Abstract: Management of a proximity beacon transmitter using a network device. Operational characteristics are generated for a proximity beacon transmitter coupled to a network device. The proximity beacon is configured through the network device. It is determined if the proximity beacon transmitter is operating according to the operational characteristics generated for the proximity beacon transmitter. The proximity beacon transmitter is reconfigured to operate according to the operational characteristics if it is determined that the proximity beacon transmitter is operating in nonconformity with the operational characteristics.

Abstract: Wireless networking devices scan for available channels and gather data about the channels and the RF environment. Using this information, each wireless networking device determines a cost value for each available channel and a quality value for its overall RF neighborhood. Each wireless networking device select the channel with the best cost value as a candidate channel for use. The wireless networking devices may submit channel requests to the arbiter for approval. If two or more wireless networking devices are requesting the same channel, the arbiter assigns the channel to the wireless networking device with the worst RF neighborhood quality. The arbiter informs the wireless networking devices if their channel requests are approved. If a wireless networking device's channel request is not approved, the wireless networking device will rescan the remaining available channels to select a different candidate channel to be approved.

Abstract: A network device comprising, a first radio module configured to transmit and receive first radio signals in a first frequency band, a first antenna array configured to transmit and receive the first radio signals for the first radio module in the first frequency band, a second radio module configured to transmit and receive second radio signals in the first frequency band, a second antenna array configured to transmit and receive the second radio signals for the second radio module in the first frequency band, wherein, in operation, the first radio module and the second radio modules function concurrently using the first frequency band while at least 40 dB of antenna isolation is maintained between the first antenna array and the second antenna array.

Abstract: A technique for network authentication interoperability involves initiating an authentication procedure on a first network, authenticating on a second network, and allowing access at the first network. The technique can include filtering access to a network, thereby restricting access to users with acceptable credentials. Offering a service that incorporates these techniques can enable incorporation of the techniques into an existing system with minimal impact to network configuration.

Abstract: A network device comprising, a first radio module configured to transmit and receive first radio signals in a first frequency band, a first antenna array configured to transmit and receive the first radio signals for the first radio module in the first frequency band, a second radio module configured to transmit and receive second radio signals in the first frequency band, a second antenna array configured to transmit and receive the second radio signals for the second radio module in the first frequency band, wherein, in operation, the first radio module and the second radio modules function concurrently using the first frequency band while at least 40 dB of antenna isolation is maintained between the first antenna array and the second antenna array.

Abstract: A technique allows stations to utilize an equal share of resources (e.g., airtime or throughput). This prevents slow stations from consuming too many resources (e.g., using up too much air time). Fairness is ensured by selective dropping after a multicast packet is converted to unicast. This prevents slow stations from using more than their share of buffer resources. Multicast conversion aware back-pressure into the network layer can be used to prevent unnecessary dropping of packets after multicast to unicast (1:n) conversion by considering duplicated transmit buffers. This technique helps achieve airtime/resource fairness among stations.

Abstract: Various implementations described herein relate to routing network data traffic using network tunnels. In some implementations, one or more tunnels are established between a remote gateway device and a central gateway device central gateway system. The remote gateway device can receive data traffic from one or more client devices and analyzed the data traffic. Based at least in part on the resulting analysis, the remote gateway device identified an application or an application type associated with the data traffic. The remote gateway device can select one or more select tunnels, from the one or more tunnels, based at least in part on the identification of the application or the application type associated with the data traffic. Eventually, the remote gateway device can route the data traffic to the central gateway system using the one or more select tunnels.

Abstract: Wireless networking devices scan for available channels and gather data about the channels and the RF environment. Using this information, each wireless networking device determines a cost value for each available channel and a quality value for its overall RF neighborhood. Each wireless networking device select the channel with the best cost value as a candidate channel for use. The wireless networking devices may submit channel requests to the arbiter for approval. If two or more wireless networking devices are requesting the same channel, the arbiter assigns the channel to the wireless networking device with the worst RF neighborhood quality. The arbiter informs the wireless networking devices if their channel requests are approved. If a wireless networking device's channel request is not approved, the wireless networking device will rescan the remaining available channels to select a different candidate channel to be approved.

Abstract: Wireless access points detect neighboring wireless access points in different subnets. Upon connecting with a wireless client, a wireless access point determines predictive roaming information for the wireless client. Predictive roaming information identifies the wireless client; its home network subnet; and includes connection information associated with the wireless client. The wireless access point forwards the predictive roaming information associated with a wireless client to neighboring wireless access points while the wireless client is still connected with the wireless access point. Neighboring wireless access points store received predictive roaming information. Upon connecting with a wireless client, a neighboring wireless access point determines if the wireless client matches the stored predictive roaming information.

Abstract: A passphrase is assigned to an end user device for use in authenticating the end user device for a network using SAE. An identification of the end user device is determined during an authentication process. The passphrase assigned to the end user device is determined at a network side using the identification of the end user device. A shared secret is generated using the passphrase. Whether the end user device has generated the shared secret is determined. The end user device is authenticated for the network, if it is determined that the end user device has generated the shared secret.

Abstract: A passphrase is assigned to an end user device for use in authenticating the end user device for a network using SAE. An identification of the end user device is determined during an authentication process. The passphrase assigned to the end user device is determined at a network side using the identification of the end user device. A shared secret is generated using the passphrase. Whether the end user device has generated the shared secret is determined. The end user device is authenticated for the network, if it is determined that the end user device has generated the shared secret.

Abstract: A unique pre-shared key plug-in is installed on a Chromebook device. Identification data associated with the Chromebook device is received, from the unique pre-shared key plug-in through a Chromebook client management system API. A unique pre-shared key is assigned to the Chromebook device using the identification data. The unique pre-shared key is sent to the Chromebook device. The Chromebook device is configured to seamlessly authenticate for a wireless network using the unique pre-shared key.

Abstract: A multicast frame directed to a plurality of devices coupled to a network can be received, where the plurality of devices comprising at least one intended recipient device and at least one unintended recipient device. A destination unicast address corresponding to an intended recipient device can be identified. The multicast frame can be converted into a unicast frame directed to the intended recipient device, the unicast frame configured with the destination unicast address. The unicast frame can be blocked from accessing the unintended recipient device. The unicast frame can be provided to the intended recipient device.

Abstract: A method of configuring a virtual network comprises: running a user-interactive business requirements wizard from a server, the wizard collecting business requirements from a user; translating the business requirements into technical requirements for a network configuration using the server; selecting a network configuration from a network configuration database using the server, the selecting utilizing the technical requirements; testing the network configuration using a processor; monitoring the testing and generating new facts regarding performance of the network configuration, using the processor; feeding back the new facts to the server for use by the server in the selecting; and repeating the selecting, testing, monitoring and generating, and feeding back, until the server determines a criterion for network stability has been reached.

Abstract: A technique for network authentication interoperability involves initiating an authentication procedure on a first network, authenticating on a second network, and allowing access at the first network. The technique can include filtering access to a network, thereby restricting access to users with acceptable credentials. Offering a service that incorporates these techniques can enable incorporation of the techniques into an existing system with minimal impact to network configuration.

Abstract: A method of intelligently sorting packets/datagrams for sending through appropriate branches of a N-way split VPN tunnel according to embodiments of the present invention allow for efficient movement of network traffic to and from a remote network location. Intelligent sorting may be based on a wide range of criteria in order to implement different policies. For example, datagrams may be sorted for sending through the branches of a 3-way split tunnel so that all traffic from a remote network location ultimately destined to servers at a central location may be sent via a secure VPN tunnel, all traffic that matches a “white-list” of trusted external sites may be sent directly to and from these sites to the remote network location, and all other traffic may be redirected through a Web service that scrubs and filters the traffic to/from questionable sites.

Abstract: In various systems and methods, there can be received a request for a network service. A query for the network service can be formulated based on the request. A remote access device can be instructed to interrogate remote devices coupled to the remote network access device for the network service. Access parameters related to the network service can be received in response to the interrogation. The user device can be configured to access the network service based on the access parameters.

Abstract: Preshared keys are assigned to client devices, users, or user groups. The set of valid preshared keys or keys derived therefrom is distributed to network devices such as wireless access points. A client device attempts to establish a secure network connection with a network device using its assigned preshared key. A network device identifies the client device's preshared key by selecting a candidate key from its set of valid preshared keys. The network device determines a validation cryptographic checksum based on the selected candidate key. If the validation cryptographic checksum matches the client's cryptographic checksum, the network device establishes a secure network connection with the client device using this candidate key. If the validation cryptographic checksum does not match the cryptographic checksum provided by the client device, the network device repeats this comparison using different candidate keys selected from its set of valid preshared keys until a match is found.

Abstract: A technique allows stations to utilize an equal share of resources (e.g., airtime or throughput). This prevents slow stations from consuming too many resources (e.g., using up too much air time). Fairness is ensured by selective dropping after a multicast packet is converted to unicast. This prevents slow stations from using more than their share of buffer resources. Multicast conversion aware back-pressure into the network layer can be used to prevent unnecessary dropping of packets after multicast to unicast (1:n) conversion by considering duplicated transmit buffers. This technique helps achieve airtime/resource fairness among stations.

Abstract: A request related to an access to a network by a first user device may be received. The user device may be included in a plurality of user devices associated with a first first-level security profile assigned to the user. An application extension to an application executing on the first user device may be accessed in response to the request related to the access. A network connectivity file may be provided to the application extension. The network connectivity file may include network configuration information for the first user device. The network configuration information may be associated with a first second-level security profile assigned to the first user device. Instructions to configure the first user device to access the network based at least in part on the network configuration information in the network connectivity file may be provided.