A in the communication along EVC 210 and packets that include CE-VLAN identifier B along EVC 212).
and determining which virtual local area network identifiers from the plurality of virtual local area network identifiers are mapped to the one or more traffic classes.  (Wang, par0038 teaches the network controller 236 may also determine which resources of cloud environment 242 are included in VPC-A 204 and VPC-B 206 so that packets may be routed from provider edge 218 to the correct VPC 204, 206 of the cloud environment 242. Further, through the exchange of routing information with components of the network 202 (and more particularly, provider edge 216), the customer network device 220 may be configured to route communication packets with CE-VLAN identifier A and CE-VLAN identifier B to provider edge 216 for inclusion along the EVCs 210, 212).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein network access parameters comprise traffic class information associated with a plurality of network access devices connected to the second network device and wherein determining the network isolation parameter based on the retrieved mapping comprises: retrieving a mapping between a plurality of traffic classes and a plurality of virtual local area network identifiers; and determining which virtual local area network identifiers from the plurality of virtual local area network identifiers are mapped to the one or more traffic classes, as taught by Wang in the method of Gourlay-A and Gourlay-B, so customers use resources of public and/or private cloud service to virtualize one or more of processes and connect to such resources through a telecommunications network, see Wang par0003.

As per claim 18. Gourlay-A and Gourlay-B disclose the system of claim 15.
          Gourlay-A and Gourlay-B do not explicitly disclose wherein the network access parameters comprise traffic class information associated with a plurality of network access devices connected to the second network device and wherein the network isolation engine is configured to determine network isolation parameter based on the retrieved mapping by: retrieving a mapping between a plurality of traffic classes and a 
           Wang however teaches wherein the network access parameters comprise traffic class information associated with a plurality of network access devices connected to the second network device and wherein the network isolation engine is configured to determine network isolation parameter based on the retrieved mapping by: (Wang, par0038 teaches the customer network device 220 may be configured to identify packets or other communications that include CE-VLAN identifiers (or similar identifiers) associated with one of the VPCs 204-208 of the cloud environment 242 and to route such packets to the VPCs. A customer may also communicate with the network controller 236 to request connectivity to the VPCs 204-208 through the network 202. The network controller 236, in turn, may provision or configure network devices (such as provider edge 216 and provider edge 218) to create EVCs 210-214 for each VPC 204-208 associated with the customer communication device 222. The customer may also provide the CE-VLAN identifiers utilized by the customer for each VPC 204-208 such that components of the network 202 may be configured by the network controller 236 to route received communication packets to each VPC 204-208 using respective EVCs 210-214).
retrieving a mapping between a plurality of traffic classes and a plurality of virtual local area network identifiers (Wang, par0039 teaches in response to the received information, the network controller 236 may determine that two EVCs 210, 212 are to be established through the network 202 to establish connects between the customer communication device 220 and the VPCs 204, 206. The network controller 236 may further determine which network devices (here, provider edge 216 and provider edge 218) are to be included in the EVCs 210, 212 and provision those devices to route packets that include CE-VLAN identifier A in the communication along EVC 210 and packets that include CE-VLAN identifier B along EVC 212).
and determining which virtual local area network identifiers from the plurality of virtual local area network identifiers are mapped to the one or more traffic classes.  (Wang, par0038 teaches the network controller 236 may also determine which resources of cloud environment 242 are included in VPC-A 204 and VPC-B 206 so that packets may be routed from provider edge 218 to the correct VPC 204, 206 of the cloud environment 242. Further, through the exchange of routing information with components of the network 202 (and more particularly, provider edge 216), the customer network device 220 may be configured to route communication packets with CE-VLAN identifier A and CE-VLAN identifier B to provider edge 216 for inclusion along the EVCs 210, 212).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the network access parameters comprise traffic class information associated with a plurality of network access devices connected to the second network device and wherein the network isolation engine is configured to determine network isolation parameter based on the retrieved mapping by: retrieving a mapping between a plurality of traffic classes and a plurality of virtual local area network identifiers; and determining which virtual local area network identifiers from the plurality of virtual local area network identifiers are mapped to the one or more traffic classes, as taught by Wang in the .

Claims 2-3, and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Gourlay-A in view of Gourlay-B further in view of Mittal et al. (US20130304917A1) hereinafter Mittal.

As per claim 2. Gourlay-A and Gourlay-B disclose the method of claim 1.
          Gourlay-A and Gourlay-B do not explicitly disclose wherein the network access parameters comprise one or more virtual local area network identifiers and wherein determining the network isolation parameter based on the retrieved mapping comprises performing a lookup of association between the one or more virtual local area network identifiers and one of more virtual extensible local area network identifiers.  
          Mittal however discloses wherein network access parameters comprise one or more virtual local area network identifiers and wherein determining the network isolation parameter based on the retrieved mapping comprises performing a lookup of association between the one or more virtual local area network identifiers and one of more virtual extensible local area network identifiers.  (Mittal, par0024-0025 teaches the example illustrated in FIG. 1 includes a small number of network elements.  An infrastructure for a cloud computing environment can have a large number of tenants.  Within the cloud environment, each of the tenants needs to be logically isolated from one another, even at the network level.  Isolation techniques include, for example, the use of Virtual Local Area Networks (VLANs).  In order to provide segmentation at cloud-deployment scale, Virtual eXtensible Local Area Network (VXLAN) may be used to provide network virtualization overlays.  Traffic within a network may be separated among multiple customers based on a constant such as segment identifier (in the case of VXLAN) or VLAN identifier.  For example, the same VXLAN may be configured on one or more distributed virtual switches to create network virtualization overlays.  Thus, there may be a plurality of servers 12 supporting a plurality of virtual machines 16 comprising one or more interfaces each associated with a virtual local area network or a virtual local area network segment at different network locations.  Clients or business units (e.g., research and development, corporate, finance) may be assigned different VLANs or VXLAN segments, which are used at various locations in communication with a data center. In one example, tenant virtual machines 16 are on the same isolated private VLAN and each tenant virtual machine is provided a public IP (Internet Protocol) address.  The service provider needs an ACL for each virtual machine 16 to prevent one tenant from spoofing another tenant's IP address).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein network access parameters comprise one or more virtual local area network identifiers and wherein determining the network isolation parameter based on the retrieved mapping comprises performing a lookup of association between the one or more virtual local area network identifiers and one of more virtual extensible local area network identifiers, as taught by Mittal in the method of Gourlay-A and Gourlay-B, so cloud computing enables network access to a shared pool of configurable resources 

As per claim 3. Gourlay-A, Gourlay-B and Mittal disclose the method of claim 2.
          Gourlay-A and Gourlay-B do not explicitly disclose further comprising retrieving, by the first network device from a management server, a data structure comprising a plurality of associations between virtual local area network identifiers and virtual extensible local area network identifiers.  
          Mittal however discloses further comprising retrieving, by the first network device from a management server, a data structure comprising a plurality of associations between virtual local area network identifiers and virtual extensible local area network identifiers.  (Mittal, par0024-0025 teaches the example illustrated in FIG. 1 includes a small number of network elements.  An infrastructure for a cloud computing environment can have a large number of tenants.  Within the cloud environment, each of the tenants needs to be logically isolated from one another, even at the network level.  Isolation techniques include, for example, the use of Virtual Local Area Networks (VLANs).  In order to provide segmentation at cloud-deployment scale, Virtual eXtensible Local Area Network (VXLAN) may be used to provide network virtualization overlays.  Traffic within a network may be separated among multiple customers based on a constant such as segment identifier (in the case of VXLAN) or VLAN identifier.  For example, the same VXLAN may be configured on one or more distributed virtual switches to create network virtualization overlays.  Thus, there may be a plurality of servers 12 [management server] supporting a plurality of virtual machines 16 comprising one or more interfaces each associated with a virtual local area network or a virtual local area network segment at different network locations.  Clients or business units (e.g., research and development, corporate, finance) may be assigned different VLANs or VXLAN segments, which are used at various locations in communication with a data center).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of further comprising retrieving, by the first network device from a management server, a data structure comprising a plurality of associations between virtual local area network identifiers and virtual extensible local area network identifiers, as taught by Mittal in the method of Gourlay-A and Gourlay-B, so cloud computing enables network access to a shared pool of configurable resources that can be rapidly provisioned and released with minimum management effort, see Mittal par0002.  

As per claim 16. Gourlay-A and Gourlay-B disclose the system of claim 15.
          Gourlay-A and Gourlay-B do not explicitly disclose wherein the network access parameters comprise one or more virtual local area network identifiers and wherein the network isolation engine is configured to determine network isolation parameter based on the retrieved mapping comprises performing a lookup of association between the one or more virtual local area network identifiers and one of more virtual extensible local area network identifiers.  
          Mittal however discloses wherein the network access parameters comprise one or more virtual local area network identifiers and wherein the network isolation engine is (Mittal, par0024-0025 teaches the example illustrated in FIG. 1 includes a small number of network elements.  An infrastructure for a cloud computing environment can have a large number of tenants.  Within the cloud environment, each of the tenants needs to be logically isolated from one another, even at the network level.  Isolation techniques include, for example, the use of Virtual Local Area Networks (VLANs).  In order to provide segmentation at cloud-deployment scale, Virtual eXtensible Local Area Network (VXLAN) may be used to provide network virtualization overlays.  Traffic within a network may be separated among multiple customers based on a constant such as segment identifier (in the case of VXLAN) or VLAN identifier.  For example, the same VXLAN may be configured on one or more distributed virtual switches to create network virtualization overlays.  Thus, there may be a plurality of servers 12 supporting a plurality of virtual machines 16 comprising one or more interfaces each associated with a virtual local area network or a virtual local area network segment at different network locations.  Clients or business units (e.g., research and development, corporate, finance) may be assigned different VLANs or VXLAN segments, which are used at various locations in communication with a data center. In one example, tenant virtual machines 16 are on the same isolated private VLAN and each tenant virtual machine is provided a public IP (Internet Protocol) address.  The service provider needs an ACL for each virtual machine 16 to prevent one tenant from spoofing another tenant's IP address).


As per claim 17. Gourlay-A, Gourlay-B and Mittal disclose the system of claim 16.
          Gourlay-A and Gourlay-B do not explicitly disclose wherein the network isolation engine is further configured to retrieve, from a management server, a data structure comprising a plurality of associations between virtual local area network identifiers and virtual extensible local area network identifiers.  
          Mittal however discloses wherein the network isolation engine is further configured to retrieve, from a management server, a data structure comprising a plurality of associations between virtual local area network identifiers and virtual extensible local area network identifiers.  (Mittal, par0024-0025 teaches the example illustrated in FIG. 1 includes a small number of network elements.  An infrastructure for a cloud computing environment can have a large number of tenants.  Within the cloud environment, each of the tenants needs to be logically isolated from one another, even at the network level.  Isolation techniques include, for example, the use of Virtual Local Area Networks (VLANs).  In order to provide segmentation at cloud-deployment scale, Virtual eXtensible Local Area Network (VXLAN) may be used to provide network virtualization overlays.  Traffic within a network may be separated among multiple customers based on a constant such as segment identifier (in the case of VXLAN) or VLAN identifier.  For example, the same VXLAN may be configured on one or more distributed virtual switches to create network virtualization overlays.  Thus, there may be a plurality of servers 12 [management server] supporting a plurality of virtual machines 16 comprising one or more interfaces each associated with a virtual local area network or a virtual local area network segment at different network locations.  Clients or business units (e.g., research and development, corporate, finance) may be assigned different VLANs or VXLAN segments, which are used at various locations in communication with a data center).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the network isolation engine is further configured to retrieve, from a management server, a data structure comprising a plurality of associations between virtual local area network identifiers and virtual extensible local area network identifiers, as taught by Mittal in the system of Gourlay-A and Gourlay-B, so cloud computing enables network access to a shared pool of configurable resources that can be rapidly provisioned and released with minimum management effort, see Mittal par0002.  

Claims 13 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Gourlay-A in view of Gourlay-B further in view of Fu (US20190215191A1) hereinafter Fu.

As per claim 13. Gourlay-A and Gourlay-B disclose the method of claim 1.
          Gourlay-A and Gourlay-B do not explicitly disclose wherein automatically configuring the network port of the first network device with the network isolation parameter comprises: determining a virtual extensible local area network identifier based on the network isolation parameter; determining whether a virtual extensible local area network tunnel is open on the network port of the first network device; and opening, in response to determining that a virtual extensible local area network tunnel is not open on the network port of the first network device, a virtual extensible local area network tunnel on the network port of the first network device using the virtual extensible local area network identifier.  
          Fu however discloses wherein automatically configuring the network port of the first network device with the network isolation parameter comprises: determining a virtual extensible local area network identifier based on the network isolation parameter; (Fu, par0019-0020 teaches in the block 310, the VTEP sends a VXLAN information announcement message carrying the identifiers of a set of VXLAN instances configured on the present VTEP to a neighbor VTEPs. In an example, after a neighbor relationship is set up between the VTEPs in the VXLAN network (for example, after a new VTEP joins the VXLAN network which has been initialized in configuration), the VTEP fetches local VXLAN configuration information, encapsulates the identifiers of all the VXLAN instances configured on the present VTEP into the VXLAN information announcement message, and sends the VXLAN information announcement message to the neighbor VTEPs).
determining whether a virtual extensible local area network tunnel is open on the network port of the first network device; (Fu, par0022-0023 teaches the VXLAN network can be regarded as an autonomous domain, and some Interior Gateway Protocol (IGP) operates on all the VTEPs, e.g., the Intermediate System to Intermediate System Intra-Domain Routing Exchange Protocol (IS-IS), the interior Border Gateway Protocol (iBGP), the Open Shortest Path First (OSPF), the Interior Gateway Routing Protocol (IGRP), etc. Following the interior gateway protocol, the respective VTEPs in the VXLAN network create and maintain the neighbor relationship based upon the interior gateway protocol, and the neighbor VTEPs exchange with each other messages to transfer routing information, so that the respective VTEPs can generate a routing table for data packet forwarding according to the topology of the autonomous domain. The message for spreading routing information will vary with the different protocol, but generally an extension field can be added or a reserved field can be used to announce other data to the neighbor VTEPs to thereby support an additional function based upon the protocol. The extension field or the reserved field of the message for spreading routing information can carry the identifiers of the VXLAN instances configured on the present VTEP to thereby announce those VXLAN instances on the present VTEP to the neighbor VTEPs using the IGP).
and opening, in response to determining that a virtual extensible local area network tunnel is not open on the network port of the first network device, a virtual extensible (Fu, par0026-0027 teaches in the VXLAN network, each VTEP can send the VXLAN information announcement message of the present VTEP to all the neighbor VTEPs thereof; or all the VTEPs can be regarded as a multi-cast group, and the VTEP can send the VXLAN information announcement message in a multi-cast mode; or some node in the VXLAN network can operate as a relay node to forward the VXLAN information announcement message between the VTEPs, although this example will not be limited in this regard. In the block 330, if the neighbor VTEP is configured with the same VXLAN instance as the present VTEP, then the VTEP sets up a tunnel to the neighbor VTEP).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein automatically configuring the network port of the first network device with the network isolation parameter comprises: determining a virtual extensible local area network identifier based on the network isolation parameter; determining whether a virtual extensible local area network tunnel is open on the network port of the first network device; and opening, in response to determining that a virtual extensible local area network tunnel is not open on the network port of the first network device, a virtual extensible local area network tunnel on the network port of the first network device using the virtual extensible local area network identifier, as taught by Fu in the method of Gourlay-A and Gourlay-B, so virtualized resources of the different tenants of a cloud network can be separated and isolated from each other to thereby better guarantee the privacy and the security of data of the tenants, see Fu par0001.

As per claim 27. Gourlay-A and Gourlay-B disclose the system of claim 15.
          Gourlay-A and Gourlay-B do not explicitly disclose wherein the network interface is configured to automatically configure the network port of the first network device with the network isolation parameter by: determining a virtual extensible local area network identifier based on the network isolation parameter; determining whether a virtual extensible local area network tunnel is open on the network port of the first network device; and opening, in response to determining that a virtual extensible local area network tunnel is not open on the network port of the first network device, a virtual extensible local area network tunnel on the network port of the first network device using the virtual extensible local area network identifier.  
          Fu however discloses wherein automatically configuring the network port of the first network device with the network isolation parameter comprises: determining a virtual extensible local area network identifier based on the network isolation parameter; (Fu, par0019-0020 teaches in the block 310, the VTEP sends a VXLAN information announcement message carrying the identifiers of a set of VXLAN instances configured on the present VTEP to a neighbor VTEPs. In an example, after a neighbor relationship is set up between the VTEPs in the VXLAN network (for example, after a new VTEP joins the VXLAN network which has been initialized in configuration), the VTEP fetches local VXLAN configuration information, encapsulates the identifiers of all the VXLAN instances configured on the present VTEP into the VXLAN information announcement message, and sends the VXLAN information announcement message to the neighbor VTEPs).
(Fu, par0022-0023 teaches the VXLAN network can be regarded as an autonomous domain, and some Interior Gateway Protocol (IGP) operates on all the VTEPs, e.g., the Intermediate System to Intermediate System Intra-Domain Routing Exchange Protocol (IS-IS), the interior Border Gateway Protocol (iBGP), the Open Shortest Path First (OSPF), the Interior Gateway Routing Protocol (IGRP), etc. Following the interior gateway protocol, the respective VTEPs in the VXLAN network create and maintain the neighbor relationship based upon the interior gateway protocol, and the neighbor VTEPs exchange with each other messages to transfer routing information, so that the respective VTEPs can generate a routing table for data packet forwarding according to the topology of the autonomous domain. The message for spreading routing information will vary with the different protocol, but generally an extension field can be added or a reserved field can be used to announce other data to the neighbor VTEPs to thereby support an additional function based upon the protocol. The extension field or the reserved field of the message for spreading routing information can carry the identifiers of the VXLAN instances configured on the present VTEP to thereby announce those VXLAN instances on the present VTEP to the neighbor VTEPs using the IGP).
and opening, in response to determining that a virtual extensible local area network tunnel is not open on the network port of the first network device, a virtual extensible local area network tunnel on the network port of the first network device using the virtual extensible local area network identifier.  (Fu, par0026-0027 teaches in the VXLAN network, each VTEP can send the VXLAN information announcement message of the present VTEP to all the neighbor VTEPs thereof; or all the VTEPs can be regarded as a multi-cast group, and the VTEP can send the VXLAN information announcement message in a multi-cast mode; or some node in the VXLAN network can operate as a relay node to forward the VXLAN information announcement message between the VTEPs, although this example will not be limited in this regard. In the block 330, if the neighbor VTEP is configured with the same VXLAN instance as the present VTEP, then the VTEP sets up a tunnel to the neighbor VTEP).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the network interface is configured to automatically configure the network port of the first network device with the network isolation parameter by: determining a virtual extensible local area network identifier based on the network isolation parameter; determining whether a virtual extensible local area network tunnel is open on the network port of the first network device; and opening, in response to determining that a virtual extensible local area network tunnel is not open on the network port of the first network device, a virtual extensible local area network tunnel on the network port of the first network device using the virtual extensible local area network identifier, as taught by Fu in the system of Gourlay-A and Gourlay-B, so virtualized resources of the different tenants of a cloud network can be separated and isolated from each other to thereby better guarantee the privacy and the security of data of the tenants, see Fu par0001.

Claims 57 and 58 are rejected under 35 U.S.C. 103 as being unpatentable over Gourlay-A in view of Gourlay-B further in view of Currie et al. (US 20170374692A1) hereinafter Currie.

As per claim 57. Gourlay-A and Gourlay-B disclose the method of claim 1.
          Gourlay-A and Gourlay-B do not explicitly disclose wherein the first identifier is a Service Set Identifier (SSID) and the second identifier is a Virtual LAN (VLAN). (Currie, par0066 teaches VLANs may be established by configuring the network components, 
including the access points, to tag network traffic of a VLAN with a particular 
identifier.  The tagging of traffic with a VLAN identifier allows other network 
components, such as switches, to determine which VLAN the traffic is associated 
with and process the traffic accordingly.  The various network components 
comprising the hotel's LAN should be configured to respect the VLAN tags in 
order to provide per-VLAN privacy upon the tagged network traffic.  As depicted 
in FIG. 3, a first access point 308 may be configured to broadcast three SSIDs, 
namely "HomeA," "HomeB," and "Hotel," The HomeA and HomeB SSIDs may be 
configured for different guests and are intended to indicate an SSID commonly 
used by the guests at their homes.  It is assumed that any communication device 
a guest is likely to bring with them to a hotel would be able to automatically 
connect to and authenticate with the network SSID's used in their homes.  The 
Hotel SSID is intended to represent a hotel network, which may be used by 
guests, or others.  The Hotel network may be used by the guests' mobile phones 
in order to connect to the hotel network infrastructure, including for example 
SPAN configuration server 304, before a commonly-used SSID has been configured 
for them.  When the access points are configured to provide the guests' SSIDs, 
the network components may also be configured to provide the network traffic on 
its own VLAN.  The individual VLANs are depicted by different line types in 
FIG. 3.  For example, solid line 316 is intended to depict a ULAN associated 
with the guest network for the SSID HomeA, dotted line 318 is intended to 
depict a VLAN associated [the second identifier is a Virtual LAN (VLAN)] with the guest network for the SSID HomeB [first identifier is a Service Set Identifier (SSID)], dashed-dotted line 320 is intended to depict a ULAN associated with the hotel network for the SSID Hotel, and dashed line 322 is intended to depict a VLAN associated with the guest network for the SSID HomeC.  As depicted, a single guest SSID, such as HomeB, may be configured to be broadcast on a plurality of 
different access points 308, 310.  The different access points may be separate 
in-room access points, for example if the guest has multiple rooms, or may be 
one or more access points provided in common areas of the hotel in order to 
allow the guest to access their own custom network in the common areas of the 
hotel).
          Currie however discloses wherein the first identifier is a Service Set Identifier (SSID) and the second identifier is a Virtual LAN (VLAN).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the first identifier is a Service Set Identifier (SSID) and the second identifier is a Virtual LAN (VLAN), as taught by Currie in the system of Gourlay-A and Gourlay-B, so 

As per claim 58. Gourlay-A and Gourlay-B disclose the method of claim 1.
          Gourlay-A and Gourlay-B do not explicitly disclose wherein the first identifier is selected from a group consisting of Service Set Identifier (SSID), Virtual LAN (VLAN), Virtual LAN ID (VLAN ID), Virtual eXtensible Local Area Network (VxLAN), and VNI.
          Currie however discloses wherein the first identifier is selected from a group consisting of Service Set Identifier (SSID), Virtual LAN (VLAN), Virtual LAN ID (VLAN ID), Virtual eXtensible Local Area Network (VxLAN), and VNI. (Currie, par0065 teaches A number of configurable access 
points 308, 310, 312 can be configured to provide custom SSIDs based on 
networks commonly used by the individual guests as well as SSIDs of the hotel.  
As described above with reference to FIG. 2, each access point may be 
configured to broadcast a single SSID; however, as depicted in FIG. 3 the 
access points may alternatively be configured to broadcast a plurality of 
SSIDs.  Regardless of the number of SSIDs broadcast by the access points, the 
network components can be configured to provide a virtual local area network 
(VLAN) for each of the SSIDs [first identifier is selected from a group consisting of SSID or VLAN].  Current common networking equipment support one 
VLAN per SSID; however, it is possible to provide support multiple VLANs per 
SSID, with for example different types of traffic segregated to each different 
VLAN.  For example voice communication data could be carried on one VLAN and 
web browsing traffic carried on a second VLAN both accessed over the same 
network SSID.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the first identifier is selected from a group consisting of Service Set Identifier (SSID), Virtual LAN (VLAN), Virtual LAN ID (VLAN ID), Virtual eXtensible Local Area Network (VxLAN), and VNI, as taught by Currie in the system of Gourlay-A and Gourlay-B, so ‘guest’ wireless network allow companies to offer guest convenient network connection while applying policies to segregate network traffic resulting in improved security and privacy.

Conclusion
The prior art made of record and not relied upon is considered pertinent are -
• Cudak et al. (US20160352574A1) – Related art in the area in response to an additional device being connected to an additional switch port, the method obtains device parameters of the additional device and automatically configures the additional switch port.
• Riggins (US7380025B1) – Related art in the area automatically configuring a port of a network element by discovering information that identifies or describes a second network element that is coupled to a port of a first network element.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONISHWAR MOHAN whose telephone number is (571)272-2907.  The examiner can normally be reached on Monday - Thursday 7:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on (571) 272-7872.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/M.M./Examiner, Art Unit 2442                                                                                                                                                                                                        
/WILLIAM G TROST IV/Supervisory Patent Examiner, Art Unit