FIG. 1 illustrates a conventional local area network (LAN). The LAN comprises a first bridge device 102, a second bridge device 104, and a mobile device 106 within the same bridging domain. The mobile device 106 can move from a connection with the first bridge device 102 at a first location in the network to a connection with the second bridge device 104 at a second location in the network. For example, the mobile device 106 can be a laptop computer. When at his original office location, a user connects the mobile device 106 to the LAN via the first bridge device 102. When the user moves to a new office, the mobile device 106 is connected to the LAN via the second bridge device 104. Existing standards, such as 802.1W, 802.1Q, and 802.1X, defined how this move is handled. Under these standards, the Media Access Layer (MAC) address of the mobile device 106 is maintained even as the it moves from the first 102 to the second 104 bridging devices. Because the MAC address of the mobile device 106 is maintained from the first location to the second location, the other devices in the network do not realize that the mobile device 106 has changed physical location. However, the routing of packets between the mobile device 106 and the network must be changed to ensure that packets are routed to the proper physical location. This is done through a “context” associated with the mobile device 106, which is created by the first bridge device 102 when the mobile device 106 is connected to it.
The context comprises information such as the identity of the mobile device 106, how to maintain the status of a port to which the mobile device 106 is connected, the identity of the virtual LAN to which the mobile device 106 is connected, and how to return packets from the mobile device 106 to various locations throughout the LAN. Because the MAC address of the mobile device 106 is maintained within the same bridged domain under the standard, in order to ensure that packets are still properly routed to the mobile device 106 after it moves to the second bridge device 104, the context is transferred from the first bridge device 102 to the second bridge device 104. However, the context is typically transferred out-of-band, unsecurely, via a third party administrator. This conventional method of transferring the context creates a particularly significant security problem when the LAN is a wireless network because of the increased ease in interception and interjection of packets. Also, the conventional method is inefficient and cumbersome when a mobile device changes locations frequently, such as may be desirable for a wireless network.
Accordingly, there exists a need for an improved method for roaming in a network environment. The present invention addresses such a need.