Public access point
First Claim
Patent Images
1. A security apparatus for a wireless LAN, comprising:
- a plurality of end stations; and
a Public Access Point (PAP) for providing a plurality of virtual Basic Service Sets (BSS) from within a single physical access point (AP);
wherein any number of said end stations can belong to a virtual BSS;
wherein said PAP appears to said end stations as multiple physical access points, one AP for each virtual BSS.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention instantiates a Personal VLAN bridge, using IEEE Std. 802.11 elements. The result is a bridge, referred to as a public access point, that is better suited for implementing public wireless data networks than the IEEE Std. 802.11 architecture. The invention also provides a location-update protocol for updating the forwarding tables of bridges that connect public access points together. The invention further provides a method for more controlled bridging, which is referred to as fine bridging.
-
Citations
49 Claims
-
1. A security apparatus for a wireless LAN, comprising:
-
a plurality of end stations; and
a Public Access Point (PAP) for providing a plurality of virtual Basic Service Sets (BSS) from within a single physical access point (AP);
wherein any number of said end stations can belong to a virtual BSS;
wherein said PAP appears to said end stations as multiple physical access points, one AP for each virtual BSS. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A security apparatus for a wireless LAN, comprising:
-
a plurality of 802.11 end stations;
a Public Access Point (PAP), said PAP comprising a personal virtual bridged LAN (PVLAN) instantiated into a virtual 802.11 Basic Service Set (BSS) from within a single physical access point (AP).
-
-
7. A secure wireless network, comprising:
-
a virtual 802.11 Basic Service Set (BSS);
a plurality of stations, each of said stations having a hardware (MAC) address;
all said stations in said virtual BSS sharinga group security association; and
one of said stations in said virtual BSS comprising a public access point (PAP). - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 48, 49)
-
-
43. A location-update method for updating forwarding tables of bridges, or other interconnection media, that connect Public Access Points (PAPs) together, where multiple PAPs are attached to different bridges in a spanning tree of a bridged LAN and an end station associates with one of said PAPs and then reassociates with a new PAP, comprising the steps of:
-
said new PAP sending a directed Bridge Protocol Data Unit (BPDU) to said PAP with which said station was previously associated;
wherein destination address of said BPDU is current access point (AP) address of a Reassociation Request frame, which is a Class-3 virtual BSS identifier (BSSID); and
wherein source address is a hardware address of said station;
upon receiving a relocation MPDU at a particular port, a bridge updating its forwarding table with an entry that binds a receiving port to a source address of said MPDU; and
said receiving bridge forwarding a relocation MPDU to its designated root port, unless said MPDU arrived on that port or said receiving bridge is a root of said spanning tree;
wherein if said MPDU is received at said designated root port of said bridge or by a root bridge then it is forwarded according to a learned forwarding table of said bridge, which optionally comprises flooding said MPDU to all ports except said receiving port. - View Dependent Claims (45, 46, 47)
-
-
44. A fine bridging method for a wireless network, comprising the steps of:
-
decoupling identification of a broadcast or multicast domain with a Basic Service Set (BSS); and
determining bridging behavior of an access point (AP) by a policy expressed as a directed graph;
wherein for a given policy, a broadcast domain for a node is itself and all nodes it must access;
wherein said broadcast domain set of said policy is a set of broadcast domains for its nodes; and
wherein nodes of said graph are stations and there is an edge from a first station to a second station if and only if said first station must be able to communicate with, or access said second station, such that said second station must be able to receive directed or group frames from said first station.
-
Specification