Abstract: A protocol such as OpenFlow providing communication between an SDN framework controller on one network and a data plane device for another network can be used to modify or process network packets so that an external application or server can communicate with the controller and obtain information needed to uniquely associate the packets with particular end-stations even after those packets have traversed a NAT router.

Abstract: A protocol such as OpenFlow providing communication between an SDN framework controller on one network and a data plane device for another network can be used to modify or process network packets so that an external application or server can communicate with the controller and obtain information needed to uniquely associate the packets with particular end-stations even after those packets have traversed a NAT router.

Abstract: In a method of managing access to a network, a MAC based authentication operation is implemented in determining whether to grant a user device access to the network. In addition, a user is enabled to self-register a user device into a database of authorized users in response to the user being denied access through the MAC based authentication operation and being listed as a valid user in a directory of active network users. Moreover, the directory of active network users is monitored for modification of information pertaining to the users listed in the directory of active network users and the database of authorized users is modified in response to a determination that user information pertaining to at least one user listed in the directory of active network users that affects the database of authorized users has been modified.

Abstract: A probe request from a wireless station can cause the access point to contact a roaming enablement service and alter the services accessible through the access point. The roaming enablement service can identify preferred services of the wireless station and mediate automated negotiations between the access point and a service provider to determine whether the access point may provide a service from the service provider. Upon successful negotiations, the brokerage service can enable the access point to provide access to the preferred services.

Abstract: In one embodiment, an edge network device may monitor a network service that is provided at a network service device. Information related to the monitored network service may be temporarily stored at the edge network device and transmitted to a remote network device. In one embodiment, an administrative device may compare current extracted information with stored historical information to determine if a unique machine identifier of an end user device has been spoofed.

Abstract: In some embodiments, in a registration process where a user device is registering for access to a network, a public/private key pair may be generated based on a media access control (MAC) address of a user device. The generated public/private key pair may be transmitted to the user device for future access to the network. In some embodiments, where a user device is requesting access to a network, a MAC address embedded in a public key may be utilized to determine whether access to the network should be granted.

Abstract: Example embodiments disclosed herein relate to authentication based on Media Access Control (MAC) addresses. A network security device receives one or more client identity databases from one or more edge network devices. The client identity databases include MAC addresses of clients and secondary identification information for each of the clients. The network security device determines that a client device has been connected to one of the edge devices. A security action is performed based on whether the MAC address and respective secondary identification information of one of the clients matches the MAC address and respective secondary identification information of the connected client device.

Abstract: A user of a user device may be verified based on user credentials. The user device may be self-registered in a network. After a predetermined period of time, a re-verification timer may be implemented to re-verify credentials of a user of a user device.

Abstract: A protocol such as OpenFlow providing communication between an SDN framework controller on one network and a data plane device for another network can be used to modify or process network packets so that an external application or server can communicate with the controller and obtain information needed to uniquely associate the packets with particular end-stations even after those packets have traversed a NAT router.

Abstract: Connection profiles are created and stored. The connection profiles are for connections for sources to connect to a network. The connection profiles identify network attributes and server attributes for the connections and each connection profile includes a status of available or subscribed. A connection profile is assigned to a requested connection for a source. The source is authenticated using a credential, and server attributes from the connection profile are sent to the source to configure the source to use the connection.

Abstract: A compilation of potentially shared resources is received. The potentially shared resources are analyzed to determine compatibility among the shared resources. A user accessible list of acceptable combinations of potentially shared resources is generated.

Abstract: In one embodiment, an edge network device may monitor a network service that is provided at a network service device. Information related to the monitored network service may be temporarily stored at the edge network device and transmitted to a remote network device. In one embodiment, an administrative device may compare current extracted information with stored historical information to determine if a unique machine identifier of an end user device has been spoofed.

Abstract: A probe request from a wireless station can cause the access point to contact a roaming enablement service and alter the services accessible through the access point. The roaming enablement service can identify preferred services of the wireless station and mediate automated negotiations between the access point and a service provider to determine whether the access point may provide a service from the service provider. Upon successful negotiations, the brokerage service can enable the access point to provide access to the preferred services.

Abstract: Connection profiles are created and stored. The connection profiles are for connections for sources to connect to a network. The connection profiles identify network attributes for the connections and each connection profile includes a status of available or subscribed. A connection profile is assigned to a requested connection for a source. The network attributes for the assigned connection are sent to an edge switch for the source to configure the edge switch to accept traffic for the source.

Abstract: In a method of managing access to a network, a MAC based authentication operation is implemented in determining whether to grant a user device access to the network. In addition, a user is enabled to self-register a user device into a database of authorized users in response to the user being denied access through the MAC based authentication operation and being listed as a valid user in a directory of active network users. Moreover, the directory of active network users is monitored for modification of information pertaining to the users listed in the directory of active network users and the database of authorized users is modified in response to a determination that user information pertaining to at least one user listed in the directory of active network users that affects the database of authorized users has been modified.

Abstract: In some embodiments, in a registration process where a user device is registering for access to a network, a public/private key pair may be generated based on a media access control (MAC) address of a user device. The generated public/private key pair may be transmitted to the user device for future access to the network. In some embodiments, where a user device is requesting access to a network, a MAC address embedded in a public key may be utilized to determine whether access to the network should be granted.

Abstract: Example embodiments disclosed herein relate to authentication based on Media Access Control (MAC) addresses. A network security device receives one or more client identity databases from one or more edge network devices. The client identity databases include MAC addresses of clients and secondary identification information for each of the clients. The network security device determines that a client device has been connected to one of the edge devices. A security action is performed based on whether the MAC address and respective secondary identification information of one of the clients matches the MAC address and respective secondary identification information of the connected client device.

Abstract: An edge network device may monitor a network service that is provided at a network service device. Information related to the monitored network service may be temporarily stored at the edge network device and transmitted to a remote network device.

Abstract: Connection profiles are created and stored. The connection profiles are for connections for sources to connect to a network. The connection profiles identify network attributes for the connections and each connection profile includes a status of available or subscribed. A connection profile is assigned to a requested connection for a source. The network attributes for the assigned connection are sent to an edge switch for the source to configure the edge switch to accept traffic for the source.

Abstract: A method is provided that includes receiving a communication from a trusted device indicating that a device to be provisioned has been added to the network; obtaining identifying information of the device to be provisioned; accessing a stored configuration for the device based on the identifying information; and transmitting the configuration to the device for provisioning. Alternatively, a computer-readable medium is provided that stores instructions to perform a method to transmit a discovery communication to a trusted device, receive a communication originating at an administrative device including a configuration; and provision the device via reboot with the configuration.