CN103888947A - Control method and system of network element wireless control - Google Patents
Control method and system of network element wireless control Download PDFInfo
- Publication number
- CN103888947A CN103888947A CN201410109910.3A CN201410109910A CN103888947A CN 103888947 A CN103888947 A CN 103888947A CN 201410109910 A CN201410109910 A CN 201410109910A CN 103888947 A CN103888947 A CN 103888947A
- Authority
- CN
- China
- Prior art keywords
- network element
- master control
- controlled network
- message
- controlled
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a control method and system of network element wireless control. The method is based on a network formed by at least one controlling network element and at least one controlled network element. The method particularly includes the following steps that a wireless channel between the controlled network element and the controlling network element is established; a DHCP client side in the controlled network element is started, and the controlled network element make a request for management IPs to the controlling network element; the DHCP request of the controlled network element is received, and management IPs are distributed for the controlled network element; after the management IPs are acquired, identity authentication of the controlling network element is started; identity authentication launched by the controlled network element is responded to and started; after it is authenticated that the identity of the controlled network element is legal, locally configured data are issued to the controlled network element; the configured data from the controlling network element are received, and then local service parameters are configured. According to the control method and system of the network element wireless control, the controlled network element is associated with the controlling network element through the wireless channel, and safety of AP management is effectively enhanced through identity authentication between the controlling network element and the controlled network element.
Description
Technical field
The present invention relates to computer network field, relate in particular to a kind of control method and system of wireless access network element.
Background technology
In recent years, along with development and the manufacturing process of WLAN (WLAN) technology constantly promote, provide the terminal equipment of WLAN function support to occur explosive growth, cause thus constantly strengthening for the management expectancy of its access point (Access Point is called for short AP) equipment.
Existing administrative skill comprises: the WEB interface of AP integration of equipments, AC system (Accessing Controller, be called for short AC), the automatic configuration service system of TR069 (Technical Report-069Auto-Configuration Server, be called for short TR069ACS) and simple network management (Simple Network Management Protocol is called for short SNMP) service system.Utilize the WEB interface of AP integration of equipments, can realize separate unit AP equipment is managed for configuration; AC system and AP equipment room are based on wireless access point control and present (Control and Provisioning of Wireless Access Pointer, be called for short CAPWAP) agreement, realize AP equipment is managed, this technology is mainly forced to use in carrier-class market; TR069ACS system and AP equipment room, based on TR069 protocol frame, are realized the management maintenance to AP equipment, and this technology is only forced to use in the part scene in carrier-class market; SNMP system and AP equipment room are followed snmp protocol constraint, realize the management maintenance to AP equipment.
But there is following technical vulnerability for the management of AP above:
First, existing administrative skill and administrative model are all derived from cable network equipment, and namely the wired mouth based on AP carries out, if wired mouth of AP breaks down, cannot realize AP is carried out to telemanagement; Now, AP also cannot be again for user provides effective access service.
Secondly,, although considered communications security, there is no the mutual verification process of identity.
Finally, do not allow under the uneconomic scene of the wiring such as wiring, small towns at such as ancient building etc., or and between building in the room in without wired available, can only be by wireless interconnected could provide network insertion to serve for user time between AP; For the management of these wireless interconnected AP, the existing administrative skill based on wireline interface cannot realize.
Summary of the invention
The object of the present invention is to provide a kind of control method and system of wireless access network element, between controlled network element and master control network element, can be undertaken associated to make by radio channel, and by increasing the authentication between controlled network element and master control network element, effectively strengthen the fail safe of AP management.
For achieving the above object, an aspect of of the present present invention has proposed a kind of control method of wireless access network element, the network of described control method based at least one master control network element and the formation of at least one controlled network element, and in described method, controlled network element is carried out following steps:
Set up the radio channel between described master control network element;
Start dhcp client, to described master control network element request management IP;
After the managing I P obtaining from described master control network element, start the authentication to described master control network element;
Receive the configuration data from described master control network element, configuration local service parameter.
Preferably, said method is further comprising the steps of:
By extremely described master control network element of local runtime state information report; Or
Heartbeat message is regularly reported to described master control network element; Or
Carry out the action corresponding with the remote operation instruction of described master control network element.
Another aspect of the present invention has proposed a kind of control method of wireless access network element, the network of described control method based at least one master control network element and the formation of at least one controlled network element, and in described method, master control network element is carried out following steps:
Set up the radio channel between described controlled network element;
Receiving the DHCP request of described controlled network element, is its allocation manager IP;
Respond the authentication that described controlled network element is initiated, and start the authentication to described controlled network element;
After the identity that authenticates described controlled network element is legal, local configuration data is issued to described controlled network element.
Preferably, said method is further comprising the steps of:
Receive and process the running state information from described controlled network element; Or
Receive and process the heartbeat message from described controlled network element; Or
Described controlled network element is carried out to remote operation.
Preferably, between described controlled network element and described master control network element, setting up radio channel comprises the following steps:
In described master control network element, configure the messaging parameter of described controlled network element;
On described controlled network element, configure the messaging parameter of described master control network element;
On described controlled network element, configure the wireless parameter of described master control network element, and be associated with described master control network element.
Preferably, between described controlled network element and described master control network element, setting up radio channel comprises the following steps:
Start the background scans in described controlled network element;
Judge whether to scan and the pre-conditioned master control network element conforming to;
In the time scanning with the pre-conditioned master control network element conforming to, judge whether to exist multiple pre-conditioned master control network element that meet;
In the time not scanning with the pre-conditioned master control network element conforming to, start the active scan in described controlled network element;
Judge whether to exist multiple pre-conditioned master control network element that meet;
Multiple while meeting pre-conditioned master control network element when existing, calculate the weighted value of each master control network element, determine target master control network element, adjust afterwards the working channel of described controlled network element, and be associated with target master control network element; And
In the time only existing one to meet pre-conditioned master control network element, adjust the working channel of described controlled network element, be directly linked to described target master control network element.
Preferably, in the flow for authenticating ID between described controlled network element and described master control network element, using the one end that first sends message as message sending end, one end is just message sink end in addition, and this flow for authenticating ID comprises the following steps:
At message sending end, utilize random data to fill 128 byte buffer areas, form origination message;
Adopt the first cryptographic algorithm to be encrypted to described origination message;
Message after described encryption is adopted to the processing of signing of the first signature algorithm, be sent to afterwards message sink end;
Receive the message from message sending end, and described message is separated to sign and process;
In the time that solution is signed successfully, the message after described solution label is decrypted to processing;
Again adopt the second cryptographic algorithm to be encrypted to the message after described solution label decryption processing;
Message after described encryption is again adopted to the processing of signing of the second signature algorithm, be sent to afterwards message sending end;
Receive the message from message sink end, described message is separated to sign and process;
In the time that solution is signed successfully, the message after described solution label is decrypted to processing;
Message after more described deciphering and the consistency of origination message.
Preferably, described control method is based at least one master control network element, the network that at least one controlled network element and at least one even lower level controlled network element form, and in described method, even lower level controlled network element is carried out following steps:
Set up the radio channel between described controlled network element;
Start dhcp client, to described master control network element request management IP;
Obtaining after managing I P, starting the authentication to described controlled network element;
Receive the configuration data from described controlled network element, configuration local service parameter.
Preferably, described remote operation comprises load balancing operation, and it comprises the following steps:
Receive and process the user-association solicited message from described controlled network element;
Whether detect the load-balancing function of described master control network element opens;
In the time that described load-balancing function is opened, whether detect described load-balancing function based on number of users;
When described load-balancing function is during based on number of users, calculate the user load adjustment mark in the load balancing group of described controlled network element place, detect afterwards the whether set of described adjustment of load mark;
When described load-balancing function is not during based on number of users, whether detect described load-balancing function based on flow;
When described load-balancing function is during based on flow, calculate the flow load adjustment mark in the load balancing group of described controlled network element place;
Detect the whether set of described adjustment of load mark;
In the time of described adjustment of load flag set, notify described controlled network element to refuse described user's access;
Exceed after Preset Time at described period of reservation of number, notify described controlled network element to allow described user's access.
The invention allows for a kind of control system of wireless access network element, the network of described control system based at least one master control network element and the formation of at least one controlled network element, in described system, controlled network element comprises with lower device:
Set up the device of the radio channel between described master control network element;
Start dhcp client, to the device of described master control network element request management IP;
After the managing I P obtaining from described master control network element, start the device of the authentication to described master control network element;
Receive the configuration data from described master control network element, the device of configuration local service parameter.
The invention allows for a kind of control system of wireless access network element, the network of described control system based at least one master control network element and the formation of at least one controlled network element, in described system, master control network element comprises with lower device:
Set up the device of the radio channel between described controlled network element;
Receiving the DHCP request of described controlled network element, is the device of its allocation manager IP;
Respond the authentication that described controlled network element is initiated, and start the device of the authentication to described controlled network element;
After the identity that authenticates described controlled network element is legal, local configuration data is issued to the device of described controlled network element.
Preferably, described control system is based at least one master control network element, the network that at least one controlled network element and at least one even lower level controlled network element form, and in described system, even lower level controlled network element comprises with lower device:
Set up the device of the radio channel between described controlled network element;
Start dhcp client, to the device of described master control network element request management IP;
Obtaining after managing I P, starting the device of the authentication to described controlled network element;
Receive the configuration data from described controlled network element, the device of configuration local service parameter.
The beneficial effect of such scheme of the present invention is, between controlled network element and master control network element, set up radio channel, no longer be confined to traditional wired passage, and by increasing the authentication between controlled network element and master control network element, effectively strengthened the fail safe of AP management.
Accompanying drawing explanation
Fig. 1 shows device block diagram involved in the present invention.
Fig. 2 shows the flow chart of the control method of wireless access network element in the first embodiment of the present invention.
Fig. 3 shows the flow chart of the control method of wireless access network element in the second embodiment of the present invention.
Fig. 4 shows the also flow chart of associated objects master control network element of controlled network element scanning in the third embodiment of the present invention.
Fig. 5 shows controlled network element in the fourth embodiment of the present invention and passes through the flow chart of cable network associated objects master control network element.
Fig. 6 shows in control method involved in the present invention the flow chart of authentication between controlled network element and master control network element.
Fig. 7 shows the load balancing flow chart in control method involved in the present invention.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described further.
As shown in Figure 1, the control system of wireless access network element involved in the present invention comprises at least one controlled network element 10, and at least one master control network element 20 can also comprise at least one even lower level controlled network element 30.Between described master control network element 20 and controlled network element 10, be connected by wired mode or wireless mode communication, described even lower level controlled network element 30 is connected by wireless mode communication with described controlled network element 10.
Fig. 2 shows the flow chart of the control method of wireless access network element in the first embodiment of the present invention, the present embodiment be in controlled network element 10, clearly configured want in the wireless parameter situation of associated master control network element 20, master control network element 20 is controlled the process of controlled network element 10, and it specifically comprises the following steps:
Step S100: first configure the messaging parameter of controlled network element 10 in master control network element 20, concrete messaging parameter refers to MAC Address, digital fingerprint data, message encryption algorithm and the signature algorithm of controlled network element 10, waits for the DHCP request of controlled network element 10 afterwards;
Concrete, in master control network element 20, specialize in the probe requests thereby that virtual access point (VAP) that controlled network element 10 connects use can be configured to broadcast service set identifier (SSID) not, not respond controlled network element 10, for association and the reassociation requests of controlled network element 10, whether unanimously with default producer's numbering must detect producer's numbering in the sub-cell that is numbered 125 in the self-defined cell of producer being carried by it.Concrete testing process is to 16 bytes as decruption key using the MAC Address cyclic extensions of controlled network element 10, utilize aes algorithm to decipher the content of 125 work song cells, afterwards the producer's numbering in the content after deciphering and default producer's numbering are compared, in the time that comparison result is consistent, master control network element 20 receives association and the reassociation requests of this controlled network element 10; In the time that comparison result is inconsistent, abandon this association and reassociation requests.
Optionally, in master control network element 20, specialize in the virtual access point (VAP) that controlled network element 10 connects use and can also be configured to not broadcast service set identifier (SSID), only respond the probe requests thereby of controlled network element 10, for association and the reassociation requests of controlled network element 10, whether unanimously with default producer's numbering must detect producer's numbering in the sub-cell that is numbered 125 in the self-defined cell of producer being carried by it.Concrete testing process is consistent with above-mentioned testing process.
The particular content of described 125 work song cells is: front 4 bytes are producer's numbering, 17 bytes are subsequently character type WLAN wireless network card hardware address, 1 byte is subsequently IP address size, follows by IP address contents, and 4 last bytes are network hierarchy values.
Step S101: configure the messaging parameter of master control network element 20 on controlled network element 10, concrete messaging parameter refers to digital fingerprint data, message encryption algorithm and the signature algorithm of master control network element 20, and described messaging parameter can also comprise the IP address of controlled network element 10;
Concrete, the VAP of the use of communicating by letter with master control network element 20 on controlled network element 10 can be configured to the probe requests thereby of described controlled network element 10, the self-defined cell of producer in associated request and reassociation requests need to carry 125 work song cells, and the byte under the IP address size of described 125 work song cells fills out 0, other fields are filled according to actual conditions, utilize the wireless network card hardware address cyclic extension of 6 bytes to become after 16 bytes as encryption key the content of above-mentioned 125 work song cells, and utilize the content-encrypt of aes algorithm to above-mentioned 125 work song cells, the probe response that controlled network element 10 can send master control network element 20, the 125 work song cells that in associated response and re-association response, the self-defined cell of producer carries detect, its testing process is consistent with the testing process in master control network element 20.
Described digital fingerprint data is the longest is 32 bytes, using the encryption and decryption for configuration class message between master control network element 20 and controlled network element 10 as key; Cryptographic algorithm comprises aes algorithm, 3DES algorithm and RC5 algorithm; Signature algorithm comprises MD5 algorithm, SHA algorithm and DSS algorithm.
Step S102: the wireless parameter that configures master control network element 20 on controlled network element 10, wherein said wireless parameter comprises the data such as SSID and basic service set identification (BSSID), based on above-mentioned wireless parameter, controlled network element 10 active correlations, to master control network element 20, are set up radio channel with master control network element 20;
Step S103: successfully set up after radio channel between controlled network element 10 and master control network element 20, controlled network element 10 starts dhcp client, to master control network element 20 applications management IP addresses;
Step S104: master control network element 20 receives and accept the DHCP request of controlled network element 10, and is controlled network element 10 allocation manager IP addresses;
Concrete, in the dhcp response message that the DHCP request that controlled network element 10 sends and master control network element 20 respond, all need to verify the content of option60 cell in DHCP, being defined as follows of this cell: at least comprise producer mark (4 byte), digital fingerprint data (its variable-length, the longest 32 bytes), message encryption algorithm mark (1 byte), signature algorithm mark (1 byte), IP address (its variable-length, the longest 40 bytes) and port numbers (2 byte).After producer in the DHCP request that master control network element 20 is only sent at checking controlled network element 10 identifies correctly, could give its allocation manager IP; Controlled network element 10 is just processed this dhcp response message after only having the producer's mark detecting in the dhcp response message that sends of master control network element 20 correct.
Step S105: controlled network element 10 successfully obtains after managing I P, by the radio channel of setting up before, starts the flow for authenticating ID to master control network element 20, and idiographic flow as shown in Figure 6;
Concrete, the mode that controlled network element 10 obtains the IP address of master control network element 20 has following three kinds: (1) obtains the IP address of master control network element 20 by configuration; (2) the wireless exploration response message of responding by master control network element 20 or associated response message obtain the IP address of master control network element 20; (3) in the dhcp response message of responding by master control network element 20, option60 cell obtains the IP address of master control network element 20.
Step S106: master control network element 20 responds the flow for authenticating ID that controlled network element 10 is initiated, the state that upgrades controlled network element 10 is state to be certified, also starts afterwards the flow for authenticating ID to controlled network element 10, as shown in Figure 6;
Step S107: master control network element 20 is after the identity that authenticates controlled network element 10 is legal, and the state that upgrades controlled network element 10 is state to be configured, issues afterwards local configuration data to controlled network element 10;
Concrete, local configuration data refers to business configuration parameter, it comprises VAP configuration data, running state data report cycle, firewall rule data and user MAC black and white lists data.
Before above-mentioned configuration data outgoing, master control network element 20 need to be according to the messaging parameter of the controlled network element 10 configuring in step S100, to the processing that is encrypted and signs of described configuration data, afterwards just by its outer target controlled network element 10 of sending to.
The last item configuration-direct is do-nothing instruction, is used to indicate configuration data and has issued complete.
Step S108: controlled network element 10 receives after the configuration data of master control network element 20, to its separate sign and decryption processing to obtain original configuration data, utilize the service parameter of this configuration data configuration controlled network element 10, and configuration result is committed to master control network element 20;
Concrete, utilize the VAP configuration data in configuration data to create local service VAP; Utilize the local packet filtering rule of firewall rule data configuration; User MAC black and white lists data distributing to wireless driving, and is created to different timers, for the collection of local runtime status data with report.In the time receiving that configuration-direct is do-nothing instruction, this locality configures mark and is set to configure, and result performed all configuration-directs is submitted to master control network element 20.
Step S109: master control network element 20 receives the configuration result from controlled network element 10, the state that upgrades controlled network element 10 is running status.
So far, the configuration of controlled network element 10 is complete, can provide wireless access service for user.
Controlled network element 10 can be subject to carrying out after corresponding trigger condition following corresponding step afterwards:
Step S110: after the time that reports timer in controlled network element 10 is overtime, local runtime state information is submitted to master control network element 20 by controlled network element 10;
Concrete, can described running state information be encrypted and be signed after processing and be committed to again master control network element 20.
Step S111: master control network element 20 receives after above-mentioned running state information, carries out this locality to it and processes;
Concrete processing procedure comprises: data are write to local file, and show respectively by different views such as NE-level performance, VAP level performance, STA level performances; , in the time enabling load-balancing function, often receive after user's on-line message that controlled network element 10 reports meanwhile, can start load balancing flow process as shown in Figure 7.
Step S112: controlled network element 10, after master control network element 20 is carried out to authentication, can regularly report heartbeat message to master control network element 20;
Step S113: master control network element 20 only, after the authentication of controlled network element 10 is passed through, just can be processed the heartbeat message that this controlled network element 10 reports;
Concrete processing procedure comprises the timeout mode that upgrades controlled network element 10, and respond heartbeat message, described heartbeat message refers to the short message that does not carry any information content, only can be configured between controlled network element 10 and master control network element 20 without information interaction time, just sends.
Step S114: master control network element 20 can be at any time to online and initiated remote operation by the controlled network element 10 of authentication;
Concrete, remote operation comprises cold restart, hot restart, edition upgrading, closes business, force users rolls off the production line and revises user's black and white lists; Remote operation is critical operations, and master control network element 20 can be configured to must be to the remote operation instruction processing that is encrypted and signs.
Except cold start-up, other remote operation instruction is all issued to controlled network element 10 and carries out; Cold start instruction set can directly be issued on corresponding Power over Ethernet (PoE) switch, directly the designated port of this switch is configured to not support PoE power supply, waits for after 10 seconds, then is PoE powering mode by port arrangement.
Step S115: controlled network element 10 receives after the remote operation instruction of master control network element 20, carries out the action corresponding with this remote operation instruction, as autoboot, closes business, and force users rolls off the production line and upgrades user's black and white lists data etc.In the time that described remote operation instruction carried out encrypting and sign processing, controlled network element 10 could obtain original remote operation instruction after need to separating label and decryption processing to it.
Fig. 3 shows the flow chart of the control method of wireless access network element in the second embodiment of the present invention.The present embodiment relates to master control network element 20, controlled network element 10 and even lower level controlled network element 30.The present embodiment be in controlled network element 10, clearly configured want in the wireless parameter situation of associated master control network element 20, master control network element 20 is controlled the process of controlled network element 10 and even lower level controlled network element 30, it specifically comprises the following steps:
Step S200: the messaging parameter that configures controlled network element 10 in master control network element 20, concrete messaging parameter refers to MAC Address, digital fingerprint data, message encryption algorithm and the signature algorithm of controlled network element 10, waits for afterwards the DHCP request that receives controlled network element 10 and even lower level controlled network element 30;
Step S201: configure the messaging parameter of master control network element 20 and even lower level controlled network element 30 on controlled network element 10, concrete messaging parameter is consistent with the first embodiment;
Step S202: configure the wireless parameter of master control network element 20 on controlled network element 10, concrete wireless parameter is consistent with the first embodiment, based on above-mentioned wireless parameter, controlled network element 10 active correlations, to master control network element 20, are set up radio channel with master control network element 20;
Step S203: the messaging parameter that configures controlled network element 10 on even lower level controlled network element 30;
Step S204, S205, S206, S207, S208, S209, S210, S211, S213 respectively with the first embodiment in step S103, S104, S105, S106, S107, S108, S109, S110, S112 is consistent.
Step S212: master control network element 20 can be processed the running state information from controlled network element 10 and even lower level controlled network element 30, and master control network element 20 can not distinguished controlled network element 10 and even lower level controlled network element 30;
Step S214: master control network element 20 can be processed the heartbeat message from controlled network element 10 and even lower level controlled network element 30;
Step S215: all controlled network elements 10 and even lower level controlled network element 30 that master control network element 20 can be controlled it are initiated remote operation, and described master control network element 20 is to process in an identical manner for the remote operation of controlled network element 10 and even lower level controlled network element 30;
Step S216: controlled network element 10 judge from the remote operation instruction of master control network element 20 for target network element whether be self, if Action Target network element is self, go to step S217, otherwise remote operation instruction is forwarded to target even lower level controlled network element 30, go to step S218;
Concrete, if master control network element 20 was carried out encrypting by remote operation instruction and signature is processed, first master control network element 20 can be issued to controlled network element 10 by described remote operation instruction so, by controlled network element 10, described remote operation instruction is separated and signed and decryption processing, if target network element is even lower level controlled network element 30, controlled network element 10 also will utilize the messaging parameter between even lower level controlled network element 30, to the processing that is again encrypted and signs of the remote operation instruction after described solution label and decryption processing, just can be issued to afterwards target even lower level controlled network element 30.
Step S217: controlled network element 10 is carried out the action corresponding with the remote operation instruction of master control network element 20;
Step S218: even lower level controlled network element 30 is carried out the action corresponding with the remote operation instruction of master control network element 20;
Step S219: configure the wireless parameter of controlled network element 10 on even lower level controlled network element 30, and be associated with described controlled network element 10, thereby set up the radio channel between controlled network element 10 and even lower level controlled network element 30;
Step S220: after the radio channel between controlled network element 10 and even lower level controlled network element 30 is successfully set up, even lower level controlled network element 30 starts dhcp client, request configuration management IP;
Step S221: whether controlled network element 10 receives after the DHCP request of even lower level controlled network element 30, detect the authentication of master control network element 20 and pass through, if do not passed through, directly abandons this message, if passed through, goes to step S222;
Step S222: the DHCP request of even lower level controlled network element 30 is relayed to master control network element 20 by controlled network element 10, master control network element 20 is accepted this request, for its allocation manager IP, controlled network element 10 is revised as the IP address in option60 in the dhcp response message of master control network element 20 after local address, then is relayed to even lower level controlled network element 30;
Step S223: even lower level controlled network element 30 is successfully obtaining after managing I P, starts the authentication to controlled network element 10, and identifying procedure as shown in Figure 6;
Step S224: controlled network element 10 responds the ID authentication request of even lower level controlled network element 30, and start the authentication to even lower level controlled network element 30, idiographic flow is as shown in Figure 6;
Step S225: controlled network element 10 checks whether local configuration mark completes, if completed, goes to step S226, if do not completed, even lower level controlled network element 30 is configured to state to be configured, and makes regular check on local configuration mark;
Step S226: local configuration data is issued to even lower level controlled network element 30 by controlled network element 10, and by the information reporting master control network element 20 of even lower level controlled network element 30, described information comprises IP address, MAC Address and add the data such as moment;
Step S227: even lower level controlled network element 30 obtains the configuration data that controlled network element 10 issues, configuration local service parameter;
So far, even lower level controlled network element 30 has obtained the configuration data that controlled network element 10 issues and local service parameter has been configured, thereby can provide wireless access service for user.
Same, even lower level controlled network element, under timer effect, carries out following steps:
Step S228: even lower level controlled network element 30 by local runtime state information report to controlled network element 10;
Step S229: go to master control network element 20 in the running state information that controlled network element 10 reports even lower level controlled network element 30 and process; Concrete, controlled network element 10 also can be preserved the running state information receiving for this locality and show simultaneously;
Step S230: even lower level controlled network element 30, after the identity of success identity controlled network element 10, regularly reports heartbeat message to controlled network element 10;
Step S231: controlled network element 10 receives after above-mentioned heartbeat message, responds heartbeat to even lower level controlled network element 30 immediately and replys, and processes going to master control network element 20 in the heartbeat message from even lower level controlled network element 30; And to replying from the heartbeat of master control network element 20,10 of controlled network elements are directly ended.
Fig. 4 shows the also flow chart of associated objects master control network element of controlled network element scanning in the third embodiment of the present invention.The present embodiment be in controlled network element 10 clearly configuration institute want in the wireless parameter situation of associated master control network element 20, controlled network element 10 scans the also process of associated objects master control network element 20, it specifically comprises the following steps:
Step S300: controlled network element 10 starts background scans;
Concrete, background scans refers to that controlled network element 10 rests on the available channel of choosing at random after start, receiving after the broadcast frame of other wireless devices including master control network element 20, check and in the self-defined cell of its producer, whether carried 125 work song cells, if carried this sub-cell, be handled as follows:
The described broadcast frame source MAC of receiving is extended to after 16 bytes, as decruption key, utilizes aes algorithm to decipher this 125 work song cell content, then extract producer's numbering, network hierarchy value and transmitting terminal MAC Address; If producer's numbering and transmitting terminal MAC Address are all correct, more current channel, SSID name, transmitting terminal MAC, IP address, signal strength signal intensity and noise intensity value are saved in the list of available master control network element 20, go to step afterwards S301;
Step S301: in available master control network element 20 lists, judge whether to exist and the pre-conditioned master control network element conforming to 20, if had, go to step S303, otherwise go to step S302;
Step S302: controlled network element 10 starts active scan;
Concrete, active scan refers to that the next available channel that controlled network element 10 chooses channel from current start, circulation outwards sends probe requests thereby, and waits for certain Preset Time; Receive after the probe response that any wireless device returns, first check and in the self-defined cell of its producer, whether carry 125 work song cells, if carry this 125 work song cell, perform step the processing procedure for 125 work song cells in S300, after current channel wait timeout, be rotated to next available channel, until after all available channels all handle, go to step afterwards S303;
Step S303: in available master control network element 20 lists, judge whether to exist multiple qualified master control network element 20, if so, go to step S304, otherwise go to step S305;
Step S304: utilize the default poor weights of bad channel weights, network hierarchy, signal strength signal intensity weights and noise intensity weights to act on respectively: poor, the signal strength values of network hierarchy and noise intensity value between current channel and master control network element 20 bad channel, controlled network element 10 and master control network element 20, calculate the weighted value of each available master control network element 20, finally get best master control network element 20 for target master control network element 20;
Step S305: first controlled network element 10 adjusts the working channel of self, is associated with target master control network element 20 afterwards.
So far controlled network element 10 and target master control network element 20 carried out associated, afterwards the flow process between master control network element 20 and controlled network element 10 can with the first embodiment in consistent.
Fig. 5 shows controlled network element in the fourth embodiment of the present invention and passes through the flow chart of cable network associated objects master control network element.The present embodiment is cannot successfully set up radio channel between controlled network element 10 and master control network element 20, and in the time enabling in advance can to enable wired tunneling traffic between master control network element 20 and controlled network element 10, just can enable this flow process, and it specifically comprises the following steps:
Step S400: configuration allows to specify controlled network element 10 to register by cable network in master control network element 20, decontrols serve port on wired network interface of master control network element 20;
Concrete, the link information of configurable controlled network element 10 in master control network element 20, comprises the information such as its MAC Address, digital fingerprint data, message encryption algorithm and signature algorithm; Also can configure public link information; Master control network element 20 is waited for the DHCP request that receives controlled network element 10 afterwards.
Step S401: configure discovery mode and/or the link information of master control network element 20 on controlled network element 10, and enable wired mode and be registered to master control network element 20;
Concrete, described link information comprises the information such as IP and port, digital fingerprint data, message encryption algorithm and signature algorithm of master control network element 20.
Step S402: controlled network element 10 checks and judges whether to find that by DHCP mode master control network element 20 has still configured the link information of master control network element 20, if DHCP finds mode, goes to step S403, otherwise go to step S407;
Step S403: controlled network element 10 starts dhcp client flow process, proposes DHCP request;
Step S404: master control network element 20 receives after this DHCP request, checks in this request, whether producer's numbering is correct, concrete, and described producer numbering is the content in option60 cell in DHCP request;
Step S405: when described producer numbers when correct, the MAC Address of this controlled network element 10, digital fingerprint data, message encryption algorithm mark and signature algorithm mark are saved in controlled network element 10 lists; Construct dhcp response message simultaneously and be back to controlled network element 10;
Concrete, described dhcp response message comprises the IP address of distributing to this controlled network element 10, and option60 cell is except filling in producer's numbering of local configuration, digital fingerprint data, message encryption algorithm mark and signature algorithm mark required in this option60 cell will be filled in the local configuration data of master control network element 20; IP address and port numbers are filled in real IP address and the service port number of master control network element 20.
Step S406: controlled network element 10 obtains after this dhcp response message, and it is processed;
Concrete, described processing refers to and extracts the IP address of master control network element 20 for its distribution, configures local wired network interface; And from option60 cell, extract IP address and the port of master control network element 20, the digital fingerprint data of master control network element 20, message encryption algorithm and signature algorithm; And above-mentioned data are saved in buffer area, for the communication in later stage.
Step S407: controlled network element 10, obtaining after the communication connection information that master control network element 20 is complete, is initiated the authentication to master control network element 20 by cable network.
So far controlled network element 10 has been undertaken associatedly by cable network and target master control network element 20, and master control network element 20 is controlled consistent that the flow process of controlled network element 10 can be with the first embodiment afterwards.
Fig. 6 shows in control method involved in the present invention the flow chart of authentication between controlled network element and master control network element.This flow process relates to message sending end and message sink end, and the one end that first sends message in concrete controlled network element 10 and master control network element 20 is as message sending end, and one end is just message sink end in addition.Before this trigger flow, must be in message sending end and the following parameter that has been configured or has obtained the use of communicating by letter in message sink end: digital fingerprint data, message encryption algorithm and message signature algorithm.Flow for authenticating ID specifically comprises following steps:
Step S500: message sending end utilizes random data to fill 128 byte buffer areas, forms origination message;
Step S501: message sending end utilizes the local message encryption algorithm of the message sink end communication use of buffer memory, and using the digital fingerprint data of the message sink end of buffer memory as key, above-mentioned origination message is encrypted;
Step S502: utilize the message signature algorithm of the local message sink end communication use of buffer memory, to the processing of signing of the message after above-mentioned encryption, send it to afterwards message sink end, and the response of the receiving terminal that waits for the arrival of news;
Concrete, above-mentioned message encryption algorithm and message signature algorithm, are all on-the-spot ripe algorithms.
Step S503: message sink termination is received above-mentioned through encrypting, the message after treatment of signing, first utilize the characteristic of this message, as the MAC Address of message sending end, IP address and/or hyphen etc., from local cache data, retrieve after its corresponding message signature algorithm, this message is separated to sign and process, sign unsuccessfully if separated, directly abandon, otherwise go to step S504;
Step S504: sign after processing when the message receiving is successfully separated, then from local cache data, retrieve corresponding message encryption algorithm, and the digital fingerprint data of message sink end self, afterwards above-mentioned message is decrypted to processing;
Step S505: message sink end does not judge that whether the message content after above-mentioned deciphering is correct, the message encryption algorithm that only utilization retrieves and the digital fingerprint data of message sending end, be encrypted again to the message after above-mentioned deciphering;
Step S506: utilize the message signature algorithm retrieving, to the processing of signing of the message after above-mentioned encryption, send it to afterwards message sending end;
Step S507: message sending end receives after the message from message sink end, utilizes the message signature algorithm of buffer memory to separate label processing, signs unsuccessfully if separated, and directly abandons, otherwise goes to step S508;
Step S508: utilize the message encryption algorithm of buffer memory and the digital fingerprint data of self, the message after above-mentioned solution label is decrypted to processing;
Step S509: the consistency of the message after more above-mentioned deciphering and the origination message of transmission, when consistent, message sending end passes through the authentication of message receiving terminal, otherwise authentication failure.
Fig. 7 shows the load balancing flow chart in control method involved in the present invention.Described load-balancing function is a function in master control network element 20, concrete, first master control network element 20 according to the controlled network element physical location of (comprising controlled network element 10 and even lower level controlled network element 30), is divided into different load balancing groups by all controlled network elements; Enable afterwards load-balancing function, its idiographic flow comprises the following steps:
Step S600: master control network element 20 receives the associated solicited message of wireless user that controlled network element reports, and the MAC Address of user's MAC address and controlled network element 10 is extracted; Concrete, the associated solicited message of wireless user that controlled network element 10 also can report even lower level controlled network element 30 is transparent to master control network element 20;
Step S601: detect whether enable load-balancing function, if this function is enabled, go to step S602, otherwise finish;
Step S602: check whether load-balancing function is the load balancing based on number of users, if so, goes to step S603, otherwise goes to step S604;
Step S603: calculate the user load adjustment mark in the load balancing group of controlled network element place, go to step afterwards S606;
Concrete computational process is: based on the MAC Address of controlled network element, finds load balancing group, then checks the number of users of other controlled network element in this group, if user load difference number exceedes threshold value, and set adjustment of load mark.
Step S604: check whether in load-balancing function be the load balancing based on flow, if so, goes to step S605, otherwise finish;
Step S605: calculate the flow load adjustment mark in the load balancing group of controlled network element place, go to step afterwards S606;
Concrete computational process is: based on the MAC Address of controlled network element, finds load balancing group, then checks the flow load of other controlled network element in this group, if flow load difference number exceedes threshold value, and set adjustment of load mark.
Step S606: check the whether set of adjustment of load mark, if so, go to step S607, otherwise finish;
Step S607: master control network element 20 issues the force users operational order that rolls off the production line, notification target controlled network element is refused this user's access; Concrete, controlled network element 10 also can be relayed to instruction even lower level controlled network element 30;
Step S608: after the stand-by period exceedes Preset Time threshold value, issue blacklist and remove operational order, notification target controlled network element allows this user's access, to prevent that user cannot be associated with this network element next time.
The control method of wireless access network element involved in the present invention and system, increased the authentication between controlled network element and master control network element, effectively strengthened the fail safe of AP management; Controlled network element can successfully be associated with master control network element by radio channel, and master control network element can be issued to controlled network element by the configuration data of self automatically, without based on wired passage; And can realize the layered configuration of master control network element to controlled network element, concentrate and show and management, effectively reduce administrative message, and accelerated network configuration.
Claims (12)
1. a control method for wireless access network element, the network of described control method based at least one master control network element and the formation of at least one controlled network element, is characterized in that: in described method, controlled network element is carried out following steps:
Set up the radio channel between described master control network element;
Start dhcp client, to described master control network element request management IP;
After the managing I P obtaining from described master control network element, start the authentication to described master control network element;
Receive the configuration data from described master control network element, configuration local service parameter.
2. the control method of wireless access network element according to claim 1, is characterized in that: further comprising the steps of:
By extremely described master control network element of local runtime state information report; Or
Heartbeat message is regularly reported to described master control network element; Or
Carry out the action corresponding with the remote operation instruction of described master control network element.
3. a control method for wireless access network element, the network of described control method based at least one master control network element and the formation of at least one controlled network element, is characterized in that: in described method, master control network element is carried out following steps:
Set up the radio channel between described controlled network element;
Receiving the DHCP request of described controlled network element, is its allocation manager IP;
Respond the authentication that described controlled network element is initiated, and start the authentication to described controlled network element;
After the identity that authenticates described controlled network element is legal, local configuration data is issued to described controlled network element.
4. the control method of wireless access network element according to claim 3, is characterized in that: further comprising the steps of:
Receive and process the running state information from described controlled network element; Or
Receive and process the heartbeat message from described controlled network element; Or
Described controlled network element is carried out to remote operation.
5. according to the control method of the wireless access network element described in claim 1 or 3, it is characterized in that: between described controlled network element and described master control network element, set up radio channel and comprise the following steps:
In described master control network element, configure the messaging parameter of described controlled network element;
On described controlled network element, configure the messaging parameter of described master control network element;
On described controlled network element, configure the wireless parameter of described master control network element, and be associated with described master control network element.
6. according to the control method of the wireless access network element described in claim 1 or 3, it is characterized in that: between described controlled network element and described master control network element, set up radio channel and comprise the following steps:
Start the background scans in described controlled network element;
Judge whether to scan and the pre-conditioned master control network element conforming to;
In the time scanning with the pre-conditioned master control network element conforming to, judge whether to exist multiple pre-conditioned master control network element that meet;
In the time not scanning with the pre-conditioned master control network element conforming to, start the active scan in described controlled network element;
Judge whether to exist multiple pre-conditioned master control network element that meet;
Multiple while meeting pre-conditioned master control network element when existing, calculate the weighted value of each master control network element, determine target master control network element, adjust afterwards the working channel of described controlled network element, and be associated with target master control network element; And
In the time only existing one to meet pre-conditioned master control network element, adjust the working channel of described controlled network element, be directly linked to described target master control network element.
7. according to the control method of the wireless access network element described in claim 1 or 3, it is characterized in that: in the flow for authenticating ID between described controlled network element and described master control network element using the one end that first sends message as message sending end, one end is just message sink end in addition, and this flow for authenticating ID comprises the following steps:
At message sending end, utilize random data to fill 128 byte buffer areas, form origination message;
Adopt the first cryptographic algorithm to be encrypted to described origination message;
Message after described encryption is adopted to the processing of signing of the first signature algorithm, be sent to afterwards message sink end;
Receive the message from message sending end, and described message is separated to sign and process;
In the time that solution is signed successfully, the message after described solution label is decrypted to processing;
Again adopt the second cryptographic algorithm to be encrypted to the message after described solution label decryption processing;
Message after described encryption is again adopted to the processing of signing of the second signature algorithm, be sent to afterwards message sending end;
Receive the message from message sink end, described message is separated to sign and process;
In the time that solution is signed successfully, the message after described solution label is decrypted to processing;
Message after more described deciphering and the consistency of origination message.
8. according to the control method of the wireless access network element described in claim 1 or 3, it is characterized in that: described control method is based at least one master control network element, the network that at least one controlled network element and at least one even lower level controlled network element form, in described method, even lower level controlled network element is carried out following steps:
Set up the radio channel between described controlled network element;
Start dhcp client, to described master control network element request management IP;
Obtaining after managing I P, starting the authentication to described controlled network element;
Receive the configuration data from described controlled network element, configuration local service parameter.
9. the control method of wireless access network element according to claim 4, is characterized in that: described remote operation comprises load balancing operation, and it comprises the following steps:
Receive and process the user-association solicited message from described controlled network element;
Whether detect the load-balancing function of described master control network element opens;
In the time that described load-balancing function is opened, whether detect described load-balancing function based on number of users;
When described load-balancing function is during based on number of users, calculate the user load adjustment mark in the load balancing group of described controlled network element place, detect afterwards the whether set of described adjustment of load mark;
When described load-balancing function is not during based on number of users, whether detect described load-balancing function based on flow;
When described load-balancing function is during based on flow, calculate the flow load adjustment mark in the load balancing group of described controlled network element place;
Detect the whether set of described adjustment of load mark;
In the time of described adjustment of load flag set, notify described controlled network element to refuse described user's access;
Exceed after Preset Time at described period of reservation of number, notify described controlled network element to allow described user's access.
10. a control system for wireless access network element, the network of described control system based at least one master control network element and the formation of at least one controlled network element, is characterized in that: in described system, controlled network element comprises with lower device:
Set up the device of the radio channel between described master control network element;
Start dhcp client, to the device of described master control network element request management IP;
After the managing I P obtaining from described master control network element, start the device of the authentication to described master control network element;
Receive the configuration data from described master control network element, the device of configuration local service parameter.
The control system of 11. 1 kinds of wireless access network elements, the network of described control system based at least one master control network element and the formation of at least one controlled network element, is characterized in that: in described system, master control network element comprises with lower device:
Set up the device of the radio channel between described controlled network element;
Receiving the DHCP request of described controlled network element, is the device of its allocation manager IP;
Respond the authentication that described controlled network element is initiated, and start the device of the authentication to described controlled network element;
After the identity that authenticates described controlled network element is legal, local configuration data is issued to the device of described controlled network element.
12. according to the control system of the wireless access network element described in claim 10 or 11, it is characterized in that: described control system is based at least one master control network element, the network that at least one controlled network element and at least one even lower level controlled network element form, in described system, even lower level controlled network element comprises with lower device:
Set up the device of the radio channel between described controlled network element;
Start dhcp client, to the device of described master control network element request management IP;
Obtaining after managing I P, starting the device of the authentication to described controlled network element;
Receive the configuration data from described controlled network element, the device of configuration local service parameter.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410109910.3A CN103888947A (en) | 2014-03-21 | 2014-03-21 | Control method and system of network element wireless control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410109910.3A CN103888947A (en) | 2014-03-21 | 2014-03-21 | Control method and system of network element wireless control |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103888947A true CN103888947A (en) | 2014-06-25 |
Family
ID=50957631
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410109910.3A Pending CN103888947A (en) | 2014-03-21 | 2014-03-21 | Control method and system of network element wireless control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103888947A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110710178A (en) * | 2017-06-01 | 2020-01-17 | 诺基亚通信公司 | User authentication in a wireless access network |
| CN110719609A (en) * | 2019-10-29 | 2020-01-21 | 江苏百卓智能科技有限公司 | Wireless AP equipment |
| CN114598519A (en) * | 2022-03-02 | 2022-06-07 | 深圳市吉祥腾达科技有限公司 | Method and system for supporting terminal to set black and white list without disconnection |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1996880A (en) * | 2006-11-24 | 2007-07-11 | 华为技术有限公司 | Method and network device of the self-adapted management network device |
| CN103384392A (en) * | 2012-05-04 | 2013-11-06 | 中兴通讯股份有限公司 | Method for enabling mobile terminal to have access to wireless access points and wireless access points |
| CN103546915A (en) * | 2013-10-25 | 2014-01-29 | 杭州华三通信技术有限公司 | Method and device for controlling wireless access point by wireless network access controller |
| WO2014040481A1 (en) * | 2012-09-17 | 2014-03-20 | 中兴通讯股份有限公司 | Authentication method and system for wireless mesh network |
-
2014
- 2014-03-21 CN CN201410109910.3A patent/CN103888947A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1996880A (en) * | 2006-11-24 | 2007-07-11 | 华为技术有限公司 | Method and network device of the self-adapted management network device |
| CN103384392A (en) * | 2012-05-04 | 2013-11-06 | 中兴通讯股份有限公司 | Method for enabling mobile terminal to have access to wireless access points and wireless access points |
| WO2014040481A1 (en) * | 2012-09-17 | 2014-03-20 | 中兴通讯股份有限公司 | Authentication method and system for wireless mesh network |
| CN103546915A (en) * | 2013-10-25 | 2014-01-29 | 杭州华三通信技术有限公司 | Method and device for controlling wireless access point by wireless network access controller |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110710178A (en) * | 2017-06-01 | 2020-01-17 | 诺基亚通信公司 | User authentication in a wireless access network |
| CN110710178B (en) * | 2017-06-01 | 2021-07-06 | 诺基亚通信公司 | User authentication in a wireless access network |
| CN110719609A (en) * | 2019-10-29 | 2020-01-21 | 江苏百卓智能科技有限公司 | Wireless AP equipment |
| CN114598519A (en) * | 2022-03-02 | 2022-06-07 | 深圳市吉祥腾达科技有限公司 | Method and system for supporting terminal to set black and white list without disconnection |
| CN114598519B (en) * | 2022-03-02 | 2024-04-12 | 深圳市和为顺网络技术有限公司 | Method and system for supporting terminal to set black-and-white list without disconnection |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10791506B2 (en) | Adaptive ownership and cloud-based configuration and control of network devices | |
| US9843575B2 (en) | Wireless network authentication method and wireless network authentication apparatus | |
| CN103929748B (en) | A kind of Internet of Things wireless terminal and its collocation method and wireless network access point | |
| JP4347335B2 (en) | Network relay program, network relay device, communication system, and network relay method | |
| US8036183B2 (en) | Method and system for transporting configuration protocol messages across a distribution system (DS) in a wireless local area network (WLAN) | |
| CN104811444B (en) | A kind of safe cloud control method | |
| US11997635B2 (en) | Establishing simultaneous mesh node connections | |
| JP2002359623A (en) | Wireless communication setting method, communication terminal, access point terminal, recording medium and program | |
| CN107567017B (en) | Wireless connection system, device and method | |
| US20200396613A1 (en) | Securing transmission paths in a mesh network | |
| CN104780069A (en) | SDN-oriented self-configuration method and system for communication channel between control layer and data layer | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| CN101765057A (en) | Method, equipment and system for providing multicast service to WiFi access terminal | |
| US20140189357A1 (en) | Encryption and authentication based network management method and apparatus | |
| US9118588B2 (en) | Virtual console-port management | |
| CN104618522B (en) | The method and Ethernet access equipment that IP address of terminal automatically updates | |
| CN108990062A (en) | Intelligent and safe Wi-Fi management method and system | |
| US11336621B2 (en) | WiFiwall | |
| CN101860551A (en) | Multi-user authentication method and system under single access port | |
| CN103888947A (en) | Control method and system of network element wireless control | |
| JP2001036561A (en) | Tcp/ip network system | |
| JP2005286783A (en) | Wireless lan connection method and wireless lan client software | |
| WO2024002143A1 (en) | Root certificate updating method and apparatus | |
| WO2024012318A1 (en) | Device access method and system and non-volatile computer storage medium | |
| EP3131325A1 (en) | Method, device and communication system for terminal to access communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140625 |
|
| WD01 | Invention patent application deemed withdrawn after publication |