Abstract: According to one embodiment of the invention, a method for establishing multiple tunnels for each virtual local area network is described. Upon receiving information over a first tunnel associated with a first virtual local area network, a determination is made whether the information is from a network device assigned to a second virtual local area network, which differs from the first virtual local area network. If the network device is a member of the second virtual local area network, a second tunnel associated with the second virtual local area network is created.

Abstract: Client balancing in a wireless digital network comprising a plurality of access nodes connected to a controller. Access nodes collect client density information and periodically report that client density information to the controller. The controller uses the client density information from the access nodes to compute Virtual RF Neighborhoods, identifying Virtual RF neighboring access nodes. Two access nodes are Virtual RF neighbors if a client which can connect to one access node can also connect to the other access node. The controller then identifies which nodes are overloaded by comparing the client loading of a target access node to the client loading of its Virtual RF neighbors. If an access node is identified as overloaded and selected for client balancing on a particular channel, it will initially refuse new association requests from client devices on that channel.

Abstract: Supporting idle stations in an IEEE 802.11 wireless distribution system. When a station in an IEEE 802.11 wireless distribution system (DS) enters the idle state, it is not associated with any access points (APs) in the DS, Prior to entering the idle state, a station may establish filters indicating what traffic it wishes to receive. These filters are sent to a server in the DS. When a station goes idle, it is associated with a paging server in the DS, which buffers all received for the idle station, and initiates paging of the idle station when such traffic meeting filter criteria is received. When the station exits the idle state by reassociating with an AP in the DS, the server is notified, and forwards the buffered traffic to the station through its AP. The server may be implemented as a process running in a controller or portal in the DS.

Abstract: Providing network security includes detecting network traffic associated with an ad hoc network that includes a first station and a second station, and preventing data sent by the first station from reaching the second station.

Abstract: A wireless communication device, such as a wireless router or access point, transmits and receives signals according any one of several standard or proprietary wireless protocols and automatically adapts its transmission rate according to the condition of a link or channel over which it is sending and receiving signals. A packet delay value is used to calculate the maximum number of packet retransmissions that are acceptable given a particular application. The packet retransmission value is used to calculate a maximum acceptable packet loss value which is then compared against actual packet losses to determine whether or not to change the packet transmission rate. If it is determined that the actual packet losses are less than the maximum acceptable value, then the packet transmission rate can be changed to a higher rate and if it is determined that the actual packet losses are greater than the maximum acceptable value, then the packet transmission rate can be changed to be a lower rate.

Abstract: Overlaying a Wireless Macro Cell architecture on a Micro Cell network. WLAN MAC Address Translation (WMAT) is used to translate BSSIDs from the BSSID used to initialize a radio in an access node and identify communications between the radio in the access node and a controller, and the BSSID used over the air for Macro Cell operation. WMAT is used for transmit operations, translating the BSSID of outgoing packets to the Macro Cell BSSID prior to wireless transmission. On the receive side, packets undergo WMAT and transmission to the controller if the STN MAC address of the sender is in an ACK table associated with the radio, or the packet is one of a predetermined type. The ACK table is managed by transmit operations, and by control commands from the controller.

Abstract: Enterprise location discovery in dual-mode phones. As dual-mode phones move within the enterprise Wi-Fi network, they track which cell tower they are associated with, reporting this information to an enterprise mobility controller. The enterprise mobility controller builds a list of cell tower identifiers which are associated with enterprise Wi-Fi coverage, and makes this list available to subscribing dual-mode phones. Subscribing dual-mode phones can use this list to only scan for Wi-Fi availability when they are associated with a cell tower which is on the list.

Abstract: A method and system for a dynamic metric and wireless hello protocol for use in a wireless mesh network are disclosed. In one embodiment a computer-implemented method, comprises determining a route for a packet to travel through a mesh network. A first time period needed to transmit the packet between a first node and a second node in the mesh network is estimated. The first time period is normalized to generate a normalized value. A route is calculated using the normalized value.

Abstract: A pipelined out-of-order process and system for handling data packets in a network device. The process and system are scalable to support throughput in excess of 10 Gbps. The system includes a set of processing cores that offload the table look up operations and similar operations from the central processing unit. The central processing unit receives the requisite data needed for performing forwarding, routing, NAT, firewall maintenance and similar operation on data packets from the set of processing cores.

Abstract: Assigning slots to nodes in a mesh network. Slot numbers are assigned to nodes in a wireless mesh network using a depth-first search combined with information on 2-hop neighborhoods for each node. Assigning slots using 2-hop neighborhood information allows slots to be safely reused. The slot assignment process may take process in parallel using different wireless channels for different subtrees rooted to a controller. Slot assignment may be repeated when the mesh topology changes. Reporting using the slot numbers allows for information from child nodes to be aggregated or filtered at parent nodes.

Abstract: Secure creation and management of device ownership keys. TPM ownership keys are generated by cryptographically combining manufacturer information with device specific information. Ownership keys are established in the TPM containing device. The manufacturer retains necessary information to reconstruct the ownership key if needed.

Abstract: Initiating peer-to-peer tunnels between clients in a mobility domain. When initiated by the controller, the access nodes establish a peer-to-peer tunnel for suitable client traffic so as to bypass “slow” tunnels through the controller. Traffic through this “fast” tunnel may be initiated once established or traffic may be temporarily queued. This queue and release process may be bidirectional or unidirectional depending on the traffic. Completion of slow tunnel traffic may be sensed in a number of ways. Slow tunnel traffic may be timed out, and queued traffic released after a preset time since the last packet was sent through the slow tunnel. The identity of the last packet sent through the slow tunnel may be retained, and queued traffic released when an acknowledgement for that packet is received. A special packet may be sent through the slow tunnel and queued traffic released when an acknowledgement for that packet is received.

Abstract: Providing a single number presentation to the party called by a dual-mode phone. The operation of the cellular side of a dual-mode phone is altered such that when the user attempts to place an outgoing call using the cellular phone, the call is redirected to a preprogrammed incoming phone number associated with the enterprise. When the enterprise PBX answers this call, the dual-mode phone transmits the desired number to the enterprise PBX. The enterprise PBX then places the call to the desired number, and in the process transmits the caller-id information assigned to the dual-mode phone.

Abstract: According to one embodiment of the invention, an apparatus comprises an input port, a measuring circuit and a processor. The measuring circuit is adapted to measure a power parameter associated with power supplied over a communication media to the input port. The processor includes a plurality of logic units. Each logic unit is configured to be activated in series to control power usage of the apparatus.

Abstract: A method and system for creating and deploying a mesh network are disclosed. In one embodiment, the method comprises providing a mesh router having a plurality of radios. The mesh router is used in a cell of a plurality of cells that covers a geographic region. Channels are assigned to the plurality of radios. The channels are selected from a plurality of channels to allow channel reuse throughout the plurality of cells.

Abstract: In one embodiment of the invention, a wireless network is adapted with a wireless network switch in communication with a plurality of access points, which are in communication with one or more stations. Coupled to the access points over an interconnect, the wireless network switch is adapted to receive a DEAUTHENTICATION message sent by one of the plurality of access points in the same coverage area of the station so as to detect the DEAUTHENTICATION message and to block communications between the plurality of access points and the station in response to determining that the DEAUTHENTICATION message is invalid.

Abstract: In general, one embodiment of the invention is a air monitor adapted to a wireless network. The air monitor enforces policies followed by the wireless network even though it is not involved in the exchange of data between wireless devices of the wireless network such as access points and wireless stations.

Abstract: According to one embodiment of the invention, a network device comprises a first processing element and a second processing element. The first processing element is adapted to handle an authentication handshaking protocol, such as the SSL/TLS Handshake, and upon receipt of a Client Key Exchange message, passes control of the authentication handshaking protocol to the second processing element. The second processing element completes the authentication handshaking protocol.

Abstract: A method and system for radio frequency management (RFM) in a mesh network using a path distance factor (PDF) is disclosed. According to one embodiment, a computer-implemented method, comprises calculating a path distance factor (PDF) between a first mesh router and a portal. A frame is transmitted to a second mesh router, wherein the frame includes the path distance factor.