Virtual LAN override in a multiple BSSID mode of operation

US 20070081477A1
Filed: 10/11/2005
Published: 04/12/2007
Est. Priority Date: 10/11/2005
Status: Active Grant

First Claim

Patent Images

1. In a wireless access point operative to support a plurality of Basic Service Set Identifiers (BSSIDs), each of the BSSIDs mapping by default to a corresponding Service Set Identifier (SSID), and to bridge wireless frames onto a network implementing a plurality of virtual networks, wherein each BSSID maps to a corresponding virtual network, a method comprising:

establishing a wireless connection, corresponding to a first BSSID, with a wireless client;

accessing a cache of network access information, wherein the network access information for a given wireless client identifies a corresponding BSSID;

using, if the wireless client is identified in the cache, the corresponding BSSID as the first BSSID;

otherwise using a default BSSID as the first BSSID;

receiving, from a remote node connected to the network, network access information for the wireless client, wherein the network access information comprises information identifying a virtual network;

storing the received network access information in the cache; and

if the virtual network identified in the network access information does not map to the first BSSID, terminating the wireless connection with the wireless client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses and systems directed to the integration of VLANs and wireless access points operating in a Multiple BSSID mode of operation. According to one implementation of the present invention, a wireless access point dynamically maps an SSID provided by a mobile station to a BSSID based on a VLAN assignment corresponding to the mobile station. In one implementation, the wireless access point learns the correct VLAN/BSSID for a given mobile station, while proxying an authentication session between the mobile station and an authentication server.

136 Citations

24 Claims

1. In a wireless access point operative to support a plurality of Basic Service Set Identifiers (BSSIDs), each of the BSSIDs mapping by default to a corresponding Service Set Identifier (SSID), and to bridge wireless frames onto a network implementing a plurality of virtual networks, wherein each BSSID maps to a corresponding virtual network, a method comprising:
- establishing a wireless connection, corresponding to a first BSSID, with a wireless client;
  
  accessing a cache of network access information, wherein the network access information for a given wireless client identifies a corresponding BSSID;
  
  using, if the wireless client is identified in the cache, the corresponding BSSID as the first BSSID;
  
  otherwise using a default BSSID as the first BSSID;
  
  receiving, from a remote node connected to the network, network access information for the wireless client, wherein the network access information comprises information identifying a virtual network;
  
  storing the received network access information in the cache; and
  
  if the virtual network identified in the network access information does not map to the first BSSID, terminating the wireless connection with the wireless client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising transmitting, to the wireless client, the first. BSSID in response to a request.
  - 3. The method of claim 1 further comprising proxying an authentication session between the wireless client and the remote node, wherein the remote node transmits the network access information upon a successful authentication.
  - 4. The method of claim 1 wherein the remote node is an authentication server.
  - 5. The method of claim 1 wherein the SSID is manually provided.
  - 6. The method of claim 1 wherein the SSID is discovered in beacon frames transmitted by the wireless client.
  - 7. The method of claim 1 further comprising transmitting a de-authentication frame to the wireless client if the first BSSID does not map to the identified virtual network.
  - 8. The method of claim 1 further comprising generating one or more session keys with the wireless client, if the first BSSID maps to the identified virtual network.

9. In a wireless access point operative to support a plurality of Basic Service Set Identifiers (BSSIDs), each of the BSSIDs mapping by default to a corresponding Service Set Identifier (SSID), and to bridge wireless frames onto a network implementing a plurality of virtual networks, wherein each BSSID maps to a corresponding virtual network, a method comprising receiving, from a wireless client, a probe request identifying a first SSID;
- accessing a cache of network access information to dynamically map the SSID to either a default BSSID or a BSSID stored in the cache in association with the wireless client;
  
  providing the mapped BSSID to the wireless client;
  
  proxying an authentication session between the wireless client and an authentication server, wherein the authentication server is operative to identify a virtual network corresponding to the wireless client, wherein the identified virtual network maps to a first BSSID;
  
  comparing the first BSSID to the mapped BSSID;
  
  storing, in the cache, the first BSSID in association with the wireless client; and
  
  terminating a connection with the wireless client, if the first BSSID does not match the mapped BSSID.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9 wherein the wireless access point learns the correct VLAN/BSSID for a given wireless client, while proxying an authentication session between the wireless client and the remote node.
  - 11. The method of claim 10 wherein the remote node is an authentication server.
  - 12. The method of claim 9 wherein the SSID is manually provided.
  - 13. The method of claim 9 wherein the SSID is discovered in beacon frames transmitted by the wireless access point.
  - 14. The method of claim 9 further comprising transmitting a de-authentication frame to the wireless client if the first BSSID does not map to the identified virtual network.
  - 15. The method of claim 10 further comprising generating one or more session keys with the wireless client, if the BSSID maps to the identified virtual network.

16. An apparatus operative to support a plurality of Basic Service Set Identifiers (BSSIDs), each of the BSSIDs mapping by default to a corresponding Service Set Identifier (SSID), and to bridge wireless frames onto a network implementing a plurality of virtual networks, wherein each BSSID maps to a corresponding virtual network, the apparatus comprising:
- one or more processors;
  
  a memory;
  
  an authentication application, physically stored in the memory, comprising instructions operable to cause the one or more processors and the apparatus to establish a wireless connection, corresponding to a first BSSID, with a wireless client;
  
  access a cache of network access information, wherein the network access information for a given wireless client identifies a corresponding BSSID;
  
  use the corresponding BSSID as the first BSSID, if the wireless client is identified in the cache, otherwise use a default BSSID as the first BSSID;
  
  receive, from a remote node connected to the network, network access information for the wireless client, wherein the network access information comprises information identifying a virtual network;
  
  store the received network access information in the cache; and
  
  if the virtual network identified in the network access information does not map to the first BSSID, terminate the wireless connection with the wireless client.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The apparatus of claim 16 wherein the authentication application further comprises instructions operable to cause the one or more processors and the apparatus to transmit, to the wireless client, the first BSSID in response to a request.
  - 18. The apparatus of claim 16 wherein the authentication application further comprises instructions operable to cause the one or more processors and the apparatus to proxy an authentication session between the wireless client and the remote node, wherein the remote node transmits the network access information upon a successful authentication.
  - 19. The apparatus of claim 16 wherein the remote node is an authentication server.
  - 20. The apparatus of claim 16 wherein the SSID is manually provided.
  - 21. The apparatus of claim 16 wherein the SSID is discovered in beacon frames transmitted by the wireless client.
  - 22. The apparatus of claim 16 wherein the authentication application further comprises instructions operable to cause the one or more processors and the apparatus to transmit a de-authentication frame to the wireless client if the first BSSID does not map to the identified virtual network.
  - 23. The apparatus of claim 16 wherein the authentication application further comprises instructions operable to cause the one or more processors and the apparatus to generate one or more session keys with the wireless client, if the first BSSID maps to the identified virtual network.

24. An apparatus operative to support a plurality of Basic Service Set Identifiers (BSSIDs), each of the BSSIDs mapping by default to a corresponding Service Set Identifier (SSID), and to bridge wireless frames onto a network implementing a plurality of virtual networks, wherein each BSSID maps to a corresponding virtual network, the apparatus comprising:
- means for establishing a wireless connection, corresponding to a first BSSID, with a wireless client;
  
  means for accessing a cache of network access information, wherein the network access information for a given wireless client identifies a corresponding BSSID;
  
  means for using, if the wireless client is identified in the cache, the corresponding BSSID as the first BSSID, otherwise, said means using a default BSSID as the first BSSID;
  
  means for receiving, from a remote node connected to the network, network access information for the wireless client, wherein the network access information comprises information identifying a virtual network;
  
  means for storing the received network access information in the cache; and
  
  if the virtual network identified in the network access information does not map to the first BSSID, means for terminating the wireless connection with the wireless client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Cheeyandira, Bhagvan, Jakkahalli, Padmanabha

Granted Patent

US 7,339,915 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/310
CPC Class Codes

H04L 12/4645   Details on frame tagging ro...

H04L 63/0884   by delegation of authentica...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/73   Access point logical identity

H04W 48/16   Discovering, processing acc...

H04W 84/12   WLAN [Wireless Local Area N...

Virtual LAN override in a multiple BSSID mode of operation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

136 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual LAN override in a multiple BSSID mode of operation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links