CN101827366A - Method, unit and device for isolating wireless network user - Google Patents
Method, unit and device for isolating wireless network user Download PDFInfo
- Publication number
- CN101827366A CN101827366A CN201010133042.4A CN201010133042A CN101827366A CN 101827366 A CN101827366 A CN 101827366A CN 201010133042 A CN201010133042 A CN 201010133042A CN 101827366 A CN101827366 A CN 101827366A
- Authority
- CN
- China
- Prior art keywords
- interface
- source
- judging
- access point
- forwarding information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a method, a unit and a device for isolating a wireless network user. The method comprises the following steps of: acquiring forward information from a forward result after receiving a wireless data packet; judging whether a source interface and a destination interface carried in the forward information belong to the same access point (AP) or not when judging that the access point user isolation is started; and discarding the wireless data packet when judging that the source interface and the destination interface belong to the same access point. In the method, the AP user isolation is realized by judging whether the destination interface belongs to the same access point or not based on the forward information, such as six-tuple information, without using the virtual local area network (VLAN) isolation function and three-layer authentication; therefore, the method can be used for both two-layer exchange process and three-layer routing process with simple and convenient operation and implementation. In addition, the method has substantially no influence on the conventional data storage structure and data exchange and forwarding performance.
Description
Technical field
The present invention relates to the wireless network secure technical field, relate in particular to a kind of wireless network user partition method, unit and equipment.
Background technology
At existing wireless network, (Wireless Local Area Network is called for short: WLAN), because the wireless user's is mobile and uncertain, need isolate the exchanging visit between the user as WLAN (wireless local area network).User isolation comprises that (Access Point, be called for short: (Access Controller is called for short: the user isolation AC) same access point for user isolation AP) and same access controller.The mode that realizes user isolation in the prior art mainly contains following three kinds:
Mode 1: same AP is inner adopt media interviews control (Media Access Controlling, be called for short: MAC) Ceng exchanging visit control principle is user-isolated, guarantees between the different user under the same AP can not two layers to communicate;
Mode 2: adopt MAC Address access control or two layers of isolation technology of networking convergence device between the different AP, as VLAN (Virtual Local Area Network, be called for short: VLAN) wait and isolate, can not directly communicate to guarantee the user under the different AP;
(Access Control List, be called for short: three layers of cross complaint visit ACL) are had only by just carrying out three layers of controlled intercommunication after the AC authentication all users to mode 3:AC by user capture control tabulation.
But in the existing user isolation technology, what have only limits to MAC Address control, and what have then needs to utilize VLAN isolation features and three layers of authentication, and operation is implemented complicated.
Summary of the invention
The invention provides a kind of wireless network user partition method, unit and equipment, isolate in order to realize wireless network user easily.
One embodiment of the invention provides a kind of wireless network user partition method, comprising:
After receiving wireless data packet, from transmit the result, obtain forwarding information;
When judging when enabling the access point user isolation, judge whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point;
When judging described source interface and purpose interface and belong to same access point, abandon described wireless data packet.
Another embodiment of the present invention provides a kind of wireless network user isolated controlling unit, comprising:
The information acquisition module is used for after receiving wireless data packet, obtains forwarding information from transmit the result;
First judge module is used to judge whether to enable the access point user isolation;
Second judge module is used for judging when enabling the access point user isolation when first judge module, judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point;
The processing data packets module is used for abandoning described wireless data packet when second judge module is judged described source interface and purpose interface and belonged to same access point.
Yet another embodiment of the invention provides a kind of access point apparatus, comprising: above-mentioned wireless network user isolated controlling unit.
Further embodiment of this invention provides a kind of access controller device, comprising: above-mentioned wireless network user isolated controlling unit.
The present invention passes through based on forwarding information, as hexa-atomic group of information, judge whether the purpose interface belongs to same access point and realized the AP user isolation, do not need to utilize VLAN isolation features and three layers of authentication, therefore, both can be used for two layers of exchange process, and also can be used for three layers of routing procedure, operation is easy to implement.And this method does not have influence substantially to original data store organisation, exchanges data and forwarding performance.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below simply introduces, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of wireless network user partition method embodiment one of the present invention;
Fig. 2 is the flow chart of wireless network user partition method embodiment two of the present invention;
Fig. 3 is the flow chart of wireless network user partition method embodiment three of the present invention;
Fig. 4 is the flow chart of wireless network user partition method embodiment four of the present invention;
Fig. 5 is the structural representation of wireless network user isolated location embodiment one of the present invention;
Fig. 6 is the structural representation of wireless network user isolated location embodiment two of the present invention;
Fig. 7 is the structural representation of wireless network user isolated location embodiment three of the present invention;
Fig. 8 is the structural representation of wireless network user isolated location embodiment four of the present invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Fig. 1 is the flow chart of wireless network user partition method embodiment one of the present invention, and as shown in the figure, this method comprises the steps:
Wherein, described forwarding result can be two layers in the exchange process the forwarding result or the forwarding result in three layers of routing procedure.Described forwarding information is specifically as follows hexa-atomic group of information, comprising: source WLAN sign, purpose WLAN sign, source MAC, target MAC (Media Access Control) address, source interface and purpose interface; Perhaps also can comprise: source vlan sign, purpose VLAN sign, source MAC, target MAC (Media Access Control) address, source interface and purpose interface.
Wherein, WLAN identifies and VLAN identifies and service combination identification code (Service SetIdentifier, abbreviation: SSID) normally concern one to one, know that promptly one of WLAN sign, VLAN sign or SSID just can know other two by inference.
Wherein, the AP user isolation is meant on an AP isolation that realizes wireless network user, whether enables the AP user isolation and judges according to user's configuration information, and for example (CommandLine Interface is called for short: CLI) and WEB configuration etc. Command Line Interface.Particularly, for fat (Fat) AP framework, this deterministic process can only realize on AP; For thin (Fit) AP framework, this deterministic process both can realize on AP, also can realize on AC.
In addition, if do not enable the AP user isolation, the direct described wireless data packet of transmission process then specifically can be referring to the explanation of following relevant step 320; Perhaps also can continue to judge whether to enable the ac user and isolate, specifically can be referring to the explanation of following relevant step 400.
Wherein, because the wireless data packet that AP is used for receiving is forwarded to another interface from an interface, therefore, described source interface must belong to the AP that receives this wireless data packet, and whether the purpose interface also belongs to this AP then needs to judge by this step; Described same access point is meant the AP that receives described wireless data packet.Particularly, can judge that fat AP framework and thin AP architecture all are suitable for by interface attributes.
Described hereinly judge whether source interface and purpose interface belong to same AP and prior art and judge by mac address table whether source interface and purpose interface is identical different, prior art is based on two layers of retransmission technique and searches interface, and the described method of present embodiment is based on forwarding information, as hexa-atomic group of information, therefore both can be used for two layers of exchange process, also can be used for three layers of routing procedure.
Belong to same access point if judge the source interface and the purpose interface that carry in the described forwarding information, then need to carry out the AP user isolation, therefore abandon this wireless data packet.
Do not belong to same access point if judge the source interface and the purpose interface that carry in the described forwarding information, then need not to carry out the AP user isolation, and normal transmission and processing process is carried out in continuation, for example, with configuration according to practical application, this wireless data packet is passed to other AP, perhaps pass to AC or directly pass to wireless user under the current AP etc.
The described method of present embodiment does not need to utilize VLAN isolation features and three layers of authentication by judging whether the purpose interface belongs to same access point and realized the AP user isolation, and therefore, operation is easy to implement.And this method does not have influence substantially to original data store organisation, exchanges data and forwarding performance.
In addition, this method both can be applied to fat AP framework, can be applied to thin AP architecture again, and for thin AP architecture, this method can be shared a cover software code, both can implement at the AP end, also can implement, even can hold and the enforcement of AC two ends by AP, therefore have higher flexibility at the AC end.
Fig. 2 is the flow chart of wireless network user partition method embodiment two of the present invention, and present embodiment comprises the steps: after the step 200 of said method embodiment one
Wherein, described source network sign and described purpose network identity are respectively source WLAN sign and purpose WLAN sign, perhaps are respectively source vlan sign and purpose VLAN sign.The identical same wlan network of WLAN sign expression, the different different wlan networks of WLAN sign expression; Similarly, the identical same vlan network of VLAN sign expression, the different different vlan networks of VLAN sign expression.
When judging source network sign when identical with the purpose network identity, still can not determine fully to carry out the AP user isolation, therefore, the judgement in also need carry out this step.
Belong to same access point if judge the source interface and the purpose interface that carry in the described forwarding information, then need to carry out the AP user isolation, therefore abandon this wireless data packet.
When judging source network sign with the purpose network identity when inequality, show that then this wireless data packet that AP receives will be transmitted to AP or the AC that is in heterogeneous networks, and certainly not be transmitted to this AP, and therefore need not to carry out the AP user isolation, only need to continue to carry out normal transmission and processing process.Present embodiment is described judged earlier before judging source interface and whether the purpose interface belongs to same access point whether the source network sign is identical with the purpose network identity, when judging source network sign with the purpose network identity when inequality, then show to need not to carry out the AP user isolation, therefore can no longer continue to carry out and judge whether source interface and purpose interface belong to the step of same access point.Because therefore the process of judging interface ownership, at the decision operation that interface belongs to, helps further improving the convenience of AP user isolation process by minimizing than judging that whether identical sign process more complicated.
Fig. 3 is the flow chart of wireless network user partition method embodiment three of the present invention, as shown in the figure, comprises the steps:
Need to prove that herein step 300 and each step is all identical with content among said method embodiment one or two thereafter repeats no more, and in addition, limits owing to length, also no longer repeats plot step 300 among Fig. 3 and reaches each step thereafter herein.
Step 400 judges whether to enable the ac user and isolates, if enable, then execution in step 410, otherwise execution in step 320.
Wherein, the ac user isolates the isolation that is meant realization wireless network user on an AC, owing to do not have independently AC equipment in the fat AP framework, therefore, in fact present embodiment is only applicable to the situation of thin AP architecture.For thin AP architecture, this deterministic process both can realize on AP, also can realize on AC.In addition, whether enable the ac user and isolate and need to judge, for example CLI and WEB configuration etc. according to user's configuration information.
Step 410 judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same AC, if belong to, then execution in step 411, otherwise execution in step 320.
Wherein, because AC is used for from AP receiving radio data bag, and this wireless data packet that will receive is forwarded to another interface from an interface, therefore, described source interface must belong to the AC that receives this wireless data packet, and whether the purpose interface also belongs to this AC then needs to judge by this step; Described same AC is meant the AC that receives described wireless data packet.Particularly, can judge, and be only applicable to thin AP architecture by interface attributes.
Step 411 abandons described wireless data packet.
Belong to same AC if judge the source interface and the purpose interface that carry in the described forwarding information, then need to carry out the ac user and isolate, therefore abandon this wireless data packet.
Do not belong to same AC if judge the source interface and the purpose interface that carry in the described forwarding information, then need not to carry out the ac user and isolate, and continue to carry out normal transmission and processing process.
The described method of present embodiment by judging whether the purpose interface belongs to same AC and realized ac user's isolation, does not need to utilize VLAN isolation features and three layers of authentication at thin AP architecture, and therefore, operation is easy to implement.And this method does not have influence substantially to original data store organisation, exchanges data and forwarding performance.
Fig. 4 is the flow chart of wireless network user partition method embodiment four of the present invention, and present embodiment comprises the steps: after the step 400 of said method embodiment three
Step 405 judges whether the source network sign of carrying in the described forwarding information is identical with the purpose network identity, if identical, then execution in step 410, otherwise execution in step 320.
Wherein, described source network sign and described purpose network identity are respectively source WLAN sign and purpose WLAN sign, perhaps are respectively source vlan sign and purpose VLAN sign.The identical same wlan network of WLAN sign expression, the different different wlan networks of WLAN sign expression; Similarly, the identical same vlan network of VLAN sign expression, the different different vlan networks of VLAN sign expression.
Step 410 judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same AC, if belong to, then execution in step 411, otherwise execution in step 320.
When judging source network sign when identical with the purpose network identity, still can not determine fully to carry out the AP user isolation, therefore, the judgement in also need carry out this step.
Step 411 abandons described wireless data packet.
Belong to same AC if judge the source interface and the purpose interface that carry in the described forwarding information, then need to carry out the ac user and isolate, therefore abandon this wireless data packet.
Do not belong to same AC if judge the source interface and the purpose interface that carry in the described forwarding information, then need not to carry out the ac user and isolate, and continue to carry out normal transmission and processing process.
The described method of present embodiment judged earlier before judging source interface and whether the purpose interface belongs to same AC whether the source network sign is identical with the purpose network identity, when judging source network sign with the purpose network identity when inequality, show that then need not to carry out the ac user isolates, and therefore can no longer continue to carry out and judge whether source interface and purpose interface belong to the step of same AC.Because therefore the process of judging interface ownership, at the decision operation that interface belongs to, helps further improving the convenience of ac user's isolation processes by minimizing than judging that whether identical sign process more complicated.
Fig. 5 is the structural representation of wireless network user isolated controlling unit embodiment one of the present invention, as shown in the figure, this wireless network user isolated controlling unit 10 comprises: information acquisition module 11, first judge module 12, second judge module 13 and processing data packets module 14, and its operation principle is as follows:
After wireless network user isolated controlling unit 10 receives wireless data packet, from transmit the result, obtain forwarding information by information acquisition module 11, wherein, described forwarding result can be two layers in the exchange process the forwarding result or the forwarding result in three layers of routing procedure, described forwarding information is specifically as follows hexa-atomic group of information etc.;
The described unit of present embodiment does not need to utilize VLAN isolation features and three layers of authentication by judging whether the purpose interface belongs to same access point and realized the AP user isolation, and therefore, operation is easy to implement.And, original data store organisation, exchanges data and forwarding performance are not had influence substantially.
Fig. 6 is the structural representation of wireless network user isolated controlling unit embodiment two of the present invention, and as shown in the figure, this wireless network user isolated controlling unit 10 further comprises the 3rd judge module 15, and its operation principle is as follows:
Above-mentioned information acquisition module 11 obtains after the forwarding information from transmit the result, earlier judge by the 3rd judge module 15 source network that carries in the described forwarding information that information acquisition module 11 obtains identifies whether identical with the purpose network identity, wherein, described source network sign and described purpose network identity are respectively source WLAN sign and purpose WLAN sign, perhaps are respectively source vlan sign and purpose VLAN sign;
After this, judge described source network sign when identical, judge by described second judge module 13 whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point with the purpose network identity when the 3rd judge module 15.
The described unit of present embodiment is by increasing by the 3rd judge module 15, before judging source interface and whether the purpose interface belongs to same access point, second judge module 13 judges earlier whether the source network sign is identical with the purpose network identity, when judging source network sign with the purpose network identity when inequality, then show to need not to carry out the AP user isolation, therefore can no longer continue to carry out and judge whether source interface and purpose interface belong to the step of same access point.Because therefore the process of judging interface ownership, at the decision operation that interface belongs to, helps further improving the convenience of AP user isolation process by minimizing than judging that whether identical sign process more complicated.
Need in addition to illustrate, wireless network user isolated controlling unit 10 described in the foregoing description one and the embodiment two both can be arranged in the AP equipment of fat AP framework, perhaps also can be arranged in the AP equipment and/or AC equipment in the thin AP architecture, and AP equipment and AC equipment can be shared a cover software code, therefore have higher flexibility.
Fig. 7 is the structural representation of wireless network user isolated controlling unit embodiment three of the present invention, as shown in the figure, this wireless network user isolated controlling unit 10 further comprises the 4th judge module 16 and the 5th judge module 17 on the basis of the foregoing description one or embodiment two, its operation principle is as follows:
Judge when not enabling the access point user isolation when first judge module 12, the 4th judge module 16 further judges whether to enable the access controller user isolation, particularly, can judge according to user's configuration information, for example CLI and WEB configuration etc.; Judge when enabling the access controller user isolation when the 4th judge module 16, judge by the 5th judge module 17 whether the source interface and the purpose interface that carry in the described forwarding information belong to same access controller; When the 5th judge module 17 is judged described source interface and purpose interface and belonged to same access controller, abandon described wireless data packet by processing data packets module 14.
The described unit of present embodiment by judging whether the purpose interface belongs to same AC and realized ac user's isolation, does not need to utilize VLAN isolation features and three layers of authentication at thin AP architecture, and therefore, operation is easy to implement.And, original data store organisation, exchanges data and forwarding performance are not had influence substantially.
Fig. 8 is the structural representation of wireless network user isolated controlling unit embodiment four of the present invention, as shown in the figure, this wireless network user isolated controlling unit 10 further comprises the 6th judge module 18 and the 5th judge module 17 on the basis of the foregoing description three, its operation principle is as follows:
When the 4th judge module 16 is judged when enabling the access controller user isolation, judge by the 6th judge module 18 source network that carries in the described forwarding information identifies whether identical with the purpose network identity earlier; After this, judge described source network sign when identical, judge by described the 5th judge module 17 whether the source interface and the purpose interface that carry in the described forwarding information belong to same access controller again with the purpose network identity when the 6th judge module 18.
The described unit of present embodiment is by further being provided with the 6th judge module 18, judged earlier before judging source interface and whether the purpose interface belongs to same AC whether the source network sign is identical with the purpose network identity by the 5th judge module 17, when judging source network sign with the purpose network identity when inequality, show that then need not to carry out the ac user isolates, and therefore can no longer continue to carry out and judge whether source interface and purpose interface belong to the step of same AC.Because therefore the process of judging interface ownership, at the decision operation that interface belongs to, helps further improving the convenience of ac user's isolation processes by minimizing than judging that whether identical sign process more complicated.
Wherein, the ac user isolates the isolation that is meant realization wireless network user on an AC, owing to do not have independently AC equipment in the fat AP framework, therefore, the described wireless network user isolated controlling of present embodiment unit 10 only is suitable for being arranged in the AP equipment and/or AC equipment in the thin AP architecture.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (11)
1. a wireless network user partition method is characterized in that, comprising:
After receiving wireless data packet, from transmit the result, obtain forwarding information;
When judging when enabling the access point user isolation, judge whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point;
When judging described source interface and purpose interface and belong to same access point, abandon described wireless data packet.
2. method according to claim 1 is characterized in that, judges the source interface that carries in the described forwarding information and purpose interface also comprise before whether belonging to same access point:
Judge whether the source network sign of carrying in the described forwarding information is identical with the purpose network identity;
When judging described source network sign when identical, carry out the described step of judging whether the source interface that carries in the described forwarding information and purpose interface belong to same access point with the purpose network identity.
3. method according to claim 2 is characterized in that, also comprises:
When judging when not enabling the access point user isolation, judge whether to enable the access controller user isolation;
When judging when enabling the access controller user isolation, judge whether the source interface and the purpose interface that carry in the described forwarding information belong to same access controller;
When judging described source interface and purpose interface and belong to same access controller, abandon described wireless data packet.
4. method according to claim 3 is characterized in that, judges the source interface that carries in the described forwarding information and purpose interface also comprise before whether belonging to same access controller:
Judge whether the source network sign of carrying in the described forwarding information is identical with the purpose network identity;
When judging described source network sign when identical, carry out the described step of judging whether the source interface that carries in the described forwarding information and purpose interface belong to same access controller with the purpose network identity.
5. according to arbitrary described method in the claim 2~4, it is characterized in that: described source network sign and described purpose network identity are respectively source WLAN sign and purpose WLAN sign, perhaps are respectively source vlan sign and purpose VLAN sign.
6. a wireless network user isolated controlling unit is characterized in that, comprising:
The information acquisition module is used for after receiving wireless data packet, obtains forwarding information from transmit the result;
First judge module is used to judge whether to enable the access point user isolation;
Second judge module is used for judging when enabling the access point user isolation when first judge module, judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point;
The processing data packets module is used for abandoning described wireless data packet when second judge module is judged described source interface and purpose interface and belonged to same access point.
7. wireless network user isolated controlling according to claim 6 unit is characterized in that, also comprises:
The 3rd judge module is used for judging whether the source network sign that described forwarding information that the information acquisition module obtains carries is identical with the purpose network identity;
Described second judge module also is used for judging described source network sign when identical with the purpose network identity when the 3rd judge module, judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point.
8. according to claim 6 or 7 described wireless network user isolated controlling unit, it is characterized in that, also comprise:
The 4th judge module is used for judging when not enabling the access point user isolation when first judge module, judges whether to enable the access controller user isolation;
The 5th judge module is used for judging when enabling the access controller user isolation when the 4th judge module, judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same access controller;
Described processing data packets module also is used for abandoning described wireless data packet when the 5th judge module is judged described source interface and purpose interface and belonged to same access controller.
9. wireless network user isolated controlling according to claim 8 unit is characterized in that, also comprises:
The 6th judge module is used for judging the source network that described forwarding information carries identifies whether identical with the purpose network identity;
Described the 5th judge module also is used for judging described source network sign when identical with the purpose network identity when the 6th judge module, judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same access controller.
10. an access point apparatus is characterized in that, comprising: arbitrary described wireless network user isolated controlling unit in the claim 6~9.
11. an access controller device is characterized in that comprising: arbitrary described wireless network user isolated controlling unit in the claim 6~9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010133042.4A CN101827366B (en) | 2010-03-24 | 2010-03-24 | Method, unit and device for isolating wireless network user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010133042.4A CN101827366B (en) | 2010-03-24 | 2010-03-24 | Method, unit and device for isolating wireless network user |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101827366A true CN101827366A (en) | 2010-09-08 |
| CN101827366B CN101827366B (en) | 2013-03-13 |
Family
ID=42691016
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010133042.4A Active CN101827366B (en) | 2010-03-24 | 2010-03-24 | Method, unit and device for isolating wireless network user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101827366B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103533536A (en) * | 2012-07-06 | 2014-01-22 | 深圳市共进电子股份有限公司 | Wireless-AP isolation method and wireless AP |
| WO2014172869A1 (en) * | 2013-04-25 | 2014-10-30 | 华为技术有限公司 | Method, device and system for communication in virtual local area network |
| CN105897712A (en) * | 2016-04-11 | 2016-08-24 | 深圳市信锐网科技术有限公司 | Packet forwarding method and device based on wireless hotspot |
| CN106878986A (en) * | 2017-01-05 | 2017-06-20 | 新华三技术有限公司 | A kind of user isolation method and device |
| CN109302466A (en) * | 2018-09-18 | 2019-02-01 | 华为技术有限公司 | Data processing method, relevant device and computer storage medium |
| CN109981462A (en) * | 2019-03-28 | 2019-07-05 | 新华三技术有限公司 | A kind of message processing method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1414742A (en) * | 2002-12-03 | 2003-04-30 | 北京朗通环球科技有限公司 | Method of isolating user in radio local network |
| CN1464693A (en) * | 2002-06-06 | 2003-12-31 | 华为技术有限公司 | Method for controlling port interactive access of Ethernet switch chip |
| CN1561042A (en) * | 2004-02-17 | 2005-01-05 | 中兴通讯股份有限公司 | Method of managing mobile terminal by radio local network insertion point equipment |
| EP1853021A1 (en) * | 2006-05-05 | 2007-11-07 | Broadcom Corporation | Switching network supporting media rights management |
-
2010
- 2010-03-24 CN CN201010133042.4A patent/CN101827366B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1464693A (en) * | 2002-06-06 | 2003-12-31 | 华为技术有限公司 | Method for controlling port interactive access of Ethernet switch chip |
| CN1414742A (en) * | 2002-12-03 | 2003-04-30 | 北京朗通环球科技有限公司 | Method of isolating user in radio local network |
| CN1561042A (en) * | 2004-02-17 | 2005-01-05 | 中兴通讯股份有限公司 | Method of managing mobile terminal by radio local network insertion point equipment |
| EP1853021A1 (en) * | 2006-05-05 | 2007-11-07 | Broadcom Corporation | Switching network supporting media rights management |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103533536A (en) * | 2012-07-06 | 2014-01-22 | 深圳市共进电子股份有限公司 | Wireless-AP isolation method and wireless AP |
| CN103533536B (en) * | 2012-07-06 | 2019-05-10 | 深圳市共进电子股份有限公司 | Wireless aps partition method and wireless aps |
| WO2014172869A1 (en) * | 2013-04-25 | 2014-10-30 | 华为技术有限公司 | Method, device and system for communication in virtual local area network |
| CN105897712A (en) * | 2016-04-11 | 2016-08-24 | 深圳市信锐网科技术有限公司 | Packet forwarding method and device based on wireless hotspot |
| CN106878986A (en) * | 2017-01-05 | 2017-06-20 | 新华三技术有限公司 | A kind of user isolation method and device |
| CN106878986B (en) * | 2017-01-05 | 2021-03-26 | 新华三技术有限公司 | User isolation method and device |
| CN109302466A (en) * | 2018-09-18 | 2019-02-01 | 华为技术有限公司 | Data processing method, relevant device and computer storage medium |
| CN109981462A (en) * | 2019-03-28 | 2019-07-05 | 新华三技术有限公司 | A kind of message processing method and device |
| CN109981462B (en) * | 2019-03-28 | 2021-06-22 | 新华三技术有限公司 | Message processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101827366B (en) | 2013-03-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102263774B (en) | Method and device for processing source role information | |
| EP2597822B1 (en) | An address resolution optimization procedure to effect a gradual transition from a provider bridge network to a VPLS or provider backbone bridging network | |
| CN101827366B (en) | Method, unit and device for isolating wireless network user | |
| EP2901630B1 (en) | Method operating in a fixed access network and user equipments | |
| US8488627B2 (en) | Multi-communications-media network device | |
| US20140230044A1 (en) | Method and Related Apparatus for Authenticating Access of Virtual Private Cloud | |
| US20100290391A1 (en) | Apparatus and method for accessing multiple wireless networks | |
| JP2005192187A (en) | Method for establishing channel between user agent and wireless lan access point in environment where a plurality of wireless lan access points are installed | |
| JP6893583B2 (en) | Select designated forwarder | |
| JP4279300B2 (en) | Network virtualization apparatus and network virtualization program | |
| EP2583423B1 (en) | Apparatus and method for configuring personal network using pn routing table | |
| CN101635702B (en) | Method for forwarding data packet using security strategy | |
| CN112333713B (en) | 5G ad hoc network system, ad hoc network method, computer device and storage medium | |
| EP2218214B1 (en) | Network location service | |
| CN102098278A (en) | Subscriber access method and system as well as access server and device | |
| US20080205393A1 (en) | System and Method for Routing Packets in Portable Internet System | |
| JP4825501B2 (en) | Wireless LAN access point, IP address management method and management program using the same | |
| CN102263679B (en) | Source role information processing method and forwarding chip | |
| WO2009146615A1 (en) | A processing method, a system and a processor for network address translation service | |
| JP4202286B2 (en) | VPN connection control method and system | |
| JP2005136615A (en) | Mobile communication terminal, mobile communication management device, mobile communication system, mobile communication terminal program, mobile communication management program and mobile communication method | |
| CN101442491B (en) | Route transmission method and routing device for nesting VPN | |
| CN102857415A (en) | Routing bridge and device and method for controlling media access control address study | |
| KR20080051681A (en) | Method for configuring network address translating table in mobile communication system and method for routing network address of base station | |
| CN102801628A (en) | Data forwarding method and system in GRE (General Routing Encapsulation) tunnels |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |