ENTERPRISE NETWORK ARCHITECTURE FOR IMPLEMENTING A VIRTUAL PRIVATE NETWORK FOR WIRELESS USERS BY MAPPING WIRELESS LANs TO IP TUNNELS
First Claim
1. An enterprise network, comprising:
- a central site comprising;
a first termination device in communication with a restricted network segment including at least one server; and
a network;
a remote site, communicatively coupled to the central site over the network, the remote site comprising;
an infrastructure device comprising;
a second termination device which communicates with the first termination device over the network;
an authorized access wireless local area network (WLAN) designed to allow communications with the central site via the second termination device over a Generic Routing Encapsultation (GRE) tunnel coupling the first termination device to the second termination device; and
an unauthorized access WLAN designed to allow communications with the network via the second termination device, and when the second termination device receives an IEEE 802.11 data packet from a wireless communication device, wherein the second termination device is designed to;
determine whether the IEEE 802.11 data packet is from a wireless communication device associated with the authorized access WLAN, and when the IEEE 802.11 data packet is from a wireless communication device associated with the authorized access WLAN, wherein the second termination device is further designed to;
remove a Layer 2 header from the IEEE 802.11 data packet;
encapsulate the Layer 3 data packet with a GRE header to generate a GRE-over-IP packet; and
transmit the GRE-over-IP packet over the open network via the GRE tunnel to the first termination device.
11 Assignments
0 Petitions
Accused Products
Abstract
An enterprise network is provided which includes a central site, a network and a remote site communicatively coupled to the central site over the network. The central site includes a first termination device in communication with a restricted network segment including at least one server. The remote site includes an infrastructure device, an authorized access wireless local area network (WLAN), and an unauthorized access WLAN. The infrastructure device comprises a second termination device which communicates with the first termination device over the network. The authorized access WLAN allow communications with the central site via the second termination device over a tunnel coupling the first termination device to the second termination device, whereas the unauthorized access WLAN allows communications with the network via the second termination device.
-
Citations
33 Claims
-
1. An enterprise network, comprising:
-
a central site comprising;
a first termination device in communication with a restricted network segment including at least one server; anda network; a remote site, communicatively coupled to the central site over the network, the remote site comprising; an infrastructure device comprising;
a second termination device which communicates with the first termination device over the network;an authorized access wireless local area network (WLAN) designed to allow communications with the central site via the second termination device over a Generic Routing Encapsultation (GRE) tunnel coupling the first termination device to the second termination device; and an unauthorized access WLAN designed to allow communications with the network via the second termination device, and when the second termination device receives an IEEE 802.11 data packet from a wireless communication device, wherein the second termination device is designed to;
determine whether the IEEE 802.11 data packet is from a wireless communication device associated with the authorized access WLAN, and when the IEEE 802.11 data packet is from a wireless communication device associated with the authorized access WLAN, wherein the second termination device is further designed to;
remove a Layer 2 header from the IEEE 802.11 data packet;
encapsulate the Layer 3 data packet with a GRE header to generate a GRE-over-IP packet; and
transmit the GRE-over-IP packet over the open network via the GRE tunnel to the first termination device. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 11, 12)
-
-
5. (canceled)
-
10. (canceled)
-
13. A method for communicating an IEEE 802.11 data packet from a wireless communication device to an entity in a restricted network segment of a central site, comprising:
-
storing, at the termination device, a wireless communication device database (WCDD) comprising;
a list of wireless communication devices associated with the termination device indexed by respective MAC addresses of each wireless communication device, respective addresses of each wireless communication device, a WLAN which each wireless communication device is associated with, a mapping table of WLANs-to-VLANs, and a mapping table of WLANs-to-tunnels;receiving, at a termination device, an IEEE 802.11 data packet from a wireless communication device via an access point; and determining, at the termination device based on the IEEE 802.11 data packet, whether the wireless communication device is associated with one of;
an authorized access WLAN and an unauthorized access WLAN. - View Dependent Claims (15, 16, 17, 18)
-
-
14. (canceled)
-
19. A method for communicating a Layer 3 data packet from an entity in a restricted network segment of a central site to an authorized wireless communication device, the method comprising:
-
receiving, at a termination device, the Layer 3 data packet from an entity in the restricted network segment; removing, at the termination device, a layer 2 (L2) header from the Layer 3 data packet; encapsulating, at the termination device, the Layer 3 data packet with a GRE header and an outer IP header to generate a GRE-over-IP packet; and transmitting, from the termination device, the GRE-over-IP packet over the open network via a GRE tunnel to another termination device. - View Dependent Claims (20, 21, 22, 23)
-
-
24. An enterprise network, comprising:
-
a central site comprising;
a first termination device in communication with a restricted network segment including at least one server; anda network; a remote site, communicatively coupled to the central site over the network, the remote site comprising; an infrastructure device comprising;
a second termination device which communicates with the first termination device over the network;an authorized access wireless local area network (WLAN) designed to allow communications with the central site via the second termination device over a Generic Routing Encapsultation (GRE) tunnel coupling the first termination device to the second termination device; and an unauthorized access WLAN designed to allow communications with the network via the second termination device, and, when the first termination device receives a Layer 3 data packet from a server in the restricted network segment, wherein the first termination device is designed to;
remove a layer 2 header from the Layer 3 data packet;
encapsulate the Layer 3 data packet with a GRE header to generate a GRE-over-IP packet; and
transmit the GRE-over-IP packet via the GRE tunnel to the second termination device. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification