CN103428697B - Method for network access based on CAPWAP agreement, device and system - Google Patents
Method for network access based on CAPWAP agreement, device and system Download PDFInfo
- Publication number
- CN103428697B CN103428697B CN201210160566.1A CN201210160566A CN103428697B CN 103428697 B CN103428697 B CN 103428697B CN 201210160566 A CN201210160566 A CN 201210160566A CN 103428697 B CN103428697 B CN 103428697B
- Authority
- CN
- China
- Prior art keywords
- terminal
- network
- access
- wide
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Abstract
The present invention provides a kind of method for network access based on CAPWAP agreement, device and system.Relate to communication technical field.Solve hot terminal to a certain extent and wide-band terminal is shared after specifying broadband resource, for the problem that the service quality of hot terminal and wide-band terminal offer is relatively low.Concrete steps may include that network access equipment receives the network insertion request that terminal to be accessed sends;If the access mark instruction terminal to be accessed of terminal to be accessed is hot terminal, then network insertion request is carried out CAPWAP encapsulation, and the network insertion request after encapsulation is sent to controlling equipment, network insertion request after encapsulation is for indicating control equipment according to the network insertion request after encapsulation, and by certificate server, hot terminal is carried out network access authentication, and after hot terminal is by network access authentication, by hot terminal access network.Can be applicable in network insertion.
Description
Technical field
The present invention relates to communication technical field, particularly relate to based on CAPWAP(Control And
Provisioning of Wireless Access Points Protocol Specification, wireless connects
The control of access point and configuration protocol specification) method for network access of agreement, device and system.
Background technology
The wired or wireless broadband network of operator deployment is medium to family, office building, provides broadband for terminal
Business.
Wide-band terminal can pass through AP(Access Point, access point) the corresponding private encryption of active arrangement
SSID, and use private encryption's SSID access network, before access network, certificate server is to wide-band terminal
Carry out network access authentication, after by network access authentication, it is allowed to this wide-band terminal uses private encryption SSID
In access network.
This private encryption SSID can be notified to any hot terminal by wide-band terminal, makes hot terminal use private
People encrypts SSID access network, or, hot terminal can use what AP provided not encrypt SSID access network
Network.Wherein, this wide-band terminal shares same broadband resource when communicating with this hot terminal and network.
After access network, the network traffics that accounting server uses with wide-band terminal according to hot terminal total
With or the summation of access network time carry out charging.
During stating network insertion in realization, inventor finds that in prior art, at least there are the following problems:
In prior art, certificate server cannot carry out network access authentication to hot terminal, and then cannot be to focus
Terminal carries out independent charging, and the service quality causing network to provide for hot terminal and wide-band terminal is relatively low, enters
And reduce the Consumer's Experience of hot terminal and wide-band terminal.
Summary of the invention
The embodiment of the present invention provides the methods, devices and systems of a kind of network insertion based on CAPWAP agreement,
Improve wide-band terminal and hot terminal to a certain extent and share same broadband resource when communicating with network
Service quality.
For reaching above-mentioned purpose, embodiments of the invention adopt the following technical scheme that
On the one hand, it is provided that a kind of network access system based on CAPWAP agreement, including:
Network access equipment, for receiving the network insertion request that terminal to be accessed sends, described network insertion
Request comprises the access mark of terminal to be accessed;If the access mark instruction of described terminal to be accessed is described waiting
Entering terminal is hot terminal, then described network insertion request carries out CAPWAP encapsulation, and by the net after encapsulation
Network access request sends to controlling equipment;
Control equipment, the network insertion request after receiving the described encapsulation that described network access equipment sends;
After asking to carry out CAPWAP decapsulation by the network insertion after described encapsulation, according to the network after described decapsulation
Access request sends hot terminal certification request to certificate server, and described hot terminal certification request indicates institute
State certificate server and described hot terminal is carried out network access authentication, and send focus to described control equipment
Terminal authentication responds, and described hot terminal authentication response is used for describing whether described hot terminal is connect by network
Enter certification;Receive the described hot terminal authentication response that described certificate server sends;If described hot terminal
Authentication response indicates described hot terminal to pass through network access authentication, then by described hot terminal access network.
On the other hand, it is provided that a kind of method for network access based on CAPWAP agreement, including:
Network access equipment receives the network insertion request that terminal to be accessed sends, described network insertion request bag
Access mark containing terminal to be accessed;
If the access mark of described terminal to be accessed indicates described terminal to be accessed to be hot terminal, then by described
Network insertion request carries out CAPWAP encapsulation, and sends the network insertion request after encapsulation to controlling equipment,
Network insertion request after described encapsulation is for indicating described control equipment according to the network insertion after described encapsulation
Request, and described hot terminal carried out network access authentication by certificate server, and at described focus end
After end is by network access authentication, by described hot terminal access network.
It addition, also provide for another kind of method for network access based on CAPWAP agreement, including:
Control equipment receives the request of the network insertion after CAPWAP encapsulates that network access equipment sends;
After asking to carry out CAPWAP decapsulation by the network insertion after described encapsulation, after described decapsulation
Network insertion request sends hot terminal certification request to certificate server, and described hot terminal certification request refers to
Show that described certificate server carries out network access authentication to hot terminal, and send focus to described control equipment
Terminal authentication responds, and described hot terminal authentication response is used for describing whether described hot terminal is connect by network
Enter certification;
Receive the described hot terminal authentication response that described certificate server sends;
If described hot terminal authentication response indicates described hot terminal to pass through network access authentication, then by described
Hot terminal access network.
Another further aspect, it is provided that a kind of network access device based on CAPWAP agreement, including:
Receiving unit, for receiving the network insertion request that terminal to be accessed sends, described network insertion is asked
Comprise the access mark of terminal to be accessed;
First processing unit, if the access mark described terminal to be accessed of instruction for described terminal to be accessed is
Hot terminal, then carry out CAPWAP encapsulation by described network insertion request, and please by the network insertion after encapsulation
Transmission is asked to be used for indicating described control equipment according to institute to control equipment, the network insertion request after described encapsulation
State the request of the network insertion after encapsulation, and by certificate server, described hot terminal is carried out network insertion and recognize
Card, and after described hot terminal is by network access authentication, by described hot terminal access network.
It addition, also provide for another kind of network access device based on CAPWAP agreement, including:
Receive unit, for receiving the request of the network insertion after CAPWAP encapsulates that network access equipment sends;
Receiving the hot terminal authentication response that certificate server sends, described hot terminal authentication response is used for describing institute
State whether hot terminal passes through network access authentication;
Transmitting element, after asking to carry out CAPWAP decapsulation by the network insertion after described encapsulation, according to
Network insertion request after described decapsulation sends hot terminal certification request to described certificate server, described
Hot terminal certification request indicates described certificate server that hot terminal carries out network access authentication, and to institute
State control equipment and send described hot terminal authentication response;
Access unit, if indicating described hot terminal to pass through network insertion for described hot terminal authentication response
Certification, then by described hot terminal access network.
The method for network access based on CAPWAP agreement of embodiment of the present invention offer, device, system, use
After such scheme, network access equipment receive terminal to be accessed send network insertion request after, according to
The access mark of the terminal to be accessed comprised in network insertion request, it is judged that whether this terminal to be accessed is focus
Terminal, if hot terminal, then carries out CAPWAP encapsulation by network insertion request, and by the network after encapsulation
Access request sends to controlling equipment, in order to control equipment at terminal to be accessed by after network access authentication,
By terminal to be accessed access network so that hot terminal and wide-band terminal can pass through different modes access network,
After hot terminal and wide-band terminal are shared and are specified broadband resource, can be respectively to hot terminal and wide-band terminal
It is authenticated, thus the quality of the service provided into hot terminal and wide-band terminal is provided.
Accompanying drawing explanation
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, institute in embodiment being described below
The accompanying drawing used is needed to be briefly described, it should be apparent that, the accompanying drawing in describing below is only the present invention
Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work,
Other accompanying drawing can also be obtained according to these accompanying drawings.
Method for network access based on CAPWAP agreement, device and the system that Fig. 1 provides for the present embodiment
Network architecture schematic diagram;
A kind of based on CAPWAP agreement the network access system structural representation that Fig. 2 provides for the present embodiment;
The flow chart of a kind of wide-band terminal access network that Fig. 3 provides for the present embodiment;
The flow chart of a kind of hot terminal access network that Fig. 4 provides for the present embodiment;
Fig. 5 for the present embodiment provide a kind of to control the equipment net based on CAPWAP agreement as executive agent
Network cut-in method flow chart;
The another kind that Fig. 6 provides for the present embodiment is to control based on CAPWAP agreement as executive agent of equipment
Method for network access flow chart;
Fig. 7 for the present embodiment provide a kind of with network access equipment as executive agent based on CAPWAP agreement
Method for network access flow chart;
Another kind the assisting based on CAPWAP with network access equipment as executive agent that Fig. 8 provides for the present embodiment
The method for network access flow chart of view;
A kind of method flow diagram that hot terminal is carried out network access authentication that Fig. 9 provides for the present embodiment;
Figure 10 for the present embodiment provide a kind of be applied in network access equipment based on CAPWAP agreement
Network access device structural representation;
Figure 11 for the another kind that the present embodiment provides be applied in network access equipment based on CAPWAP agreement
Network access device structural representation;
A kind of network based on CAPWAP agreement being applied in control equipment that Figure 12 provides for the present embodiment
Access device structural representation;
The net based on CAPWAP agreement that Figure 13 is applied in control equipment for the another kind that the present embodiment provides
Network access device structural representation.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly
Chu, be fully described by, it is clear that described embodiment be only a part of embodiment of the present invention rather than
Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creation
The every other embodiment obtained under property work premise, broadly falls into the scope of protection of the invention.
For clearer description the following examples, first the network architecture of embodiment is simply introduced.
As it is shown in figure 1, the wide-band terminal in the network architecture can be led to network by network access equipment
Letter;Hot terminal can by network access equipment and for control the control equipment of network access equipment with
Network communicates, and wide-band terminal and the hot terminal in this network architecture shares same appointment broadband
Resource.
Wherein, wide-band terminal and hot terminal can be but be not limited to: mobile phone, computer etc.;Network insertion
Equipment can be but be not limited to: AP and/or CPE(Customer Premise Equipment, user side
Equipment) etc.;Control equipment can be but be not limited to: AC(Wireless Access Point Controller,
Wireless controller) or BRAS(Broadband Remote Access Server, BAS Broadband Access Server)
Deng.The most all with network access equipment as AP, and control equipment is to illustrate as a example by AC.
Wherein, CPE can built-in/external AP, or, cable broadband home gateway can built-in/external AP,
To provide WiFi(Wireless Fidelity, unlimited fidelity) signal confession terminal to be accessed access network.
Wide-band terminal be by arranging private encryption SSID in AP after, use this private encryption SSID to access
Network, and only know the terminal of the password of this private encryption SSID, just can use private encryption SSID
Carry out network insertion;AP can configure multiple focus and share the use of SSID heat supply point accessing terminal to network, specifically
, the focus that AP configures to focus terminal broadcast shares SSID, and afterwards, hot terminal uses corresponding focus
Share SSID access network, and share appointment broadband resource with wide-band terminal.
AP also supports that fat or thin integration mode of operation, i.e. AP can identify private encryption SSID and focus altogether
Enjoy SSID, and respectively wide-band terminal is performed different with the request that hot terminal sends according to different SSID
The transmission of mode or process etc..When AP identifies private encryption SSID, i.e. transmit or process wide-band terminal and send
Request time, the mode of operation of AP is fat pattern;When AP identifies broadband SSID, i.e. transmit or process heat
During the request that some terminal sends, the mode of operation of AP is thin pattern.
The present embodiment arranges focus and shares SSID and wide-band terminal and arrange private encryption SSID by AP AP
Method be not construed as limiting, the technology being well known to those skilled in the art, do not repeat them here.
Concrete, the step that wide-band terminal and network communicate may include that wide-band terminal passes through AP and makes
After private encryption's SSID access network, AP is receiving network access request information and is identifying network access
After request comprises private encryption SSID, this network access request is carried out NAT(Network Address by AP
Translation, network address translation) after, use and specify broadband to send to network, in order to wide-band terminal with
Networking communicates.
Wherein, NAT is by IP(Internet Protocol, the agreement of interconnection between network) address turns
It is changed to the process of another IP address.In actual applications, NAT is mainly used in realizing private network access public affairs
The function of common network network, private IP address will be converted to public ip address.This by using a small amount of public affairs
IP address is had to represent the mode of more private IP address, it will help to slow down IP available address space
Exhausted.The technology that NAT is well known to those skilled in the art, does not repeats them here.
The step that hot terminal and network communicate may include that hot terminal passes through AP and AC and uses
Focus shares SSID access network, AP receive network access request information and identify this network access please
Comprise after focus shares SSID in asking, by this network access request after CAPWAP encapsulates, and use and refer to
Fixed width band is sent to send network access request to network after AC, AC carry out CAPWAP decapsulation, makes focus
Terminal communicates with network.
So, hot terminal and wide-band terminal at shared same appointment broadband resource, and in different ways with
When networking communicates, the request that wide-band terminal is sent both can be avoided to carry out what CAPWAP encapsulation was brought
Expense, can avoid again the problem that AC/BRAS carries out recurrent network access authentication to wide-band terminal.
Wherein, can be carried out data transmission by CAPWAP tunnel between AP and AC, between AP and AC
Before carrying out data transmission, first AP or AC carry out CAPWAP encapsulation to data to be transmitted, and uses appointment
Data after encapsulation are sent to after AC or AP by broadband, AC or AP again CAPWAP is encapsulated after to be transmitted
Data carry out CAPWAP decapsulation, perform next step operation the most again.
The method of CAPWAP encapsulation and CAPWAP decapsulation is not construed as limiting, for this area skill by the present embodiment
Technology known to art personnel, and the technology that CAPWAP tunnel is also well known to those skilled in the art, at this no longer
Repeat.
Provide below some embodiments scheme is specifically described.
Embodiment one
The present embodiment provides a kind of network access system based on CAPWAP agreement, as in figure 2 it is shown, can wrap
Include:
Network access equipment 21, for receiving the network insertion request that terminal to be accessed sends, network insertion please
Seek the access mark comprising terminal to be accessed;If the access mark instruction terminal to be accessed of terminal to be accessed is heat
Point terminal, then carry out network insertion request CAPWAP encapsulation, and the network insertion request after encapsulation sent
To controlling equipment;
Control equipment 22, the network insertion request after receiving the encapsulation that network access equipment sends;Will envelope
After network insertion request after dress carries out CAPWAP decapsulation, ask to recognizing according to the network insertion after decapsulation
Card server sends hot terminal certification request, and hot terminal certification request instruction certificate server is to focus eventually
End carries out network access authentication, and sends hot terminal authentication response to controlling equipment, and hot terminal certification rings
It is applied to describe whether hot terminal passes through network access authentication;Receive the hot terminal that certificate server sends
Authentication response;If hot terminal authentication response instruction hot terminal is by network access authentication, then by focus eventually
End access network.
After using such scheme, network access equipment is receiving the network insertion request that terminal to be accessed sends
After, the access mark of the terminal to be accessed comprised in asking according to network insertion, it is judged that this terminal to be accessed is
No for hot terminal, if hot terminal, then network insertion request is carried out CAPWAP encapsulation, and will encapsulation
After network insertion request send to controlling equipment, in order to control equipment passes through network insertion at terminal to be accessed
After certification, by terminal to be accessed access network so that hot terminal and wide-band terminal can pass through different modes
Access network, after hot terminal and wide-band terminal are shared and are specified broadband resource, can be respectively to hot terminal
It is authenticated with wide-band terminal, the quality of the service provided into hot terminal and wide-band terminal is provided.
As it is shown on figure 3, the step of wide-band terminal access network may include that wide-band terminal sets to network insertion
Preparation SCN Space Cable Network access request, the access mark instruction terminal to be accessed that network insertion request comprises is that broadband is whole
End access mark, i.e. wide-band terminal access mark can include but not limited to: private encryption SSID and/
Or the password etc. of private encryption SSID;Network access equipment is receiving network insertion request, and identifies net
After private encryption SSID in network access request, by certificate server, wide-band terminal is carried out network insertion and recognize
Card, i.e. judges that private encryption SSID is the most corresponding with the password of private encryption SSID, if corresponding, then
Obtain the wide-band terminal IP address being used for communicating in the network with network, by wide-band terminal access network
Network.Network access equipment is before by wide-band terminal access network, by asking to appointment broadband Sending dialled number,
As, PPPOE dial request, it is achieved be connected, so with specifying broadband to set up, it is ensured that wide-band terminal can use
Broadband is specified to communicate with network.
The method of wide-band terminal access network can be not limited to above-mentioned described method, does not repeats them here.
Wide-band terminal can also send accounting request by network access equipment to accounting server and carry out charging,
Accounting server can obtain the customization of this wide-band terminal according to the identification information of the wide-band terminal in accounting request
Business;Business according to the customization got carries out charging to wide-band terminal.
The method that wide-band terminal carries out charging is not construed as limiting by the present embodiment, is well known to those skilled in the art
Technology, does not repeats them here.
The method that wide-band terminal and network communicate has been carried out simply introducing, at this no longer in the preceding article
Repeat.
As shown in Figure 4, as a kind of embodiment, hot terminal access network, hot terminal enter with network
The step of row communication may include that
If the access that instruction terminal to be accessed is hot terminal is designated focus and shares SSID, then network insertion sets
After standby focus in identifying network insertion solicited message shares SSID, use nominated bandwidth by CAPWAP
Network insertion request after encapsulation sends to controlling equipment, and the network after control equipment encapsulates according to CAPWAP connects
Enter request, and by certificate server, hot terminal is carried out network access authentication, if being recognized by network insertion
Card, then control equipment by hot terminal access network so that hot terminal uses nominated bandwidth to carry out with network
Communication.
Embodiment two
As improvement, the present embodiment provides another kind of network access system based on CAPWAP agreement, such as Fig. 2
Shown in, may include that
Network access equipment 21, for receiving the network insertion request that terminal to be accessed sends, network insertion please
Seek the access mark comprising terminal to be accessed;If the access mark instruction terminal to be accessed of terminal to be accessed is heat
Point terminal, then carry out network insertion request CAPWAP encapsulation, and the network insertion request after encapsulation sent
To controlling equipment;
Control equipment 22, the network insertion request after receiving the encapsulation that network access equipment sends;Will envelope
After network insertion request after dress carries out CAPWAP decapsulation, ask to recognizing according to the network insertion after decapsulation
Card server sends hot terminal certification request, and hot terminal certification request instruction certificate server is to focus eventually
End carries out network access authentication, and sends hot terminal authentication response to controlling equipment, and hot terminal certification rings
It is applied to describe whether hot terminal passes through network access authentication;Receive the hot terminal that certificate server sends
Authentication response;If hot terminal authentication response instruction hot terminal is by network access authentication, then by focus eventually
End access network.
Further, network access equipment 21 is additionally operable to: if the access mark instruction of terminal to be accessed is to be accessed
Terminal is wide-band terminal, then send wide-band terminal certification request to certificate server, and wide-band terminal certification is asked
Instruction certificate server carries out network access authentication to wide-band terminal, and sends broadband eventually to network access equipment
End authentication response, wide-band terminal authentication response is used for describing whether wide-band terminal passes through network access authentication;Connect
Receive wide-band terminal authentication response;If wide-band terminal authentication response instruction wide-band terminal is by network access authentication,
Then by wide-band terminal access network.
Further, the network insertion request after encapsulation also comprises the identification information of hot terminal;
Network access equipment is additionally operable to 21: the business instruction information that receiving control apparatus sends, business instruction is believed
Breath comprises specifies preferential business and the identification information of the wide-band terminal with hot terminal binding, it is intended that preferential industry
Business is that service operation support server obtains according to the network access information of hot terminal, network access information
During the network traffics used after the time length describing hot terminal access network or access network are how many
At least one;Send to the wide-band terminal that the identification information of wide-band terminal is corresponding and specify preferential business, in order to be wide
Tape terminal performs to specify preferential business;
Control equipment is additionally operable to 22: the network obtaining hot terminal according to the identification information of hot terminal accesses letter
Breath;To service operation support server send network access information, in order to service operation support server according to
Network access information obtains specifies preferential business;Receive the preferential industry of appointment that service operation support server sends
Business;Business instruction information is sent to network access equipment.
Further, network access equipment 21 is additionally operable to: receive the network visit that the terminal of accessed network sends
Ask the access mark of the terminal that request, network access request comprise accessed network;Broadband is sent eventually to network
The network access request of end, the access comprised in the network access request of wide-band terminal mark indicates access network
The terminal of network is wide-band terminal;Until the network access request of all wide-band terminals being currently received is sent
After completing, then to controlling the network access request of equipment transmission hot terminal, the network of hot terminal accesses please
The terminal accessing mark instruction accessed network comprised in asking is hot terminal;
Control equipment 22 is additionally operable to: receive the network access request of hot terminal, and by the network of hot terminal
Access request is sent to network.
After using such scheme, network access equipment is receiving the network insertion request that terminal to be accessed sends
After, the access mark of the terminal to be accessed comprised in asking according to network insertion, it is judged that this terminal to be accessed is
No for hot terminal, if hot terminal, then network insertion request is carried out CAPWAP encapsulation, and will encapsulation
After network insertion request send to controlling equipment, in order to control equipment passes through network insertion at terminal to be accessed
After certification, by terminal to be accessed access network so that hot terminal and wide-band terminal can pass through different modes
Access network, wide-band terminal (being probably domestic consumer) business datum forward-path is constant, and hot terminal
After data can being carried out CAPWAP encapsulation by access device, forward to control equipment, thus avoid
Wide-band terminal user carries out CAPWAP and encapsulates the header overhead problem brought, and avoids the control equipment to broadband
Terminal use carries out repeatedly certification and flow deduction problem etc.;And for hot terminal, can with width
Tape terminal is shared and is specified while broadband resource, it is achieved the independent certification of itself accesses, thus improve into
The service quality that hot terminal and wide-band terminal provide;Further, by recognizing that the embodiment of the present invention provides
Card cut-in method can realize independent charging to hot terminal, and can be returned certain excellent by this billing of services
Ex gratia wide-band terminal user, further increases hot terminal and the service quality of wide-band terminal offer;Enter one
Step, owing to therefore wide-band terminal and hot terminal business independent process can needed by access device
By the priority scheduling to wide-band terminal user service data in the case of Yaoing, it is achieved daynamic bandwidth managment, enter
And ensure the Consumer's Experience of wide-band terminal user.
Enforcement principle based on above-mentioned network access system, is connect from network respectively by specific embodiment the most again
Enter equipment and the method for network access that the embodiment of the present invention provides is introduced in control equipment both sides.
Embodiment three
The present embodiment provides a kind of method for network access based on CAPWAP agreement, and the executive agent of the method is
Network access equipment, as it is shown in figure 5, may comprise steps of:
501, network access equipment receives the network insertion request that terminal to be accessed sends.
First terminal to be accessed sends network insertion request, network to network access equipment
Access request comprises the access mark of terminal to be accessed, and the access mark of terminal to be accessed can be, but not limited to use
It is hot terminal or wide-band terminal in mark terminal to be accessed.
Terminal to be accessed is accessed the effect of mark and is not construed as limiting by the present embodiment, can enter according to actual needs
Row sets, and does not repeats them here.
If the access mark instruction terminal to be accessed of 502 terminals to be accessed is hot terminal, then by network insertion
Request carries out CAPWAP encapsulation, and sends the network insertion request after encapsulation to controlling equipment, after encapsulation
Network insertion request is for indicating control equipment to ask according to the network insertion after encapsulation, and passes through authentication service
Device carries out network access authentication to hot terminal, and after hot terminal is by network access authentication, by focus
Accessing terminal to network.
After using such scheme, network access equipment is receiving the network insertion request that terminal to be accessed sends
After, the access mark of the terminal to be accessed comprised in asking according to network insertion, it is judged that this terminal to be accessed is
No for hot terminal, if hot terminal, then network insertion request is carried out CAPWAP encapsulation, and will encapsulation
After network insertion request send to controlling equipment, in order to control equipment passes through network insertion at terminal to be accessed
After certification, by terminal to be accessed access network so that hot terminal and wide-band terminal can pass through different modes
Access network, after hot terminal and wide-band terminal are shared and are specified broadband resource, can be respectively to hot terminal
It is authenticated with wide-band terminal, the service quality provided into hot terminal and wide-band terminal is provided.
Embodiment four
As improvement, the present embodiment provides another kind of method for network access based on CAPWAP agreement, the method
Executive agent be network access equipment, as shown in Figure 6, may comprise steps of:
601, network access equipment receives the network insertion request that terminal to be accessed sends.
First terminal to be accessed sends network insertion request, network to network access equipment
Access request comprises the access mark of terminal to be accessed, and the access mark of terminal to be accessed can be, but not limited to use
It is hot terminal or wide-band terminal in mark terminal to be accessed.
Terminal to be accessed is accessed the effect of mark and is not construed as limiting by the present embodiment, can enter according to actual needs
Row sets, and does not repeats them here.
If the access mark instruction terminal to be accessed of 602 terminals to be accessed is hot terminal, then by network insertion
Request carries out CAPWAP encapsulation, and sends the network insertion request after encapsulation to controlling equipment, after encapsulation
Network insertion request is for indicating control equipment to ask according to the network insertion after encapsulation, and passes through authentication service
Device carries out network access authentication to hot terminal, and after hot terminal is by network access authentication, by focus
Accessing terminal to network.
As an embodiment of the present embodiment, instruction terminal to be accessed is wide-band terminal terminal to be accessed
Access mark can be but be not limited to: private encryption SSID;Instruction terminal to be accessed is that hot terminal is to be accessed
The access mark of terminal can be but be not limited to: focus shares SSID, and i.e. wide-band terminal is with hot terminal respectively
Private encryption SSID, focus can be used to share SSID access network.
Network access equipment identify private encryption SSID or focus share SSID after to the request received
Transmission and processing method may be different.
Further, the network insertion request after encapsulation is additionally operable to indicate control equipment to send to accounting server
Accounting request, the Web vector graphic after hot terminal access network is carried out by accounting request instruction accounting server
Charging.
Accounting server can be but be not limited to: operator's accounting server etc..
The charging method of accounting server is not construed as limiting by the present embodiment, can be well known to those skilled in the art
Any means, do not repeat them here.
Perform step 606.
If the access mark instruction terminal to be accessed of 603 terminals to be accessed is wide-band terminal, then to authentication service
Device sends wide-band terminal certification request.
Wide-band terminal certification request instruction certificate server carries out network access authentication to wide-band terminal, and to net
Network access device sends wide-band terminal authentication response, and wide-band terminal authentication response is used for whether describing wide-band terminal
Pass through network access authentication.
604, network access equipment receives wide-band terminal authentication response.
If 605 wide-band terminal authentication response instruction wide-band terminals are by network access authentication, then by wide-band terminal
Access network.
So, hot terminal and wide-band terminal are by respective method access network, and hot terminal is with broadband eventually
End shares same appointment broadband number, can be hot terminal and the wide-band terminal higher service quality of offer.
606, the business instruction information that network access equipment receiving control apparatus sends.
Business instruction information comprises specifies preferential business and the mark letter of the wide-band terminal with hot terminal binding
Breath, it is intended that preferential business is that service operation support server obtains according to the network access information of hot terminal,
The net that network access information uses after the time length describing hot terminal access network or access network
During network flow is how many at least one.
607, the preferential business of appointment is sent to the wide-band terminal that the identification information of wide-band terminal is corresponding, in order to broadband
Terminal performs to specify preferential business.
Hot terminal and wide-band terminal are shared when specifying broadband resource, and service operation support server is according to focus
The network access information of terminal, sends to wide-band terminal and specifies preferential business so that hot terminal is with broadband eventually
End is shared when specifying broadband resource, and wide-band terminal can obtain certain income.
Further, in order to ensure the QoS(Quality of Service of wide-band terminal, service quality),
The network access request that then first wide-band terminal is sent by network access equipment is transmitted or processes.
As an embodiment of the present embodiment, network access equipment receives the terminal of accessed network and sends
Network access request, network access request comprise the terminal of accessed network access mark;Send out to network
Send the network access request of wide-band terminal, the access mark instruction comprised in the network access request of wide-band terminal
The terminal of accessed network is wide-band terminal;Until all wide-band terminal network access request being currently received
After being sent completely, then to control equipment send hot terminal network access request, in order to control equipment to
Network sends the network access request of hot terminal, the access mark comprised in the network access request of hot terminal
The terminal knowing instruction accessed network is hot terminal.
After using such scheme, network access equipment is receiving the network insertion request that terminal to be accessed sends
After, the access mark of the terminal to be accessed comprised in asking according to network insertion, it is judged that this terminal to be accessed is
No for hot terminal, if hot terminal, then network insertion request is carried out CAPWAP encapsulation, and will encapsulation
After network insertion request send to controlling equipment, in order to control equipment passes through network insertion at terminal to be accessed
After certification, by terminal to be accessed access network so that hot terminal and wide-band terminal can pass through different modes
Access network, after hot terminal and wide-band terminal are shared and are specified broadband resource, can be respectively to hot terminal
It is authenticated with wide-band terminal, the service quality provided into hot terminal and wide-band terminal is provided;Further
, the authentication accessing method provided by the embodiment of the present invention can realize independent charging to hot terminal, and
Can be returned certain preferential to wide-band terminal user by this billing of services, further increase hot terminal and
The service quality that wide-band terminal provides;Further, can to wide-band terminal with focus eventually due to access device
End business independent process, therefore can excellent by wide-band terminal user service data in case of need
First dispatch, it is achieved daynamic bandwidth managment, and then ensure the Consumer's Experience of wide-band terminal user.
Embodiment five
The present embodiment provides a kind of method for network access based on CAPWAP agreement, and the executive agent of the method is
Control equipment, as it is shown in fig. 7, may comprise steps of:
701, control equipment and receive the request of the network insertion after CAPWAP encapsulates that network access equipment sends.
702, after the network insertion request after encapsulation being carried out CAPWAP decapsulation, according to the net after decapsulation
Network access request sends hot terminal certification request, hot terminal certification request instruction certification to certificate server
Server carries out network access authentication to hot terminal, and sends hot terminal authentication response to controlling equipment,
Hot terminal authentication response is used for describing whether hot terminal passes through network access authentication.
703, the hot terminal authentication response that certificate server sends is received.
If 704 hot terminal authentication response instruction hot terminals are by network access authentication, then by hot terminal
Access network.
After using such scheme, network access equipment is receiving the network insertion request that terminal to be accessed sends
After, the access mark of the terminal to be accessed comprised in asking according to network insertion, it is judged that this terminal to be accessed is
No for hot terminal, if hot terminal, then network insertion request is carried out CAPWAP encapsulation, and will encapsulation
After network insertion request send to controlling equipment, in order to control equipment passes through network insertion at terminal to be accessed
After certification, by terminal to be accessed access network so that hot terminal and wide-band terminal can pass through different modes
Access network, after hot terminal and wide-band terminal are shared and are specified broadband resource, can be respectively to hot terminal
It is authenticated with wide-band terminal, the service quality provided into hot terminal and wide-band terminal is provided.
Embodiment six
As improvement, the present embodiment provides another kind of method for network access based on CAPWAP agreement, the method
Executive agent be control equipment, and this method mainly describes hot terminal access network and carries out with network
The method of communication, as shown in Figure 8, may comprise steps of:
801, control equipment and receive the request of the network insertion after CAPWAP encapsulates that network access equipment sends.
Hot terminal before accessing to a network, first sends network insertion request, network to network access equipment
Access request can comprise the access mark that instruction terminal to be accessed is hot terminal, and network access equipment will connect
After the network insertion request received carries out CAPWAP encapsulation, send to controlling equipment.
802, after the network insertion request after encapsulation is carried out CAPWAP decapsulation by control equipment, according to deblocking
Network insertion request after dress sends hot terminal certification request to certificate server, and hot terminal certification is asked
Instruction certificate server carries out network access authentication to hot terminal, and recognizes to control equipment transmission hot terminal
Card response, hot terminal authentication response is used for describing whether hot terminal passes through network access authentication.
In order to make Virtual network operator hotspot device to be accessed can be carried out network access authentication, then control equipment
After network insertion request after receiving encapsulation, send hot terminal certification request to certificate server.
Certificate server can be but be not limited to: carrier authorization server etc..
803, the hot terminal authentication response that certificate server sends is received.
Terminal to be accessed is before accessing to a network, it is necessary first to entered this terminal to be accessed by certificate server
Row network access authentication, after by network access authentication, just in accessible network, and leads to network
Letter.
As an embodiment of the present embodiment, recognize as it is shown in figure 9, hot terminal is carried out network insertion
The method of card may include that
1. hot terminal uses focus to share SSID access network, and by DHCP(Dynamic Host
Configuration Protocol, DynamicHost arranges agreement) obtain IP address;
The technology that the method for IP address is well known to those skilled in the art is obtained by DHCP, the most superfluous at this
State;
2. hot terminal opens IE(Internet Explorer, web browser), input any one and close
Method URL(UniformResourceLocator, URL), send the HTTP including URL
(Hypertext Transport Protocol, HTTP) message to network access equipment,
Network access equipment sends to AC/BRAS after HTTP message is carried out CAPWAP encapsulation, AC/BRAS solve
After CAPWAP encapsulation, HTTP message is redirected to Portal Server(information source server);
3.Portal Server is by network access equipment and controls equipment to hot terminal propelling movement WEB(net
Network) authentication interface, it is desirable to hot terminal feedback user name and password;WEB authentication interface is carried out by AC/BRAS
It is sent to network access equipment after CAPWAP encapsulation, and after being encapsulated by network access equipment solution CAPWAP, sends
To hot terminal;
4. hot terminal is after receiving WEB certification page, will by network access equipment and control equipment
The terminal references information such as user name, password sends to Portal Server;
5.Portal Server receives terminal references information, sends certification request and asks to AC/BRAS, certification
Seek the access mark that can comprise terminal references information and hot terminal;
6.AC/BRAS sends certification request to carrier authorization server (for example, it is possible to being aaa server),
So as AAA(Authentication;Authorization;Accounting, certification;Authorize;Book keeping operation)
Server carries out network access authentication according to carrier authorization request to hot terminal;
7. network insertion is demonstrate,proved by rear, and aaa server sends authentication response to AC/BRAS;
8.AC/BRAS sends authentication response to Portal Server;
After 9.Portal Server receives authentication response, by network access equipment and control equipment to focus
Terminal pushing certification success interface, prompting hot terminal certification is passed through.
10., after hot terminal receives certification success interface, regular traffic can be carried out with network and start meter
Take.
In the specific embodiment shown in Fig. 9, aaa server can include but not limited to: accounting server,
And carrier authorization server, the accounting server in the present embodiment and certificate server can be arranged at one
In server, it is also possible to be respectively two independent servers, in this no limit.
The method that hot terminal carries out network access authentication is not construed as limiting by the present embodiment, can be this area
Any means known to technical staff, does not repeats them here.
If 804 hot terminal authentication response instruction hot terminals are by network access authentication, then controlling equipment will
Hot terminal access network.
The method of hot terminal access network is not construed as limiting by the present embodiment by control equipment, can be according to reality
Needs are defined, and do not repeat them here.
805, sending accounting request to accounting server, hot terminal is connect by accounting request instruction accounting server
Enter the Web vector graphic after network and carry out charging.
Further, the network insertion request after encapsulation also comprises the identification information of hot terminal;To charging
After server sends accounting request, control equipment and obtain hot terminal according to the identification information of hot terminal
Network access information, network access information is used for describing hot terminal access network time length or access network
During the network traffics that use after network are how many at least one;Network access information is sent to accounting server, in order to
Accounting server carries out charging according to network access information to hot terminal.
Control equipment is used for controlling network access equipment, and control equipment can also store any terminal and pass through net
The network access information that network access device and network communicate.
As an embodiment of the present embodiment, obtain hot terminal according to the identification information of hot terminal
Network access information may include that
In control equipment, storage has the corresponding relation of terminal and network access equipment, and controlling equipment can be according to heat
The identification information of some terminal, gets the mark letter of the network access equipment i.e. used corresponding to this hot terminal
Breath, and according to the identification information of network access equipment, get hot terminal use this network access equipment with
The network access information that network communicates.
Such as, the identification information of network access equipment can be but be not limited to: SN(Series Number, sequence
Row number), MAC(Media Access Control, medium education) etc..
The content that the method and network access information that obtain network access information are comprised by the present embodiment does not limits
Fixed, can be set according to actual needs, not repeat them here.
806, receive and send, to network access equipment, the business instruction letter that service operation support server sends
Breath, business instruction information comprises specifies preferential business and the mark letter of the wide-band terminal with hot terminal binding
Breath, in order to network access equipment sends to the wide-band terminal that the identification information of wide-band terminal is corresponding and specifies preferential industry
Business, makes wide-band terminal perform to specify preferential business, it is intended that preferential business be service operation support server according to
Obtaining from the network access information of the hot terminal of control equipment acquisition, network access information is used for describing heat
During the network traffics used after the some time length of accessing terminal to network or access network are how many at least one.
Business instruction information comprises service operation support server according to from accounting server, the network of acquisition
What access information obtained specifies preferential business and the access mark of the wide-band terminal with hot terminal binding, with
Just the access mark of network access equipment wide-band terminal, will specify preferential business to send to wide-band terminal, make width
Tape terminal performs to specify preferential business.
After using such scheme, network access equipment is receiving the network insertion request that terminal to be accessed sends
After, the access mark of the terminal to be accessed comprised in asking according to network insertion, it is judged that this terminal to be accessed is
No for hot terminal, if hot terminal, then network insertion request is carried out CAPWAP encapsulation, and will encapsulation
After network insertion request send to controlling equipment, in order to control equipment passes through network insertion at terminal to be accessed
After certification, by terminal to be accessed access network so that hot terminal and wide-band terminal can pass through different modes
Access network, after hot terminal and wide-band terminal are shared and are specified broadband resource, can be respectively to hot terminal
It is authenticated with wide-band terminal, the service quality provided into hot terminal and wide-band terminal is provided;Further
, the authentication accessing method provided by the embodiment of the present invention can realize independent charging to hot terminal, and
Can be returned certain preferential to wide-band terminal user by this billing of services, further increase hot terminal and
The service quality that wide-band terminal provides;Further, can to wide-band terminal with focus eventually due to access device
End business independent process, therefore can excellent by wide-band terminal user service data in case of need
First dispatch, it is achieved daynamic bandwidth managment, and then ensure the Consumer's Experience of wide-band terminal user.
Embodiment seven
The present embodiment provides a kind of network access device based on CAPWAP agreement it should be understood that this device
Can apply to network access equipment, such as wireless router, CPE or home gateway etc., as shown in Figure 10,
This device may include that
Receive unit 101, for receiving the network insertion request that terminal to be accessed sends, network insertion request bag
Access mark containing terminal to be accessed;
First processing unit 102, if the access mark instruction terminal to be accessed for terminal to be accessed is that focus is whole
End, then carry out network insertion request CAPWAP encapsulation, and send the network insertion request after encapsulation to control
Control equipment, the network insertion request after encapsulation is used for indicating control equipment to ask according to the network insertion after encapsulation,
And by certificate server, hot terminal is carried out network access authentication, and pass through network insertion at hot terminal
After certification, by hot terminal access network.
After using such scheme, the first processing unit receives the network of terminal to be accessed transmission receiving unit
After access request, the access mark of the terminal to be accessed comprised in asking according to network insertion, it is judged that this is waiting
Enter whether terminal is hot terminal, if hot terminal, then network insertion request carried out CAPWAP encapsulation,
And the network insertion request after encapsulation is sent to controlling equipment, in order to control equipment passes through at terminal to be accessed
After network access authentication, by terminal to be accessed access network so that hot terminal can pass through with wide-band terminal
Different modes access network, after hot terminal and wide-band terminal are shared and are specified broadband resource, can be the most right
Hot terminal and wide-band terminal are authenticated, and improve the service quality provided into hot terminal and wide-band terminal.
Embodiment eight
As improvement, the present embodiment provides another kind of network access device based on CAPWAP agreement, this device
Can apply to network access equipment, such as wireless router, CPE or home gateway etc..As shown in figure 11,
May include that
Receive unit 111, for receiving the network insertion request that terminal to be accessed sends, network insertion request bag
Access mark containing terminal to be accessed;
First processing unit 112, if the access mark instruction terminal to be accessed for terminal to be accessed is that focus is whole
End, then carry out network insertion request CAPWAP encapsulation, and send the network insertion request after encapsulation to control
Control equipment, the network insertion request after encapsulation is used for indicating control equipment to ask according to the network insertion after encapsulation,
And by certificate server, hot terminal is carried out network access authentication, and pass through network insertion at hot terminal
After certification, by hot terminal access network.
Further, the network insertion request after encapsulation is additionally operable to indicate control equipment to send to accounting server
Accounting request, the Web vector graphic after hot terminal access network is carried out by accounting request instruction accounting server
Charging.
Second processing unit 113, if the access mark instruction terminal to be accessed for terminal to be accessed is that broadband is whole
End, then send wide-band terminal certification request, wide-band terminal certification request instruction authentication service to certificate server
Device carries out network access authentication to wide-band terminal, and sends wide-band terminal authentication response to network access equipment,
Wide-band terminal authentication response is used for describing whether wide-band terminal passes through network access authentication;If described wide-band terminal
Authentication response indicates described wide-band terminal to pass through network access authentication, then by described wide-band terminal access network.
Further, receive unit 111 to be additionally operable to: receive wide-band terminal authentication response;
Further, receive unit 111 and be additionally operable to: the business instruction information that receiving control apparatus sends, industry
Business instruction information comprises specifies preferential business and the identification information of the wide-band terminal with hot terminal binding, refers to
Fixed preferential business is that service operation support server obtains according to the network access information of hot terminal, network
The network flow that access information uses after the time length describing hot terminal access network or access network
During amount is how many at least one;
Transmitting element 114, sends for the wide-band terminal corresponding to the identification information of wide-band terminal and specifies preferential industry
Business, in order to wide-band terminal performs to specify preferential business.
Further, receive unit 111 to be additionally operable to: receive the network access that the terminal of accessed network sends
Request, network access request comprises the access mark of the terminal of accessed network;
Further, the second processing unit 113 is additionally operable to: the network access sending wide-band terminal to network please
Asking, the terminal accessing mark instruction accessed network comprised in the network access request of wide-band terminal is broadband
Terminal;
Until after all wide-band terminal network access request being currently received are sent completely, then set to control
Preparation send the network access request of hot terminal, in order to controls equipment and sends the network visit of hot terminal to network
Asking request, the terminal accessing mark instruction accessed network comprised in the network access request of hot terminal is
Hot terminal.
After using such scheme, the first processing unit receives the network of terminal to be accessed transmission receiving unit
After access request, the access mark of the terminal to be accessed comprised in asking according to network insertion, it is judged that this is waiting
Enter whether terminal is hot terminal, if hot terminal, then network insertion request carried out CAPWAP encapsulation,
And the network insertion request after encapsulation is sent to controlling equipment, in order to control equipment passes through at terminal to be accessed
After network access authentication, by terminal to be accessed access network so that hot terminal can pass through with wide-band terminal
Different modes access network, after hot terminal and wide-band terminal are shared and are specified broadband resource, can be the most right
Hot terminal and wide-band terminal are authenticated, and improve the service quality provided into hot terminal and wide-band terminal;
Further, the network access equipment provided by the embodiment of the present invention can realize individually meter to hot terminal
Take, and can be returned by this billing of services certain preferential to wide-band terminal user, further increase focus
The service quality that terminal and wide-band terminal provide;Further, can to broadband eventually due to network access equipment
End and hot terminal business independent process, therefore can be in case of need by wide-band terminal user's industry
The priority scheduling of business data, it is achieved daynamic bandwidth managment, and then ensure the Consumer's Experience of wide-band terminal user.
Embodiment nine
The present embodiment provides another kind of network access device based on CAPWAP agreement, and this device can apply to
Control equipment, such as, in WiFi access controller, as shown in figure 12, may include that
Receive unit 121, for receiving the network insertion after CAPWAP encapsulates that network access equipment sends
Request;Receiving the hot terminal authentication response that certificate server sends, described hot terminal authentication response is used for
Describe whether described hot terminal passes through network access authentication;
Transmitting element 122, after the network insertion request after encapsulation is carried out CAPWAP decapsulation, according to
Network insertion request after decapsulation sends hot terminal certification request, hot terminal certification to certificate server
Request instruction certificate server carries out network access authentication to hot terminal, and sends focus eventually to controlling equipment
End authentication response, hot terminal authentication response is used for describing whether hot terminal passes through network access authentication;
Access unit 123, if for hot terminal authentication response instruction hot terminal by network access authentication,
Then by hot terminal access network.
After using such scheme, transmitting element, after reception unit receives network insertion request, takes to certification
Business device sends hot terminal certification request, after hot terminal is by network access authentication, is connect by hot terminal
Enter network so that hot terminal and wide-band terminal can pass through different modes access network, at hot terminal and
Wide-band terminal is shared after specifying broadband resource, can be authenticated hot terminal and wide-band terminal respectively, carry
The high service quality provided for hot terminal and wide-band terminal.
Embodiment ten
As improvement, the present embodiment provides another kind of network access device based on CAPWAP agreement, this device
Can apply to control equipment, such as, in WiFi access controller, as shown in figure 13, may include that
Receive unit 131, for receiving the network insertion after CAPWAP encapsulates that network access equipment sends
Request;Receiving the hot terminal authentication response that certificate server sends, described hot terminal authentication response is used for
Describe whether described hot terminal passes through network access authentication;
Transmitting element 132, after the network insertion request after encapsulation is carried out CAPWAP decapsulation, according to
Network insertion request after decapsulation sends hot terminal certification request, hot terminal certification to certificate server
Request instruction certificate server carries out network access authentication to hot terminal, and sends focus eventually to controlling equipment
End authentication response, hot terminal authentication response is used for describing whether hot terminal passes through network access authentication;
Access unit 133, if for hot terminal authentication response instruction hot terminal by network access authentication,
Then by hot terminal access network.
Further, if the hot terminal authentication response instruction hot terminal receiving unit 131 reception passes through net
Network access authentication, then transmitting element 132 is additionally operable to: send accounting request, accounting request to accounting server
Instruction accounting server carries out charging to the Web vector graphic after hot terminal access network.
Further, if the network insertion request after receiving the encapsulation that unit 131 receives also comprises hot terminal
Identification information, then device also includes:
Acquiring unit 134, the network obtaining hot terminal for the identification information according to hot terminal accesses letter
Breath, network access information uses after describing hot terminal access network time length or access network
During network traffics are how many at least one;
Further, transmitting element 132 is additionally operable to: send network access information to accounting server, in order to
Accounting server carries out charging according to network access information to hot terminal.
Further, receive unit 131 to be additionally operable to: the business receiving the transmission of service operation support server refers to
Show information;
Transmitting element 132 is additionally operable to: send, to network access equipment, the industry that service operation support server sends
Business instruction information, business instruction information comprises specifies preferential business and the wide-band terminal with hot terminal binding
Identification information, in order to network access equipment sends to wide-band terminal corresponding to the identification information of wide-band terminal and refers to
Fixed preferential business, makes wide-band terminal perform to specify preferential business, it is intended that preferential business is that service operation supports clothes
Business device obtains according to the network access information of the hot terminal obtained from control equipment, and network access information is used
During the network traffics used after the time length describing hot terminal access network or access network are how many extremely
One item missing.
After using such scheme, transmitting element, after reception unit receives network insertion request, takes to certification
Business device sends hot terminal certification request, after hot terminal is by network access authentication, is connect by hot terminal
Enter network so that hot terminal and wide-band terminal can pass through different modes access network, at hot terminal and
Wide-band terminal is shared after specifying broadband resource, can be authenticated hot terminal and wide-band terminal respectively;Enter
One step, the control equipment provided by the embodiment of the present invention can realize independent charging to hot terminal, and
Can be returned certain preferential to wide-band terminal user by this billing of services, further increase hot terminal and
The service quality that wide-band terminal provides.
Those skilled in the art is it can be understood that arrive, for convenience and simplicity of description, and foregoing description
The specific works process of system, device and unit, be referred to the corresponding process in preceding method embodiment,
Do not repeat them here.
In several embodiments provided herein, it should be understood that disclosed system, device and side
Method, can realize by another way.Such as, device embodiment described above is only schematically
, such as, the division of described unit, be only a kind of logic function and divide, actual can have when realizing another
Outer dividing mode, the most multiple unit or assembly can in conjunction with or be desirably integrated into another system, or
Some features can be ignored, or does not performs.Another point, shown or discussed coupling each other or straight
Connect coupling or communication connection can be the INDIRECT COUPLING by some interfaces, device or unit or communication connection,
Can be electrical, machinery or other form.
Through the above description of the embodiments, those skilled in the art is it can be understood that arrive this
Bright can add the mode of required common hardware by software and realize, naturally it is also possible to by hardware, but a lot
In the case of the former is more preferably embodiment.Based on such understanding, technical scheme substantially or
Person says that the part contributing prior art can embody with the form of software product, and this computer is soft
Part product is stored in the storage medium that can read, and aforesaid storage medium includes: USB flash disk, portable hard drive,
Read only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access
Memory), the various medium that can store program code such as magnetic disc or CD.The above, be only this
Bright detailed description of the invention, but protection scope of the present invention is not limited thereto, any is familiar with the art
Technical staff in the technical scope that the invention discloses, can readily occur in change or replace, all should contain
Within protection scope of the present invention.Therefore, protection scope of the present invention answers the described protection model with claim
Enclose and be as the criterion.
Claims (15)
1. based on wireless access point control and a network access system for configuration CAPWAP agreement, its feature
It is, including:
Network access equipment, for receiving the network insertion request that terminal to be accessed sends, described network insertion
Request comprises the access mark of terminal to be accessed;If the access mark instruction of described terminal to be accessed is described waiting
Entering terminal is hot terminal, then described network insertion request carries out CAPWAP encapsulation, and by the net after encapsulation
Network access request sends to controlling equipment;
Control equipment, the network insertion request after receiving the described encapsulation that described network access equipment sends;
After asking to carry out CAPWAP decapsulation by the network insertion after described encapsulation, according to the network after described decapsulation
Access request sends hot terminal certification request to certificate server, and described hot terminal certification request indicates institute
State certificate server and described hot terminal is carried out network access authentication, and send focus to described control equipment
Terminal authentication responds, and described hot terminal authentication response is used for describing whether described hot terminal is connect by network
Enter certification;Receive the described hot terminal authentication response that described certificate server sends;If described hot terminal
Authentication response indicates described hot terminal to pass through network access authentication, then by described hot terminal access network;
Network insertion request after described encapsulation also comprises the identification information of hot terminal;
Described network access equipment is additionally operable to: receive the business instruction information that described control equipment sends, described
Business instruction information comprises the mark letter of wide-band terminal specified preferential business and bind with described hot terminal
Breath, the preferential business of described appointment is that service operation support server accesses letter according to the network of described hot terminal
Breath obtains, described network access information for describe described hot terminal access network time length or
During the network traffics that use after access network are how many at least one;Corresponding to the identification information of described wide-band terminal
Wide-band terminal send the preferential business of described appointment, in order to described wide-band terminal perform the preferential business of described appointment;
Described control equipment is additionally operable to: obtain described hot terminal according to the identification information of described hot terminal
Network access information;Described network access information is sent, in order to described to described service operation support server
Service operation support server obtains the preferential business of described appointment according to described network access information;Receive described
The preferential business of described appointment that service operation support server sends;Send described to described network access equipment
Business instruction information.
System the most according to claim 1, it is characterised in that
Described network access equipment is additionally operable to: if the access mark instruction of described terminal to be accessed is described to be accessed
Terminal is wide-band terminal, then send wide-band terminal certification request, described wide-band terminal certification to certificate server
Request indicates described certificate server that described wide-band terminal carries out network access authentication, and connects to described network
Entering equipment and send wide-band terminal authentication response, described wide-band terminal authentication response is used for describing described wide-band terminal
Whether pass through network access authentication;Receive described wide-band terminal authentication response;If described wide-band terminal certification rings
Described wide-band terminal should be indicated to pass through network access authentication, then by described wide-band terminal access network.
System the most according to claim 1, it is characterised in that
Described network access equipment is additionally operable to: receive the network access request that the terminal of accessed network sends,
Described network access request comprises the access mark of the terminal of described accessed network;Broadband is sent eventually to network
The network access request of end, the described access mark instruction comprised in the network access request of described wide-band terminal
The terminal of described accessed network is wide-band terminal;Until the network of all wide-band terminals being currently received is visited
After the request of asking is sent completely, then the network access request to described control equipment transmission hot terminal, described
The terminal that the described access mark comprised in the network access request of hot terminal indicates described accessed network is
Hot terminal;
Described control equipment is additionally operable to: receive the network access request of described hot terminal, and by described focus
The network access request of terminal is sent to network.
4. based on wireless access point control and a method for network access for configuration CAPWAP agreement, its feature
It is, including:
Network access equipment receives the network insertion request that terminal to be accessed sends, described network insertion request bag
Access mark containing terminal to be accessed;
If the access mark of described terminal to be accessed indicates described terminal to be accessed to be hot terminal, then by described
Network insertion request carries out CAPWAP encapsulation, and sends the network insertion request after encapsulation to controlling equipment,
Network insertion request after described encapsulation is for indicating described control equipment according to the network insertion after described encapsulation
Request, and described hot terminal carried out network access authentication by certificate server, and at described focus end
After end is by network access authentication, by described hot terminal access network;
Network insertion request after described encapsulation is additionally operable to indicate described control equipment to send meter to accounting server
Taking request, described accounting request indicates described accounting server to the net after described hot terminal access network
Network uses and carries out charging;
After described accounting server carries out charging to described hot terminal, described method also includes:
Receiving the business instruction information that described control equipment sends, it is preferential that described business instruction information comprises appointment
Business and the identification information of wide-band terminal bound with described hot terminal, the preferential business of described appointment is industry
Business operation supporting server obtains according to the network access information of described hot terminal, and described network accesses letter
The network traffics that breath uses after the time length describing described hot terminal access network or access network
In Duo Shao at least one;
The wide-band terminal corresponding to the identification information of described wide-band terminal sends the preferential business of described appointment, in order to
Described wide-band terminal performs the preferential business of described appointment.
Method the most according to claim 4, it is characterised in that described method also includes:
If the access mark of described terminal to be accessed indicates described terminal to be accessed to be wide-band terminal, then to described
Certificate server sends wide-band terminal certification request, and described wide-band terminal certification request indicates described authentication service
Device carries out network access authentication to described wide-band terminal, and recognizes to described network access equipment transmission wide-band terminal
Card response, described wide-band terminal authentication response is used for describing whether described wide-band terminal passes through network access authentication;
Receive described wide-band terminal authentication response;
If described wide-band terminal authentication response indicates described wide-band terminal to pass through network access authentication, then by described
Wide-band terminal access network.
6. according to the method described in claim 4 or 5, it is characterised in that described method also includes:
Receiving the network access request that the terminal of accessed network sends, described network access request comprises described
The access mark of the terminal of accessed network;
Send the network access request of wide-band terminal to network, the network access request of described wide-band terminal is wrapped
The terminal that the described access mark contained indicates described accessed network is wide-band terminal;
Until after all wide-band terminal network access request being currently received are sent completely, then to described control
Control equipment sends the network access request of hot terminal, in order to described control equipment sends described to described network
The network access request of hot terminal, the described access mark comprised in the network access request of described hot terminal
The terminal knowing the described accessed network of instruction is hot terminal.
7. based on wireless access point control and a method for network access for configuration CAPWAP agreement, its feature
Being, described method includes:
Control equipment receives the request of the network insertion after CAPWAP encapsulates that network access equipment sends;
After asking to carry out CAPWAP decapsulation by the network insertion after described encapsulation, after described decapsulation
Network insertion request sends hot terminal certification request to certificate server, and described hot terminal certification request refers to
Show that described certificate server carries out network access authentication to hot terminal, and send focus to described control equipment
Terminal authentication responds, and described hot terminal authentication response is used for describing whether described hot terminal is connect by network
Enter certification;
Receive the described hot terminal authentication response that described certificate server sends;
If described hot terminal authentication response indicates described hot terminal to pass through network access authentication, then by described
Hot terminal access network;
If described hot terminal authentication response indicates described hot terminal to pass through network access authentication, then described
After described hot terminal access network, described method also includes:
Sending accounting request to accounting server, described accounting request indicates described accounting server to described heat
Web vector graphic after some accessing terminal to network carries out charging;
Described after accounting server sends accounting request, described method also includes:
Receive and send the business instruction information that service operation support server sends, institute to network access equipment
State business instruction information and comprise the mark of wide-band terminal specified preferential business and bind with described hot terminal
Information, in order to described network access equipment sends to the wide-band terminal that the identification information of described wide-band terminal is corresponding
The preferential business of described appointment, makes described wide-band terminal perform the preferential business of described appointment, the preferential industry of described appointment
Business is the described service operation support server network according to the described hot terminal obtained from described control equipment
Access information obtains, and described network access information is long for the time describing described hot terminal access network
During the network traffics used after short or access network are how many at least one.
Method the most according to claim 7, it is characterised in that the network insertion request after described encapsulation
Also comprise the identification information of hot terminal;Described after accounting server sends accounting request, described side
Method also includes:
Identification information according to described hot terminal obtains the network access information of described hot terminal, described net
Network accesses the net that information uses after describing described hot terminal access network time length or access network
During network flow is how many at least one;
Described network access information is sent, in order to described accounting server is according to described to described accounting server
Network access information carries out charging to described hot terminal.
9. based on wireless access point control and a network access device for configuration CAPWAP agreement, its feature
It is, including:
Receiving unit, for receiving the network insertion request that terminal to be accessed sends, described network insertion is asked
Comprise the access mark of terminal to be accessed;
First processing unit, if the access mark described terminal to be accessed of instruction for described terminal to be accessed is
Hot terminal, then carry out CAPWAP encapsulation by described network insertion request, and please by the network insertion after encapsulation
Transmission is asked to be used for indicating described control equipment according to institute to control equipment, the network insertion request after described encapsulation
State the request of the network insertion after encapsulation, and by certificate server, described hot terminal is carried out network insertion and recognize
Card, and after described hot terminal is by network access authentication, by described hot terminal access network;
Described reception unit, is additionally operable to receive the business instruction information that described control equipment sends, described business
Instruction information comprises the identification information of wide-band terminal specified preferential business and bind with described hot terminal,
The preferential business of described appointment is that service operation support server obtains according to the network access information of described hot terminal
Arriving, described network access information is for describing the time length of described hot terminal access network or accessing
During the network traffics that use after network are how many at least one;
Described device also includes:
Transmitting element, sends described appointment for the wide-band terminal corresponding to the identification information of described wide-band terminal
Preferential business, in order to described wide-band terminal performs the preferential business of described appointment.
Device the most according to claim 9, it is characterised in that the network insertion after described encapsulation please
Asking and be additionally operable to indicate described control equipment to send accounting request to accounting server, described accounting request indicates institute
State accounting server and the Web vector graphic after described hot terminal access network is carried out charging.
11. devices according to claim 9, it is characterised in that described device also includes:
Second processing unit, if the access mark described terminal to be accessed of instruction for described terminal to be accessed is
Wide-band terminal, then send wide-band terminal certification request to described certificate server, and described wide-band terminal certification please
Ask the described certificate server of instruction that described wide-band terminal carries out network access authentication, and to described network insertion
Equipment sends wide-band terminal authentication response, and described wide-band terminal authentication response is used for describing described wide-band terminal and is
No pass through network access authentication;If described wide-band terminal authentication response indicates described wide-band terminal to be connect by network
Enter certification, then by described wide-band terminal access network;
Described reception unit is additionally operable to, and receives described wide-band terminal authentication response.
12. devices according to claim 11, it is characterised in that
Described reception unit, is additionally operable to receive the network access request that the terminal of accessed network sends, described
Network access request comprises the access mark of the terminal of described accessed network;
Described second processing unit, is additionally operable to send the network access request of wide-band terminal, described width to network
The described access mark comprised in the network access request of tape terminal indicates the terminal of described accessed network to be width
Tape terminal;
Until after all wide-band terminal network access request being currently received are sent completely, then to described control
Control equipment sends the network access request of hot terminal, in order to described control equipment sends described to described network
The network access request of hot terminal, the described access mark comprised in the network access request of described hot terminal
The terminal knowing the described accessed network of instruction is hot terminal.
13. 1 kinds based on wireless access point control and the network access device of configuration CAPWAP agreement, its feature
It is, including:
Receive unit, for receiving the request of the network insertion after CAPWAP encapsulates that network access equipment sends;
Receiving the hot terminal authentication response that certificate server sends, described hot terminal authentication response is used for describing institute
State whether hot terminal passes through network access authentication;
Transmitting element, after asking to carry out CAPWAP decapsulation by the network insertion after described encapsulation, according to
Network insertion request after described decapsulation sends hot terminal certification request to described certificate server, described
Hot terminal certification request indicates described certificate server that hot terminal carries out network access authentication, and to institute
State control equipment and send described hot terminal authentication response;
Access unit, if indicating described hot terminal to pass through network insertion for described hot terminal authentication response
Certification, then by described hot terminal access network;
Described reception unit, is additionally operable to receive the business instruction information that service operation support server sends;
Described transmitting element, is additionally operable to and sends what service operation support server sent to network access equipment
Business instruction information, described business instruction information comprises the preferential business of appointment and binds with described hot terminal
The identification information of wide-band terminal, in order to described network access equipment is to the identification information pair of described wide-band terminal
The wide-band terminal answered sends the preferential business of described appointment, makes described wide-band terminal perform the preferential business of described appointment,
The preferential business of described appointment described service operation support server is according to from described in the acquisition of described control equipment
The network access information of hot terminal obtains, and described network access information is used for describing described hot terminal and connects
During the network traffics that use after entering the time length of network or access network are how many at least one.
14. devices according to claim 13, it is characterised in that if the institute that described reception unit receives
State hot terminal authentication response indicate described hot terminal by network access authentication, the most described transmitting element,
Being additionally operable to send accounting request to accounting server, described accounting request indicates described accounting server to described
Web vector graphic after hot terminal access network carries out charging.
15. devices according to claim 14, it is characterised in that it is described that described reception unit receives
Network insertion request after encapsulation also comprises the identification information of hot terminal;Described device also includes:
Acquiring unit, the network obtaining described hot terminal for the identification information according to described hot terminal is visited
Ask that information, described network access information are used for describing described hot terminal access network time length or accessing
During the network traffics that use after network are how many at least one;
Described transmitting element, is additionally operable to send described network access information to described accounting server, in order to institute
State accounting server, according to described network access information, described hot terminal is carried out charging.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210160566.1A CN103428697B (en) | 2012-05-22 | 2012-05-22 | Method for network access based on CAPWAP agreement, device and system |
| PCT/CN2012/083385 WO2013174098A1 (en) | 2012-05-22 | 2012-10-23 | Method, device and system for accessing network based on capwap protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210160566.1A CN103428697B (en) | 2012-05-22 | 2012-05-22 | Method for network access based on CAPWAP agreement, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103428697A CN103428697A (en) | 2013-12-04 |
| CN103428697B true CN103428697B (en) | 2016-12-07 |
Family
ID=49623054
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210160566.1A Active CN103428697B (en) | 2012-05-22 | 2012-05-22 | Method for network access based on CAPWAP agreement, device and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103428697B (en) |
| WO (1) | WO2013174098A1 (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104954399B (en) * | 2014-03-27 | 2018-06-19 | 正文科技股份有限公司 | Bind the method and its binding system of mobile carrier and intelligent apparatus |
| CN104202248B (en) * | 2014-07-21 | 2019-07-05 | 上海寰创通信科技股份有限公司 | The implementation method of forwarding is quickly concentrated in hotspot controller |
| CN105591866A (en) * | 2014-11-12 | 2016-05-18 | 中兴通讯股份有限公司 | Method and system for sharing WIFI, household gateway, and local area network gateway |
| CN106993300B (en) * | 2017-06-09 | 2020-09-15 | 深圳市伊特利网络科技有限公司 | Access control method and system for terminal hotspot |
| CN115134416B (en) * | 2021-03-22 | 2023-04-25 | 中国联合网络通信集团有限公司 | Virtual reality service processing system and method |
| CN113473486B (en) * | 2021-07-13 | 2023-04-07 | 蒋溢 | System and method for enhancing network coverage with cooperative end edge |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1713623A (en) * | 2004-06-15 | 2005-12-28 | 日本电气株式会社 | Network connection system, network connection method, and switch used therefor |
| CN101212297A (en) * | 2006-12-28 | 2008-07-02 | 中国移动通信集团公司 | WEB-based WLAN access authentication method and system |
| CN101578828A (en) * | 2007-08-24 | 2009-11-11 | 华为技术有限公司 | Roaming Wi-Fi access in fixed network architectures |
| CN101621802A (en) * | 2009-08-13 | 2010-01-06 | 杭州华三通信技术有限公司 | Method, system and device for authenticating portal in wireless network |
| CN102355701A (en) * | 2011-09-19 | 2012-02-15 | 中兴通讯股份有限公司 | Wireless local area network (WLAN) accessing method and terminal |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040203602A1 (en) * | 2002-09-12 | 2004-10-14 | Broadcom Corporation | Enabling and controlling access to wireless hot spots |
-
2012
- 2012-05-22 CN CN201210160566.1A patent/CN103428697B/en active Active
- 2012-10-23 WO PCT/CN2012/083385 patent/WO2013174098A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1713623A (en) * | 2004-06-15 | 2005-12-28 | 日本电气株式会社 | Network connection system, network connection method, and switch used therefor |
| CN101212297A (en) * | 2006-12-28 | 2008-07-02 | 中国移动通信集团公司 | WEB-based WLAN access authentication method and system |
| CN101578828A (en) * | 2007-08-24 | 2009-11-11 | 华为技术有限公司 | Roaming Wi-Fi access in fixed network architectures |
| CN101621802A (en) * | 2009-08-13 | 2010-01-06 | 杭州华三通信技术有限公司 | Method, system and device for authenticating portal in wireless network |
| CN102355701A (en) * | 2011-09-19 | 2012-02-15 | 中兴通讯股份有限公司 | Wireless local area network (WLAN) accessing method and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103428697A (en) | 2013-12-04 |
| WO2013174098A1 (en) | 2013-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103428697B (en) | Method for network access based on CAPWAP agreement, device and system | |
| CN103931264B (en) | Communicate to connect method for building up and terminal | |
| TWI244295B (en) | Method and system for simulating multiple independent client devices in a wired or wireless network | |
| CN103002594B (en) | Direct access communication channel method for building up, apparatus and system | |
| CN105025387B (en) | The method and system of IPTV intelligent terminal progress IPTV service and Internet service | |
| CN108377202A (en) | The distribution method, apparatus and system of smart machine | |
| CN108234220A (en) | The distribution method, apparatus and system of smart machine | |
| WO2013040250A1 (en) | Method of and system for data access over dual data channels with dynamic sim credential | |
| CN108307469A (en) | To the credible WLAN connectivities of 3GPP evolution block cores | |
| CN104753989B (en) | Screen image transmission playback method based on Web-based OS running environment and device | |
| CN103648109B (en) | A kind of wireless distributed repeater system and method | |
| CN102739541A (en) | Method, device and system for starting routing function and transmitting data | |
| CN103716860B (en) | Method and apparatus for processing Wifi frame | |
| CN107659889A (en) | Data forwarding method and device | |
| CN108737585A (en) | The distribution method and device of IP address | |
| CN109996260A (en) | Configuration system, client device, embedded device configuration method and storage medium | |
| CN104540180B (en) | A kind of Android multihop routing implementation method without root authority | |
| CN103702312A (en) | Wireless information transmission method and equipment | |
| CN105324961B (en) | Gre tunneling implementation method, access point and gateway | |
| JP6137848B2 (en) | Network communication system | |
| CN103517374B (en) | Set up the method and wireless repeater of wireless connection | |
| CN110337103A (en) | A kind of connectionless data hided transmission method based on 802.11 agreements | |
| CN103843445B (en) | The method and apparatus for accessing network | |
| CN101489259B (en) | Data service handling method, system and access network | |
| CN111163463A (en) | Method, device, equipment and storage medium for accessing wireless equipment to router |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210427 Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040 Patentee after: Honor Device Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |