Managing rogue devices through a network backhaul

US 10,027,703 B2
Filed: 06/07/2016
Issued: 07/17/2018
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a network backhaul rogue device management system in a network backhaul from an originator switch, a rogue learned media access control (MAC) message including new learned device data, the new learned device data including a MAC address of a rogue device newly learned in a forwarding table of at least one switch by determining whether a learned MAC address in the forwarding table matches the MAC address of the rogue device in a rogue monitor table maintained at the originator switch;

determining, by the network backhaul rogue device management system, whether an entry in a rogue learning table maintained in the network backhaul rogue device management system matches the new learned device data;

when it is determined that the new learned device data is absent from the rogue learning table;

adding, by the network backhaul rogue device management system, the new learned device data into a new entry in the rogue learning table;

determining, by the network backhaul rogue device management system, an identification of a rogue access point (AP) associated with the new learned device data;

causing, by the network backhaul rogue device management system, a switch coupled to the rogue AP to perform mitigation of the rogue AP to prevent transfer of data to and from the rogue device,wherein performing the mitigation includes;

sending a block port mitigation message to a nearest switch to the rogue device;

learning neighboring devices corresponding to ports of the nearest switch;

determining whether a neighboring device of the neighboring devices corresponding to a port of the ports of the nearest switch is the rogue device;

when it is determined that the neighboring device corresponding to the port is the rogue device;

determining whether the port is supplying power;

when it is determined that the port is supplying power, blocking traffic on the port.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Managing rogue devices in a network through a network backhaul. A rogue device is detected in a network and a rogue device message that includes the rogue device is sent to a plurality of switches in a backhaul of the network. The rogue device is added into a rogue monitor table. Whether the rogue device is In-Net or Out-Of-Net is determined using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table. Mitigation is performed using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network if it is determined that the rogue device is In-Net.

Citations

23 Claims

1. A method comprising:
- receiving, by a network backhaul rogue device management system in a network backhaul from an originator switch, a rogue learned media access control (MAC) message including new learned device data, the new learned device data including a MAC address of a rogue device newly learned in a forwarding table of at least one switch by determining whether a learned MAC address in the forwarding table matches the MAC address of the rogue device in a rogue monitor table maintained at the originator switch;
  
  determining, by the network backhaul rogue device management system, whether an entry in a rogue learning table maintained in the network backhaul rogue device management system matches the new learned device data;
  
  when it is determined that the new learned device data is absent from the rogue learning table;
  
  adding, by the network backhaul rogue device management system, the new learned device data into a new entry in the rogue learning table;
  
  determining, by the network backhaul rogue device management system, an identification of a rogue access point (AP) associated with the new learned device data;
  
  causing, by the network backhaul rogue device management system, a switch coupled to the rogue AP to perform mitigation of the rogue AP to prevent transfer of data to and from the rogue device,wherein performing the mitigation includes;
  
  sending a block port mitigation message to a nearest switch to the rogue device;
  
  learning neighboring devices corresponding to ports of the nearest switch;
  
  determining whether a neighboring device of the neighboring devices corresponding to a port of the ports of the nearest switch is the rogue device;
  
  when it is determined that the neighboring device corresponding to the port is the rogue device;
  
  determining whether the port is supplying power;
  
  when it is determined that the port is supplying power, blocking traffic on the port.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the rogue device is the rogue AP and the identification of the rogue AP is determined directly from the new learned device data using the MAC address of the rogue device.
  - 3. The method of claim 1, wherein the rogue device is a rogue client coupled to the rogue AP and the identification of the rogue AP is determined by looking up a MAC address of the rogue client in a rogue AP table.
  - 4. The method of claim 1, wherein the new learned device data includes a virtual local area network identification (VLAN ID) of the rogue device.
  - 5. The method of claim 1, wherein the new learned device data includes a virtual local area network identification (VLAN ID) of the rogue device, the VLAN ID of the rogue device associated with the nearest switch to the rogue device, the nearest switch discovered through a probe procedure including:
    - generating, at the originator switch, a probe message with an initial hop number;
      
      sending the probe message with the initial hop number to at least one next switch;
      
      receiving probe responses that include an increased hop number;
      
      determining that a switch that sent a probe response with a largest increased hop number is the nearest switch to the rogue device.
  - 6. The method of claim 1, wherein the new learned device data includes a virtual local area network identification (VLAN ID) of the rogue device, the VLAN ID of the rogue device associated with the nearest switch to the rogue device, the nearest switch discovered through a probe procedure including:
    - generating, at the originator switch, a probe message with an initial hop number;
      
      sending the probe message with the initial hop number to at least one next switch;
      
      determining that the originator switch is the nearest switch to the rogue device when a probe response that includes an increased hop number is not received from the at least one next switch.
  - 7. The method of claim 1, whereinwhether the neighboring device of the neighboring devices corresponding to the port of the ports of the nearest switch is the rogue device is determined using a MAC address of the neighboring device.
  - 8. The method of claim 1, further comprising adding the rogue device to an unauthorized list, the unauthorized list used by a switch in the network to refrain from forwarding traffic to or receiving traffic from the rogue device.

9. A system in a network backhaul comprising:
- a rogue device message engine configured to receive, from an originator switch, a rogue learned media access control (MAC) message including new learned device data, the new learned device data including a MAC address of a rogue device newly learned in a forwarding table of at least one switch by determining, by a forwarding table management engine at the originator switch, whether a learned MAC address in the forwarding table matches the MAC address of the rogue device in a rogue monitor table maintained at the originator switch;
  
  a rogue learning table management engine configured to;
  
  determine whether an entry in a rogue learning table maintained in the network backhaul matches the new learned device data;
  
  add the new learned device data into a new entry in the rogue learning table, when it is determined that the new learned device data is absent from the rogue learning table;
  
  the system is further configured to;
  
  determine an identification of a rogue access point (AP) associated with the new learned device data;
  
  cause a switch coupled to the rogue AP to perform mitigation of the rogue AP to prevent transfer of data to and from the rogue device;
  
  wherein the rogue device message engine is further configured to;
  
  send a block port mitigation message to a nearest switch to the rogue device;
  
  cause the nearest switch to;
  
  learn neighboring devices corresponding to ports of the nearest switch;
  
  determine whether a neighboring device of the neighboring devices corresponding to a port of the ports of the nearest switch is the rogue device;
  
  determine whether the port is supplying power when it is determined that the neighboring device corresponding to the port is the rogue device;
  
  block traffic on the port, when it is determined that the port is supplying power.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the rogue device is the rogue AP and the system is further configured to determine the identification of the rogue AP directly from the new learned device data using the MAC address of the rogue device.
  - 11. The system of claim 9, wherein the rogue device is a rogue client coupled to the rogue AP and the system is further configured to determine the identification of the rogue AP by looking up a MAC address of the rogue client in a rogue AP table.
  - 12. The system of claim 9, wherein the new learned device data includes a virtual local area network identification (VLAN ID) of the rogue device.
  - 13. The system of claim 9, wherein the new learned device data includes a virtual local area network identification (VLAN ID) of the rogue device, the VLAN ID of the rogue device associated with the nearest switch to the rogue device, the nearest switch discovered by an original switch probe management system configured to:
    - generate, at the originator switch, a probe message with an initial hop number;
      
      send the probe message with the initial hop number to at least one next switch;
      
      receive probe responses that include an increased hop number;
      
      determine that a switch that sent a probe response with a largest increased hop number is the nearest switch to the rogue device.
  - 14. The system of claim 9, wherein the new learned device data includes a virtual local area network identification (VLAN ID) of the rogue device, the VLAN ID of the rogue device associated with the nearest switch to the rogue device, the nearest switch discovered by an original switch probe management system configured to:
    - generate, at the originator switch, a probe message with an initial hop number;
      
      send the probe message with the initial hop number to at least one next switch;
      
      determine that the originator switch is the nearest switch to the rogue device when a probe response that includes an increased hop number is not received from the at least one next switch.
  - 15. The system of claim 9, wherein the system is further configured to cause the switch coupled to the rogue AP to add the rogue device to an unauthorized list, the unauthorized list used by the switch coupled to the rogue AP to refrain from forwarding traffic to or receiving traffic from the rogue device.

16. A system in a network backhaul comprising:
- means for receiving, in a network backhaul from an originator switch, a rogue learned media access control (MAC) message including new learned device data, the new learned device data including a MAC address of a rogue device newly learned in a forwarding table of at least one switch by determining whether a learned MAC address in the forwarding table matches the MAC address of the rogue device in a rogue monitor table maintained at the originator switch;
  
  means for determining whether an entry in a rogue learning table maintained in the network backhaul matches the new learned device data;
  
  means for adding the new learned device data into a new entry in the rogue learning table, when it is determined that the new learned device data is absent from the rogue learning table;
  
  means for determining an identification of a rogue access point (AP) associated with the new learned device data, when it is determined that the new learned device data is absent from the rogue learning table;
  
  means for causing a switch coupled to the rogue AP to perform mitigation of the rogue AP to prevent transfer of data to and from the rogue device, when it is determined that the new learned device data is absent from the rogue learning table;
  
  wherein performing the mitigation includes;
  
  sending a block port mitigation message to a nearest switch to the rogue device;
  
  learning neighboring devices corresponding to ports of the nearest switch;
  
  determining whether a neighboring device of the neighboring devices corresponding to a port of the ports of the nearest switch is the rogue device;
  
  when it is determined that the neighboring device corresponding to the port is the rogue device;
  
  determining whether the port is supplying power;
  
  when it is determined that the port is supplying power, blocking traffic on the port.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The system of claim 16, wherein the rogue device is the rogue AP and the identification of the rogue AP is determined directly from the new learned device data using the MAC address of the rogue device.
  - 18. The system of claim 16, wherein the rogue device is a rogue client coupled to the rogue AP and the identification of the rogue AP is determined by looking up a MAC address of the rogue client in a rogue AP table.
  - 19. The system of claim 16, wherein the new learned device data includes a virtual local area network identification (VLAN ID) of the rogue device.
  - 20. The system of claim 16, wherein the new learned device data includes a virtual local area network identification (VLAN ID) of the rogue device, the VLAN ID of the rogue device associated with the nearest switch to the rogue device, the nearest switch discovered through a probe procedure including:
    - means for generating, at the originator switch, a probe message with an initial hop number;
      
      means for sending the probe message with the initial hop number to at least one next switch;
      
      means for receiving probe responses that include an increased hop number;
      
      means for determining that a switch that sent a probe response with a largest increased hop number is the nearest switch to the rogue device.
  - 21. The system of claim 16, wherein the new learned device data includes a virtual local area network identification (VLAN ID) of the rogue device, the VLAN ID of the rogue device associated with the nearest switch to the rogue device, the nearest switch discovered through a probe procedure including:
    - means for generating, at the originator switch, a probe message with an initial hop number;
      
      means for sending the probe message with the initial hop number to at least one next switch;
      
      means for determining that the originator switch is the nearest switch to the rogue device when a probe response that includes an increased hop number is not received from the at least one next switch.
  - 22. The system of claim 16, wherein whether the neighboring device of the neighboring devices corresponding to the port of the ports of the nearest switch is the rogue device is determined using a MAC address of the neighboring device.
  - 23. The system of claim 16, further comprising means for adding the rogue device to an unauthorized list, the unauthorized list used by a switch in the network to refrain from forwarding traffic to or receiving traffic from the rogue device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Aerohive Networks Incorporated (Extreme Networks, Inc.)
Inventors
Zeng, Jianlin, Li, Mingliang, Fan, Peng
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Le, Thanh T

Application Number

US15/176,112
Publication Number

US 20160294864A1
Time in Patent Office

770 Days
Field of Search

726 2
US Class Current
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04W 12/122   Counter-measures against at...

Managing rogue devices through a network backhaul

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Managing rogue devices through a network backhaul

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links