| CPC H04L 63/0236 (2013.01) [H04L 63/0876 (2013.01); H04L 63/1466 (2013.01)] | 19 Claims |
|
1. A method comprising:
identifying, by an access point (AP) of an AP cluster, an Internet Protocol (IP) address of a first permitted device in a virtual local area network (VLAN), wherein the AP wirelessly couples a client device by a wireless interface to the VLAN;
adding, by the AP, an entry to a permitted list comprising IP addresses of permitted devices accessible in the VLAN, the added entry comprising an IP address of the first permitted device;
determining, by the AP, whether a target IP address in an Address Resolution Protocol (ARP) request received at the AP is present in the permitted list;
based on determining that the target IP address in the ARP request is present in the permitted list, forwarding, by the AP, the ARP request to the first permitted device;
extracting, by the AP, a Media Access Control (MAC) address of the first permitted device from an ARP response sent by the first permitted device as a response to the ARP request;
adding, by the AP, the MAC address of the first permitted device to the entry in the permitted list; and
dropping, by the AP, a packet based on a determination that a MAC address in the packet is not present in the permitted list.
|