Abstract: Traffic broadcast to a VLAN is restricted. To do so, a plurality of stations are associated with a BSSID (basic service set identifier). A first VLAN is configured by sending a first group key to each station from the plurality of stations that is a member of the first VLAN, wherein each VLAN is associated with a unique group key. One or more frames addressed to the first VLAN are received. The one or more frames are encrypted with the first group key to prevent stations without the first group key from being able to decrypt the one or more frames. The one or more encrypted VLAN frames are broadcast to the plurality of stations associated with the BSSID.

Abstract: An 802.11-compliant device for high throughput is disclosed. A plurality of TCP packets received in a buffer for transmission are stored. The plurality of TCP packets can be aggregated as A-MSDU sub-frames to form a A-MSDU frame in accordance with an IEEE 802.11 standard. Additionally, a plurality of A-MSDU frames can be aggregated as A-MPDU sub-frames to form a A-MPDU frame. The A-MPDU frame is compliant with a number of allowable sub-frames and a maximum size in accordance with an 802.11 standard. The A-MPDU frame is sent for transmission as an IEEE 802.11 packet.

Abstract: Techniques which prevent rogue devices from continued access to a wireless communication system. A control element directs access points as to which mobile stations to service. Each access point maintains a record of the mobile stations it is servicing. At the direction of the control element, one or more access points send ACK (acknowledgement) messages when hearing messages from a rogue device. When the rogue device sends a message, it expects an ACK message in response, but those additional ACK messages interfere with the responsive ACK message, causing the rogue device to never hear the responsive ACK message. The rogue device assumes its message was not received, so it retries sending of that message. When the rogue device retries sending of its message, the responsive ACK message is similarly interfered with, until the rogue device concludes that its connection has been lost.

Abstract: Network devices are steered to preferred access points using a probability function. A probe request for connection is received from a network device. The probe request can be from a network device attempting to use a wireless network (e.g., a IEEE 802.11-type network or other suitable type of network). A probability function that defines a likelihood of granting the network device a connection is used to determine whether to accept or deny the response. The probe response is then sent to the network device.

Abstract: Uplink medium access control on per-wireless device level for a specific user. An access point sends a beacon frame to a wireless device. The beacon frame includes a BSSID that is unique to the wireless device. The beacon frame also includes embedded uplink configurations specifying uplink medium access for the wireless device. In one embodiment, a controller recognizes a device or user associated with the device, and sends corresponding uplink configurations for embedding in a subsequent beacon frame.

Abstract: Network devices are steered to preferred access points using a probability function. A probe request for connection is received from a network device. The probe request can be from a network device attempting to use a wireless network (e.g., a IEEE 802.11-type network or other suitable type of network). A probability function that defines a likelihood of granting the network device a connection is used to determine whether to accept or deny the response. The probe response is then sent to the network device.

Abstract: A spoofed management frame is sent to an unauthorized access point (AP) on behalf of a station from an authorized AP, using a media access control (MAC) address of the station. The spoofed frame triggers a security association (SA) query from an unauthorized AP to reestablish valid communications. An acknowledgment (ACK) frame sent from the client to the unauthorized AP responsive to the SA query request is detected by the AP. A probe response is sent to the client. The probe response includes a channel switching element. The channel switching prevents the client from completing the SA process before a time out.

Abstract: Techniques which prevent rogue devices from continued access to a wireless communication system. A control element directs access points as to which mobile stations to service. Each access point maintains a record of the mobile stations it is servicing. At the direction of the control element, one or more access points send ACK (acknowledgement) messages when hearing messages from a rogue device. When the rogue device sends a message, it expects an ACK message in response, but those additional ACK messages interfere with the responsive ACK message, causing the rogue device to never hear the responsive ACK message. The rogue device assumes its message was not received, so it retries sending of that message. When the rogue device retries sending of its message, the responsive ACK message is similarly interfered with, until the rogue device concludes that its connection has been lost.

Abstract: A spoofed management frame is sent to an unauthorized access point (AP) on behalf of a station from an authorized AP, using a media access control (MAC) address of the station. The spoofed frame triggers a security association (SA) query from an unauthorized AP to reestablish valid communications. An acknowledgment (ACK) frame sent from the client to the unauthorized AP responsive to the SA query request is detected by the AP. A probe response is sent to the client. The probe response includes a channel switching element. The channel switching prevents the client from completing the SA process before a time out.

Abstract: Traffic broadcast to a VLAN is restricted. To do so, a plurality of stations are associated with a BSSID (basic service set identifier). A first VLAN is configured by sending a first group key to each station from the plurality of stations that is a member of the first VLAN, wherein each VLAN is associated with a unique group key. One or more frames addressed to the first VLAN are received. The one or more frames are encrypted with the first group key to prevent stations without the first group key from being able to decrypt the one or more frames. The one or more encrypted VLAN frames are broadcast to the plurality of stations associated with the BSSID.

Abstract: Network devices are steered to preferred access points using a probability function. A probe request for connection is received from a network device. The probe request can be from a network device attempting to use a wireless network (e.g., a IEEE 802.11-type network or other suitable type of network). A probability function that defines a likelihood of granting the network device a connection is used to determine whether to accept or deny the response. The probe response is then sent to the network device.

Abstract: Techniques which prevent rogue devices from continued access to a wireless communication system. A control element directs access points as to which mobile stations to service. Each access point maintains a record of the mobile stations it is servicing. At the direction of the control element, one or more access points send ACK (acknowledgement) messages when hearing messages from a rogue device. When the rogue device sends a message, it expects an ACK message in response, but those additional ACK messages interfere with the responsive ACK message, causing the rogue device to never hear the responsive ACK message. The rogue device assumes its message was not received, so it retries sending of that message. When the rogue device retries sending of its message, the responsive ACK message is similarly interfered with, until the rogue device concludes that its connection has been lost.

Abstract: A spoofed management frame is sent to an unauthorized access point (AP) on behalf of a station from an authorized AP, using a media access control (MAC) address of the station. The spoofed frame triggers a security association (SA) query from an unauthorized AP to reestablish valid communications. An acknowledgment (ACK) frame sent from the client to the unauthorized AP responsive to the SA query request is detected by the AP. A probe response is sent to the client. The probe response includes a channel switching element. The channel switching prevents the client from completing the SA process before a time out.

Abstract: A system and method for optimizing voice communications in a wireless network including an AP having a message waiting time that provides proper QoS while losing minimal communication bandwidth. The QoS may be responsive to the amount of user traffic in both the AP and neighboring APs. The method may include setting parameters for each level of QoS in response to a measure of the degree of contention for that level of QoS, and in response to a measure of the degree of contention for those levels of QoS with higher priority, and setting waiting time parameters in response to a stochastic model of contention at each level of QoS. Operational parameters might include contention window time, AIFS time, and back-off value(s), and might be modified in response to message QoS.

Abstract: A system and method for optimizing voice communications in a wireless network including an AP having a message waiting time that provides proper QoS while losing minimal communication bandwidth. The QoS may be responsive to the amount of user traffic in both the AP and neighboring APs. The method may include setting parameters for each level of QoS in response to a measure of the degree of contention for that level of QoS, and in response to a measure of the degree of contention for those levels of QoS with higher priority, and setting waiting time parameters in response to a stochastic model of contention at each level of QoS. Operational parameters might include contention window time, AIFS time, and back-off value(s), and might be modified in response to message QoS.

Abstract: Traffic broadcast to a VLAN is restricted. To do so, a plurality of stations are associated with a BSSID (basic service set identifier). A first VLAN is configured by sending a first group key to each station from the plurality of stations that is a member of the first VLAN, wherein each VLAN is associated with a unique group key. One or more frames addressed to the first VLAN are received. The one or more frames are encrypted with the first group key to prevent stations without the first group key from being able to decrypt the one or more frames. The one or more encrypted VLAN frames are broadcast to the plurality of stations associated with the BSSID.

Abstract: A spoofed management frame is sent to an unauthorized access point (AP) on behalf of a station from an authorized AP, using a media access control (MAC) address of the station. The spoofed frame triggers a security association (SA) query from an unauthorized AP to reestablish valid communications. An acknowledgment (ACK) frame sent from the client to the unauthorized AP responsive to the SA query request is detected by the AP. A probe response is sent to the client. The probe response includes a channel switching element. The channel switching prevents the client from completing the SA process before a time out.

Abstract: Reliable multicast delivery in wireless communication, even when a WS doesn't know its AP, is determined at the AP without the sending device. Multicast packets are received at each AP having destinations. Without altering those packets, the AP encapsulates them in an A-MSDU packet. Each A-MSDU packet is sent individually to each destination, and might encapsulate more than one multicast packet. Destinations might receive two streaming messages faster than if sent separately. AP's might choose a 1st multiple of multicast packets from a 1st source, a 2nd, different, multiple of multicast packets from a 2nd source, and a single multicast packet from a 3rd source. Individualized optimization of transmission parameters for each A-MSDU packet and each multicast packet therein. Individualized optimization of transmission parameters for the A-MSDU packet for each destination. The AP collectively optimizes delivery of distinct multicast packets to different destinations.

Abstract: Techniques which prevent rogue devices from continued access to a wireless communication system. A control element directs access points as to which mobile stations to service. Each access point maintains a record of the mobile stations it is servicing. At the direction of the control element, one or more access points send ACK (acknowledgement) messages when hearing messages from a rogue device. When the rogue device sends a message, it expects an ACK message in response, but those additional ACK messages interfere with the responsive ACK message, causing the rogue device to never hear the responsive ACK message. The rogue device assumes its message was not received, so it retries sending of that message. When the rogue device retries sending of its message, the responsive ACK message is similarly interfered with, until the rogue device concludes that its connection has been lost.

Abstract: A spoofed management frame is sent to an unauthorized access point (AP) on behalf of a station from an authorized AP, using a media access control (MAC) address of the station. The spoofed frame triggers a security association (SA) query from an unauthorized AP to reestablish valid communications. An acknowledgment (ACK) frame sent from the client to the unauthorized AP responsive to the SA query request is detected by the AP. A probe response is sent to the client. The probe response includes a channel switching element. The channel switching prevents the client from completing the SA process before a time out.