Abstract: A wireless network environment includes a plurality of access points, a wireless local area network (WLAN) controller, and a plurality of client devices. The client devices attempt to authenticate with the WLAN controller to gain access to wireless services provided by the WLAN controller and/or the access points. To authenticate with the WLAN controller, the WLAN controller obtains a request to establish a wireless network connection from one or more of the client devices. The WLAN controller then provides a response to the request. The response indicates whether the WLAN controller supports performing password-mapped simultaneous authentication of equals (SAE). The WLAN controller then obtains a message including a password-mapped identifier from the client device. The WLAN controller then establishes a connection with the client device based on the password obtained with password-mapped identifier mapping at WLC.

Abstract: A default pre-shared key is provided from a first device to a second device. The first device is configured to control network access to a network. A first authentication request is obtained at the first device from a third device. The first authentication request includes data indicative of the second device. A first response to the first authentication request is provided from the first device to the third device. The first response includes the default pre-shared key. A second authentication request containing a private pre-shared key and the data indicative of the second device is obtained at the first device from the third device. Stored data at the first device is updated in response to the second authentication request with the private pre-shared key and the data indicative of the second device to provision the first device to provide network access to the network to the second device.

Abstract: In one example, a Network Policy Function (NPF) obtains a first identifier for a User Equipment (UE) based on communications between the UE and a first access network of a system, and an Internet Protocol (IP) address used by the UE to communicate over the first access network. The NPF obtains a second identifier for the UE based on communications between the UE and a second access network of the system. The NPF determines that the UE used the IP address to communicate over the first access network of the system based on a correlation between the first identifier for the UE and the second identifier for the UE. The NPF provides the IP address to the UE, and the UE uses the IP address to communicate over the second access network.

Abstract: A Radio Access Network (RAN) element provides an internet indication to a User Equipment (UE) to enable the UE to quickly obtain internet access. The RAN element determines that the RAN element is connected to at least one gateway that provides public internet access, and broadcasts an internet indication. The RAN element determines that the UE has requested public internet access via the RAN element and provides the UE with public internet access.

Abstract: Methods are provided for extending sponsored Wi-Fi guest access capability to other enterprise tools and/or access technologies such as private access networks including private LTE and 5G networks. The methods include a controller detecting a user equipment (UE) that is connected to a guest access service provided by a wireless local access network (WLAN) and generating a profile for the guest access service. The methods further include the controller providing, to the UE, the profile to cause the UE to connect to the guest access service provided by another access network.

Abstract: In one embodiment, a client device having a plurality of radios obtains a list of basic service set identifiers (BSSIDs) for a plurality of wireless access points of a wireless network. The client device associates each of the plurality of radios of the client device with a different wireless access point of the wireless network, based on the obtained list of BSSIDs. The client device receives a copy of a data packet from a particular one of the associated wireless access points. Each of the associated wireless access points receives a replicated copy of the data packet to be transmitted towards the client device. The device causes the associated wireless access points to cease further transmission of their copies of the data packet by acknowledging receipt of the data packet to the particular wireless access point.

Abstract: In one example, a server obtains, from a device having an embedded Subscriber Identification Module (eSIM), a unique identifier of the eSIM. The server validates the device based on the unique identifier of the eSIM. The server provides, to the device, a unique credential for a profile of the eSIM. The profile of the eSIM corresponds to a network of an enterprise. The server provides, to a credential database, the unique credential for the profile of the eSIM. The credential database including the unique credential for the profile of the eSIM indicates that the device is permitted to access the network of the enterprise.

Abstract: Techniques are described to provide open access in a neutral host environment. In one example, a method includes obtaining, by a mobility management node of a neutral host network, a network connectivity request from a user equipment, wherein the network connectivity request comprises an indication of a preferred service provider to which the user equipment is to be connected; determining, by the mobility management node, that the preferred service provider provides non-subscription-based network connectivity for the neutral host network; based on determining that the preferred service provider provides non-subscription-based network connectivity for the neutral host network, establishing secure communications for the user equipment, wherein the secure communications are established for the user equipment without authenticating an identity of user equipment; and providing network connectivity between the user equipment and the preferred service provider upon establishing the secure communications.

Abstract: An Evolved Node B (eNB) provides an internet indication to a User Equipment (UE) to enable the UE to quickly obtain internet access. The eNB determines that the eNB is connected to at least one gateway that provides public internet access, and broadcasts an internet indication in a predetermined System Information Block (SIB). The eNB receives an attach request from the UE including an attach type of internet enabled and a Packet Data Network (PDN) type of internet enabled. The eNB forwards the attach request to a Mobility Management Entity (MME).

Abstract: An Evolved Node B (eNB) provides an internet indication to a User Equipment (UE) to enable the UE to quickly obtain internet access. The eNB determines that the eNB is connected to at least one gateway that provides public internet access, and broadcasts an internet indication in a predetermined System Information Block (SIB). The eNB receives an attach request from the UE including an attach type of internet enabled and a Packet Data Network (PDN) type of internet enabled. The eNB forwards the attach request to a Mobility Management Entity (MME).

Abstract: A default pre-shared key is provided from a first device to a second device. The first device is configured to control network access to a network. A first authentication request is obtained at the first device from a third device. The first authentication request includes data indicative of the second device. A first response to the first authentication request is provided from the first device to the third device. The first response includes the default pre-shared key. A second authentication request containing a private pre-shared key and the data indicative of the second device is obtained at the first device from the third device. Stored data at the first device is updated in response to the second authentication request with the private pre-shared key and the data indicative of the second device to provision the first device to provide network access to the network to the second device.

Abstract: Techniques are described to provide open access in a neutral host environment. In one example, a method includes obtaining, by a mobility management node of a neutral host network, a network connectivity request from a user equipment, wherein the network connectivity request comprises an indication of a preferred service provider to which the user equipment is to be connected; determining, by the mobility management node, that the preferred service provider provides non-subscription-based network connectivity for the neutral host network; based on determining that the preferred service provider provides non-subscription-based network connectivity for the neutral host network, establishing secure communications for the user equipment, wherein the secure communications are established for the user equipment without authenticating an identity of user equipment; and providing network connectivity between the user equipment and the preferred service provider upon establishing the secure communications.

Abstract: A default pre-shared key is provided from a first device to a second device. The first device is configured to control network access to a network. A first authentication request is obtained at the first device from a third device. The first authentication request includes data indicative of the second device. A first response to the first authentication request is provided from the first device to the third device. The first response includes the default pre-shared key. A second authentication request containing a private pre-shared key and the data indicative of the second device is obtained at the first device from the third device. Stored data at the first device is updated in response to the second authentication request with the private pre-shared key and the data indicative of the second device to provision the first device to provide network access to the network to the second device.

Abstract: A default pre-shared key is provided from a first device to a second device. The first device is configured to control network access to a network. A first authentication request is obtained at the first device from a third device. The first authentication request includes data indicative of the second device. A first response to the first authentication request is provided from the first device to the third device. The first response includes the default pre-shared key. A second authentication request containing a private pre-shared key and the data indicative of the second device is obtained at the first device from the third device. Stored data at the first device is updated in response to the second authentication request with the private pre-shared key and the data indicative of the second device to provision the first device to provide network access to the network to the second device.

Abstract: A network management center includes a Dynamic Host Configuration Protocol (DHCP) server. The network management center obtains from an identity server, client information indicating authentication of a client device in a wireless network that is connected to a network fabric. The network management center obtains from an edge node in the network fabric an Internet Protocol (IP) address request for the client device. The IP address request including a fabric domain identifier associated with the edge node. The network management center allocates an IP address for the client device based on the client information obtained from the identity server and the fabric domain identifier contained in the IP address request obtained from the edge node. The network management center provides to the edge node an Identifier Locator Addressing (ILA) address based on the IP address.

Abstract: In one example, a server obtains, from a device having an embedded Subscriber Identification Module (eSIM), a unique identifier of the eSIM. The server validates the device based on the unique identifier of the eSIM. The server provides, to the device, a unique credential for a profile of the eSIM. The profile of the eSIM corresponds to a network of an enterprise. The server provides, to a credential database, the unique credential for the profile of the eSIM. The credential database including the unique credential for the profile of the eSIM indicates that the device is permitted to access the network of the enterprise.

Abstract: Techniques to adaptively support/enable a wireless network feature for certain wireless client devices without hampering the performance or connectivity of wireless client devices which do not support that wireless network feature. An access point or wireless network controller adaptively enables a wireless network feature without advertising support for the wireless network feature in a wireless network-standard compliant manner to allow one or more wireless clients that support the wireless network feature to use the wireless network feature when associated to the access point while enabling association of one or more wireless clients that do not support the wireless network feature.

Abstract: Various implementations disclosed herein provide a method for authenticating users to an enterprise network using closed subscriber groups. The method includes determining whether the client device is associated with a subscriber group that corresponds to the enterprise network. The method further includes granting the client device access to the enterprise network in response to determining that the client device is associated with the subscriber group that corresponds to the enterprise network.

Abstract: Dynamic application QoS profile provisioning may be provided. First, an access point may send a profile to a client device. The profile may comprise a plurality of application identifiers and a plurality policies corresponding to the plurality of application identifiers. Each of the plurality of application identifiers may respectively correspond to a plurality of applications. Next, the client device may receive the profile. Then the client device may select, from the received profile, a first policy from the plurality policies in the profile. The first policy may correspond to a first application identifier in the plurality of application identifiers. The first application identifier may correspond to a first application within the plurality of applications. The first application may be on the client device. The first application on the client device may then create a network flow from the client device to the access point based on the selected first policy.

Abstract: Techniques to adaptively support/enable a wireless network feature for certain wireless client devices without hampering the performance or connectivity of wireless client devices which do not support that wireless network feature. An access point or wireless network controller adaptively enables a wireless network feature without advertising support for the wireless network feature in a wireless network-standard compliant manner to allow one or more wireless clients that support the wireless network feature to use the wireless network feature when associated to the access point while enabling association of one or more wireless clients that do not support the wireless network feature.