Abstract: Systems and methods for using routing protocol extensions to improve spoke to spoke communication in a computer network are disclosed. Embodiments provide systems and methods to establish a tunnel between a first spoke and a hub, exchange routing information between the first spoke and the hub using a routing protocol, extend the routing protocol and an associated database to include next hop mapping information, and establish a tunnel between the first spoke and a second spoke according to information in the database.

Abstract: A Fibre Channel Switch which enables end devices in different Fabrics to communicate with one another while retaining their unique Fibre Channel Domain_IDs. The Switch is coupled to a first fabric having a first set of end devices and a second fabric having a second set of end devices. The Switch is configured to enable communication by the first set of end devices associated with the first fabric with the second set of end devices associated with the second set of end devices using the unique Domain_IDs of each of the first set and the second set of end devices. In one embodiment of the invention, the first and second fabrics are first and second Virtual Storage Array Networks (VSANs) respectively. In an alternative embodiment, the first fabric and the second fabric are separate physical fabrics.

Abstract: Methods, apparatuses and systems enabling a directed association mechanism in wireless computer network environments. In certain embodiments, the directed association functionality described herein can be used in a variety of contexts, such as directing wireless clients to associate with a desired access element or subset of access elements in a wireless network environment. In certain embodiments, the present invention can also be used to increase the efficiency of handing off wireless clients between access elements. The directed association mechanism, in one embodiment, increases the efficiency of establishing wireless connections between wireless clients and access points in a wireless network system.

Abstract: A wireless node RF Fingerprinting location mechanism that uses multiple antenna patterns to enhance the accuracy of wireless node location in an RF environment. In one implementation, substantially non-overlapping antenna pattern diversity is used to provide a degree of sectorization in computing the estimated location of a wireless node.

Abstract: Methods, apparatuses and systems directed to, or facilitating, the graphical display of status information in wireless network management systems. In one implementation, the present invention provides a graphical user interface that allows a network administrator to readily ascertain the overall status of a wireless network, and quickly identify the network element(s) within the network that are associated with any potential problem or condition. In another implementation, the present invention provides a graphical user interface that provides status icons that efficiently convey status information for corresponding access points. In another implementation, the present invention provides a hierarchical network model that facilitates network data management, configuration and display tasks associated with wireless network management systems.

Abstract: Methods, apparatuses and systems directed to preventing unauthorized access to internal network addresses transmitted across wireless networks. According to the invention, mobile stations are assigned virtual client network addresses that are used as the outer network addresses in a Virtual Private Network (VPN) infrastructure, as well as unique internal network addresses used as the inner network addresses. In one implementation, the virtual client network addresses have little to no relation to the internal network addressing scheme implemented on the network domain. In one implementation, all clients or mobile stations are assigned the same virtual client network address. A translation layer, in one implementation, intermediates the VPN session between the mobile stations and a VPN server to translate the virtual client network addresses to the internal network addresses based on the medium access control (MAC) address corresponding to the mobile stations.

Abstract: Methods, apparatuses and systems facilitating deployment and configuration of managed access points in wireless network systems. An embodiment of the present invention is a light-weight management protocol that reduces the management footprint of a plurality of managed access points in a wireless network system. An embodiment of the invention facilitates deployment and configuration of conventional, substantially autonomous access points operating in connection with a central management node, such as a server or appliance. In another embodiment, the present invention facilitates deployment and configuration of access points in a wireless network system including hierarchical processing of protocol information.

Abstract: Methods, apparatuses and systems facilitating the configuration of transmit power and coverage areas corresponding to access points in a wireless network environment. The present invention in one embodiment facilitates the dynamic configuration of coverage boundaries across a plurality of access points, improving the performance of the wireless network environment.

Abstract: A system and method for providing multiple access levels to users of a wireless network system. The network system includes a plurality of wireless access points coupled to a network. Access points (APs) for the network may be widely distributed in various facilities, such as airports, mass-transit stations, and various businesses. The network may couple to a wide area network, such as the Internet. A portable computing device (PCD) of a user may store identification information which indicates an access or privilege level for the user of the PCD. The access level may determine the network access and/or services available to the user of the PCD. The identification information may include a System ID of the PCD. Each of the access points may be operable to “listen for” or detect the identification information of the PCD. The network system may store a list of identification information and a corresponding list of access levels.

Abstract: An example embodiment of the present invention provides processes relating to the authentication, by an authentication server, of a supplicant/user for access to a network. In one particular implementation, an authentication server receives a request for access from a supplicant, which request is forwarded to the authentication server by an authenticator that controls a port to the network. The authentication server scores various authentication methods, based on configured preferences, currently cached credentials, and the availability of a networked credential store as measured by a link-state monitor. The authentication server then negotiates an agreed authentication method with the supplicant, using a preferred order resulting from the scores.

Abstract: Methods, apparatuses and systems directed to, or facilitating, the graphical display of status information in wireless network management systems. In one implementation, the present invention provides a graphical user interface that allows a network administrator to readily ascertain the overall status of a wireless network, and quickly identify the network element(s) within the network that are associated with any potential problem or condition. In another implementation, the present invention provides a graphical user interface that provides status icons that efficiently convey status information for corresponding access points. In another implementation, the present invention provides a hierarchical network model that facilitates network data management, configuration and display tasks associated with wireless network management systems.

Abstract: A wireless node location mechanism that defines a search region to optimize the computations associated with estimating the location of a given wireless node. According to one implementation, a coverage map associated with each radio receiver that records signal strength data is defined out to a threshold signal strength level. Before computing the estimated location of a given wireless nodes, a search region is defined based on the intersection of the coverage maps associated with each radio receiver that detects the wireless node. Some implementations use information provided by the fact that certain radio receivers did not detect the wireless node to further optimize the location estimate. By defining a search region, which is a generally small area relative to the space encompassed by an entire RF environment, the present invention provides several advantages, such as reducing the processing time and/or power to compute estimated locations for wireless nodes.

Abstract: Methods, apparatuses and systems facilitating containment of the effects of rogue or unauthorized access points on wireless computer network environments. Embodiments of the present invention support one to a plurality of rogue containment methodologies. A first rogue containment type involves identification of the physical connection of the rogue access point to the wired network infrastructure and, thus, allows for disabling of that physical connection to contain the rogue access point. Other rogue containment methods involve wireless techniques for containing the effect of rogue access points. As discussed below, the rogue containment functionality described herein can be applied to a wide variety of wireless network system architectures.

Abstract: A method includes receiving a first capture time corresponding to a first time that a data packet is received at a first probe and a second capture time corresponding to a second time that the data packet is received at a second probe. The data packet is from existing network traffic transmitted over a data network. The first and second probes can be configured to capture the data packet in response to a capture instruction. The first capture time and second capture time are different and are used to calculate the latency of at least a portion of a data network.

Abstract: A wireless node location mechanism that defines a search region to optimize the computations associated with estimating the location of a given wireless node. According to one implementation, a coverage map associated with each radio receiver that records signal strength data is defined out to a threshold signal strength level. Before computing the estimated location of a given wireless nodes, a search region is defined based on the intersection of the coverage maps associated with each radio receiver that detects the wireless node. Some implementations use information provided by the fact that certain radio receivers did not detect the wireless node to further optimize the location estimate. By defining a search region, which is a generally small area relative to the space encompassed by an entire RF environment, the present invention provides several advantages, such as reducing the processing time and/or power to compute estimated locations for wireless nodes.

Abstract: An example embodiment of the present invention provides processes relating to self-initiated end-to-end monitoring for an authentication gateway. In one particular implementation, the authentication gateway periodically creates and stores a temporary logon for access to a network and then sends a message including the temporary logon over a secure connection to a client. When the client receives the temporary logon, the client responds to the message by attempting to access a configurable network site. The authentication gateway redirects the client to a captive portal which prompts the client for a logon and the client enters the temporary logon at the captive portal. Then upon validating the temporary logon against the stored temporary logon, the authentication gateway authorizes access to the network. If the client successfully accesses the site, the client sends a verification report to the authentication gateway indicating successful access. Otherwise, the client reports on the failed access.

Abstract: A method for generating a simulated network. A network discovery database for a managed network is accessed, wherein the network discovery database includes device information and connectivity information for a plurality of devices of the managed network. A build file describing the simulated network is automatically generated based on the network discovery database. A user is able to create and edit a simulated network based on an actual managed network, thereby obviating the need for manually coding a simulated network.

Abstract: A method, apparatus, or computer executable instructions for converting Protocol Independent Mode (PIM) requests. In one embodiment, the method includes receiving a first multicast routing protocol (MRP) message, wherein the first MRP message is a request to join a multicast group of receivers. The first MRP message is translated into a second MRP message, wherein the second MRP message is a request to join the multicast group of receivers to which data is being provided by a specific source. The method could be performed by a router contained in a sparse mode network, wherein the sparse mode network is coupled to a source specific mode network that contains the specific source.

Abstract: Portable USB memory modules or devices and methods for using such devices are disclosed herein. In one embodiment, a portable memory module can include a housing having a CompactFlash card form factor and one or more flash memory devices carried by the housing. The portable memory module can also include a USB controller carried by the housing and coupled to the one or more flash memory devices. The portable memory module can further include a connector including a first portion coupled to the controller and a second portion configured to mate with a host device. In several embodiments, the connector includes a plurality of pins to transfer signals to and from the memory module. The pins are configured to mate with a fifty pin socket on the host device.

Abstract: The innovation discloses an AAA-based key/credential distribution system and methodology that is enhanced for establishing a trust relationship between an end device and network application servers which are known at the time of end device authentication. This enhancement can reduce the complexity of key distribution while increasing performance and computational efficiency. By using information that is typically accessible to an AAA server with respect to which instance of a service a client should use based upon load, location, etc., the subject innovation can proactively distribute credentials to an end device. This proactive distribution enables the end device to directly prompt authentication with a network entity.