U.S. patent application number 11/819138 was filed with the patent office on 2008-02-07 for tracking multiple interface connections by mobile stations.
This patent application is currently assigned to Broadcom Corporation. Invention is credited to Harry Bims.
Application Number | 20080031185 11/819138 |
Document ID | / |
Family ID | 21930080 |
Filed Date | 2008-02-07 |
United States Patent
Application |
20080031185 |
Kind Code |
A1 |
Bims; Harry |
February 7, 2008 |
Tracking multiple interface connections by mobile stations
Abstract
A method and apparatus for communicating between devices is
described. In one embodiment, the method comprises allowing a
mobile station to have a first connection to a network over a first
interface and determining that the mobile station is attempting to
have a second connection to the network over a second interface
other than the first interface.
Inventors: |
Bims; Harry; (Meno Park,
CA) |
Correspondence
Address: |
STERNE, KESSLER, GOLDSTEIN & FOX P.L.L.C.
1100 NEW YORK AVENUE, N.W.
WASHINGTON
DC
20005
US
|
Assignee: |
Broadcom Corporation
Irvine
CA
|
Family ID: |
21930080 |
Appl. No.: |
11/819138 |
Filed: |
June 25, 2007 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
10663167 |
Sep 15, 2003 |
7236470 |
|
|
11819138 |
Jun 25, 2007 |
|
|
|
10044016 |
Jan 11, 2002 |
6788658 |
|
|
10663167 |
Sep 15, 2003 |
|
|
|
Current U.S.
Class: |
370/328 |
Current CPC
Class: |
H04L 69/32 20130101;
H04L 69/324 20130101; H04B 17/318 20150115; H04L 63/101 20130101;
H04B 7/022 20130101; H04L 29/06 20130101; H04W 84/12 20130101; H04W
12/08 20130101 |
Class at
Publication: |
370/328 |
International
Class: |
H04Q 7/00 20060101
H04Q007/00 |
Claims
1-25. (canceled)
26. A method for tracking multiple interface connections by
stations comprising: allowing a station to have a first connection
to a network over a first interface; and denying the station a
second connection to the network over a second interface other than
a first interface by checking an indicator bit associated with the
second interface to determine whether a MAC address for the second
interface is allowed to register for access to the network.
27. The method of claim 26, wherein the denying step includes
checking whether the indicator bit is stored in an access control
list.
28. The method of claim 27, wherein checking whether the indicator
bit is stored in an access control list further includes checking a
table having an entry for each station and fields to store a MAC
address associated with each interface of the station.
29. The method of claim 27, further comprising clearing the
indicator bit from the access control list by an IP manager.
30. The method of claim 26, wherein the station is selected from a
group comprising a mobile phone, a cellular phone, a cordless
phone, a headset, a voice-enabled mobile station, a laptop computer
system, a personal digital assistant, a computer-data-enabled
mobile station, or a fixed station.
31. A device for providing access to a network for one or more
stations, the device comprising: a switch having a plurality of
ports; and a controller coupled to the switch; wherein the
controller allows a station to have a first connection to a network
over a first interface and determines that the station is
attempting to have a second connection to the network over a second
interface other than the first interface, and wherein the
controller determines whether to allow connection to the network by
querying a server to check whether media access control (MAC)
addresses associated with the first and second interfaces belong to
the station.
32. The device of claim 31, wherein the station is selected from a
group comprising a mobile phone, a cellular phone, a cordless
phone, a headset, a voice-enabled mobile station, a laptop computer
system, a personal digital assistant, a computer-data-enabled
mobile station, or a fixed station.
33. The device of claim 31, wherein the server stores and maintains
media access control (MAC) addresses associated with one or more
interfaces belonging to the station.
34. An apparatus for providing access to a network for one or more
stations comprising: means for allowing a station to have a first
connection to a network over a first interface; means for
determining that the station is attempting to have a second
connection to the network over a second interface other than the
first interface; and means for checking whether media access
control (MAC) addresses associated with the first and second
interfaces belong to the station.
35. The apparatus of claim 34, wherein the station is one selected
from a group comprising a mobile phone, a cellular phone, a
cordless phone, a headset, a voice-enabled mobile station, a laptop
computer system, a personal digital assistant, a
computer-data-enabled mobile station, or a fixed station.
36. The apparatus of claim 34, further comprising means for
accessing a memory.
37. The apparatus of claim 36, wherein the memory is local, and
stores an active stations list and an access control list.
38. The apparatus of claim 36, wherein the memory is remote, and
stores an active stations list and an access control list.
39. The apparatus of claim 34, further comprising means for
enforcing a security policy if the station is attempting to connect
to the network over the second interface.
40. The apparatus of claim 39, further comprising means for denying
connection to the network through multiple interfaces of the same
station, and wherein the means for enforcing the security policy
comprises means for denying the second connection to the
network.
41. The apparatus of claim 40, further comprising means for
disabling a MAC address associated with the second interface.
42. The apparatus of claim 39, further comprising means for denying
connection to the network through multiple interfaces of the same
station, and wherein means for enforcing the security policy
comprises means for disabling the first connection to the
network.
43. The apparatus of claim 42, further comprising means for
removing a MAC address associated with the first interface from a
list of active stations.
44. The apparatus of claim 39, further comprising means for denying
connection to the network through multiple interfaces of the same
station, and wherein enforcing the security policy comprises
denying the first and second connections to the network.
45. The apparatus of claim 39, further comprising means for
allowing access to the network by the station over multiple
interfaces.
Description
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] This application is a continuation of U.S. Non-Provisional
patent application Ser. No. 10/663,167, Filed Sep. 15, 2003, now
U.S. Pat. No. 7,236,470, Issue Date Jun. 26, 2007, which is a
Continuation-In-Part of U.S. Non-Provisional application Ser. No.
10/044,016, filed Jan. 11, 2002, now U.S. Pat. No. 6,788,658,
Issued Sep. 7, 2004, all of which are hereby incorporated by
reference.
BACKGROUND OF THE INVENTION
Copyright Notices
[0002] A portion of the disclosure of this patent document contains
material which is subject to copyright protection. The copyright
owner has no objection to the facsimile reproduction by anyone of
the patent document or the patent disclosure, as it appears in the
Patent and Trademark Office patent file or records, but otherwise
reserves all copyright rights whatsoever.
Field of the Invention
[0003] The present invention relates to the field of wireless
communications; more particularly, the present invention relates to
a single frequency wireless communication system.
Background Art
[0004] FIG. 1 illustrates an exemplary network environment used
today. Referring to FIG. 1, a corporate Local Area Network (LAN)
backbone 102 interfaces to a number of desktop computers
103.sub.1-103.sub.n and may interface to Internet 101. Corporate
LAN backbone 102 may comprise a firewall 102A, corporate server
102B, and a standard Ethernet switch 102C. Ethernet switch 102C
includes an interface by which desktops 103.sub.1-103.sub.n are
coupled to the corporate LAN backbone 102 for access to corporate
sever 102B and to Internet 101 (via firewall 102A).
[0005] More recently, wireless LANs (WLANs) are being installed.
Many of the recently implemented WLANs operate according to the
protocol set forth in the 802.11 Standard, particularly as more
enterprises are adopting the 802.11 Standard. ISO IEC DIS
8802.11.
[0006] FIG. 2 illustrates one embodiment of an 802.11, based WLAN
(LAN) system. Referring to FIG. 2, the Internet or other LAN 201 is
coupled to an 802.11 server 203 via firewall (FW) 202. Server 203
communicates with mobile stations in a number of 802.11 cells
206.sub.1-206.sub.n n using an access point in each of cells
206.sub.1-206.sub.n, such as access point 204. Server 203 is
coupled to access points such as access point 204, via an Ethernet
connection. There is one access point for each of the 802.11 cells
206.sub.1-206.sub.n. Mobile stations in each of the 802.11 cells,
such as laptops 205.sub.1 and 205.sub.2 in cell 2061, communicate
wirelessly with the access points via the 802.11 protocol. The
communications from mobile stations in the 802.11 cells to the
access points are forwarded through to server 203 and potentially
to Internet/LAN 201, while communications from Internet/LAN 201 are
forwarded through server 203 to the mobile stations via the access
points.
[0007] There are a number of problems associated with the current
implementations of 802.11 networks. For example, in order to set up
an 802.11 network such as shown in FIG. 2, a site survey is
required in order to determine where each of the access points are
to be placed to ensure that the 802.11 cells provide complete
coverage over a particular geographic area. This may be costly.
Also, the cost of each of the access points is approximately
$500.00. Generally, such a high cost is a deterrent to having a
large number of access points. However, by reducing the number of
access points, coverage diminishes and the 802.11 network is less
effective. Furthermore, there are a number of mobility problems
associated with the current 802.11 network deployments. For
example, the 802.11 standard sets forth a number of solutions to
handle the issue of mobility of mobile stations between the 802.11
cells. However, these schemes do not work effectively as there is
no standard solution in place and users haven't indicated a desire
for long-term proprietary solutions.
[0008] Moreover, if such communications are employed to enable
access to a company's corporate server or sensitive information,
additional precautions are often necessary, particularly where
access may be by a laptop computer system which may fall into the
hands of a hacker that tries to use the computer system to gain
access to the information. In such case, the hacker may tries to
gain access through any interface that a device has. Thus,
solutions to prevent such attacks are needed when using such
systems.
BRIEF SUMMARY OF THE INVENTION
[0009] A method and apparatus for communicating between devices is
described. In one embodiment, the method comprises allowing a
mobile station to have a first connection to a network over a first
interface and determining that the mobile station is attempting to
have a second connection to the network over a second interface
other than the first interface.
BRIEF DESCRIPTION OF THE DRAWINGS/FIGURES
[0010] The present invention will be understood more fully from the
detailed description given below and from the accompanying drawings
of various embodiments of the invention, which, however, should not
be taken to limit the invention to the specific embodiments, but
are for explanation and understanding only.
[0011] FIG. 1 illustrates an exemplary network environment used
today.
[0012] FIG. 2 illustrates one embodiment of an 802.11 based
wireless LAN-based (LAN) system.
[0013] FIG. 3 illustrates one embodiment of a network
architecture.
[0014] FIG. 4A is a flow diagram of one embodiment of a receiver
diversity processing performed by a repeater.
[0015] FIG. 4B is a flow diagram of one embodiment of a receiver
diversity processing performed by a switch.
[0016] FIG. 4C is a process for managing repeaters using a
token-based mechanism.
[0017] FIG. 4D is one embodiment of a token-based process for
handling packets.
[0018] FIG. 5A illustrates one technique for location tracking by
RSSI.
[0019] FIG. 5B is a flow diagram of one embodiment of a process for
performing location tracking by a switch.
[0020] FIG. 6 illustrates mobility supported by routing.
[0021] FIG. 7 illustrates one embodiment of a network system.
[0022] FIG. 8 illustrates one embodiment of a protocol
architecture.
[0023] FIG. 9A illustrates one embodiment of a switch.
[0024] FIG. 9B illustrates one embodiment of a repeater.
[0025] FIG. 10 illustrates one embodiment of a hardware
architecture for a repeater.
[0026] FIG. 11 is a block diagram of one embodiment of the base
stand processor of a repeater.
[0027] FIG. 12A is a block diagram of one embodiment of a
switch.
[0028] FIG. 12B is a flow diagram of one embodiment of a process
for reconfiguring the wireless communication system.
[0029] FIG. 13 is one embodiment of a distributed MAC
architecture.
[0030] FIG. 14 illustrates one embodiment of the switching
plane.
[0031] FIG. 15 illustrates the communication network and exemplary
data traffic process.
[0032] FIG. 16 illustrates an exemplary process for transferring
data traffic from a mobile station to a desktop.
[0033] FIG. 17 illustrates an exemplary process for transferring
data traffic between two mobile stations.
[0034] FIG. 18 illustrates an exemplary process for transferring
data traffic from a desktop to a mobile station.
[0035] FIG. 19 is a data flow diagram of one embodiment of an
association and token assignment process.
[0036] FIG. 20 is a block diagram of two MAC sublayer instances in
a switch.
[0037] FIG. 21 is a data flow diagram of one embodiment of a
re-association process.
[0038] FIG. 22 is a flow diagram on one embodiment of a
disassociation process.
[0039] FIG. 23A is a flow diagram of one embodiment of the process
of tracking multiple mobile station interfaces.
[0040] FIG. 23B is an alternative embodiment of a switch.
DETAILED DESCRIPTION OF THE INVENTION
[0041] A communication system is described. In one embodiment, the
communication system comprises a mobile station having a
transmitter to transmit packets wirelessly according to a protocol
and multiple repeaters communicably coupled with the mobile
station. Each of the repeaters may receive one or more packets of
the wirelessly transmitted packets from one or more mobile station
and forwards them to a switch. Similarly, the switch sends one or
more packets to the one or more mobile stations via the
repeaters.
[0042] A technique is disclosed herein that tracks when a mobile
station is attempting to connect to the network over more than one
mobile station interface. In one embodiment, a switch described
herein allows a mobile station to have one connection to a network
over one of its interfaces (e.g., a 802.11 wireless interface).
Thereafter, the switch determines that the mobile station is
attempting to have a second connection to the network over another
mobile station interface (e.g., a wired interface). In one
embodiment, the switch makes the determination by checking a table
(e.g., an active stations list) of mobile stations along with a
list of the interfaces available for each of the listed mobile
stations to determine if media access control (MAC) addresses of
both interfaces (e.g., the wireless and the wired interfaces) are
listed as belonging to the same mobile station. In one embodiment,
the switch enforces a security policy in response to determining
that a mobile station is attempting to connect to the network over
one interface when already connected over another interface.
[0043] In the following description, numerous details are set forth
in order to provide a thorough understanding of the present
invention. It will be apparent, however, to one skilled in the art,
that the present invention may be practiced without these specific
details. In other instances, well-known structures and devices are
shown in block diagram form, rather than in detail, in order to
avoid obscuring the present invention.
[0044] Some portions of the detailed descriptions which follow are
presented in terms of algorithms and symbolic representations of
operations on data bits within a computer memory. These algorithmic
descriptions and representations are the means used by those
skilled in the data processing arts to most effectively convey the
substance of their work to others skilled in the art. An algorithm
is here, and generally, conceived to be a self-consistent sequence
of steps leading to a desired result. The steps are those requiring
physical manipulations of physical quantities. Usually, though not
necessarily, these quantities take the form of electrical or
magnetic signals capable of being stored, transferred, combined,
compared, and otherwise manipulated. It has proven convenient at
times, principally for reasons of common usage, to refer to these
signals as bits, values, elements, symbols, characters, terms,
numbers, or the like.
[0045] It should be borne in mind, however, that all of these and
similar terms are to be associated with the appropriate physical
quantities and are merely convenient labels applied to these
quantities. Unless specifically stated otherwise as apparent from
the following discussion, it is appreciated that throughout the
description, discussions utilizing terms such as "processing" or
"computing" or "calculating" or "determining" or "displaying" or
the like, refer to the action and processes of a computer system,
or similar electronic computing device, that manipulates and
transforms data represented as physical (electronic) quantities
within the computer system's registers and memories into other data
similarly represented as physical quantities within the computer
system memories or registers or other such information storage,
transmission or display devices.
[0046] The present invention also relates to apparatus for
performing the operations herein. This apparatus may be specially
constructed for the required purposes, or it may comprise a general
purpose computer selectively activated or reconfigured by a
computer program stored in the computer. Such a computer program
may be stored in a computer readable storage medium, such as, but
is not limited to, any type of disk including floppy disks, optical
disks, CD-ROMs, and magnetic-optical disks, read-only memories
(ROMs), random access memories (RAMS), EPROMs, EEPROMs, magnetic or
optical cards, or any type of media suitable for storing electronic
instructions, and each coupled to a computer system bus.
[0047] The algorithms and displays presented herein are not
inherently related to any particular computer or other apparatus.
Various general purpose systems may be used with programs in
accordance with the teachings herein, or it may prove convenient to
construct more specialized apparatus to perform the required method
steps. The required structure for a variety of these systems will
appear from the description below. In addition, the present
invention is not described with reference to any particular
programming language. It will be appreciated that a variety of
programming languages may be used to implement the teachings of the
invention as described herein.
[0048] A machine-readable medium includes any mechanism for storing
or transmitting information in a form readable by a machine (e.g.,
a computer). For example, a machine-readable medium includes read
only memory ("ROM"); random access memory ("RAM"); magnetic disk
storage media; optical storage media; flash memory devices;
electrical, optical, acoustical or other form of propagated signals
(e.g., carrier waves, infrared signals, digital signals, etc.);
etc.
Exemplary Network Architecture
[0049] FIG. 3 illustrates one embodiment of a network architecture.
Referring to FIG. 3, a LAN backbone 102 interfaces a number of
desktops 103.sub.1-103.sub.n to Internet 101. Note that the present
invention does not require that a LAN backbone be included. All
that is necessary is that there be a communication mechanism that
is capable of receiving packets from other devices and/or sending
packets to other devices.
[0050] Similar to FIG. 1, LAN backbone 102 includes firewall 102A,
corporate server 102B and Ethernet switch 102C. However, in
contrast to FIG. 1, LAN backbone 102 also includes switch 301 which
interfaces to repeaters 302.sub.1-302.sub.3. Although only three
repeaters are shown, alternative embodiments may utilize any number
of repeaters with a minimum of one. In one embodiment, switch 301
is coupled to repeaters 302.sub.1-302.sub.3 via a wired connection,
such as cabling. In one embodiment, the wired connection may
comprise CATS cabling.
[0051] Each of repeaters 302.sub.1-302.sub.3 receives wireless
communications from devices (e.g., mobile stations such as, for
example, a mobile phone, a cellular phone, a cordless phone, a
headset, a voice-enabled mobile station, a laptop computer system,
a personal digital assistant, a computer-data-enabled mobile
station, a speakerphone, video game controller, a DVD controller, a
stereo controller, a TV controller, etc.) in the coverage areas of
the repeaters. In one embodiment, these wireless communications are
performed according to the 802.11 protocol. That is, each of the
mobile stations in each of cells 310.sub.1-310.sub.n exchanges
packets with repeaters 302.sub.1-302.sub.3 using the 802.11
protocol.
[0052] In one embodiment, switch 301 includes 802.11 MAC (medium
access control) protocol software and/or hardware that allows
switch 301 to communicate with repeaters 302.sub.1-302.sub.3.
Different from the prior art, some of the 802.11 MAC functionality
typically associated with the access points, as described above in
the Background section, are not in repeaters 302.sub.1-302.sub.3
and are, instead, centralized in switch 301. More specifically, the
MAC layer is split between repeater 302.sub.1-302.sub.3 and switch
301 to enable transfer of messages over wiring (e.g., CAT5
cabling). As such, repeaters 302.sub.1-302.sub.3 and switch 301
coordinate to perform functionality of the 802.11 MAC layer as
described below.
[0053] In one embodiment, switch 301 includes one or more Ethernet
connectors (e.g., external Ethernet connector) to enable a computer
system, such as desktop computer system 303, or other device, to
have an Ethernet connection to LAN backbone 102 via switch 301.
Similarly, in one embodiment, one or more of repeaters
302.sub.1-302.sub.3 includes an Ethernet connector to enable a
device (e.g., computer system, such as desktop computer system 304)
to gain access, via a repeater, such as repeater 302.sub.3, to
switch 301 and the rest of the communication system. In such a
case, the wiring coupling switch 301 to repeaters
302.sub.1-302.sub.3 may combine 802.11 information, including
management and control (as opposed to solely data) information,
with traditional Ethernet packets on the same wiring (e.g.,
CATS).
Distributed Receiver Diversity Approach
[0054] The network architecture described above allows for
overlapping coverage between cells supported by the repeaters. This
overlapping coverage allows for receiver diversity.
[0055] The packets from the mobile stations in each of the cells
are broadcast and may be received by multiple repeaters. By
allowing multiple repeaters to receive packets from one of the
mobile stations, collisions and dropped packets may be reduced or
avoided. For example, if a collision occurs or if a packet is
dropped by one of the repeaters, then a particular packet can still
be received by other repeaters. In this manner, the use of
repeaters described herein provides for higher reliability.
[0056] In an embodiment in which mobile stations exchange packets
with repeaters using the 802.11 protocol, each packet from a mobile
station includes an Ethernet MAC address, which is embedded in the
packet. Each packet may be received by one or more repeaters. Each
repeater that receives a packet from a mobile station without
errors (i.e., cleanly) determines the received signal strength of
the packet in a manner well-known in the art. The received signal
strength is converted into an indication, such as a received signal
strength indicator (RSSI). In one embodiment, the RSSI is specified
in a value from 1 to 127. These 128 discrete values can be mapped
to dB signal strength values based on the particular implementation
being used. In one embodiment, all repeaters send their RSSI for
the packet to switch 301. The repeater that is assigned to the
mobile station (e.g., has the token for the mobile station) sends
the packet along with the RSSI. In one embodiment, the repeater
encapsulates the packet into an Ethernet packet with the RSSI in a
header and forwards the Ethernet packet to switch 301. In an
alternative embodiment, each repeater receiving the packet without
error forwards the packet, along with the RSSI to the switch. Thus,
all packets received from mobile stations by a repeater without
errors are forwarded to switch 301. Switch 301 knows which repeater
sent the packet(s) because it is received on its preassigned
port.
[0057] In one embodiment, the fact that a particular repeater
received a packet without errors is communicated to all other
repeaters. In one embodiment, this is accomplished by having the
repeater send each encapsulated packet and its RSSI as a broadcast
packet to switch 301. This broadcast packet is similar to those
broadcast packets used in Ethernet and includes a special broadcast
address, which is recognized by switch 301. In another embodiment,
only the header of the packet, which includes the RSSI and uniquely
identifies the packet, is encapsulated and sent as a broadcast
packet to the other repeaters. In this case, the data portion of
the packet is not forwarded.
[0058] In response to receiving the broadcast packet with the
specific broadcast address, switch 301 broadcasts the packet on all
of the other ports used for communication between switch 301 and
the other repeaters.
[0059] In one embodiment, upon receiving a packet without error
from a particular mobile station, the repeater sets a timer within
which it is to receive packets received by other repeaters that are
duplicates to the packet it has already received. When the timer
expires, the repeater examines the RSSI of the packet it received
(without error) with the RSSI values of duplicate packets received
by other repeaters. Based on that information, the repeater
determines if it is to send an acknowledgement packet for the
subsequent transmission from the mobile station. Thus, if the time
expires without receiving a duplicate packet, the repeater sends
the acknowledgement. If the timer expires and the repeater receives
a duplicate packet, thereafter, it is treated as a new packet. To
avoid this, the timer time out value is set to handle the worst
case time delay that a repeater may face in receiving duplicate
packets.
[0060] In one embodiment the communication protocol used between
the mobile stations and the repeater is a modified version of the
802.11 protocol in which acknowledgement packets are disabled and
thus, not sent. By doing so, a repeater that is assigned to a
particular mobile station in response to receiving a packet at a
larger received signal strength than any other repeater may not be
delayed in handling the packet, and thereby avoids missing a
portion of a packet from the mobile station.
[0061] Note that switch 301 forwards each packet received from
repeaters (note duplicates) to the remainder of the communication
system (e.g., LAN backbone, other mobile stations, the Internet,
etc.). In one embodiment, this occurs after de-duplication of
packets so that only one copy of each packet is forwarded.
[0062] Once the broadcast packets have been received, in one
embodiment, all the repeaters know what packets were received
cleanly by the others and at what RSSI the packets were received by
the other repeaters. Thereafter, each repeater selects the packet
with the highest RSSI and determines the repeater that received it.
In other words, each repeater performs a comparison on the received
signal strength of the packets it received that were also received
by one or more other repeaters. For each of the packets that a
repeater receives at a power level higher than any of the other
repeaters that received that packet, that repeater sends an
acknowledgement back to the mobile station acknowledging that the
packet was received without errors. This prevents all the repeaters
that receive the packet cleanly from sending multiple
acknowledgements to the mobile station.
[0063] In one embodiment, if two repeaters have the same receive
signal strength for a packet, the repeater with the lower port
number (the port number by which switch 301 is coupled to the
repeater) is the repeater that is selected to send the
acknowledgement to the mobile station. In this manner, only one
repeater is selected to send the acknowledgement to the mobile
station and, thus, the receiver diversity is handled in the network
architecture in a distributed fashion. In one embodiment, to enable
the repeaters to determine which is to send the acknowledgement in
the case of a packet received with the same received signal
strength by multiple repeaters, each packet includes identification
information, such as its switch port number, to enable the
determination of which has the lowest port number. Note, in an
alternative embodiment, the repeater with the highest port number
may be the one to send the acknowledgement or other pre-assigned
priority information may be used by the repeaters in such
situations. In an alternative embodiment, instead of using the port
number to determine which repeater is to send the acknowledgement
when two repeaters have the same received signal strength, the
repeater MAC address may be used. For example, the repeater with
the lowest MAC address may send the acknowledgement packet, or
alternatively, the repeater with the highest MAC address may send
the acknowledgement packet. Using the repeater MAC address for the
determination is preferred in cases where a layer 2 network is
communicatively coupled between the repeaters and the switch such
that a single port is used by multiple repeaters.
[0064] FIG. 4A is a flow diagram of one embodiment of a receiver
diversity process performed by a repeater. The process is performed
by processing logic that may comprise hardware (circuitry,
dedicated logic, etc.), software (such as is run on a general
purpose computer system or a dedicated machine), or a combination
of both.
[0065] Referring to FIG. 4A, processing logic initially receives an
802.11 packet (processing block 401). In response to the 802.11
packet, processing logic determines the received signal strength
(e.g., RSSI) (processing block 402). In one embodiment, this
processing logic comprises a hardware mechanism, such as a radio
frequency (RF) device (e.g., integrated circuit (e.g., RF IC 1002
in FIG. 10)) in the repeater. In such a case, the RF device sends
the RSSI to a baseband processor in the repeater.
[0066] Thereafter, processing logic encapsulates 802.11 packet and
RSSI in an Ethernet packet (processing block 403) and sends the
Ethernet packet to the switch (processing block 404). In one
embodiment, a baseband processor (e.g., baseband processor 1001 in
FIG. 10) performs the encapsulation and sends the Ethernet packet
to the switch.
[0067] Later in time, processing logic receives one or more packets
from the switch that are duplicates of the 802.11 packet. These
duplicate packets are transmitted by other repeaters and
encapsulated by those repeaters, along with their RSSIs (processing
block 405). Processing logic in the repeater compares RSSIs for the
duplicate packets (processing block 406). In one embodiment, a
baseband processor (e.g., baseband processor 1001 in FIG. 10)
performs the comparison. If the repeater determines it received the
802.11 packet with the highest RSSI, then processing logic sends
the acknowledgment packet to the mobile station (processing block
407).
[0068] FIG. 4B is a flow diagram of one embodiment of a receiver
diversity processing performed by a switch. The process is
performed by processing logic that may comprise hardware
(circuitry, dedicated logic, etc.), software (such as is run on a
general purpose computer system or a dedicated machine), or a
combination of both.
[0069] Referring to FIG. 4B, processing logic initially receives a
packet from a repeater (processing block 411). In response to the
packet, processing logic determines that the packet is to be sent
to the other repeaters and re-broadcasts the received packet to
other repeaters (processing block 412). Then processing logic sends
only one copy of the packet to the rest of the network (processing
block 413).
Token-Based Receiver Diversity Approach,
[0070] Note that the above receiver diversity procedure is
particularly useful when gigabit or faster Ethernet communication
exists between switch 301 and repeaters 302.sub.1-302.sub.3.
However, if such is not the case, another technique for receiver
diversity may be utilized. For example, a token-based receiver
diversity procedure may be used. In this case, switch 301 has a
token for every mobile station on the 802.11 network and it gives
the token to one of the repeaters. In other words, switch 301
pre-assigns the token before a packet is even transmitted by a
mobile station. The repeater stores the token in a table that lists
all mobile stations for which it has a token. The repeater with the
token sends the acknowledgement packet to the mobile stations
listed in the table when those mobile stations send packets that
are received by the repeater. Therefore, a comparison of received
signal strengths for duplicate packets is not necessary. Note that
in one embodiment with this token based mechanism, if the repeater
with the token does not receive a packet cleanly, but another
repeater does, that packet will be forwarded to the switch and not
acknowledged to the mobile client. However, switch 301 moves the
token before a subsequent packet is sent by the mobile station.
Therefore, this will only occur for one packet.
[0071] In one embodiment, switch 301 includes a database with a
listing of mobile stations and repeater numbers corresponding to
the repeater that has been designated to acknowledge packets
received from the mobile station and, thus, has the token. The
table may also include additional information describing the
repeater itself.
[0072] Since switch 301 receives the received signal strength from
each repeater that received a packet without error, switch 301 can
determine the closest repeater to a particular mobile station. If
the repeater determined to be closest to the particular mobile
station is different than the one previously identified as closest
(e.g., based on RSSI of packets received from the mobile station),
then switch 301 moves the token to a new repeater, i.e. the one
that is closer to the mobile station. The token may be moved on a
packet-by-packet basis or every predetermined number of the packets
(e.g., 10 packets, 100 packets, etc.).
[0073] Switch 301 may employ a timer to indicate the time during
which duplicate RSSI values for the same packet may be received in
much the same manner the timer is used by the repeaters in the
distributed approach described above.
[0074] FIG. 4C is a process for managing repeaters using a
token-based mechanism. The process is performed by processing logic
that may comprise hardware (circuitry, dedicated logic, etc.),
software (such as is run on a general purpose computer system or a
dedicated machine), or a combination of both.
[0075] Referring to FIG. 4C, processing logic first determines the
location of mobile stations with respect to repeaters (processing
block 451). Processing logic then assigns a token for each of the
mobile stations to one of the repeaters (processing block 452) and
stores an indication of the repeater assigned to each mobile
station (processing block 453). This information is stored in a
table in memory. This table is referred to herein as an active
station list. In one embodiment, this table includes a listing of
mobile stations and an indication of which repeater and/or switch
port number is assigned to the mobile station. The table may be the
same data structure used for location tracking described below.
[0076] In one embodiment, the switch assigns a token by sending an
Add Token command to the repeater, which causes the repeater to add
a new mobile station to its table of mobile stations that the
repeater supports. This command includes the MAC address of the
mobile station.
[0077] Subsequently, processing logic periodically tests whether
the repeater assigned the token for a particular mobile station is
still the closest repeater to that mobile station (processing block
454). If so, then the processing is complete. If not, then
processing logic moves the token to the closest repeater
(processing block 455) and updates the table (e.g., the active
station list) to reflect the new repeater that is closest to the
mobile station (processing block 456). Processing logic also
updates the switch port to reflect the new repeater for use when
sending packets to the mobile station from the switch.
[0078] In one embodiment, the switch moves the token by sending a
Delete Token command to the repeater that currently has it, causing
the repeater to delete the token (and assorted MAC Address) from
its list of supported mobile stations, and by sending an Add Token
command to the repeater that is currently closest to the mobile
station.
[0079] FIG. 4D is one embodiment of a token-based process for
handling packets. The process is performed by processing logic that
may comprise hardware (circuitry, dedicated logic, etc.), software
(such as is run on a general purpose computer system or a dedicated
machine), or a combination of both.
[0080] Referring to FIG. 4D, processing logic receives a token from
the switch (processing block 470) and stores the token in a table
stored in a repeater memory that indicates all the mobile stations
for which the repeater has a token (processing block 471).
[0081] Subsequently, when processing logic receives a packet from
mobile station (processing block 472), processing logic compares
the MAC address of the 802.11 packet from the mobile station with
the address in the table (processing block 473). Then, processing
logic tests whether the MAC address of a packet equals an address
in the table (processing block 474). If so, processing logic
provides an acknowledgment (ACK) packet to the mobile station
(processing block 475). If not, processing logic ignores the
packet.
[0082] Note that since all repeaters communicate the fact that they
received a packet from a mobile station along with the received
signal strength to switch 301, switch 301 is able to determine the
coverage area of the transmission of the mobile station. In one
embodiment, each packet received by switch 301 from the repeaters
terminates in a network processor in switch 301 (e.g., network
processor 1206 of FIG. 12), which determines the coverage area
because it has access to the RSSI values. By determining the
coverage area of the transmission, switch 301 is able to track the
location of a particular device.
Downstream Communication Scheduling
[0083] For communications in the reverse direction (e.g., in the
downstream direction), in one embodiment, the repeater
transmissions are scheduled to reduce collisions. This scheduling
is useful because repeaters can be close enough to interfere with
one another. Because of this, switch 301 schedules the
transmissions to prevent the collisions when the repeaters are
actually transmitting.
[0084] For example, if a packet is destined for a particular IP
address, then switch 301 performs an address translation to
translate, for example, the IP address into an Ethernet MAC
address. Switch 301 uses the Ethernet MAC address to search in a
location tracking database to determine which repeater is closest
to the mobile station having the Ethernet MAC address. Once the
repeater is identified by switch 301, then switch 301 knows the
switch port on which the packet should be sent so that it is sent
to the repeater listed in the location tracking database (for
forwarding by the repeater to the mobile station).
[0085] Once the repeater (and the port number) has been identified,
switch 301 checks whether an interference problem would be created
if the packet is sent by switch 301 to the mobile station at that
time. An interference problem would be created if there are other
transmissions that would be occurring when the packet is forwarded
onto its destination mobile station. If no interference problem
would exist, switch 301 sends the packet through the identified
port to the repeater most recently determined to be closest to the
mobile station. However, if an interference problem would be
created by sending the packet immediately, then switch 301 delays
sending the packet through the identified port to the repeater most
recently determined to be closest to the mobile station.
[0086] In one embodiment, to determine if an interference problem
would exist if a packet is sent immediately upon determining the
switch port number on which the packet is to be sent, switch 301
maintains and uses two databases. One of the databases indicates
which of the repeaters interfere with each other during their
transmissions. This database is examined for every downstream
packet that is to be sent and switch 301 schedules the transmission
of downstream packets so that the repeaters that interfere with
each other when they transmit at the same time do not transmit at
the same time. The other database is a listing of mobile stations
and the corresponding set of repeaters that last received the
transmissions. If two mobile stations have overlapping sets, then
it is possible for their acknowledgement packets to interfere when
they simultaneously receive non-interfering data packets from
different repeaters. Because the mobile stations send acknowledge
packets upon receiving downstream packets, there is a possibility
that the mobile stations will interfere with each other when
sending their acknowledgement packets. Switch 301 takes this
information into account during scheduling and schedules downstream
packets to the mobile stations to reduce the occurrence of mobile
stations interfering with other when sending acknowledgment
packets. The information in these two databases may be collected by
sending out test packets to the WLAN to determine which repeaters
and mobile devices cause the interference described above.
Upstream Communication Scheduling
[0087] The same databases used for downstream traffic scheduling
may be used for upstream traffic scheduling to enable the switch to
schedule upstream communications. As with downstream traffic, by
using the two databases, the switch is able to determine when
parallel communication may take place based on the overlap
described above. This scheduling may be used to implement quality
of service (QoS) where a period of time when traffic is scheduled
is used (bypassing the CSMA algorithm).
Location --Tracking by Received Signal Strength (RSSI)
[0088] FIG. 5A illustrates one technique for location tracking by
RSSI. Referring to FIG. 5A, switch 301 obtains the RSSI for each
packet received by the repeaters and may have multiple RSSI values
for a packet when that packet is received by two or more different
repeaters. More specifically, a mobile station communicates with
two (or more) repeaters and one repeater is going to have a
stronger received signal strength than the other for the same
packet. Based on this information, switch 301 is able to determine
that a mobile station is closer to one repeater than the other. By
continually monitoring the received signal strength, switch 301 can
track the movement of a mobile station with respect to the
repeaters.
[0089] FIG. 5B is a flow diagram of one embodiment of a process for
performing location tracking by a switch. The process is performed
by processing logic that may comprise hardware (circuitry,
dedicated logic, etc.), software (such as is run on a general
purpose computer system or a dedicated machine), or a combination
of both. In one embodiment, the processing logic comprises a
network processor in the switch (e.g., network processor 1206 of
FIG. 12).
[0090] Referring to FIG. 5B, processing logic compares the RSSI for
the duplicate packets received by different repeaters from a mobile
station (processing block 550) and tests whether the repeater with
the highest RSSI for the packet is the repeater listed as closest
to the mobile station in a location tracking table (e.g., database)
(processing block 551). If not, processing logic updates the table
to indicate that the repeater that received the packet with the
highest RSSI is the closest repeater (processing block 552).
Processing logic also switches port assignment for the mobile
station to the port of new repeater (if the port is different than
the port of the previously assigned repeater).
[0091] In one embodiment, the location tracking table may include a
listing of mobile stations and their individually assigned
repeaters. The location tracking table may also be referred to
herein as the active station list. This table may also include, or
include instead of the assigned repeater, an indication of the
switch port by which the switch is to communicate with the repeater
assigned to each mobile station.
Mobility Supported by Routing
[0092] FIG. 6 illustrates mobility supported by routing. Referring
to FIG. 6, the dotted arrow path for communication from switch 301
to mobile station 601 through repeater 302.sub.2 is the original
communication path with the network. As the mobile station 601
moves, a routing handoff occurs so that communication occurs over
the solid arrowed path. In order to accomplish this handoff, switch
301 reroutes the packet to a different port. For example, if the
first communication path illustrated as the dotted line arrow was
on port 1, switch 301 may switch the packet to port 5, the port
that associated with the communication path through repeater
302.sub.1. Thus, mobility is supported by simply moving a packet to
a different port of switch 301 that is assigned to a different
repeater. In such a situation, the mobility provisions of the
802.11 protocol may be ignored. Note that for embodiments where
multiple repeaters are on the same port, the repeater MAC address
may be changed instead of changing the port number.
[0093] In one embodiment, switch 301 determines that a particular
mobile station is closer to a different repeater (by monitoring the
received signal strength of duplicate packets). As described above,
switch 301 maintains a table (e.g., database, active station list,
etc.) of all mobile stations in the 802.11 network and includes an
indication of the repeater closest to each mobile station. Switch
301 performs port-based routing and may use the table in the same
manner an IP routing table is used. Switch 301 has an Ethernet port
for each repeater. When switch 301 determines that a mobile station
is closer to a repeater that is different than the one listed in
the database (based on the received signal strength of duplicate
packets among multiple repeaters), then switch 301 updates the
database. Thereafter, if a packet is received by switch 301 for
that mobile station, switch 301 merely sends it out on the Ethernet
port assigned to the repeater that was most recently determined to
be the closest to that mobile station.
Multi-Switch System
[0094] FIG. 7 illustrates one embodiment of a multi-switch system.
Referring to Figure the network architecture includes switches 701
and 702 are communicably coupled to server 712. In one embodiment,
server 712 is part of a LAN backbone through which access to the
Internet and other resources is made. Alternatively, server 712 may
act as an interface to another portion of the communication system.
Each of switches 701 and 702 is coupled to one or more repeaters in
the same manner as described above with respect to FIG. 3. In still
another embodiment, server 712 may exist within one of, or both,
switches 701 and 702.
Protocol Architecture
[0095] FIG. 8 illustrates one embodiment of a protocol
architecture. Referring to Figure switch 801 is shown having a
network layer 801A and a MAC layer 801B. In one embodiment, the
network layer 801A comprises a TCP/IP network layer. MAC sublayer
801B communicates with a MAC sublayer of each of repeaters
802.sub.1-802.sub.N. Thus, in contrast to the prior art in which
the 802.11 MAC layer is completely within the access point, the
802.11 MAC layer is split between switch 301 and repeaters
802.sub.1-802.sub.N, and the MAC sublayer of the repeaters performs
much less functionality than the MAC sublayer of the access points
described above.
[0096] In one embodiment, the repeater MAC sublayer is responsible
for performing portions of the 802.11 protocol including handling
CSMA/CA, DIFS/EIFS interframe spacing (IFS) timing, SIFS timing and
control, generating acknowledgement (of ACK) frames (during
transmit only) on data packets received, such as 802.11 data frames
and generating CTS (clear-to-send) frames in response to RTS
(request-to-send) frames. The repeater MAC sublayer may also
respond to the resetting of internal network allocation vectors
(NAVs) which are embedded into certain frames (e.g., RTS and CTS
frames). Each of the above repeater MAC functions may be
implemented in a manner that is well-known is the art.
[0097] In addition to the MAC sublayer, each of repeaters
802.sub.1-802.sub.N includes an 802.11 physical layer or other
wireless physical layer.
[0098] The switch MAC sublayer is responsible for handling multiple
frame types during reception from the repeaters. In one embodiment,
the MAC frame types the switch is capable of handling include an
association request, reassociation request, probe request, ATIM,
disassociation, authentication, deauthentication, PS-Poll, CTS
(updates NAV in repeaters), ACK (in response to data frames), data
and Null frames.
[0099] The switch MAC frame types that are accommodated during
transmission include an association response, a reassociation
response, probe response, ATIM (announcement traffic indication
message), disassociation, deauthentication, PS-Poll, data frames,
Null frames, RTS (updates NAV in repeater), and beacon frames. It
should be noted that the MAC frame types that the switch
accommodates during receive and transmit are well known in the arts
and part of the 802.11 standard. Each of the above switch MAC
functions may be implemented in a manner that is well-known is the
art.
[0100] FIG. 9A illustrates an embodiment of a switch. In one
embodiment, exemplary switch 900 includes session management unit
901, protocol unit 902, location tracking unit 903, fragmentation
unit 904, DCF (distributed coordination function) unit 905, packet
de-duplication unit 906 and SNMP (simple network management
protocol) unit 907. Some of these units may be implemented within
the corresponding MAC layer of the switch. In one embodiment,
session management unit 901, which may be a part of the switch
management entity (SwME), is responsible for handling initial
handshakes with one or more repeaters and the associated mobile
devices, including, but not limited to authentication, association,
and disassociation, etc. In one embodiment, protocol unit 902
handles a variety of network protocols including 802.11 wireless
protocol, RADIUS, VPN (virtual private network) protocol, as well
as other wireless protocols, such as, for example, 802.15 (wireless
personal area network or WPAN, also referred to as Bluetooth)
protocol or 802.16 (broadband wireless metropolitan area network)
protocol.
[0101] Location tracking unit 903 is responsible for tracking one
or more mobile stations communicating with one or more repeaters
using one of the aforementioned mechanisms shown in FIGS. 5A and
5B. In one embodiment, location tracking unit 903 obtains the RSSI
for each packet received by the repeaters and may have multiple
RSSI values for a packet when that packet is received by two or
more different repeaters. More specifically, a mobile station
communicates with two (or more) repeaters and one repeater
typically has a stronger received signal strength than the other
for the same packet. Based on this information, location tracking
unit 903 is able to determine that a mobile station is closer to
one repeater than the other. By continually monitoring the received
signal strength, location tracking unit 903 tracks the movement of
a mobile station with respect to the repeaters. Based on this
information, location tracking unit 903 may automatically perform
an operation similar to a site survey and may reconfigure the
communication network, which will be described in details further
below. In one embodiment, location tracking unit 903 may notify
session management unit 901 to perform such operations. In a
further embodiment, location tracking unit 903 may further detect
whether an interference between multiple mobile stations exists and
may signal session management unit 901 to perform further action,
such as, for example, queuing and rescheduling of requests, such
that multiple mobile stations may be able to share a communication
channel (e.g., single frequency band), which will be described
further below.
[0102] Fragmentation unit 904 is responsible for fragmenting
packets to improve performance in the presence of RF interference
detected using one of the aforementioned processes. The use of
fragmentation can increase the reliability of frame transmissions.
By sending smaller frames, collisions are much less likely to
occur. The fragment size value may be typically set between 256 and
2,048 bytes. However, this value may be user controllable via, for
example, a user interface of session management unit 901.
[0103] DCF unit 905 is responsible for handling DCF functionality
according to 802.11 specifications. DCF unit 905 typically operates
based on the CSMA/CA (carrier sense multiple access with collision
avoidance) protocol. In a conventional approach, typical 802.11
stations contend for access and attempt to send frames when there
is no other station transmitting. If another station is sending a
frame, the stations wait until the channel is free. According to
one embodiment, when DCF unit 905 detects if interference exists
between multiple mobile stations, DCF unit 905 may signal session
management unit 901 to queue up the frames and reschedule to
processing of these frames to avoid interference. As a result,
mobile stations do not need to worry about interference and wait
for a free channel, which leads to a wider bandwidth of the
network.
[0104] As described above, switch 900 may receive multiple
identical packets from multiple repeaters because the corresponding
mobile station may send the same packet to multiple repeaters
within a coverage area. The switch may broadcast the packet to the
rest of the repeaters. In order to avoid broadcasting the same
packet multiple times, switch 900 may invoke packet de-duplication
unit 906 to de-duplicate the duplicated packets and only one of
multiple instances of the same packet gets broadcasted.
[0105] SNMP unit 907 performs typical network management operations
well known in the art. SNMP is a protocol governing network
management and the monitoring of network devices and their
functions. It is not necessarily limited to TCP/IP networks.
[0106] FIG. 9B illustrates an embodiment of a MAC sublayer of a
repeater. In one embodiment, the repeater MAC sublayer 908 is
responsible for performing portions of the 802.11 protocol
including handling CSMA/CA, DIFS/EIFS interframe spacing (IFS)
timing, SIFS timing and control (block 912), generating
acknowledgement (of ACK) frames (during transmit only) on data
packets received, such as 802.11 data frames (block 911) and
generating CTS (clear-to-send) frames in response to RTS
(request-to-send) frames. The repeater MAC sublayer may also
respond to the resetting of internal network allocation vectors
(NAVs) which are embedded into (e.g., RTS and CTS frames) (block
910). Each of the above repeater MAC functions may be implemented
in a manner that is well-known is the art.
[0107] FIG. 10 illustrates one embodiment of a hardware
architecture for a repeater. Referring to FIG. 10, an RF chip 1002
receives and transmits RF transmissions using antenna 1003. In one
embodiment, RF chip 1002 comprises a standard 802.11 RF chip. In
one embodiment, antenna 1003 comprises a dual-diversity antenna.
Communications received by RF chip 1002 are forwarded on to
baseband processor 1001, which is a digital chip that is described
in further detail below. Similarly, transmissions to be sent are
received by RF chip 1002 from baseband processor 1001.
[0108] Baseband processor 1001 is a digital chip that performs the
reduced MAC functions as described above. The repeater also
includes a port 1007 for coupling to a switch, such as switch 301.
Baseband processor 1001 handles communication with switch 301 using
port 1007. In one embodiment, port 1007 also transfers information
(through the port) at 100 Mb/s bits per second. Port 1007 may also
provide power to baseband processor 1001.
[0109] A desktop port 1006 may be included to allow desktop or
other systems to plug into the repeater. Also, in one embodiment,
LEDs 1005, such as an activity LED, power LED, and/or link LED, may
be included in the repeater as well.
[0110] FIG. 11 is a block diagram of one embodiment of the baseband
processor of a repeater. Baseband processor 1001 includes a
repeater MAC and control unit 1105 that interfaces with RF chip
1002 using a protocol. In one embodiment, the interface comprises a
TCP/IP layer and an 802.11 MAC sublayer. The repeater MAC/control
unit 1105 is coupled to switch 1103. In one embodiment, MAC/control
unit 1105 communicates with switch 1103 using a TCP/IP layer and an
802.11 MAC sublayer tunneled inside Ethernet packets. Switch 1103
is also coupled to MAC/PHY layer unit 1104 which interfaces the
baseband processor to desktop port 1006. Switch 1103 is also
coupled to the activity/power/link LEDs 1005. Similarly, switch
1103 is coupled to the MAC/physical layer unit 1001 that interfaces
the rest of the components on baseband processor 1001 to switch
port 1007 via switch 1103. Also coupled to switch port 1007 is a
power distribution unit 1102. In one embodiment, power distribution
unit 1102 obtains power from the CATS wiring and provides it to the
rest of baseband processor 1001.
[0111] FIG. 12A is a block diagram of one embodiment of a switch.
Referring to FIG. 12, the switch includes one or more ports 1201 to
repeaters 1201. Although 12 are shown, any number may be included.
Ports 1201 are coupled to a switching processor 1202. In one
embodiment, switching processor 1202 switches 13 ports of gigabit
Ethernet and allows broadcast packets to be received on one port
and broadcast on the others without involving the rest of the
switch. In one embodiment, switching processor 1202 comprises a
BRCM 5633 gigabit switching processor from Broadcom Corporation of
Irvine, Calif.
[0112] HyperTransport controller 1203 is coupled to switching
processor 1202 and provides a gigabit Ethernet interface to the
rest of the switch architecture. In one embodiment, the
HyperTransport controller 1203 includes a diagnostic port 1204 and
another Ethernet port 1205 for use, for example, in coupling to a
corporate LAN.
[0113] In one embodiment, HyperTransport controller 1203 comprises
a Gallileo HyperTransport controller from Marvell of Sunnyvale,
Calif.
[0114] A network processor 1206 is coupled to HyperTransport
controller 1203 and performs the majority of the functions of the
switch, including the receiver diversity functions and
location-tracking functions described herein, with the exception of
the rebroadcast of the broadcast packets received by the switch,
which is handled by switching processor 1202. In one embodiment,
network processor 1206 is coupled to a boot memory 1209, a DRAM
1207 and one or more LEDs 1208. In one embodiment, network
processor 1206 comprises a PMC-Sierra RM9000X2 sold by PMC-Sierra
of Santa Clara, Calif., boot memory 1209 comprises an MB boot flash
AMD AM29LV640D boot flash memory and DRAM 1207 comprises 64 MB
synchronous DRAM (SDRAM) from Advanced Micro Devices, Inc. of
Sunnyvale, Calif.
[0115] In one embodiment, network processor 1206 includes a PCI
interface to a processor 1210. Processor 1210 may host certain
applications, such as, for example, firewall applications.
Processor 1210 may perform these functions with the use of hard
disk 1211, DRAM 1213 and console port 1211. DRAM 1213 may store the
active stations list and the access control list described herein.
Console port 1211 may provide access to a monitor or keyboard or
other peripheral device. In one embodiment, processor 1210
comprises a Pentium Processor manufactured by Intel Corporation of
Santa Clara, Calif.
[0116] In one embodiment, network processor 1206 executes software
instructions, which performs the 802.11 MAC layer. Network
processor 1206 may also execute a wireless LAN configuration module
to configure the wireless LAN network, a priority traffic
administration (e.g., traffic shaping) module, a management
software (e.g., Cisco IOS), a security protocol (e.g., 802.1x)
module, and a VPN/firewall module. Processor 1210 executes a
location tracking module to perform the location tracking.
Processor 1210 may also execute one or more of the following
software modules: clustering/HA, RADIUS/DHCP (remote authentication
dial-In user service/dynamic host configuration protocol), session
mobility, third party applications, XML (extensible markup
language) Web services, user administration software, and network
management software.
Reconfiguration of the Communication System
[0117] A technique described herein allows for the performance of
an automatic site survey to reconfigure the wireless communication
network. As part of the process, the repeaters in essence cause
their own reconfiguration by providing information to the switch
that the switch uses to determine whether reconfiguration is
necessary. In one embodiment, as a result of performing the
reconfiguration process, one or more repeaters may change their
state from activated, deactivated, or hot standby to another state
and/or change their transmitter power level and/or receiver
sensitivity. When in the activated state, a repeater is able to
receive packets from sending devices (e.g., mobile devices in the
network) and transmit packets to those devices. When in the
deactivated state, a repeater is not able to receive packets from
nor transmit packets to other devices (e.g., mobile devices in the
network). When in the hot standby state, a repeater is able to
receive packets from sending devices but not transmit packets to
those devices. It is possible that a repeater may not change its
state as part of the reconfiguration process, but may change its
transmit power level and/or its receiver sensitivity.
[0118] Reconfiguration may also occur by having one or more
repeaters change their channel numbers. The reconfiguration of the
network includes turning on and off repeaters and adjusting
transmitter power levels and receiver sensitivity. The
reconfiguration occurs periodically. Reconfiguration may occur
after a predetermined period of time (e.g., an hour) or a
predetermined amount of activity. The reconfiguration may occur in
response to an event. For example, if the activity of a repeater
receives a predetermined number of packets within a predetermined
period of time or the rate of packet reception increases by a
predetermined amount, then the reconfiguration may be performed. As
another example, the event may comprise a mobile station entering a
particular location (e.g., a conference room) where a repeater is
located and not on (thereby causing the system to be reconfigured
to have the repeater activated). In one embodiment, when the event
occurs, an alarm in the switch is triggered, causing the switch to
run the reconfiguration process.
[0119] FIG. 12B is a flow diagram of one embodiment of a process
for reconfiguring the wireless communication system. Referring to
FIG. 12B, exemplary process 1250 begins by each repeater that is
activated or in the hot standby state sending the received signal
strength indication, as set forth above, along with the SNR for
each packet received cleanly to the switch (processing block 1251).
As described above, the received signal strength and SNR may be
determined on a packet-by-packet basis. Also as discussed above,
communications between the repeater(s) and the switch(es) occur via
a wired connection (e.g., an Ethernet connection) and/or may be
through a level 2 network. Note that in another embodiment, such
communications may be performed, at least in part, wirelessly using
a different protocol than the protocol used between the mobile
stations and the repeaters.
[0120] In response to sending the packet(s), the switch receives
the packet(s) (processing block 1252) and determines the amount of
wireless communication activity each repeater is experiencing
(processing block 1253).
[0121] More specifically, the repeater receives a packet and
embedded in the packet header is the Ethernet MAC address of the
mobile station. When the repeater forwards that packet to the
switch, it attaches the received signal strength and SNR values. In
response to the packet, the switch is able to open up the packet
and determine that the packet is from another unique 1P address
and, thus, another unique user. Based on this, the switch
determines the density of unique users on a particular repeater. In
other words, the switch determines the number of unique users
(mobile stations) sending packets that are being received by an
individual repeater. The switch may use a database to maintain this
information. This database may be the location tracking database
described above.
[0122] Based on the location and density of the repeaters as
tracked by the switch, using the information sent from the
repeater(s), the switch determines which repeaters to activate,
deactivate, or move to the hot standby state (processing block
1254). The switch also determines the transmitter power levels for
the repeaters that are activated (processing block 1255). The
transmitter power levels are the power levels used by the repeaters
when transmitting packets wirelessly to other devices in the
network. The switch may also adjust the receive sensitivity of one
or more of the repeaters (processing block 1256). The switch may
also adjust the channel numbers of one or more repeaters. In one
embodiment, the switch causes these changes to be made by sending
control commands to the repeater over, for example, a wired
connection (e.g., the Ethernet connection).
[0123] Thus, if the switch determines that a particular repeater is
to be activated (the repeater can receive and transmit),
deactivated (the repeater cannot receive nor transmit), or placed
in hot standby mode (the repeater can receive but cannot transmit),
that changes to the repeater's transmitters power level and/or the
repeater's receiver sensitivity, or that changes to the repeater's
channel number are necessary, then the switch sends a command to
the repeater specifying the desired action.
[0124] In one embodiment, if the number of unique users being
received cleanly by a repeater in a hot standby state is above a
threshold, then the switch activates the repeater.
[0125] This reconfiguration process has a number of advantages over
the prior art. For example, as part of the reconfiguration process
in the prior art, an access point may have to be moved. This is
because there are typically no additional access points in the area
that are not already being used because of their expense. In
contrast, because repeaters are generally cheaper devices, many
more of them may be distributed throughout the network, even though
they are not going to be used all the time. Thus, when there is a
need for additional capacity, one of the repeaters that is not
currently activated can be activated.
[0126] In one embodiment, the reconfiguration of the wireless
communication system may include changing the transmit power levels
of the mobile stations. As with the reconfiguration described
above, the purpose of this reconfiguration of the mobile station is
to improve network capacity. The improvement to network capacity
may be due to a reduced interference to repeaters and other mobile
stations in adjacent coverage cells that a mobile station causes
because its transmit power level is changed.
[0127] The reconfiguration of the mobile stations may occur in
response to the switch examining the interference in a particular
area and comparing this interference with a predetermined amount of
interference (e.g., a threshold). The predetermined amount of
interference may be based on an allowable amount of interference
for the wireless communication system or an allowable amount of
variance from the allowable amount of interference.
[0128] The switch (or other control entity) determines the amount
to change the transmit power level. In order to determine the
amount of change to a particular transmit power level, the switch
initially determines what the current transmit power level is. In
one embodiment, the switch sends a query as a control message to
the mobile station to obtain the transmit power level of the mobile
station. Alternatively, the switch maintains a list (e.g., a
database) of the transmit power levels of the mobile stations and
accesses the list to obtain the transmit power level for a
particular mobile station. The switch may obtain this information
from the mobile stations. In addition, the switch might also send a
command to the mobile station to modify its power level on a
percentage basis. This would not require the knowledge of a
specific power level. For example, in one embodiment, the mobile
stations send a control message to the switch at boot-up indicating
their transmit power levels.
[0129] Once the current transmit power level has been obtained, the
switch determines the amount to change the transmit power level.
This may be based on the received signal strength (e.g., RSSI) of
the packets received by the repeater currently assigned to the
mobile station. For example, if the received signal strength is
very high, yet the mobile station is causing interference (e.g.,
its packets are being received by one or more other repeaters), the
switch may cause the mobile station to reduce its transmit power
level to a predetermined level or by a predetermined amount (e.g.,
a percentage of its current transmit power level) because the
effect of such a reduction would not prevent its packets from being
received by its assigned repeater.
[0130] The change in the transmit power level may be performed in a
number of ways. For example, in one embodiment, the switch controls
the transmit power level of the mobile station(s). In such a case,
the switch may send a command message to the mobile station, via a
repeater, to cause the mobile station to adjust its transmit power
level. The command could indicate that the mobile station should
increase or decrease its transmit power level. Alternatively, such
a command could come from a repeater or a control entity in the
communication system other than the switch.
An Exemplary MAC Software Architecture
[0131] FIG. 13 is one embodiment of a distributed MAC architecture.
The 802.11 MAC layer is distributed between the switch and a number
of the repeaters connected to the switch. On one side, the MAC is
terminated on the switch and on the other side the MAC is
terminated on the repeaters. Thus, in this way, the distributed
architecture is "one to many" relationship.
[0132] In one embodiment, the MAC sublayer on the repeater is
engaged in performing real time functions related to the time
synchronization (BEACON, PROBE request/response processing),
receiving and transmitting 802.11 frames, including acknowledgment
of the received frames.
[0133] The MAC sublayer on the switch is centralized and controls
multiple repeaters. In one embodiment, the MAC sublayer on the
switch includes centralized management of the mobile stations and
handles mobile stations in power save mode.
[0134] In one embodiment, the switch runs multiple instances of the
MAC sublayer on the switch. In this manner, the switch may support
multiple, separate logical groupings of repeaters on the switch.
Each grouping may be based on channel frequency such that each
group is associated with a particular frequency. The frequency need
not be unique to all the frequencies of all the groupings (e.g.,
some groups use the same frequency and other groups do not use that
frequency). The groupings may be created based on channel
numbers.
[0135] By being able to run multiple instances of the MAC sublayer
of the switch, the architecture offers flexibility when configuring
the wireless communication system and individual embodiments that
allows at least one of the following benefits. First, tuning of the
size of the RF coverage per logical grouping of repeaters. Second,
the roaming of the stations is easy to control. Third, the
management of mobile stations in power save mode is centralized.
That is, the frames for the mobile stations in power save mode are
buffered in the MAC sublayer on the switch and can be exchanged
between other instances of the MAC sublayer on the same switch
(between MAC instances) when the mobile station in power save mode
is roaming.
[0136] Referring to FIG. 13, each of the units may be implemented
in hardware, software, or a combination of both. Data_SAP unit 1301
exchanges messages with the LLC (logic link control) layer,
conveying MSDUs (MAC service data units) from and to the LLC layer.
Fragmentation unit 1302 performs fragmentation of outgoing MPDUs
and MMPDUs (MAC management protocol data units). In one embodiment,
since the sending of the fragmented PDU (protocol data unit) by a
repeater has some timing constraints, the fragmented PDUs between
the switch and the repeater are transferred in one tunneling
protocol message. The tunneling protocol covers this case by
putting a number of fragments in the tunneling protocol header.
Power save unit 1303 performs power save device management,
including TIM (Traffic Indication Map) management, in which TIM is
sent to the repeaters periodically. The repeaters use the updated
TIM for buffering of unicast MPDUs for mobile stations in power
save mode. In one embodiment, the switch maintains buffered unicast
PDUs for all mobile stations in power save mode. Broadcasts and
multicast PDUs are not buffered at the switch and are sent to the
repeaters to be sent out immediately after any beacon containing a
TIM element with a DTIM (delivery traffic indication message) count
field with a value of O. Power save unit 1303 also performs PS-Poll
request and response handling.
[0137] Routing unit 1305 routes data frames to MAC Data SAP
(service access point) unit 1301 and management inbound frames to
management_SAP unit 1309. De-fragmentation unit 1304 performs
de-fragmentation of inbound frames. Management SAP unit 1309
includes an interface to MIB (management information base) unit
1308 and MLME (MAC sub-layer management entity) service unit 1307.
MLME services unit 1307 handles the incoming associate and
re-associate frames, as well as disassociate requests, and
processes authentication and de-authenticate requests and generates
authentication and de-authenticate response frames.
[0138] MIB management unit 1308 performs get and set functions to
get and set parameters of the repeater and performs reset functions
to reset all the parameters of a repeater and return the parameters
to default values. The above processes may be performed using a
tunneling protocol between a switch and the respective
repeater.
[0139] With respect to block tunneling protocol layer 1306, both
MPDUs and MMPDUs frames between the switch and the repeater are
transferred by the tunneling protocol. In one embodiment, the
802.11 frames are encapsulated into Ethernet frames. In one
embodiment, the tunneling protocol header is placed after the
Ethernet header. This protocol transfers both data and management
frames as well as special defined tunneling protocol control
messages.
[0140] On the repeater, transmit unit 1311 transfers frames from
MAC to PHY transmitter, generates FCS (frame check sequence),
inserts timestamps in the beacons and probe responses, performs DCF
timing (SIFS, DIFS, EIFS), handles ACK, RTS, CTS, and performs a
back-off procedure.
[0141] Receive unit 1312 transfers frames from PHY to MAC, receives
the MPDUs from the PHY, calculating and checking the FCS value
(frames with valid FCS, length and protocol version are sent for
receive filtering). Receive unit 1312 also filters valid received
frames by destination address, and BSSID (basic service set
identification) for group destination addresses, as well as handles
ACK, CTS and RTS. Other functions include detection of duplicated
unicast frames, updating the NAV (network allocation vector) using
Duration/ID value from 802.11 frames, maintenance of the channel
state based on both physical and virtual carrier sense, time slot
reference generation, and providing Busy, Idle & Slot signals
to transmission.
[0142] Synchronization unit 1313 processes the MLME start request
in which it starts a new BSS (basic service set) and set all
parameters for a beacon frame. Synchronization unit 1313 generates
beacon frames periodically and handles Probe request and response
frames.
[0143] Repeater management unit 1314 relays all MIB set/get
requests, start requests, reset requests, request/confirm
characteristic commands to a proper block on the repeater.
[0144] With respect to block tunneling protocol 1 layer 1310,
frames for both MPDUs and MMPDUs between the switch and repeater
are transferred by the tunneling protocol. The frames are
encapsulated into the Ethernet frames and the tunneling protocol
header is placed after the Ethernet header. This protocol transfers
both data and management frames as well as special defined
tunneling protocol control messages.
An Exemplary Switch Software Architecture
[0145] The switch contains the switching and management planes.
FIG. 14 illustrates one embodiment of the switching plane.
Referring to FIG. 14, the switching plane 1400 contains the switch
MAC sublayer 1402 (i.e., the upper MAC), a switch management entity
(SwME) 1401 and a switching layer 1403. The switching layer 1403
interfaces with the Ethernet drivers 1404 and performs the
switching function. The Ethernet drivers 1404 are connected to the
10/100 BT ports of the switch (PORT1 to PORT24) or connected to
another Ethernet switch with its uplink connected to the Gigabit
interface 1406 on the switch. The simulator 1405 may also be
connected to the any of these ports. In one embodiment, in order to
support this kind of abstraction, the tunneling protocol header
contains the number of the Ethernet port assigned for use with the
repeater repeater (repeater 1704 in this example) handling the
destination station (station 1705 in this example). Switch MAC
sublayer 1703 encapsulates the 802.11 data frames into Ethernet
frames and sends them to repeater 1704. Repeater 1704 receives the
encapsulated 802.11 data frames and sends the 802.11 data frames to
station 1705.
[0146] FIG. 18 illustrates an exemplary process for transferring
data traffic from a desktop computer system to a mobile station.
Referring to FIG. 18, computer system 1806 encapsulates IP packets
into Ethernet frames. For the first IP packet destined to a mobile
station, the router starts an ARP (address resolution protocol)
procedure in order to obtain the corresponding MAC address. Router
1805 sends an ARP request to switch MAC sublayer 1804 to request
the MAC for this IP broadcast. Switch MAC sublayer 1804
encapsulates the ARP request into an 802.11 packet and then
encapsulates this packet into an Ethernet packet, essentially
creating a new Ethernet frame with an embedded 802.11 MAC header
and tunneling protocol header. Switch MAC sublayer 1804 broadcasts
this packet to all repeaters, repeaters 1802-1803 in this example,
which then rebroadcast it for the desired mobile station to
receive. The mobile station, station 1801, with the IP address
contained in the ARP request sends an ARP response with its MAC
address. Repeater 1802 receives the ARP response and encapsulates
the 802.11 frames into Ethernet frames, adding an Ethernet frame
header and tunneling protocol header. Repeater 1802 sends the
encapsulated ARP response to switch MAC sublayer 1804, which strips
off the 802.11 MAC header and switches the Ethernet frame with
encapsulated ARP response packet to the backbone port.
[0147] After this procedure, the router takes the station MAC
address from the ARP response and routes all IP packets for this
mobile station as described above. Since the switch MAC sublayer
has the configuration information about MAC and IP addresses, the
ARP response could come from the switch.
Management Procedures
[0148] There are a number of management procedures supported by the
distributed MAC architecture. In one embodiment, these include
starting up the switch, resetting the MAC, starting a new BSS,
synchronization, authentication, and de-authentication,
association, disassociation and re-association.
[0149] With respect to starting up the switch, the switch is
started by the switch management entity (SwME). To configure and
start the switch and the repeaters, the SwME issues commands to the
switch MAC sublayer on the switch. The commands intended for the
repeaters are transferred using the tunneling protocol. Layers of
the tunneling protocol are running on the switch and the
repeaters.
[0150] With respect to MAC reset, the switch and repeaters
cooperate to perform a reset of the MAC. Since the MAC is
distributed between the switch and repeaters, the reset process is
modified to support this architecture. In one embodiment, the
switch management entity sends a reset request to each of the
repeaters as part of a tunneling protocol process and receives a
reset response indicating if the reset was successful. The reset
process may set the MAC to initial conditions, clearing all
internal variables to the default values. MIB (management
information base) attributes may be reset to their
implementation-dependent default values.
[0151] With respect to the start process, the switch management
entity requests that the MAC entity start a new BSS. The switch
management entity generates the request to start an infrastructure
BSS (basic service set) with the MAC entity acting as an access
point and sends it to all MAC entities where the switch is acting
as a multiple access point. Each repeater responds with an
indication as to whether the start process was successful.
[0152] With respect to synchronization, the synchronization process
determines the characteristics of the available BSSs and allows for
synchronizing the timing of a mobile station with a specified BSS
(switch MAC entity). In one embodiment, the synchronization process
begins with an instance of the switch MAC sublayer generating a
beacon frame, which is encapsulated and sent to the repeaters
periodically. The repeater updates the timestamp of the beacon
frame before sending the beacon frame in the air. Based on the
beacon frame, the mobile station synchronizes its timers.
[0153] The switch management entity also causes authentication to
establish a relationship between a station MAC sublayer and the
instances of the switch MAC sublayers. In one embodiment, a mobile
station is authenticated if its MAC address is in the access list
on the switch. Similarly, de-authentication is supported to
invalidate an authentication relationship with a switch MAC entity.
In one embodiment, de-authentication is initiated by the mobile
station. In this case, the instance of the switch MAC sublayer on
the switch associated with the repeater assigned to the mobile
station updates the station state as maintained by the switch. The
result of de-authentication is that the state of the mobile station
is listed in the switch as unauthenticated and unassociated.
Association
[0154] Data frames for a mobile station are forwarded from the
repeater that has the token for the mobile station. In one
embodiment, if a repeater without the token receives the data
frames, it forwards only a short frame with the RSSI (in the
tunneling protocol header) to the switch. The switch keeps track of
the RSSI for the mobile station. If the repeater without the token
has better reception and if the repeater with the token has "high"
error rate, the switch may re-assign the token. The RSSI and token
are part of the tunneling protocol header. The token assignment
occurs within the association process.
[0155] FIG. 19 is a data flow diagram of one embodiment of an
association and token assignment process. Referring to FIG. 19, an
association request is generated by a mobile station and sent by
the mobile station, via the mobile station MAC. Repeater 2 has the
token for the mobile station. Therefore, repeater 2 encapsulates
the association request, along with is RSSI and BSSID, into an
Ethernet packet and sends the encapsulated packet to the
switch.
[0156] Repeater 1, which does not have the token for the mobile
station, forwards a short frame with the RSSI in the tunneling
protocol header.
[0157] The switch takes the RSSIs for the two identical frames and
determines which one is stronger. Based on which is stronger, the
switch either allows the repeater that has the token and station
MAC for the mobile station to keep them (e.g., repeater 2) or
reassigns them to the repeater with the higher RSSI (e.g., repeater
1). In either case, the switch sends an association response
encapsulated in an Ethernet packet with the token and association
ID to the repeater, which de-encapsulates it and forwards it to the
mobile station, via the mobile station MAC.
Re-Association
[0158] The following exemplary procedure describes how a mobile
station becomes re-associated with another switch MAC entity
(logical access point). FIG. 20 is a block diagram of two MAC
sublayer instances in a switch. Referring to FIG. 20, two (or more)
instances of the switch MAC sublayer run on the switch (offering
the access points (APs) inside the same switch). Each instance has
its own BSSID (basic service set identification) (e.g., the MAC
address of the MAC instance). Both MAC instances are managed by the
same switch management entity (SwME). The SwME manages these as
multiple access points (APs) inside the switch. In one embodiment,
communication between MAC instances is through the SwME. Both MAC
instances as well as the switch management entity (SwME) reside on
the same switch. Communication between the MAC instances can be
direct or through the SwME. In one embodiment, the SwME has
knowledge of all MAC instances and is involved in this
communication. Thus, the switch acts as a distribution system
containing multiple switch MAC sublayer instances (multiple logical
access points) in which roaming is centralized in the switch.
[0159] In one embodiment, the association request from the mobile
station is encapsulated and sent by the repeater to the switch. The
association request with the BSSID of the first MAC sublayer
instance is sent from the second MAC sublayer instance through the
SwME to the first MAC sublayer instance. As a result, the first MAC
sublayer instance generates a response representing that mobile
station has been already associated with the first MAC sublayer
instance. Using this process, the station does not have to go again
through authentication procedure and it can be automatically
associated with the second MAC sublayer instance. When the second
MAC sublayer instance receives the response, the station becomes
associated with the second MAC sublayer. Thus, when the station
roamed, the handover procedure is performed in the switch.
Therefore, the switch acts as a complete distribution system with
multiple logical access points.
[0160] As described above, when a station roams between two MAC
sublayer instances (logical access points) inside one distribution
system, there is only one repeater controlled by one MAC sublayer
instance. In one embodiment, a mobile station can roam from one
repeater to another repeater controlled by the same MAC sublayer
instance (logical access point) without a need to associate again,
and only the token re-assignment procedure described herein has to
be performed. In one embodiment, the station is not aware of the
token re-assignment procedure.
[0161] If a mobile station moves from one repeater belonging to one
logical access point (one MAC sublayer instance) to a second
repeater belonging to a second logical access point (second MAC
sublayer instance), the station has to be re-associated and the
token re-assignment procedure has to be performed. The handover
procedure is performed in the switch. Again, the station is not
aware of any token assignment procedures.
[0162] Note that mobile stations are associated with switch MAC
sublayers instances not with a repeater. If a station is controlled
by a repeater, the repeater has a token for that station. All
repeaters controlled by a particular MAC sublayer instance are
associated with a station if the station is associated with that
MAC sublayer instance, and only one repeater has a token for that
station.
[0163] A user can configure the switch to have any number of MAC
instances. In one embodiment, this is configured using a parameter.
Also configurable is which repeater belongs to MAC instance. For
example, if the switch has 64 ports, it can be configured to act as
8 access points (8 upper MAC instances running concurrently), with
8 repeaters per access point (one upper MAC sublayer controlling 8
repeaters).
[0164] FIG. 21 is a data flow diagram of one embodiment of a
re-association process. Referring to FIG. 21, a mobile station SME
(station management entity) generates a re-association request and
sends it to a repeater, repeater 4 in this case, along with its
BSSID via the mobile station MAC. In one embodiment, the mobile
station knows that it needs to make a re-association request
because it has received a BEACON frame with different BSSID (i.e.,
a different MAC instance), indicating that the mobile station had
been roaming. The repeater receives the re-association request,
encapsulates the packets of the re-association request with the
RSSI into an Ethernet packet, and sends the Ethernet packet to the
instance of the switch MAC sublayer associated with the repeater.
In response thereto, the instance of the switch MAC sublayer
generates an indication to the switch management entity indicating
that a re-association request has been made.
[0165] In response to the indication, the switch management entity
causes a new AID (association id) to be assigned to the mobile
station, a token for the mobile station to be assigned to a new
repeater, and the previous token assignment to be deleted. In one
embodiment, the association identifier (AID) is a number (value
between 0 and 2007) assigned to a mobile station by the switch or
an access point during the association procedure. It is an 802.11
standard defined parameter. After the station is associated, the
station inserts the AID in every message. More specifically, the
switch management entity updates the entry for the mobile station
in the access list, including setting the new access point address
to the address of the instance of the switch MAC sublayer
associated with the repeater. The switch management entity also
assigns a token and an association ID.
[0166] The switch management entity sends a delete token command to
the instance of the switch MAC layer associated with the repeater
previously assigned to the mobile station, which the instance of
the switch MAC layer forwards to the repeater (repeater 3 in this
case).
[0167] The instance of the switch MAC sublayer (upper MAC 2 in this
case) associated with the repeater that forwarded the re-associate
request (repeater 4 in this case) sends a re-associate response
frame to the repeater with the token, association ID, and an
indication that the re-association was successful. The repeater
de-encapsulates the packet, stores the mobile station MAC token,
and forwards the de-encapsulated re-associate response frame to the
mobile station MAC with the association ID and the successful
indication.
Disassociation
[0168] A mobile station may request disassociation with a specified
peer MAC entity that is acting as a logical access point. The
mobile station may request this due to inactivity or because a
switch is unable to handle all currently associated mobile
stations, etc. FIG. 22 is a flow diagram on one embodiment of a
disassociation process. Referring to FIG. 22, a disassociation
request is generated by the SME (station management entity) on the
mobile station and sent by the mobile station MAC as a disassociate
request frame with the BSSID (i.e., the instance identifiers). The
BSSID is a basic service set identifier representing the MAC
address of an upper MAC instance. Each repeaters that receives the
disassociate request frame without errors encapsulates it with its
RSSI and forwards it to the switch, regardless of whether it has
the token for the mobile station. In response to the receiving the
disassociate request frame, the switch MAC sublayer determines
whether the mobile station is in the access list and changes the
state of the mobile station in the access list to authenticated and
unassociated, removes all parameters from the access list entry for
the mobile station, and deletes the token and association M. In one
embodiment, the access list is a dynamically created hash table
containing records for all authenticated stations, in which each
record contains a station MAC address, association identifier,
BSSID, a station state, and a repeater port number which has
station token. In other words, on the switch MAC sublayer, the
state of the mobile station is updated and its AID is deleted. The
switch then sends a disassociate response frame encapsulated in an
Ethernet frame to the repeater having the token. Embedded in the
tunneling protocol header of the frame is a tunneling protocol
command to delete the token, which causes the repeater having the
token to delete the token. Thereafter, the repeater that deleted
the token sends the de-encapsulated disassociate response frame to
the MAC of the mobile station with an indication that
disassociation was successful.
[0169] In one embodiment, this process can be initiated by the
switch management entity. This can happen if the switch decides to
disassociate the mobile station because of inactivity or because a
switch is unable to handle all currently associated mobile
stations.
Tracking Multiple Interface Connections
[0170] A technique is disclosed herein that tracks when a mobile
(or fixed) station is attempting to connect to the network over
more than a predetermined number (e.g., one) of station interfaces.
That is, the technique determines whether a user is trying to
connect over more than a predetermined number of interfaces (e.g.,
1, 2, 3, etc.) and if a connection is attempted that would cause
the station to be connected to the network through a number of
interfaces larger than the allowed limit, then action(s) may be
taken against the station (e.g., disable one or more connections,
deny a connection, etc.). Note that for purpose of the following
discussion, the station will be described as a mobile station.
However, in an alternative embodiment, the station is fixed.
[0171] In one embodiment, the technique includes a switch allowing
a mobile station to have one connection to a network over a first
of its interfaces. Thereafter, the switch determines that the
mobile station is attempting to have a second connection to the
network over a second interface other than the first interface. In
one embodiment, the first interface is a wireless interface for
communicating to a repeater using, for example, an 802.11
communication channel, and the second interface is a wired
interface, such as, for example, a wired Ethernet cable. In one
embodiment, the switch makes the determination by checking memory
associated with the mobile station to see if the two interfaces
belong to the same mobile station. This may be accomplished by
having the switch access a memory, local or remote, storing a
table, or list, of mobile stations along with a list of the
interfaces available for each of the listed mobile stations. In one
embodiment, the list of mobile stations is a table (e.g., an access
control list) and the switch searches the locations in the table to
determine if media access control (MAC) addresses of the first and
second interfaces are listed as belonging to the mobile station. In
one embodiment, the access control list includes an entry for each
mobile station with multiple columns (or rows) for MAC addresses,
one for each interface that the mobile station has with a MAC
address.
[0172] In one embodiment, the switch enforces a security policy in
response to determining that a mobile station is attempting to
connect to the network over one interface when already connected
over another interface. In such situations, there are two possible
security policies. First, the security policy may permit connection
to the network through multiple interfaces. Second, the security
policy may not permit connection to the network through multiple
interfaces of the same mobile station. In one embodiment, in
response to such a case, the switch may deny the new connection
that is being attempted, may deny the previous connection that
already exists (in favor of the new connection), or may deny both
connections. For more than two interfaces in the station, a more
complex admission control algorithm may be used.
[0173] In one embodiment, in order to deny the new connection, the
switch disables the MAC address associated with the interface
attempting to connect to the network, and in order to deny the
previously existing connection, the switch may remove the MAC
address associated with the interface that is already connected to
the network from a list of active stations (e.g., the active
stations list).
[0174] In one embodiment, the switch uses an access control list
and the active stations list. The access control list is where the
security policy is enforced, while the active stations list is the
list of all mobile stations currently active in the system. Each
mobile station that may potentially have a connection to the
network is listed in the access control list. For each interface of
a mobile station that has a connection to the network, there is a
MAC address in the active stations list. When a mobile station
attempts to connect to the network through one of its interfaces,
the MAC address of the interface is sent. In response to receiving
the MAC address, the controller of the switch searches the access
control list for the MAC address. If the MAC address is not in the
access control list, the controller of the switch denies access. If
the controller finds the MAC address in the access control list,
the controller finds the security policy in the entry in the access
control list associated with the MAC address to determine what
security policy, if any, is supposed to be enforced. This means
that the access control list records which interfaces are
active.
[0175] To deny a connection for an interface already connected to
the network, the switch removes the MAC address for the interface
from the active stations list. This action causes process is
performed by the switch. Referring to FIG. 23A, the process begins
by processing logic allowing a mobile station a connection to the
network over a first interface (processing block 2301). Next,
processing logic determines the mobile station is attempting to
have another connection over a second interface (processing block
2302). In response, processing logic enforces a security policy
(e.g., allows it, denies one or more of the connections, prevents
the mobile station from accessing the network, etc.) (processing
block 2303).
[0176] An alternative embodiment of the switch of FIG. 12A is shown
in FIG. 23B. Referring to FIG. 23B, a switch controller 2310 is
coupled to ports 2311 and memory 2312. Switch controller 2310
performs the process described in FIG. 23A and above regarding the
monitoring of connections and requests for connections. Switch
controller 2310 uses ports 2311 to communicate with the repeaters
in the system as well as other devices, via, in one embodiment, a
wired Ethernet connection. Memory 2312 stores the active stations
list 2314 and the access control list 2313. Active stations list
2314 includes a table having an entry for each mobile station and
fields (e.g., columns, rows, etc.) to store the MAC address of each
interface the mobile station has. Access control list 2313 includes
entries to store mobile stations along with an indication of
whether access is permitted for each interface of a mobile station
and an indication of the security policy associated with that
mobile station. Memory 2312 may be a part of the switch or part of
an external memory or server (e.g., a radius server).
[0177] Thus, the technique described herein reconciles multiple
interfaces that correspond to the same mobile station when the
mobile station has access to a network resource through one of its
interfaces and attempts to gain access to the network resource
through another one of its interfaces. The techniques described
herein also include the enforcement of a security policy with
respect to such a mobile station.
[0178] Whereas many alterations and modifications of the present
invention will no doubt become apparent to a person of ordinary
skill in the art after having read the foregoing description, it is
to be understood that any particular embodiment shown and described
by way of illustration is in no way intended to be considered
limiting. Therefore, references to details of various embodiments
are not intended to limit the scope of the claims which in
themselves recite only those features regarded as essential to the
invention.
* * * * *