| 摘要 |
Mobility of firewall rules for clients moving among bridge AP nodes in a wireless network. APs operate in bridge mode. A wireless client C is associated with a first AP. As part of that association, the first AP establishes and maintains personal firewall rules and state for client C. When wireless client C associates with a second AP in the L2 domain, the second AP sends session request to other APs. This may be in the form of a multicast message. Optionally, the second AP may send a unicast message to the first AP indicating that client C has associated with the second AP. APs receiving the multicast session request message for client C check their tables to see if they have stored firewall or other state for client C. APs having storied firewall or other state for client C send session response messages to the second AP containing stored firewall sessions and other state for client C. When the second AP receives a session response, it sends an acknowledgement to the AP which sent the response. When the AP, such as the first AP, receives the acknowledgement, it may remove all stored state for client C. If the second AP receives session response messages for client C from multiple APs, it acknowledges each, and creates session entries and state using the oldest rules in the session response messages. Flags may be logically ORed together.
|
