公开(公告)号：US20250168157A1

公开(公告)日：2025-05-22

申请号：US18516180

申请日：2023-11-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Feng Ding ,  Hao Lu ,  Youhe Zhang

IPC: H04L9/40

Abstract: In some examples, a network device receives, from an orchestration server, a name for use in obtaining a certificate. The network device sends, to a certificate enrollment server, a certificate request comprising the name, and receives, from the certificate enrollment server, a response to the certificate request, the response including information of the certificate that is based on the name in the certificate request. The network device detects that an authentication server is unavailable for an authentication procedure for a client coupled to the network device. Based on detecting that the authentication server is unavailable, the network device uses the certificate based on the name in the certificate request as part of the authentication procedure between the network device and the client.

公开(公告)号：US20240223532A1

公开(公告)日：2024-07-04

申请号：US18090053

申请日：2022-12-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Haifeng Zhang ,  Hao Lu ,  Xuanhe Zhang ,  Hong Song

IPC: H04L9/40

CPC classification number: H04L63/0236 ,  H04L63/0876 ,  H04L63/1466

Abstract: An access point (AP) in an AP cluster is provided. During operation, the AP can identify a set of Internet Protocol (IP) addresses of permitted devices in a virtual local area network (VLAN) of the AP cluster from a first set of packets. The AP can also identify a set of media access control (MAC) addresses corresponding to the set of IP addresses from a second set of packets. The AP can then generate a whitelist comprising the sets of IP and MAC addresses. The whitelist can indicate addresses of packets permitted to be forwarded via the wireless interface. The AP can identify a target IP address in an Address Resolution Protocol (ARP) request. If the target IP address is absent in the whitelist, the AP can preclude the wireless interface from forwarding the ARP request to clients wirelessly coupled to the wireless interface.

公开(公告)号：US11849339B2

公开(公告)日：2023-12-19

申请号：US17739517

申请日：2022-05-09

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Stephane Laroche ,  Jikui Pei ,  Chunfeng Wang ,  Hao Lu

IPC: H04W24/02 ,  H04L61/5014 ,  H04L41/042 ,  H04W88/08

CPC classification number: H04W24/02 ,  H04L41/042 ,  H04L61/5014 ,  H04W88/08

Abstract: An example access point may comprise a processing resource; and a memory resource storing machine-readable instructions to cause the processing resource to: perform a management system search using a dynamic host configuration protocol (DHCP); determine, in view of the management system search, whether a management system discovered is a controller; and select one of a first role within a centralized local area network and a second role within a distributed local area network based on determining whether the management system is the controller, wherein the first role within the centralized local area network is selected when the management system is the controller.

公开(公告)号：US11563722B2

公开(公告)日：2023-01-24

申请号：US16548127

申请日：2019-08-22

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Hao Lu ,  Yan Liu ,  Wei Huang ,  Rajini Balay

IPC: H04L9/40 ,  H04L41/12 ,  H04W12/088 ,  H04W84/12

Abstract: Embodiments are directed to host discovery for firewall coordination. An embodiment of a storage medium includes instructions for discovering a network topology for a network branch, the network branch including multiple access points including a first access point, the first access point having an interface to a network, the discovery of the network topology including identifying any access point that is linked to the first access point directly or via one or more intermediary access points; discovering one or more host devices that are connected by wireless or wired connections to one or more access points in the network branch; and generating a firewall coordination plan for the network branch based on the discovered network topology and the discovered one or more hosts, the firewall coordination plan including applying a firewall process for an access point to which a first host device is attached and bypassing one or more other firewall processes.

公开(公告)号：US20220272614A1

公开(公告)日：2022-08-25

申请号：US17182058

申请日：2021-02-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Hao Lu ,  Xiaoding Shang ,  Feng Ding ,  Qiwei Chang

IPC: H04W48/12 ,  H04W48/16 ,  H04W12/06

Abstract: Systems and methods are provided for authentication chaining and firewall optimization in a micro branch deployment comprising a plurality of chained access points (APs) and a gateway AP. A topology of the micro branch deployment may be determined through enhanced hierarchical beaconing. Based on the determined topology, an authentication chain is developed through which a client device associated to an AP of the plurality of chained APs may be authenticated and granted access to the AP. Upon authentication of the client device, firewall optimization is performed to implement access control rules only at the AP to which the client device is associated.

公开(公告)号：US20250117235A1

公开(公告)日：2025-04-10

申请号：US18481019

申请日：2023-10-04

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Longping Xia ,  Hao Lu ,  Vivek Batra

IPC: H04L43/0805 ,  G06F9/455 ,  G06F11/26 ,  H04L43/065

Abstract: One aspect can provide a system and method for emulating the onboarding of networking devices. During operation, a computing device can obtain from a device-activation platform a list of networking devices to be onboarded to a device-management platform method. For a respective networking device on the list of networking devices, the system can collect hardware and firmware information associated with the respective networking device and emulate an onboarding process of the respective networking device using the collected hardware and firmware information, which comprises exchanging one or more handshake messages with the device-activation platform. In response to failing to receive, from the device-management platform, a confirmation message indicating the emulated onboarding process being successful, the system can perform a diagnostic operation to determine one or more potential issues associated with the onboarding process of the respective networking device and display, on a user interface, outcome of the diagnostic operation.

公开(公告)号：US12238082B2

公开(公告)日：2025-02-25

申请号：US17510953

申请日：2021-10-26

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Feng Ding ,  Hao Lu ,  Mohan Ram R. Bhadravati

IPC: H04W12/08 ,  H04L9/40 ,  H04L41/28

Abstract: Examples relate to configuring dynamic user roles that can be managed and distributed by a cloud-based user role service. In this way, dynamic user roles may be distributed in a more scalable manner than has been previously possible. Upon associating or connecting to an access point (AP), for example, a user device can be authenticated and assigned a user role. The AP can request the user role configuration from the cloud-based user role service. The cloud-based user role service can additionally distribute the same user role configuration/details to all neighboring APs. In this way, a user device can move, roam, or otherwise associate to another AP that post-distribution, already has the (dynamic) user role configuration, which can simply be applied to the user device.

公开(公告)号：US12096214B2

公开(公告)日：2024-09-17

申请号：US17720512

申请日：2022-04-14

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rahul Bahal ,  Mohd Shahnawaz Siraj ,  Hao Lu ,  Kannan Konath

IPC: H04L12/06 ,  H04W12/06 ,  H04W12/08 ,  H04W12/73

CPC classification number: H04W12/06 ,  H04W12/08 ,  H04W12/73

Abstract: Examples described herein relate to a method for establishing a backup connectivity between a sensor and a management system. The sensor may be deployed in an IT infrastructure and configured to execute a one or more predetermined evaluations for the IT network and generate corresponding evaluation result. Thereafter, the sensor may determine whether a connection between the sensor and the management system via a primary connectivity is unsuccessful. In response to determining that the connection between the sensor and the management system via the primary connectivity is unsuccessful, the sensor may establish a backup connectivity by successfully connecting to an available wireless network using a security credential received by the sensor upon successful verification of public key information of the sensor via an authentication server. The sensor then transmits the evaluation result to the management system via the backup connectivity.

公开(公告)号：US20240244117A1

公开(公告)日：2024-07-18

申请号：US18098087

申请日：2023-01-17

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Hao Lu ,  Rahul Bahal ,  Shanmuga Mari Shanmugam

IPC: H04L67/51 ,  H04L41/12 ,  H04L61/4511

CPC classification number: H04L67/51 ,  H04L41/12 ,  H04L61/4511 ,  H04W84/12

Abstract: A network monitoring system sends, to a wireless local area network (WLAN), registration information associated with a monitoring unit of the monitoring system, wherein the monitoring unit communicates with and is located within a predetermined distance of an access point of the WLAN. The network monitoring system receives a list of discoverable servers in the WLAN associated with the monitoring unit and generates instructions to be configured on the monitoring unit and executed by the access point. The instructions indicate performing discovery based on a multicast Domain Name Service (mDNS) protocol and determining reachability of the discoverable servers. The network monitoring system obtains metrics associated with the mDNS discovery and server reachability information. The network monitoring system integrates with the WLAN by synchronizing the obtained metrics and information. The WLAN orchestrates policies for the network monitoring system based on the integration of the network monitoring system and the WLAN.

公开(公告)号：US12015561B2

公开(公告)日：2024-06-18

申请号：US17129089

申请日：2020-12-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Hao Lu ,  Sachin Ganu ,  Nitin A. Changlani ,  Xiaoding Shang ,  Qiang Zhou

IPC: H04L47/62 ,  H04B7/0413 ,  H04L5/00 ,  H04L47/2425

CPC classification number: H04L47/6215 ,  H04B7/0413 ,  H04L5/0007 ,  H04L47/2433

Abstract: Systems and techniques are described that are directed to intelligent scheduling of Wi-Fi services for applications, including enhanced dynamic prioritization. A device, such as an access point (AP), can receive data packets from multiple connected devices to dynamically identify an application flow for each data packet, and dynamically identify a user associated with the application flow for each data packet. The AP can generate prioritized candidate lists for selected data packets in queues corresponding to an access category (AC). In response to determining that the identified user associated with the application flow corresponds with a critical user, the AP can select data packets for the prioritized candidate lists based at least in part on priority policies for each of a plurality of applications and based at least in part on dynamic prioritization of applications for each of a plurality of applications; and schedule data packets from the prioritized candidate lists.