Cloud based router with policy enforcement. In some implementations, a system is provided. The system includes a plurality of access points. The plurality of access points receive data packets from a plurality of client devices. The system also includes a plurality of tunnel devices coupled to the plurality of access points. The plurality of tunnel devices generate encapsulated packets based on the data packets received by the plurality of access points. The system further includes a plurality of packet forwarding components coupled to the plurality of tunnel devices via a first set of tunnels. The plurality of packet forwarding components receive the encapsulated packets from the plurality of tunnel devices and forward the encapsulate packets. The system further includes a plurality of network access controllers coupled to the plurality of packet forwarding components via a second set of tunnels. The plurality of network access controllers enforce one or more network policies for the plurality of client devices, as the plurality of client devices move between the plurality of access points.

The present invention provides a wireless communication method of an access point. The wireless communication method comprises the steps of: establishing a cache table comprising a plurality of reference MAC and corresponding PMKs and reference PMKIDs; receiving an association request from a station; reading a MAC address of the station and a PMKID from the association request; if the MAC address of the station and the PMKID do not match items of the cache table, performing a calculation on the PMKID to obtain an original PMKID; determining if the original PMKID matches any one of the reference PMKIDs within the cache table; and if the original PMKID matches one reference PMKID within the cache table, determining that the reference MAC recorded in the cache table and the MAC address belong to the same station.

A system and method for managing congestion in a multi-hop wireless network, employing congestion notification messages. The technology has three main components: a mechanism at the Medium Access (MAC) layer for determining when a given source or transit node is deemed congested; a mechanism at the Network Layer (NL) determining how to propagate this information to applications, including suitably combining overload indications received from neighbors; and a mechanism at the Transport Layer (TL) of each source of traffic for determining when a source is generating excessive traffic, and combining it with Medium Access Control (MAC)-based overload indication from downstream nodes, thus providing a multi-layer approach to traffic throttling.

A system and method for provisionally authenticating a host moving from one router to another router in a network using border gateway protocol (BGP) is disclosed. A host is initially authenticated at a first BGP router, this discovery is advertised to a second BGP router pursuant to BGP with a new extended community indicating successful authentication (or pre-authentication) of the host at the first BGP router. An indication for re-authentication of the host at the second BGP router is then received, which blocks network traffic from the host to the second BGP router. Due to the notification of a previous authentication of the host, the second BGP router begins a provisional authentication session. In response to a successful completion of the provisional authentication session, the host is authorized to transmit network traffic on the second BGP router and subsequently blocked from doing the same at the first BGP router.

A wireless device receives, from a base station, a radio resource control message comprising at least one packet data convergence protocol (PDCP) configuration parameter indicating Ethernet header compression for a data radio bearer. The wireless device receives, from the base station and based on the at least one PDCP configuration parameter, mapping information between: a source medium access control (MAC) address and a destination MAC address; and a corresponding header compression index. The wireless device receives a compressed Ethernet packet: compressed based on the mapping information; and comprising the corresponding header compression index.

A method of recording layer-2 (L2) mappings created for workloads executing on a plurality of hosts in a first database managed by a network management server: upon receipt of a first mapping reported by a first host, determining that the first mapping is not recorded in the first database; and in response to the determining that the received first mapping is not recorded in the first database, generating a first timestamp and persisting a first record in the first database that includes the first mapping and the first timestamp.

The present invention is applicable to the field of communications technologies, and provides a repeating method of a wireless repeating device and a wireless repeating device. The method includes the following steps: synchronizing network connection information of an upstream AP to a downstream WLAN AP interface of the wireless repeating device; obtaining, according to the downstream WLAN AP interface corresponding to the synchronized upstream AP, downstream wireless STA MAC address information, and establishing an upstream WLAN Client interface which is in a mapping relationship with an STA MAC address; and performing, according to the mapping relationship between the STA MAC address and the established upstream WLAN Client interface, management on data forwarded between the upstream AP and a downstream wireless STA.

Systems and methods for increasing layer 2 visibility of layer 3 network devices so as to facilitate implementation of device-oriented policy actions by layer 3 network devices are provided. According to one embodiment, unique physical addresses of one or more host devices are retrieved by a dynamic host configuration protocol (DHCP) agent that is operatively coupled with a DHCP server. The physical addresses are mapped to corresponding Internet Protocol (IP) addresses assigned by the DHCP server to the one or more host devices. The mapping is relayed directly or indirectly to a network security device. Network traffic management/security policies are defined within the network security device corresponding to at least one of the unique physical addresses.

Methods and apparatuses are described for wireless communications. Cells may be grouped into a plurality of cell groups. A time adjustment may be determined and applied to uplink transmission timing of a cell group. A transmission timing difference between a first cell group and a second cell group may be determined. If the transmission timing difference exceeding a threshold, one or more devices may stop transmitting uplink signals via one or more secondary cells and/or may stop applying the timing adjustment for a cell group.

A CPU box of each mounting machine module obtains MAC addresses of communication devices of both an internal device and a base by communicating with the communication devices of both the internal device and the base after the power is turned on, compares the obtained MAC address of the internal device side and the obtained MAC address of the base side, with storage data of the MAC addresses of both the internal device side and the base side read from a non-volatile storage medium of the CPU box, obtains management data of the mounting machine module stored in association with the MAC address of the internal device side from the non-volatile storage medium of a management computer in a case where the MAC address of the internal device side does not match the storage data, and obtains the management data of the mounting machine module stored in association with the MAC address of the base side from the non-volatile storage medium of the management computer in a case where the MAC address of the base side does not match the storage data.