CN103179223A - Method, device and system for assigning IP (Internet Protocol) address in wireless LAN (Local Area Network) - Google Patents

Method, device and system for assigning IP (Internet Protocol) address in wireless LAN (Local Area Network) Download PDF

Info

Publication number
CN103179223A
CN103179223A CN2011104409790A CN201110440979A CN103179223A CN 103179223 A CN103179223 A CN 103179223A CN 2011104409790 A CN2011104409790 A CN 2011104409790A CN 201110440979 A CN201110440979 A CN 201110440979A CN 103179223 A CN103179223 A CN 103179223A
Authority
CN
China
Prior art keywords
ip address
ap
dhcp server
threshold value
determining
Prior art date
Application number
CN2011104409790A
Other languages
Chinese (zh)
Other versions
CN103179223B (en
Inventor
宁建创
李悦
莫晓斌
袁兵
陈励锋
何秋萍
Original Assignee
中国移动通信集团广西有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信集团广西有限公司 filed Critical 中国移动通信集团广西有限公司
Priority to CN201110440979.0A priority Critical patent/CN103179223B/en
Publication of CN103179223A publication Critical patent/CN103179223A/en
Application granted granted Critical
Publication of CN103179223B publication Critical patent/CN103179223B/en

Links

Abstract

The invention discloses a method, device and system for assigning an IP (Internet Protocol) address in a wireless LAN (Local Area Network). The method mainly comprises the steps of: after receiving an IP address assignment request sent by an AP (Access Point), determining a utilization rate of a current IP address of a DHCP (Dynamic Host Configuration Protocol) server, and then taking a strict IP address assignment strategy which matches the current utilization rate. Therefore, the method, device and system for assigning the IP address in the wireless LAN can prevent the DHCP server from being subjected to flooding attack, and reduce malicious consumption of IP addresses in the DHCP server.

Description

—种无线局域网中分配IP地址的方法、设备和系统 - The method of allocating an IP address in the wireless LAN types, devices and systems

技术领域 FIELD

[0001] 本发明涉及无线通信领域,尤其涉及一种无线局域网中分配IP地址的方法、设备和系统。 [0001] The present invention relates to wireless communications, and in particular relates to a method of allocating an IP address in a wireless local area network, devices and systems.

背景技术 Background technique

[0002] DHCP (Dynamic Configuration Protocol,动态主机设置协议)是局域网中的一种网络协议,用于给内部网络或者网络服务器供应商自动分配IP(Internet Protocol,网络之间互联协议)地址给终端。 [0002] DHCP (Dynamic Configuration Protocol, Dynamic Host Configuration Protocol) network is a LAN protocol for a network to the internal network or server provider automatically assign (interconnection agreement between the Internet Protocol, network) IP address of the terminal.

[0003] 由于现在的IP地址资源有限,宽带接入运营商不能做到给每个报装宽带的终端都分配一个固定的IP地址,而两台连接到互联网上的电脑相互之间通信,必须有各自的IP地址,所以要采用DHCP协议方式对上网的终端进行临时的地址分配,也就是当终端与互联网接通之前,需要DHCP服务器从IP地址资源池中临时为终端分配一个IP地址,如图1所示,终端获取DHCP服务器为其分配的IP地址的方法包括以下步骤: [0003] Due to the limited current IP address resources, can not do broadband access provider to a terminal of each packet Zhuangkuan Dai assigned a fixed IP address, and two connected to each other computer on the Internet communication, but must have their own IP address, the DHCP protocol to be used in the embodiment of the terminal temporary Internet address assignment, that is, when the Internet before the terminal is turned on, the DHCP server need a temporary IP address assigned to the terminal IP address from a pool of resources, such as As shown in FIG terminal obtains the DHCP server to assign the IP address of a method comprising the steps of:

[0004] 步骤101:终端向无线局域网的AP(ACCeSS Point,接入点)发送接入无线局域网请求。 [0004] Step 101: the wireless LAN terminal transmits an access request to the wireless LAN AP (ACCeSS Point, an access point).

[0005] 步骤102:AP接收到终端的接入无线局域网请求后,通过SWTCH(交换机)向DHCP服务器发送IP地址分配请求。 [0005] Step 102: the AP receives the request wireless LAN access terminal, transmits the IP address allocation request to the DHCP server SWTCH (switch).

[0006] 步骤103 =DHCP服务器接收到所述IP地址分配请求后,从本地IP资源池中选择一个可用的IP地址,作为为该终端分配一个临时IP地址,并将该临时IP地址、AC (AccessControl,接入控制设备)地址列表等配置信息发送至AP。 After [0006] Step 103 = DHCP server receives the IP address assignment request, it assigns a temporary IP address as a terminal for selecting from a local IP resource pool available IP addresses, and the temporary IP address, the AC ( AccessControl, the access control apparatus) and other configuration information address list to the AP.

[0007] 步骤104:AP接收到DHCP服务器发送的配置信息后,选择合适的AC,将接入无线局域网请求转发至AC。 [0007] Step 104: After receiving the configuration information of AP sent by the DHCP server, select the appropriate AC, will forward the request to access the wireless LAN AC.

[0008] 步骤105:终端通过DHCP服务器分配的IP地址与互联网接通。 [0008] Step 105: IP Internet address assigned to the terminal by a DHCP server is turned on.

[0009] 在本步骤105中,portal服务器根据终端的IP地址,向终端反馈web认证页面,并将终端上报的认证信息发送给Radius服务器进行认证,在认证通过后,终端可接入Internet进行计费上网。 [0009] In this step 105, portal server according to the IP address of the terminal, the terminal feedback to the authentication web page, and sends the authentication information reported by the terminal to a Radius authentication server, after the authentication, the terminal can access the Internet for the count Internet fee.

[0010] 当终端和互联网断开时,终端释放所分配的IP地址,该IP地址成为DHCP服务器的IP资源池中可用的IP地址,可有效节约IP地址,在保证终端和互联网接通的需求,也提高了IP地址的使用效率。 [0010] When the terminal and the Internet is disconnected, the terminal releases the assigned IP address, the IP address of the DHCP server IP resource becomes available in a pool of IP addresses, which can effectively save the IP address to the Internet and to ensure that the terminal is turned on demand , but also more efficient use of IP addresses.

[0011] 上述基于DHCP协议为终端分配IP地址的方式在为终端带来上网便利的同时,也存在了一定的安全隐患。 [0011] The IP address assigned to the DHCP protocol-based terminal mode at the same time as the end to bring the convenience of the Internet, there is a certain security risk. 在无线局域网环境中,终端可以以伪造大量的客户端,通过AP向DHCP服务器发送租用IP地址的请求,使得短时间内消耗DHCP服务器IP资源池中大量的IP资源,进而导致合法终端在向DHCP服务器请求分配IP请求时,DHCP服务器没有可用的IP地址分配给合法终端,这样就构成了恶意终端对DHCP的泛洪攻击,导致合法终端无法通过无线局域网成功接入互联网。 In a wireless LAN environment, the terminal can forge a large number of clients, sending an IP address lease request to the DHCP server through the AP, so that the DHCP server IP resources consumed in a short time a large number of IP resource pool, which led to the legitimate DHCP terminal when the server requests the request to assign IP, DHCP server is not available IP address assigned to the legitimate end, this constitutes a malicious end-to-flooding attacks DHCP, the terminal can not successfully lead to lawful access to the Internet via a wireless LAN.

[0012] 对此,目前业界提出了一种通过限制可向交换机发起IP地址分配请求的MAC (Media Access Control,媒体接入控制)地址数目的方式,来防止终端恶意伪造MAC地址进而请求DHCP服务器分配IP地址,但是,上述限制MAC地址数目的方式局限于有线网环境,而不一定适用于无线局域网的网络环境,且这种强制限制MAC地址数目的方式无法动态适应网络环境的变化,可能影响终端的正常访问请求。 [0012] In this regard, the industry proposed may initiate an IP address allocation request MAC (Media Access Control, media access control) address number to the switch by way of limitation, to prevent malicious falsification terminal MAC address request to the DHCP server further assign an IP address, however, limit the number of MAC addresses of the above-described manner limited to a wired network environment, and not necessarily applicable to wireless LAN network environment, and this forced to limit the number of MAC address mode can not dynamically adapt to changes in the network environment that may affect normal access request of the terminal.

发明内容 SUMMARY

[0013] 本发明的实施例提供了一种无线局域网中分配IP地址的方法、设备和系统,用于解决如何防止恶意终端对DHCP的泛洪攻击,使得合法终端无法正常获取IP地址,引起合法终端通过无线局域网无法接入互联网的问题。 [0013] Embodiments of the present invention provides a method of allocating an IP address in a wireless local area network, apparatus and system for solving how to prevent a malicious terminal DHCP flooding attack, so that the terminal can not obtain an IP address legitimate normal, causing legitimate wireless LAN terminal problem can not access the Internet via.

[0014] 一种无线局域网中分配IP地址的方法,该方法包括: [0014] The method of allocating an IP address in a wireless local area network, the method comprising:

[0015] 在接收到接入点AP发送的IP地址分配请求后,确定动态主机设置协议DHCP服务器中当前IP地址的使用率; [0015] Upon receiving the IP address of the access point AP transmits an allocation request, to determine a dynamic host configuration protocol DHCP server's current IP address usage;

[0016] 根据确定的所述使用率对应的IP地址分配策略进行IP地址的分配操作。 [0016] The IP address of the dispensing operation according to the usage rate corresponding to the determined IP address allocation.

[0017] 一种无线局域网中分配IP地址的设备,该设备包括: [0017] allocating an IP address in a wireless local area network, the apparatus comprising:

[0018] 接收模块,用于接收接入点AP发送的IP地址分配请求; [0018] The receiving module receives the IP address for the access point AP transmits an allocation request;

[0019] 确定模块,用于确定动态主机设置协议DHCP服务器中当前IP地址的使用率; [0019] determining means for determining a dynamic host configuration protocol DHCP server's current IP address usage;

[0020] IP地址分配模块,用于根据确定的所述使用率对应的IP地址分配策略进行IP地址的分配。 [0020] IP address assignment module for assigning an IP address according to the usage rate corresponding to the determined IP address allocation policy.

[0021] 一种无线局域网中分配IP地址的系统,该系统包括: [0021] A method for allocating an IP address in the wireless LAN system, the system comprising:

[0022] 接入点AP,用于发送IP地址分配请求,并接收分配的IP地址; [0022] the AP access point, for transmitting an IP address assignment request, and receives the allocated IP address;

[0023] 分配IP地址设备,用于在接收到AP发送的IP地址分配请求后,确定动态主机设置协议DHCP服务器中当前IP地址的使用率,根据确定的所述使用率对应的IP地址分配策略进行IP地址的分配操作。 [0023] device to assign IP addresses for an IP address after receiving the assignment request sent by the AP, determining a dynamic host configuration protocol DHCP server IP address of the current usage rate, based on said usage allocation policy corresponding to the determined IP address IP address allocation operation.

[0024] 本发明有益效果如下: [0024] Advantageous effects of the present invention are as follows:

[0025] 本发明实施例通过确定当前DHCP服务器中IP地址的使用率,采取与当前的使用率相匹配的严格的IP地址分配策略,这样就可以避免DHCP服务器受到泛红攻击,减少DHCP服务器中IP地址被恶意消耗。 Example [0025] The present invention, by determining the current utilization of the DHCP server IP address, the IP address of strict usage matches the current allocation policy, so that the DHCP server can be avoided by redness attack, reducing the DHCP server IP addresses are malicious consumption.

附图说明 BRIEF DESCRIPTION

[0026] 图1为终端获取DHCP服务器为其分配的IP地址的方法的示意图; Schematic [0026] FIG. 1 is a DHCP server to allocate the terminal obtains the IP address of the method;

[0027] 图2为本实施例一的一种无线局域网中分配IP地址的方法流程图; The method of allocating an IP address according to a flowchart of wireless local area network [0027] FIG. 2 of the present embodiment;

[0028] 图3为本实施例二的一种无线局域网中分配IP地址的方法流程图; The method of allocating an IP address of a wireless LAN in Example II flowchart [0028] The present embodiment 3;

[0029] 图4为本实施例三的一种无线局域网中分配IP地址的设备结构示意图; [0029] FIG. 4 is a schematic structure of an IP address allocation apparatus of a wireless LAN three embodiments of the present embodiment;

[0030] 图5为无线局域网中分配IP地址的设备为DHCP服务器中的逻辑部件的结构示意图; [0030] FIG. 5 device IP address assigned to the WLAN logic schematic structural member as DHCP server;

[0031] 图6为本实施例四的一种无线局域网中分配IP地址的系统结构示意图。 [0031] FIG. 6 is a schematic structural diagram of a system assigns an IP address according to a fourth embodiment of the wireless local area network.

具体实施方式 Detailed ways

[0032] 下面结合说明书附图对本发明实施例进行详细说明。 [0032] The following description in conjunction with the accompanying drawings of the embodiments of the present invention will be described in detail. [0033] 实施例一: [0033] Example a:

[0034] 如图2所示,为本实施例一的一种无线局域网中分配IP地址的方法流程图,该方法包括: [0034] 2, the method of allocating an IP address according to a flow chart of the wireless local area network in the present embodiment, the method comprising:

[0035] 步骤201:在接收到AP发送的IP地址分配请求后,确定DHCP服务器中当前IP地址的使用率。 [0035] Step 201: After receiving the IP address allocation request sent by the AP, DHCP server determines the current IP address usage.

[0036] 为了确保DHCP服务器的IP资源池内可用IP地址不被恶意终端消耗,在接收到AP发送的IP地址分配请求时,通过判断DHCP服务器中当前IP地址的使用率(即已经分配给AP的IP地址数量占DHCP服务器的IP资源池中IP地址总数量的比值),来表示当前DHCP服务器中剩余的可用IP地址的数量,为是否采取严格的IP地址分配策略提供依据。 [0036] In order to ensure that the DHCP server IP resource pool of available IP addresses is not consumed malicious terminal, upon receiving the IP address allocation request sent by the AP, (i.e., to the AP has been assigned by the DHCP server determines the IP address of the current usage the number of IP addresses accounting for DHCP server IP IP resource pool ratio of the total number of addresses) to indicate the current number of remaining available DHCP server IP address, provide the basis for whether to take strict IP address allocation policy.

[0037] 在本步骤201中,确定DHCP服务器中当前IP地址的使用率的方式是多种的,可以通过实时监控DHCP服务器分配出的IP地址的数量和终端释放的IP地址的数量,确定出接收到AP发送的IP地址分配请求时,DHCP服务器中IP地址被使用的数量,也可以通过和DHCP服务器之间的信令交互,取得DHCP服务器中当前IP地址的使用率,在这里不做具体限制。 [0037] In this step 201, it is determined by the number of number of IP addresses DHCP server and the terminal IP-address of the current usage is more, may be assigned by the DHCP server IP address real-time monitoring of release, is determined receiving the IP address allocation request sent by the AP, the number of the DHCP server IP address is used, may be adopted and the signaling interaction between the DHCP server, the DHCP server to obtain the current IP address usage, where not specifically limit.

[0038] 步骤202:根据确定的所述使用率对应的IP地址分配策略进行IP地址的分配操作。 [0038] Step 202: the dispensing operation according to the IP address of the IP address allocation policy corresponding to the determined usage.

[0039] 具体地,根据确定的所述使用率的大小,确定不同的IP地址分配策略,其中,所述使用率越大,IP分配策略越严格。 [0039] Specifically, the usage rate is determined according to the size of the determined different IP address allocation policy, wherein, the greater the usage rate, the more stringent IP assignment policy. 根据确定的所述使用率对应的IP地址分配策略进行IP地址分配的步骤具体包括: IP address allocation step is carried out according to the usage rate corresponding to the determined IP address allocation strategy comprises:

[0040] 步骤2021:判断所述使用率是否大于第一阈值且小于第二阈值,若否,则执行步骤2023 ;若是,则执行步骤2022。 [0040] Step 2021: determining whether the usage rate is greater than a first threshold and less than the second threshold value, and if not, step 2023 is performed; if yes, step 2022 is performed.

[0041] 所述第一阈值表示DHCP服务器中IP地址的使用率达到较高值的分界线,该第一阈值的取值大小可根据实际的网络环境或经验值设置,例如,当前处于网络使用高峰的时间段内时,可设置相对较大的第一阈值,如设置为70% ;当前处于网络使用低谷的时间段内时,可设置相对较小的第一阈值,如设置为40%。 [0041] The first threshold value represents the IP address of DHCP server usage reaches the boundary of the higher value, the value of the magnitude of the first threshold according to actual network environments or experience value, e.g., the network currently in use when the peak period may be set relatively larger first threshold value, a setting of 70%; used in the current time period trough network, it may be disposed a relatively smaller first threshold value, a setting of 40%.

[0042] 当使用率大于第一阈值时,可表示当前DHCP服务器的IP资源池中IP地址的数量已经大量被使用,可用的IP地址数量有限,一旦有恶意终端发起大量的IP地址分配请求,短时间内将导致DHCP服务器的IP资源池中可用的IP地址被大量消耗,进而影响合法终端获取IP地址,因此,需要对可用的IP地址采取严格的IP地址分配策略。 [0042] When the usage rate is greater than a first threshold value, may represent the current number of IP resource pool of the DHCP server IP address has been used a lot, the limited number of IP addresses available, once a large number of terminal initiates a malicious IP address allocation request, short period of time will result in the DHCP server IP resource pool of available IP addresses are a lot of consumption, thereby affecting legitimate terminal obtains the IP address, therefore, you need to take strict IP addresses available IP address allocation policy.

[0043] 所述第二阈值表示DHCP服务器中IP地址的使用率达到更高值的分界线,所述第二阈值大于第一阈值。 [0043] The second threshold value represents the IP address of the DHCP server usage reaches the boundary value is higher, the second threshold value is greater than a first threshold value.

[0044] 步骤2022:判断AP在相邻的前N次发送IP地址分配请求后,是否获得分配的IP地址,若否,则执行步骤203 ;否则,执行步骤204。 [0044] Step 2022: after determining the AP transmits an IP address assignment request adjacent N times before, whether the assigned IP address is obtained, and if not, proceed to step 203; otherwise, step 204 is performed.

[0045] 由于当前已确定IP资源池中IP地址的数量已经大量被使用,需要采取严格的IP地址分配策略,因此,在本步骤2022中,要求AP多次发起IP地址分配请求后,才允许向AP分配一次IP地址,以此限制AP获取IP地址的数量。 After the [0045] Since the current has been determined that the number of IP resources, IP address pool has been used a lot, you need to take strict IP address allocation strategy, therefore, in this step 2022, the AP needs to initiate multiple IP address allocation request, allowed assign one IP address to the AP, in order to limit the number of AP to obtain IP addresses.

[0046] 本步骤2022中涉及的N为正整数,N值的大小根据网络实际的情况确定,N值越大,表示对AP获取IP地址的限制越严格。 [0046] In this step 2022 involves N is a positive integer, the value of N is determined according to the size of the actual condition of the network, the larger the value of N, the more severe restrictions on the AP to obtain the IP address. 例如,所述N可取值为2,表示在接收到本次AP发送的IP地址分配请求时,需要判断是否上一次以及上上次发送的IP地址分配请求分配过IP地址,若已经分配,则本次接收到的IP地址分配请求将不予分配IP地址,否则,为本次接收到的IP地址分配请求分配IP地址。 For example, the 2 N possible values, represented upon receiving this IP address allocation request sent by the AP, determines whether or not the required time and the IP address transmitted on the last allocation request through the IP address allocation, if already allocated, the IP address assignment request is received at this time will not assign an IP address, otherwise, the IP address assigned to the received request based sub assign IP addresses.

[0047] 步骤2023:判断所述使用率是否大于第二阈值,若是,则执行步骤2024 ;否则,执行步骤203。 [0047] Step 2023: determining whether the usage rate is greater than a second threshold value, if yes, performing step 2024; otherwise, step 203 is performed.

[0048] 当DHCP服务器中IP地址的使用率达到更高值后,需要对可用的IP地址采取比步骤2022更加严格的IP地址分配策略。 [0048] When the usage DHCP server IP address to a higher value, you need to take more stringent steps than 2022 IP addresses available IP address allocation policy.

[0049] 需要说明的是,本步骤2023是实现本发明目的的优选步骤,若在步骤2021和步骤2022的基础上,当DHCP服务器中IP地址的使用率达到更高值的情况时,将采取的一种更加严格的IP地址分配策略。 [0049] Incidentally, the present step is preferably a step 2023 achieve the object of the present invention, if on the basis of step 2021 and step 2022, the DHCP server when the IP address usage situation reaches higher values ​​will take a more stringent IP address allocation policy.

[0050] 步骤2024:确定当前时刻对应的时间周期,并判断在确定的时间周期内DHCP服务器是否已为该AP分配过M个IP地址,若是,则执行步骤204,否则,执行步骤2025。 [0050] Step 2024: determining a time period corresponding to the current time, and determines in the time period determined whether the M DHCP server IP address for the AP has been assigned over, if yes, step 204 is performed, otherwise, step 2025.

[0051] 所述M为正整数,且M的取值可随着使用率的增大而减小。 [0051] M is a positive integer, and the value of M may be as usage increases.

[0052] 所述时间周期是从DHCP服务器的IP地址使用率大于第二阈值起,以设定的周期时长划分的时间周期;由于在DHCP服务器的IP地址使用率大于第二阈值后,通过该时间周期限制AP获得的IP地址的数量,且若使用率继续逐渐增大时,该DHCP服务器中IP地址可用数量非常少,出现紧急状态,因此,可在使用率的增大的情况下增大设定的周期时长。 [0052] The time period from the DHCP server IP address usage is greater than a second threshold value since, at a predetermined cycle during a long period of time divided; since the DHCP server IP address usage is greater than a second threshold value, by which limit the number of time periods to obtain the IP address of the AP, and if the continued usage is gradually increased, the DHCP server IP addresses available a very small number, state of emergency, therefore, can be increased in the case of an increased utilization long set period.

[0053] 例如:从tl时刻开始,DHCP服务器的IP资源池内的IP地址使用率大于第二阈值,则在DHCP服务器的IP资源池内的IP地址使用率大于第二阈值的情况下,以T为周期时长,划分得到至少一个时间周期,假设得到2个时间周期,分别为:tl〜t2、t2〜t3。 [0053] For example: the case where the starting time point tl, the IP resource pool of the DHCP server IP address usage is greater than a second threshold value, then the IP address pool usage DHCP server IP resource is greater than a second threshold, T as long periods, obtained by dividing at least one period of time, it is assumed to obtain two time periods, respectively: tl~t2, t2~t3. 若AP在时刻t (对应t2〜t3时间周期)发起IP地址分配请求,则判断从t2到t时间段内是否已向该AP分配过M个IP地址;若是,则需要对该AP分配的IP地址进行限制;否则,可以向该AP分配IP地址。 If the AP at time t (time period corresponding to t2~t3) initiate an IP address allocation request, it is determined whether the time period from t2 to t has the M assigned IP address of the AP through; if yes, the AP need to assign an IP address limit; otherwise, you can assign an IP address to the AP.

[0054] 步骤2025:判断AP在设定时长内发送IP地址分配请求的次数是否达到设定门限值,若是,则执行步骤204 ;否则,执行步骤203。 [0054] Step 2025: Analyzing the AP transmits the IP address assignment request frequency has reached the threshold value is set within a set duration, if yes, execute step 204; otherwise, step 203 is performed.

[0055] 本步骤2025通过计算AP发送IP地址分配请求的速率,来估计AP是否恶意请求分配IP地址,若AP发送IP地址分配请求的速率过高,则可确定当前AP可能是恶意非法请求IP地址。 [0055] Step 2025 of the present transmission rate by calculating the IP address of AP allocation request, it is estimated whether a malicious AP requesting allocation of an IP address, if the IP address of the AP transmission allocation request rate is too high, it may be determined the current AP may be a malicious illegal request IP address.

[0056] 所述设定门限值表示AP发送IP地址分配请求的速率是否过高的分界线,所述设定门限值的大小与DHCP服务器的IP资源池中IP地址的使用率相关。 [0056] represents the set threshold value AP transmits the IP address assignment request rate is too high the dividing line, the setting IP resource usage associated IP address pool size thresholds and DHCP server. 通常,DHCP服务器每秒最多只能同时接收1024个DHCP报文,也就是说在DHCP服务器的IP资源池中IP地址使用率较小时,可以接收AP发送的1024个IP地址分配请求,但是随着DHCP服务器的IP资源池中IP地址使用率的升高,DHCP服务器每秒可接收的报文数目相应减少,因此,使用率越高,设定门限值越小。 Usually, the DHCP server can simultaneously receive up to 1024 per second DHCP message, that is to say when the IP address of the IP resource pool usage DHCP server is small, can receive 1024 IP address assignment request sent by the AP, but with increased utilization resource pool IP IP address of the DHCP server, the DHCP server may be received by a corresponding number of packets per second, reduced, and therefore, the higher the utilization rate, the smaller the threshold is set.

[0057] 例如,在DHCP服务器的IP资源池中IP地址使用率低于第一阈值时,可设置所述设定门限值为1024 ;在DHCP服务器的IP资源池中IP地址使用率大于第一阈值且小于第二阈值时,可设置所述设定门限值=1024* (1-X),所述X为DHCP服务器的IP资源池中IP地址使用率;在DHCP服务器的IP资源池中IP地址使用率大于第二阈值时,也可根据1024*(1-X)公式计算设定门限值,或者是设定一个小于100的数值作为设定门限值。 [0057] For example, when the IP IP address of a resource pool of the DHCP server utilization is below a first threshold, set the threshold value may be set to 1024; the IP IP address of a resource pool of the DHCP server utilization is greater than the first threshold and less than a second threshold, set the threshold value may be set = 1024 * (1-X), the X IP IP address of utilization of the resource pool of the DHCP server; the IP DHCP server resource pool when the IP address usage is greater than a second threshold value, setting the threshold value may also be calculated according to the 1024 * (1-X) formula, or to set a value smaller than the threshold value is set as 100.

[0058] 需要说明的是,步骤2021〜步骤2024是以DHCP服务器的IP资源池中IP地址使用率的高低来确定是否采用严格的IP地址分配策略,步骤2025通过对AP发送IP地址分配请求的速率分析,来确定是否采用严格的IP地址分配策略,本实施例的方案中也不限于先通过对AP发送IP地址分配请求的速率分析来确定是否采用严格的IP地址分配策略,后以DHCP服务器的IP资源池中IP地址使用率的高低来确定是否采用严格的IP地址分配策略。 [0058] It should be noted that the step 2021~ step 2024 IP resource pool based on the IP address of the DHCP server usage level to determine whether to adopt stricter IP address allocation policy, step 2025 by sending IP address assigned to AP requests rate analysis, to determine whether to adopt strict IP address allocation program according to the present embodiment is not limited to the first embodiment determines whether to use the IP address allocation strict rate through the AP sends the IP address allocation request analysis, to the DHCP server the level of IP IP address resource pool usage to determine whether to adopt stricter IP address allocation policy.

[0059] 步骤203:指示DHCP服务器为所述AP分配IP地址,并结束本次IP地址分配过程。 [0059] Step 203: The DHCP server indicates to the AP assigned IP address and IP address assignment ends the process.

[0060] 在本步骤203的方案中,可通过向DHCP服务器发送分配指令,要求DHCP服务器响应本次AP发送的IP地址分配请求,为其分配IP地址。 [0060] In step 203 of the present embodiment, by sending assignment instructions to the DHCP server, the DHCP server requires an IP address assignment request in response to this sent by the AP, assign an IP address.

[0061] 步骤204:指示DHCP服务器拒绝为所述AP分配IP地址,并结束本次IP地址分配过程。 [0061] Step 204: The DHCP server indicating rejection to the AP assigned IP address and IP address assignment ends the process.

[0062] 在本步骤204的方案中,可通过向DHCP服务器发送拒绝分配指令,要求DHCP服务器拒绝响应本次AP发送的IP地址分配请求,不为其分配IP地址,并通过丢弃数据包、发送日志信息或给管理员发邮件的方式进行告警。 [0062] In step 204 of the present embodiment, by sending refusal instruction to the DHCP server, the DHCP server requires an IP address assignment request rejection response is sent by the AP of this, not assign an IP address, and by discarding the packets, transmitted log information to the administrator or e-mail alert manner.

[0063] 通过实施例一的方案,确定DHCP服务器的IP资源池中IP地址的使用率的大小,并根据所述使用率对应的分配IP地址的相应策略,避免了恶意终端利用大量伪造的客户端短时间占用大量IP地址的可能性,进而不仅提高了合法终端获取IP地址的效率,而且维护了无线局域网络的正常运行。 [0063] Example embodiment by a program, to determine the size of the IP resource usage IP address pool of the DHCP server, and IP address allocation strategy according to the corresponding usage rate corresponding to the avoided malicious client terminal using a large number of counterfeit the possibility of a large number of short-term occupancy end IP address, thereby not only improve the legal obtain the IP address of the terminal efficiency, but also maintain the normal operation of the wireless local area network.

[0064] 实施例二: [0064] Example II:

[0065] 本实施例二是以具体实例来对实施例一的方案进行详细描述,如图3所示,为本实施例二的方法的流程示意图,该方法包括: [0065] In the second embodiment are described in detail with specific examples of a protocol Example, 3 a schematic flow chart of the present method shown in Example II embodiment illustrated, the method comprising:

[0066] 步骤301:无线终端向AP发起接入无线局域网的请求。 [0066] Step 301: the wireless terminal initiates a request to access the wireless LAN AP.

[0067] 步骤302:AP在接收到所述接入无线局域网的请求后,通过交换机发送一个报文,其中包含IP地址分配请求。 [0067] Step 302: AP in the wireless LAN after the access request is received, sending a packet through the switch, which contains the IP address assignment request.

[0068] 步骤303:在接收到报文后,根据预先设定的配置信息或者默认端口信息来判断是否为无线设备发来的报文,若是,执行步骤304 ;否则,直接转发。 [0068] Step 303: After receiving the message, a predetermined default configuration information, port information to determine whether the wireless device is sent by a packet according to, if yes, perform step 304; otherwise, straight forward.

[0069] 步骤304:根据控制信道和数据信道来判断报文的类别属于控制报文还是数据报文,若属于控制报文,则直接转发;若属于数据报文,则执行步骤305。 [0069] Step 304: The control channel and the data channel is determined to belong to the category of the packets or the packet data control packet, when the packet belongs to the control, directly forwarding; If it is a data packet, step 305 is performed.

[0070] 步骤305:针对确定出的数据报文,将该数据报文进行解析,解析中其中的DHCP报文和其中的非DHCP报文,将解析出的非DHCP报文,直接转发,将解析出的DHCP报文,执行步骤306。 [0070] Step 305: determining for a data packet, parsing the data packets, wherein the parsing DHCP packets and wherein the non-DHCP message, the DHCP non parsed packet and forwards the parsing the DHCP messages, step 306 is performed.

[0071] 步骤306:解析DHCP报文,确定AP发送的IP地址分配请求。 [0071] Step 306: parsing DHCP packets sent by the AP to determine an IP address allocation request.

[0072] 步骤307:确定DHCP服务器中当前IP地址的使用率,若所述使用率不大于第一阈值,则指示DHCP服务器为所述AP分配IP地址,并执行步骤312 ;否则,执行步骤308。 [0072] Step 307: determining the current utilization of the DHCP server IP address, if the usage rate is not greater than a first threshold value, it indicates that the DHCP server assigns an IP address of the AP, and performs step 312; otherwise, step 308 is executed .

[0073] 步骤308:判断所述使用率是否大于第一阈值且小于第二阈值,若是,执行步骤309 ;若否,则执行步骤310。 [0073] Step 308: determining whether the usage rate is greater than a first threshold and less than the second threshold value, if yes, step 309 is performed; if not, step 310 is performed.

[0074] 步骤309:判断AP在相邻的前N次发送IP地址分配请求后,是否获得分配的IP地址,若没有获得分配的IP地址,则指示DHCP服务器为所述AP分配IP地址,并执行步骤312 ;否则,指示DHCP服务器拒绝为所述AP分配IP地址,并告警。 [0074] Step 309: the AP is determined before and after the N-th adjacent sends the IP address assignment request, whether the assigned IP address is obtained, if there is no assigned IP address is obtained, indicating the DHCP server assigns an IP address of the AP, and performing step 312; otherwise, indicating rejection to the DHCP server assigns an IP address of the AP, and alarms.

[0075] 步骤310:在所述使用率大于第二阈值时,确定当前时刻对应的时间周期,并判断在确定的时间周期内DHCP服务器是否已为该AP分配过M个IP地址,若是,则指示DHCP服务器拒绝为所述AP分配IP地址,并告警,否则,执行步骤311。 [0075] Step 310: when the usage rate is greater than the second threshold value, determining a time period corresponding to the current time, and determines in the time period to determine whether the DHCP server has assigned IP address for the M through the AP, if yes, indicates DHCP server refuses to allocate an IP address of the AP, and the alarm, otherwise, step 311 is executed.

[0076] 步骤311:判断AP在设定时长内发送IP地址分配请求的次数,若所述次数达到设定门限值,则指示DHCP服务器拒绝为所述AP分配IP地址,并告警;否则,指示DHCP服务器为所述AP分配IP地址,并执行步骤312。 [0076] Step 311: determining the number of the AP transmits the IP address assignment request when setting the length, if the number reaches a set threshold value, indicating rejection to the AP DHCP server assigns an IP address, and alarm; otherwise, indicates DHCP server to assign an IP address to the AP, and step 312 is performed.

[0077] 步骤312:AP在获取DHCP服务器为对应无线终端分配的IP地址后,将无线终端请求接入无线局域网的请求消息通过交换机转发至AC。 [0077] Step 312: AP after obtaining a corresponding DHCP server to assign the IP address of the wireless terminal, the wireless terminal requests an access request message is forwarded to the wireless local area network through the AC switch.

[0078] 步骤313:AC通过Portal服务器将Web的认证页面推送至无线终端,并将无线终端上报的认证信息提交至Radius服务器进行认证。 [0078] Step 313: AC Portal server by the Web page authentication push wireless terminal, the wireless terminal will be submitted to the information reported by the Radius authentication server for authentication.

[0079] 步骤314:当Radius服务器对无线终端的身份认证通过时,无线终端将成功利用分配的IP地址接入无线局域网,开始计费上网;否则,返回登录失败消息。 [0079] Step 314: When the Radius authentication server through a wireless terminal, the wireless terminal successfully exploited assigned IP address to access the wireless local area network, the Internet start charging; otherwise, it returns logon failure message.

[0080] 在步骤314中,若接收到返回登录失败消息后,无线终端可以进行重认证,在达到设定的重认证次数后,将被释放该IP地址。 [0080] In step 314, upon receiving the return failed login message, the wireless terminal may be re-authenticated, after reaching the set number of re-authentication, the IP address will be released.

[0081] 实施例三: [0081] Example III:

[0082] 如图4所示,为本实施例三的一种无线局域网中分配IP地址的设备结构示意图,该设备包括:接收模块41、确定模块42和IP地址分配模块43。 [0082] As shown in FIG 4, a schematic structure of an IP address of the device in a wireless LAN according to a third embodiment of the present allocation, the apparatus comprising: a receiving module 41, a determining module 42 and the IP address assignment module 43. 其中, among them,

[0083] 接收模块41,用于接收AP发送的IP地址分配请求;确定模块42,用于确定DHCP服务器中当前IP地址的使用率;IP地址分配模块43,用于根据确定的所述使用率对应的IP地址分配策略进行IP地址的分配。 [0083] 41 is a receiving module, an IP address allocation request sent by the AP to receive; determining module 42, for determining the current utilization of the DHCP server IP address; IP address assignment module 43, according to the usage rate determined the corresponding IP address assignment policies to assign IP addresses.

[0084] 具体地,所述IP地址分配模块43包括:使用率判断子模块44、第一次数判断子模块45和IP地址分配子模块46。 [0084] Specifically, the IP address assignment module 43 comprises: usage determination sub-module 44, a first sub-module 45 determines the number and IP address allocation sub-module 46.

[0085] 使用率判断子模块44,用于判断DHCP服务器中当前IP地址的使用率是否大于第一阈值且小于第二阈值,所述第二阈值大于第一阈值; [0085] 44 utilization determination sub-module, for determining whether the current utilization of the DHCP server IP address is greater than a first threshold value and less than the second threshold value, the second threshold value is greater than a first threshold value;

[0086] 第一次数判断子模块45,用于在当前IP地址的使用率大于第一阈值且小于第二阈值时,判断该AP在相邻的前N次发送的IP地址分配请求后,是否获得分配的IP地址; [0086] determining a first frequency sub-module 45, when the current for the IP address usage is greater than a first threshold value and less than the second threshold value, determining that the AP IP address allocation request from the immediately preceding transmitted N times, whether to obtain an IP address assigned;

[0087] IP地址分配子模块46,用于在第一次数判断模块44的判断结果为是时,指示DHCP服务器为所述AP分配IP地址,否则,指示DHCP服务器拒绝为所述AP分配IP地址。 [0087] IP address allocation sub-module 46 for determining the number of times the determination result of the first module 44 is YES, indicating the DHCP server assigns an IP address of the AP, otherwise, indicating rejection to the AP DHCP server assigns IP address.

[0088] 具体地,所述使用率判断子模块44,还用于判断DHCP服务器中当前IP地址的使用率是否大于第二阈值。 [0088] Specifically, the usage rate determination sub-module 44 is further configured to determine whether the current utilization of the DHCP server IP address than the second threshold value.

[0089] 所述IP地址分配模块43还包括:时间周期确定子模块47和第二次数判断子模块48。 [0089] The IP address assignment module 43 further comprising: determining a time period and a second sub-module 47 determines the number of sub-module 48. 其中, among them,

[0090] 时间周期确定子模块47,用于在当前IP地址的使用率大于第二阈值时,确定当前时刻对应的时间周期,所述时间周期是从DHCP服务器的IP地址使用率大于第二阈值起,以设定的周期时长划分的时间周期; [0090] The time period determination sub-module 47, configured to, when the current IP address usage is greater than a second threshold value, determining the time corresponding to the current time period, said time period is greater than a second threshold value from the utilization of the IP address of the DHCP server since, in order to divide the set long cycle time period;

[0091] 第二次数判断子模块48,用于判断在确定的时间周期内DHCP服务器是否已为该AP分配过M个IP地址,所述M为正整数; [0091] determining a second frequency sub-module 48 for determining the time period to determine whether the M DHCP server IP address for the AP has been assigned over, the M is a positive integer;

[0092] 所述IP地址分配子模块46,还用于在第二次数判断模块48的判断结果为是时,指示DHCP服务器拒绝为所述AP分配IP地址,否则,指示DHCP服务器为所述AP分配IP地址。 [0092] The IP address allocation sub-module 46, for further determination result of the second frequency and the determination module 48 is YES, indicating DHCP server refuses to allocate an IP address of the AP, otherwise, indicating the DHCP server AP assign IP addresses. [0093] 此外,该无线局域网中分配IP地址的设备还包括:发送次数确定模块49和发送次数判断模块50。 [0093] Further, allocation of IP addresses of the wireless LAN device further comprising: determining the number of transmissions and a transmission module 49 determines the number of modules 50. 其中, among them,

[0094] 发送次数确定模块49,用于确定所述AP在设定时长内发送IP地址分配请求的次数; [0094] The transmission number determining module 49, configured to determine the transmission times AP IP address allocation request within the set length;

[0095] 发送次数判断模块50,用于判断所述AP在设定时长内发送IP地址分配请求的次数是否达到设定门限值,所述IP地址的使用率越大,所述设定门限值越小; [0095] The transmission number determining module 50, configured to determine the transmission times AP IP address assignment request has reached the threshold value is set within the set duration, the greater the utilization of the IP address, set the door The smaller the limit;

[0096] 所述IP地址分配子模块46,还用于在所述AP在设定时长内发送IP地址分配请求的次数达到设定门限值时,指示DHCP服务器拒绝为所述AP分配IP地址。 [0096] The IP address allocation sub-module 46, the AP is further configured to send the IP address assignment request frequency within a set duration reaches a set threshold value, indicating rejection to the AP DHCP server allocates IP addresses .

[0097] 该无线局域网中分配IP地址的设备可以是独立的设备,也可以是DHCP服务器中的逻辑部件,如图5所示,为无线局域网中分配IP地址的设备为DHCP服务器中的逻辑部件的结构示意图。 [0097] The IP address assigned to the wireless LAN device may be an independent device, or may be a logical member DHCP server, shown in Figure 5, the IP address assigned to the wireless LAN device is a logical unit in the DHCP server the schematic structure.

[0098] 实施例四: [0098] Example IV:

[0099] 如图6所示,为本实施例四的一种无线局域网中分配IP地址的系统结构示意图,该系统包括=AP 61和分配IP地址设备62。 [0099] As shown in FIG 6, a schematic diagram of a system configuration according to the IP address assigned to a wireless LAN in the present fourth embodiment, the system includes = AP 61 and apparatus 62 assigns an IP address. 其中, among them,

[0100] AP 61,用于发送IP地址分配请求,并接收分配的IP地址; [0100] AP 61, for transmitting the IP address assignment request, and receives an IP address assigned;

[0101] 分配IP地址设备62,用于在接收到AP发送的IP地址分配请求后,确定DHCP服务器中当前IP地址的使用率,根据确定的所述使用率对应的IP地址分配策略进行IP地址的分配。 [0101] IP address allocation device 62, for, after receiving the IP address allocation request sent by the AP to determine the current utilization of the DHCP server IP address allocation strategy according to the usage rate corresponding to the determined IP address of the IP addresses allocation.

[0102] 具体地,所述分配IP地址设备62,具体用于若所述使用率大于第一阈值且小于第二阈值,则判断该AP在相邻的前N次发送IP地址分配请求后,是否获得分配的IP地址,若没有获得分配的IP地址,则指示DHCP服务器为所述AP分配IP地址,否则指示DHCP服务器拒绝为所述AP分配IP地址,所述N为正整数,所述第二阈值大于第一阈值。 [0102] In particular, the dispensing device 62 an IP address, particularly if the usage rate is greater than a first threshold and less than the second threshold value, it is determined that the IP address allocation request sent from the AP before the adjacent N times, whether the assigned IP address is obtained, if there is no assigned IP address is obtained, indicating the DHCP server assigns an IP address to the AP, or indicates that the DHCP server refuses to allocate an IP address of the AP, the N is a positive integer, said first second threshold value is greater than a first threshold value.

[0103] 所述分配IP地址设备62,具体用于若所述使用率大于第二阈值,确定当前时刻对应的时间周期,判断在确定的时间周期内DHCP服务器是否已为该AP分配过M个IP地址,若是,则指示DHCP服务器拒绝为所述AP分配IP地址,否则,指示DHCP服务器为所述AP分配IP地址,其中,所述时间周期是从DHCP服务器的IP地址使用率大于第二阈值起,以设定的周期时长划分的时间周期,所述M为正整数。 [0103] The dispensing device 62 an IP address, particularly if the usage rate is greater than a second threshold, determine a time period corresponding to the current time, is determined in the time period to determine whether the DHCP server has assigned for the AP through the M IP address, and if yes, indicating DHCP server refuses to allocate an IP address of the AP, otherwise, indicating the DHCP server assigns an IP address to the AP, wherein said period of time is greater than a second threshold value from the utilization of the IP address of the DHCP server since, when a long period at a set time period is divided, the M is a positive integer.

[0104] 所述分配IP地址设备62,还用于在确定DHCP服务器中当前IP地址的使用率之后,确定所述AP在设定时长内发送IP地址分配请求的次数,在所述次数达到设定门限值,则指示DHCP服务器拒绝为所述AP分配IP地址,所述IP地址的使用率越大,所述设定门限 [0104] The IP address allocation device 62 is further configured to upon determining the current utilization of the DHCP server IP address, determining the number of times set in the AP transmits the IP address assignment request for a duration of at times reaches the set given threshold, indicating rejection to the AP DHCP server assigns an IP address, the IP address usage is greater, the threshold setting

值越小。 The smaller the value.

[0105] 显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。 [0105] Obviously, those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. 这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 Thus, if these modifications and variations of the present invention fall within the claims of the invention and the scope of equivalents thereof, the present invention intends to include these modifications and variations.

Claims (13)

1.一种无线局域网中分配IP地址的方法,其特征在于,该方法包括: 在接收到接入点AP发送的IP地址分配请求后,确定动态主机设置协议DHCP服务器中当前IP地址的使用率; 根据确定的所述使用率对应的IP地址分配策略进行IP地址的分配操作。 1. The method of allocating an IP address in a wireless local area network, wherein the method comprises: after receiving the IP address allocation request sent by the access point AP, determining a dynamic host configuration protocol DHCP server IP address of the current usage ; IP address of the dispensing operation according to the usage rate corresponding to the determined IP address allocation.
2.如权利要求1所述的方法,其特征在于,根据确定的所述使用率对应的IP地址分配策略进行IP地址的分配操作,具体包括: 若所述使用率大于第一阈值且小于第二阈值,则判断该AP在相邻的前N次发送IP地址分配请求后,是否获得分配的IP地址,所述N为正整数,所述第二阈值大于第一阈值;若没有获得分配的IP地址,则指示DHCP服务器为所述AP分配IP地址; 若获得分配的IP地址,则指示DHCP服务器拒绝为所述AP分配IP地址。 2. The method according to claim 1, wherein the IP address allocation operation according to the usage rate corresponding to the determined IP address allocation strategy comprises: if the usage is greater than a first threshold value and less than the first after the second threshold value, it is determined that the AP sends an IP address assignment request adjacent N times before, whether the assigned IP address is obtained, the N is a positive integer, the second threshold value is greater than a first threshold value; if the allocation is not obtained IP address, the DHCP server indicates the IP address assigned to the AP; if assigned IP address is obtained, indicating the DHCP server refuses to allocate an IP address of the AP.
3.如权利要求1所述的方法,其特征在于,根据确定的所述使用率对应的IP地址分配策略进行IP地址的分配操作,具体包括: 若所述使用率大于第二阈值,则确定当前时刻对应的时间周期,所述时间周期是从DHCP服务器的IP地址使用率大于第二阈值起,以设定的周期时长划分的时间周期; 判断在确定的时间周期内DHCP服务器是否已为该AP分配过M个IP地址,所述M为正整数; 若是,则指示DHCP服务器拒绝为所述AP分配IP地址,否则,指示DHCP服务器为所述AP分配IP地址。 3. The method according to claim 1, wherein the IP address allocation operation according to the usage rate corresponding to the determined IP address allocation strategy comprises: if the usage rate is greater than the second threshold value, it is determined corresponding to the current time period, said time period is greater than the utilization of the IP address from the DHCP server from a second threshold value, when divided at a predetermined cycle time period long; determining whether the time period has been determined for the DHCP server AP IP address assigned through the M, M is a positive integer; and if yes, indicating DHCP server refuses to allocate an IP address of the AP, otherwise, indicating the DHCP server assigns an IP address to the AP.
4.如权利要求3所述的方法,其特征在于,所述设定的周期时长随着使用率的增大而增加。 4. The method according to claim 3, characterized in that the length increases as the usage increases the set period.
5.如权利要求1或2或3所述的方法,其特征在于,所述方法还包括: 确定所述AP在设定时长内发送IP地址分配请求的次数; 在所述次数达到设定门限值时,指示DHCP服务器拒绝为所述AP分配IP地址,所述IP地址的使用率越大,所述设定门限值越小。 5. The method of claim 1 or 2 or as claimed in claim 3, wherein said method further comprises: determining the IP address of the AP transmits assignment request frequency within a set duration; the door reaches a set number of times limit, the DHCP server indicates rejection, the larger is the usage of the AP allocates IP addresses to the IP address, the threshold value is set smaller.
6.一种无线局域网中分配IP地址的设备,其特征在于,该设备包括: 接收模块,用于接收接入点AP发送的IP地址分配请求; 确定模块,用于确定动态主机设置协议DHCP服务器中当前IP地址的使用率; IP地址分配模块,用于根据确定的所述使用率对应的IP地址分配策略进行IP地址的分配。 6. The device IP address assignment in a wireless LAN, wherein, the apparatus comprising: receiving means for receiving an IP address assignment request transmitted from the access point AP; determining means for determining a dynamic host configuration protocol DHCP server current IP address usage; IP address allocation module, for determining usage according to the IP address corresponding to the IP address allocation policy allocation.
7.如权利要求6所述的设备,其特征在于,所述IP地址分配模块包括: 使用率判断子模块,用于判断DHCP服务器中当前IP地址的使用率是否大于第一阈值且小于第二阈值,所述第二阈值大于第一阈值; 第一次数判断子模块,用于在当前IP地址的使用率大于第一阈值且小于第二阈值时,判断该AP在相邻的前N次发送的IP地址分配请求后,是否获得分配的IP地址; IP地址分配子模块,用于在第一次数判断子模块的判断结果为是时,指示DHCP服务器为所述AP分配IP地址,否则,指示DHCP服务器拒绝为所述AP分配IP地址。 7. The apparatus according to claim 6, wherein the IP address assignment module comprising: a usage determining sub-module, for determining whether the current utilization of the DHCP server IP address is greater than a first threshold value and less than a second threshold, the second threshold value is greater than a first threshold value; determining a first frequency sub-module, configured to, when the IP address of the current utilization than the first threshold value and less than the second threshold value, determining that the neighboring AP before N times after the IP address assignment request, whether the assigned IP address is obtained; IP address allocation sub-module, for determining the number of times the determination result of the first sub-module is YES, indicating the AP assigned to the DHCP server IP address, or , indicating rejection of the DHCP server assigns an IP address to AP.
8.如权利要求7所述的设备,其特征在于, 所述使用率判断子模块,还用于判断DHCP服务器中当前IP地址的使用率是否大于第二阈值;所述IP地址分配模块还包括: 时间周期确定子模块,用于在当前IP地址的使用率大于第二阈值时,确定当前时刻对应的时间周期,所述时间周期是从DHCP服务器的IP地址使用率大于第二阈值起,以设定的周期时长划分的时间周期; 第二次数判断子模块,用于判断在确定的时间周期内DHCP服务器是否已为该AP分配过M个IP地址,所述M为正整数; 所述IP地址分配子模块,还用于在第二次数判断模块的判断结果为是时,指示DHCP服务器拒绝为所述AP分配IP地址,否则,指示DHCP服务器为所述AP分配IP地址。 8. The apparatus according to claim 7, wherein said usage determination sub-module is further configured to determine whether the current utilization of the DHCP server IP address is greater than a second threshold value; the IP address assignment module further comprises : from the time period determination sub-module, configured to, when the current IP address usage is greater than a second threshold value, determining the time corresponding to the current time period, said time period is greater than a second threshold value from the utilization of the IP address of the DHCP server to dividing the set long cycle time period; determining a second frequency sub-module, for determining the time period to determine whether the DHCP server IP address assigned through the M for the AP, M is a positive integer; the IP address allocation sub-module, for further determination result of the second frequency and the determining module is yes, indicating DHCP server refuses to allocate an IP address of the AP, otherwise, indicating the DHCP server assigns an IP address to the AP.
9.如权利要求6或7或8所述的设备,其特征在于,该设备还包括: 发送次数确定模块,用于确定所述AP在设定时长内发送IP地址分配请求的次数; 发送次数判断模块,用于判断所述AP在设定时长内发送IP地址分配请求的次数是否达到设定门限值,所述IP地址的使用率越大,所述设定门限值越小; 所述IP地址分配子模块,还用于在所述AP在设定时长内发送IP地址分配请求的次数达到设定门限值时,指示DHCP服务器拒绝为所述AP分配IP地址。 Transmission times; transmitting frequency determining means for determining the number of transmissions of the AP IP address allocation request within the set duration: 9. The apparatus as claimed in claim 6 or 7 or in claim 8, wherein the apparatus further comprises determination means for determining whether the AP reaches the set number of IP address assignment request transmitted within the duration set threshold value, the greater the utilization of the IP address, the smaller the threshold is set; the when said IP address allocation sub-module, the number of the AP is further configured to transmit IP address allocation request within the set duration reaches a set threshold value, indicating rejection to the AP DHCP server allocates IP addresses.
10.如权利要求9所述的设备,其特征在于,所述无线局域网中分配IP地址的设备是DHCP服务器中的设备。 10. The apparatus according to claim 9, wherein the IP address allocation device is a wireless local area network DHCP server device.
11.一种无线局域网中分配IP地址的系统,其特征在于,该系统包括: 接入点AP,用于发送IP地址分配请求,并接收分配的IP地址; 分配IP地址设备,用于在接收到AP发送的IP地址分配请求后,确定动态主机设置协议DHCP服务器中当前IP地址的使用率,根据确定的所述使用率对应的IP地址分配策略进行IP地址的分配。 11. A system IP address allocated wireless LAN, wherein, the system comprising: an access point of the AP, an IP address allocation request for transmitting and receiving an IP address assignment; IP address allocation device for receiving IP address allocation request sent by the AP, the determining a dynamic host configuration protocol DHCP server IP address of the current usage rate, IP addresses are assigned according to the usage rate corresponding to the determined IP address allocation.
12.如权利要求11所述的系统,其特征在于, 所述分配IP地址设备,具体用于若所述使用率大于第一阈值且小于第二阈值,则判断该AP在相邻的前N次发送IP地址分配请求后,是否获得分配的IP地址,若没有获得分配的IP地址,则指示DHCP服务器为所述AP分配IP地址,否则指示DHCP服务器拒绝为所述AP分配IP地址,所述N为正整数,所述第二阈值大于第一阈值。 12. The system according to the AP before the adjacent N claim, characterized in that the dispensing device's IP address, particularly if the usage rate is greater than a first threshold and less than the second threshold value, it is determined after the IP address assignment request transmission times, whether the assigned IP address is obtained, if there is no assigned IP address is obtained, indicating the DHCP server assigns an IP address to the AP, or indicates that the DHCP server refuses to allocate an IP address of the AP, the N is a positive integer, the second threshold value is greater than a first threshold value.
13.如权利要求11所述的系统,其特征在于, 所述分配IP地址设备,具体用于若所述使用率大于第二阈值,确定当前时刻对应的时间周期,判断在确定的时间周期内DHCP服务器是否已为该AP分配过M个IP地址,若是,则指示DHCP服务器拒绝为所述AP分配IP地址,否则,指示DHCP服务器为所述AP分配IP地址,其中,所述时间周期是从DHCP服务器的IP地址使用率大于第二阈值起,以设定的周期时长划分的时间周期,所述M为正整数。 13. The system according to claim 11, characterized in that the dispensing device's IP address, particularly if the usage rate is greater than a second threshold, determine a time period corresponding to the current time, it is determined within a certain period of time whether the DHCP server has assigned IP addresses through M for AP, and if yes, indicating DHCP server refuses to allocate an IP address of the AP, otherwise, indicating the DHCP server assigns an IP address of the AP, wherein the time period is from DHCP server IP address usage is greater than a second threshold value since, at a predetermined cycle during a long period of time divided by said M is a positive integer.
CN201110440979.0A 2011-12-26 2011-12-26 Ip address allocation method in a wireless local area network, the equipment and systems CN103179223B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110440979.0A CN103179223B (en) 2011-12-26 2011-12-26 Ip address allocation method in a wireless local area network, the equipment and systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110440979.0A CN103179223B (en) 2011-12-26 2011-12-26 Ip address allocation method in a wireless local area network, the equipment and systems

Publications (2)

Publication Number Publication Date
CN103179223A true CN103179223A (en) 2013-06-26
CN103179223B CN103179223B (en) 2016-04-27

Family

ID=48638841

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110440979.0A CN103179223B (en) 2011-12-26 2011-12-26 Ip address allocation method in a wireless local area network, the equipment and systems

Country Status (1)

Country Link
CN (1) CN103179223B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105306617A (en) * 2015-09-22 2016-02-03 广州昂宝电子有限公司 Method and network equipment for allocating network addresses
CN105791238A (en) * 2014-12-24 2016-07-20 天津诸子科技有限公司 Method for preventing DHCP flooding attacks of wireless local area network
CN105959282A (en) * 2016-04-28 2016-09-21 杭州迪普科技有限公司 Protection method and device for DHCP attack

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050097223A1 (en) * 2003-10-31 2005-05-05 Naiming Shen Use of IP address blocks with default interfaces in a router
CN1992736A (en) * 2005-12-30 2007-07-04 西门子(中国)有限公司 IP address distribution method and use thereof
CN101674338A (en) * 2009-10-16 2010-03-17 福建星网锐捷网络有限公司 Recovering method of IP address and DHCP server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050097223A1 (en) * 2003-10-31 2005-05-05 Naiming Shen Use of IP address blocks with default interfaces in a router
CN1992736A (en) * 2005-12-30 2007-07-04 西门子(中国)有限公司 IP address distribution method and use thereof
CN101674338A (en) * 2009-10-16 2010-03-17 福建星网锐捷网络有限公司 Recovering method of IP address and DHCP server

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105791238A (en) * 2014-12-24 2016-07-20 天津诸子科技有限公司 Method for preventing DHCP flooding attacks of wireless local area network
CN105306617A (en) * 2015-09-22 2016-02-03 广州昂宝电子有限公司 Method and network equipment for allocating network addresses
CN105959282A (en) * 2016-04-28 2016-09-21 杭州迪普科技有限公司 Protection method and device for DHCP attack
US10148676B2 (en) 2016-04-28 2018-12-04 Hangzhou Dptech Technologies Co., Ltd. Method and device for defending DHCP attack

Also Published As

Publication number Publication date
CN103179223B (en) 2016-04-27

Similar Documents

Publication Publication Date Title
Cheng et al. Automating cross-layer diagnosis of enterprise wireless networks
CN101019405B (en) Method and system for mitigating denial of service in a communication network
EP2469779A1 (en) Parameterized quality of service in a network
JP2009544259A (en) Method and apparatus for policy enforcement in a wireless communication system
CN1992736A (en) IP address distribution method and use thereof
US8028324B2 (en) Method for transmitting policy information between network equipment
CN101110821A (en) Method and apparatus for preventing ARP address cheating attack
US8799998B2 (en) Methods for controlling a traffic of an authentication server
CN1943206A (en) System and method for maximizing connectivity during network failures in a cluster system
US7349378B2 (en) Local area network resource manager
CN101977146B (en) Intelligent network traffic controller and implementation method thereof
CN1845554B (en) Control method for dynamically distributing IP address in 3G network
CN108322921A (en) Communications base station with decision function for distributing traffic across multiple backhauls
CN101217499A (en) Array dispatching method
CN101150442B (en) A STA management method and device in BSS network
US9210124B2 (en) Method, apparatus, and system for allocating public IP address
US20130283348A1 (en) Cooperation Between MoCA Service Provider and Consumer Networks
WO2013166769A1 (en) Self-adaptive bandwidth distribution method and system
CN102148878B (en) IP (internet protocol) address allocation method, system and device
CN100596085C (en) Login method and apparatus for AP
US9106435B2 (en) Efficient data transmission within MoCA
JP4740338B2 (en) Communication apparatus and communication method
CN101883090A (en) Client access method, equipment and system
WO2009030173A1 (en) Processing method and device for qinq termination configuration
JP4564491B2 (en) Access control method and system

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model