Abstract: Embodiments herein describe disconnecting, by an access node, a first device having a first media access control (MAC) address due to a network violation and receiving, by the access node, information about a second device having a second MAC address different from the first MAC address. In one embodiment, the information is generated by a certificate server based on a token generated by the second device. Further, when the access node determines, based on the information, that the second device is the first device, the access node denies a connection request from the second device.

Abstract: A network controller provides proactive notification of a wireless client device's address rotation to layer 2 (L2) and/or layer 3 (L3) devices. Traditional methods of device address discovery rely on broadcasting of address queries across a plurality of links until a path to a device having the queried address responds. As device address changes become more frequent in an effort to improve user privacy, traditional methods of address discovery impose a large burden on networks, reducing their performance and efficiency. By proactively propagating address changes to upstream devices, the need for broadcast oriented address discovery techniques is reduced, resulting in improved network performance.

Abstract: Techniques for wireless network management are provided. A set of characteristics data for a plurality of different wireless networks in a common physical space is collected, and it is determined, based on the set of characteristics data, that the plurality of wireless networks are experiencing spectrum contention. A set of radio frequency (RF) parameter modifications is generated based on the set of characteristics data, and one or more of the plurality of wireless networks are instructed to implement the set of RF parameter modifications. A second set of characteristics data is collected for the plurality of wireless networks.

Abstract: A network controller provides proactive notification of a wireless client device's address rotation to layer 2 (L2) and/or layer 3 (L3) devices. Traditional methods of device address discovery rely on broadcasting of address queries across a plurality of links until a path to a device having the queried address responds. As device address changes become more frequent in an effort to improve user privacy, traditional methods of address discovery impose a large burden on networks, reducing their performance and efficiency. By proactively propagating address changes to upstream devices, the need for broadcast oriented address discovery techniques is reduced, resulting in improved network performance.

Abstract: In one embodiment, a device receives discovery data generated by a plurality of networking devices in a network. The device determines, based on the discovery data, a hierarchy of layers of the network. The device receives a request by a client that is external to the network to access remotely a particular endpoint in the network. The device configures, and in response to the request, a proxy chain of remote access agents executed by a subset of networking devices from the plurality of networking devices to allow the client to access remotely the particular endpoint, each of those networking devices proxying traffic between different layers of the network.

Abstract: A method includes detecting, by a mobile device, a light sequence emitted from a light emitting diode associated with an access point and determining, by the mobile device, an identifier for the access point based on the light sequence. The method also includes reporting, by the mobile device, a geospatial location of the mobile device and the identifier for the access point to an automated frequency coordination (AFC) server to perform AFC for the access point.

Abstract: In one embodiment, a device determines a hierarchy of layers of a network comprising a plurality of networking devices. The device configures, in response to a request by a client to access remotely a particular endpoint in the network, a proxy chain of remote access agents executed by a plurality of networking devices in the network to allow the client to access remotely the particular endpoint. Each of those networking devices proxies traffic between different layers of the hierarchy. The device determines an access policy for the particular endpoint indicative of which commands may be sent to the particular endpoint by the client, based in part on where the particular endpoint is in the hierarchy. The device controls, based on the access policy, whether a command sent by the client is transmitted via the proxy chain to the particular endpoint.

Abstract: Techniques and apparatus for managing a message relaying system are described. One technique includes an access point (AP) detecting a first signal and a second signal from a computing device. A validation of the first signal is performed based on parameters of the first signal and the second signal. After the validation, information associated with the first signal is transmitted to a computing system. In another technique, the computing system may designate one of multiple APs reporting information regarding first signals as a primary reporting AP and designate the remaining APs as secondary reporting APs. The computing system may instruct the secondary reporting APs to refrain from reporting information regarding first signals to the computing system.

Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.

Abstract: Techniques for dynamically negotiating a service legal agreement (SLA) between a roaming device and a visited network (VN) in an identity federation. An identity profile provided to a user device by an identity provider (IDP) is accessed by the user device. The identity profile includes a first SLA criteria. An advertisement from the VN indicating one or more SLAs supported by the VN is received at the user device. The advertisement is received before the user device has associated with the VN. The IDP and the VN are part of a same identity federation. It is determined that the SLA supported by the VN satisfies the first SLA criteria. Upon that determination, an acceptance is transmitted by the user device to the VN, and the user device is associated with the VN.

Abstract: A method includes monitoring an upstream traffic demand at a first access point and based at least in part on the upstream traffic demand on the first access point, communicating a message that causes a mobile device to transmit upstream messages to the first access point and to receive downstream messages from a second access point. The first access point is physically closer to the mobile device than the second access point.

Abstract: A method comprises, at a wireless network controller of wireless access points through which wireless client devices that are wireless communicate with the controller: upon receiving, from a wireless client device, a dynamic host configuration protocol (DHCP) request having a media access control (MAC) address, determining whether the wireless client device rotated its MAC address from a previous MAC address to the MAC address; when the wireless client device rotated its MAC address, forwarding, to a DHCP service, the DHCP request with a notification of a MAC address rotation to cause the DHCP service to reassign a previously assigned Internet Protocol (IP) address to the wireless client device; and upon receiving, from the DHCP service, a DHCP offer asserting the previously assigned IP address, forwarding the DHCP offer to the wireless client device.

Abstract: Differentiated service in a federation-based access network is provided by receiving a set of credentials from a User Equipment (UE) for a wireless network offering a plurality of service levels. In response to determining that the set of credentials indicate a realm associated with a given service level, network access is provided to the UE according to the given service level. In response to determining that the given service level is not a highest service level in the wireless network, a list of one or more preferred realms is transmitted to the UE, where each realm of the list of one or more preferred realms is associated with one or more higher service levels than the given service level.

Abstract: Techniques for improved peer-to-peer grouping in multi-link operations are provided. An indication of radio frequency (RF) capabilities of a peer-to-peer device is transmitted, and the peer-to-peer device receives a group ID assigned by a wireless access point (AP) based on the RF capabilities, where the group ID is associated with a set of links that can be used for peer-to-peer communications between peer-to-peer devices in a first group of peer-to-peer devices. The peer-to-peer device can request that the AP schedule a transmission opportunity for a first peer-to-peer communication using the group ID. In response to receiving a trigger frame comprising the group ID, the first peer-to-peer device performs the first peer-to-peer communication using the transmission opportunity.

Abstract: Embodiments herein describe assigning RUs to P2P stations to perform P2P communication. An AP can assign trigger frames to assign RUs to STAs to use when transmitting data to the AP. In one embodiment, the AP polls the P2P STAs associated with it to receive interference data. This data can indicate the affect other peer STAs have on the P2P STAs when transmitting data. Using the interference data, the AP can determine whether another P2P pair or a non-P2P station can be assigned RUs to transmit at the same time, and at what data rates.

Abstract: Techniques for improved peer-to-peer communication are provided. A wireless access point (AP) may initiate peer-to-peer communication between multilink peer-to-peer devices by sending a trigger frame addressed to the peer-to-peer devices to hand over a transmission opportunity (TXOP). The trigger frame is sent based on the AP's knowledge of the availability of the peer-to-peer devices for peer-to-peer communication. The trigger frame indicates a link to be used for the peer-to-peer communication. In response to receiving the trigger frame one or more of the peer-to-peer devices acknowledge the trigger frame, tune to the assigned link, and use the remaining portion of the TXOP for peer-to-peer communication.

Abstract: Techniques for improved peer-to-peer communication are provided. A set connectivity metrics among a set of wireless devices on a plurality of wireless channels in a wireless network is collected, and a wireless channel of the plurality of wireless channels is identified, based on the set of connectivity metrics, to use for peer-to-peer communication. A request is received, from a peer-to-peer device, for peer-to-peer communications, and the wireless channel is indicated to the peer-to-peer device, where the peer-to-peer device uses the first wireless channel for peer-to-peer communications in response to the indication.

Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

Abstract: Techniques for improved peer-to-peer communication are provided. A roaming peer-to-peer device may identify a new access point (AP) and initiate a transition to the new AP. Initiating transition can involve sending, to the new AP, the current peer-to-peer communication schedule for approval and/or negotiating a modified peer-to-peer communication schedule with the new AP. When the roaming peer-to-peer device and the new AP agree on the peer-to-peer communication schedule, the peer-to-peer device may notify its counterpart that it has roamed to the new AP and also notify the counterpart of any updates to the peer-to-peer communication schedule.

Abstract: Techniques for delegated peer-to-peer scheduling are provided. A first peer-to-peer device determines one or more wireless channels allocated for peer-to-peer communication, and receives a request indicating a set of transmission characteristics from a second peer-to-peer device that uses the first peer-to-peer device as a communications proxy. The first peer-to-peer device schedules wireless resources of the one or more wireless channels to a plurality of peer-to-peer devices based at least in part on the set of transmission characteristics, and performs peer-to-peer communications with the second peer-to-peer device in accordance with the scheduled wireless resources.