Abstract: Automatically configuring split DNS operation in a wireless network device connected to a network. The wireless network device snoops one or more exchanged DHCP messages to obtain domain name(s) associated with the organization that are now used as target domain name suffix(es) for split DNS operations. For subsequent DNS queries, information within the message is analyzed to determine if the request includes a domain delimiter. If no delimiter, the DNS query message is sent to an internal DNS server that is located within an organization. If a delimiter exists, but the domain name in the message matches one of the target domain name suffixes, the DNS query message is sent to the internal DNS server as well. Otherwise, the DNS query message is routed over a different communication path.

Abstract: A method and apparatus for detecting the presence of a rogue router in a computer network is described. The method may include transmitting a router solicitation message. The method may also include receiving a plurality of response messages to the router solicitation message from a first plurality of router devices, wherein the response messages are used to perform an operation other than assigning an internet protocol (IP) address to the device.

Abstract: Automatically configuring split-DNS operation in a remote access point (RAP) connected to a network. During RAP initialization, the RAP establishes a secure tunnel to its controller. To use this tunnel, a client must obtain an IP address from the controller using DHCP. The RAP snoops the client DHCP request, obtaining the domain name. This returned domain name is used as a target suffix or pattern for split-DNS operation. Additionally, the RAP may query DNS servers for additional domains supported, and add these domains to targets for split-DNS operation.

Abstract: A method and apparatus for detecting the presence of a rogue router in a computer network is described. The method may include transmitting a router solicitation message. The method may also include receiving a plurality of response messages to the router solicitation message from a first plurality of router devices, wherein the response messages are used to perform an operation other than assigning an internet protocol (IP) address to the device.

Abstract: A method and controller for detecting an unauthorized access point in a wireless communication network includes a first step of generating (200) a probe identity that is unused in the wireless communication network. A next step includes informing (202) adopted access points in the communication network of this generated probe identity, and that packets from this generated probe identity should be ignored. A next step includes broadcasting (204) at least one probe request using the generated probe identity. A next step includes detecting (206) if there are any probe responses to the at least one probe request, indicating an unauthorized access point. A next step includes providing an alert (214, 216, 218) if an unauthorized access point is detected.

Abstract: Embodiments of the invention are directed to power savings in Access Points (APs). Legacy 802.11 modes such as 802.11a/b/g use one transmitter/receive chain per radio. High Throughput (HT) 802.11n modes use multiple (2, 3, or more) transmit/receive chains per radio. Power consumed by the AP may be reduced by powering off unused transmit and/or receive chains. Multiple transmit chains are only powered up when HT 802.11n transmissions requiring them are made. Using protected mode signaling, the AP powers up multiple receive chains needed for HT 802.11n reception on receiving a Request to Send (RTS) packet indicating that an 802.11n client wishes to send 802.11n HT data. Transmit and/or receive chains may be powered up with minimum on times. Only certain elements of a chain may be powered up and down, with those elements requiring a great deal of settling time left powered on. Transmit chains may be powered up on the reception of RTS-based information indicating arrival of HT 802.11 data.

Abstract: Automatically configuring split DNS operation in a wireless network device connected to a network. The wireless network device snoops one or more exchanged DHCP messages to obtain domain name(s) associated with the organization that are now used as target domain name suffix(es) for split DNS operations. For subsequent DNS queries, information within the message is analyzed to determine if the request includes a domain delimiter. If no delimiter, the DNS query message is sent to an internal DNS server that is located within an organization. If a delimiter exists, but the domain name in the message matches one of the target domain name suffixes, the DNS query message is sent to the internal DNS server as well. Otherwise, the DNS query message is routed over a different communication path.

Abstract: Automatically configuring split-DNS operation in a remote access point (RAP) connected to a network. During RAP initialization, the RAP establishes a secure tunnel to its controller. To use this tunnel, a client must obtain an IP address from the controller using DHCP. The RAP snoops the client DHCP request, obtaining the domain name. This returned domain name is used as a target suffix or pattern for split-DNS operation. Additionally, the RAP may query DNS servers for additional domains supported, and add these domains to targets for split-DNS operation.

Abstract: A method and controller for detecting an unauthorized access point in a wireless communication network includes a first step of generating (200) a probe identity that is unused in the wireless communication network. A next step includes informing (202) adopted access points in the communication network of this generated probe identity, and that packets from this generated probe identity should be ignored. A next step includes broadcasting (204) at least one probe request using the generated probe identity. A next step includes detecting (206) if there are any probe responses to the at least one probe request, indicating an unauthorized access point. A next step includes providing an alert (214, 216, 218) if an unauthorized access point is detected.

Abstract: Power savings in Access Points (APs). Legacy 802.11 modes such as 802.11a, b, g use one transmitter/receive chain per radio. High Throughput (HT) 802.11n modes use multiple (2, 3, or more) transmit/receive chains per radio. Power consumed by the AP may be reduced by powering off unused transmit and/or receive chains. Multiple transmit chains are only powered up when HT 802.11n transmissions requiring them are made. Using protected mode signaling, the AP powers up multiple receive chains needed for HT 802.11n reception on receiving an RTS packet indicating that an 802.11n client wishes to send 802.11n HT data. Transmit and/or receive chains may be powered up with minimum on times. Only certain elements of a chain may be powered up and down, with those elements requiring a great deal of settling time left powered on. Transmit chains may be powered p on the reception of an RTS frame indicating arrival of HT 802.11 data.

Abstract: Detecting rogues in a controller-based wireless network impersonating the BSSIDs of known valid access points (APs). Access points (APs) and Air Monitors (AMs, receive-only devices) periodically build RF-neighbor lists by collecting the BSSIDS of all the access points they can receive. These lists are then sent to the host controller. The host controller compares the new RF-neighbor list against the old RF-neighbor list. An otherwise valid BSSID appearing on a RF-neighbor list where it has not appeared before is flagged as a potential rogue.