Wireless network having multiple security interfaces
First Claim
Patent Images
1. A method, performed by one or more devices of a network device, the method comprising:
- mapping, by the one or more devices, wireless network identifiers to security zones;
receiving, by the one or more devices, a request from a client device to access a wireless network using a particular one of the wireless network identifiers;
authenticating, by the one or more devices, the client device;
establishing, by the one or more devices and upon successful authentication of the client device, a wireless network session with the client device;
receiving, by the one or more devices and during the established network session, network traffic from the client device, the network traffic including a destination address;
identifying, by the one or more devices, a destination zone using the destination address;
identifying, by the one or more devices, a particular one of the security zones associated with the client device based on the particular wireless network identifier;
performing, by the one or more devices, security processing on the network traffic based on the identified destination zone and the particular security zone; and
selectively forwarding, based on a result of the security processing, the network traffic to the identified destination zone.
1 Assignment
0 Petitions
Accused Products
Abstract
A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.
-
Citations
9 Claims
-
1. A method, performed by one or more devices of a network device, the method comprising:
-
mapping, by the one or more devices, wireless network identifiers to security zones; receiving, by the one or more devices, a request from a client device to access a wireless network using a particular one of the wireless network identifiers; authenticating, by the one or more devices, the client device; establishing, by the one or more devices and upon successful authentication of the client device, a wireless network session with the client device; receiving, by the one or more devices and during the established network session, network traffic from the client device, the network traffic including a destination address; identifying, by the one or more devices, a destination zone using the destination address; identifying, by the one or more devices, a particular one of the security zones associated with the client device based on the particular wireless network identifier; performing, by the one or more devices, security processing on the network traffic based on the identified destination zone and the particular security zone; and selectively forwarding, based on a result of the security processing, the network traffic to the identified destination zone. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
a network device comprising; means for providing discrete wireless network interfaces, each discrete wireless network interface having an identifier associated therewith, where each identifier is associated with a discrete Internet Protocol (IP) address range, means for mapping the discrete IP address ranges to security zones, means for authenticating client devices; means for establishing, via the discrete wireless network interfaces and upon successfully authenticating the client devices, wireless network sessions with the client devices based on the discrete wireless network identifiers, means for receiving, during one of the established wireless network sessions, network traffic from one of the client devices bound for a network resource, means for identifying a source security zone for the network traffic based on an IP address of the one of the client devices and the discrete IP address range with which the IP address of the one of the client devices is associated, means for identifying a destination IP address associated with the network resource, where the destination IP address is associated with a destination security zone, means for performing security processing on the network traffic based on the identified source security zone and the destination security zone, and means for determining, based on a result of the security processing, whether to forward the network traffic to the destination zone. - View Dependent Claims (8)
-
9. An apparatus, comprising:
-
a memory to store instructions, and processing logic to execute the instructions to; provide discrete wireless network interfaces, each discrete wireless network interface having an identifier associated therewith, map the identifiers to a number of security zones, receive, from a client device, a request to access a discrete wireless network interface using the identifier associated with the discrete wireless network interface, perform authentication of the client device, establish, upon successful authentication of the client device, a wireless network session with the client device based on the identifier associated with the discrete wireless network interface via which the wireless network session is established, receive, during the established wireless network session, network traffic from the client device that is destined for a network resource, the network traffic including a source address associated with the client device and a destination address associated with the network resource, identify a source zone, from a number of the security zones, with which the network traffic is associated using the source address, identify a destination zone with which the network traffic is associated using the destination address, perform security processing on the network traffic based on the identified source zone and the identified destination zone, and selectively forward, based on a result of the security processing, the network traffic to the identified destination zone.
-
Specification