Abstract: Systems, methods, and computer-readable storage media for wireless roaming are disclosed. An access point receives a communication request from a wireless device and determines a home broadcast domain associated with the wireless device. The access point determines that the home broadcast domain is different than the broadcast domain associated with the access point and proceeds to identify a second access point that is associated with the home broadcast domain of the wireless device. The access point establishes a tunnel between the access point and the second access point for routing traffic associated with the wireless device.

Abstract: A management server includes a configuration and management module processing server configuration information, including a VPN peer list and VLAN/subnet settings. The management server automatically calculates the VPN configuration information, including the VPN peer subnet route information identifying which of the subnets participating in the VPN are behind which of the routers and keys to establish VPN tunnels between those routers participating in the VPN. Each of the routers participating in the VPN includes a VPN tunnel with the other routers participating in the VPN, a set of data structures storing data identifying contact information for each of the subnets participating in the VPN, a combination of an IP address and port to reach one of routers that that subnet is behind, and a forwarding module to forward traffic between the subnets.

Abstract: A management server includes a configuration and management module processing server configuration information, including a VPN peer list and VLAN/subnet settings. The management server automatically calculates the VPN configuration information, including the VPN peer subnet route information identifying which of the subnets participating in the VPN are behind which of the routers and keys to establish VPN tunnels between those routers participating in the VPN. Each of the routers participating in the VPN includes a VPN tunnel with the other routers participating in the VPN, a set of data structures storing data identifying contact information for each of the subnets participating in the VPN, a combination of an IP address and port to reach one of routers that that subnet is behind, and a forwarding module to forward traffic between the subnets.

Abstract: A management server includes a configuration and management module processing server configuration information, including a VPN peer list and VLAN/subnet settings. The management server automatically calculates the VPN configuration information, including the VPN peer subnet route information identifying which of the subnets participating in the VPN are behind which of the routers and keys to establish VPN tunnels between those routers participating in the VPN. Each of the routers participating in the VPN includes a VPN tunnel with the other routers participating in the VPN, a set of data structures storing data identifying contact information for each of the subnets participating in the VPN, a combination of an IP address and port to reach one of routers that that subnet is behind, and a forwarding module to forward traffic between the subnets.

Abstract: A network access device (NAD) receives a UDP packet from a client to be transmitted to a management server over Internet, the UDP packet including a management message. The NAD is one of NADs managed by the management server. The NAD determines whether the management server is reachable using a UDP protocol. The NAD transmits the UDP packet to the management server using the UDP protocol over the Internet if it is determined that the management server is reachable using the UDP protocol. Otherwise, the NAD extracts a UDP payload from the UDP packet, encapsulates the UDP payload within an HTTP POST request, and transmits the HTTP POST request having the UDP payload encapsulated therein to the management server using a HTTP protocol over the Internet.

Abstract: Systems, methods, and computer-readable storage media for wireless roaming are disclosed. An access point receives a communication request from a wireless device and determines a home broadcast domain associated with the wireless device. The access point determines that the home broadcast domain is different than the broadcast domain associated with the access point and proceeds to identify a second access point that is associated with the home broadcast domain of the wireless device. The access point establishes a tunnel between the access point and the second access point for routing traffic associated with the wireless device.

Abstract: Systems, methods, and computer-readable storage media for wireless roaming are disclosed. An access point receives a communication request from a wireless device and determines a home broadcast domain associated with the wireless device. The access point determines that the home broadcast domain is different than the broadcast domain associated with the access point and proceeds to identify a second access point that is associated with the home broadcast domain of the wireless device. The access point establishes a tunnel between the access point and the second access point for routing traffic associated with the wireless device.

Abstract: A network access device (NAD) is configured to automatically establish a connection to a WAN. The NAD tests IP configurations according to a first priority scheme at least until a currently best scoring one of the IP configurations is selected for use to communicate over the WAN. The testing of the IP configurations includes transmitting requests according to a first priority scheme and tracking any replies reflecting which IP configurations are valid. The first priority scheme is for selecting among IP configurations for testing and prioritizing a first type of IP configuration over a dynamically determined type of IP configuration. Which IP configurations of the dynamically determined type that are to be tested are determined by attempting to obtain DHCP leases using different VLAN IDs according to a second priority scheme of VLAN IDs to include in DHCP requests.

Abstract: A Web-based management server includes an ACP manager to manage access control rules (ACRs) and access control policies (ACPs). The ACRs and ACPs are configured by an administrator via a Web interface of the management server. The ACP manager is to transmit over the Internet the ACPs and the ACRs to network access devices (NADs) to allow the NADs to apply the ACPs to their respective network client devices (NCDs) based on the ACRs, where the NADs are managed by the management server over the Internet. Each of the NADs operates as one of a router, a network switch, and an access point. The ACP manager is to periodically update the ACRs and ACPs stored in the NADs, including receiving an update from one NAD and broadcasting the update to a remainder of the NADs.

Abstract: Systems, methods, and computer-readable storage media for wireless roaming are disclosed. An access point receives a communication request from a wireless device and determines a home broadcast domain associated with the wireless device. The access point determines that the home broadcast domain is different than the broadcast domain associated with the access point and proceeds to identify a second access point that is associated with the home broadcast domain of the wireless device. The access point establishes a tunnel between the access point and the second access point for routing traffic associated with the wireless device.

Abstract: A network access device (NAD) receives a UDP packet from a client to be transmitted to a management server over Internet, the UDP packet including a management message. The NAD is one of NADs managed by the management server. The NAD determines whether the management server is reachable using a UDP protocol. The NAD transmits the UDP packet to the management server using the UDP protocol over the Internet if it is determined that the management server is reachable using the UDP protocol. Otherwise, the NAD extracts a UDP payload from the UDP packet, encapsulates the UDP payload within an HTTP POST request, and transmits the HTTP POST request having the UDP payload encapsulated therein to the management server using a HTTP protocol over the Internet.

Abstract: A network access device (NAD) receives a UDP packet from a client to be transmitted to a management server over Internet, the UDP packet including a management message. The NAD is one of NADs managed by the management server. The NAD determines whether the management server is reachable using a UDP protocol. The NAD transmits the UDP packet to the management server using the UDP protocol over the Internet if it is determined that the management server is reachable using the UDP protocol. Otherwise, the NAD extracts a UDP payload from the UDP packet, encapsulates the UDP payload within an HTTP POST request, and transmits the HTTP POST request having the UDP payload encapsulated therein to the management server using a HTTP protocol over the Internet.

Abstract: A Web-based management server includes an ACP manager to manage access control rules (ACRs) and access control policies (ACPs). The ACRs and ACPs are configured by an administrator via a Web interface of the management server. The ACP manager is to transmit over the Internet the ACPs and the ACRs to network access devices (NADs) to allow the NADs to apply the ACPs to their respective network client devices (NCDs) based on the ACRs, where the NADs are managed by the management server over the Internet. Each of the NADs operates as one of a router, a network switch, and an access point. The ACP manager is to periodically update the ACRs and ACPs stored in the NADs, including receiving an update from one NAD and broadcasting the update to a remainder of the NADs.

Abstract: A network switch is configured to automatically establish a connection to a WAN by determining which of a plurality of ports of the network switch is a current uplink port leading to the WAN. The switch attempts to establish connectivity to the WAN using a first set of port configurations as the current set of port configurations. Upon determining that the first set of port configurations does not allow the network switch to determine an uplink port, the network switch changes to a mode having a first security measure and also having a relaxed set of current port configurations. The network switch again attempts to establish connectivity to the WAN, and upon further failures to determine an uplink port leading to the WAN, the network switch may be configured to switch to other modes utilizing further relaxed port configurations and the same or additional security measures.

Abstract: A network access device (NAD) is configured to automatically establish a connection to a WAN. The NAD tests IP configurations according to a first priority scheme at least until a currently best scoring one of the IP configurations is selected for use to communicate over the WAN. The testing of the IP configurations includes transmitting requests according to a first priority scheme and tracking any replies reflecting which IP configurations are valid. The first priority scheme is for selecting among IP configurations for testing and prioritizing a first type of IP configuration over a dynamically determined type of IP configuration. Which IP configurations of the dynamically determined type that are to be tested are determined by attempting to obtain DHCP leases using different VLAN IDs according to a second priority scheme of VLAN IDs to include in DHCP requests.

Abstract: A Web-based management server includes an ACP manager to manage access control rules (ACRs) and access control policies (ACPs). The ACRs and ACPs are configured by an administrator via a Web interface of the management server. The ACP manager is to transmit over the Internet the ACPs and the ACRs to network access devices (NADs) to allow the NADs to apply the ACPs to their respective network client devices (NCDs) based on the ACRs, where the NADs are managed by the management server over the Internet. Each of the NADs operates as one of a router, a network switch, and an access point. The ACP manager is to periodically update the ACRs and ACPs stored in the NADs, including receiving an update from one NAD and broadcasting the update to a remainder of the NADs.

Abstract: A network access device (NAD) is configured to automatically establish a connection to a WAN. The NAD tests IP configurations according to a first priority scheme at least until a currently best scoring one of the IP configurations is selected for use to communicate over the WAN. The testing of the IP configurations includes transmitting requests according to a first priority scheme and tracking any replies reflecting which IP configurations are valid. The first priority scheme is for selecting among IP configurations for testing and prioritizing a first type of IP configuration over a dynamically determined type of IP configuration. Which IP configurations of the dynamically determined type that are to be tested are determined by attempting to obtain DHCP leases using different VLAN IDs according to a second priority scheme of VLAN IDs to include in DHCP requests.

Abstract: A network access device for network traffic analysis of a plurality of client devices in a local area network (LAN) maintains a hierarchical key combination traffic analysis (HKCTA) table for each of the client devices of the LAN (LAN devices) to store network traffic statistics of each LAN device, wherein the HKCTA includes entries identified by keys, each key being formed based on a combination of zero or more packet attributes of packets or flow attributes of a network flow associated with the packets (packet/flow attributes) exchanged by the LAN device. Each key represents one of hierarchical levels of a hierarchy of the entries. Each level of the hierarchy includes all packet/flow attributes of its parent hierarchical level plus at least one additional packet/flow attribute that is not present in its parent hierarchical level.

Abstract: A management server includes a configuration and management module processing server configuration information, including a VPN peer list and VLAN/subnet settings. The management server automatically calculates the VPN configuration information, including the VPN peer subnet route information identifying which of the subnets participating in the VPN are behind which of the routers and keys to establish VPN tunnels between those routers participating in the VPN. Each of the routers participating in the VPN includes a VPN tunnel with the other routers participating in the VPN, a set of data structures storing data identifying contact information for each of the subnets participating in the VPN, a combination of an IP address and port to reach one of routers that that subnet is behind, and a forwarding module to forward traffic between the subnets.

Abstract: A management server includes a configuration and management module processing server configuration information, including a VPN peer list and VLAN/subnet settings. The management server automatically calculates the VPN configuration information, including the VPN peer subnet route information identifying which of the subnets participating in the VPN are behind which of the routers and keys to establish VPN tunnels between those routers participating in the VPN. Each of the routers participating in the VPN includes a VPN tunnel with the other routers participating in the VPN, a set of data structures storing data identifying contact information for each of the subnets participating in the VPN, a combination of an IP address and port to reach one of routers that that subnet is behind, and a forwarding module to forward traffic between the subnets.