Pre-authentication across an 802.11 layer-3 IP network
First Claim
1. A method of enhancing roaming of mobile client devices in a wireless network having a plurality of wireless access devices, the method comprising:
- receiving a pre-authentication frame at a first wireless access device of a first Layer 2 subnetwork, the pre-authentication frame originating from a mobile client device that is currently in association with the first wireless access device, the pre-authentication frame including a Layer 2 network address of a second wireless access device of a second Layer 2 subnetwork that is different than the first Layer 2 subnetwork, and the pre-authentication frame further including an identifier of the mobile client device;
the first wireless access device accessing a network mapping database;
the first wireless access device using the network mapping database to determine a Layer 3 network address of the second wireless access device, based upon the Layer 2 network address included in the pre-authentication frame;
the first wireless access device generating a Layer 3 network packet that encapsulates the pre-authentication frame, the Layer 3 network packet also including the Layer 3 network address of the second wireless access device; and
sending the Layer 3 network packet from the first wireless access device, the Layer 3 network packet being destined for the second wireless access device.
11 Assignments
0 Petitions
Accused Products
Abstract
A method for pre-authentication in a wireless network is disclosed. The method begins by receiving, from a mobile client device, an Ethernet pre-authentication frame having an Ethernet address corresponding to a destination infrastructure device in the wireless network. Based upon a network mapping table, the method determines an internet protocol (IP) address that is mapped to the Ethernet address of the destination infrastructure device. The Ethernet pre-authentication frame is encapsulated inside an IP packet having the IP address. Then, the method routes the IP packet to the destination infrastructure device across WLANs with a different VLAN or subnetwork boundary in the wireless network.
13 Citations
16 Claims
-
1. A method of enhancing roaming of mobile client devices in a wireless network having a plurality of wireless access devices, the method comprising:
-
receiving a pre-authentication frame at a first wireless access device of a first Layer 2 subnetwork, the pre-authentication frame originating from a mobile client device that is currently in association with the first wireless access device, the pre-authentication frame including a Layer 2 network address of a second wireless access device of a second Layer 2 subnetwork that is different than the first Layer 2 subnetwork, and the pre-authentication frame further including an identifier of the mobile client device; the first wireless access device accessing a network mapping database; the first wireless access device using the network mapping database to determine a Layer 3 network address of the second wireless access device, based upon the Layer 2 network address included in the pre-authentication frame; the first wireless access device generating a Layer 3 network packet that encapsulates the pre-authentication frame, the Layer 3 network packet also including the Layer 3 network address of the second wireless access device; and sending the Layer 3 network packet from the first wireless access device, the Layer 3 network packet being destined for the second wireless access device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of enhancing roaming of mobile client devices in a wireless network having a plurality of wireless access devices, wherein a current wireless association is maintained between a mobile client device and a first wireless access device of a first Layer 2 subnetwork, the method comprising:
-
receiving a probe at a second wireless access device of a second Layer 2 subnetwork, the probe originating from the mobile client device while it is currently in association with the first wireless access device; the second wireless access device sending a probe response to the mobile client device in response to receiving the probe, the probe response including a Layer 2 network address of the second wireless access device; thereafter, the second wireless access device receiving a Layer 3 network packet from the first wireless access device, the Layer 3 network packet being representative of a pre-authentication request from the mobile client device, the Layer 3 network packet encapsulating a Layer 2 pre-authentication frame that includes the Layer 2 network address of the second wireless access device previously provided by the second wireless access device with the probe response, and that includes and an identifier of the mobile client device, wherein the Layer 2 pre-authentication frame originates from the mobile client device while it is currently in association with the first wireless access device; and pre-authenticating the mobile client device with the second wireless access device, in response to receiving the Layer 3 network packet. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method of enhancing roaming of mobile client devices in a wireless network having a plurality of wireless access devices, the method comprising:
-
receiving an Ethernet pre-authentication frame at a first wireless access device, the Ethernet pre-authentication frame originating from a mobile client device that is currently in association with the first wireless access device, the Ethernet pre-authentication frame including an Ethernet address of a second wireless access device, and the Ethernet pre-authentication frame further including a Media Access Control (MAC) address of the mobile client device; the first wireless access device mapping the Ethernet address of the second wireless access device to an IP address of the second wireless access device; the first wireless access device generating an IP packet that encapsulates the Ethernet pre-authentication frame, the IP packet further comprising the IP address of the second wireless access device; sending the IP packet from the first wireless access device, wherein the IP address of the second wireless access device indicates a destination of the IP packet; thereafter, the second wireless access device receiving the IP packet while the mobile client device is currently in association with the first wireless access device; the second wireless access device extracting the Ethernet pre-authentication frame from the IP packet; the second wireless access device processing pre-authentication information associated with the extracted Ethernet pre-authentication frame; and the second wireless access device sending a pre-authentication reply that is destined for the mobile client device. - View Dependent Claims (16)
-
Specification