A wireless mobile communication device can receive one or more network parameters from a network gateway and identify a network associated with the network parameters based on stored network information of networks with which the device is configured to join and/or network gateways with which the device is configured to communicate. The device can identify private network information associated with the identified network that will enable the device to access one or more private networks via the identified network. Once the device obtains access to the identified network, the device can set up one or more virtual private network (VPN) tunnels to join one or more private networks accessible via the identified network. When using two or more VPN tunnels, one VPN tunnel can be nested within another VPN tunnel.

Embodiments of the present technology provide out-of-band captive portal devices, networks, and methods. An example of a method includes executing a redirection of a client request for network access to a captive portal login, initiating an association between the wireless controller and the client, receiving authentication credentials of client from the captive portal login, negotiating a change of authorization with a wireless controller in accordance with RFC 5176 protocol, wherein the controller includes a mapping to a captive portal Internet Protocol (IP) address, and redirecting the client to a URL specified in the client request for network access.

A fingerprint is received from a communication endpoint. The fingerprint is based on a hardware identifier of the communication endpoint. For example the fingerprint may be based on a Media Access Control (MAC) address of the communication endpoint. A request for an emergency call from the communication endpoint is received that also includes the fingerprint. For instance, a user may initiate a 911 call from the communication endpoint. The emergency call is established. After the emergency call is disconnected, a request for an emergency call back is received. For example, if the emergency call prematurely disconnected, the emergency call back is initiated. The request for the emergency call back is routed to the communication endpoint based on the fingerprint to ensure that the emergency call is properly completed.

The present disclosure generally discloses a multicast capability configured to support multicast that is based on use of Bit Indexed Explicit Replication (BIER). The multicast capability may be configured to support deployment of BIER into a network in a manner that continues to support use of Protocol Independent Multicast (PIM) for multicast control within the network. The multicast capability may be configured to support deployment of BIER, into a network including an Interior Gateway Protocol (IGP) area, using a BIER domain that is commensurate with the IGP area or that is only a portion of the IGP area. The multicast capability may be configured to support deployment of BIER into a network in a manner supporting stitching of traditional PIM access networks via a BIER core network.

A communication apparatus capable of data communication includes a controller that temporarily permits data communication of an application. Upon the application transitioning to the background, the controller maintains temporary permission for data communication of the application when the application transitioned to the background as a result of an interrupt not intended by a user, and prohibits data communication of the application when the application transitioned to the background as a result of an interrupt other than an interrupt not intended by the user.

The present disclosure discloses a method and system for partitioning WLAN in order to separate network traffic from different WLANs. Specifically, a network device receives a packet from a client connected to a first network device on an access network. The network device then determines that the received packet is associated with a VLAN that is pre-configured on the first network device based on the access network to which the client is connected. Furthermore, the network device transmits the packet to a MAC layer switching device, which is not configured with the VLAN that is pre-configured on the network device. The packet includes one of a DHCP discovery message, an ARP request message, a unicast message, a multicast message, and a broadcast message. The unicast message will be transmitted to the second network device on the pre-configured VLAN prior to being transmitted to another network device outside the pre-configured VLAN.

An embodiment provides a packet transmission method and apparatus, to resolve a problem that occurs when a packet cannot traverse a NAT device when VTEPs communicate with each other through the NAT device. The method is applied to a VXLAN including a first VTEP, a second VTEP, and a NAT device. The method includes: performing, by the first VTEP, VXLAN encapsulation on a first packet, obtaining a second packet; sending, by the first VTEP, the second packet to the second VTEP through the NAT device; and performing, by the second VTEP, VXLAN decapsulation on the received second packet, to obtain the first packet. The first packet is a packet to be sent by the first VTEP, a destination port number of the second packet is obtained based on a destination IP address of the second packet, and a source port number of the second packet is a preset port number.

An edge switch receives a VM classification policy and an executing policy corresponding to each VM class distributed by a policy controller. The executing policy comprises information of each service node for processing a message and an executing sequence of the each service node. The edge switch receives a message sent by a VM connected to the edge switch, determines a VM class corresponding to the message according to the VM classification policy and determines an executing policy corresponding to the VM class. The edge switch encapsulates the message according to information of each service node to be executed by a VM of the VM class and an executing sequence, and sends the message, so that the message is sequentially sent to the each service node to be executed by the VM of the VM class to execute a service policy.

Methods and systems for automated ad hoc customer premise equipment (CPE) bi-directional vulnerability scanning. A method includes an auto provisioning server receiving CPE information for a designated CPE to initiate a bi-directional vulnerability scan, obtaining telemetry data from a cable modem termination system (CMTS) based on the CPE information, configuring switches to form a virtual local area network channel between a LAN scanner and the designated CPE using the CPE information, provisioning the LAN scanner to obtain a LAN side Internet Protocol (IP) address from the designated CPE, initiating vulnerability scans at a wide area network (WAN) scanner and the LAN scanner using a stored WAN side IP address and a stored LAN side IP address, respectively, and generating a vulnerability scan report based on results from the WAN scanner and the LAN scanner. At least one network device can be configured based on the report.

Provided is a method and apparatus for searching for a Maintenance End Point (MEP), and a storage medium. The method includes that: a chip of the MEP parses an obtained packet; the chip of the MEP determines whether a field of the parsed packet matches a field in a combination of a port and a Virtual Local Area Network (VLAN); and in a case where the field of the parsed packet matches the field in the combination of the port and the VLAN, the chip of the MEP determines that the MEP is found successfully.