Abstract: In one embodiment, a network monitoring service trains, using a training dataset from one or more wireless networks, a machine learning model to output an optimized set of media access control (MAC) mode parameters for a wireless access point given an input set of network characteristics. The service receives a plurality of network characteristics associated with a particular wireless access point in a particular wireless network. The service determines, using the received network characteristics as input to the machine learning-based model, a set of MAC mode parameters for the particular wireless access point. The service controls the particular wireless access point to communicate with one or more clients in the particular wireless network based on the determined set of MAC mode parameters.

Abstract: A wireless network environment includes a plurality of access points, a wireless local area network (WLAN) controller, and a plurality of client devices. The client devices attempt to authenticate with the WLAN controller to gain access to wireless services provided by the WLAN controller and/or the access points. To authenticate with the WLAN controller, the WLAN controller obtains a request to establish a wireless network connection from one or more of the client devices. The WLAN controller then provides a response to the request. The response indicates whether the WLAN controller supports performing password-mapped simultaneous authentication of equals (SAE). The WLAN controller then obtains a message including a password-mapped identifier from the client device. The WLAN controller then establishes a connection with the client device based on the password obtained with password-mapped identifier mapping at WLC.

Abstract: In one embodiment, a network monitoring service trains, using a training dataset from one or more wireless networks, a machine learning model to output an optimized set of media access control (MAC) mode parameters for a wireless access point given an input set of network characteristics. The service receives a plurality of network characteristics associated with a particular wireless access point in a particular wireless network. The service determines, using the received network characteristics as input to the machine learning-based model, a set of MAC mode parameters for the particular wireless access point. The service controls the particular wireless access point to communicate with one or more clients in the particular wireless network based on the determined set of MAC mode parameters.

Abstract: Stateful roaming techniques are provided for use in a wireless network. In one embodiment, a method is provided that includes: obtaining flow information descriptive of one or more traffic flows associated with a wireless client device that is associated to a current access point in a wireless network; storing state data representing the flow information for flows associated with the wireless client device together with a traffic descriptor for each flow; determining that the wireless client device is seeking to roam from the current access point to a new access point; and sending the state data for the wireless client device to the new access point to enable the new access point to apply a policy based on the state data before the wireless client device completes its roam to the new access point.

Abstract: Stateful roaming techniques are provided for use in a wireless network. In one embodiment, a method is provided that includes: obtaining flow information descriptive of one or more traffic flows associated with a wireless client device that is associated to a current access point in a wireless network; storing state data representing the flow information for flows associated with the wireless client device together with a traffic descriptor for each flow; determining that the wireless client device is seeking to roam from the current access point to a new access point; and sending the state data for the wireless client device to the new access point to enable the new access point to apply a policy based on the state data before the wireless client device completes its roam to the new access point.

Abstract: Fast roaming across a network fabric may be provided. A route device may receive location information corresponding to a client device in response to roaming by the client device from a first access point connected to a first network device to a second access point connected to a second network device. The first network device and the second network device may comprise fabric edge nodes on the fabric network. The first network device and the second network device may be ones of a plurality of network devices in the fabric network. On detecting the roaming of the client device, the route device may be updated with the new location, and then the route device may send, to the plurality of network devices in the fabric network, the location information corresponding to the client device.

Abstract: Dynamic application QoS profile provisioning may be provided. First, an access point may send a profile to a client device. The profile may comprise a plurality of application identifiers and a plurality policies corresponding to the plurality of application identifiers. Each of the plurality of application identifiers may respectively correspond to a plurality of applications. Next, the client device may receive the profile. Then the client device may select, from the received profile, a first policy from the plurality policies in the profile. The first policy may correspond to a first application identifier in the plurality of application identifiers. The first application identifier may correspond to a first application within the plurality of applications. The first application may be on the client device. The first application on the client device may then create a network flow from the client device to the access point based on the selected first policy.

Abstract: Multi-operator networking techniques are provided for allowing two or more operators to share a wireless local area network (WLAN). In particular, mobile access gateway functionality is integrated in a wireless network controller of a WLAN that is accessible to first and second operators. Operator-specific tunnels are created through the network for each of the first and second operators that link a core network of each of the first and second operators with an associated client device. Packets are then forwarded between the core networks of the first and second operators and their associated client devices via the operator-specific tunnels.

Abstract: Multi-operator networking techniques are provided for allowing two or more operators to share a wireless local area network (WLAN). In particular, mobile access gateway functionality is integrated in a wireless network controller of a WLAN that is accessible to first and second operators. Operator-specific tunnels are created through the network for each of the first and second operators that link a core network of each of the first and second operators with an associated client device. Packets are then forwarded between the core networks of the first and second operators and their associated client devices via the operator-specific tunnels.

Abstract: Methods, apparatuses and systems facilitating location or containment of rogue or unauthorized access points on wireless computer network environments. Embodiments of the present invention support one to a plurality of rogue containment methodologies. A first rogue containment type involves identification of the physical connection of the rogue access point to the wired network infrastructure and, thus, allows for disabling of that physical connection to contain the rogue access point. Other rogue containment methods involve wireless techniques for containing the effect of rogue access points. In some embodiments, the present invention provides methods, apparatuses and systems facilitating network location of rogue access points to determine whether one or more rogue containment methodologies should be applied. As discussed below, the rogue location and containment functionality described herein can be applied to a wide variety of wireless network system architectures.

Abstract: Methods, apparatuses and systems facilitating location or containment of rogue or unauthorized access points on wireless computer network environments. Embodiments of the present invention support one to a plurality of rogue containment methodologies. A first rogue containment type involves identification of the physical connection of the rogue access point to the wired network infrastructure and, thus, allows for disabling of that physical connection to contain the rogue access point. Other rogue containment methods involve wireless techniques for containing the effect of rogue access points. In some embodiments, the present invention provides methods, apparatuses and systems facilitating network location of rogue access points to determine whether one or more rogue containment methodologies should be applied. As discussed below, the rogue location and containment functionality described herein can be applied to a wide variety of wireless network system architectures.