Managing rogue devices through a network backhaul

US 9,413,772 B2
Filed: 03/17/2014
Issued: 08/09/2016
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting a rogue device in a network;

sending a rogue device message that includes an identification of the rogue device to a plurality of switches in a backhaul of the network;

adding the identification of the rogue device into a rogue monitor table including a learned status field indicating whether the rogue device is In-Net or Out-Of-Net;

determining whether the rogue device is In-Net or Out-Of-Net using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table by removing entries in the forwarding tables that include a MAC address of the rogue device and determining whether a new learned MAC address in the forwarding tables is the MAC address of the rogue device;

when it is determined that the rogue device is In-Net, performing mitigation of the rogue device using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network;

updating the rogue monitor table to indicate an identification of the nearest switch to the rogue device and updating the learned status field to indicate that the rogue device is In-Net.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Managing rogue devices in a network through a network backhaul. A rogue device is detected in a network and a rogue device message that includes the rogue device is sent to a plurality of switches in a backhaul of the network. The rogue device is added into a rogue monitor table. Whether the rogue device is In-Net or Out-Of-Net is determined using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table. Mitigation is performed using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network if it is determined that the rogue device is In-Net.

208 Citations

19 Claims

1. A method comprising:
- detecting a rogue device in a network;
  
  sending a rogue device message that includes an identification of the rogue device to a plurality of switches in a backhaul of the network;
  
  adding the identification of the rogue device into a rogue monitor table including a learned status field indicating whether the rogue device is In-Net or Out-Of-Net;
  
  determining whether the rogue device is In-Net or Out-Of-Net using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table by removing entries in the forwarding tables that include a MAC address of the rogue device and determining whether a new learned MAC address in the forwarding tables is the MAC address of the rogue device;
  
  when it is determined that the rogue device is In-Net, performing mitigation of the rogue device using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network;
  
  updating the rogue monitor table to indicate an identification of the nearest switch to the rogue device and updating the learned status field to indicate that the rogue device is In-Net.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the rogue device is a rogue client device, the method further comprising:
    - determining a rogue access point associated with the rogue device using a rogue AP table;
      
      performing mitigation of the rogue access point using the nearest switch to the rogue device.
  - 3. The method of claim 1, wherein determining whether the rogue device is In-Net or Out-Of-Net using the forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table comprises:
    - removing entries in the forwarding tables that include a MAC address of the rogue device;
      
      determining that an aged MAC address in the forwarding tables is the MAC address of the rogue device;
      
      determining a rogue access point associated with the rogue device using a rogue AP table;
      
      determining if a MAC address of a device associated with the rogue access point is included as an entry in the forwarding tables using a rogue learning table;
      
      when it is determined that the MAC address of the device associated with the rogue access point is included as an entry in the forwarding tables, determining that the rogue device is In-Net.
  - 4. The method of claim 3, wherein the rogue access point associated with the rogue device is the rogue device.
  - 5. The method of claim 3, wherein the rogue device is a rogue client device and the rogue access point associated with the rogue device is the rogue access point that the rogue device is coupled to.
  - 6. The method of claim 1, wherein performing mitigation of the rogue device comprises:
    - determining an action mode for mitigation of the rogue device;
      
      sending an unauthorized list mitigation message, used in performing mitigation of the rouge device, to the nearest switch, if the determined action mode for mitigation of the rogue device is adding the rogue device to an unauthorized list.
  - 7. The method of claim 1, wherein performing mitigation of the rogue device comprises:
    - determining an action mode for mitigation of the rogue device;
      
      determining whether the rogue device is a rogue client device;
      
      determining if there are multiple nearest switches to the rogue device;
      
      sending a block port mitigation message, used in performing mitigation of the rogue device, to the nearest switch, when it is determined that the determined action mode for mitigation of the rogue device is blocking all traffic on a port through which the rogue device is coupled to thenearest switch, the rogue device is the rogue client device, and there is only a single nearest switch to the rogue device.
  - 8. The method of claim 1, further comprising:
    - generating, at an originator switch, a probe message with an initial hop number;
      
      sending the probe message with the initial hop number to at least one next switch;
      
      receiving probe responses that include an increased hop number;
      
      determining that a switch that sent a probe response with a largest increased hop number is the nearest switch to the rogue device.
  - 9. The method of claim 1, further comprising:
    - generating, at an originator switch, a probe message with an initial hop number;
      
      sending the probe message with the initial hop number to at least one next switch;
      
      determining that the originator switch is the nearest switch to the rogue device when a probe response that includes an increased hop number is not received from the at least one next switch.

10. A system comprising:
- a detector access point configured to detect a rogue device in a network;
  
  a rogue device message engine configured to send a rogue device message that includes an identification of the rogue device to a plurality of switches in a backhaul of the network;
  
  a rogue monitor table management engine configured to add the identification of the rogue device into a rogue monitor table including a learned status field indicating whether the rogue device is In-Net or Out-Of-Net;
  
  a rogue device status determination engine configured to determine whether the rogue device is In-Net or Out-Of-Net using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor by removing entries in the forwarding tables that include a MAC address of the rogue device and determining whether a new learned MAC address in the forwarding tables is the MAC address of the rogue device;
  
  a network backhaul rogue device management system configured to perform mitigation of the rogue device using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network, when it is determined that the rogue device is In-Net;
  
  wherein the rogue monitor table management engine is further configured to update the rogue monitor table to indicate an identification of the nearest switch to the rogue device and update the learned status field to indicate that the rouge device is In-Net.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the rogue device is a rogue client device, the network backhaul rogue device management system further configured to:
    - determine a rogue access point associated with the rogue device using a rogue AP table;
      
      perform mitigation of the rogue access point using the nearest switch to the rogue device.
  - 12. The system of claim 10, further comprising:
    - a forwarding table management engine configured to;
      
      remove entries in the forwarding tables that include a MAC address of the rogue device;
      
      determine that an aged MAC address in the forwarding tables is the MAC address of the rogue device;
      
      wherein the network backhaul rogue device management system is further configured to;
      
      determine a rogue access point associated with the rogue device using a rogue AP table;
      
      determine if a MAC address of a device associated with the rogue access point is included as an entry in the forwarding tables using a rogue learning table;
      
      wherein the rogue device status determination engine is further configured to determine that the rogue device is In-Net, when it is determined that the MAC address of the device associated with the rogue access point is included as an entry in the forwarding tables.
  - 13. The system of claim 12, wherein the rogue access point associated with the rogue device is the rogue device.
  - 14. The system of claim 12, wherein the rogue device is a rogue client device and the rogue access point associated with the rogue device is the rogue access point that the rogue device is coupled to.
  - 15. The system of claim 10, further comprising:
    - an action mode determination engine configured to determine an action mode for mitigation of the rogue device;
      
      a mitigation message generation engine configured to send an unauthorized list mitigation message, used in performing mitigation of the rogue device, to the nearest switch, when the determined action mode for mitigation of the rogue device is adding the rogue device to an unauthorized list.
  - 16. The system of claim 10, further comprising:
    - an action mode determination engine configured to determine an action mode for mitigation of the rogue device;
      
      a rogue device type determination engine configured to determine whether the rogue device is a rogue client device;
      
      a nearest switch monitoring engine configured to determine if there are multiple nearest switches to the rogue device;
      
      a mitigation message generation engine configured to send a block port mitigation message, used in performing mitigation of the rogue device, to the nearest switch, when it is determined that the determined action mode for mitigation of the rogue device is blocking all traffic on a port through which the rogue device is coupled to the nearest switch, the rogue device is the rogue client device, and there is only a single nearest switch to the rogue device.
  - 17. The system of claim 10, further comprising an originator switch probe management system configured to:
    - generate, at an originator switch, a probe message with an initial hop number;
      
      send the probe message with the initial hop number to at least one next switch;
      
      receive probe responses that include an increased hop number;
      
      determine that a switch that sent a probe response with a largest increased hop number is the nearest switch to the rogue device.
  - 18. The system of claim 10, further comprising an originator switch probe management system configured to:
    - generate, at an originator switch, a probe message with an initial hop number;
      
      send the probe message with the initial hop number to at least one next switch;
      
      determine that the originator switch is the nearest switch to the rogue device when a probe response that includes an increased hop number is not received from the at least one next switch.

19. A system comprising:
- means for detecting a rogue device in a network;
  
  means for sending a rogue device message that includes an identification of the rogue device to a plurality of switches in a backhaul of the network;
  
  means for adding the identification identity of the rogue device into a rogue monitor table including a learned status field indicating whether the rogue device is In-Net or Out-Of-Net;
  
  means for determining whether the rogue device is In-Net or Out-Of-Net using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table by removing entries in the forwarding tables that include a MAC address of the rogue device and determining whether a new learned MAC address in the forwarding tables is the MAC address of the rogue device;
  
  means for performing mitigation of the rogue device using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network, when it is determined that the rogue device is In-Net;
  
  means for updating the rogue monitor table to indicate an identification of the nearest switch to the rogue device and updating the learned status field to indicate that the rouge device is In-Net.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Aerohive Networks Incorporated (Extreme Networks, Inc.)
Inventors
Fan, Peng, Zeng, Jianlin, Li, Mingliang
Primary Examiner(s)
Gee, Jason K.
Assistant Examiner(s)
Le, Thanh T

Application Number

US14/216,934
Publication Number

US 20140283073A1
Time in Patent Office

876 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04W 12/122   Counter-measures against at...

Managing rogue devices through a network backhaul

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

208 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Managing rogue devices through a network backhaul

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

208 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links