Pre-authentication across an 802.11 layer-3 IP network

US 7,869,438 B2
Filed: 08/31/2006
Issued: 01/11/2011
Est. Priority Date: 08/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method of enhancing roaming of mobile client devices in a wireless network having a plurality of wireless access devices, the method comprising:

receiving a pre-authentication frame at a first wireless access device of a first Layer 2 subnetwork, the pre-authentication frame originating from a mobile client device that is currently in association with the first wireless access device, the pre-authentication frame including a Layer 2 network address of a second wireless access device of a second Layer 2 subnetwork that is different than the first Layer 2 subnetwork, and the pre-authentication frame further including an identifier of the mobile client device;

the first wireless access device accessing a network mapping database;

the first wireless access device using the network mapping database to determine a Layer 3 network address of the second wireless access device, based upon the Layer 2 network address included in the pre-authentication frame;

the first wireless access device generating a Layer 3 network packet that encapsulates the pre-authentication frame, the Layer 3 network packet also including the Layer 3 network address of the second wireless access device; and

sending the Layer 3 network packet from the first wireless access device, the Layer 3 network packet being destined for the second wireless access device.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for pre-authentication in a wireless network is disclosed. The method begins by receiving, from a mobile client device, an Ethernet pre-authentication frame having an Ethernet address corresponding to a destination infrastructure device in the wireless network. Based upon a network mapping table, the method determines an internet protocol (IP) address that is mapped to the Ethernet address of the destination infrastructure device. The Ethernet pre-authentication frame is encapsulated inside an IP packet having the IP address. Then, the method routes the IP packet to the destination infrastructure device across WLANs with a different VLAN or subnetwork boundary in the wireless network.

13 Citations

View as Search Results

16 Claims

1. A method of enhancing roaming of mobile client devices in a wireless network having a plurality of wireless access devices, the method comprising:
- receiving a pre-authentication frame at a first wireless access device of a first Layer 2 subnetwork, the pre-authentication frame originating from a mobile client device that is currently in association with the first wireless access device, the pre-authentication frame including a Layer 2 network address of a second wireless access device of a second Layer 2 subnetwork that is different than the first Layer 2 subnetwork, and the pre-authentication frame further including an identifier of the mobile client device;
  
  the first wireless access device accessing a network mapping database;
  
  the first wireless access device using the network mapping database to determine a Layer 3 network address of the second wireless access device, based upon the Layer 2 network address included in the pre-authentication frame;
  
  the first wireless access device generating a Layer 3 network packet that encapsulates the pre-authentication frame, the Layer 3 network packet also including the Layer 3 network address of the second wireless access device; and
  
  sending the Layer 3 network packet from the first wireless access device, the Layer 3 network packet being destined for the second wireless access device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising storing the pre-authentication frame in a memory of the first wireless access device, wherein generating the Layer 3 network packet comprises copying the pre-authentication frame from the memory of the first wireless access device to the memory of an Ethernet driver of the first wireless access device.
  - 3. The method of claim 1, wherein the network mapping database is remote from the first wireless access device, and wherein accessing the network mapping database comprises wirelessly accessing the network mapping database.
  - 4. The method of claim 1, wherein the network mapping database is located in the first wireless access device, and wherein accessing the network mapping database comprises locally accessing the network mapping database at the first wireless access device.
  - 5. The method of claim 1, further comprising statistically configuring the network mapping database.
  - 6. The method of claim 1, wherein:
    - the first Layer 2 subnetwork is a first Ethernet subnetwork;
      
      the second Layer 2 subnetwork is a second Ethernet subnetwork;
      
      the Layer 2 network address of the second wireless access device comprises an Ethernet address; and
      
      the Layer 3 network address of the second wireless access device comprises an IP address.
  - 7. The method of claim 6, wherein the Ethernet address comprises a basic service set identifier (BSSID) of the second wireless access device.
  - 8. The method of claim 1, wherein using the network mapping database comprises mapping the Layer 2 network address to the Layer 3 network address.
  - 9. The method of claim 1, wherein the identifier of the mobile client device comprises a Media Access Control (MAC) address of the mobile client device.

10. A method of enhancing roaming of mobile client devices in a wireless network having a plurality of wireless access devices, wherein a current wireless association is maintained between a mobile client device and a first wireless access device of a first Layer 2 subnetwork, the method comprising:
- receiving a probe at a second wireless access device of a second Layer 2 subnetwork, the probe originating from the mobile client device while it is currently in association with the first wireless access device;
  
  the second wireless access device sending a probe response to the mobile client device in response to receiving the probe, the probe response including a Layer 2 network address of the second wireless access device;
  
  thereafter, the second wireless access device receiving a Layer 3 network packet from the first wireless access device, the Layer 3 network packet being representative of a pre-authentication request from the mobile client device, the Layer 3 network packet encapsulating a Layer 2 pre-authentication frame that includes the Layer 2 network address of the second wireless access device previously provided by the second wireless access device with the probe response, and that includes and an identifier of the mobile client device, wherein the Layer 2 pre-authentication frame originates from the mobile client device while it is currently in association with the first wireless access device; and
  
  pre-authenticating the mobile client device with the second wireless access device, in response to receiving the Layer 3 network packet.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein:
    - the first Layer 2 subnetwork is a first Ethernet subnetwork;
      
      the second Layer 2 subnetwork is a second Ethernet subnetwork;
      
      the Layer 2 network address of the second wireless access device comprises an Ethernet address; and
      
      the Layer 3 network packet includes an IP address of the second wireless access device, the IP address being mapped to the Layer 2 network address of the second wireless access device.
  - 12. The method of claim 11, wherein the Ethernet address comprises a basic service set identifier (BSSID) of the second wireless access device.
  - 13. The method of claim 10, wherein the identifier of the mobile client device comprises a Media Access Control (MAC) address of the mobile client device.
  - 14. The method of claim 10, wherein pre-authenticating the mobile client device comprises:
    - extracting the Layer 2 pre-authentication frame from the Layer 3 network packet;
      
      processing pre-authentication information associated with the extracted Layer 2 pre-authentication frame; and
      
      sending a pre-authentication reply to the mobile client device, while the mobile client device is currently in association with the first wireless access device.

15. A method of enhancing roaming of mobile client devices in a wireless network having a plurality of wireless access devices, the method comprising:
- receiving an Ethernet pre-authentication frame at a first wireless access device, the Ethernet pre-authentication frame originating from a mobile client device that is currently in association with the first wireless access device, the Ethernet pre-authentication frame including an Ethernet address of a second wireless access device, and the Ethernet pre-authentication frame further including a Media Access Control (MAC) address of the mobile client device;
  
  the first wireless access device mapping the Ethernet address of the second wireless access device to an IP address of the second wireless access device;
  
  the first wireless access device generating an IP packet that encapsulates the Ethernet pre-authentication frame, the IP packet further comprising the IP address of the second wireless access device;
  
  sending the IP packet from the first wireless access device, wherein the IP address of the second wireless access device indicates a destination of the IP packet;
  
  thereafter, the second wireless access device receiving the IP packet while the mobile client device is currently in association with the first wireless access device;
  
  the second wireless access device extracting the Ethernet pre-authentication frame from the IP packet;
  
  the second wireless access device processing pre-authentication information associated with the extracted Ethernet pre-authentication frame; and
  
  the second wireless access device sending a pre-authentication reply that is destined for the mobile client device.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein the Ethernet address of the second wireless access device comprises a basic service set identifier (BSSID) of the second wireless access device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Symbol Technologies, Inc. (Zebra Technologies Corporation)
Inventors
Batta, Puneet
Primary Examiner(s)
Wu; Daniel
Assistant Examiner(s)
OTT, FREDERICK R

Application Number

US11/515,119
Publication Number

US 20080056272A1
Time in Patent Office

1,594 Days
Field of Search

370/395, 370/331
US Class Current

370/395.5
CPC Class Codes

H04W 12/06   Authentication

H04W 12/062   Pre-authentication

H04W 80/02   Data link layer protocols

H04W 80/04   Network layer protocols, e....

H04W 84/12   WLAN [Wireless Local Area N...

Pre-authentication across an 802.11 layer-3 IP network

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Pre-authentication across an 802.11 layer-3 IP network

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links