Abstract: In a fixed channel wireless network system with a limited number of channels, assignment of the fixed channels between remote client elements and access elements is made systematically according to a set of criteria accounting for network loading and interference, then channel assignments are dynamically updated according to a priority to maintain optimal network performance with changing conditions of load and interference. The channel utilization problem is address at a system level rather than at a local level by treating the system as a three dimensional color mapping problem. All noise is treated as having a source in virtual access elements with an appropriate performance metric. The performance metric is used to select a channel set that minimize chances of interference and maximize user performance. Specifically, there are several parameter matrices which are managed and updated by a central resource management element, namely signal strength between elements, interference, and load.

Abstract: Methods, apparatuses and systems facilitating containment of the effects of rogue or unauthorized access points on wireless computer network environments. Embodiments of the present invention support one to a plurality of rogue containment methodologies. A first rogue containment type involves identification of the physical connection of the rogue access point to the wired network infrastructure and, thus, allows for disabling of that physical connection to contain the rogue access point. Other rogue containment methods involve wireless techniques for containing the effect of rogue access points. As discussed below, the rogue containment functionality described herein can be applied to a wide variety of wireless network system architectures.

Abstract: In a fixed channel wireless network system with a limited number of channels, assignment of the fixed channels between remote client elements and access elements is made systematically according to a set of criteria according for network loading and interference, then channel assignments are dynamically updated according to a priority to maintain optimal network performance with changing conditions of load and interference. The channel utilization problem is addressed at a system level rather than at a local level by treating the system as a three dimensional color mapping problem. All noise is treated as having a source in virtual access elements with an appropriate performance metric. The performance metric is used to select a channel set that minimize chances of interference and maximize user performance. Specifically, there are several parameter matrices which are managed and updated by a central resource management element, namely signal strength between elements, interference, and load.

Abstract: Methods, apparatuses and systems directed to preventing unauthorized access to internal network addresses transmitted across wireless networks. According to the invention, mobile stations are assigned virtual client network addresses that are used as the outer network addresses in a Virtual Private Network (VPN) infrastructure, as well as unique internal network addresses used as the inner network addresses. In one implementation, the virtual client network addresses have little to no relation to the internal network addressing scheme implemented on the network domain. In one implementation, all clients or mobile stations are assigned the same virtual client network address. A translation layer, in one implementation, intermediates the VPN session between the mobile stations and a VPN server to translate the virtual client network addresses to the internal network addresses based on the medium access control (MAC) address corresponding to the mobile stations.

Abstract: Systems and methods for using routing protocol extensions to improve spoke to spoke communication in a computer network are disclosed. Embodiments provide systems and methods to establish a tunnel between a first spoke and a hub, exchange routing information between the first spoke and the hub using a routing protocol, extend the routing protocol and an associated database to include next hop mapping information, and establish a tunnel between the first spoke and a second spoke according to information in the database.

Abstract: Methods, apparatuses and systems facilitating deployment and configuration of managed access points in hierarchical wireless network systems. An embodiment of the invention facilitates deployment and configuration of conventional, substantially autonomous access points operating in connection with a central management node, such as a server or appliance. In another embodiment, the present invention facilitates deployment and configuration of light-weight access points in a hierarchical wireless network system. In one embodiment, the present invention also provides a streamlined encryption key exchange protocol adapted to hierarchical wireless network system architectures.

Abstract: A Fibre Channel Switch which enables end devices in different Fabrics to communicate with one another while retaining their unique Fibre Channel Domain_IDs. The Switch is coupled to a first fabric having a first set of end devices and a second fabric having a second set of end devices. The Switch is configured to enable communication by the first set of end devices associated with the first fabric with the second set of end devices associated with the second set of end devices using the unique Domain_IDs of each of the first set and the second set of end devices. In one embodiment of the invention, the first and second fabrics are first and second Virtual Storage Array Networks (VSANs) respectively. In an alternative embodiment, the first fabric and the second fabric are separate physical fabrics.

Abstract: Methods, apparatuses and systems enabling a directed association mechanism in wireless computer network environments. In certain embodiments, the directed association functionality described herein can be used in a variety of contexts, such as directing wireless clients to associate with a desired access element or subset of access elements in a wireless network environment. In certain embodiments, the present invention can also be used to increase the efficiency of handing off wireless clients between access elements. The directed association mechanism, in one embodiment, increases the efficiency of establishing wireless connections between wireless clients and access points in a wireless network system.

Abstract: A wireless node RF Fingerprinting location mechanism that uses multiple antenna patterns to enhance the accuracy of wireless node location in an RF environment. In one implementation, substantially non-overlapping antenna pattern diversity is used to provide a degree of sectorization in computing the estimated location of a wireless node.

Abstract: Methods, apparatuses and systems directed to, or facilitating, the graphical display of status information in wireless network management systems. In one implementation, the present invention provides a graphical user interface that allows a network administrator to readily ascertain the overall status of a wireless network, and quickly identify the network element(s) within the network that are associated with any potential problem or condition. In another implementation, the present invention provides a graphical user interface that provides status icons that efficiently convey status information for corresponding access points. In another implementation, the present invention provides a hierarchical network model that facilitates network data management, configuration and display tasks associated with wireless network management systems.

Abstract: Methods, apparatuses and systems directed to preventing unauthorized access to internal network addresses transmitted across wireless networks. According to the invention, mobile stations are assigned virtual client network addresses that are used as the outer network addresses in a Virtual Private Network (VPN) infrastructure, as well as unique internal network addresses used as the inner network addresses. In one implementation, the virtual client network addresses have little to no relation to the internal network addressing scheme implemented on the network domain. In one implementation, all clients or mobile stations are assigned the same virtual client network address. A translation layer, in one implementation, intermediates the VPN session between the mobile stations and a VPN server to translate the virtual client network addresses to the internal network addresses based on the medium access control (MAC) address corresponding to the mobile stations.

Abstract: Methods, apparatuses and systems facilitating deployment and configuration of managed access points in wireless network systems. An embodiment of the present invention is a light-weight management protocol that reduces the management footprint of a plurality of managed access points in a wireless network system. An embodiment of the invention facilitates deployment and configuration of conventional, substantially autonomous access points operating in connection with a central management node, such as a server or appliance. In another embodiment, the present invention facilitates deployment and configuration of access points in a wireless network system including hierarchical processing of protocol information.

Abstract: Methods, apparatuses and systems facilitating the configuration of transmit power and coverage areas corresponding to access points in a wireless network environment. The present invention in one embodiment facilitates the dynamic configuration of coverage boundaries across a plurality of access points, improving the performance of the wireless network environment.

Abstract: A system and method for providing multiple access levels to users of a wireless network system. The network system includes a plurality of wireless access points coupled to a network. Access points (APs) for the network may be widely distributed in various facilities, such as airports, mass-transit stations, and various businesses. The network may couple to a wide area network, such as the Internet. A portable computing device (PCD) of a user may store identification information which indicates an access or privilege level for the user of the PCD. The access level may determine the network access and/or services available to the user of the PCD. The identification information may include a System ID of the PCD. Each of the access points may be operable to “listen for” or detect the identification information of the PCD. The network system may store a list of identification information and a corresponding list of access levels.

Abstract: An example embodiment of the present invention provides processes relating to the authentication, by an authentication server, of a supplicant/user for access to a network. In one particular implementation, an authentication server receives a request for access from a supplicant, which request is forwarded to the authentication server by an authenticator that controls a port to the network. The authentication server scores various authentication methods, based on configured preferences, currently cached credentials, and the availability of a networked credential store as measured by a link-state monitor. The authentication server then negotiates an agreed authentication method with the supplicant, using a preferred order resulting from the scores.

Abstract: Methods, apparatuses and systems directed to, or facilitating, the graphical display of status information in wireless network management systems. In one implementation, the present invention provides a graphical user interface that allows a network administrator to readily ascertain the overall status of a wireless network, and quickly identify the network element(s) within the network that are associated with any potential problem or condition. In another implementation, the present invention provides a graphical user interface that provides status icons that efficiently convey status information for corresponding access points. In another implementation, the present invention provides a hierarchical network model that facilitates network data management, configuration and display tasks associated with wireless network management systems.

Abstract: A wireless node location mechanism that defines a search region to optimize the computations associated with estimating the location of a given wireless node. According to one implementation, a coverage map associated with each radio receiver that records signal strength data is defined out to a threshold signal strength level. Before computing the estimated location of a given wireless nodes, a search region is defined based on the intersection of the coverage maps associated with each radio receiver that detects the wireless node. Some implementations use information provided by the fact that certain radio receivers did not detect the wireless node to further optimize the location estimate. By defining a search region, which is a generally small area relative to the space encompassed by an entire RF environment, the present invention provides several advantages, such as reducing the processing time and/or power to compute estimated locations for wireless nodes.

Abstract: Methods, apparatuses and systems facilitating containment of the effects of rogue or unauthorized access points on wireless computer network environments. Embodiments of the present invention support one to a plurality of rogue containment methodologies. A first rogue containment type involves identification of the physical connection of the rogue access point to the wired network infrastructure and, thus, allows for disabling of that physical connection to contain the rogue access point. Other rogue containment methods involve wireless techniques for containing the effect of rogue access points. As discussed below, the rogue containment functionality described herein can be applied to a wide variety of wireless network system architectures.

Abstract: A method includes receiving a first capture time corresponding to a first time that a data packet is received at a first probe and a second capture time corresponding to a second time that the data packet is received at a second probe. The data packet is from existing network traffic transmitted over a data network. The first and second probes can be configured to capture the data packet in response to a capture instruction. The first capture time and second capture time are different and are used to calculate the latency of at least a portion of a data network.

Abstract: A wireless node location mechanism that defines a search region to optimize the computations associated with estimating the location of a given wireless node. According to one implementation, a coverage map associated with each radio receiver that records signal strength data is defined out to a threshold signal strength level. Before computing the estimated location of a given wireless nodes, a search region is defined based on the intersection of the coverage maps associated with each radio receiver that detects the wireless node. Some implementations use information provided by the fact that certain radio receivers did not detect the wireless node to further optimize the location estimate. By defining a search region, which is a generally small area relative to the space encompassed by an entire RF environment, the present invention provides several advantages, such as reducing the processing time and/or power to compute estimated locations for wireless nodes.