Abstract: An AP sets up a data tunnel to a remote network and monitors a remote DHCP session between a client device and a remote DHCP server in the remote network. The remote DHCP server assigns a remote IP address to the client device, and communication between the client device and the remote network is based on the remote IP address. In response to determining completion of the remote DHCP session, the AP initializes a local DHCP session with a local DHCP server in a local network to obtain a local IP address for the client device. Communication between the client device and the local network is based on the local IP address. In response to detecting the client device roaming from the AP to a target AP, the AP forwards the remote and local IP addresses and session data of active sessions on the client device to the target AP.

Abstract: An AP sets up a data tunnel to a remote network and monitors a remote DHCP session between a client device and a remote DHCP server in the remote network. The remote DHCP server assigns a remote IP address to the client device, and communication between the client device and the remote network is based on the remote IP address. In response to determining completion of the remote DHCP session, the AP initializes a local DHCP session with a local DHCP server in a local network to obtain a local IP address for the client device. Communication between the client device and the local network is based on the local IP address. In response to detecting the client device roaming from the AP to a target AP, the AP forwards the remote and local IP addresses and session data of active sessions on the client device to the target AP.

Abstract: Systems and techniques are described that are directed to intelligent scheduling of Wi-Fi services for applications, including enhanced dynamic prioritization. A device, such as an access point (AP), can receive data packets from multiple connected devices to dynamically identify an application flow for each data packet, and dynamically identify a user associated with the application flow for each data packet. The AP can generate prioritized candidate lists for selected data packets in queues corresponding to an access category (AC). In response to determining that the identified user associated with the application flow corresponds with a critical user, the AP can select data packets for the prioritized candidate lists based at least in part on priority policies for each of a plurality of applications and based at least in part on dynamic prioritization of applications for each of a plurality of applications; and schedule data packets from the prioritized candidate lists.

Abstract: Systems and methods for providing enhanced Quality of Service (QoS) network transmissions can be based on an application sub-class or a user class. Systems and methods can include inspecting the information packet having a network level QoS field having a first network level QoS portion and a second network level QoS portion, determining an application sub-class or user class associated with the information packet, tagging the first network level QoS portion of the information packet according to a first network level QoS value, tagging the second network level QoS portion of the information packet according to a traffic priority indication and to a determined application sub-class or user class, and queuing the information packet for transmission from a network element based on the tagged first network level QoS portion and the second network level QoS portion.

Abstract: Systems and methods are provided for authentication chaining and firewall optimization in a micro branch deployment comprising a plurality of chained access points (APs) and a gateway AP. A topology of the micro branch deployment may be determined through enhanced hierarchical beaconing. Based on the determined topology, an authentication chain is developed through which a client device associated to an AP of the plurality of chained APs may be authenticated and granted access to the AP. Upon authentication of the client device, firewall optimization is performed to implement access control rules only at the AP to which the client device is associated.

Abstract: Some examples relate to controlling network traffic pertaining to a domain name based on a Domain Name System-Internet Protocol address (DNS-IP) mapping, An example includes receiving, in a cloud computing system, a local DNS-IP mapping for a domain name from respective Access Points (APs) in a virtual local area network (VLAN) along with geographical information of respective APs; generating a global DNS-IP mapping database comprising the local DNS-IP mapping for the domain name received from respective APs in the VLAN along with geographical information of respective APs, in the cloud computing system; and determining appropriate APs to distribute the global DNS-IP mapping, based on location information of respective APs.

Abstract: Some examples relate to controlling network traffic pertaining to a domain name based on a Domain Name System-Internet Protocol address (DNS-IP) mapping, An example includes receiving, in a cloud computing system, a local DNS-IP mapping for a domain name from respective Access Points (APs) in a virtual local area network (VLAN) along with geographical information of respective APs; generating a global DNS-IP mapping database comprising the local DNS-IP mapping for the domain name received from respective APs in the VLAN along with geographical information of respective APs, in the cloud computing system; and determining appropriate APs to distribute the global DNS-IP mapping, based on location information of respective APs.

Abstract: Systems and methods are provided for authentication chaining and firewall optimization in a micro branch deployment comprising a plurality of chained access points (APs) and a gateway AP. A topology of the micro branch deployment may be determined through enhanced hierarchical beaconing. Based on the determined topology, an authentication chain is developed through which a client device associated to an AP of the plurality of chained APs may be authenticated and granted access to the AP. Upon authentication of the client device, firewall optimization is performed to implement access control rules only at the AP to which the client device is associated.

Abstract: Systems and methods for providing enhanced Quality of Service (QoS) network transmissions can be based on an application sub-class or a user class. Systems and methods can include inspecting the information packet having a network level QoS field having a first network level QoS portion and a second network level QoS portion, determining an application sub-class or user class associated with the information packet, tagging the first network level QoS portion of the information packet according to a first network level QoS value, tagging the second network level QoS portion of the information packet according to a traffic priority indication and to a determined application sub-class or user class, and queuing the information packet for transmission from a network element based on the tagged first network level QoS portion and the second network level QoS portion.

Abstract: Systems and methods for providing enhanced Quality of Service (QoS) network transmissions can be based on an application sub-class or a user class. Systems and methods can include inspecting the information packet having a network level QoS field having a first network level QoS portion and a second network level QoS portion, determining an application sub-class or user class associated with the information packet, tagging the first network level QoS portion of the information packet according to a first network level QoS value, tagging the second network level QoS portion of the information packet according to a traffic priority indication and to a determined application sub-class or user class, and queuing the information packet for transmission from a network element based on the tagged first network level QoS portion and the second network level QoS portion.

Abstract: Examples of authentication and firewall enforcement for Internet of Things (IoT) devices are described. In an example, a request to authenticate an IoT device coupled to a network device is sent to an authentication server. The request includes a Media Access Control (MAC) address of the IoT device. A response indicative of successful authentication of the IoT device based on the MAC address is received from the authentication server. The response includes a first attribute indicative of a network address of a remote server to connect with the IoT device. A firewall role for the IoT device is generated based on a combination of an Internet Protocol (IP) address of the IoT device and the first attribute. The IoT device is associated with the firewall role.