公开(公告)号：US11877334B2

公开(公告)日：2024-01-16

申请号：US17314609

申请日：2021-05-07

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Amine Choukir ,  Anirban Karmakar ,  Vincent Cuissard ,  Sudhir Kumar Jain

IPC: H04W76/15 ,  H04L12/46 ,  H04W12/037 ,  H04L61/50 ,  H04W84/12

CPC classification number: H04W76/15 ,  H04L12/4633 ,  H04L61/50 ,  H04W12/037 ,  H04W84/12

Abstract: A wireless client device communicates, to an access point over a secure channel, a mapping of a dynamic device address to a stable device address. By communicating the mapping, the access point is able to determine that packets received from two different device addresses originate from a common device. The access point is then able to maintain an association between the originating device and other network resources assigned or allocated to the originating device, such as IP addresses or infrastructure station address, which is used to identify the originating device to other devices outside the network in some embodiments.

公开(公告)号：US20230354034A1

公开(公告)日：2023-11-02

申请号：US17731689

申请日：2022-04-28

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto Muccifora ,  Amine Choukir ,  Robert Barton ,  Jerome Henry ,  Arun Khanna

IPC: H04W12/122 ,  H04W12/73 ,  H04W12/106

CPC classification number: H04W12/122 ,  H04W12/73 ,  H04W12/106

Abstract: A method is provided that is performed in a wireless network to detect a rogue wireless device. The method comprises detecting a suspect wireless device in the wireless network based on messages transmitted by the suspect wireless device using a first Media Access Control (MAC) address that is also used by a valid wireless device in the wireless network. When a suspect wireless device is detected, the method next includes sending to the valid wireless device in the wireless network a request configured to cause the valid wireless device to change its MAC address. After the valid wireless device has changed its MAC address, the method involves observing messages transmitted by the suspect wireless device in the wireless network. The method then includes determining that the suspect wireless device is a rogue device when the suspect wireless device continues to transmit messages using the first MAC address.

公开(公告)号：US20230284211A1

公开(公告)日：2023-09-07

申请号：US17683627

申请日：2022-03-01

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Alessandro Erta ,  Amine Choukir ,  Domenico Ficara ,  Patrick Wetterwald

IPC: H04W72/12 ,  H04W68/00 ,  H04W64/00

CPC classification number: H04W72/1268 ,  H04W68/005 ,  H04W64/00 ,  H04W88/08

Abstract: In one embodiment, a controller for an overhead mesh of access points in an area receives an indication from one or more access points of the overhead mesh that a client device is present in the area. The controller determines movements of the client device within the area. The controller selects a set of access points of the overhead mesh to support communications between the client device and the overhead mesh, based on the movements of the client device determined by the controller. The controller causes the controller, the set of access points to form communication schedules to support communications with the client device that do not require a prior association exchange with the client device.

公开(公告)号：US20230262798A1

公开(公告)日：2023-08-17

申请号：US17673334

申请日：2022-02-16

Applicant: Cisco Technology, Inc.

Inventor： Amine Choukir ,  Robert Barton ,  Anirban Karmakar ,  Domenico Ficara ,  Vincent Cuissard ,  Jerome Henry

IPC: H04W76/15 ,  H04W76/30

CPC classification number: H04W76/15 ,  H04W76/30 ,  H04W80/02

Abstract: A user device connected to a wireless network maintains session persistence through a MAC address change of a user device. The user device establishes a multi-path communication session including a first subflow associated with a first MAC address for the user device. When the user device changes from the first MAC address to a second MAC address. the user device establishes a second subflow of the multi-path communication session. The second subflow is associated with the second MAC address. After establishing the second subflow associated with the second MAC address, the user device ends the first subflow associated with the first MAC address.

公开(公告)号：US20230262465A1

公开(公告)日：2023-08-17

申请号：US17674304

申请日：2022-02-17

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto Muccifora ,  Robert Edgar Barton ,  Jerome Henry ,  Stephen Michael Orr ,  Amine Choukir

IPC: H04W12/122

CPC classification number: H04W12/122

Abstract: Methods are provided to determine validity of a MAC address. The methods involve obtaining a media access control (MAC) address validity message that indicates a plurality of valid MAC addresses in the wireless network using a fully-exploded format or a probabilistic data structure and determining whether a MAC address is valid based on the MAC address validity message. Other methods involve obtaining a query regarding a validity of a media access control (MAC) address, determining whether the MAC address is a value included in a data set of expected values of a probabilistic data structure. The data set represents a list of MAC addresses. The other methods involve determining whether the MAC address is valid in the wireless network based on determining whether the MAC address is the value included in the data set and providing a response indicating whether the MAC address is valid.

公开(公告)号：US20230171575A1

公开(公告)日：2023-06-01

申请号：US18096741

申请日：2023-01-13

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Srinath Gundavelli ,  Amine Choukir ,  Domenico Ficara ,  Jerome Henry ,  Jean-Philippe Vasseur ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04W4/70 ,  H04W48/18 ,  H04W24/02

CPC classification number: H04W4/70 ,  H04W48/18 ,  H04W24/02 ,  H04W88/12

Abstract: In one embodiment, a supervisory device in a network notifies, via an access point of the network, a node as to an ability of the network to support virtual access points. The supervisory device receives, in response to notifying the node, information from the node regarding characteristics of the node. The supervisory device selects, based on the characteristics of the node, a plurality of access points in the network to form a virtual access point with which the node may communicate. The supervisory device configures the plurality of access points to function as the virtual access point, wherein the node communicates with the network via the virtual access point.

公开(公告)号：US20230065679A1

公开(公告)日：2023-03-02

申请号：US17527572

申请日：2021-11-16

Applicant: Cisco Technology, Inc.

Inventor： Amine Choukir ,  Domenico Ficara ,  Pascal Thubert ,  Jerome Henry ,  Ashish Kumar ,  Yi Xu ,  Araz Yagubov

IPC: H04W4/06 ,  H04L45/741

Abstract: Presented herein are techniques to address a lack of path maximum transmission unit discovery in the context of, e.g., the control and provisioning of wireless access point (CAPWAP) protocol for multicast communications. In one embodiment, IPv4-IPv6-IPv4 network address translation is used to avoid a conservative maximum transmission unit size. In another embodiment, unicast and multicast path maximum transmission unit discovery techniques are executed to set the maximum transmission unit size for multicast communications.

公开(公告)号：US11483283B1

公开(公告)日：2022-10-25

申请号：US17546902

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Amine Choukir ,  Robert E. Barton ,  Jerome Henry ,  Carlos M. Pignataro ,  Domenico Ficara ,  Vincent Cuissard ,  Anirban Karmakar

IPC: G06F15/16 ,  H04L61/5014 ,  H04W8/00 ,  H04L61/251 ,  H04L101/622

Abstract: A wireless infrastructure that communicates with a DHCP server and a wireless client that rotates its MAC address performs a method including: upon receiving, from the wireless client, a first request with a first MAC address, creating a session context including the first MAC address and a stable identifier, and relaying the first request to the DHCP server; relaying, from the DHCP server to the wireless client, a first DHCP reply that includes an Internet Protocol (IP) address bound to the stable identifier; upon receiving, from the wireless client, a second request with the IP address and a second MAC address, merging the second MAC address and the IP address into the session context, and relaying, to the DHCP server, the second request including the stable identifier; and relaying, from the DHCP server to the wireless client, a second DHCP reply including the IP address bound to the stable identifier.

公开(公告)号：US20200162328A1

公开(公告)日：2020-05-21

申请号：US16544690

申请日：2019-08-19

Applicant: Cisco Technology, Inc.

Inventor： Salvatore Valenza ,  Domenico Ficara ,  Valerio Di Gregorio ,  Amine Choukir ,  Vincent Cuissard

IPC: H04L12/24 ,  H04W60/00 ,  H04W48/16 ,  H04W80/02

Abstract: The present disclosure is directed to systems and methods that enable automatic provisioning of access points within an enterprise network by a controller of the enterprise network. In one aspect, a method includes detecting, at a network controller, attachment of a first access point to a network; identifying, by the network controller, a profile of a second access point, the second access point having being replaced with the first access point, the profile including at least one of identification parameters and configuration parameters of the second access point; and provisioning, by the network controller, the first access point with the profile of the second access point.

公开(公告)号：US09882806B2

公开(公告)日：2018-01-30

申请号：US14729810

申请日：2015-06-03

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Domenico Ficara ,  Davide Cuda ,  Amine Choukir

IPC: H04L12/28 ,  H04L12/721 ,  H04L29/06 ,  H04L12/751 ,  H04L12/715

CPC classification number: H04L45/14 ,  H04L45/02 ,  H04L45/04 ,  H04L63/00

Abstract: Techniques are disclosed for exchanging anonymized information between autonomous systems. In one example, a method comprises accessing an eigenvalue, wherein the eigenvalue is based on topology data associated with the first autonomous system; encoding the eigenvalue into a message; and transmitting, by a network element located in the first autonomous system, the message to an external edge router located in the second autonomous system. A further method can comprise receiving, by a network component located in a first autonomous system, a message, wherein the message comprises an eigenvalue and the message is received from an external network element located in a second autonomous system; accessing another other eigenvalue, the another eigenvalue corresponding to an autonomous system different from the first autonomous system; analyzing the another eigenvalue and the eigenvalue; and executing, by the network element, an action based on the analyzing.