CN103167493A - Method and system for wireless access controller concentrating identification under local transmitting mode - Google Patents
Method and system for wireless access controller concentrating identification under local transmitting mode Download PDFInfo
- Publication number
- CN103167493A CN103167493A CN2011104243329A CN201110424332A CN103167493A CN 103167493 A CN103167493 A CN 103167493A CN 2011104243329 A CN2011104243329 A CN 2011104243329A CN 201110424332 A CN201110424332 A CN 201110424332A CN 103167493 A CN103167493 A CN 103167493A
- Authority
- CN
- China
- Prior art keywords
- message
- capwap
- authentication protocol
- sta
- extensible authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method and a system for wireless access controller concentrating identification under a local transmitting mode. The method comprises that an AP packages an expanding identification protocol message received from an STA into a CAPWAP message which is then sent to an AC; after the AC receives the CAPWAP message from the AP, the expanding identification protocol message is resolved from the CAPWAP message and is converted to an RADIUS message to be sent to an identification server, the RADIUS message returned by the identification server is converted into the expanding identification protocol message and is packaged into the CAPWAP message and then is sent to the AP; after the AP receives the CAPWAP message form the AC, the expanding identification protocol message is resolved from the CAPWAP message and is sent to the STA. Under the local transmitting mode, even if the AC and the AP crosses three layers of network organizations, the AC can still be an authenticator to complete 802.1 X identification, safety of wireless local area networks is guaranteed, and complexity of a bearing network does not need to be increased.
Description
Technical field
The present invention relates to mobile communication technology, be specifically related to the method and system of Radio Access Controller Collective qualification under local forward mode.
Background technology
WLAN (wireless local area network) (WLAN, Wireless Local Area Network) is based on the standard of 802.11 media access controls and physical layer definition (Wireless LAN Medium Access Control and PhysicalLayer Specifications).
Existing wlan network generally adopts WAP (wireless access point) (AP, Access Point) to add the thin AP architecture of Radio Access Controller (AC, Access Controller).This thin AP architecture specific definition is wireless access point control configuration protocol (CAPWAP in RFC 5415 standards, Control AndProvisioning of Wireless Access Points Protocol) binding (RFC 5416, Control and Provisioning ofWireless Access Points (CAPWAP) Protocol Binding for IEEE 802.11) of wireless access point control configuration protocol and IEEE 802.11 and in RFC 5416 standards.Under this framework, AC carries out unified management, configuration by the CAPWAP agreement to AP and to wireless user's (STA, Station) access control, and two kinds of user data tupes are provided: concentrate to forward and local the forwarding.Concentrating under forward mode, using the CAPWAP data tunnel to complete converging of AP incoming data stream, be responsible for data retransmission by AC; Under local forward mode, complete voluntarily data retransmission by AP.
As shown in Figure 1, under local forward mode, AC only is responsible for the management of AP and STA is controlled, and service traffics is not controlled.
The IEEE 802LAN/WAN committee has proposed the 802.1X agreement for solving the wireless lan network safety problem.This agreement is a kind of Network access control agreement based on port.If the subscriber equipment that is connected on port can by authentication, just can be accessed the resource in local area network (LAN); If can not by authentication, can't access the resource in local area network (LAN).This agreement is comprised of applicant (Supplicant), authenticator (Authenticator) and certificate server (Authentication Server).Communicate by the Extensible Authentication Protocol (EAPOL) based on local area network (LAN) between applicant and authenticator, this message is two layer message.
In thin AP architecture, generally by STA as applicant, AC as authenticator, remote authentication dial-in user service (RADIUS, Remote Authentication Dial-In User Service) server as certificate server.Verification process is as shown in Figure 2:
Step 200: applicant STA sends EAPOL and begins (EAPOL-Start) message, beginning 802.1X authentication.
Step 201: authenticator AC sends EAP request/identity (EAP-Request/Identity) message, request STA report of user name.
Step 202:STA comprises the STA user name by EAP response/identity (EAP-Response/Identity) acknowledgement messaging.
Step 203:AC becomes RADIUS access request (RADIUS-Access-Request) message to give radius server this message conversion.
Step 204:RADIUS server is selected the authentication of a type, and specifies authentication method in the EAP request message (EAP-Request) that sends.EAP-Request is encapsulated in RADIUS access challenge (RADIUS-Access-Challenge).
To ask/method (EAP-Request/ method) message to be transmitted to STA after step 205:AC receives processes.
The challenge that step 206:STA sends by response/method (EAP-Response/Method) message response radius server.
The response that step 207:AC will receive converts RADIUS access request (RADIUS-Access-Request) to and sends to radius server.
Step 204 to step 207 may be repeatedly, until authentication is complete.
Step 208:RADIUS server is differentiated this user's legitimacy by the response of challenge.If legal, send access and allow (RADIUS-Access-Accept) message to allow customer access network, and pairwise master key (PMK, Pairwise Master Key) is informed authenticator AC.
Step 209:AC sends successfully (EAP-Success) message informing STA again.
Step 210:AC produces a random number Anonce, sends to STA by EAPOL-Key message.STA produces a random number Snonce, then calculates pair temporal key (PTK, Pairwise Transient Key) according to parameters such as Anonce.
Step 211:STA sends to AC with Snonce by EAPOL-Key message.Because the algorithm that PTK produces is identical, parameter is identical, the AC side also can be calculated the PTK identical with the STA side.Use PTK to do the MIC verification to the message that receives, if verification unsuccessfully illustrates authentification failure.Otherwise, send the message that PTK is installed.
Step 212:AC sends the message that PTK is installed.
Step 213:STA installs the PTK success, returns to acknowledge message.
Step 214:AC sends the message that group's temporary key (GTK, Group Transient Key) is installed.
Step 215:STA installs the GTK success, returns to acknowledge message.
Under local forward mode, if AC and AP across three layers of networking, two layer message can't directly transmit between AC and AP.Under this networking mode, can't be realized by AC the function of STA authentication as the authenticator.Usually adopt bearer network is carried out particular arrangement or change being the authenticator by AP and solving this problem.The first solution has increased the complexity of networking; Second workaround is unfavorable for network security.In thin AP architecture, more and as access device due to the AP number, so AP is known PMK and dangerous; Simultaneously, AC can not control the renewal of clean culture, multicast key, can't guarantee the fail safe of wireless network.
Summary of the invention
The technical problem to be solved in the present invention is to provide the method and system of Radio Access Controller Collective qualification under a kind of local forward mode, even AC and AP are across three layers of networking under local forward mode, still can complete the 802.1X authentication as the authenticator by AC, guarantee the fail safe of WLAN.
In order to solve the problems of the technologies described above, the invention provides the method for Radio Access Controller Collective qualification under a kind of local forward mode, wherein, WAP (wireless access point) (AP) will send to Radio Access Controller (AC) after will being encapsulated as wireless access point control configuration protocol (CAPWAP) message from the Extensible Authentication Protocol message that wireless user (STA) receives;
Described AC parses the Extensible Authentication Protocol message and is converted to remote authentication dial-in user service (RADIUS) message and is sent to certificate server from described CAPWAP message after described AP receives the CAPWAP message, be sent to described AP after the RADIUS message that described certificate server is returned is converted to the Extensible Authentication Protocol message and is encapsulated as the CAPWAP message;
Described AP parses the Extensible Authentication Protocol message and is sent to described STA from described CAPWAP message after described AC receives the CAPWAP message.
Further, said method can also have following characteristics:
Carry out the process of key agreement between described STA and described AC in, described AC will need to be sent to described AP after the key agreement Extensible Authentication Protocol message that described STA sends is encapsulated as the CAPWAP message;
The CAPWAP packet parsing that described AP will receive from described AC is to be sent to described STA after key agreement Extensible Authentication Protocol message, and sends to described AC after will being encapsulated as the CAPWAP message from the key agreement Extensible Authentication Protocol message that described STA receives.
Further, said method can also have following characteristics:
The mode that the Extensible Authentication Protocol message is encapsulated as the CAPWAP message is in the privately owned extensible element of manufacturer that described Extensible Authentication Protocol message is encapsulated into the CAPWAP message.
In order to solve the problems of the technologies described above, the present invention also provides the system of Radio Access Controller Collective qualification under a kind of local forward mode, wherein,
Comprise WAP (wireless access point) (AP), Radio Access Controller (AC), certificate server;
Described AP sends to Radio Access Controller (AC) after being used for being encapsulated as wireless access point control configuration protocol (CAPWAP) message from the Extensible Authentication Protocol message that wireless user (STA) receives; Also be used for parsing the Extensible Authentication Protocol message and being sent to described STA from described CAPWAP message after described AC receives the CAPWAP message;
Described AC, be used for being sent to certificate server from parsing the Extensible Authentication Protocol message and be converted to remote authentication dial-in user service (RADIUS) message from described CAPWAP message after described AP receiving the CAPWAP message, be sent to described AP after the RADIUS message that described certificate server is returned is converted to the Extensible Authentication Protocol message and is encapsulated as the CAPWAP message.
Further, said system can also have following characteristics:
Described AC also is used for needing to be sent to described AP after the key agreement Extensible Authentication Protocol message that described STA sends is encapsulated as the CAPWAP message;
Described AP, the CAPWAP packet parsing that also is used for receiving from described AC is to be sent to described STA after key agreement Extensible Authentication Protocol message, and sends to described AC after will being encapsulated as the CAPWAP message from the key agreement Extensible Authentication Protocol message that described STA receives.
Further, said system can also have following characteristics:
Described AP or described AC also are used for the privately owned extensible element of manufacturer that described Extensible Authentication Protocol message is encapsulated into the CAPWAP message.
In order to solve the problems of the technologies described above, the present invention is a kind of WAP (wireless access point) (AP) also, wherein, comprises the message modular converter;
Described message modular converter sends to Radio Access Controller (AC) after being used for being encapsulated as wireless access point control configuration protocol (CAPWAP) message from the Extensible Authentication Protocol message that wireless user (STA) receives; Also be used for parsing the Extensible Authentication Protocol message and being sent to wireless user (STA) from described CAPWAP message after described AC receives the CAPWAP message.
Further, above-mentioned AP can also have following characteristics:
Described message modular converter, the CAPWAP packet parsing that also is used for receiving from described AC is to be sent to described STA after key agreement Extensible Authentication Protocol message, and sends to described AC after will being encapsulated as the CAPWAP message from the key agreement Extensible Authentication Protocol message that described STA receives.
In order to solve the problems of the technologies described above, the present invention is a kind of Radio Access Controller (AC) also, wherein, comprises the message modular converter;
Described message modular converter, be used for being sent to certificate server from parsing the Extensible Authentication Protocol message and be converted to remote authentication dial-in user service (RADIUS) message from described CAPWAP message after described AP receiving the CAPWAP message, be sent to described AP after the RADIUS message that described certificate server is returned is converted to the Extensible Authentication Protocol message and is encapsulated as the CAPWAP message.
Further, above-mentioned AC can also have following characteristics:
Described message modular converter also is used for needing to be sent to described AP after the key agreement Extensible Authentication Protocol message that described STA sends is encapsulated as the CAPWAP message.
After implementing this programme, under local forward mode, even AC and AP across three layers of networking, still can complete the 802.1X authentication as the authenticator by AC, guarantee the fail safe of WLAN, need not to increase the complexity of bearer network.
Description of drawings
Fig. 1 is the networking schematic diagram under local forward mode;
Fig. 2 is identifying procedure figure in prior art;
Identifying procedure figure in Fig. 3 embodiment.
Embodiment
Under local forward mode, the method for Radio Access Controller Collective qualification comprises:
WAP (wireless access point) (AP) will send to Radio Access Controller (AC) after will being encapsulated as wireless access point control configuration protocol (CAPWAP) message from the Extensible Authentication Protocol message that wireless user (STA) receives;
Described AC parses the Extensible Authentication Protocol message and is converted to remote authentication dial-in user service (RADIUS) message and is sent to certificate server from described CAPWAP message after described AP receives the CAPWAP message, be sent to described AP after the RADIUS message that described certificate server is returned is converted to the Extensible Authentication Protocol message and is encapsulated as the CAPWAP message;
Described AP parses the Extensible Authentication Protocol message and is sent to described STA from described CAPWAP message after described AC receives the CAPWAP message.
The method also comprises:
Carry out the process of key agreement between described STA and described AC in, described AC will need to be sent to described AP after the key agreement Extensible Authentication Protocol message that described STA sends is encapsulated as the CAPWAP message;
The CAPWAP packet parsing that described AP will receive from described AC is to be sent to described STA after key agreement Extensible Authentication Protocol message, and sends to described AC after will being encapsulated as the CAPWAP message from the key agreement Extensible Authentication Protocol message that described STA receives.
The mode that the Extensible Authentication Protocol message is encapsulated as the CAPWAP message is in the privately owned extensible element of manufacturer (Vendor Specific Payload) that described Extensible Authentication Protocol message is encapsulated into the CAPWAP message.As shown in table 1, wherein, the privately owned extensible element of manufacturer comprises that manufacturer indicates (Vendor Identifier), takies 4 bytes; Comprise extensible element sign (Element ID), be used to indicate the sequence number of the privately owned extensible element of manufacturer; Comprise length of element (Element Length), be used for the length of expression extensible element; Comprise element data (Element Data), be used for carrying packed Extensible Authentication Protocol message.
The element format of the encapsulation EAPOL message of table 1 expansion
The system corresponding with said method comprises WAP (wireless access point) (AP), Radio Access Controller (AC), certificate server;
Described AP sends to Radio Access Controller (AC) after being used for being encapsulated as wireless access point control configuration protocol (CAPWAP) message from the Extensible Authentication Protocol message that wireless user (STA) receives; Also be used for parsing the Extensible Authentication Protocol message and being sent to described STA from described CAPWAP message after described AC receives the CAPWAP message;
Described AC, be used for being sent to certificate server from parsing the Extensible Authentication Protocol message and be converted to remote authentication dial-in user service (RADIUS) message from described CAPWAP message after described AP receiving the CAPWAP message, be sent to described AP after the RADIUS message that described certificate server is returned is converted to the Extensible Authentication Protocol message and is encapsulated as the CAPWAP message.
And described AC also is used for needing to be sent to described AP after the key agreement Extensible Authentication Protocol message that described STA sends is encapsulated as the CAPWAP message;
Described AP, the CAPWAP packet parsing that also is used for receiving from described AC is to be sent to described STA after key agreement Extensible Authentication Protocol message, and sends to described AC after will being encapsulated as the CAPWAP message from the key agreement Extensible Authentication Protocol message that described STA receives.
Described AP or described AC also are used for the privately owned extensible element of manufacturer that described Extensible Authentication Protocol message is encapsulated into the CAPWAP message.
WAP (wireless access point) in system (AP) comprises the message modular converter,
Described message modular converter sends to Radio Access Controller (AC) after being used for being encapsulated as wireless access point control configuration protocol (CAPWAP) message from the Extensible Authentication Protocol message that wireless user (STA) receives; Also be used for parsing the Extensible Authentication Protocol message and being sent to wireless user (STA) from described CAPWAP message after described AC receives the CAPWAP message.
Described message modular converter, the CAPWAP packet parsing that also is used for receiving from described AC is to be sent to described STA after key agreement Extensible Authentication Protocol message, and sends to described AC after will being encapsulated as the CAPWAP message from the key agreement Extensible Authentication Protocol message that described STA receives.
Radio Access Controller in system (AC) comprises the message modular converter,
Described message modular converter, be used for being sent to certificate server from parsing the Extensible Authentication Protocol message and be converted to remote authentication dial-in user service (RADIUS) message from described CAPWAP message after described AP receiving the CAPWAP message, be sent to described AP after the RADIUS message that described certificate server is returned is converted to the Extensible Authentication Protocol message and is encapsulated as the CAPWAP message.
Described message modular converter also is used for needing to be sent to described AP after the key agreement Extensible Authentication Protocol message that described STA sends is encapsulated as the CAPWAP message.
In said method, key step is as follows:
STA sends EAPOL-Start start of heading 802.1X authentication.
All EAPOL messages that AP sends the wireless user all encapsulate by the extension mechanism that CAPWAP controls message, with the EAPOL message repeating to AC.
After AC parses the EAPOL message, change into the RADIUS message and give RADIUS Server processing;
AC changes into the EAPOL message with the RADIUS message that RADIUS Server returns, and the extension mechanism of controlling message by CAPWAP encapsulates, and according to wireless user's MAC Address, message is issued corresponding AP.
AP parses the EAPOL message from CAPWAP controls message after, forward the packet wireless user to correspondence according to target MAC (Media Access Control) address.
Mutual for several times after, authenticate completely, AC is known wireless user's authentication result and PMK.
AC and wireless user consult clean culture, multicast key.
Describe above-mentioned steps in detail below by specific embodiment.
As shown in Figure 3, the concrete implementing procedure of 802.1X authentication comprises the following steps 300 to 329.Wherein, communicate by the Extensible Authentication Protocol (EAPOL) based on local area network (LAN) between wireless user and WAP (wireless access point).
Step 300:STA sends beginning (EAPOL-Start) message to AP.
Extensible element encapsulation beginning (EAPOL-Start) message that step 301:AP carries by WTP event request (WTP Event Request) message sends to AC.
Step 302:AC extracts beginning (EAPOL-Start) message, returns to WTP event response (WTPEvent Response) message.
Extensible element package request/identity (EAPOL-Request/Identity) message that step 303:AC carries by site configuration request (Station Configuration Request) message sends to AP.
Step 304:AP extracts request/identity (EAPOL-Request/Identity) message, is distributed to STA.
Step 305:STA returns to response/identity (EAPOL-Response/Identity) message.
Step 306:AP responds by site configuration extensible element encapsulation response/identity (EAPOL-Response/Identity) message that (Station Configuration Response) message is carried, and sends to AC.
Step 307:AC extracts response/identity (EAPOL-Response/Identity) message, sends access request (RADIUS-Access-Request) message to radius server.
Step 308:RADIUS server returns to access challenge (RADIUS-Access-Challenge) message to AC.
Step 309:AC is according to access challenge (RADIUS-Access-Challenge) message, extensible element package request/method (EAP-Request/Method) message by site configuration request (Station Configuration Request) message is carried sends to AP.
Step 310:AP extracts request/method (EAP-Request/Method) message, is sent to relevant STA.
Step 311:STA returns to response/method (EAP-Response/Method) message.
Step 312:AP responds by site configuration extensible element encapsulation response/method (EAP-Response/Method) message that (Station Configuration Response) message is carried, and sends to AC.
Step 313:AC extracts response/method (EAP-Response/Method) message, sends access request (RADIUS-Access-Request) message to radius server.
Step 314: if STA is by authenticating, radius server returns to access and allows (RADIUS-Access-Accept) message.
Step 315:AC allows (RADIUS-Access-Accept) message according to access, the extensible element that carries by site configuration request (Station Configuration Request) message encapsulates successfully (EAPOL-Success) message, sends to AP.
Step 316:AP extracts successfully (EAPOL-Success) message, is sent to relevant STA.
Step 317:AP returns to site configuration response (Station Configuration Response) message.
Step 318:AC produces a random number Anonce, and the extensible element that carries by site configuration request (StationConfiguration Request) message encapsulates the EAPOL-Key message.
Step 319:AP extracts the EAPOL-Key message, is sent to relevant STA.
Step 320:STA produces a random number Snonce, calculates PTK according to key schedule, returns to Snonce with the EAPOL-Key message.
Step 321:AP responds by site configuration the extensible element encapsulation EAPOL-Key message that (Station Configuration Response) message is carried.
Step 322:AC calculates PTK by Anonce and Snonce according to key schedule, by the extensible element encapsulation EAPOL-Key message that site configuration request (Station Configuration Request) message is carried, informs that STA installs PTK.
Step 323:AP extracts the EAPOL-Key message, is sent to relevant STA.
Step 324:STA installs the PTK success, returns to acknowledge message.
Step 325:AP responds by site configuration the extensible element encapsulation EAPOL-Key message that (Station Configuration Response) message is carried.
After step 236:AC generated GTK, the extensible element that carries by site configuration request (Station ConfigurationRequest) message encapsulated the EAPOL-Key message.
Step 327:AP extracts the EAPOL-Key message, is sent to relevant STA.
Step 328:STA installs the GTK success, returns to acknowledge message.
Step 329:AP responds by site configuration the extensible element encapsulation EAPOL-Key message that (Station Configuration Response) message is carried.
Need to prove, in the situation that do not conflict, the embodiment in the application and the feature in embodiment be combination in any mutually.
Certainly; the present invention also can have other various embodiments; in the situation that do not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art can make according to the present invention various corresponding changes and distortion, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
One of ordinary skill in the art will appreciate that all or part of step in said method can come the instruction related hardware to complete by program, described program can be stored in computer-readable recording medium, as read-only memory, disk or CD etc.Alternatively, all or part of step of above-described embodiment also can realize with one or more integrated circuits.Correspondingly, each the module/unit in above-described embodiment can adopt the form of hardware to realize, also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form.
Claims (10)
1. the method for Radio Access Controller Collective qualification under a local forward mode, wherein,
WAP (wireless access point) (AP) will send to Radio Access Controller (AC) after will being encapsulated as wireless access point control configuration protocol (CAPWAP) message from the Extensible Authentication Protocol message that wireless user (STA) receives;
Described AC parses the Extensible Authentication Protocol message and is converted to remote authentication dial-in user service (RADIUS) message and is sent to certificate server from described CAPWAP message after described AP receives the CAPWAP message, be sent to described AP after the RADIUS message that described certificate server is returned is converted to the Extensible Authentication Protocol message and is encapsulated as the CAPWAP message;
Described AP parses the Extensible Authentication Protocol message and is sent to described STA from described CAPWAP message after described AC receives the CAPWAP message.
2. the method for claim 1, is characterized in that,
Carry out the process of key agreement between described STA and described AC in, described AC will need to be sent to described AP after the key agreement Extensible Authentication Protocol message that described STA sends is encapsulated as the CAPWAP message;
The CAPWAP packet parsing that described AP will receive from described AC is to be sent to described STA after key agreement Extensible Authentication Protocol message, and sends to described AC after will being encapsulated as the CAPWAP message from the key agreement Extensible Authentication Protocol message that described STA receives.
3. method as claimed in claim 1 or 2, is characterized in that,
The mode that the Extensible Authentication Protocol message is encapsulated as the CAPWAP message is in the privately owned extensible element of manufacturer that described Extensible Authentication Protocol message is encapsulated into the CAPWAP message.
4. the system of Radio Access Controller Collective qualification under a local forward mode, wherein,
Comprise WAP (wireless access point) (AP), Radio Access Controller (AC), certificate server;
Described AP sends to Radio Access Controller (AC) after being used for being encapsulated as wireless access point control configuration protocol (CAPWAP) message from the Extensible Authentication Protocol message that wireless user (STA) receives; Also be used for parsing the Extensible Authentication Protocol message and being sent to described STA from described CAPWAP message after described AC receives the CAPWAP message;
Described AC, be used for being sent to certificate server from parsing the Extensible Authentication Protocol message and be converted to remote authentication dial-in user service (RADIUS) message from described CAPWAP message after described AP receiving the CAPWAP message, be sent to described AP after the RADIUS message that described certificate server is returned is converted to the Extensible Authentication Protocol message and is encapsulated as the CAPWAP message.
5. system as claimed in claim 4, is characterized in that,
Described AC also is used for needing to be sent to described AP after the key agreement Extensible Authentication Protocol message that described STA sends is encapsulated as the CAPWAP message;
Described AP, the CAPWAP packet parsing that also is used for receiving from described AC is to be sent to described STA after key agreement Extensible Authentication Protocol message, and sends to described AC after will being encapsulated as the CAPWAP message from the key agreement Extensible Authentication Protocol message that described STA receives.
6. system as described in claim 4 or 5, is characterized in that,
Described AP or described AC also are used for the privately owned extensible element of manufacturer that described Extensible Authentication Protocol message is encapsulated into the CAPWAP message.
7. a WAP (wireless access point) (AP), wherein, comprise the message modular converter;
Described message modular converter sends to Radio Access Controller (AC) after being used for being encapsulated as wireless access point control configuration protocol (CAPWAP) message from the Extensible Authentication Protocol message that wireless user (STA) receives; Also be used for parsing the Extensible Authentication Protocol message and being sent to wireless user (STA) from described CAPWAP message after described AC receives the CAPWAP message.
8. AP as claimed in claim 7, is characterized in that,
Described message modular converter, the CAPWAP packet parsing that also is used for receiving from described AC is to be sent to described STA after key agreement Extensible Authentication Protocol message, and sends to described AC after will being encapsulated as the CAPWAP message from the key agreement Extensible Authentication Protocol message that described STA receives.
9. a Radio Access Controller (AC), wherein, comprise the message modular converter;
Described message modular converter, be used for being sent to certificate server from parsing the Extensible Authentication Protocol message and be converted to remote authentication dial-in user service (RADIUS) message from described CAPWAP message after described AP receiving the CAPWAP message, be sent to described AP after the RADIUS message that described certificate server is returned is converted to the Extensible Authentication Protocol message and is encapsulated as the CAPWAP message.
10. AC as claimed in claim 9, is characterized in that,
Described message modular converter also is used for needing to be sent to described AP after the key agreement Extensible Authentication Protocol message that described STA sends is encapsulated as the CAPWAP message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104243329A CN103167493A (en) | 2011-12-16 | 2011-12-16 | Method and system for wireless access controller concentrating identification under local transmitting mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104243329A CN103167493A (en) | 2011-12-16 | 2011-12-16 | Method and system for wireless access controller concentrating identification under local transmitting mode |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103167493A true CN103167493A (en) | 2013-06-19 |
Family
ID=48590151
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011104243329A Pending CN103167493A (en) | 2011-12-16 | 2011-12-16 | Method and system for wireless access controller concentrating identification under local transmitting mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103167493A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105847223A (en) * | 2015-01-15 | 2016-08-10 | 杭州华三通信技术有限公司 | Authentication method and device of terminal device |
| CN107911276A (en) * | 2017-12-27 | 2018-04-13 | 迈普通信技术股份有限公司 | Request responding method, wireless controller, wireless access point and request response system |
| CN108011742A (en) * | 2017-02-17 | 2018-05-08 | 湖北亘华工科有限公司 | A kind of WLAN data concentrates the device and method that forwarding switching locally forwards |
| CN108601022A (en) * | 2018-03-30 | 2018-09-28 | 新华三技术有限公司 | A kind of gate verification method and device |
| CN111510915A (en) * | 2020-03-23 | 2020-08-07 | 沈阳通用软件有限公司 | Universal extended authentication method under wireless access environment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008034357A1 (en) * | 2006-09-20 | 2008-03-27 | Huawei Technologies Co., Ltd. | Method and system for capwap intradomain authentication using 802.11r |
| CN102196417A (en) * | 2010-03-16 | 2011-09-21 | 杭州华三通信技术有限公司 | User-side equipment, control equipment and method for positioning user-side equipment |
| CN102281594A (en) * | 2011-09-06 | 2011-12-14 | 华为技术有限公司 | Message forwarding method, wireless access point (AP) and message forwarding system |
-
2011
- 2011-12-16 CN CN2011104243329A patent/CN103167493A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008034357A1 (en) * | 2006-09-20 | 2008-03-27 | Huawei Technologies Co., Ltd. | Method and system for capwap intradomain authentication using 802.11r |
| CN102196417A (en) * | 2010-03-16 | 2011-09-21 | 杭州华三通信技术有限公司 | User-side equipment, control equipment and method for positioning user-side equipment |
| CN102281594A (en) * | 2011-09-06 | 2011-12-14 | 华为技术有限公司 | Message forwarding method, wireless access point (AP) and message forwarding system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105847223A (en) * | 2015-01-15 | 2016-08-10 | 杭州华三通信技术有限公司 | Authentication method and device of terminal device |
| CN108011742A (en) * | 2017-02-17 | 2018-05-08 | 湖北亘华工科有限公司 | A kind of WLAN data concentrates the device and method that forwarding switching locally forwards |
| CN107911276A (en) * | 2017-12-27 | 2018-04-13 | 迈普通信技术股份有限公司 | Request responding method, wireless controller, wireless access point and request response system |
| CN107911276B (en) * | 2017-12-27 | 2020-08-07 | 迈普通信技术股份有限公司 | Request response method, wireless controller, wireless access point and request response system |
| CN108601022A (en) * | 2018-03-30 | 2018-09-28 | 新华三技术有限公司 | A kind of gate verification method and device |
| CN108601022B (en) * | 2018-03-30 | 2021-05-14 | 新华三技术有限公司 | Portal authentication method and device |
| CN111510915A (en) * | 2020-03-23 | 2020-08-07 | 沈阳通用软件有限公司 | Universal extended authentication method under wireless access environment |
| CN111510915B (en) * | 2020-03-23 | 2023-12-05 | 三六零数字安全科技集团有限公司 | Universal expansion authentication method in wireless access environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101500229B (en) | Method for establishing security association and communication network system | |
| CN108848112B (en) | Cut-in method, equipment and the system of user equipment (UE) | |
| EP1972125B1 (en) | Apparatus and method for protection of management frames | |
| AU2003243680B2 (en) | Key generation in a communication system | |
| KR101002799B1 (en) | mobile telecommunication network and method for authentication of mobile node in mobile telecommunication network | |
| KR101582502B1 (en) | Systems and methods for authentication | |
| JP2010503326A5 (en) | Security authentication and key management method in infrastructure-based wireless multi-hop network | |
| US20130091556A1 (en) | Method for establishing a secure and authorized connection between a smart card and a device in a network | |
| MX2009002507A (en) | Security authentication and key management within an infrastructure-based wireless multi-hop network. | |
| CN101931955A (en) | Authentication method, device and system | |
| CN106921965A (en) | A kind of method that EAP authentication is realized in wlan network | |
| US20200162904A1 (en) | Cryptographic security in multi-access point networks | |
| CN102223634A (en) | Method and device for controlling mode of accessing user terminal into Internet | |
| CN100334850C (en) | A method for implementing access authentication of wireless local area network | |
| CN102026192B (en) | Mobile backhaul network certificate distributing method and system | |
| CN103167493A (en) | Method and system for wireless access controller concentrating identification under local transmitting mode | |
| KR101718096B1 (en) | Method and system for authenticating in wireless communication system | |
| US20120017080A1 (en) | Method for establishing safe association among wapi stations in ad-hoc network | |
| CN106304400B (en) | The IP address distribution method and system of wireless network | |
| US9532218B2 (en) | Implementing a security association during the attachment of a terminal to an access network | |
| WO2010124569A1 (en) | Method and system for user access control | |
| CN101646171B (en) | Method for realizing integration of WAPI and CAPWAP by separation MAC mode | |
| CN103139770B (en) | The method and system of pairwise master key is transmitted in WLAN access network | |
| CN103200004B (en) | Send the method for message, the method for establishing secure connection, access point and work station | |
| CN110226319A (en) | Method and apparatus for the parameter exchange during promptly accessing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130619 |