Abstract: This specification describes a system that can offer, among other advantages, dynamically allowing or rejecting non-DHCP packets entering a switch. In addition, a FDB is commonly used by a bridge or switch to store an incoming packet's source MAC address and its port number, then later on if the destination MAC address of another incoming packet matching any entry in FDB will be forwarded to its associated port. Using the techniques described herein, not only this will be completely transparent to user, the techniques can also result in an increase in switch performance by blocking unwanted traffic at an earlier stage of forwarding process and freeing up other processing units at a later stage, like switch fabric or packet processing stages.

Abstract: An access point through which a wireless device attaches to a wireless network determines the access privileges that will be accorded to the device based on a criteria set, such as the ID and physical location of the device requesting network access, the access point through which the device is connected to the network and user credentials. The location of the device is determined by a location determination system using the signal strength of the device signal. The location information and ID information is provided to an access server that uses the criteria set to retrieve access privileges from a privilege database. The retrieved access privileges are then applied to the wireless device by means of the access point and other devices in the wireless network.

Abstract: A technique for identity based networking is disclosed. A system according to the technique can include a WAN, a first VLAN, a second VLAN, and a network database. The first VLAN and second VLAN can be coupled to the WAN. The network database can include VLAN information. In operation, a client that is authorized on the second VLAN can attempt to connect to the first VLAN. A switch in the WAN can perform a lookup in the network database and determine that the client is authorized on the second VLAN. Based on this information, the client can be connected to the second VLAN using VLAN tunneling.

Abstract: A technique for locating a device uses connectivity to find a distance between an access point (AP) and a device. The AP transmits a frame to a device and receives an acknowledgement frame from the device. The amount of time for a signal to pass between the AP and the device is estimated and multiplied by the speed of light to find the distance between the AP and the device.

Abstract: A technique for improving authentication speed when a client roams from a first authentication domain to a second authentication domain involves coupling authenticators associated with the first and second authentication domains to an authentication server. A system according to the technique may include, for example, a first authenticator using an encryption key to ensure secure network communication, a second authenticator using the same encryption key to ensure secure network communication, and a server coupled to the first authenticator and the second authenticator wherein the server distributes, to the first authenticator and the second authenticator, information to extract the encryption key from messages that a client sends to the first authenticator and the second authenticator.

Abstract: A technique for operating a device at multiple different power levels dependent upon the amount of power received involves sensing the amount of power received and turning on circuit components or system functionality if power is adequate. A device constructed according to the technique should have the ability to detect at least two different, non-zero, power levels and turn on circuits or system functionality to the extent that sufficient power is detected.

Abstract: A convergence engine may provide a high level message for a high level engine representative of multiple messages received by a network interface or other physical layer transmission device. The high level engine may access one or more high level messages via functions describing the state of a non-network-portal station.

Abstract: Systems and methods for network assignment based on priority are described in this application. In one aspect, a technique for network assignment based on priority relates to establishing a connection between a client and a virtual local area network (VLAN), based on an explicit or implicit network priority preference of the client. In an embodiment, multiple VLANs can be combined into one network bundle, the network bundle being a unit network for priority specification. In addition, multiple network bundles may be available for network assignment on a particular network controller (e.g., network switch). For example, the preferred network of a client may be comprised of several individual VLANs. Thus, the client can be assigned to any of the constituent VLANs included in the preferred network bundle.

Abstract: A technique for network type awareness involves providing network type information associated with a wireless network to stations. The stations, or users of the stations, can then select which network best meets their needs.

Abstract: A technique for providing restricted access to a wireless network involves recognizing a service descriptive identifier (SDID). The SDID may be transmitted to wireless stations that query the wireless network so that the wireless stations can at least gain access to restricted services provided by the wireless network. The SDID may include quality of service (QoS) parameters, as well, thereby facilitating dynamically restricted access to the wireless network.

Abstract: A technique for dynamically responding to threats in a wireless network involves deploying a single network including APs capable of booting from a plurality of software images. Individual APs can switch (or be switched) between multiple sets of software so that network managers can select the AP software most appropriate for a given instance. For example, if a threat is detected, multiple APs can be switched to sensor mode to deal with the threat. As another example, all of the APs can be switched to sensor mode after hours. Alternatively, a server can provide the software image(s) needed for an AP to operate in accordance with a desired functionality.

Abstract: A technique for associating clients with APs in an advantageous manner may involve local balancing of clients across APs. This may involve providing instructions to APs to disable client association. Alternatively, this technique may involve load balancing across controllers.

Abstract: A technique for improving quality of service involves dynamically provisioning quality of service parameters. An example according to this technique is a system including a server and an access point. The server provisions quality of service parameters restricting the station's transmission of data through the access point to one or more access classes of varying priority.

Abstract: A technique for implementing an untethered access point (UAP) mesh involves enabling AP-local switching at one or more UAPs of the mesh. A system constructed according to the technique may include a wireless switch; an access point (AP) wire-coupled to the wireless switch; and a UAP mesh, wirelessly coupled to the AP, including a UAP with an AP-local switching engine embodied in a computer-readable medium. Another system constructed according to the technique may include an untethered access point (UAP), including: a radio; a backhaul service set identifier (SSID) stored in a computer-readable medium; an anchor access point (AAP) selection engine embodied in a computer-readable medium. In operation, the AAP selection engine may use the radio to attempt to associate with the AAP if a beaconed backhaul SSID matches the stored backhaul SSID.

Abstract: Various embodiments are discussed for approaches to transparent mobility, which attempts to permit a wireless station to be handed off between wireless access points without packet loss, without noticeable delay to the station user, and/or without loss of session continuity.

Abstract: Various embodiments are discussed for approaches to transparent mobility, which attempts to permit a wireless station to be handed off between wireless access points without packet loss, without noticeable delay to the station user, and/or without loss of session continuity.

Abstract: Methods and apparatuses of planning a wireless local area network are disclosed. Various embodiments receive data such as floor plan data, coverage data, and/or capacity data about a site for the WLAN. Based on such data, features of the WLAN access points can be determined. Examples are the quantity, placement, and/or configuration of the access points. Measured data, such as WLAN data, are received. The measured data are compared with expected data, such as expected WLAN data. Expected WLAN data can be generated from various sources, for example floor plan data and access point data (e.g., quantity, placement, and/or configuration). Based on such measured data, WLAN features can be changed, such as floor plan and/or access point data (e.g., quantity, placement, and/or configuration).

Abstract: Measured data, such as WLAN data, are received. The measured data are compared with expected data, such as expected WLAN data. Expected WLAN data can be generated from various sources, for example floor plan data and access point data (e.g., quantity, placement, and/or configuration). Based on such measured data, WLAN features can be changed, such as floor plan and/or access point data (e.g., quantity, placement, and/or configuration).

Abstract: Methods and apparatuses of planning a wireless local area network are disclosed. Various embodiments receive data such as floor plan data, coverage data, and/or capacity data about a site for the WLAN. Based on such data, features of the WLAN access points can be determined. Examples are the quantity, placement, and/or configuration of the access points.