A wireless local area network (“WLAN”) relies on infrastructure components to establish associations such as data communication links with mobile client devices. A mobile client device communicates, via a wireless data communication channel, with an access point device, which in turn communicates with other network components via traditional wired interfaces or via wireless interfaces. A WLAN infrastructure may be configured to support a plurality of mobile clients using a single access point device. In other words, one access point device can support a plurality of different groups or categories of client devices, each having a wide range of possible data rate or bandwidth requirements.
In WLAN systems, the term “handoff” refers to the process of transferring an ongoing mobile client device data session from one WLAN connection to another. Two example cases where a handoff might be conducted are: (1) if a mobile client device has moved out of the range of one access point and can get a better radio link from another access point; and (2) if one access point has limited or no additional bandwidth, the connection can be transferred to another access point. The most basic form of handoff is where a connection in progress is redirected from one access point to another access point without interrupting the connection. The mobile client device can be connected to only one access point at a time and drops the radio link for a brief period of time before connecting to a different access point. This is referred to as a “hard handoff,” and, referring to the radio link, is described as “break before make.” In some systems the mobile client device can be connected to several access points simultaneously, combining the signaling from nearby transmitters into one signal. The radio link with the previous access point is not broken before a link is established with a new sector, so this type of handoff is described as “make before break.”
A WLAN can give mobile clients the ability to “roam” or physically move from place to place without being connected by wires. In the context of a WLAN, the term “roaming” describes the act of moving between wireless access devices, which may be stand-alone wireless access points that cooperate with WLAN infrastructure. Many deployments of wireless computer infrastructure, such as WLANs, involve the use of multiple wireless access devices serving a number of mobile client devices.
Access control is used to insure a WLAN is used only by authorized clients, and access control techniques attempt to detect and exclude unauthorized clients. Access to a WLAN is therefore usually controlled by an authentication procedure to establish with some degree of confidence the identity of the user, then grant the privileges authorized to that user. Authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to connect. The sender being authenticated may be a mobile client device such as a laptop computer, a mobile phone, or other mobile devices. When a mobile client device roams between access points in a WLAN, the mobile client device must be re-authenticated for each new connection with an access point.
The IEEE 802.11i specification supports pre-authentication of mobile users for fast, secure roaming. To benefit security and performance, a scheme called Pairwise Master Key (PMK) Caching configures a shared key between a mobile client device and its authenticator. When a mobile client roams between access points, that mobile client's credentials no longer must be completely re-authenticated—a task that can take more than 100 milliseconds. If handoff were to take this long in the case of a voice session, for example, a connection would likely be dropped. Pre-authentication comes into play when users roam and in cases when signal strength fades and a client simply needs to find another access point with which to associate. Without pre-authentication, a mobile client roaming on a WLAN must break its connection and re-authenticate on a new WLAN before reconnecting to a new access point on the new WLAN.
In this regard, a mobile client on a WLAN may not be able to roam, with a continuous connection, to an access point on a different WLAN with a different virtual local area network (“VLAN”) or subnetwork (subnet). This may cause limited mobility for a mobile client roaming between different WLANs. It is desirable to have a way to roam across WLANs with different VLAN or subnetwork boundaries. Other desirable features and characteristics of the present invention will become apparent from the subsequent detailed description and the appended claims, taken in conjunction with the accompanying drawings and the foregoing technical field and background.