MANAGING ROGUE DEVICES THROUGH A NETWORK BACKHAUL

US 20140283073A1
Filed: 03/17/2014
Published: 09/18/2014
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting a rogue device in a network;

sending a rogue device message that includes an identification of the rogue device to a plurality of switches in a backhaul of the network;

adding the identification of the rogue device into a rogue monitor table;

determining whether the rogue device is In-Net or Out-Of-Net using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table;

if it is determined that the rogue device is In-Net, performing mitigation of the rogue device using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Managing rogue devices in a network through a network backhaul. A rogue device is detected in a network and a rogue device message that includes the rogue device is sent to a plurality of switches in a backhaul of the network. The rogue device is added into a rogue monitor table. Whether the rogue device is In-Net or Out-Of-Net is determined using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table. Mitigation is performed using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network if it is determined that the rogue device is In-Net.

Citations

21 Claims

1. A method comprising:
- detecting a rogue device in a network;
  
  sending a rogue device message that includes an identification of the rogue device to a plurality of switches in a backhaul of the network;
  
  adding the identification of the rogue device into a rogue monitor table;
  
  determining whether the rogue device is In-Net or Out-Of-Net using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table;
  
  if it is determined that the rogue device is In-Net, performing mitigation of the rogue device using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein determining whether the rogue device is In-Net or Out-Of-Net using forwarding tables of switches in a backhaul of the network and the rogue monitor table further comprises:
    - removing entries in the forwarding tables that include a MAC address of the rogue device;
      
      determining that a new learned MAC address in the forwarding tables is the MAC address of the rogue device;
      
      determine that the rogue device is In-Net.
  - 3. The method of claim 1, wherein the rogue device is a rogue client device, the method further comprising:
    - determining a rogue access point associated with the rogue device using a rogue AP table;
      
      performing mitigation of the rogue AP using the nearest switch to the rogue device.
  - 4. The method of claim 1, wherein determining whether the rogue device is In-Net or Out-Of-Net using forwarding tables of switches in a backhaul of the network and the rogue monitor table further comprises:
    - removing entries in the forwarding tables that include a MAC address of the rogue device;
      
      determining that an aged MAC address in the forwarding tables is the MAC address of the rogue device;
      
      determining a rogue access point associated with the rogue device using a rogue AP table;
      
      determining if a MAC address of a device associated with the rogue access point is included as an entry in the forwarding tables using a rogue learning table;
      
      if it is determined that the MAC addresses of the device related to the rogue access point is included as the entry in the forwarding tables, determining that the rogue device is In-Net.
  - 5. The method of claim 4, wherein the rogue access point associated with the rogue device is the rogue device.
  - 6. The method of claim 4, wherein the rogue device is a rogue client device and the rogue access point associated with the rogue device is the rogue access point that the rogue device is coupled to.
  - 7. The method of claim 1, wherein performing mitigation on the rogue device further comprises:
    - determining an action mode for mitigation of the rogue device;
      
      sending an unauthorized list mitigation message, used in performing mitigation of the client device, to the nearest switch, if the determined action mode for mitigation of the rogue device is adding the rogue device to an unauthorized list.
  - 8. The method of claim 1, wherein performing mitigation on the rogue device further comprises:
    - determining an action mode for mitigation of the rogue device;
      
      determining whether the rogue device is a rogue client device;
      
      determining if there are multiple nearest switches to the rogue device;
      
      sending a block port mitigation message, used in performing mitigation of the rogue device, to the nearest switch, if it is determined that the determined action mode for mitigation of the rogue device is blocking all traffic on a port through which the rogue device is coupled to the nearest switch, the rogue device is the rogue client device, and there is only a single nearest switch to the rogue device.
  - 9. The method of claim 1, further comprising:
    - generating, at an originator switch, a probe message with an initial hop number;
      
      sending the probe message with the initial hop number to at least one next switch;
      
      receiving probe responses that include an increased hop number;
      
      determining that a switch that sent a probe response with the largest increased hop number is the nearest switch to the rogue device.
  - 10. The method of claim 1, further comprising:
    - generating, at an originator switch, a probe message with an initial hop number;
      
      sending the probe message with the initial hop number to at least one next switch;
      
      determining that the originator switch is the nearest switch to the rogue device if a probe response that includes an increased hop number is not received from the at least one next switch.

11. A system comprising:
- a detector access point configured to detect a rogue device in a network;
  
  a rogue device message engine configured to send a rogue device message that includes an identification of the rogue device to a plurality of switches in a backhaul of the network;
  
  a rogue monitor table management engine configured to add the identification of the rogue device into a rogue monitor table;
  
  a rogue device status determination engine configured to determine whether the rogue device is In-Net or Out-Of-Net using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table;
  
  a network backhaul rogue device management system configured to perform mitigation of the rogue device using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network, if it is determined that the rogue device is In-Net.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, further comprising:
    - a forwarding table management engine configured to;
      
      remove entries in the forwarding tables that include a MAC address of the rogue device;
      
      determine that a new learned MAC address in the forwarding tables is the MAC address of the rogue device;
      
      the rogue device status determination engine determining that the rogue device is In-Net if the forwarding table management engine determines that the new learned MAC address in the forwarding tables is the MAC address of the rogue device
  - 13. The system of claim 11, wherein the rogue device is a rogue client device, the network backhaul rogue device management system further configured to:
    - determine a rogue access point associated with the rogue device using a rogue AP table;
      
      perform mitigation of the rogue AP using the nearest switch to the rogue device.
  - 14. The system of claim 11, further comprising:
    - a forwarding table management engine configured to;
      
      remove entries in the forwarding tables that include a MAC address of the rogue device;
      
      determine that an aged MAC address in the forwarding tables is the MAC address of the rogue device;
      
      the network backhaul rogue device management system configured to;
      
      determine a rogue access point associated with the rogue device using a rogue AP table;
      
      determine if a MAC address of a device associated with the rogue access point is included as an entry in the forwarding tables using a rogue learning table;
      
      the rogue device status determination engine, further configured to determine that the rogue device is In-Net, if it is determined that the MAC addresses of the device related to the rogue access point is included as the entry in the forwarding tables.
  - 15. The system of claim 14, wherein the rogue access point associated with the rogue device is the rogue device.
  - 16. The system of claim 14, wherein the rogue device is a rogue client device and the rogue access point associated with the rogue device is the rogue access point that the rogue device is coupled to.
  - 17. The system of claim 11, further comprising:
    - an action mode determination engine configured to determine an action mode for mitigation of the rogue device;
      
      a mitigation message generation engine configured to send an unauthorized list mitigation message, used in performing mitigation of the client device, to the nearest switch, if the determined action mode for mitigation of the rogue device is adding the rogue device to an unauthorized list.
  - 18. The system of claim 11, further comprising:
    - an action mode determination engine configured to determine an action mode for mitigation of the rogue device;
      
      a rogue device type determination engine configured to determine whether the rogue device is a rogue client device;
      
      a nearest switch monitoring engine configured to determine if there are multiple nearest switches to the rogue device;
      
      a mitigation message generation engine configured to send a block port mitigation message, used in performing mitigation of the rogue device, to the nearest switch, if it is determined that the determined action mode for mitigation of the rogue device is blocking all traffic on a port through which the rogue device is coupled to the nearest switch, the rogue device is the rogue client device, and there is only a single nearest switch to the rogue device.
  - 19. The system of claim 11, further comprising an originator switch probe management system configured to:
    - generate, at an originator switch, a probe message with an initial hop number;
      
      send the probe message with the initial hop number to at least one next switch;
      
      receive probe responses that include an increased hop number;
      
      determine that a switch that sent a probe response with the largest increased hop number is the nearest switch to the rogue device.
  - 20. The system of claim 11, further comprising, an originator switch probe management system configured to:
    - generate, at an originator switch, a probe message with an initial hop number;
      
      send the probe message with the initial hop number to at least one next switch;
      
      determine that the originator switch is the nearest switch to the rogue device if a probe response that includes an increased hop number is not received from the at least one next switch.

21. A system comprising:
- means for detecting a rogue device in a network;
  
  means for sending a rogue device message that includes an identification of the rogue device to a plurality of switches in a backhaul of the network;
  
  means for adding the identity of the rogue device into a rogue monitor table;
  
  means for determining whether the rogue device is In-Net or Out-Of-Net using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table;
  
  means for performing mitigation of the rogue device using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network, if it is determined that the rogue device is In-Net.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Aerohive Networks Incorporated (Extreme Networks, Inc.)
Inventors
Li, Mingliang, Fan, Peng, Zeng, Jianlin

Granted Patent

US 9,413,772 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04W 12/122   Counter-measures against at...

MANAGING ROGUE DEVICES THROUGH A NETWORK BACKHAUL

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

MANAGING ROGUE DEVICES THROUGH A NETWORK BACKHAUL

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links