Abstract: A novel technique involves evaluating a real-time environment of a channel based on a nonlinear function of the number of neighbor radios and channel utilization requirements. The technique can be used to pick a channel for an AP that is added to a wireless network or to tune a channel for an existing AP. The technique can be applied to, for example, a relatively new wideband option in the 802.11n standard.

Abstract: This specification describes a system that can offer, among other advantages, dynamically allowing or rejecting non-DHCP packets entering a switch. In addition, a FDB is commonly used by a bridge or switch to store an incoming packet's source MAC address and its port number, then later on if the destination MAC address of another incoming packet matching any entry in FDB will be forwarded to its associated port. Using the techniques described herein, not only this will be completely transparent to user, the techniques can also result in an increase in switch performance by blocking unwanted traffic at an earlier stage of forwarding process and freeing up other processing units at a later stage, like switch fabric or packet processing stages.

Abstract: A technique for providing a prediction as to whether a resource will be accessible to a user is described. The technique can involve comparing asserted membership in a wireless realm with membership records. Advantageously, a user can be made aware of the likelihood of access to a resource before attempting to reach the resource.

Abstract: A technique for wireless load balancing involves providing a wireless infrastructure that creates a target band option and helps push clients toward that band. An example of a method according to the technique involves, by way of example but not limitation, responding only to probe requests on a first band when a client is detected on the first band and a second band. For example, using the techniques described herein, a platform that is both 802.11a and 802.11b/g compliant may attempt to connect preferentially to the 802.11b/g band of a wireless network, and be migrated toward the 802.11a band instead.

Abstract: In wireless networking, such as per the IEEE 802.11 standard, a technique automatically republishes an authentication credential to a global credential repository. A station can have a first credential, as is created when the station connects to a first access node of a wireless network. Upon trying and failing to connect to a second access node of the wireless network, the station can have a second credential created and published to the global credential repository. In some situations, the station then roams back to the first access node using the first credential. Efficiently, when the station uses the first credential at the first access node, the first credential can be automatically republished as a global credential. The automatic republishing of the first credential can ensure that the station is able to access the wireless network via various access nodes when roaming.

Abstract: An access point through which a wireless device attaches to a wireless network determines the access privileges that will be accorded to the device based on a criteria set, such as the ID and physical location of the device requesting network access, the access point through which the device is connected to the network and user credentials. The location of the device is determined by a location determination system using the signal strength of the device signal. The location information and ID information is provided to an access server that uses the criteria set to retrieve access privileges from a privilege database. The retrieved access privileges are then applied to the wireless device by means of the access point and other devices in the wireless network.

Abstract: A technique for testing a network path involves making use of feedback enabling parameters. Values for the feedback enabling parameters can be generated from a measurement of path performance. The technique can be implemented for wireless paths. The technique can also be implemented for multi-hop paths.

Abstract: A technique for combining operations of a wireless access point with a remote probe. An access point links a wireless client to a wireless switch. A remote probe captures wireless packets, appends radio information, and forwards packets to a remote observer for analysis. In an embodiment, the observer may provide a protocol-level debug. A system according to the technique can, for example, accomplish concurrent in-depth packet analysis of one or more interfaces on a wireless switch. The system can also, for example, augment embedded security functions by forwarding selected packets to a remote Intrusion Detection System (IDS). In an embodiment, filters on the probes may reduce overhead.

Abstract: A technique for identity based networking is disclosed. A system according to the technique can include a WAN, a first VLAN, a second VLAN, and a network database. The first VLAN and second VLAN can be coupled to the WAN. The network database can include VLAN information. In operation, a client that is authorized on the second VLAN can attempt to connect to the first VLAN. A switch in the WAN can perform a lookup in the network database and determine that the client is authorized on the second VLAN. Based on this information, the client can be connected to the second VLAN using VLAN tunneling.

Abstract: A technique for wireless load balancing involves providing a wireless infrastructure that creates a target band option and helps push clients toward that band. An example of a method according to the technique involves, by way of example but not limitation, responding only to probe requests on a first band when a client is detected on the first band and a second band. For example, using the techniques described herein, a platform that is both 802.11a and 802.11b/g compliant may attempt to connect preferentially to the 802.11b/g band of a wireless network, and be migrated toward the 802.11a band instead.

Abstract: A technique for combining operations of a wireless access point with a remote probe. An access point links a wireless client to a wireless switch. A remote probe captures wireless packets, appends radio information, and forwards packets to a remote observer for analysis. In an embodiment, the observer may provide a protocol-level debug. A system according to the technique can, for example, accomplish concurrent in-depth packet analysis of one or more interfaces on a wireless switch. The system can also, for example, augment embedded security functions by forwarding selected packets to a remote Intrusion Detection System (IDS). In an embodiment, filters on the probes may reduce overhead.

Abstract: A technique for improving authentication speed when a client roams from a first authentication domain to a second authentication domain involves coupling authenticators associated with the first and second authentication domains to an authentication server. A system according to the technique may include, for example, a first authenticator using an encryption key to ensure secure network communication, a second authenticator using the same encryption key to ensure secure network communication, and a server coupled to the first authenticator and the second authenticator wherein the server distributes, to the first authenticator and the second authenticator, information to extract the encryption key from messages that a client sends to the first authenticator and the second authenticator.

Abstract: This specification describes a system that can offer, among other advantages, dynamically allowing or rejecting non-DHCP packets entering a switch. In addition, a FDB is commonly used by a bridge or switch to store an incoming packet's source MAC address and its port number, then later on if the destination MAC address of another incoming packet matching any entry in FDB will be forwarded to its associated port. Using the techniques described herein, not only this will be completely transparent to user, the techniques can also result in an increase in switch performance by blocking unwanted traffic at an earlier stage of forwarding process and freeing up other processing units at a later stage, like switch fabric or packet processing stages.

Abstract: A technique for identity based networking is disclosed. A system according to the technique can include a WAN, a first VLAN, a second VLAN, and a network database. The first VLAN and second VLAN can be coupled to the WAN. The network database can include VLAN information. In operation, a client that is authorized on the second VLAN can attempt to connect to the first VLAN. A switch in the WAN can perform a lookup in the network database and determine that the client is authorized on the second VLAN. Based on this information, the client can be connected to the second VLAN using VLAN tunneling.

Abstract: An access point through which a wireless device attaches to a wireless network determines the access privileges that will be accorded to the device based on a criteria set, such as the ID and physical location of the device requesting network access, the access point through which the device is connected to the network and user credentials. The location of the device is determined by a location determination system using the signal strength of the device signal. The location information and ID information is provided to an access server that uses the criteria set to retrieve access privileges from a privilege database. The retrieved access privileges are then applied to the wireless device by means of the access point and other devices in the wireless network.

Abstract: A technique for locating a device uses connectivity to find a distance between an access point (AP) and a device. The AP transmits a frame to a device and receives an acknowledgement frame from the device. The amount of time for a signal to pass between the AP and the device is estimated and multiplied by the speed of light to find the distance between the AP and the device.

Abstract: A technique for improving authentication speed when a client roams from a first authentication domain to a second authentication domain involves coupling authenticators associated with the first and second authentication domains to an authentication server. A system according to the technique may include, for example, a first authenticator using an encryption key to ensure secure network communication, a second authenticator using the same encryption key to ensure secure network communication, and a server coupled to the first authenticator and the second authenticator wherein the server distributes, to the first authenticator and the second authenticator, information to extract the encryption key from messages that a client sends to the first authenticator and the second authenticator.

Abstract: A technique for operating a device at multiple different power levels dependent upon the amount of power received involves sensing the amount of power received and turning on circuit components or system functionality if power is adequate. A device constructed according to the technique should have the ability to detect at least two different, non-zero, power levels and turn on circuits or system functionality to the extent that sufficient power is detected.

Abstract: A convergence engine may provide a high level message for a high level engine representative of multiple messages received by a network interface or other physical layer transmission device. The high level engine may access one or more high level messages via functions describing the state of a non-network-portal station.

Abstract: Systems and methods for network assignment based on priority are described in this application. In one aspect, a technique for network assignment based on priority relates to establishing a connection between a client and a virtual local area network (VLAN), based on an explicit or implicit network priority preference of the client. In an embodiment, multiple VLANs can be combined into one network bundle, the network bundle being a unit network for priority specification. In addition, multiple network bundles may be available for network assignment on a particular network controller (e.g., network switch). For example, the preferred network of a client may be comprised of several individual VLANs. Thus, the client can be assigned to any of the constituent VLANs included in the preferred network bundle.