Enterprise network architecture for implementing a virtual private network for wireless users by mapping wireless LANs to IP tunnels
First Claim
1. A method for communicating a data packet from a wireless communication device to an entity in a restricted network segment of a central site in an enterprise network, comprising:
- storing, at a wireless switch that is coupled to a plurality of access ports and being located at a remote site in the enterprise network, a wireless communication device database (WCDD) comprising;
a list of wireless communication devices associated with the wireless switch indexed by respective MAC addresses of each wireless communication device, respective addresses of each wireless communication device, a WLAN which each wireless communication device is associated with, a mapping table of WLANs-to-VLANs, and a mapping table of WLANs-to-tunnels;
receiving, at the wireless switch, the data packet from a wireless communication device via an access port coupled to the wireless switch;
determining, at the wireless switch based on the data packet, whether the wireless communication device is associated with one of;
an unauthorized access WLAN; and
an authorized access WLAN that is mapped to a Generic Routing Encapsulation (GRE) tunnel implemented over the IP network and that is designed to allow communications with an IP router at the central site via the wireless switch over the GRE tunnel, wherein the GRE tunnel extends an IP subnet from the central site to the authorized access WLAN.
11 Assignments
0 Petitions
Accused Products
Abstract
An enterprise network is provided which includes a central site, a network and a remote site communicatively coupled to the central site over the network. The central site includes a first termination device in communication with a restricted network segment including at least one server. The remote site includes an infrastructure device, an authorized access wireless local area network (WLAN), and an unauthorized access WLAN. The infrastructure device comprises a second termination device which communicates with the first termination device over the network. The authorized access WLAN allow communications with the central site via the second termination device over a tunnel coupling the first termination device to the second termination device, whereas the unauthorized access WLAN allows communications with the network via the second termination device.
-
Citations
8 Claims
-
1. A method for communicating a data packet from a wireless communication device to an entity in a restricted network segment of a central site in an enterprise network, comprising:
-
storing, at a wireless switch that is coupled to a plurality of access ports and being located at a remote site in the enterprise network, a wireless communication device database (WCDD) comprising;
a list of wireless communication devices associated with the wireless switch indexed by respective MAC addresses of each wireless communication device, respective addresses of each wireless communication device, a WLAN which each wireless communication device is associated with, a mapping table of WLANs-to-VLANs, and a mapping table of WLANs-to-tunnels;receiving, at the wireless switch, the data packet from a wireless communication device via an access port coupled to the wireless switch; determining, at the wireless switch based on the data packet, whether the wireless communication device is associated with one of; an unauthorized access WLAN; and an authorized access WLAN that is mapped to a Generic Routing Encapsulation (GRE) tunnel implemented over the IP network and that is designed to allow communications with an IP router at the central site via the wireless switch over the GRE tunnel, wherein the GRE tunnel extends an IP subnet from the central site to the authorized access WLAN. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for communicating a Layer 3 data packet from an entity in a restricted network segment of a central site in an enterprise network to an authorized wireless communication device at a remote site in the enterprise network, the method comprising:
-
receiving, at an IP router, the Layer 3 data packet from an entity in the restricted network segment; removing, at the IP router, a layer 2 (L2) header from the Layer 3 data packet; encapsulating, at the IP router, the Layer 3 data packet with a GRE header and an outer IP header to generate a GRE-over-IP packet; transmitting, from the IP router, the GRE-over-IP packet over a Generic Routing Encapsulation (GRE) tunnel that couples the IP router to a wireless switch having an access port coupled thereto; receiving, at the wireless switch, the GRE-over-IP packet; and decapsulating, at the wireless switch, the GRE-over-IP packet by removing the outer IP header and the GRE header to generate an inner data packet; and storing, at the wireless switch, a wireless communication device database (WCDD) comprising;
a list of wireless communication devices associated with the wireless switch indexed by respective MAC addresses of each wireless communication device, respective addresses of each wireless communication device, a WLAN which each wireless communication device is associated with, a mapping table of WLANs-to-VLANs, and a mapping table of WLANs-to-tunnels. - View Dependent Claims (7, 8)
-
Specification