Networked services to wired and wireless devices are supported by equipment that makes up what may be referred to as the “infrastructure” of the network. Examples of equipment in the network infrastructure include routers, access switches and control computers or servers that are used to store data pertaining to the status of devices that connect to the network. Some access switches have routing capabilities and in this regard are also referred to as “forwarders” because they forward packets from one access switch to another.
A device with networking capability, referred to herein as a “client device” or “station”, may connect to the network at one access switch and then physically move, i.e., roam, such that it connects to a different access switch in the network. This roaming capability is prevalent with client devices that have wireless capabilities and can connect to a wired network at a different access switch by establishing a wireless connection, such as a wireless local area network (WLAN) connection with a wireless access point (AP) device.
A device that is not permanently authorized to operate in the network is sometimes given limited access to the network. This is called “guest” access and occurs when, for example, a person is visiting a large enterprise network and needs to have access to the enterprise network for purposes working with other individuals in the network. However, that access is limited only to certain data maintained by certain servers on the network called a “demilitarized zone” (DMZ), whereas other areas of the network are strictly prohibited to that guest user. In current network schemes, wired guest access and wireless guest access work differently. Wired guest access involves use of virtual local area networks (VLANs) and virtual routing and forwarding (VRF), while wireless guest access uses a tunneling architecture to tunnel guest traffic to the guest controller in the DMZ.