CN103428697A - Network access method, device and system based on CAPWAP protocol - Google Patents
Network access method, device and system based on CAPWAP protocol Download PDFInfo
- Publication number
- CN103428697A CN103428697A CN2012101605661A CN201210160566A CN103428697A CN 103428697 A CN103428697 A CN 103428697A CN 2012101605661 A CN2012101605661 A CN 2012101605661A CN 201210160566 A CN201210160566 A CN 201210160566A CN 103428697 A CN103428697 A CN 103428697A
- Authority
- CN
- China
- Prior art keywords
- terminal
- network
- access
- wide
- network access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Abstract
The invention provides a network access method, device and system based on the CAPWAP protocol and relates to the field of communication technologies. The network access method, device and system solve the problems that the quality of services provided for a hotspot terminal and a broadband terminal is poor after broadband resources are shared by the hotspot terminal and the broadband terminal to a certain degree. The method includes the steps that step 1, the network access device receives a network access request sent by a terminal to have access; step 2, if an access identification of the terminal to have access indicates that the terminal to have access is the hotspot terminal, CAPWAP packaging is carried out on the network access request, the packaged network access request is sent to a control device, the packaged network access request is used for indicating the control device to carry out network access authentication on the hotspot terminal according to the packaged network access request through an authentication server, and the hotspot terminal can have access to the network when the hotspot terminal passes the network access authentication. The network access method, device and system can be used for network access.
Description
Technical field
The present invention relates to communication technical field, relate in particular to the Specification based on CAPWAP(Control And Provisioning of Wireless Access Points Protocol, the control of WAP (wireless access point) and configuration protocol standard) method for network access, device and the system of agreement.
Background technology
It is medium to family, office building that operator disposes wired or wireless broadband network, for terminal provides broadband services.
Wide-band terminal can pass through AP(Access Point, access point) the corresponding private SSID that encrypts of active arrangement, and use the individual to encrypt the SSID access network, before access network, certificate server carries out network access authentication to wide-band terminal, by after network access authentication, allow this wide-band terminal to use in the private SSID of encryption access network.
Wide-band terminal can be encrypted this individual SSID and notify to any hot terminal, makes hot terminal use the private SSID of encryption access network, or hot terminal can be used AP to provide does not encrypt the SSID access network.Share same broadband resource when wherein, this wide-band terminal and this hot terminal and network communicate.
After access network, accounting server carries out charging according to summation or the summation of access network time of the network traffics of hot terminal and wide-band terminal use.
State in realization in the process of network insertion, the inventor finds that in prior art, at least there are the following problems: in prior art, certificate server can't carry out network access authentication to hot terminal, and then can't carry out independent charging to hot terminal, cause network lower for the service quality that hot terminal and wide-band terminal provide, and then the user who has reduced hot terminal and wide-band terminal experience.
Summary of the invention
The embodiment of the present invention provides a kind of methods, devices and systems of the network insertion based on the CAPWAP agreement, the service quality when having improved to a certain extent wide-band terminal and hot terminal and sharing same broadband resource and network and communicate.
For achieving the above object, embodiments of the invention adopt following technical scheme:
On the one hand, provide a kind of network access system based on the CAPWAP agreement, comprising:
Network access equipment, the network insertion request sent for receiving terminal to be accessed, the access sign that described network insertion request comprises terminal to be accessed; If the described terminal to be accessed of the access of described terminal to be accessed sign indication is hot terminal, described network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance;
Control appliance, for the network insertion request after the described encapsulation that receives described network access equipment transmission; After network insertion request after described encapsulation is carried out to the CAPWAP decapsulation, send the hot terminal authentication request according to the network insertion request after described decapsulation to certificate server, described hot terminal authentication request indicates described certificate server to carry out network access authentication to described hot terminal, and send the hot terminal authentication response to described control appliance, whether described hot terminal authentication response passes through network access authentication for describing described hot terminal; Receive the described hot terminal authentication response that described certificate server sends; If described hot terminal authentication response indicates described hot terminal by network access authentication, by described hot terminal access network.
On the other hand, provide a kind of method for network access based on the CAPWAP agreement, comprising:
Network access equipment receives the network insertion request that terminal to be accessed sends, the access sign that described network insertion request comprises terminal to be accessed;
If the described terminal to be accessed of the access of described terminal to be accessed sign indication is hot terminal, described network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, network insertion request after described encapsulation is used to indicate described control appliance according to the network insertion request after described encapsulation, and by certificate server, described hot terminal is carried out to network access authentication, and after described hot terminal passes through network access authentication, by described hot terminal access network.
In addition, also provide the another kind of method for network access based on the CAPWAP agreement, comprising:
Control appliance receives the network insertion request after the CAPWAP encapsulation that network access equipment sends;
After network insertion request after described encapsulation is carried out to the CAPWAP decapsulation, send the hot terminal authentication request according to the network insertion request after described decapsulation to certificate server, described hot terminal authentication request indicates described certificate server to carry out network access authentication to hot terminal, and send the hot terminal authentication response to described control appliance, whether described hot terminal authentication response passes through network access authentication for describing described hot terminal;
Receive the described hot terminal authentication response that described certificate server sends;
If described hot terminal authentication response indicates described hot terminal by network access authentication, by described hot terminal access network.
On the one hand, provide a kind of network access device based on the CAPWAP agreement again, comprising:
Receiving element, the network insertion request sent for receiving terminal to be accessed, the access sign that described network insertion request comprises terminal to be accessed;
The first processing unit, if the described terminal to be accessed of access sign indication for described terminal to be accessed is hot terminal, described network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, network insertion request after described encapsulation is used to indicate described control appliance according to the network insertion request after described encapsulation, and by certificate server, described hot terminal is carried out to network access authentication, and after described hot terminal passes through network access authentication, by described hot terminal access network.
In addition, also provide the another kind of network access device based on the CAPWAP agreement, comprising:
Receiving element, the network insertion request after the CAPWAP encapsulation sent for receiving network access equipment; Receive the hot terminal authentication response that certificate server sends, whether described hot terminal authentication response passes through network access authentication for describing described hot terminal;
Transmitting element, for after the network insertion request after described encapsulation is carried out to the CAPWAP decapsulation, send the hot terminal authentication request according to the network insertion request after described decapsulation to described certificate server, described hot terminal authentication request indicates described certificate server to carry out network access authentication to hot terminal, and sends described hot terminal authentication response to described control appliance;
Access unit, if indicate described hot terminal by network access authentication, by described hot terminal access network for described hot terminal authentication response.
The method for network access based on the CAPWAP agreement that the embodiment of the present invention provides, device, system, after adopting such scheme, network access equipment is after the network insertion request that receives the terminal to be accessed transmission, access sign according to the terminal to be accessed comprised in the network insertion request, judge whether this terminal to be accessed is hot terminal, if hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, so that control appliance is after terminal to be accessed passes through network access authentication, by the terminal to be accessed access network, make hot terminal and wide-band terminal can pass through the different modes access network, after hot terminal and the shared appointment of wide-band terminal broadband resource, can to hot terminal and wide-band terminal, be authenticated respectively, thereby improved the quality of the service provided for hot terminal and wide-band terminal.
The accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, in below describing embodiment, the accompanying drawing of required use is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The network architecture schematic diagram of the method for network access based on the CAPWAP agreement, device and system that Fig. 1 provides for the present embodiment;
A kind of network access system structural representation based on the CAPWAP agreement that Fig. 2 provides for the present embodiment;
The flow chart of a kind of wide-band terminal access network that Fig. 3 provides for the present embodiment;
The flow chart of a kind of hot terminal access network that Fig. 4 provides for the present embodiment;
Fig. 5 a kind ofly be take the method for network access flow chart based on the CAPWAP agreement that control appliance is executive agent for what the present embodiment provided;
The another kind that Fig. 6 provides for the present embodiment be take the method for network access flow chart based on the CAPWAP agreement that control appliance is executive agent;
Fig. 7 a kind ofly be take the method for network access flow chart based on the CAPWAP agreement that network access equipment is executive agent for what the present embodiment provided;
The another kind that Fig. 8 provides for the present embodiment be take the method for network access flow chart based on the CAPWAP agreement that network access equipment is executive agent;
A kind of method flow diagram that hot terminal is carried out to network access authentication that Fig. 9 provides for the present embodiment;
A kind of network access device structural representation based on the CAPWAP agreement be applied in network access equipment that Figure 10 provides for the present embodiment;
The another kind that Figure 11 provides for the present embodiment is applied to the network access device structural representation based on the CAPWAP agreement in network access equipment;
A kind of network access device structural representation based on the CAPWAP agreement be applied in control appliance that Figure 12 provides for the present embodiment;
The another kind that Figure 13 provides for the present embodiment is applied to the network access device structural representation based on the CAPWAP agreement in control appliance.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making under the creative work prerequisite the every other embodiment obtained, belong to the scope of protection of the invention.
For clearer description the following examples, at first the network architecture of embodiment is simply introduced.
As shown in Figure 1, the wide-band terminal in the network architecture can communicate by network access equipment and network; Hot terminal can communicate by network access equipment with for control appliance and the network of controlling network access equipment, and the wide-band terminal in this network architecture, with hot terminal, shares same appointment broadband resource.
Wherein, wide-band terminal and hot terminal can for but be not limited to: mobile phone, computer etc.; Network access equipment can for but be not limited to: AP and/or CPE(Customer Premise Equipment, ustomer premises access equipment) etc.; Control appliance can for but be not limited to: AC(Wireless Access Point Controller, wireless controller) or BRAS(Broadband Remote Access Server, BAS Broadband Access Server) etc.Below all take network access equipment as AP, and control appliance is that AC is that example describes.
Wherein, CPE can built-in/external AP, or the cable broadband home gateway can built-in/external AP, so that WiFi(Wireless Fidelity to be provided, unlimited fidelity) signal is for the terminal to be accessed access network.
Wide-band terminal is by after the private SSID of encryption is set in AP, uses this individual to encrypt the SSID access network, and only knows that this individual encrypts the terminal of the password of SSID, just can use the private SSID of encryption to carry out network insertion; AP can configure a plurality of focuses and share the use of SSID heat supply point accessing terminal to network, concrete, AP shares SSID to the focus of hot terminal broadcast configuration, afterwards, hot terminal is used corresponding focus to share the SSID access network, and shares and specify broadband resource with wide-band terminal.
AP also supports fat or thin integrated mode of operation, and AP can identify the private SSID of encryption and focus is shared SSID, and the transmission of different modes or processing etc. are carried out in the request respectively wide-band terminal and hot terminal sent according to different SSID.When AP identifies the private SSID of encryption, i.e., during the request of transmission or the transmission of processing wide-band terminal, the mode of operation of AP is fat pattern; When AP identifies broadband SSID, i.e., during the request of transmission or the transmission of processing hot terminal, the mode of operation of AP is thin pattern.
The present embodiment arranges focus to AP and shares the method that SSID and wide-band terminal arrange the private SSID of encryption by AP and be not construed as limiting, and for technology well known to those skilled in the art, does not repeat them here.
Concrete, the step that wide-band terminal and network communicate can comprise: wide-band terminal is by AP and after using the private SSID of encryption access network, after AP comprises the private SSID of encryption in receiving network access request information and identifying network access request, this network access request is carried out to NAT(Network Address Translation by AP, network address translation) after, use and specify broadband to be sent to network, so that wide-band terminal and networking communicate.
Wherein, NAT is by IP(Internet Protocol, the agreement interconnected between network) address transition is the process of another IP address.In actual applications, NAT is mainly used in realizing the function of private network access public network, is about to private IP address and is converted to public ip address.This by using a small amount of public ip address to represent the mode of more private IP address, will contribute to slow down the exhaustion of IP available address space.NAT is technology well known to those skilled in the art, does not repeat them here.
The step that hot terminal and network communicate can comprise: hot terminal is by AP and AC and use focus to share the SSID access network, after AP comprises the shared SSID of focus in receiving network access request information and identifying this network access request, by this network access request through after CAPWAP encapsulation, and use and specify broadband to send to AC, AC carries out sending network access request to network after the CAPWAP decapsulation, and hot terminal and network are communicated.
Like this, hot terminal and wide-band terminal are at shared same appointment broadband resource, and while communicating with networking in different ways, both can avoid the request that wide-band terminal is sent to carry out the expense that the CAPWAP encapsulation brings, and can avoid again AC/BRAS wide-band terminal to be carried out to the problem of recurrent network access authentication.
Wherein, can carry out transfer of data by CAPWAP tunnel between AP and AC, before between AP and AC, carrying out transfer of data, at first AP or AC carry out the CAPWAP encapsulation to data to be transmitted, and after using the appointment broadband that the data after encapsulation are sent to AC or AP, AC or AP carry out the CAPWAP decapsulation to the data to be transmitted after the CAPWAP encapsulation again, carry out afterwards next step operation again.
The present embodiment is not construed as limiting the method for CAPWAP encapsulation and CAPWAP decapsulation, is technology well known to those skilled in the art, and CAPWAP tunnel is also technology well known to those skilled in the art, does not repeat them here.
Below provide some embodiment to be specifically described scheme.
Embodiment mono-
The present embodiment provides a kind of network access system based on the CAPWAP agreement, as shown in Figure 2, can comprise:
After adopting such scheme, network access equipment is after the network insertion request that receives the terminal to be accessed transmission, access sign according to the terminal to be accessed comprised in the network insertion request, judge whether this terminal to be accessed is hot terminal, if hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, so that control appliance is after terminal to be accessed passes through network access authentication, by the terminal to be accessed access network, make hot terminal and wide-band terminal can pass through the different modes access network, after hot terminal and the shared appointment of wide-band terminal broadband resource, can to hot terminal and wide-band terminal, be authenticated respectively, the quality of the service provided for hot terminal and wide-band terminal has been provided.
As shown in Figure 3, the step of wide-band terminal access network can comprise: wide-band terminal sends the network insertion request to network access equipment, the access sign that the access sign indication terminal to be accessed that the network insertion request comprises is wide-band terminal, i.e. the access of wide-band terminal sign can include but not limited to: the password of the private SSID of encryption and/or the private SSID of encryption etc.; Network access equipment is receiving the network insertion request, and after identifying individual in the network insertion request and encrypting SSID, by certificate server, wide-band terminal is carried out to network access authentication, whether the private SSID of encryption is corresponding with the password that the individual encrypts SSID in i.e. judgement, if corresponding, obtain the IP address for network communicate of wide-band terminal in this network, by the wide-band terminal access network.Network access equipment before by the wide-band terminal access network, by specifying broadband Sending dialled number request, as, PPPOE dialing request, realize connecting with specifying broadband, like this, the assurance wide-band terminal can be used appointment broadband and network to communicate.
The method of wide-band terminal access network can be not limited to above-mentioned described method, does not repeat them here.
Wide-band terminal can also send accounting request to accounting server by network access equipment and carry out charging, and accounting server can, according to the identification information of the wide-band terminal in accounting request, obtain the business of this wide-band terminal customization; According to the business of the customization got, wide-band terminal is carried out to charging.
The present embodiment is not construed as limiting the method for wide-band terminal being carried out to charging, for those skilled in the art know technology, does not repeat them here.
The method that wide-band terminal and network communicate has been carried out simple introduction in the preceding article, does not repeat them here.
As shown in Figure 4, as a kind of execution mode, the step that hot terminal access network, hot terminal and network communicate can comprise:
If being designated focus, the access that the indication terminal to be accessed is hot terminal shares SSID, after the focus of network access equipment in identifying the network insertion solicited message shared SSID, use nominated bandwidth that the network insertion request after the CAPWAP encapsulation is sent to control appliance, control appliance is according to the network insertion request after the CAPWAP encapsulation, and by certificate server, hot terminal is carried out to network access authentication, if pass through network access authentication, control appliance, by the hot terminal access network, makes hot terminal use nominated bandwidth and network to communicate.
Embodiment bis-
As improvement, the present embodiment provides the another kind of network access system based on the CAPWAP agreement, as shown in Figure 2, can comprise:
Further, network access equipment 21 also for: if the access of terminal to be accessed sign indication terminal to be accessed is wide-band terminal, to certificate server, send the wide-band terminal authentication request, wide-band terminal authentication request indication certificate server carries out network access authentication to wide-band terminal, and send the wide-band terminal authentication response to network access equipment, whether the wide-band terminal authentication response passes through network access authentication for describing wide-band terminal; Receive the wide-band terminal authentication response; If wide-band terminal authentication response indication wide-band terminal is by network access authentication, by the wide-band terminal access network.
Further, the network insertion request after encapsulation also comprises the identification information of hot terminal;
Network access equipment is also for 21: the business indication information that receiving control apparatus sends, the business indication information comprise specify preferential business and with the identification information of the wide-band terminal of hot terminal binding, specifying preferential business is that the service operation support server obtains according to the network access information of hot terminal, and network access information is for describing how many at least one of the network traffics of using after the time length of hot terminal access network or access network; To the identification information of wide-band terminal, corresponding wide-band terminal sends and specifies preferential business, so that wide-band terminal is carried out the preferential business of specifying;
Control appliance is also for 22: the network access information that obtains hot terminal according to the identification information of hot terminal; Send network access information to the service operation support server, so that the service operation support server obtains according to network access information the preferential business of specifying; Receive the preferential business of appointment that the service operation support server sends; Send the business indication information to network access equipment.
Further, network access equipment 21 also for: receive the network access request that the terminal of accessed network sends, the access sign of the terminal that network access request comprises accessed network; Send the network access request of wide-band terminal to network, the terminal of the access comprised in the network access request of wide-band terminal sign indication accessed network is wide-band terminal; After the network access request of all wide-band terminals that receive until current has been sent out, send the network access request of hot terminal to control appliance, the terminal of the access comprised in the network access request of hot terminal sign indication accessed network is hot terminal again;
After adopting such scheme, network access equipment is after the network insertion request that receives the terminal to be accessed transmission, access sign according to the terminal to be accessed comprised in the network insertion request, judge whether this terminal to be accessed is hot terminal, if hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, so that control appliance is after terminal to be accessed passes through network access authentication, by the terminal to be accessed access network, make hot terminal and wide-band terminal can pass through the different modes access network, wide-band terminal (may be the domestic consumer) business datum forward-path is constant, and after hot terminal can carry out the CAPWAP encapsulation to data by access device, to control appliance, forwarded, thereby avoided the wide-band terminal user to carry out the header overhead problem that the CAPWAP encapsulation brings, and avoid control appliance repeatedly to authenticate and flow deduction problem etc. the wide-band terminal user, and, for hot terminal, can when with wide-band terminal, share specifying broadband resource, realize the independent authentication access of itself, thereby improved the service quality provided for hot terminal and wide-band terminal, further, the authentication accessing method provided by the embodiment of the present invention can be realized independent charging to hot terminal, and can return by this billing of services certain preferentially to the wide-band terminal user, further improved the service quality that hot terminal and wide-band terminal provide, further, because access device can be to wide-band terminal and hot terminal business independent process, therefore can realize daynamic bandwidth managment in the situation that needs pass through the priority scheduling to the wide-band terminal user service data, and then guarantee that wide-band terminal user's user experiences.
Enforcement principle based on above-mentioned network access system, below introduce from network access equipment and control appliance both sides the method for network access that the embodiment of the present invention provides respectively by specific embodiment again.
Embodiment tri-
The present embodiment provides a kind of method for network access based on the CAPWAP agreement, and the executive agent of the method is network access equipment, as shown in Figure 5, can comprise the following steps:
501, network access equipment receives the network insertion request that terminal to be accessed sends.
At first terminal to be accessed sent the network insertion request to network access equipment before access network, the access sign that the network insertion request comprises terminal to be accessed, it is hot terminal or wide-band terminal that the access sign of terminal to be accessed can be, but not limited to for identifying terminal to be accessed.
The present embodiment is not construed as limiting the effect of the access sign of terminal to be accessed, can be set according to actual needs, does not repeat them here.
If the access of 502 terminals to be accessed sign indication terminal to be accessed is hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, network insertion request after encapsulation is used to indicate control appliance according to the network insertion request after encapsulation, and by certificate server, hot terminal is carried out to network access authentication, and after hot terminal passes through network access authentication, by the hot terminal access network.
After adopting such scheme, network access equipment is after the network insertion request that receives the terminal to be accessed transmission, access sign according to the terminal to be accessed comprised in the network insertion request, judge whether this terminal to be accessed is hot terminal, if hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, so that control appliance is after terminal to be accessed passes through network access authentication, by the terminal to be accessed access network, make hot terminal and wide-band terminal can pass through the different modes access network, after hot terminal and the shared appointment of wide-band terminal broadband resource, can to hot terminal and wide-band terminal, be authenticated respectively, the service quality provided for hot terminal and wide-band terminal has been provided.
Embodiment tetra-
As improvement, the present embodiment provides the another kind of method for network access based on the CAPWAP agreement, and the executive agent of the method is network access equipment, as shown in Figure 6, can comprise the following steps:
601, network access equipment receives the network insertion request that terminal to be accessed sends.
At first terminal to be accessed sent the network insertion request to network access equipment before access network, the access sign that the network insertion request comprises terminal to be accessed, it is hot terminal or wide-band terminal that the access sign of terminal to be accessed can be, but not limited to for identifying terminal to be accessed.
The present embodiment is not construed as limiting the effect of the access sign of terminal to be accessed, can be set according to actual needs, does not repeat them here.
If the access of 602 terminals to be accessed sign indication terminal to be accessed is hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, network insertion request after encapsulation is used to indicate control appliance according to the network insertion request after encapsulation, and by certificate server, hot terminal is carried out to network access authentication, and after hot terminal passes through network access authentication, by the hot terminal access network.
As an embodiment of the present embodiment, the indication terminal to be accessed access sign that is the wide-band terminal terminal to be accessed can for but be not limited to: the private SSID of encryption; The indication terminal to be accessed access sign that is the hot terminal terminal to be accessed can for but be not limited to: focus is shared SSID, and wide-band terminal and hot terminal can be used respectively private encryption SSID, the shared SSID access network of focus.
The transmission to the request that receives may be different with processing method after identifying the private SSID of encryption or focus to share SSID for network access equipment.
Further, the network insertion request after encapsulation also is used to indicate control appliance and sends accounting request to accounting server, and accounting request indication accounting server is used and carries out charging the network after the hot terminal access network.
Accounting server can for but be not limited to: operator's accounting server etc.
The present embodiment is not construed as limiting the charging method of accounting server, can, for any means well known to those skilled in the art, not repeat them here.
If the access of 603 terminals to be accessed sign indication terminal to be accessed is wide-band terminal, to certificate server, send the wide-band terminal authentication request.
Wide-band terminal authentication request indication certificate server carries out network access authentication to wide-band terminal, and sends the wide-band terminal authentication response to network access equipment, and whether the wide-band terminal authentication response passes through network access authentication for describing wide-band terminal.
604, network access equipment receives the wide-band terminal authentication response.
If 605 wide-band terminal authentication response indication wide-band terminals are by network access authentication, by the wide-band terminal access network.
Like this, hot terminal and wide-band terminal be by method access network separately, and the shared same appointment of hot terminal and wide-band terminal broadband number can provide higher service quality for hot terminal and wide-band terminal.
606, the business indication information that the network access equipment receiving control apparatus sends.
The business indication information comprise specify preferential business and with the identification information of the wide-band terminal of hot terminal binding, specifying preferential business is that the service operation support server obtains according to the network access information of hot terminal, and network access information is for describing how many at least one of the network traffics of using after the time length of hot terminal access network or access network.
607, to the identification information of wide-band terminal, corresponding wide-band terminal sends and specifies preferential business, so that wide-band terminal is carried out the preferential business of specifying.
Hot terminal and wide-band terminal are shared while specifying broadband resource, the service operation support server is according to the network access information of hot terminal, send and specify preferential business to wide-band terminal, make hot terminal and wide-band terminal share while specifying broadband resource, wide-band terminal can obtain certain income.
Further, in order to guarantee the QoS(Quality of Service of wide-band terminal, service quality), the network access request that at first network access equipment sends wide-band terminal is transmitted or is processed.
As an embodiment of the present embodiment, network access equipment receives the network access request of the terminal transmission of accessed network, the access sign of the terminal that network access request comprises accessed network; Send the network access request of wide-band terminal to network, the terminal of the access comprised in the network access request of wide-band terminal sign indication accessed network is wide-band terminal; After all wide-band terminal network access request that receive until current have been sent out, send again the network access request of hot terminal to control appliance, so that control appliance sends the network access request of hot terminal to network, the terminal of the access comprised in the network access request of hot terminal sign indication accessed network is hot terminal.
After adopting such scheme, network access equipment is after the network insertion request that receives the terminal to be accessed transmission, access sign according to the terminal to be accessed comprised in the network insertion request, judge whether this terminal to be accessed is hot terminal, if hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, so that control appliance is after terminal to be accessed passes through network access authentication, by the terminal to be accessed access network, make hot terminal and wide-band terminal can pass through the different modes access network, after hot terminal and the shared appointment of wide-band terminal broadband resource, can to hot terminal and wide-band terminal, be authenticated respectively, the service quality provided for hot terminal and wide-band terminal has been provided, further, the authentication accessing method provided by the embodiment of the present invention can be realized independent charging to hot terminal, and can return by this billing of services certain preferentially to the wide-band terminal user, further improved the service quality that hot terminal and wide-band terminal provide, further, because access device can be to wide-band terminal and hot terminal business independent process, therefore can realize daynamic bandwidth managment in the situation that needs pass through the priority scheduling to the wide-band terminal user service data, and then guarantee that wide-band terminal user's user experiences.
Embodiment five
The present embodiment provides a kind of method for network access based on the CAPWAP agreement, and the executive agent of the method is control appliance, as shown in Figure 7, can comprise the following steps:
701, control appliance receives the network insertion request after the CAPWAP encapsulation that network access equipment sends.
702, after the network insertion request after encapsulation is carried out to the CAPWAP decapsulation, send the hot terminal authentication request according to the network insertion request after decapsulation to certificate server, hot terminal authentication request indication certificate server carries out network access authentication to hot terminal, and send the hot terminal authentication response to control appliance, whether the hot terminal authentication response passes through network access authentication for describing hot terminal.
703, receive the hot terminal authentication response that certificate server sends.
If 704 hot terminal authentication response indication hot terminals are by network access authentication, by the hot terminal access network.
After adopting such scheme, network access equipment is after the network insertion request that receives the terminal to be accessed transmission, access sign according to the terminal to be accessed comprised in the network insertion request, judge whether this terminal to be accessed is hot terminal, if hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, so that control appliance is after terminal to be accessed passes through network access authentication, by the terminal to be accessed access network, make hot terminal and wide-band terminal can pass through the different modes access network, after hot terminal and the shared appointment of wide-band terminal broadband resource, can to hot terminal and wide-band terminal, be authenticated respectively, the service quality provided for hot terminal and wide-band terminal has been provided.
Embodiment six
As improvement, the present embodiment provides the another kind of method for network access based on the CAPWAP agreement, and the executive agent of the method is control appliance, and this method method of mainly describing the hot terminal access network and communicating with network, as shown in Figure 8, can comprise the following steps:
801, control appliance receives the network insertion request after the CAPWAP encapsulation that network access equipment sends.
Hot terminal is before access network, at first send the network insertion request to network access equipment, the network insertion request can comprise the access sign that the indication terminal to be accessed is hot terminal, network access equipment is sent to control appliance after the network insertion request received is carried out to the CAPWAP encapsulation.
802, after control appliance carries out the CAPWAP decapsulation by the network insertion request after encapsulation, send the hot terminal authentication request according to the network insertion request after decapsulation to certificate server, hot terminal authentication request indication certificate server carries out network access authentication to hot terminal, and send the hot terminal authentication response to control appliance, whether the hot terminal authentication response passes through network access authentication for describing hot terminal.
In order to make Virtual network operator carry out network access authentication to hotspot device to be accessed,, after the network insertion request of control appliance after receiving encapsulation, to certificate server, send the hot terminal authentication request.
Certificate server can for but be not limited to: operator's certificate server etc.
803, receive the hot terminal authentication response that certificate server sends.
Terminal to be accessed, before access network, at first needs, by certificate server, this terminal to be accessed is carried out to network access authentication, by after network access authentication, just can be accessed by network, and communicates with network.
As an embodiment of the present embodiment, as shown in Figure 9, the method for hot terminal being carried out to network access authentication can comprise:
1. hot terminal is used focus to share the SSID access network, and, by DHCP(Dynamic Host Configuration Protocol, DynamicHost arranges agreement) acquisition IP address;
The method that obtains the IP address by DHCP is technology well known to those skilled in the art, does not repeat them here;
2. hot terminal is opened IE(Internet Explorer, web browser), input any one legal URL(UniformResourceLocator, URL(uniform resource locator)), transmission includes the HTTP(Hypertext Transport Protocol of URL, HTTP) message is to network access equipment, network access equipment carries out the HTTP message to be sent to AC/BRAS after the CAPWAP encapsulation, after separating the CAPWAP encapsulation by AC/BRAS, by the HTTP message redirecting to Portal Server(information source server);
3.Portal Server pushes the WEB(network by network access equipment and control appliance to hot terminal) authentication interface, require hot terminal feedback user name and password; The WEB authentication interface is undertaken sending to network access equipment after the CAPWAP encapsulation by AC/BRAS, and, by after network access equipment solution CAPWAP encapsulation, sends to hot terminal;
4. hot terminal, after receiving the WEB certification page, is sent to Portal Server by network access equipment and control appliance by terminal references information such as user name, passwords;
5.Portal Server receives terminal references information, sends authentication request to AC/BRAS, authentication request can comprise the access sign of terminal references information and hot terminal;
6.AC/BRAS for example, send authentication request to operator's certificate server (, can be aaa server), so that AAA(Authentication; Authorization; Accounting, authentication; Authorize; Book keeping operation) server carries out network access authentication according to operator's authentication request to hot terminal;
7., after the network insertion card passes through, aaa server sends authentication response to AC/BRAS;
8.AC/BRAS send authentication response to Portal Server;
9.Portal, after Server receives authentication response, by network access equipment and control appliance, to hot terminal pushing certification success interface, the authentication of prompting hot terminal is passed through.
10., after hot terminal receives the authentication success interface, can carry out regular traffic and start charging with network.
In the specific embodiment shown in Fig. 9, aaa server can include but not limited to: accounting server and operator's certificate server, accounting server in the present embodiment and certificate server can be arranged in a server, also can be respectively two independently servers, be not construed as limiting at this.
The present embodiment is not construed as limiting the method for hot terminal being carried out to network access authentication, can, for any means well known to those skilled in the art, not repeat them here.
If 804 hot terminal authentication response indication hot terminals are by network access authentication, control appliance is by the hot terminal access network.
The present embodiment is not construed as limiting the method for hot terminal access network to control appliance, can be limited according to actual needs, does not repeat them here.
805, send accounting request to accounting server, accounting request indication accounting server is used and carries out charging the network after the hot terminal access network.
Further, the network insertion request after encapsulation also comprises the identification information of hot terminal; After accounting server sends accounting request, control appliance obtains the network access information of hot terminal according to the identification information of hot terminal, network access information is for describing the how many at least one items of the network traffics of using after hot terminal access network time length or access network; Send network access information to accounting server, so that accounting server carries out charging according to network access information to hot terminal.
Control appliance is for controlling network access equipment, and control appliance can also be stored the network access information that any terminal communicates by network access equipment and network.
As an embodiment of the present embodiment, the network access information that obtains hot terminal according to the identification information of hot terminal can comprise:
Store the corresponding relation of terminal and network access equipment in control appliance, control appliance can be according to the identification information of hot terminal, get the identification information of the network access equipment used that this hot terminal is corresponding, and, according to the identification information of network access equipment, get the network access information that hot terminal is used this network access equipment and network to communicate.
For example, the identification information of network access equipment can for but be not limited to: SN(Series Number, sequence number), MAC(Media Access Control, the media access control) etc.
The content that the present embodiment comprises the method for obtaining network access information and network access information is not construed as limiting, and can be set according to actual needs, does not repeat them here.
806, receive and send to network access equipment the business indication information that the service operation support server sends, the business indication information comprises the preferential business of specifying, identification information with wide-band terminal with hot terminal binding, so that the wide-band terminal that network access equipment is corresponding to the identification information of wide-band terminal sends the preferential business of specifying, wide-band terminal is carried out and specified preferential business, specifying preferential business is that the service operation support server obtains according to the network access information of the hot terminal obtained from control appliance, network access information is for describing the time length of hot terminal access network, or the network traffics of using after access network how many at least one.
The business indication information comprises the service operation support server according to from accounting server, the preferential business of the appointment that the network access information obtained obtains and with the access sign of the wide-band terminal of hot terminal binding, so that the access of network access equipment wide-band terminal sign, to specify preferential business to be sent to wide-band terminal, and wide-band terminal be carried out and specified preferential business.
After adopting such scheme, network access equipment is after the network insertion request that receives the terminal to be accessed transmission, access sign according to the terminal to be accessed comprised in the network insertion request, judge whether this terminal to be accessed is hot terminal, if hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, so that control appliance is after terminal to be accessed passes through network access authentication, by the terminal to be accessed access network, make hot terminal and wide-band terminal can pass through the different modes access network, after hot terminal and the shared appointment of wide-band terminal broadband resource, can to hot terminal and wide-band terminal, be authenticated respectively, the service quality provided for hot terminal and wide-band terminal has been provided, further, the authentication accessing method provided by the embodiment of the present invention can be realized independent charging to hot terminal, and can return by this billing of services certain preferentially to the wide-band terminal user, further improved the service quality that hot terminal and wide-band terminal provide, further, because access device can be to wide-band terminal and hot terminal business independent process, therefore can realize daynamic bandwidth managment in the situation that needs pass through the priority scheduling to the wide-band terminal user service data, and then guarantee that wide-band terminal user's user experiences.
Embodiment seven
The present embodiment provides a kind of network access device based on the CAPWAP agreement, it should be understood that this device can be applied to network access equipment, such as wireless router, CPE or home gateway etc., and as shown in figure 10, this device can comprise:
Receiving element 101, the network insertion request sent for receiving terminal to be accessed, the access sign that the network insertion request comprises terminal to be accessed;
The first processing unit 102, if the access sign indication terminal to be accessed for terminal to be accessed is hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, network insertion request after encapsulation is used to indicate control appliance according to the network insertion request after encapsulation, and by certificate server, hot terminal is carried out to network access authentication, and after hot terminal passes through network access authentication, by the hot terminal access network.
After adopting such scheme, after the first processing unit receives the network insertion request of terminal to be accessed transmission at receiving element, access sign according to the terminal to be accessed comprised in the network insertion request, judge whether this terminal to be accessed is hot terminal, if hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, so that control appliance is after terminal to be accessed passes through network access authentication, by the terminal to be accessed access network, make hot terminal and wide-band terminal can pass through the different modes access network, after hot terminal and the shared appointment of wide-band terminal broadband resource, can to hot terminal and wide-band terminal, be authenticated respectively, the service quality provided for hot terminal and wide-band terminal has been provided.
Embodiment eight
As improvement, the present embodiment provides the another kind of network access device based on the CAPWAP agreement, and this device can be applied to network access equipment, such as wireless router, CPE or home gateway etc.As shown in figure 11, can comprise:
Receiving element 111, the network insertion request sent for receiving terminal to be accessed, the access sign that the network insertion request comprises terminal to be accessed;
The first processing unit 112, if the access sign indication terminal to be accessed for terminal to be accessed is hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, network insertion request after encapsulation is used to indicate control appliance according to the network insertion request after encapsulation, and by certificate server, hot terminal is carried out to network access authentication, and after hot terminal passes through network access authentication, by the hot terminal access network.
Further, the network insertion request after encapsulation also is used to indicate control appliance and sends accounting request to accounting server, and accounting request indication accounting server is used and carries out charging the network after the hot terminal access network.
The second processing unit 113, if the access sign indication terminal to be accessed for terminal to be accessed is wide-band terminal, to certificate server, send the wide-band terminal authentication request, wide-band terminal authentication request indication certificate server carries out network access authentication to wide-band terminal, and send the wide-band terminal authentication response to network access equipment, whether the wide-band terminal authentication response passes through network access authentication for describing wide-band terminal; If described wide-band terminal authentication response indicates described wide-band terminal by network access authentication, by described wide-band terminal access network.
Further, receiving element 111 also for: receive the wide-band terminal authentication response;
Further, the business indication information that receiving element 111 also sends for: receiving control apparatus, the business indication information comprise specify preferential business and with the identification information of the wide-band terminal of hot terminal binding, specifying preferential business is that the service operation support server obtains according to the network access information of hot terminal, and network access information is for describing how many at least one of the network traffics of using after the time length of hot terminal access network or access network;
Transmitting element 114, for the identification information to wide-band terminal, corresponding wide-band terminal sends and specifies preferential business, so that wide-band terminal is carried out the preferential business of specifying.
Further, receiving element 111 also for: receive the network access request that the terminal of accessed network sends, the access sign of the terminal that network access request comprises accessed network;
Further, the second processing unit 113 also for: send the network access request of wide-band terminal to network, the terminal of the access comprised in the network access request of wide-band terminal sign indication accessed network is wide-band terminal;
After all wide-band terminal network access request that receive until current have been sent out, send again the network access request of hot terminal to control appliance, so that control appliance sends the network access request of hot terminal to network, the terminal of the access comprised in the network access request of hot terminal sign indication accessed network is hot terminal.
After adopting such scheme, after the first processing unit receives the network insertion request of terminal to be accessed transmission at receiving element, access sign according to the terminal to be accessed comprised in the network insertion request, judge whether this terminal to be accessed is hot terminal, if hot terminal, the network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, so that control appliance is after terminal to be accessed passes through network access authentication, by the terminal to be accessed access network, make hot terminal and wide-band terminal can pass through the different modes access network, after hot terminal and the shared appointment of wide-band terminal broadband resource, can to hot terminal and wide-band terminal, be authenticated respectively, the service quality provided for hot terminal and wide-band terminal has been provided, further, the network access equipment provided by the embodiment of the present invention can be realized independent charging to hot terminal, and can return by this billing of services certain preferentially to the wide-band terminal user, further improved the service quality that hot terminal and wide-band terminal provide, further, because network access equipment can be to wide-band terminal and hot terminal business independent process, therefore can realize daynamic bandwidth managment in the situation that needs pass through the priority scheduling to the wide-band terminal user service data, and then guarantee that wide-band terminal user's user experiences.
Embodiment nine
The present embodiment provides the another kind of network access device based on the CAPWAP agreement, and this device can be applied to control appliance, for example, in the WiFi access controller, as shown in figure 12, can comprise:
Receiving element 121, the network insertion request after the CAPWAP encapsulation sent for receiving network access equipment; Receive the hot terminal authentication response that certificate server sends, whether described hot terminal authentication response passes through network access authentication for describing described hot terminal;
Transmitting element 122, after carrying out the CAPWAP decapsulation for the network insertion request by after encapsulation, send the hot terminal authentication request according to the network insertion request after decapsulation to certificate server, hot terminal authentication request indication certificate server carries out network access authentication to hot terminal, and send the hot terminal authentication response to control appliance, whether the hot terminal authentication response passes through network access authentication for describing hot terminal;
After adopting such scheme, transmitting element is after receiving element receives the network insertion request, send the hot terminal authentication request to certificate server, after hot terminal passes through network access authentication, by the hot terminal access network, make hot terminal and wide-band terminal can pass through the different modes access network, after hot terminal and the shared appointment of wide-band terminal broadband resource, can be authenticated hot terminal and wide-band terminal respectively, the service quality provided for hot terminal and wide-band terminal has been provided.
Embodiment ten
As improvement, the present embodiment provides the another kind of network access device based on the CAPWAP agreement, and this device can be applied to control appliance, for example, in the WiFi access controller, as shown in figure 13, can comprise:
Receiving element 131, the network insertion request after the CAPWAP encapsulation sent for receiving network access equipment; Receive the hot terminal authentication response that certificate server sends, whether described hot terminal authentication response passes through network access authentication for describing described hot terminal;
Transmitting element 132, after carrying out the CAPWAP decapsulation for the network insertion request by after encapsulation, send the hot terminal authentication request according to the network insertion request after decapsulation to certificate server, hot terminal authentication request indication certificate server carries out network access authentication to hot terminal, and send the hot terminal authentication response to control appliance, whether the hot terminal authentication response passes through network access authentication for describing hot terminal;
Further, if the hot terminal authentication response indication hot terminal that receiving element 131 receives passes through network access authentication, transmitting element 132 also for: send accounting request to accounting server, accounting request indication accounting server is used and carries out charging the network after the hot terminal access network.
Further, if the network insertion request after the encapsulation that receiving element 131 receives also comprises the identification information of hot terminal, device also comprises:
Acquiring unit 134, obtain the network access information of hot terminal for the identification information according to hot terminal, network access information is for describing how many at least one of the network traffics of using after hot terminal access network time length or access network;
Further, transmitting element 132 also for: send network access information to accounting server, so that accounting server carries out charging according to network access information to hot terminal.
Further, receiving element 131 also for: receive the business indication information that the service operation support server sends;
Transmitting element 132 also for: send to network access equipment the business indication information that the service operation support server sends, the business indication information comprises the preferential business of specifying, identification information with wide-band terminal with hot terminal binding, so that the wide-band terminal that network access equipment is corresponding to the identification information of wide-band terminal sends the preferential business of specifying, wide-band terminal is carried out and specified preferential business, specifying preferential business is that the service operation support server obtains according to the network access information of the hot terminal obtained from control appliance, network access information is for describing the time length of hot terminal access network, or the network traffics of using after access network how many at least one.
After adopting such scheme, transmitting element is after receiving element receives the network insertion request, send the hot terminal authentication request to certificate server, after hot terminal passes through network access authentication, by the hot terminal access network, make hot terminal and wide-band terminal can pass through the different modes access network, after hot terminal and the shared appointment of wide-band terminal broadband resource, can be authenticated hot terminal and wide-band terminal respectively; Further, the control appliance provided by the embodiment of the present invention can be realized independent charging to hot terminal, and can return by this billing of services certain preferentially to the wide-band terminal user, has further improved the service quality that hot terminal and wide-band terminal provide.
The those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the system of foregoing description, device and unit, can, with reference to the corresponding process in preceding method embodiment, not repeat them here.
In the several embodiment that provide in the application, should be understood that disclosed system, apparatus and method can realize by another way.For example, device embodiment described above is only schematic, for example, the division of described unit, be only that a kind of logic function is divided, during actual the realization, other dividing mode can be arranged, for example a plurality of unit or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, indirect coupling or the communication connection of device or unit can be electrically, machinery or other form.
Through the above description of the embodiments, the those skilled in the art can be well understood to the mode that the present invention can add essential common hardware by software and realize, can certainly pass through hardware, but in a lot of situation, the former is better execution mode.Understanding based on such, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium can read, and aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), the various media that can be program code stored such as random access memory (RAM, Random Access Memory), magnetic disc or CD.The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by the described protection range with claim.
Claims (22)
1. the network access system based on wireless access point control and configuration CAPWAP agreement, is characterized in that, comprising:
Network access equipment, the network insertion request sent for receiving terminal to be accessed, the access sign that described network insertion request comprises terminal to be accessed; If the described terminal to be accessed of the access of described terminal to be accessed sign indication is hot terminal, described network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance;
Control appliance, for the network insertion request after the described encapsulation that receives described network access equipment transmission; After network insertion request after described encapsulation is carried out to the CAPWAP decapsulation, send the hot terminal authentication request according to the network insertion request after described decapsulation to certificate server, described hot terminal authentication request indicates described certificate server to carry out network access authentication to described hot terminal, and send the hot terminal authentication response to described control appliance, whether described hot terminal authentication response passes through network access authentication for describing described hot terminal; Receive the described hot terminal authentication response that described certificate server sends; If described hot terminal authentication response indicates described hot terminal by network access authentication, by described hot terminal access network.
2. system according to claim 1, is characterized in that,
Described network access equipment also for: if the described terminal to be accessed of the access of described terminal to be accessed sign indication is wide-band terminal, to certificate server, send the wide-band terminal authentication request, described wide-band terminal authentication request indicates described certificate server to carry out network access authentication to described wide-band terminal, and send the wide-band terminal authentication response to described network access equipment, whether described wide-band terminal authentication response passes through network access authentication for describing described wide-band terminal; Receive described wide-band terminal authentication response; If described wide-band terminal authentication response indicates described wide-band terminal by network access authentication, by described wide-band terminal access network.
3. system according to claim 1 and 2, is characterized in that, the network insertion request after described encapsulation also comprises the identification information of hot terminal;
Described network access equipment also for: receive the business indication information that described control appliance sends, described business indication information comprise specify preferential business and with the identification information of the wide-band terminal of described hot terminal binding, the preferential business of described appointment is that the service operation support server obtains according to the network access information of described hot terminal, and described network access information is for describing how many at least one of the network traffics of using after the time length of described hot terminal access network or access network; To the identification information of described wide-band terminal, corresponding wide-band terminal sends the preferential business of described appointment, so that described wide-band terminal is carried out the preferential business of described appointment;
Described control appliance is also for the network access information that obtains described hot terminal according to the identification information of described hot terminal; Send described network access information to described service operation support server, so that described service operation support server obtains the preferential business of described appointment according to described network access information; Receive the preferential business of described appointment that described service operation support server sends; Send described business indication information to described network access equipment.
4. system according to claim 3, is characterized in that,
Described network access equipment also for: receive the network access request that the terminal of accessed network sends, the access sign of the terminal that described network access request comprises described accessed network; Send the network access request of wide-band terminal to network, the terminal of the described accessed network of described access sign indication comprised in the network access request of described wide-band terminal is wide-band terminal; After the network access request of all wide-band terminals that receive until current has been sent out, send the network access request of hot terminal to described control appliance, the terminal of the described accessed network of described access sign indication comprised in the network access request of described hot terminal is hot terminal again;
Described control appliance also for: receive the network access request of described hot terminal, and the network access request of described hot terminal sent to network.
5. the method for network access based on wireless access point control and configuration CAPWAP agreement, is characterized in that, comprising:
Network access equipment receives the network insertion request that terminal to be accessed sends, the access sign that described network insertion request comprises terminal to be accessed;
If the described terminal to be accessed of the access of described terminal to be accessed sign indication is hot terminal, described network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, network insertion request after described encapsulation is used to indicate described control appliance according to the network insertion request after described encapsulation, and by certificate server, described hot terminal is carried out to network access authentication, and after described hot terminal passes through network access authentication, by described hot terminal access network.
6. method according to claim 5, it is characterized in that, network insertion request after described encapsulation also is used to indicate described control appliance and sends accounting request to accounting server, and described accounting request indicates described accounting server to use and carry out charging the network after described hot terminal access network.
7. method according to claim 5, is characterized in that, described method also comprises:
If the described terminal to be accessed of the access of described terminal to be accessed sign indication is wide-band terminal, to described certificate server, send the wide-band terminal authentication request, described wide-band terminal authentication request indicates described certificate server to carry out network access authentication to described wide-band terminal, and send the wide-band terminal authentication response to described network access equipment, whether described wide-band terminal authentication response passes through network access authentication for describing described wide-band terminal;
Receive described wide-band terminal authentication response;
If described wide-band terminal authentication response indicates described wide-band terminal by network access authentication, by described wide-band terminal access network.
8. method according to claim 6, is characterized in that, after described accounting server carries out charging to described hot terminal, described method also comprises:
Receive the business indication information that described control appliance sends, described business indication information comprise specify preferential business and with the identification information of the wide-band terminal of described hot terminal binding, the preferential business of described appointment is that the service operation support server obtains according to the network access information of described hot terminal, and described network access information is for describing how many at least one of the network traffics of using after the time length of described hot terminal access network or access network;
To the identification information of described wide-band terminal, corresponding wide-band terminal sends the preferential business of described appointment, so that described wide-band terminal is carried out the preferential business of described appointment.
9. according to the described method of claim 5 to 8 any one, it is characterized in that, described method also comprises:
Receive the network access request of the terminal transmission of accessed network, the access sign of the terminal that described network access request comprises described accessed network;
Send the network access request of wide-band terminal to network, the terminal of the described accessed network of described access sign indication comprised in the network access request of described wide-band terminal is wide-band terminal;
After all wide-band terminal network access request that receive until current have been sent out, send again the network access request of hot terminal to described control appliance, so that described control appliance sends the network access request of described hot terminal to described network, the terminal of the described accessed network of described access sign indication comprised in the network access request of described hot terminal is hot terminal.
10. the method for network access based on wireless access point control and configuration CAPWAP agreement, is characterized in that, described method comprises:
Control appliance receives the network insertion request after the CAPWAP encapsulation that network access equipment sends;
After network insertion request after described encapsulation is carried out to the CAPWAP decapsulation, send the hot terminal authentication request according to the network insertion request after described decapsulation to certificate server, described hot terminal authentication request indicates described certificate server to carry out network access authentication to hot terminal, and send the hot terminal authentication response to described control appliance, whether described hot terminal authentication response passes through network access authentication for describing described hot terminal;
Receive the described hot terminal authentication response that described certificate server sends;
If described hot terminal authentication response indicates described hot terminal by network access authentication, by described hot terminal access network.
11. method according to claim 10, is characterized in that, if described hot terminal authentication response indicates described hot terminal by network access authentication, described by after described hot terminal access network, described method also comprises:
Send accounting request to accounting server, described accounting request indicates described accounting server to use and carry out charging the network after described hot terminal access network.
12. method according to claim 11, is characterized in that, the network insertion request after described encapsulation also comprises the identification information of hot terminal; Described, after accounting server sends accounting request, described method also comprises:
Obtain the network access information of described hot terminal according to the identification information of described hot terminal, described network access information is for describing the how many at least one items of the network traffics of using after described hot terminal access network time length or access network;
Send described network access information to described accounting server, so that described accounting server carries out charging according to described network access information to described hot terminal.
13. method according to claim 11, is characterized in that, described, after accounting server sends accounting request, described method also comprises:
Receive and send to network access equipment the business indication information that the service operation support server sends, described business indication information comprises the preferential business of specifying, identification information with wide-band terminal with the binding of described hot terminal, so that described network access equipment is to the identification information of described wide-band terminal, corresponding wide-band terminal sends the preferential business of described appointment, make described wide-band terminal carry out the preferential business of described appointment, the preferential business of described appointment is that described service operation support server obtains according to the network access information of the described hot terminal obtained from described control appliance, described network access information is for describing the time length of described hot terminal access network, or the network traffics of using after access network how many at least one.
14. the network access device based on wireless access point control and configuration CAPWAP agreement, is characterized in that, comprising:
Receiving element, the network insertion request sent for receiving terminal to be accessed, the access sign that described network insertion request comprises terminal to be accessed;
The first processing unit, if the described terminal to be accessed of access sign indication for described terminal to be accessed is hot terminal, described network insertion request is carried out to the CAPWAP encapsulation, and the network insertion request after encapsulation is sent to control appliance, network insertion request after described encapsulation is used to indicate described control appliance according to the network insertion request after described encapsulation, and by certificate server, described hot terminal is carried out to network access authentication, and after described hot terminal passes through network access authentication, by described hot terminal access network.
15. device according to claim 14, it is characterized in that, network insertion request after described encapsulation also is used to indicate described control appliance and sends accounting request to accounting server, and described accounting request indicates described accounting server to use and carry out charging the network after described hot terminal access network.
16. device according to claim 14, is characterized in that, described device also comprises:
The second processing unit, if the described terminal to be accessed of access sign indication for described terminal to be accessed is wide-band terminal, to described certificate server, send the wide-band terminal authentication request, described wide-band terminal authentication request indicates described certificate server to carry out network access authentication to described wide-band terminal, and send the wide-band terminal authentication response to described network access equipment, whether described wide-band terminal authentication response passes through network access authentication for describing described wide-band terminal; If described wide-band terminal authentication response indicates described wide-band terminal by network access authentication, by described wide-band terminal access network;
Described receiving element also for, receive described wide-band terminal authentication response.
17. device according to claim 15, is characterized in that,
Described receiving element, the business indication information also sent for receiving described control appliance, described business indication information comprise specify preferential business and with the identification information of the wide-band terminal of described hot terminal binding, the preferential business of described appointment is that the service operation support server obtains according to the network access information of described hot terminal, and described network access information is for describing how many at least one of the network traffics of using after the time length of described hot terminal access network or access network;
Described device also comprises:
Transmitting element, for the identification information to described wide-band terminal, corresponding wide-band terminal sends the preferential business of described appointment, so that described wide-band terminal is carried out the preferential business of described appointment.
18. according to claim 14 to the described device of 17 any one, it is characterized in that,
Described receiving element, the network access request also sent for the terminal that receives accessed network, the access sign of the terminal that described network access request comprises described accessed network;
Described the second processing unit, also for send the network access request of wide-band terminal to network, the terminal of the described accessed network of described access sign indication comprised in the network access request of described wide-band terminal is wide-band terminal;
After all wide-band terminal network access request that receive until current have been sent out, send again the network access request of hot terminal to described control appliance, so that described control appliance sends the network access request of described hot terminal to described network, the terminal of the described accessed network of described access sign indication comprised in the network access request of described hot terminal is hot terminal.
19. the network access device based on wireless access point control and configuration CAPWAP agreement, is characterized in that, comprising:
Receiving element, the network insertion request after the CAPWAP encapsulation sent for receiving network access equipment; Receive the hot terminal authentication response that certificate server sends, whether described hot terminal authentication response passes through network access authentication for describing described hot terminal;
Transmitting element, for after the network insertion request after described encapsulation is carried out to the CAPWAP decapsulation, send the hot terminal authentication request according to the network insertion request after described decapsulation to described certificate server, described hot terminal authentication request indicates described certificate server to carry out network access authentication to hot terminal, and sends described hot terminal authentication response to described control appliance;
Access unit, if indicate described hot terminal by network access authentication, by described hot terminal access network for described hot terminal authentication response.
20. device according to claim 19, it is characterized in that, if the described hot terminal authentication response that described receiving element receives indicates described hot terminal to pass through network access authentication, described transmitting element, also, for to accounting server, sending accounting request, described accounting request indicates described accounting server to use and carry out charging the network after described hot terminal access network.
21. device according to claim 20, is characterized in that, the network insertion request after the described encapsulation that described receiving element receives also comprises the identification information of hot terminal; Described device also comprises:
Acquiring unit, for obtain the network access information of described hot terminal according to the identification information of described hot terminal, described network access information is for describing the how many at least one items of the network traffics of using after described hot terminal access network time length or access network;
Described transmitting element, also for to described accounting server, sending described network access information, so that described accounting server carries out charging according to described network access information to described hot terminal.
22. device according to claim 20, is characterized in that,
Described receiving element, the business indication information also sent for receiving the service operation support server;
Described transmitting element, also for and send to network access equipment the business indication information that the service operation support server sends, described business indication information comprises the preferential business of specifying, identification information with wide-band terminal with the binding of described hot terminal, so that described network access equipment is to the identification information of described wide-band terminal, corresponding wide-band terminal sends the preferential business of described appointment, make described wide-band terminal carry out the preferential business of described appointment, the preferential business of described appointment is that described service operation support server obtains according to the network access information of the described hot terminal obtained from described control appliance, described network access information is for describing the time length of described hot terminal access network, or the network traffics of using after access network how many at least one.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210160566.1A CN103428697B (en) | 2012-05-22 | 2012-05-22 | Method for network access based on CAPWAP agreement, device and system |
| PCT/CN2012/083385 WO2013174098A1 (en) | 2012-05-22 | 2012-10-23 | Method, device and system for accessing network based on capwap protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210160566.1A CN103428697B (en) | 2012-05-22 | 2012-05-22 | Method for network access based on CAPWAP agreement, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103428697A true CN103428697A (en) | 2013-12-04 |
| CN103428697B CN103428697B (en) | 2016-12-07 |
Family
ID=49623054
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210160566.1A Active CN103428697B (en) | 2012-05-22 | 2012-05-22 | Method for network access based on CAPWAP agreement, device and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103428697B (en) |
| WO (1) | WO2013174098A1 (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104202248A (en) * | 2014-07-21 | 2014-12-10 | 上海寰创通信科技股份有限公司 | Method for realizing rapid intensive transmitting in wireless hotspot controller |
| CN104954399A (en) * | 2014-03-27 | 2015-09-30 | 正文科技股份有限公司 | Method for binding mobile carrier and intelligent device, and bound system thereof |
| CN105591866A (en) * | 2014-11-12 | 2016-05-18 | 中兴通讯股份有限公司 | Method and system for sharing WIFI, household gateway, and local area network gateway |
| CN106993300A (en) * | 2017-06-09 | 2017-07-28 | 深圳市伊特利网络科技有限公司 | The connection control method and system of terminal focus |
| CN113473486A (en) * | 2021-07-13 | 2021-10-01 | 蒋溢 | System and method for enhancing network coverage with cooperative end edge |
| CN115134416A (en) * | 2021-03-22 | 2022-09-30 | 中国联合网络通信集团有限公司 | Virtual reality service processing system and method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050260972A1 (en) * | 2002-09-12 | 2005-11-24 | Broadcom Corporation | Enabling and controlling access to wireless hot spots |
| CN1713623A (en) * | 2004-06-15 | 2005-12-28 | 日本电气株式会社 | Network connection system, network connection method, and switch used therefor |
| CN101212297A (en) * | 2006-12-28 | 2008-07-02 | 中国移动通信集团公司 | WEB-based WLAN access authentication method and system |
| CN101578828A (en) * | 2007-08-24 | 2009-11-11 | 华为技术有限公司 | Roaming Wi-Fi access in fixed network architectures |
| CN101621802A (en) * | 2009-08-13 | 2010-01-06 | 杭州华三通信技术有限公司 | Method, system and device for authenticating portal in wireless network |
| CN102355701A (en) * | 2011-09-19 | 2012-02-15 | 中兴通讯股份有限公司 | Wireless local area network (WLAN) accessing method and terminal |
-
2012
- 2012-05-22 CN CN201210160566.1A patent/CN103428697B/en active Active
- 2012-10-23 WO PCT/CN2012/083385 patent/WO2013174098A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050260972A1 (en) * | 2002-09-12 | 2005-11-24 | Broadcom Corporation | Enabling and controlling access to wireless hot spots |
| CN1713623A (en) * | 2004-06-15 | 2005-12-28 | 日本电气株式会社 | Network connection system, network connection method, and switch used therefor |
| CN101212297A (en) * | 2006-12-28 | 2008-07-02 | 中国移动通信集团公司 | WEB-based WLAN access authentication method and system |
| CN101578828A (en) * | 2007-08-24 | 2009-11-11 | 华为技术有限公司 | Roaming Wi-Fi access in fixed network architectures |
| CN101621802A (en) * | 2009-08-13 | 2010-01-06 | 杭州华三通信技术有限公司 | Method, system and device for authenticating portal in wireless network |
| CN102355701A (en) * | 2011-09-19 | 2012-02-15 | 中兴通讯股份有限公司 | Wireless local area network (WLAN) accessing method and terminal |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104954399A (en) * | 2014-03-27 | 2015-09-30 | 正文科技股份有限公司 | Method for binding mobile carrier and intelligent device, and bound system thereof |
| CN104954399B (en) * | 2014-03-27 | 2018-06-19 | 正文科技股份有限公司 | Bind the method and its binding system of mobile carrier and intelligent apparatus |
| CN104202248A (en) * | 2014-07-21 | 2014-12-10 | 上海寰创通信科技股份有限公司 | Method for realizing rapid intensive transmitting in wireless hotspot controller |
| CN104202248B (en) * | 2014-07-21 | 2019-07-05 | 上海寰创通信科技股份有限公司 | The implementation method of forwarding is quickly concentrated in hotspot controller |
| CN105591866A (en) * | 2014-11-12 | 2016-05-18 | 中兴通讯股份有限公司 | Method and system for sharing WIFI, household gateway, and local area network gateway |
| WO2016074354A1 (en) * | 2014-11-12 | 2016-05-19 | 中兴通讯股份有限公司 | Wifi sharing method and system, home gateway and wireless local area network gateway |
| CN106993300A (en) * | 2017-06-09 | 2017-07-28 | 深圳市伊特利网络科技有限公司 | The connection control method and system of terminal focus |
| CN106993300B (en) * | 2017-06-09 | 2020-09-15 | 深圳市伊特利网络科技有限公司 | Access control method and system for terminal hotspot |
| CN115134416A (en) * | 2021-03-22 | 2022-09-30 | 中国联合网络通信集团有限公司 | Virtual reality service processing system and method |
| CN115134416B (en) * | 2021-03-22 | 2023-04-25 | 中国联合网络通信集团有限公司 | Virtual reality service processing system and method |
| CN113473486A (en) * | 2021-07-13 | 2021-10-01 | 蒋溢 | System and method for enhancing network coverage with cooperative end edge |
| CN113473486B (en) * | 2021-07-13 | 2023-04-07 | 蒋溢 | System and method for enhancing network coverage with cooperative end edge |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2013174098A1 (en) | 2013-11-28 |
| CN103428697B (en) | 2016-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10616077B2 (en) | System architecture and methods for controlling and managing networking devices and expediting new service delivery in a subscriber's home network using micro-domains | |
| EP3281436B1 (en) | Method and apparatus for downloading a profile in a wireless communication system | |
| CN110692280B (en) | Network access method, device and system | |
| CN107660346B (en) | Method and apparatus for downloading profile in wireless communication system | |
| US9967738B2 (en) | Methods and arrangements for enabling data transmission between a mobile device and a static destination address | |
| CN106656547B (en) | Method and device for updating network configuration of household electrical appliance | |
| US7586905B2 (en) | Method of device service activation using a discovery mechanism | |
| CN110266576B (en) | Voice communication method and device | |
| US20130065557A1 (en) | Method of and system for data access over dual data channels with dynamic sim credential | |
| CN108141745A (en) | The method and apparatus of download profile in mobile communication system | |
| WO2006101065A1 (en) | Connection parameter setting system, method thereof, access point, server, radio terminal, and parameter setting device | |
| CN103428697A (en) | Network access method, device and system based on CAPWAP protocol | |
| CN102572830A (en) | Method and customer premise equipment (CPE) for terminal access authentication | |
| KR20050116820A (en) | Automatic configuration of client terminal in public hot spot | |
| CN103517377A (en) | Wireless network access method, Wifi access point and terminal | |
| CN104468291A (en) | WiFi module communication method and device | |
| CN108293055A (en) | Method, apparatus and system for authenticating to mobile network and for by the server of device authentication to mobile network | |
| CN103428263A (en) | Information processing apparatus, network system and information processing method | |
| EP1947818A1 (en) | A communication system and a communication method | |
| CN102215486B (en) | Network access method, system, network authentication method, equipment and terminal | |
| CN101697522A (en) | Virtual private network networking method, communication system and related equipment | |
| CN103442328A (en) | Method and system for controlling quality of service of terminal of Internet of Things | |
| CN113301563A (en) | Network configuration method, device, equipment and storage medium | |
| CN113507707B (en) | Distribution network method and system of intelligent teaching equipment | |
| CN108307683B (en) | Communication method, micro base station controller, terminal and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210427 Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040 Patentee after: Honor Device Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right |