The method of marked net incremental deploying and access point
Technical field
The present invention relates to WLAN (wireless local area network) and marked net technology, relate in particular to a kind of method, access point, the network of application identities net incremental deploying method deployment and method that application network carries out business of marked net incremental deploying.
Background technology
In marked network, identity is separated with the position, and configuration access sign (Access Identifier, AID) is equipped with Route Distinguisher (Router Identifier, RID) as station location marker as identify label.In identity shown in Figure 1 and the network that separates the position, All hosts (Host) is registered and is authenticated by access service router (Access Service Router, ASR), and access network.Host is linked on the ASR, and the behavior of leaving ASR, and ASR needs to report to identity and location register register (Identifier and Location Register, ILR).ILR preserves the identify label AID of Host and mapping relations<AID of position RID, RID 〉.ILR provides the response to the query mappings relation simultaneously.
Communicate by letter between Host and the Host, adopt the RID on the ASR to encapsulate and route, and the original message between Host and the Host is encapsulated in the payload (Payload).Message arrives purpose ASR, and purpose ASR carries out decapsulation to message, then original message is forwarded to purpose Host.
The repeating process of message in identity and the network that separates the position as shown in Figure 2, this process comprises: source HOST (HOST1) encapsulates original message by source ASR (ASR1), then at the message of transmitting between source ASR (ASR1) and the purpose ASR (ASR2) after encapsulating, upward the message after the encapsulation is carried out decapsulation at purpose ASR (ASR2) at last, and be forwarded to purpose HOST (HOST2).
In the message repeating flow process, the encapsulation format of message is divided into two kinds of original message and RID encapsulated messages, wherein:
Original message is transmitted: at the Access Layer of identity and locator separation network, namely adopt AID to carry out message repeating as source address and destination address between Host and the ASR, message format as shown in Figure 3.
The RID encapsulated message is transmitted: in the core layer of identity and locator separation network, namely adopt the message repeating after RID encapsulates between ASR and the ASR, message as shown in Figure 4.
WLAN (wireless local area network) (Wireless Local Area Network, WLAN) because its low cost, high-performance, easily dispose, the compatible characteristics such as good, except becoming gradually the pith of operator's full service network development tactics, become in a long time outside the important supplement of cellular network, also popularizing rapidly in every profession and trade.WLAN can also provide the multiple valued added applications such as wireless speech, wireless monitor, wireless location except the carrying Internet access business at present.
In the identity locator separation network, need undoubtedly compatible WLAN access and corresponding various application service.But because wlan network is disposed the framework difference at present, equipment also is different manufacturers production, so how to adapt to existing wlan network, the difference of shielding between the wlan device, do not need to existing wlan network just again transform can be in marked net compatible WLAN access and corresponding various application service is a urgent problem.
Summary of the invention
The invention provides network and the application network that a kind of method, access point, application identities net incremental deploying method of marked net incremental deploying dispose and carry out professional method, with solve at present can't be in wlan network the problem of compatible marked net.
The invention provides a kind of method of marked net incremental deploying, be applied to WLAN (wireless local area network) (WLAN), this WLAN comprises access point (AP), access controller (AC) and authentication and authorization charging (AAA) server that links to each other successively, and the method comprises:
Described AP sets up the first virtual access point (VAP) that is used for non-sign network users access and the 2nd VAP that is used for marked net user access;
Described AP links to each other a described VAP with described AC, set up the first VLAN (VLAN), and described the 2nd VAP is linked to each other with access service router (ASR) newly-increased and that link to each other with described aaa server, sets up the 2nd VLAN.
The present invention also provides a kind of access point (AP), and this AP comprises:
First sets up module, is used for setting up the first virtual access point (VAP) that is used for non-sign network users access and the 2nd VAP that is used for marked net user access;
Second sets up module, is used for a described VAP is linked to each other with access controller (AC), sets up the first VLAN (VLAN), and described the 2nd VAP is linked to each other with access service router (ASR), sets up the 2nd VLAN.
Preferably, described ASR all links to each other with authentication and authorization charging (AAA) server with described AC.
The network that the present invention also provides a kind of method of using above-mentioned marked net incremental deploying to dispose, this network comprises:
Be used for first virtual access point (VAP) of non-sign network users access and be used for the 2nd VAP that the marked net user accesses;
The AC that links to each other with a described VAP;
The access service router (ASR) that links to each other with described the 2nd VAP; And
Authentication and authorization charging (AAA) server that all links to each other with described AC and described ASR.
Preferably, described AC is used for the first authentication request of the non-sign network users by VAP access is sent to described aaa server, and sends the authentication result that described aaa server returns according to described the first authentication request to a described VAP;
Described ASR is used for the second authentication request of the marked net user by the 2nd VAP access is sent to described aaa server, and sends the authentication result that described aaa server returns according to described the second authentication request to described the 2nd VAP;
Described aaa server is used for described non-sign network users and described marked net user are authenticated.
Preferably, described AC also is used to the non-sign network users forwarding data by authentication;
Described ASR also is used to the marked net user forwarding data by authentication.
The present invention also provides a kind of method that above-mentioned network carries out business of using, and the method comprises:
Described AC sends to described aaa server with the first authentication request of the non-sign network users by VAP access, and sends the authentication result that described aaa server returns according to described the first authentication request to a described VAP;
Described ASR sends to described aaa server with the second authentication request of the marked net user by the 2nd VAP access, and sends the authentication result that described aaa server returns according to described the second authentication request to described the 2nd VAP.
Preferably, described method also comprises:
Described AC is the non-sign network users forwarding data by authentication;
Described ASR is the marked net user forwarding data by authentication.
Preferably, described AC comprises for the non-sign network users forwarding data by authentication:
Described AC receives the data that non-sign network users sends, and when the authentication result that the described aaa server of affirmation returns described non-sign network users is passed through for authentication, transmits the data that described non-sign network users sends.
Preferably, described ASR comprises for the marked net user forwarding data by authentication:
The data that described ASR reception marked net user sends, and when the authentication result that the described aaa server of affirmation returns described marked net user is passed through for authentication, transmit the data that described marked net user sends.
Network and application network that above-mentioned marked net incremental deploying method, access point, application identities net incremental deploying method are disposed carry out professional method, not needing existing wlan network is transformed again just can compatible marked net, simultaneously compatible non-sign network users and marked net user's access.
Description of drawings
The network diagram that Fig. 1 separates with the position for existing identity;
Fig. 2 is the repeating process schematic diagram of existing message in identity and locator separation network;
Fig. 3 is existing original AID message format schematic diagram;
Fig. 4 is existing RID encapsulated message form schematic diagram;
Fig. 5 is the Organization Chart of traditional wlan network;
Fig. 6 is the network architecture diagram after the embodiment of the invention realizes the marked net incremental deploying;
Fig. 7 is the signaling process figure that laggard row service implementation example is finished in marked net incremental deploying method of the present invention and deployment;
Fig. 8 is the structural representation of access point embodiment of the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, hereinafter in connection with accompanying drawing embodiments of the invention are elaborated.Need to prove that in the situation of not conflicting, the embodiment among the application and the feature among the embodiment be combination in any mutually.
The embodiment of the invention is under existing wlan network environment as shown in Figure 5, namely use third party's access point (Access Point, AC), access controller (Access Control, AP) and subscriber equipment (UE) realize under the wlan network access conditions, only by increasing ASR, do not need existing network is again transformed and disposed, just can realize the incremental deploying of marked net, the network architecture after the deployment as shown in Figure 6.
The invention provides a kind of method of marked net incremental deploying, be applied to WLAN (wireless local area network) (WLAN), this WLAN comprises access point (AP), access controller (AC) and authentication and authorization charging (AAA) server that links to each other successively, and the method comprises:
Step 11, described AP set up the first virtual access point (VAP) that is used for non-sign network users access and the 2nd VAP that is used for marked net user access;
For example, set up two VAP, wherein VAP1 is used for the access of domestic consumer's (non-sign network users), and VAP2 is used for marked net user's access;
Step 12, described AP link to each other a described VAP with described AC, set up the first VLAN (VLAN), and described the 2nd VAP is linked to each other with access service router (ASR) newly-increased and that link to each other with described aaa server, set up the 2nd VLAN.
The network of using the method deployment of above-mentioned marked net incremental deploying comprises:
Be used for first virtual access point (VAP) of non-sign network users access and be used for the 2nd VAP that the marked net user accesses;
The AC that links to each other with a described VAP;
The access service router (ASR) that links to each other with described the 2nd VAP; And
Authentication and authorization charging (AAA) server that all links to each other with described AC and described ASR.
Wherein, described AC is used for the first authentication request of the non-sign network users by VAP access is sent to described aaa server, and sends the authentication result that described aaa server returns according to described the first authentication request to a described VAP; Described ASR is used for the second authentication request of the marked net user by the 2nd VAP access is sent to described aaa server, and sends the authentication result that described aaa server returns according to described the second authentication request to described the 2nd VAP;
Described aaa server is used for described non-sign network users and described marked net user are authenticated.
In addition, described AC also is used to the non-sign network users forwarding data by authentication; Described ASR also is used to the marked net user forwarding data by authentication.
Using network shown in Figure 6 carries out professional method and comprises:
Step 21, described AC send to described aaa server with the first authentication request of the non-sign network users by VAP access, and send the authentication result that described aaa server returns according to described the first authentication request to a described VAP;
Before this step, the user selects corresponding VAP to access according to CAMEL-Subscription-Information; For example, VAP1, marked net user selection VAP2 select in domestic consumer;
Step 22, described ASR send to described aaa server with the second authentication request of the marked net user by the 2nd VAP access, and send the authentication result that described aaa server returns according to described the second authentication request to described the 2nd VAP.
Above-mentioned AC is as the authentication points (Authenticator) of non-sign network users; ASR is as marked net user's authentication points (Authenticator).
In addition, described method also comprises:
Described AC is the non-sign network users forwarding data by authentication;
Described ASR is the marked net user forwarding data by authentication.
Particularly, described AC comprises for the non-sign network users forwarding data by authentication: described AC receives the data that non-sign network users sends, and when the authentication result that the described aaa server of affirmation returns described non-sign network users is passed through for authentication, transmit the data that described non-sign network users sends.Described ASR comprises for the marked net user forwarding data by authentication: described ASR receives the data that the marked net user sends, and when the authentication result that the described aaa server of affirmation returns described marked net user is passed through for authentication, transmit the data that described marked net user sends.
As shown in Figure 7, for the signaling process figure of laggard row service implementation example is finished in marked net incremental deploying method of the present invention and deployment, in this embodiment, when AP starts, set up VAP1, VAP2, wherein VAP1 is used for the access of domestic consumer, and VAP2 is used for marked net user's access; This process comprises:
Step 701, AP set up VLAN;
Step 701a, AP set up the VLAN1 between VAP1 and the AC;
Step 701b, AP set up VLAN2 between VAP2 and the ASR.
Step 702, user select the VAP of access according to CAMEL-Subscription-Information;
Step 702a, the access VAP1 of domestic consumer;
Step 702b, marked net user access VAP2.
Step 703, user authenticate;
Step 703a, AC authenticate it by aaa server as the authentication points of domestic consumer;
Step 703b, ASR authenticate it by aaa server as marked net user's authentication points.
Step 704, user data are transmitted;
Step 704a, normal user data are transmitted by AC;
Step 704b, marked net user data are transmitted by ASR.
In above-described embodiment, the order of step 701 and step 702 can be put upside down.
Above-mentioned marked net incremental deploying method, not needing existing wlan network is transformed again just can compatible marked net, simultaneously compatible non-sign network users and marked net user's access.
As shown in Figure 8, be the structural representation of access point embodiment of the present invention, this AP comprises that first sets up module 81 and second and set up module 82, wherein:
First sets up module, is used for setting up the first virtual access point (VAP) that is used for non-sign network users access and the 2nd VAP that is used for marked net user access;
Second sets up module, is used for a described VAP is linked to each other with access controller (AC), sets up the first VLAN (VLAN), and described the 2nd VAP is linked to each other with access service router (ASR), sets up the 2nd VLAN.
This AP is arranged in WLAN (wireless local area network) shown in Figure 5, and this AP sets up module and second by first and sets up module and set up out as shown in Figure 6 the network architecture; Above-mentioned AC all links to each other with aaa server with ASR, and sets up that do not need in the process existing wlan network is transformed again just can compatible marked net.
One of ordinary skill in the art will appreciate that all or part of step in the said method can come the instruction related hardware to finish by program, said procedure can be stored in the computer-readable recording medium, such as read-only memory, disk or CD etc.Alternatively, all or part of step of above-described embodiment also can realize with one or more integrated circuits.Correspondingly, each the module/unit in above-described embodiment can adopt the form of hardware to realize, also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form.
Above embodiment is only unrestricted in order to technical scheme of the present invention to be described, only with reference to preferred embodiment the present invention is had been described in detail.Those of ordinary skill in the art should be appreciated that and can make amendment or be equal to replacement technical scheme of the present invention, and do not break away from the spirit and scope of technical solution of the present invention, all should be encompassed in the middle of the claim scope of the present invention.