System and method for monitoring and enforcing policy within a wireless network
First Claim
Patent Images
1. An apparatus adapted to a wireless network, comprising;
- a transceiver to receive a wireless frame propagating over a prescribed signal coverage area between wireless devices of the wireless network, one of the wireless devices being an Access Point; and
at least one component to process information extracted from the wireless frame and to enforce a policy followed by the wireless network even though the apparatus has no involvement in an exchange of data between the wireless devices of the wireless network, the at least one component includes a processor and a memory adapted to store a table including a plurality or entries, at least one entry of the plurality of entries including (1) a media access control (MAC) address associated with an address of the wireless frame, and (2) information to indicate whether the MAC address is a wireless MAC address or a wired MAC, the processor to classify the MAC address of the wireless frame as either the wireless MAC address or the wired MAC address based on a value of a fromDS bit and a toDS hit in a header of the wireless frame, the fromDS bit is set and the toDS bit is not set if the MAC address is a wireless MAC address.
6 Assignments
0 Petitions
Accused Products
Abstract
In general, one embodiment of the invention is a air monitor adapted to a wireless network. The air monitor enforces policies followed by the wireless network even though it is not involved in the exchange of data between wireless devices of the wireless network such as access points and wireless stations.
-
Citations
12 Claims
-
1. An apparatus adapted to a wireless network, comprising;
-
a transceiver to receive a wireless frame propagating over a prescribed signal coverage area between wireless devices of the wireless network, one of the wireless devices being an Access Point; and at least one component to process information extracted from the wireless frame and to enforce a policy followed by the wireless network even though the apparatus has no involvement in an exchange of data between the wireless devices of the wireless network, the at least one component includes a processor and a memory adapted to store a table including a plurality or entries, at least one entry of the plurality of entries including (1) a media access control (MAC) address associated with an address of the wireless frame, and (2) information to indicate whether the MAC address is a wireless MAC address or a wired MAC, the processor to classify the MAC address of the wireless frame as either the wireless MAC address or the wired MAC address based on a value of a fromDS bit and a toDS hit in a header of the wireless frame, the fromDS bit is set and the toDS bit is not set if the MAC address is a wireless MAC address. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
detecting an Access Point (AP) previously undetected within a signal coverage area; extracting information from a wireless frame transmitted from the AP, the extracted information includes a Basic Service Set Identifier (BSSID) of the AP, a Service Set Identity (SSID) to identify a network that the AP is communicating, and a channel number to indicate a particular channel that the wireless frame is detected; and transmitting a first message including the information to a Management Server to begin classification of the AP the first message includes an AP class parameter to indicate a current classification of the AP, the AP class parameter is set to a “
Rogue”
state upon initially detecting the AP. - View Dependent Claims (7, 8, 9)
-
-
10. A method comprising:
-
detecting an Access Point (AP) previously undetected within a signal coverage area; extracting information from a wireless frame transmitted from the AP; transmitting a first message including the information to a Management Server to begin classification of the AP; receiving a second message from the Management Server to classify the AP, the second message including at least the BSSID of the AP; transmitting a third message to the Management Server in response to the second message the third message including the BSSID of the AP, identifiers for each AP detected within the signal coverage area, a number of wired nodes coupled to each AP, and Media Access Control (MAC) addresses for each of the wired nodes; and classifying the MAC addresses into two groupings including a first grouping of wired MAC addresses for APs in a Valid state and a second grouping of wired MAC addresses for APs in a Rogue state. - View Dependent Claims (11, 12)
-
Specification