CN103595602B - network and management method thereof - Google Patents
network and management method thereof Download PDFInfo
- Publication number
- CN103595602B CN103595602B CN201310608650.XA CN201310608650A CN103595602B CN 103595602 B CN103595602 B CN 103595602B CN 201310608650 A CN201310608650 A CN 201310608650A CN 103595602 B CN103595602 B CN 103595602B
- Authority
- CN
- China
- Prior art keywords
- information
- unit
- wireless
- terminal
- lan
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention discloses problems such as a kind of can solving to disturb, leak, eavesdrop, frequency band occupies, the problem being connected with the network of oneself unit in public space, quite convenient network and management method thereof.The interrelated information being additional between the identification information such as additional information and SSID such as VLAN mark or the VPN title of information bag is registered in management server (1) by unit, and this interrelated information is write all radio access points (3a~3d) by management server (1).Wireless terminal (5a~5c, 5a ', 5b ') is by carrying out radio communication with arbitrary accessing points (3), the additional informations such as the VLAN mark being associated with identification information such as this SSID are additional to information bag and are sent to backbone network, otherwise, by utilizing the identification information corresponding with the additional information that the information that the LAN in unit receives is wrapped and this wireless terminal communications, thus the server etc. that terminal can be connected with the LAN in oneself unit communicates.
Description
The application is to submit on July 14th, 2006, and Chinese Patent Application No. is 200610105915.4,
The divisional application of the patent application of invention entitled " network and management method thereof ".
Technical field
The present invention relates in multiple unit common part networks the network that can utilize mutually and management thereof
Method.
Background technology
Arrange easily generally, due to wireless LAN device, and the setting work before beginning to use is also
Can carry out simply, so its application is expanded rapidly in recent years.
Such as, according to the unit of each leaseholder in a building office building etc. or each in the building of company
The unit of the units such as department, is arranged or setting wireless lan device the most one by one.
On the WLAN using above-mentioned wireless device, in order to avoid other adjacent WLAN
Interfering with each other of equipment room, takes following countermeasure.
(1) CDMA/CA mode contention-free is utilized.
(2) and distinguish between miscellaneous equipment group, set group identifier in order to avoid radio interference
(ESSID) (with reference to non-patent literature 1 >.
(3) utilizing FDMA function, detection wave condition around, automatically sets available frequency automatically
Rate (channel).Or thinking, without manually setting on the wireless LAN device of this function, the frequency less used
Road.
(4) utilizing WEP/WPA encryption technology, setting code does not allow other people use.
Non-patent literature 1: Co., Ltd. イ Application セ プ ト, IT word dictionary " ESSID ", [online],
[Heisei retrieval on July 7th, 17], internet<http://e-Words.jp/W/ESSID.html>
But, in the most aforementioned constituent parts all for the purpose of using, constituent parts less takes notice of other
Unit arranges mutually this part thing of WLAN, is all individually to set or arrange WLAN.Obviously,
There is problem below.
(1) even with the aforesaid function prevented the interference of existing wireless LAN device, by wireless
The increase of lan device or application method can produce mutual interference.
(2) wireless space can not effectively use waste big.Therefore respond slack-off.
(3), when producing certain problem on the network used by WLAN, this other side being adjusted is tackled
Indefinite.
(4) even if knowing and interference between other close wireless LAN device, it is being adjusted with the other side
The secret that Shi Rongyi leakage is mutual.Additionally to be adjusted (signing to the part of combination in the quantity of unit
Make a contract).If the most adjacent 6 units, the adjustment of 6*5/2=15 to be made.
(5) it is difficult to exchange according to the behaviour in service frequency band (communication speed) etc. of WLAN.
(6) each unit is required for maintaining network action or guaranteeing to spend the time, if not slapping in safety
Holding correct knowledge with regard to this extension or uses network will cause danger such as being ravesdropping.
(7) communication band (can not exchange with each other and the most available just can take, therefore is difficult to structure by speed >
Become such as electricity consumption or with the framework born expenses according to usage amount coal gas.
(8) such as in the space that multiple units are public, it is impossible to utilize network.
Although the problems referred to above mainly represent the problem because using WLAN to produce, but at wired lan
On also have the problem same with above-mentioned (8) to produce.
Summary of the invention
The present invention solves that the problems referred to above propose, its object is to provide one to solve above-mentioned various
Problem also improves network and the management method thereof of convenience.
The present invention provides a kind of network, by the wireless terminal belonged in multiple unit and constituent parts
LAN is connected with backbone network respectively, it is characterised in that described network will store interrelated information and energy
The management server enough updating this interrelated information is connected with described backbone network, described interrelated letter
Breath is attached to VLAN mark or the identification information of VPN information and described wireless terminal of information bag
Included in MAC Address between interrelated information, described network has: terminal communication unit,
According to the interrelated information from described management server, receiving letter from described wireless terminal side joint
In the case of breath bag, by the VLAN mark corresponding with the MAC Address of described wireless terminal or VPN
Information is additional to the information received from described wireless terminal and wraps and be sent to backbone network, and from described unit
In the case of interior LAN side receives information bag, utilize and be additional to the LAN in described unit
The MAC Address that the VLAN of the information bag received indicates or VPN information is corresponding and this wireless end
End communication;And unit LAN communication unit, receive information at the LAN side in described unit
In the case of bag, the information received at the LAN in described unit wraps additional this unit of expression
VLAN mark or VPN information, and in the case of described wireless terminal side joint receives information bag,
Take off and be additional to the VLAN mark wrapped from the information that described wireless terminal receives via described backbone network
Or after VPN information, the LAN in described unit sends this information bag.
In order to solve the problems referred to above, the concrete of the present invention is constituted as described below.
(1) net that the LAN in the terminal belonging to multiple unit and constituent parts is connected with backbone network respectively
In network, storage is additional to information bag additional information (VLAN mark or id information bag is sealed
Close the VPN title etc. of (カ プ セ Le)) and identify between information (SSID, ID) interrelated
The management server of information is connected with described backbone network, has simultaneously: according to from described management service
The interrelated information of device, by corresponding with the identification information (SSID, ID) that described terminal is sent here
, or add corresponding with the authentication result (MAC Address etc.) that the unit of this identification information of certification comes
Information is additional to the information bag received from described terminal and is sent to backbone network, utilizes and from described unit simultaneously
In identification information corresponding to the additional information of the information that is additional to bag that receives of LAN and this terminal communication
Terminal communication unit (accessing points, authentication switch HUB etc.);And at the LAN in described unit
The information received wraps the additional information of additional this unit of expression, takes off and receives from described backbone network
LAN in the backward described unit of additional information that information is wrapped sends unit LAN of this information bag and leads to
Letter unit (router etc. that HUB with VPN corresponding with VLA is corresponding).
(2) the identification information that described terminal is sent here is used as ID and authentication key, management server storage
Inter-related information between unit region name contained in the ID of family and described additional information, according to described knowledge
The certificate server being authenticated such as is connected with backbone network by other information in accordance with IEEE802.1X, terminal
The identification information that communication unit is sent here according to terminal, is authenticated by certification server.
(3) the identification information that described terminal is sent here includes that the MAC Address of this terminal, management server make
MAC Address by the terminal of certificate server certification is relevant to described additional information.Will user authentication
Combine with MAC certification.
(4) using described terminal as wireless terminal, described terminal communication unit as with described wireless terminal
Between the radio access point that communicates, described identification information is wireless identification label (SSID).
(5) described backbone network is as internet, and described management server is as being connected with described internet
Server, described terminal communication unit is corresponding without circuit with VPN as connect with described internet
By device.
(6) described management server has: extracting from described terminal communication unit has with communication information bag amount
The information closed, obtains the unit of the charge data corresponding with this communication information bag amount;And export this receipts
Take the unit of data.
(7) described terminal communication unit has and communicates the unit that quality (QoS) controls, and described management takes
Business utensil has the unit that described terminal communication unit sets the information relevant with communication quality (QoS).
(8) network management of the present invention, carries out configuration and the setting of described wireless device (accessing points),
The multiple stage wireless device (accessing points) utilizing same wireless space is formed between wireless terminal mutually
The wireless communications environment not disturbed, described wireless terminal and with in the unit belonging to this wireless terminal
Between the node that LAN connects, constitute described wireless device (accessing points) and (visited by this wireless device
Ask a little) virtual circuit that communicates, charge accordingly according to the behaviour in service of described communication.
(9) it addition, the network management of the present invention, joining of described wireless device (accessing points) is carried out
Put and set so that utilize the multiple stage wireless device (accessing points) of same wireless space with wireless terminal
Between form non-interfering wireless communications environment, described wireless terminal and with this wireless terminal belonging to
Unit in the node that connects of LAN between constitute described wireless device (accessing points) and wireless by this
The virtual circuit that equipment (accessing points) communicates, according to the use contract of described virtual circuit, sets accordingly
The messaging parameter of fixed described wireless device (accessing points).
(invention effect)
(1) terminal communication unit is made: according to the interrelated information of management server, will be with terminal
The additional information corresponding with identification information sent here is additional to after the IP information received from terminal is wrapped and is sent to
Backbone network, utilizes corresponding with being additional to the additional information that the information that LAN in unit receives wraps
Identification information and this terminal communication, it addition, unit LAN communication unit is made and be would indicate that the attached of this unit
Adding information to be additional to and take from the IP information bag of LAN in unit, the information from backbone network of taking off is wrapped
Additional information send this information bag to unit LAN, as long as so terminal by and terminal communication unit enter
Row communication just can be connected with the LAN in the unit belonging to this terminal.Like this, by making information bag
The identification information of additional information and terminal is interrelated thus constitutes virtual circuit, can distribute to each virtual
Constituent parts on circuit.
(2) terminal is sent here by described terminal communication unit ID and authentication key as identification information, with
This is foundation, and certificate server is authenticated according to its identification information, by enabling users contained in ID
Being correlated with mutually between unit region name and described additional information, terminal profit ID and authentication key are by certain
Terminal communication unit also can be connected with the LAN in oneself unit.
(3) the identification information that terminal is sent here includes the MAC Address of this terminal, and management server is by making
Relevant to described additional information by the terminal MAC address of certificate server certification, once authenticated service
After device certification, terminal just can be according to its MAC Address by described virtual circuit and oneself unit
LAN connects.
(4) using described terminal as wireless terminal, using described terminal communication unit as with described wireless end
Radio access point is communicated between end, using described identification information as wireless identification label, by so,
Thus only just can with the LAN in oneself unit even with wireless terminal in the coverage of radio access point
Connect.
(5) by using described backbone network as internet, using described management server as with described interconnection
Net connect server, using described terminal communication unit as be connected with described internet with VPN pair
The wireless router answered, in the environment of constituent parts is connected with internet, each wireless terminal utilizes VPN
Can be connected with the LAN in constituent parts.
(6) by making described management server extract relevant with communication information bag amount from terminal communication unit
Information, obtains the payment data relevant with this communication information bag amount, thus also provides for according to communication
Behaviour in service carry out the service charged.
(7) making terminal communication unit communicate quality control by composition, management server is to described end
End communication unit sets the information relevant with communication quality, thus each unit can be efficiently used net
Network, constituent parts can be efficiently used the frequency band of network.
(8) carry out configuration and the setting of described wireless device so that utilize the multiple stage of same wireless space without
Line equipment forms non-interfering wireless communications environment between wireless terminal, wireless terminal and with
Wireless device is constituted and by this nothing between the node that LAN in unit belonging to this wireless terminal connects
The virtual circuit that line equipment communicates, charges accordingly according to the behaviour in service of this communication, such as and electricity
Expense, gas charge, telephone charge etc. are equally provided that network separates (cut り and divide け) sale to be serviced like that.
(9) by carrying out configuration and the setting of described wireless device so that utilize same wireless space many
Platform wireless device forms non-interfering wireless communications environment between wireless terminal, at wireless terminal
And constitute between the node being connected with the LAN in the unit belonging to this wireless terminal described wireless device and
The virtual circuit communicated by this wireless device, sets institute according to the use contract of this virtual circuit
State the messaging parameter of wireless device, it is thus possible to guarantee and contract (communication quality that expense > is corresponding, example
The frequency band of network is fully used as solved some unit, and the service efficiency of other unit (communication quality)
The problem reduced.
Accompanying drawing explanation
Fig. 1 is to represent that unit in the first floor face in certain building Nei Huo building, WLAN are existing
Composition and the schematic diagram of example of composition of the present invention.
Fig. 2 is the network figure representing embodiment 1.
Fig. 3 is the figure of the virtual circuit of the network representing embodiment 1.
Fig. 4 is to represent that the VLAN that management server has indicates and the example of the interrelated information of SSID
Sub-figure.
Fig. 5 is the figure representing the content example controlling information table having with the management server of Fig. 4.
Fig. 6 is the figure representing the information bag example transmitting VLAN and non-VLAN.
Fig. 7 is to represent and set in the interrelated information-related process managing server and accessing points
The flow chart held.
Fig. 8 is to represent the flow chart of the process content of communication between wireless terminal and accessing points.
Fig. 9 be the wired lan representing constituent parts node and accessing points between the content of communication process
Flow chart.
Figure 10 is the flow chart of the process content of the management server representing the setting of relevant communication quality.
Figure 11 is that relevant toll administration represents the flow chart managing the process content that server is carried out.
Figure 12 is to manage communication process between server and accessing points in the network representing embodiment 2
The flow chart of content.
Figure 13 is to represent the flow chart of the content of communication process between wireless terminal and accessing points.
Figure 14 be the wired lan representing constituent parts node and accessing points between the content of communication process
Flow chart.
Figure 15 is to represent the flow chart of the content of communication process between wireless terminal and accessing points.
Figure 16 is to represent the figure that the network of embodiment 3 constitutes example.
Figure 17 is the figure of the example representing the interior information bag transmitted of LAN and VPN information bag.
Description of reference numerals
1 management server
2 VLAN-HUB
3 accessing points
4 VLAN-HUB
5 wireless terminals
Detailed description of the invention
The network of embodiment 1 is described with reference to Fig. 1~Figure 11.
First, Fig. 1 represents the such as example of certain unit in the first floor face in certain building Nei Huo building
Composition example with WLAN.(A) it is existing example.Human Resources Department, General Affairs Department, development department,
6 departments such as research department, sales department, business planning portion introduce setting wireless LAN the most voluntarily
In the case of equipment, channel used between these accessing points and wireless terminal (notebook computer etc.)
Time identical, mutual interference just becomes problem.
In contrast, embodiments of the present invention, can be to the wireless space used by constituent parts as shown in (B)
It is managed, even if constituent parts does not knows the state of adjacent cells wireless device, also can have to greatest extent
Effect uses wireless space.
The network of embodiment 1 uses SSID and VLAN, can effectively utilize wireless space, wireless
Communicate between the node that the LAN of terminal and its affiliated unit is connected so that it is as explained below
It is set and action.
(1) to each unit distribution SSID being separated out.
(2) to each unit distribution virtual lan (the most referred to as ' VLAN ') being separated out.
(3) to management server-assignment management VLAN (such as ' VLAN2 ').
(4) WLAN trunk LAN is built.
Radio access point (the most referred to as ' AP ') is arranged at the nothing that can identify that VLAN indicates in the lump
The wire communication of line LAN is online.AP is not fettered by unit, can configure and be set to communication quality
Best radio communication.
(5) wired lan and the WLAN trunk LAN of constituent parts connects.
Arrange on the tie point of wired lan and WLAN trunk LAN in constituent parts belonging to reception
The information bag of the band VLAN mark of unit, taking off VLAN mark becomes on the LAN of reply standard
The state of information bag have and (usually can carry to the device of the function that the wired lan in unit sends
The switching center of LAN function or L3 switch).It addition, the VLAN of this unit is indicated with this device
It is additional to and gives the information of WLAN and wrap.
(6) AP with SSID and VLAN mark are associated and communicate.
AP is in accordance with the instruction of the management server communicated by above-mentioned ' VLAN2 ', SSID and VLAN
Interrelated.
Such as,
Information bag from ' VLAN3 ' send the wireless terminal of SSIDA, from the information of SSIDA
Bag send ' VLAN3 '.
Information bag from ' VLAN4 ' send the wireless terminal of SSIDB, from the information of SSIDB
Send ' VLAN4 '.
Information bag from ' VLAN5 ' send the wireless terminal of SSIDC, from the information of SSIDC
Send ' VLAN5 '.
VLAN2 uses as management communication LAN, AP oneself.
(7) wireless terminal communicates according to the SSID of affiliated unit.
It is,
The wireless terminal belonging to unit A communicates according to SSIDA.
The wireless terminal belonging to unit B communicates according to SSIDB.
The wireless terminal belonging to unit C communicates according to SSIDC.
By so, with which accessing points it is connected and can be connected with the LAN of oneself unit.
Even if because not changing in this relation of public space, so radio is being managed as a whole
In the range of, all in the room of unit are the most constant, can thus use.
(8) the wireless state of server admin and each VLAN are managed.
Management server carries out following process.
Management backbone network, AP, wireless space.
Carry out inter-related management between SSID and VLAN.
Check the VLAN behaviour in service distributing to constituent parts.
Charge data is worked out according to this behaviour in service.
Hereinafter, represent that realizing the concrete of above-mentioned framework is constituted.
Fig. 2 is to represent the figure that network entirety is constituted.In figure, VLAN-HUB2 is to constitute trunk LAN
HUB, this trunk VLAN and other VLAN-HUB4a~4d, radio access point 3a~3d and management
Server 1 connects.
VLAN-HUB4a is the HUB that unit A uses, and connecting other common (is not VLAN
Corresponding) node of HUB or home computer etc., VLAN-HUB4b, 4c are unit too
Used by B, unit C, connect other common HUB or node.VLAN-HUB4d is public
HUB used by space, connects the catv terminal (such as home computer) of constituent parts here.
Notebook computer 5a, 5b, 5c, 5a as wireless terminal ', 5b ' and accessing points 3a~3d appoint
One carries out radio communication, works as a node of LAN in oneself unit.Such as, as long as
Notebook computer 5a, 5a ' it is belonging to unit A, utilize and communicated by accessing points 3d, thus
Can enter between the node (such as server) connected on the LAN of VLAN-HUB4a of unit A
Row communication.Equally, belong to notebook computer 5b, 5b of unit B ' utilize carried out by accessing points 3d
Communication, it is thus possible to the node on the LAN being connected with the VLAN-HUB4b of unit A (such as takes
Business device) between communicate.
Fig. 3 is the schematic diagram of the virtual circuit representing network.If the notebook as wireless terminal
Computer 5a, 5a ' be belonging to unit A, then by virtual circuit (VLAN3) respectively with in unit A
LAN connect.As long as additionally notebook computer 5b, 5b ' is belonging to unit B, then by virtual
Circuit (VLAN4) is connected with the LAN in unit B respectively.As long as same notebook computer 5c is to belong to
In unit C, then it is connected with the LAN in unit C by virtual circuit (VLAN5).
So, utilize trunk LAN and be located at the functionality of vlan of VLAN-HUB of constituent parts, belonging to
Wireless terminal in constituent parts connects with the LAN in constituent parts respectively.Thus, at each WLAN
Accessing points 3a~3d on prior cross-correlation between write VLAN mark and wireless identification label SSID
Connection information.
Fig. 4 is to close between VLAN mark and the SSID representing and presetting described management server 1
The figure being.Because of 3 units (unit A~unit C) of management in this embodiment, therefore pre-register 3
Group VLAN mark and SSID group.
Fig. 5 is the communication quality (QoS) of each unit, the communication information bag managed by management server 1
Amount and the data charged accordingly.Such as according to grade respective settings QoS of the communication quality contracted in advance.
The information bag amount data additionally taking out radio access point obtain its corresponding charge data.
Fig. 6 represents the common information bag of the upper transmission in internet (registration mark) and constitutes VLAN use
The difference of both information bags.(A) it is common information bag, substantially by internet (registration mark)
Title is additional to be had the IP information in IP title and real data portion and wraps.In contrast, VLAN is constituted
Information bag, the most additional VLAN indicate.This VLAN mark is the company with physics
Connect the mark of the identification each of which group of the virtual group of form setting terminal independently.
Fig. 7~Figure 11 represents management server, accessing points and constituent parts wired lan in flow diagram form
The main process content of node.
Fig. 7 is about VLAN mark and the flow chart of the setting of the interrelated information of SSID.Pipe
A pair VLAN mark and SSID that outside (console) is inputted by reason server write Fig. 4 and illustrate
Interrelated information table (being updated).Then, above-mentioned interrelated information is write all accessing points
(AP).Thus accessing points stores this interrelated information.
Fig. 8 is to represent the flow chart of communication process between wireless terminal and accessing points.
Wireless terminal carries out radio communication according to the SSID access point being set on this wireless terminal.
By so, accessing points by with from this wireless terminal reception to VLAN corresponding for SSID indicate to
Information bag send trunk LAN.
Fig. 9 be the wired lan representing constituent parts node and accessing points between the step of communication process
Flow chart.When sending the band VLAN information bag indicated from the node of the wired lan of certain unit to accessing points
Time, accessing points is taken off VLAN mark from this information bag and is recovered to common information bag, simultaneously by this SSID
Radio communication is carried out with wireless terminal.
So, no matter wireless terminal can be with the knot of the wired lan of oneself unit by which accessing points
Communicate between point.Even if belonging to the wireless of unit A it is thus possible, for instance use in the room of unit B
Terminal, this wireless terminal remain to and unit A wired lan node between communicate.
Figure 10 is the flow chart of the process content representing that management server communicates quality settings.First
Read the QoS of each SSID inputted from outside (console etc.), be written into (updating > Fig. 5 to illustrate
Control information table.Then, above-mentioned QoS information is write to all of accessing points.
By so, wireless terminal can carry out radio communication with the QoS corresponding with its SSID.
Figure 11 is the flow chart representing the process content managing the toll administration that server is carried out.Management clothes
Business device is according to QoS and information bag amount, or calculates charge according to expense (process (U ス)).Root again
Select above-mentioned pay imformation need to be issued the e-mail address that client specifies according to from outside instruction.Or
Withhold from the bank that client specifies and deduct account.
Hereinafter, the network of embodiment 2 is described with reference to Figure 12~Figure 15.
The network of embodiment 2 is by the user authentication according to IEEE802.1X and VLAN combination
The network become.Therefore it is made to set as explained below and action.
(1) to by each unit distribution SSID the most out.
(2) to by each unit distribution virtual lan (the most referred to as ' VLAN ') the most out.
(3) to management server-assignment management VLAN (such as ' VLAN2 ').
(4) WLAN trunk LAN is built.
Radio access point (the most referred to as ' AP ') is arranged at the nothing that can identify that VLAN indicates in the lump
The wire communication of line LAN is online.Even if the most similarly setting in constituent parts and in public space
Put.AP is not fettered by unit, can configure the radio communication being set to that communication quality is best.
(5) wired lan and the WLAN trunk LAN of constituent parts connects.
Arrange on the tie point of wired lan and WLAN trunk LAN in constituent parts belonging to reception
The information bag of the band VLAN mark of unit, taking off VLAN mark becomes on the LAN of reply standard
The state of information bag have and (usually can carry to the device of the function that the wired lan in unit sends
The switching center of functionality of vlan or L3 switch).It addition, the VLAN of this unit is marked with this device
Will invests gives the information of WLAN and wraps.
(6) each user holds the ID and authentication key being connected with WLAN.Each user holds ' use
Name in an account book@unit region name ' ID of form and authentication key.Representational authentication key is password, goes out
The dried rhizome of rehmannia, disposal password, electronic identification book etc..Such as belong to the ID " taro " of unit A (too
Man) ID be " taro@A ".
(7) AP carries out the ID certification of user.
According to IEEE802.1X, the terminal of wireless connection is authenticated.Now, the list of ID is seen
The part of position region name, it is determined that after certain VLAN of the radius server of inquiry authentication key or certification
The VLAN connected.Relation between region name with VLAN obeys the pipe communicated by ' VLAN2 '
The instruction of reason server.
If unit A is the certificate server that oneself unit holds according to electronic identification book, other is according to close
Code authentication, when certification is carried out Entrusted authentication, the most as described below.
In the case of wireless terminal such as obtains connection by user " taro@A ", AP is by unit region
The management server communication that name A and VLAN2 connects.By so, instruction is by ' VLAN3 '
It is authenticated, accordingly, crosses VLAN3 and communicate with the certificate server of unit A, it is determined that authentication key.
It addition, in the case of wireless terminal such as obtains connection by user 10 " jiro@B ", AP will
The management server communication that unit region name B and " VLAN2 " connect.By so, instruction is passed through
' VLAN6 ' is authenticated, and accordingly, crosses the certificate server of " VLAN6 " and Entrusted authentication
Communication, it is determined that authentication key.
(8) AP makes unit region name interrelated with mark and communicates.
The wireless terminal in the unit region certified mistake of A given by information bag from ' VLAN3 ', comes
VLAN3 is sent from the information bag of the wireless terminal of the unit region certified mistake of A.
The wireless terminal in the unit region certified mistake of B given by information bag from ' VLAN4 ', comes
VLAN4 is sent from the information bag of the wireless terminal of the unit region certified mistake of B.
The wireless terminal in the unit region certified mistake of C given by information bag from ' VLAN5 ', comes
VLAN5 is sent from the information bag of the wireless terminal of the unit region certified mistake of C.
VLAN2 uses as management communication LAN, AP oneself.
(9) wireless terminal user ID and authentication key certification, with public SSID communication.
The wireless terminal belonging to unit A is authenticated with the ID including the A of unit region,
With public SSID communication.By so, with which accessing points being connected, wireless terminal can be with
The LAN of oneself unit connects.
Owing to not changing in this relation of public space, so in the range of to radio overall management,
The most constant in unit, can thus use.
(10) the wireless state of server admin and each VLAN are managed.
Management server carries out following process.
Management backbone network, AP, wireless space.
Carry out inter-related management between SSID and VLAN.
Check the VLAN behaviour in service distributing to constituent parts.
Charge data is worked out according to this behaviour in service.
If the network of embodiment 2 is figured, then identical with shown in Fig. 2 and Fig. 3, but becomes
(radius server > is just connected or with the LAN of constituent parts even certificate server with trunk LAN
Connect.
Figure 12 be the network representing embodiment 2 indicates with unit region name and VLAN between cross-correlation
It is associated with the flow chart of the process content of pass.Management server by unit region name and and VLAN mark between
Interrelated information send all accessing points.In this interrelated information and embodiment 1, Fig. 4 illustrates
Information the same, will with VLAN indicate paired unit region name pre-register management server in,
This management server transfers this interrelated information to accessing points.
Accessing points accepts to be mutually related between the unit region name of Self management server and VLAN mark
Information also stores.
Figure 13 is the flow chart representing the process content communicating relevant with between wireless terminal and accessing points.
ID and password are sent accessing points by wireless terminal (requirement according to from accessing points).Accessing points root
According to the unit region name part of the ID received from this wireless terminal by this certificate server
(radius server > is authenticated.More specifically: according to above-mentioned unit region name, it is determined that inquiry
Certain VLAN of the radius server that could authenticate, inquires RADIUS service by this VLAN
Device could connect.
Figure 14 is the flow chart of the communication between node and the accessing points of the wired lan representing constituent parts.
The information bag of band VLAN is sent accessing points by the node of the wired lan of constituent parts.By so, access
Information bag from each VLAN is sent the wireless terminal authenticated by this unit region name by point.Now,
Utilize public SSID.
Figure 15 is the flow chart of the communication between expression wireless terminal and accessing points after certification.Wireless terminal
Communicate with accessing points with public SSID.Accessing points information bag is sent with the unit region name pair of certification
The VLAN answered.By so, utilize IEEE802.1X and VLAN, the most just can be from certain accessing points
With the LAN communication in oneself unit.
Further, in the above example, all enumerate between the LAN node in wireless terminal and constituent parts
The example communicated, but wired lan can also be managed with roughly the same framework.Example
As the terminals such as notebook computer are connected with the VLAN-HUB4d being arranged at the public space shown in Fig. 2
Connect, the occasion such as between the server that the LAN in oneself unit is connected, communicate.But wired
Because there is no SSID in the case of LAN, thus by the unit region name shown in embodiment 2 and
Interrelated information setting between VLAN mark is in the VLAN-HUB4d shown in Fig. 2.Then carry out
Process is ordered the same with wireless access.It is, according to from the end being connected with this VLAN-HUB4d
The unit region name of the ID that termination receives, is authenticated by this certificate server.
Further, this embodiment 2 is authenticated according to IEEE802.1X but it also may with user authentication
The mode of+MAC certification is carried out.It is, set the identification that terminal (wireless terminal or catv terminal) is sent here
Comprising the MAC Address of this terminal in information, management server makes the terminal by certificate server certification
MAC Address and VLAN mark are interrelated.
According to this method, the terminal the most corresponding with IEEE802.1X is also suitable.It is, can be by
Structure is made: from the input through keyboard username and password of terminal, and it is authenticated by management server,
The MAC Address of the terminal that will recognize that is registered in radio access point or HUB.After, radio access point
Or HUB checks above-mentioned MAC Address, only effective information bag is communicated.
Hereinafter, the network of embodiment 3 is described with reference to Figure 16, Figure 17.
Figure 16 is to represent the figure that network entirety is constituted.Server 1 and interconnection is managed by router 11
Net connects.Unit A has wireless router 13a, common HUB14a.It addition, unit B has
Wireless router 13b and HUB14b.Equally unit C also have wireless router 13c and
HUB14c.These HUB14a, 14b, 14c calculate with server or the individual of use in constituent parts
The Node connectedness such as machine.Additionally wireless router 13d is set at public space.These wireless routers
13a~13d is connected with internet by line terminator 10.
Embodiment 1, embodiment 2 all constitute virtual lan with VLAN, but embodiment 3
Use VPN.Wireless router 13a~13d and router 11 are all the routers corresponding with VPN, can
Constitute virtual dedicated network.It is, according to the layer of OSI reference model in embodiment 1,2
Secondary 2 constitute virtual circuit, but constitute virtual circuit according to level 3 in embodiment 3.Thus, make
For internet, reality in the LAN of the backbone network shown in embodiment 1,2, this embodiment 3
Execute the HUB corresponding with VLAN shown in mode 1,2 or accessing points preferably in 3 just
It is replaced as the wireless router corresponding with VPN respectively.
Figure 17 represents the common information bag of the upper transmission in internet (registration mark) and constitutes VPN use
The difference of information bag.(A) it is common information bag, substantially by internet (registration mark)
Title is additional to be had the IP information in IP title and real data portion and wraps.In contrast, VPN is constituted
Information bag to packet keying, or as common message, the most additional VPN information is (complete
Office IP address) and close.The use of the VLAN mark shown in this VPN information and embodiment 1
Equally, each of which group of identification of the virtual group of setting terminal it is also used for.
Claims (8)
1. a network, by the LAN in the wireless terminal belonged in multiple unit and constituent parts respectively
It is connected with backbone network, it is characterised in that
Described network will store interrelated information and can update the management service of this interrelated information
Device is connected with described backbone network, described interrelated information be attached to information bag VLAN mark or
Mutual between MAC Address included in the identification information of person's VPN information and described wireless terminal
Related information,
Described network has:
Terminal communication unit, according to the interrelated information from described management server, from described
In the case of wireless terminal side joint receives information bag, by corresponding with the MAC Address of described wireless terminal
VLAN mark or VPN information are additional to the information received from described wireless terminal and wrap and be sent to trunk
Net, and in the case of the LAN side in described unit receives information bag, utilize and be additional to from
The VLAN mark of the information bag that the LAN in described unit receives or VPN information are corresponding
MAC Address and this wireless terminal communications;And
Unit LAN communication unit, receives the situation of information bag at the LAN side in described unit
Under, the information received at the LAN in described unit wraps the VLAN mark of additional this unit of expression
Will or VPN information, and receiving the information bag from described wireless terminal via described backbone network
In the case of, take off to be additional to and wrap from the information that described wireless terminal receives via described backbone network
After VLAN mark or VPN information, the LAN in described unit sends this information bag.
2. network as claimed in claim 1, it is characterised in that
Described terminal communication unit is the radio access point communicated between described wireless terminal.
3. network as claimed in claim 1, it is characterised in that
Described backbone network is internet, and described management server is connected with described internet, described terminal
Communication unit is the wireless router corresponding with VPN connected with described internet.
4. network as claimed any one in claims 1 to 3, it is characterised in that
Described management server has:
Extract the information relevant with communication information bag amount from described terminal communication unit, obtain and this communication
The unit of the charge data that information bag amount is corresponding;And
Export the unit of this charge data.
5. network as claimed any one in claims 1 to 3, it is characterised in that
Described terminal communication unit has the unit communicating quality control,
Described management server has the information relevant with communication quality to the setting of described terminal communication unit
Unit.
6. network as claimed any one in claims 1 to 3, it is characterised in that
Carry out configuration or the setting of wireless device as described terminal communication unit so that utilize same
Non-interfering wireless communication loop is formed between multiple terminal communication unit and the wireless terminal of wireless space
Border,
Described wireless terminal and the node that is connected with the LAN in the unit belonging to this wireless terminal it
Between, constitute described wireless device and the virtual circuit communicated by this wireless device.
7. network as claimed in claim 4, it is characterised in that
Carry out configuration or the setting of wireless device as described terminal communication unit so that utilize same
Non-interfering wireless communication loop is formed between multiple terminal communication unit and the wireless terminal of wireless space
Border,
Described wireless terminal and the node that is connected with the LAN in the unit belonging to this wireless terminal it
Between, constitute described wireless device and the virtual circuit communicated by this wireless device.
8. network as claimed in claim 5, it is characterised in that
Carry out configuration or the setting of wireless device as described terminal communication unit so that utilize same
Non-interfering wireless communication loop is formed between multiple terminal communication unit and the wireless terminal of wireless space
Border,
Described wireless terminal and the node that is connected with the LAN in the unit belonging to this wireless terminal it
Between, constitute described wireless device and the virtual circuit communicated by this wireless device.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2005-205922 | 2005-07-14 | ||
JP2005205922A JP4932187B2 (en) | 2005-07-14 | 2005-07-14 | Network and its management method |
CN 200610105915 CN1897554A (en) | 2005-07-14 | 2006-07-14 | Network and its management method |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200610105915 Division CN1897554A (en) | 2005-07-14 | 2006-07-14 | Network and its management method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103595602A CN103595602A (en) | 2014-02-19 |
CN103595602B true CN103595602B (en) | 2016-09-07 |
Family
ID=37609936
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200610105915 Pending CN1897554A (en) | 2005-07-14 | 2006-07-14 | Network and its management method |
CN201310608650.XA Active CN103595602B (en) | 2005-07-14 | 2006-07-14 | network and management method thereof |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200610105915 Pending CN1897554A (en) | 2005-07-14 | 2006-07-14 | Network and its management method |
Country Status (2)
Country | Link |
---|---|
JP (1) | JP4932187B2 (en) |
CN (2) | CN1897554A (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2015154152A (en) * | 2014-02-12 | 2015-08-24 | 西日本電信電話株式会社 | Relay system, low-order relay apparatus, high-order relay apparatus, relay method, and computer program |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1357997A (en) * | 2000-12-15 | 2002-07-10 | 华为技术有限公司 | Virtual local area network access method in Ethernet access network |
CN1567865A (en) * | 2003-06-17 | 2005-01-19 | 联想(北京)有限公司 | A method for implementing WLAN piconet networking |
CN1759620A (en) * | 2003-02-06 | 2006-04-12 | 讯宝科技公司 | Virtual wireless local area networks |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4138281B2 (en) * | 2001-08-29 | 2008-08-27 | アライドテレシスホールディングス株式会社 | Terminal movement detection method in LAN system, terminal movement detection processing program, recording medium recording terminal movement detection processing program, LAN system management apparatus, and LAN system |
JP3695538B2 (en) * | 2003-06-04 | 2005-09-14 | 日本電気株式会社 | Network service connection method / program / recording medium / system, access point, wireless user terminal |
JP2005020626A (en) * | 2003-06-27 | 2005-01-20 | Nec Corp | Base station, wireless network system, wireless communication method and control program of base station |
-
2005
- 2005-07-14 JP JP2005205922A patent/JP4932187B2/en active Active
-
2006
- 2006-07-14 CN CN 200610105915 patent/CN1897554A/en active Pending
- 2006-07-14 CN CN201310608650.XA patent/CN103595602B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1357997A (en) * | 2000-12-15 | 2002-07-10 | 华为技术有限公司 | Virtual local area network access method in Ethernet access network |
CN1759620A (en) * | 2003-02-06 | 2006-04-12 | 讯宝科技公司 | Virtual wireless local area networks |
CN1567865A (en) * | 2003-06-17 | 2005-01-19 | 联想(北京)有限公司 | A method for implementing WLAN piconet networking |
Also Published As
Publication number | Publication date |
---|---|
CN1897554A (en) | 2007-01-17 |
CN103595602A (en) | 2014-02-19 |
JP4932187B2 (en) | 2012-05-16 |
JP2007028084A (en) | 2007-02-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103747499B (en) | For for the wired and public control protocol of radio node method and apparatus | |
CN1910861B (en) | Public access point | |
DE60206246T2 (en) | DISTRIBUTED NETWORK COMMUNICATION SYSTEM ALLOWING A NUMBER OF PROVIDERS OF CORDLESS COMMUNICATION SERVICES TO SHARE A COMMON NETWORK INFRASTRUCTURE | |
CN100403682C (en) | Mechanisms for policy based UMTS QOS and IP QOS management in mobile IP networks | |
CN100366007C (en) | System, apparatus and method for SIM-based authentication and encryption in wireless local area network access | |
CN104113915B (en) | A kind of WLAN and its sharing method, Wireless Local Area Network Gateway | |
CN107852407A (en) | Unified certification for integration of compact cell and Wi Fi networks | |
US20030235174A1 (en) | Ad hoc networking of terminals aided by a cellular network | |
CN107196813A (en) | Method and apparatus for two layers of enterprise network infrastructure of self-organizing | |
CN103634794B (en) | By the WLAN terminal personal identification method for integrating Portal | |
CN103297968B (en) | A kind of method, equipment and the system of wireless terminal certification | |
CN105191210B (en) | Method for policy control and charge for D2D service | |
CN109450657A (en) | A kind of Intelligent internet of things communications service system and method | |
CN109831752A (en) | A kind of communication flow rate control method and system | |
CN103684958B (en) | Method and system for providing flexible VPN (virtual private network) service and VPN service center | |
CN1437811A (en) | A platform information switch | |
CN102088702A (en) | Method and system for accessing wireless network into user residential gateway | |
CN106576238A (en) | Method and apparatus for establishment of private communication between devices | |
CN101442749B (en) | Authentication method for wireless netted network based on WAPI | |
CN102625305B (en) | Access the method and system of evolved packet system | |
CN106416146A (en) | Communication apparatus, communication method, and communication system | |
CN105681268B (en) | Data transferring method and device | |
CN100591068C (en) | Method of transmitting 802.1X audit message via bridging device | |
CN103401751B (en) | Internet safety protocol tunnel establishing method and device | |
CN103595602B (en) | network and management method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |