CN103595602A - Network and its management method - Google Patents
Network and its management method Download PDFInfo
- Publication number
- CN103595602A CN103595602A CN201310608650.XA CN201310608650A CN103595602A CN 103595602 A CN103595602 A CN 103595602A CN 201310608650 A CN201310608650 A CN 201310608650A CN 103595602 A CN103595602 A CN 103595602A
- Authority
- CN
- China
- Prior art keywords
- information
- unit
- terminal
- lan
- wireless
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention aims to provide a highly convenient network by eliminating the problems of interference, leak, tapping, and band occupation, and the problem of network connection to one's own system in a shared space, and to provide its management method. A management server (1) registers relating information between additional information such as a VLAN tag or VPN header to be added to a packet and identification information such as an SSID, and writes the relating information in whole radio access points (3a-3d). Radio terminals (5a-5c, 5a', 5b') performs radio communication with one of the access points (3), so that the additional information such as the VLAN tag related to the identification information such as the SSID is added to the packet and transmitted to a backbone. On the contrary, when the communication is performed with the applicable radio terminal by using the identification information corresponding to the additional information of the packet received from the LAN in the system, the terminal becomes communicable with a server, etc. , which is connected to the LAN of one's own system.
Description
The application submits on July 14th, 2006, and Chinese Patent Application No. is 200610105915.4, the dividing an application of the patent application that denomination of invention is " network and management method thereof ".
Technical field
The present invention relates in a plurality of units common part network, and network and the management method thereof that can utilize mutually.
Background technology
Conventionally, because wireless LAN device arranges easily, and bring into use previous setting work also can carry out simply, so its application was expanded rapidly in recent years.
For example, the unit according to units such as all departments in the building of the ,Huo company of unit of each leaseholder in a building office building etc., arranges respectively or setting wireless lan device one by one.
Adopting in the WLAN of above-mentioned wireless device, in order to avoid interfering with each other between other adjacent wireless LAN device, take following countermeasure.
(1) utilize CDMA/CA mode contention-free.
(2) and between miscellaneous equipment group distinguish, for fear of radio interference, set group identifier (ESSID) (with reference to non-patent literature 1 >.
(3) utilize FDMA function, automatic detection wave condition around, sets available frequency (channel) automatically.Or on the wireless LAN device without this function, manually set and think the channel not too using.
(4) utilize WEP/WPA encryption technology, setting code does not allow other people use.
Non-patent literature 1: the イ of Co., Ltd. Application セ プ ト, IT word dictionary " ESSID ", [online], [putting down into retrieval on July 7th, 17], the Internet <http: //e-Words.jp/W/ESSID.html>
But the use of all take in aforementioned constituent parts is up to now object, constituent parts not too takes notice of that other unit arranges mutually this part thing of WLAN, is all individually to set or arrange WLAN.Obviously, there is following problem.
(1), even if utilize the aforesaid function that prevents existing wireless LAN device to disturb use, by the increase of wireless LAN device or application method, can produce mutually and disturb.
(2) wireless space can not effectively be used waste large.Therefore respond slack-off.
(3), while producing certain problem on WLAN network used, tackle this other side who adjusts indefinite.
(4) though know and close other wireless LAN device between interference, when adjusting with the other side, easily leak mutual secret.The part combining in the quantity of Yao Dui unit is in addition adjusted (signing a contract).If for example adjacent 6 units, will do the adjustment of 6*5/2=15.
(5) according to the behaviour in service frequency band (communication speed) of WLAN etc., be difficult to exchange.
(6) each unit need to maintain network action or guarantee spended time in safety, if just do not grasp correct knowledge and expand or the danger such as use network to cause to be ravesdropping at this point.
(7) (as if speed > can not exchange to only have and availablely just can take communication band with each other, therefore be difficult to configuration example electricity consumption or the framework that bears expenses according to use amount like that with coal gas.
(8) for example, in the public space of a plurality of units, cannot utilize network.
Although the main problem representing because using WLAN to produce of the problems referred to above also has the problem same with above-mentioned (8) to produce on wired lan.
Summary of the invention
The present invention proposes for addressing the above problem, and its object is to provide a kind of network and management method thereof that can solve above-mentioned variety of issue and improve convenience.
The invention provides a kind of network, the wireless terminal belonging in a plurality of units is connected with backbone network respectively with the LAN in constituent parts, it is characterized in that, described network is connected the interrelated information of storage and the management server that can upgrade this interrelated information with described backbone network, described interrelated information is the interrelated information being additional between the MAC Address comprising in the VLAN sign of packets of information or the identifying information of VPN information and described wireless terminal, described network has: terminal communication unit, according to the interrelated information from described management server, in the situation that receiving packets of information from described wireless terminal side joint, VLAN corresponding to the MAC Address with described wireless terminal sign or VPN information are additional to the packets of information of receiving from described wireless terminal and are sent to backbone network, and in the situation that the LAN side joint in described unit is received packets of information, utilize MAC Address and this wireless terminal communications corresponding with being additional to the VLAN sign of the packets of information receiving from the LAN in described unit or VPN information, and the LAN of unit communication unit, in the situation that the LAN side joint in described unit is received packets of information, the VLAN of this unit of additional representation sign or VPN information the packets of information receiving at the LAN in described unit, and in the situation that described wireless terminal side joint is received packets of information, take off after the VLAN sign or VPN information being additional to the packets of information of receiving from described wireless terminal via described backbone network, the LAN in described unit sends this packets of information.
In order to address the above problem, concrete formation of the present invention as described below.
(1) in belonging to the network that the terminal of a plurality of units is connected with backbone network respectively with LAN in constituent parts, storage is additional to additional information (VLAN sign or the VPN that id information bag sealed to (カ プ セ Le) with title etc.) and the identifying information (SSID of packets of information, user ID) between, the management server of interrelated information is connected with described backbone network, have: according to the interrelated information from described management server simultaneously, by the identifying information (SSID sending here with described terminal, user ID) corresponding, or additional information corresponding to the authentication result (MAC Address etc.) of coming with the unit of this identifying information of authentication is additional to the packets of information of receiving from described terminal and is sent to backbone network, utilize identifying information corresponding to the additional information that is additional to packets of information that receives with LAN in described unit and the terminal communication unit (accessing points of this terminal communication simultaneously, authentication switch HUB etc.), and the additional information of this unit of additional representation the packets of information receiving at the LAN in described unit, take off the LAN of the unit communication unit that LAN in the backward described unit of additional information the packets of information of receiving from described backbone network sends this packets of information (HUB corresponding with VLA, with router corresponding to VPN etc.).
(2) identifying information that described terminal is sent here is as user ID and authentication key, inter-related information between contained unit region name and described additional information in management server stores user ID, according to described identifying information, for example in accordance with IEEE802.1X, the certificate server authenticating is connected with backbone network, the identifying information that terminal communication unit is sent here according to terminal, is authenticated with server by authentication.
(3) identifying information that described terminal is sent here comprises the MAC Address of this terminal, and management server makes the MAC Address of the terminal that authenticated by certificate server relevant to described additional information.Soon user authenticates with MAC authentication group and is combined.
(4) using described terminal as wireless terminal, described terminal communication unit as and described wireless terminal between the radio access point that communicates, described identifying information is wireless identification label (SSID).
(5) described backbone network is as the Internet, and described management server is as the server being connected with described the Internet, and described terminal communication unit is as the wireless router corresponding with VPN connecting with described the Internet.
(6) described management server has: from described terminal communication unit, extract the information relevant with communication information bag amount, obtain the unit of the charge data corresponding with this communication information bag amount; And the unit of exporting this charge data.
(7) described terminal communication unit has the unit that quality of communicating (QoS) is controlled, and described management server has the unit of described terminal communication unit being set to the information relevant with communication quality (QoS).
(8) network management of the present invention, carry out configuration and the setting of described wireless device (accessing points), many the wireless devices (accessing points) that make to utilize same wireless space and wireless terminal between form non-interfering wireless communications environment, described wireless terminal and with this wireless terminal under unit in the node that is connected of LAN between, the virtual circuit that forms described wireless device (accessing points) and communicate by this wireless device (accessing points), according to the corresponding charge of the behaviour in service of described communication.
(9) in addition, network management of the present invention, carry out configuration and the setting of described wireless device (accessing points), many the wireless devices (accessing points) that make to utilize same wireless space and wireless terminal between form non-interfering wireless communications environment, described wireless terminal and with this wireless terminal under unit in the node that is connected of LAN between the virtual circuit that forms described wireless device (accessing points) and communicate by this wireless device (accessing points), according to the use contract of described virtual circuit, the messaging parameter of wireless device described in respective settings (accessing points).
(invention effect)
(1) terminal communication unit is made: the interrelated information of coming according to management server, by send here with terminal be additional to the IP packets of information of receiving from terminal with additional information corresponding to identifying information after be sent to backbone network, utilize corresponding identifying information and this terminal communication of additional information in the packets of information receiving with LAN in the unit of being additional to, in addition, unit LAN communication unit is made the additional information that represents this unit is additional to the IP packets of information of taking from LAN in unit, the additional information of taking off in the packets of information of backbone network is sent this packets of information to the LAN of unit, so terminal if by with terminal communication unit communicate just can with this terminal under unit in LAN be connected.Like this, thus by making the additional information of packets of information and the interrelated formation of the identifying information of terminal virtual circuit, can distribute to the constituent parts on each virtual circuit.
(2) user ID that described terminal communication unit is sent terminal here and authentication key are as identifying information, on this basis, certificate server authenticates according to its identifying information, relevant mutually by making between unit region name contained in user ID and described additional information, terminal profit user ID also can be connected with the LAN in own unit by certain terminal communication unit with authentication key.
(3) identifying information that terminal is sent here comprises the MAC Address of this terminal, management server is relevant to described additional information by the terminal MAC Address that makes to be authenticated by certificate server, once after authenticated server authentication, terminal just can be connected with the LAN in own unit by described virtual circuit according to its MAC Address.
(4) using described terminal as wireless terminal, using described terminal communication unit as and described wireless terminal between communicate radio access point, using described identifying information as wireless identification label, by like this, thereby only with wireless terminal, just can be connected with the LAN in own unit in the coverage of radio access point.
(5) pass through using described backbone network as the Internet, using described management server as the server being connected with described the Internet, using described terminal communication unit as the wireless router corresponding with VPN connecting with described the Internet, under the environment being connected with the Internet at constituent parts, each wireless terminal utilizes VPN to be connected with the LAN in constituent parts.
(6) by making described management server extract the information relevant with communication information bag amount from terminal communication unit, obtain the payment data relevant with this communication information bag amount, thereby the service of charging according to the behaviour in service of communication also just can be provided.
(7) by formation, make terminal communication unit communicate quality control, management server is set the information relevant with communication quality to described terminal communication unit, thereby each unit can be used network, constituent parts can effectively use the frequency band of network effectively.
(8) carry out configuration and the setting of described wireless device, many wireless devices that make to utilize same wireless space and wireless terminal between form non-interfering wireless communications environment, wireless terminal and with this wireless terminal under unit in the node that is connected of LAN between the virtual circuit that forms wireless device and communicate by this wireless device, according to the corresponding charge of the behaviour in service of this communication, such as can provide the same with the electricity charge, gas charge, telephone charges etc., network is separated to (cut り and divide け) and sell and to serve like that.
(9) by carrying out configuration and the setting of described wireless device, many wireless devices that make to utilize same wireless space and wireless terminal between form non-interfering wireless communications environment, wireless terminal and with this wireless terminal under unit in the node that is connected of LAN between the virtual circuit that forms described wireless device and communicate by this wireless device, according to the use contract of this virtual circuit, set the messaging parameter of described wireless device, thereby can guarantee and the contract (communication quality that expense > is corresponding, for example solve the frequency band that some units are fully used network, and the problem that the service efficiency of other unit (communication quality) reduces.
Accompanying drawing explanation
Fig. 1 is illustrated in the schematic diagram that the example of the existing formation of unit, WLAN in one deck flooring in certain building Nei Huo building and formation of the present invention is used.
Fig. 2 is for representing the network figure of execution mode 1.
The figure of Fig. 3 for representing that the virtual circuit of the network of execution mode 1 is used.
The figure that Fig. 4 uses for the example of the VLAN sign that represents management server and have and the interrelated information of SSID.
The figure that the content example of the control information table that Fig. 5 has for the management server representing with Fig. 4 is used.
The figure of Fig. 6 for representing that the packets of information example of transmission VLAN and non-VLAN is used.
Fig. 7 is for representing and the flow chart of setting the contents processing of interrelated information-related management server and accessing points.
The flow chart that Fig. 8 is the contents processing that represents to communicate by letter between wireless terminal and accessing points.
The flow chart of the content of communication process between the node that Fig. 9 is the wired lan of expression constituent parts and accessing points.
Figure 10 is for representing the flow chart of the contents processing of the management server that relevant communication quality is set.
Figure 11 is the flow chart that relevant toll administration represents the contents processing that management server carries out.
Figure 12 is for representing in the network of execution mode 2 flow chart of the content of communication process between management server and accessing points.
Figure 13 is for representing the flow chart of the content of communication process between wireless terminal and accessing points.
The flow chart of the content of communication process between the node that Figure 14 is the wired lan of expression constituent parts and accessing points.
Figure 15 is for representing the flow chart of the content of communication process between wireless terminal and accessing points.
Figure 16 forms for representing the network of execution mode 3 figure that example is used.
The figure of Figure 17 for representing that the packets of information of the interior transmission of LAN and the example of VPN packets of information are used.
Description of reference numerals
1 management server
2?VLAN-HUB
3 accessing points
4?VLAN-HUB
5 wireless terminals
Embodiment
The network of execution mode 1 is described with reference to Fig. 1~Figure 11.
First, Fig. 1 representation case is as the example of one deck flooring Nei Mou unit in certain building Nei Huo building and the formation example of WLAN.(A) be existing example.In the situation that 6 departments such as Human Resources Department, General Affairs Department, development department, research department, sales department, business planning portion introduce setting wireless lan device respectively voluntarily, when between these accessing points and wireless terminal (notebook computer etc.), channel used is identical, mutual interference just becomes problem.
In contrast, embodiments of the present invention, as shown in (B), can manage constituent parts wireless space used, even if constituent parts is not known the state of adjacent cells wireless device, also can effectively use to greatest extent wireless space.
The network using SSID of execution mode 1 and VLAN, can effectively utilize wireless space, between the node connecting, communicates at the LAN of wireless terminal He Qi affiliated unit, makes it set as described below and move.
(1) each unit being branched away is distributed to SSID.
(2) each unit being branched away is distributed to virtual lan (later referred to as ' VLAN ').
(3) for example, to management server VLAN (' VLAN2 ') for allocation manager.
(4) build WLAN trunk LAN.
Radio access point (later referred to as ' AP ') is arranged at that to identify the wire communication that the WLAN of VLAN sign uses online in the lump.The constraint of APBu Shou unit, can configure and set the best radio communication of communication quality for.
(5) wired lan of constituent parts is connected with trunk LAN with WLAN.
The packets of information with VLAN sign that receives affiliated unit is set on wired lan and the tie point of WLAN with trunk LAN in constituent parts, and the state that takes off VLAN sign and become the packets of information on the LAN of reply standard has the device (being generally switch center or L3 switch with LAN function) of the function of the wired lan transmission in Neng Xiang unit.In addition, with the VLAN sign of this device Jiang Gai unit, be additional in the packets of information of giving WLAN.
(6) AP is associated and communicates with SSID and VLAN sign.
AP is in accordance with the indication of the management server communicating by above-mentioned ' VLAN2 ', and SSID and VLAN are interrelated.
For example,
From the packets of information of ' VLAN3 ', send the wireless terminal of SSIDA, from the packets of information of SSIDA, send ' VLAN3 '.
From the packets of information of ' VLAN4 ', send the wireless terminal of SSIDB, from the information of SSIDB, send ' VLAN4 '.
From the packets of information of ' VLAN5 ', send the wireless terminal of SSIDC, from the information of SSIDC, send ' VLAN5 '.
VLAN2 is as communication LAN for management, and AP oneself is used.
(7) wireless terminal communicates according to the SSID of affiliated unit.
Namely,
The wireless terminal that belongs to the A of unit communicates according to SSIDA.
The wireless terminal that belongs to the B of unit communicates according to SSIDB.
The wireless terminal that belongs to the C of unit communicates according to SSIDC.
By like this, with which accessing points be connected and can be connected with the LAN of own unit.
Even if because do not change in this relation of public space, so all constant to all in the room of the scope Nei, unit of radio overall management, can use like this yet.
(8) wireless state and each VLAN of management service management.
Management server carries out following processing.
Management backbone network, AP, wireless space.
Carry out inter-related management between SSID and VLAN.
The VLAN behaviour in service of constituent parts is distributed in inspection.
According to this behaviour in service establishment charge data.
Below, represent to realize the concrete formation of above-mentioned framework.
Fig. 2 is for representing all figure forming of network.In figure, VLAN-HUB2 is for forming the HUB of trunk LAN, and this trunk VLAN is connected with other VLAN-HUB4a~4d, radio access point 3a~3d and management server 1.
VLAN-HUB4a is the HUB that the A of unit is used, and connects other common (not being that VLAN is corresponding) HUB or home computer's etc. node, and VLAN-HUB4b, 4c are that the B of unit, the C of unit are used too, connect other common HUB or node.VLAN-HUB4d is at public space HUB used, connects the catv terminal (for example home computer) of constituent parts here.
In notebook computer 5a, 5b, 5c, 5a ', 5b ' and accessing points 3a~3d as wireless terminal, any carries out radio communication, as a node of LAN in own unit, works.For example, as long as notebook computer 5a, 5a ' belong to the A of unit, utilize and communicate by accessing points 3d, thereby can for example, between the node (server) on the LAN of VLAN-HUB4a that connects the A of unit, communicate.Equally, the notebook computer 5b, the 5b ' that belong to the B of unit utilize and communicate by accessing points 3d, thereby for example, communicate between the node (server) on the LAN that the VLAN-HUB4b of the A of Neng Yu unit connects.
The schematic diagram of Fig. 3 for representing that the virtual circuit of network is used.As long as notebook computer 5a, 5a ' as wireless terminal belong to the A of unit, by virtual circuit (VLAN3), be connected with the LAN in the A of unit respectively.As long as notebook computer 5b, 5b ' belong to the B of unit, by virtual circuit (VLAN4), be connected with the LAN in the B of unit respectively in addition.Same as long as notebook computer 5c belongs to the C of unit, by virtual circuit (VLAN5), be connected with the LAN in the C of unit.
Like this, utilize trunk LAN and be located at the functionality of vlan of the VLAN-HUB of constituent parts, the wireless terminal that belongs to constituent parts is connected with the LAN in constituent parts respectively.Thereby, on the accessing points 3a~3d of each WLAN, write in advance the interrelated information between VLAN sign and wireless identification label SSID.
Fig. 4 is for representing to preset the figure that between the VLAN sign of described management server 1 and SSID, relation is used.In this execution mode, because managing 3 units (C of A~unit of unit), therefore register in advance 3 groups of VLAN, indicate and SSID group.
The communication quality (QoS) that Fig. 5 is each unit of being managed by management server 1, communication information bag amount and the accordingly data of charge.For example, according to the grade respective settings QoS of signing communication quality in advance.Take out in addition the packets of information amount data of radio access point and obtain its corresponding charge data.
Fig. 6 represents the common packets of information of the upper transmission in the Internet (registered trade mark) and the difference of the packets of information that formation VLAN uses.(A) be common packets of information, be essentially the Internet (registered trade mark) title is additional in the IP packets of information with IP title and real data portion.In contrast, form the packets of information that VLAN uses, also additional VLAN indicates on this basis.This VLAN sign is and the connection form of the physics sign of its each group use of identification of the virtual group use of setting terminal independently.
Fig. 7~Figure 11 represents the main contents processing of the node of management server, accessing points and constituent parts wired lan with flow chart form.
Fig. 7 is the flow chart about the setting use of VLAN sign and the interrelated information of SSID.Management server writes the interrelated information table (renewal) shown in Fig. 4 by a pair of VLAN sign and the SSID of outside (control desk) input.Then, above-mentioned interrelated information is write to all accessing points (AP).Accessing points is stored this interrelated information thus.
Fig. 8 is for representing the flow chart of communication process between wireless terminal and accessing points.
Wireless terminal carries out radio communication according to the SSID access point being set on this wireless terminal.By like this, accessing points indicates VLAN corresponding to the SSID with receiving from this wireless terminal to packets of information and send trunk LAN.
The flow chart of the step of communication process between the node that Fig. 9 is the wired lan of expression constituent parts and accessing points.When the node of the wired lan of Dang Congmou unit send to accessing points the packets of information indicating with VLAN, accessing points is taken off VLAN sign from this packets of information and is recovered to common packets of information, carries out radio communication by this SSID and wireless terminal simultaneously.
Like this, wireless terminal no matter by which accessing points can and the node of the wired lan of own unit between communicate.Therefore,, even if for example use in the room of the B of unit the wireless terminal that belongs to the A of unit, between the node of the wired lan of the A of this wireless terminal Reng Nenghe unit, communicate.
Figure 10 communicates the flow chart of the contents processing of quality settings for representing management server.First read from the QoS of each SSID of outside (control desk etc.) input, write and (upgrade the control information table shown in > Fig. 5.Then, to all accessing points, write above-mentioned QoS information.
By like this, wireless terminal can carry out radio communication with the QoS corresponding with its SSID.
Figure 11 is for representing the flow chart of the contents processing of the toll administration that management server carries out.Management server is according to QoS and packets of information amount, or according to expense (process (コ ー ス)) calculate charge.Again according to selecting and above-mentioned pay imformation need be issued to the e-mail address of client's appointment from outside indication.Or deduct from the bank of the client's appointment account of withholing.
The network of execution mode 2 is described with reference to Figure 12~Figure 15 below.
The network of execution mode 2 is for authenticating the network combining with VLAN according to the user of IEEE802.1X.Therefore make it set as described below and move.
(1) to being divided each unit leaving to distribute SSID.
(2) to being divided each unit leaving to distribute virtual lan (later referred to as ' VLAN ').
(3) for example, to management server VLAN (' VLAN2 ') for allocation manager.
(4) build WLAN trunk LAN.
Radio access point (later referred to as ' AP ') is arranged at that to identify the wire communication that the WLAN of VLAN sign uses online in the lump.Even all similarly arrange in constituent parts and in public space.The constraint of APBu Shou unit, can configure and set the best radio communication of communication quality for.
(5) wired lan of constituent parts is connected with trunk LAN with WLAN.
The packets of information with VLAN sign that receives affiliated unit is set on wired lan and the tie point of WLAN with trunk LAN in constituent parts, and the state that takes off VLAN sign and become the packets of information on the LAN of reply standard has the device (being generally switch center or L3 switch with functionality of vlan) of the function of the wired lan transmission in Neng Xiang unit.In addition, with the VLAN sign of this device Jiang Gai unit, invest in the packets of information of giving WLAN.
(6) each user holds user ID and the authentication key that is connected use with WLAN.Each user holds user ID and the authentication key of ' user name@unit region name ' form.Representational authentication key is password, birthplace, disposal password, electronic identification book etc.The user ID that for example belongs to the user ID " taro " (too man) of the A of unit is " taro@A ".
(7) AP carries out user's ID authentication.
According to IEEE802.1X, the terminal of wireless connections is authenticated.Now, see the part of the unit region name of user ID, judge certain VLAN of the radius server of inquiring authentication key or authenticate latter linked VLAN.Region name is obeyed the indication of the management server of communicating by letter by ' VLAN2 ' with the relation between VLAN.
If the A of unit is own unit, hold according to the certificate server of electronic identification book, other is according to cipher authentication, when authentication is carried out to Entrusted authentication, just as described below.
At wireless terminal, for example by user " taro A ", obtain the management server communication that the region name A of situation Xia,APJiang unit of connection is connected with VLAN2.By like this, indicate and authenticate by ' VLAN3 ', accordingly, cross VLAN3 and communicate by letter with the certificate server of the A of unit, judge authentication key.
In addition, at wireless terminal, for example by user 10 " jiro B ", obtain the management server communication that the region name B of situation Xia,APJiang unit of connection is connected with " VLAN2 ".By like this, indication authenticates by ' VLAN6 ', accordingly, crosses the certificate server that " VLAN6 " use with Entrusted authentication and communicates by letter, judgement authentication key.
(8) APShi unit's region name is interrelated and communicate by letter with sign.
From the packets of information of ' VLAN3 ', give the wireless terminal in the certified mistake of the region A of unit, from the packets of information of the wireless terminal of the certified mistake of the region A of unit, send VLAN3.
From the packets of information of ' VLAN4 ', give the wireless terminal in the certified mistake of the region B of unit, from the packets of information of the wireless terminal of the certified mistake of the region B of unit, send VLAN4.
From the packets of information of ' VLAN5 ', give the wireless terminal in the certified mistake of the region C of unit, from the packets of information of the wireless terminal of the certified mistake of the region C of unit, send VLAN5.
VLAN2 is as communication LAN for management, and AP oneself is used.
(9) wireless terminal user ID and authentication key authentication, with public SSID communication.
Belong to the wireless terminal of the A of unit with comprising that the user ID of the region A of unit authenticates, with public SSID communication.By like this, with which accessing points be connected, wireless terminal can be connected with the LAN of own unit.
Owing to not changing in this relation of public space, so all constant in the scope Nei, unit of radio overall management can be used like this.
(10) wireless state and each VLAN of management service management.
Management server carries out following processing.
Management backbone network, AP, wireless space.
Carry out inter-related management between SSID and VLAN.
The VLAN behaviour in service of constituent parts is distributed in inspection.
According to this behaviour in service establishment charge data.
If the network of execution mode 2 is figured, identical with shown in Fig. 2 and Fig. 3, but become certificate server, (radius server > is just connected with trunk LAN or is connected with the LAN of constituent parts.
The flow chart of interrelated relevant contents processing between the network Zhong Yu unit region name that Figure 12 is expression execution mode 2 and VLAN sign.Management server by unit region name and and VLAN sign between interrelated information send all accessing points.This interrelated information is the same with the information shown in Fig. 4 in execution mode 1, will indicate that paired unit region name is registered in management server in advance with VLAN, and this management server passes on this interrelated information to accessing points.
Accessing points is accepted from be mutually related between the unit region name of management server and VLAN sign information storage.
Figure 13 be expression with wireless terminal and accessing points between the communicate by letter flow chart of relevant contents processing.Wireless terminal (according to the requirement from accessing points) send accessing points by user ID and password.According to the unit region name part of the user ID receiving from this wireless terminal, by this certificate server, (radius server > authenticates accessing points.Be more specifically: according to above-mentioned unit region name, judge certain VLAN of the radius server that inquiry could authenticate, by this VLAN inquiry radius server, could connect.
Figure 14 is for representing the node of wired lan and the flow chart of the communication between accessing points of constituent parts.The node of the wired lan of constituent parts send accessing points by the packets of information with VLAN.By like this, the wireless terminal that accessing points authenticated the packets of information Song Yonggai unit region name from each VLAN.Now, utilize public SSID.
Figure 15 is for representing the flow chart of the communication after authentication between wireless terminal and accessing points.Wireless terminal is communicated by letter with accessing points with public SSID.Accessing points is sent the VLAN corresponding with authenticated unit region name by packets of information.By like this, utilize IEEE802.1X and VLAN, also just can communicate by letter with the LAN in own unit from certain accessing points.
Also have, in above-mentioned example, all enumerate the example communicating between the LAN node in wireless terminal and constituent parts, but also can manage with roughly the same framework for wired lan.Such as the terminals such as notebook computer are connected with the VLAN-HUB4d that is arranged at the public space shown in Fig. 2, the occasion such as between the server being connected at the LAN with in own unit, communicate.But the in the situation that of wired lan because there is no a SSID, so by the interrelated information setting between the unit region name shown in execution mode 2 and VLAN sign in the VLAN-HUB4d shown in Fig. 2.Then carry out ordering the same processing with wireless access.Namely, the unit region name of the user ID receiving according to the terminal from being connected with this VLAN-HUB4d, is authenticated by this certificate server.
Also have, this execution mode 2 authenticates according to IEEE802.1X, but mode that also can authenticate with user+MAC authentication is carried out.Namely, establish the MAC Address that comprises this terminal in the identifying information that terminal (wireless terminal or catv terminal) sends here, management server makes MAC Address and the VLAN sign of the terminal that authenticated by certificate server interrelated.
According to this method, the terminal not corresponding with IEEE802.1X is also applicable.Namely, structure can be made: from the keyboard input username and password of terminal, management server authenticates it, and the MAC Address of the terminal of approval is registered in to radio access point or HUB.After, radio access point or HUB check above-mentioned MAC Address, only effective packets of information are communicated.
The network of execution mode 3 is described with reference to Figure 16, Figure 17 below.
Figure 16 is for representing all figure forming of network.By router one 1 management server 1, be connected with the Internet.The A of unit has wireless router 13a, common HUB14a.In addition, the B of unit has wireless router 13b and HUB14b.At the C of unit, also there is wireless router 13c and HUB14c equally.The nodes such as these HUB14a, 14b, 14c and the server using in constituent parts or home computer are connected.At public space, wireless router 13d is set in addition.These wireless routers 13a~13d is connected with the Internet by line terminator 10.
In execution mode 1, execution mode 2, all with VLAN, form virtual lan, but execution mode 3 use VPN.Wireless router 13a~13d and router one 1 are all the routers corresponding with VPN, can form virtual dedicated network.Namely, in execution mode 1,2, according to the level of OSI reference model 2, form virtual circuit, but according to level 3, form virtual circuit in execution mode 3.Thereby, as the HUB corresponding with VLAN shown in the Internet, execution mode 1,2 or accessing points in the LAN at the backbone network shown in execution mode 1,2, this execution mode 3, in this execution mode 3, be just replaced as respectively the wireless router corresponding with VPN.
Figure 17 represents the common packets of information of the upper transmission in the Internet (registered trade mark) and the difference of the packets of information that formation VPN uses.(A) being common packets of information, is that the Internet (registered trade mark) title is additional in the IP packets of information with IP title and real data portion substantially.In contrast, form packets of information that VPN uses to packet keying, or as common message, thereon additional VPN information (global ip address) and sealing.This VPN information is the same with the use of the VLAN sign shown in execution mode 1, also for its each group of identification of the virtual group use of setting terminal.
Claims (8)
1. a network, is connected the wireless terminal belonging in a plurality of units respectively with the LAN in constituent parts with backbone network, it is characterized in that,
Described network is connected the interrelated information of storage and the management server that can upgrade this interrelated information with described backbone network, described interrelated information is the interrelated information being additional between the MAC Address comprising in the VLAN sign of packets of information or the identifying information of VPN information and described wireless terminal
Described network has:
Terminal communication unit, according to the interrelated information from described management server, in the situation that receiving packets of information from described wireless terminal side joint, VLAN corresponding to the MAC Address with described wireless terminal sign or VPN information are additional to the packets of information of receiving from described wireless terminal and are sent to backbone network, and in the situation that the LAN side joint in described unit is received packets of information, utilize MAC Address and this wireless terminal communications corresponding with being additional to the VLAN sign of the packets of information receiving from the LAN in described unit or VPN information; And
The LAN of unit communication unit, in the situation that the LAN side joint in described unit is received packets of information, the VLAN of this unit of additional representation sign or VPN information the packets of information receiving at the LAN in described unit, and in the situation that described wireless terminal side joint is received packets of information, take off after the VLAN sign or VPN information being additional to the packets of information of receiving from described wireless terminal via described backbone network, the LAN in described unit sends this packets of information.
2. network as claimed in claim 1, is characterized in that,
Described terminal communication unit for and described wireless terminal between the radio access point that communicates.
3. network as claimed in claim 1, is characterized in that,
Described backbone network is the Internet, and described management server is connected with described the Internet, and described terminal communication unit is the wireless router corresponding with VPN connecting with described the Internet.
4. network as claimed any one in claims 1 to 3, is characterized in that,
Described management server has:
From described terminal communication unit, extract the information relevant with communication information bag amount, obtain the unit of the charge data corresponding with this communication information bag amount; And
Export the unit of this charge data.
5. network as claimed any one in claims 1 to 3, is characterized in that,
Described terminal communication unit has the unit of the quality control of communicating,
Described management server has the unit of described terminal communication unit being set to the information relevant with communication quality.
6. network as claimed any one in claims 1 to 3, is characterized in that,
Carry out configuration or the setting of described wireless device, make to utilize between a plurality of terminal communications unit of same wireless space and wireless terminal to form non-interfering wireless communications environment,
Described wireless terminal and with this wireless terminal under unit in the node that is connected of LAN between, the virtual circuit that forms described wireless device and communicate by this wireless device.
7. network as claimed in claim 4, is characterized in that,
Carry out configuration or the setting of described wireless device, make to utilize between a plurality of terminal communications unit of same wireless space and wireless terminal to form non-interfering wireless communications environment,
Described wireless terminal and with this wireless terminal under unit in the node that is connected of LAN between, the virtual circuit that forms described wireless device and communicate by this wireless device.
8. network as claimed in claim 5, is characterized in that,
Carry out configuration or the setting of described wireless device, make to utilize between a plurality of terminal communications unit of same wireless space and wireless terminal to form non-interfering wireless communications environment,
Described wireless terminal and with this wireless terminal under unit in the node that is connected of LAN between, the virtual circuit that forms described wireless device and communicate by this wireless device.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2005-205922 | 2005-07-14 | ||
| JP2005205922A JP4932187B2 (en) | 2005-07-14 | 2005-07-14 | Network and its management method |
| CN 200610105915 CN1897554A (en) | 2005-07-14 | 2006-07-14 | Network and its management method |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610105915 Division CN1897554A (en) | 2005-07-14 | 2006-07-14 | Network and its management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103595602A true CN103595602A (en) | 2014-02-19 |
| CN103595602B CN103595602B (en) | 2016-09-07 |
Family
ID=37609936
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610105915 Pending CN1897554A (en) | 2005-07-14 | 2006-07-14 | Network and its management method |
| CN201310608650.XA Active CN103595602B (en) | 2005-07-14 | 2006-07-14 | network and management method thereof |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610105915 Pending CN1897554A (en) | 2005-07-14 | 2006-07-14 | Network and its management method |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP4932187B2 (en) |
| CN (2) | CN1897554A (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2015154152A (en) * | 2014-02-12 | 2015-08-24 | 西日本電信電話株式会社 | Relay system, low-order relay apparatus, high-order relay apparatus, relay method, and computer program |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1357997A (en) * | 2000-12-15 | 2002-07-10 | 华为技术有限公司 | Virtual local area network access method in Ethernet access network |
| CN1567865A (en) * | 2003-06-17 | 2005-01-19 | 联想(北京)有限公司 | A method for implementing WLAN piconet networking |
| CN1759620A (en) * | 2003-02-06 | 2006-04-12 | 讯宝科技公司 | Virtual wireless local area networks |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4138281B2 (en) * | 2001-08-29 | 2008-08-27 | アライドテレシスホールディングス株式会社 | Terminal movement detection method in LAN system, terminal movement detection processing program, recording medium recording terminal movement detection processing program, LAN system management apparatus, and LAN system |
| JP3695538B2 (en) * | 2003-06-04 | 2005-09-14 | 日本電気株式会社 | Network service connection method / program / recording medium / system, access point, wireless user terminal |
| JP2005020626A (en) * | 2003-06-27 | 2005-01-20 | Nec Corp | Base station, wireless network system, wireless communication method and control program of base station |
-
2005
- 2005-07-14 JP JP2005205922A patent/JP4932187B2/en active Active
-
2006
- 2006-07-14 CN CN 200610105915 patent/CN1897554A/en active Pending
- 2006-07-14 CN CN201310608650.XA patent/CN103595602B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1357997A (en) * | 2000-12-15 | 2002-07-10 | 华为技术有限公司 | Virtual local area network access method in Ethernet access network |
| CN1759620A (en) * | 2003-02-06 | 2006-04-12 | 讯宝科技公司 | Virtual wireless local area networks |
| CN1567865A (en) * | 2003-06-17 | 2005-01-19 | 联想(北京)有限公司 | A method for implementing WLAN piconet networking |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2007028084A (en) | 2007-02-01 |
| CN103595602B (en) | 2016-09-07 |
| JP4932187B2 (en) | 2012-05-16 |
| CN1897554A (en) | 2007-01-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100583735C (en) | Security group management system | |
| CN1910861B (en) | Public access point | |
| CN101933347B (en) | Method and apparatus for virtual wi-fi service with authentication and accounting control | |
| CN101668290B (en) | Method and device for configuring wireless local area network (WLAN) | |
| CN101521883B (en) | Method and system for renewing and using digital certificate | |
| CN101232378B (en) | Authentication accessing method of wireless multi-hop network | |
| CN100403682C (en) | Mechanisms for policy based UMTS QOS and IP QOS management in mobile IP networks | |
| CN102308528B (en) | Wireless home mesh network bridging adaptor | |
| CN103581901B (en) | A kind of Wi Fi wireless networks access the processing method of configuration information and equipment | |
| CN100369434C (en) | Method for implementing virtual LAN based on WAPI system in WLAN | |
| CN104113915B (en) | A kind of WLAN and its sharing method, Wireless Local Area Network Gateway | |
| CN103684958B (en) | Method and system for providing flexible VPN (virtual private network) service and VPN service center | |
| CN102202298A (en) | Combined network and method for wireless sensor network terminal to join network | |
| CN1437811A (en) | A platform information switch | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| CN101547097B (en) | Digital media management system and management method based on digital certificate | |
| CN104541489B (en) | For method, communication network, program and the computer program product of the network node for configuring communication network | |
| CN1659558B (en) | Broker-based interworking using hierarchical certificates | |
| CN100544253C (en) | The safe re-authentication method of mobile terminal of wireless local area network | |
| CN108234119A (en) | A kind of digital certificate management method and platform | |
| CN106375123A (en) | Configuration method and device for 802.1X authentication | |
| CN204231671U (en) | A kind of Bluetooth beacon device and WLAN terminal authentication connecting system | |
| CN108200081A (en) | Smart machine networking method and smart machine system | |
| CN106416146A (en) | Communication apparatus, communication method, and communication system | |
| CN103401751B (en) | Internet safety protocol tunnel establishing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |