MANAGING ROGUE DEVICES THROUGH A NETWORK BACKHAUL

US 20160294864A1
Filed: 06/07/2016
Published: 10/06/2016
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, in a network backhaul from an originator switch, a rogue learned MAC message including new learned device data, the new learned device data including a MAC address of a rogue device newly learned in a forwarding table of at least one switch by determining if a learned MAC address in the forwarding table matches the MAC address of the rogue device is in a rogue monitor table maintained at the originator switch;

determining if an entry of a rogue learning table maintained in the network backhaul matches the new learned device data;

if it is determined that the new learned device data is absent from the rogue learning table;

adding the new learned device data into a new entry in the rogue learning table;

determining an identification of a rogue AP associated with the new learned device data;

performing mitigation of the rogue AP to prevent the transfer of data to and from the rogue device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Managing rogue devices in a network through a network backhaul. A rogue device is detected in a network and a rogue device message that includes the rogue device is sent to a plurality of switches in a backhaul of the network. The rogue device is added into a rogue monitor table. Whether the rogue device is In-Net or Out-Of-Net is determined using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table. Mitigation is performed using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network if it is determined that the rogue device is In-Net.

Citations

20 Claims

1. A method comprising:
- receiving, in a network backhaul from an originator switch, a rogue learned MAC message including new learned device data, the new learned device data including a MAC address of a rogue device newly learned in a forwarding table of at least one switch by determining if a learned MAC address in the forwarding table matches the MAC address of the rogue device is in a rogue monitor table maintained at the originator switch;
  
  determining if an entry of a rogue learning table maintained in the network backhaul matches the new learned device data;
  
  if it is determined that the new learned device data is absent from the rogue learning table;
  
  adding the new learned device data into a new entry in the rogue learning table;
  
  determining an identification of a rogue AP associated with the new learned device data;
  
  performing mitigation of the rogue AP to prevent the transfer of data to and from the rogue device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the rogue device is the rogue AP and the identification of the rogue AP is determined directly from the new learned device data using the MAC address of the rogue device.
  - 3. The method of claim 1, wherein the rogue device is a rogue client coupled to the rogue AP and the identification of the rogue AP is determined by looking up the MAC address of the rogue client in a rogue AP table.
  - 4. The method of claim 1, wherein performing mitigation on the rogue AP includes blocking traffic on one or a plurality of switch ports coupled to the rogue AP.
  - 5. The method of claim 1, wherein the new learned device data includes a VLAN ID of the rogue device.
  - 6. The method of claim 1, wherein the new learned device data includes a VLAN ID of the rogue device, the VLAN ID associated with a nearest switch to the rogue device, the nearest switch discovered through a probe procedure including:
    - generating, at the originator switch, a probe message with an initial hop number;
      
      sending the probe message with the initial hop number to at least one next switch;
      
      receiving probe responses that include an increased hop number;
      
      determining that a switch that sent a probe response with a largest increased hop number is the nearest switch to the rogue device.
  - 7. The method of claim 1, wherein the new learned device data includes a VLAN ID of the rogue device, the VLAN ID associated with a nearest switch to the rogue device, the nearest switch discovered through a probe procedure including:
    - generating, at the originator switch, a probe message with an initial hop number;
      
      sending the probe message with the initial hop number to at least one next switch;
      
      determining that the originator switch is the nearest switch to the rogue device when a probe response that includes an increased hop number is not received from the at least one next switch.
  - 8. The method of claim 1, further comprising:
    - sending a block port mitigation to a nearest switch to the rogue device;
      
      learn neighboring devices corresponding to ports of the nearest switch;
      
      determining if a neighboring device of the neighboring devices corresponding to a port of the ports of the nearest switch is the rogue device;
      
      if it is determined that the neighboring device of the port is the rogue device;
      
      determining if the port is supplying power, if it is determined that the port is supplying power, blocking traffic on the port.
  - 9. The method of claim 1, further comprising:
    - sending a block port mitigation to a nearest switch to the rogue device;
      
      learning neighboring devices corresponding to ports of the nearest switch;
      
      determining if a neighboring device of the neighboring devices corresponding to a port of the ports of the nearest switch is the rogue device using a MAC address of the neighboring device;
      
      if it is determined that the neighboring device of the port is the rogue device;
      
      determining if the port is supplying power, if it is determined that the port is supplying power, blocking traffic on the port.
  - 10. The method of claim 1, further comprising adding the rogue device to an unauthorized list, the unauthorized list used by switching in the backhaul of the network to refrain from forwarding traffic to or receiving traffic from the rogue device.

11. A system comprising:
- a network backhaul rogue device management system configured to receive, from an originator switch, a rogue learned MAC message including new learned device data, the new learned device data including a MAC address of a rogue device newly learned in a forwarding table of at least one switch by determining, by a forwarding tables management engine at the originator switch, if a learned MAC address in the forwarding table matches the MAC address of the rogue device is in a rogue monitor table maintained at the originator switch;
  
  a rogue learning table management engine configured to;
  
  determine if an entry a rogue learning table maintained in the network backhaul matches the new learned device data;
  
  add the new learned device data into a new entry in the rogue learning table, if it is determined that the new learned device data is absent from the rogue learning table;
  
  the network backhaul rogue device management system is further configured to;
  
  determine an identification of a rogue AP associated with the new learned device data;
  
  perform mitigation of the rogue AP to prevent the transfer of data to and from the rogue device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the rogue device is the rogue AP and the rogue device status determination engine is further configured to determine the identification of the rogue AP is determined directly from the new learned device data using the MAC address of the rogue device.
  - 13. The system of claim 11, wherein the rogue device is a rogue client coupled to the rogue AP and the network backhaul rogue device management system is further configured to determine the identification of the rogue AP by looking up the MAC address of the rogue client in a rogue AP table.
  - 14. The system of claim 11, wherein performing mitigation on the rogue AP includes blocking traffic on one or a plurality of switch ports coupled to the rogue AP.
  - 15. The system of claim 11, wherein the new learned device data includes a VLAN ID of the rogue device.
  - 16. The system of claim 11, wherein the new learned device data includes a VLAN ID of the rogue device, the VLAN ID associated with a nearest switch to the rogue device, the nearest switch discovered by an original switch probe management system configured to:
    - generate, at the originator switch, a probe message with an initial hop number;
      
      send the probe message with the initial hop number to at least one next switch;
      
      receive probe responses that include an increased hop number;
      
      determine that a switch that sent a probe response with a largest increased hop number is the nearest switch to the rogue device.
  - 17. The system of claim 11, wherein the new learned device data includes a VLAN ID of the rogue device, the VLAN ID associated with a nearest switch to the rogue device, the nearest switch discovered by an original switch probe management system configured to:
    - generate, at the originator switch, a probe message with an initial hop number;
      
      send the probe message with the initial hop number to at least one next switch;
      
      determine that the originator switch is the nearest switch to the rogue device when a probe response that includes an increased hop number is not received from the at least one next switch.
  - 18. The system of claim 11, wherein the network backhaul rogue device management system is further configured to:
    - send a block port mitigation to a nearest switch to the rogue device;
      
      learn neighboring devices corresponding to ports of the nearest switch;
      
      determine if a neighboring device of the neighboring devices corresponding to a port of the ports of the nearest switch is the rogue device;
      
      determine if the port is supplying power if it is determined that the neighboring device of the port is the rogue device;
      
      block traffic on the port, if it is determined that the port is supplying power.
  - 19. The system of claim 11, wherein the network backhaul rogue device management system is further configured to add the rogue device to an unauthorized list, the unauthorized list used by switching in the backhaul of the network to refrain from forwarding traffic to or receiving traffic from the rogue device.

20. A system comprising:
- means for receiving, in a network backhaul from an originator switch, a rogue learned MAC message including new learned device data, the new learned device data including a MAC address of a rogue device newly learned in a forwarding table of at least one switch by determining if a learned MAC address in the forwarding table matches the MAC address of the rogue device is in a rogue monitor table maintained at the originator switch;
  
  means for determining if an entry a rogue learning table maintained in the network backhaul matches the new learned device data;
  
  means for adding the new learned device data into a new entry in the rogue learning table, if it is determined that the new learned device data is absent from the rogue learning table;
  
  means for determining an identification of a rogue AP associated with the new learned device data, if it is determined that the new learned device data is absent from the rogue learning table;
  
  means for performing mitigation of the rogue AP to prevent the transfer of data to and from the rogue device, if it is determined that the new learned device data is absent from the rogue learning table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Aerohive Networks Incorporated (Extreme Networks, Inc.)
Inventors
Zeng, Jianlin, Li, Mingliang, Fan, Peng

Granted Patent

US 10,027,703 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04W 12/122   Counter-measures against at...

MANAGING ROGUE DEVICES THROUGH A NETWORK BACKHAUL

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MANAGING ROGUE DEVICES THROUGH A NETWORK BACKHAUL

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links