CN104104516B - A kind of portal authentication method and equipment - Google Patents

A kind of portal authentication method and equipment Download PDF

Info

Publication number
CN104104516B
CN104104516B CN201410369824.6A CN201410369824A CN104104516B CN 104104516 B CN104104516 B CN 104104516B CN 201410369824 A CN201410369824 A CN 201410369824A CN 104104516 B CN104104516 B CN 104104516B
Authority
CN
China
Prior art keywords
terminal
address
authentication
identification information
access equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410369824.6A
Other languages
Chinese (zh)
Other versions
CN104104516A (en
Inventor
徐勇刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201410369824.6A priority Critical patent/CN104104516B/en
Publication of CN104104516A publication Critical patent/CN104104516A/en
Application granted granted Critical
Publication of CN104104516B publication Critical patent/CN104104516B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of portal authentication method and equipment, and wherein method includes: that access device receives the network access request that terminal is sent;Access device returns to redirection message to the terminal, the redirection message carries Portal server address and the corresponding terminal identification information of the terminal, so that the terminal identification information is sent to Portal server according to the Portal server address by the terminal.The present invention solves the problems, such as IP address conflict when Portal certification.

Description

Portal authentication method and equipment
Technical Field
The invention relates to Portal authentication technology, in particular to a Portal authentication method and Portal authentication equipment.
Background
Portal authentication is also commonly called Web authentication, a Portal authentication website is generally called a Portal website, when a user needs to access the Internet, authentication needs to be carried out on the Portal website, and only after the authentication is passed, Internet resources can be used. With the development of network technology, operators begin to adopt a "LTE-Fi + AC" networking mode to improve network utilization and WLAN deployment and coverage, in this mode of networking, LTE-Fi as Access equipment adopts distributed deployment, and a wireless Controller (Access Controller, AC) manages multiple LTE-Fi of these distributed deployments. A plurality of terminals needing to use network resources can be accessed under each LTE-Fi, and when the terminals need to use Internet resources, Portal authentication is needed, but the Portal authentication is managed on the AC in a centralized way. For example, when receiving a Portal authentication request sent by a terminal, LTE-Fi redirects to a Portal server, and the Portal server forwards the authentication request of the terminal to an AC, which authenticates to the authentication server; and if the authentication is passed, the AC issues a data forwarding rule to the LTE-Fi for the data forwarding of the terminal on the LTE-Fi.
The above method may have a problem that the IP address required for the terminal to surf the internet is allocated by its associated LTE-Fi, and if each LTE-Fi allocates its own IP address segment, it may happen that two terminals under different LTE-Fi have the same IP address; on the AC side for centralized management authentication, the AC distinguishes different terminals according to the IP address, for example, the AC may record that a terminal with an IP address of x has been authenticated, search which LTE-Fi the terminal corresponding to the IP address is associated with, and send a data forwarding rule to the LTE-Fi, but if the AC side finds that two terminals with the same IP address are associated, the AC cannot distinguish, and therefore, the AC cannot have IP address collision. In order to avoid IP address conflict, in the related art, it is considered to perform IP address planning between different LTE-Fi, and IP address segments for allocation between the LTE-Fi cannot be overlapped, but when there are many LTE-Fi and sometimes thousands of LTE-Fi, performing IP address planning will be a large workload and cannot be adapted to large-scale deployment of LTE-Fi.
Disclosure of Invention
In view of the above, the present invention provides a method and a device for Portal authentication to solve the problem of IP address conflict during Portal authentication.
Specifically, the invention is realized by the following technical scheme:
in a first aspect, a Portal authentication method is provided, including:
the access equipment receives a network access request sent by a terminal;
and the access equipment returns a redirection message to the terminal, wherein the redirection message carries a Portal server address and terminal identification information corresponding to the terminal, so that the terminal sends the terminal identification information to the Portal server according to the Portal server address.
Optionally, the terminal identification information includes: the MAC address of the terminal.
Optionally, the terminal identification information further includes at least one of the following: the IP address of the terminal; or, the MAC address of the access device and the VLAN accessed by the terminal; or, timestamp information, where the timestamp information is used to indicate sending time of the redirection packet.
Optionally, before receiving the network access request sent by the terminal, the access device further includes: the access equipment receives an address allocation request sent by the terminal; and the access equipment determines an IP address to be allocated for the terminal according to the address allocation request, checks whether the IP address of the associated terminal of the access equipment is the same as the IP address to be allocated, and changes the IP address to be allocated into another IP address if the associated terminal with the same IP address as the IP address to be allocated exists.
Optionally, the method further includes: the access equipment establishes association with a new terminal, and the new terminal is moved to the access equipment from another access equipment; sending an address reconfiguration request for indicating a re-request address to the new terminal when the IP address of the new terminal is determined to be the same as the IP address of the associated terminal of the access equipment; and the access equipment receives an address allocation request sent by the new terminal and allocates another IP address different from the IP address to the new terminal according to the address allocation request.
In a second aspect, a Portal authentication method is provided, including:
a Portal server receives a redirection message sent by a terminal, wherein the redirection message carries an IP address of the terminal and terminal identification information;
the Portal server acquires authentication information of the terminal and sends an authentication request to a wireless controller (AC), wherein the authentication request carries the authentication information, the IP address of the terminal and the terminal identification information, so that the AC identifies the terminal according to the IP address and the terminal identification information.
In a third aspect, a Portal authentication method is provided, including:
the wireless controller receives an authentication request sent by a Portal server, wherein the authentication request carries a first IP address of the terminal requesting authentication, authentication information and terminal identification information corresponding to the terminal;
and the wireless controller sends the authentication information corresponding to the MAC address and the first IP address to an authentication server for authentication, and sends a data forwarding rule to access equipment associated with the terminal when the authentication is passed, wherein the data forwarding rule is used for the access equipment to forward the data of the terminal.
Optionally, the terminal identification information includes: the MAC address of the terminal.
Optionally, the terminal identification information further includes: the encrypted second IP address corresponding to the terminal; after the wireless controller receives the authentication request sent by the Portal server, the method further comprises the following steps:
the wireless controller decrypts the terminal identification information to obtain the second IP address; and the wireless controller compares the second IP address with the first IP address carried in the authentication request, and if the first IP address is different from the second IP address, the wireless controller returns authentication failure to the Portal server.
Optionally, the terminal identification information further includes: timestamp information, wherein the timestamp information is used for representing the sending time of the redirection message; after the wireless controller receives the authentication request sent by the Portal server, the method further comprises the following steps: the wireless controller decrypts the terminal identification information to obtain the timestamp information; and the wireless controller compares the timestamp information with the current time, and if the interval between the timestamp information and the current time exceeds a preset time, the wireless controller returns authentication failure to a Portal server.
Optionally, the terminal identification information further includes: the MAC address of the access equipment and the VLAN accessed by the terminal; the wireless controller sends a data forwarding rule to the access device associated with the terminal, and the data forwarding rule comprises the following steps: and the wireless controller sends a data forwarding rule to the access equipment according to the MAC address of the access equipment and the VLAN accessed by the terminal.
In a fourth aspect, an access device is provided, including:
the receiving unit is used for receiving a network access request sent by a terminal;
the processing unit is used for carrying the address of the Portal server and the terminal identification information corresponding to the terminal in the redirection message;
and the sending unit is used for returning the redirection message to the terminal so that the terminal sends the terminal identification information to a Portal server according to the Portal server address.
Optionally, the terminal identification information further includes at least one of the following: the MAC address of the terminal; or, the IP address of the terminal; or, the MAC address of the access device and the VLAN accessed by the terminal; or, timestamp information, where the timestamp information is used to indicate sending time of the redirection packet.
Optionally, the receiving unit is further configured to receive an address assignment request sent by the terminal;
the processing unit is further configured to determine an IP address to be allocated to the terminal according to the address allocation request, check whether an IP address of an associated terminal of the access device is the same as the IP address to be allocated, and change the IP address to be allocated to another IP address if an associated terminal having the same IP address as the IP address to be allocated exists.
Optionally, the processing unit is further configured to establish association with a new terminal, where the new terminal is moved from another access device to the access device; determining that the IP address of the new terminal is the same as the IP address of the associated terminal of the access equipment; the sending unit is further configured to send an address reconfiguration request for indicating a re-request address to the new terminal; the receiving unit is further configured to receive an address allocation request sent by the new terminal, and instruct the processing unit to allocate another IP address different from the IP address to the new terminal according to the address allocation request.
In a fifth aspect, there is provided a Portal server comprising:
the information receiving unit is used for receiving a redirection message sent by a terminal, wherein the redirection message carries an IP address of the terminal and terminal identification information;
and the authentication request unit is used for acquiring the authentication information of the terminal and sending an authentication request to a wireless controller (AC), wherein the authentication request carries the authentication information, the IP address of the terminal and the terminal identification information, so that the AC identifies the terminal according to the IP address and the terminal identification information.
In a sixth aspect, there is provided a wireless controller comprising:
the request receiving unit is used for receiving an authentication request sent by a Portal server, wherein the authentication request carries a first IP address of the terminal requesting authentication, authentication information and terminal identification information corresponding to the terminal; the authentication processing unit is used for sending the authentication information corresponding to the MAC address and the first IP address to an authentication server for authentication; and the result sending unit is used for sending a data forwarding rule to the access equipment associated with the terminal when the authentication is passed, wherein the data forwarding rule is used for the access equipment to forward the data of the terminal.
Optionally, the authentication processing unit is further configured to decrypt the terminal identification information to obtain a second IP address included in the terminal identification information; comparing the second IP address with the first IP address carried in the authentication request; and if the first IP address is different from the second IP address, indicating the result sending unit to return authentication failure to the Portal server.
Optionally, the authentication processing unit is further configured to decrypt the terminal identification information to obtain timestamp information included in the terminal identification information, where the timestamp information is used to indicate sending time of the redirection packet; and comparing the timestamp information with the current time, and if the interval between the timestamp information and the current time exceeds a preset time, indicating the result sending unit to return authentication failure to the Portal server.
Optionally, the terminal identification information received by the request receiving unit further includes: the MAC address of the access equipment and the VLAN accessed by the terminal; the result sending unit, when sending the data forwarding rule, is specifically configured to send the data forwarding rule to the access device according to the MAC address of the access device and the VLAN to which the terminal is accessed.
In the Portal authentication method and equipment, when the AP sends the redirection message to the terminal, the AP sends the terminal identification information of the terminal to the terminal together, so that the terminal sends the terminal identification information to the Portal server when the terminal is redirected to the Portal server, the Portal server also sends the terminal identification information of the terminal to the AC when sending the authentication request to the AC, and the AC can identify the terminals with the same IP address by combining the terminal identification information.
Drawings
FIG. 1 is a diagram of an application scenario of a Portal authentication method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a Portal authentication method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of another Portal authentication method according to an embodiment of the invention;
FIG. 4 is a schematic flow chart of another Portal authentication method according to an embodiment of the present invention;
FIG. 5 is a signaling diagram of another Portal authentication method according to an embodiment of the present invention;
FIG. 6 is a signaling diagram of another Portal authentication method according to an embodiment of the present invention;
FIG. 7 is a signaling diagram of another Portal authentication method according to an embodiment of the present invention;
FIG. 8 is a signaling diagram of another Portal authentication method according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an access device AP according to an embodiment of the present invention;
FIG. 10 is a schematic diagram of a Portal server according to an embodiment of the invention;
fig. 11 is a schematic structural diagram of a wireless controller according to an embodiment of the present invention.
Detailed Description
Portal authentication is a common Portal authentication mode in network access, and a current operator applies Portal authentication to a networking of 'LTE-Fi + AC' (LTE-FI is a product integrating 4G and WIFI, and the 4G network is used as a transparent channel to return WiFi service by organically combining a 4G-LTE technology and a WiFi technology), referring to fig. 1, wherein fig. 1 is an application scene diagram of the Portal authentication method provided by the embodiment of the invention. The LTE-Fi combines a 4G network and a WiFi technology, the 4G network is used as a transparent channel to return WiFi services, and the LTE-Fi integrates the functions of FitAP and 4G (Fit AP is opposite to Fat AP, and Fat AP integrates the functions of a WLAN such as a physical layer, encryption, user authentication, network management and the like, while FitAP is an AP with only radio frequency and communication functions, has a single function and cannot work independently). In a large-scale operator network, because of a large amount of users, LTE-Fi adopts distributed deployment, referring to fig. 1, in the embodiment of the present invention, LTE-Fi is referred to as AP for short, fig. 1 shows three APs, which are AP1, AP2, and AP3, each AP allocates an IP address to a User Equipment (UE) associated with the AP, respectively, but the UEs of the three APs all perform centralized User management on the AC side.
Taking the scenario of fig. 1 as an example, when performing Portal authentication, a network access request sent by a UE to an AP is redirected to a Portal server by the AP, and the UE needs to input authentication information (e.g., a user name and a password) to the Portal server; and then the Portal server sends an authentication request to the AC, and the authentication request carries the identification and the authentication information of the UE. In addition, when Portal authentication is performed, the authentication requests of the UEs (e.g., UE1, UE2, and UE3) under the three APs shown in fig. 1 are collectively sent to the AC by the Portal, and the AC sends the authentication information to the authentication server (e.g., AAA server) for authentication.
The Portal authentication method of the embodiment aims at the Portal authentication process, so that when the AC centrally manages the UE under each AP, different UEs can be distinguished, and even if the UE under different APs has the same IP address, the AC can also distinguish. See the following examples for details:
example one
Fig. 2 is a schematic flowchart of a Portal authentication method according to an embodiment of the present invention, where the method of the present embodiment is executed by an access device AP (i.e., LTE-Fi), taking AP2 as an example; the method can comprise the following steps:
201. the AP receives a network access request sent by the UE;
for example, if the network access request is an HTTP access request initiated from a URL, such as UE2 associated with AP2, to access a website with a com domain name, the UE2 sends an access request to the AP2 to access the domain name. It should be noted that, at this time, when the UE initiates an access request to the AP, the UE is already associated with the AP, including that the AP has already established a wireless connection with the UE and allocated an IP address to the UE.
202. The AP returns a redirection message to the terminal, and the redirection message carries a Portal server address and terminal identification information corresponding to the terminal;
in this embodiment, when the AP receives an access request sent by the UE, but finds that the UE has not performed Portal authentication (only if the Portal authentication passes, the access to the network resource is allowed), the AP redirects the UE to the Portal server for authentication.
Specifically, taking AP2 as an example, AP2 may send a redirection packet to UE2, where the redirection packet carries a Portal server address, so that UE2 connects to the Portal server according to the Portal server address; and the redirection message also carries terminal identification information corresponding to the terminal. The AP2 transmits the terminal identification information to the UE2, and the UE2 transmits the terminal identification information to the Portal server together when accessing the Portal server according to the Portal server address.
Optionally, the terminal identification information may include: the MAC address of the UE2 is such that after the Portal server sends the MAC address to the AC, the AC distinguishes terminals with the same IP address according to the MAC address. In a specific implementation, the terminal may be identified by using information other than the MAC address, as long as the function of distinguishing terminals having the same IP address is performed.
In the Portal authentication method of the embodiment, when the AP sends a redirection packet to the terminal, the AP sends the MAC address of the terminal to the terminal together, so that the terminal sends the MAC address to the Portal server when redirecting to the Portal server, so that the Portal server also sends the MAC address of the terminal to the AC when sending an authentication request to the AC, and the AC can identify the terminal by combining the MAC address.
Example two
FIG. 3 is a schematic flow chart of another Portal authentication method according to an embodiment of the present invention, which is executed by a Portal server; as shown in fig. 3, may include:
301. the Portal server receives a redirection message sent by the terminal, wherein the message carries the IP address of the terminal and the terminal identification information;
for example, the terminal identification information includes: the MAC address of the terminal;
in this embodiment, the terminal identification information sent by the terminal to the Portal server is sent to the terminal by the AP associated with the terminal; it should be noted that, in this embodiment, a message carrying a Portal server address and sent to the terminal by the AP is referred to as a redirection message, and an access request (carrying terminal identification information) sent to the Portal server by the terminal according to the Portal server address is also referred to as a redirection message, and other names may be adopted in specific implementation of the embodiment.
302. The Portal server acquires the authentication information of the terminal and sends an authentication request to the wireless controller AC, wherein the authentication request carries the authentication information, the IP address of the terminal and the terminal identification information;
in this embodiment, after receiving the redirection packet sent by the UE, the Portal server pushes the login interface to the UE, and the user on the UE side inputs a user name and a password on the interface and returns the user name and the password to the Portal server, where the user name and the password may be referred to as authentication information.
The Portal server sends an authentication request to the AC, and the authentication request carries the authentication information, the IP address of the terminal and the MAC address of the UE in the terminal identification information; thus, the AC side can identify the terminal according to the IP address and the MAC address, for example, the AC may record the authentication information of the terminal corresponding to "IP + MAC".
In the Portal authentication method of the embodiment, the Portal server sends the IP address of the UE and the terminal identification information together when sending the authentication request to the AC; therefore, different UEs can be identified at the AC according to the IP + MAC, even if the IP addresses of the two UEs are the same, the MAC addresses of the two UEs are different, so the AC can still identify the two UEs, and the problem of IP address conflict is solved.
EXAMPLE III
FIG. 4 is a flowchart illustrating another Portal authentication method according to an embodiment of the present invention, where the method is executed by the wireless controller AC; as shown in fig. 4, may include:
401. the AC receives an authentication request sent by a Portal server;
after receiving authentication information (including a user name and a password) of the UE, the Portal server carries the authentication information in an authentication request and sends the authentication information to the AC, and the authentication request also carries an IP address of the UE and terminal identification information (MAC address of the UE) corresponding to the UE. In this embodiment, in order to distinguish from an IP address appearing in a subsequent embodiment, the IP address of the UE carried in the authentication request herein is referred to as a first IP address in this embodiment.
402. And the AC sends the authentication information of the terminal corresponding to the MAC address and the first IP address to an authentication server for authentication, and sends a data forwarding rule to the AP associated with the terminal when the authentication is passed.
In this embodiment, the AC distinguishes different terminals according to "IP + MAC", and the AC sends the authentication information (including, for example, a user name and a password) of the terminal to an authentication server, such as an AAA server. After the AAA server passes the authentication, the AC sends the data forwarding rule to the AP associated with the terminal. The data forwarding rule is for the AP to forward data of the terminal.
In the Portal authentication method of this embodiment, the AC may obtain the IP address and the MAC address of the terminal, and distinguish different terminals according to "IP + MAC", so that even if the IP addresses of two UEs are the same in the users centrally managed by the AC, the AC can distinguish the two UEs because the MAC addresses of the two UEs are different, thereby solving the problem of IP address conflict.
The method of the embodiment of the invention can effectively solve the problem of IP address conflict, and even if the UE with the same IP address exists, the AC can be distinguished by combining the MAC, so that the distribution of the IP address field is not required to be planned in a unified way on the AP side of distributed deployment, and the independent IP address field is not required to be divided for each AP, thereby reducing the workload and being beneficial to the large-scale deployment of LTE-Fi equipment.
Example four
FIG. 5 is a signaling diagram of another Portal authentication method according to an embodiment of the present invention, where the method of this embodiment describes a complete process of Portal authentication cooperatively performed by AP, Portal, AC, and other devices; as shown in fig. 5, the method of this embodiment may include:
501. UE sends a network access request to AP;
and when the UE establishes wireless connection with the AP and the AP allocates an IP address for the UE, the UE sends a network access request to the AP.
502. The AP returns a first redirection message to the UE;
when the AP determines that the UE has not performed Portal authentication (if the UE passes the authentication, the AP side may have a record), the AP sends a redirection packet to the UE, which is referred to as a first redirection packet in this embodiment.
Specifically, the first redirection packet carries a Portal server address and terminal identification information corresponding to the UE, where the terminal identification information may include: the MAC address of the UE. In the embodiment, in order to ensure the safety, the terminal identification information is encrypted; for example, a Data Encryption Standard (DES) or an Advanced Encryption Standard (AES) Encryption algorithm may be used. The encryption algorithm and related parameters employed by the AP may be pre-configured at the AP. The encrypted terminal identification information may be set in a certain private field in the first redirection message.
503. The UE sends a second redirection message to the Portal server;
in this step, the UE sends a second redirection packet to the Portal server according to the Portal server address, where the second redirection packet carries the IP address of the UE and the encrypted terminal identification information. That is, the UE, after receiving the encrypted terminal identification information from the AP, transmits the encrypted terminal identification information to the Portal server upon redirection.
It should be noted that, when the AP sends the first redirection packet to the UE in 502, in addition to the address of the Portal server and the terminal identification information, other parameters may also be carried, such as an IP address of the AP, which is a conventional technique, and this embodiment is not described in detail again; in addition, similarly, when the UE sends the second redirection packet to the Portal server, in addition to the IP address of the UE and the terminal identification information, other parameters, such as a Service Set Identifier (SSID) added by the UE, may also be carried.
504. The Portal server sends a login interface to the UE;
the Portal server extracts the IP address of the UE, the encrypted terminal identification information and the like in the received second redirection message and stores the extracted IP address and the encrypted terminal identification information.
505. UE sends authentication information to Portal server;
for example, a user on the UE side may input information such as a user name and a password through a login interface, and send the information to a Portal server to request authentication of authentication information.
506. The Portal server sends an authentication request to the AC, wherein the authentication request carries: IP address and terminal identification information of the UE;
in this embodiment, the Portal server sends the encrypted terminal identification information received in 504, together with the IP address of the UE, to the AC; of course, the authentication request also carries authentication information for requesting authentication, such as a user name and a password of the user.
507. The AC sends the authentication information corresponding to the MAC and the IP to the AAA server to request authentication;
in this embodiment, the AC serves as a device that centrally manages each UE under different APs, and distinguishes different UEs by a combination of "IP + MAC"; for example, the AC may record UE1 corresponding to "IP 1+ MAC 1" with authentication information of the UE, and record UE2 corresponding to "IP 2+ MAC 2" with authentication information of the UE. The AC sends authentication information corresponding to the UE, such as a user name and a password, to the AAA for authentication.
508. The AC receives a notification of successful authentication returned by the AAA server;
509. the AC informs the Portal server that the authentication is successful;
in addition, the Portal server may notify the UE of successful authentication after receiving the notification of successful authentication, which may be performed according to conventional techniques, and this embodiment is not described in detail.
510. The AC sends a data forwarding rule to an AP associated with the UE corresponding to the MAC and the IP;
in this embodiment, after determining that the UE corresponding to "IP + MAC" is successfully authenticated, the AC issues a data forwarding rule corresponding to the UE, where the rule is issued to an AP associated with the UE; for example, referring to UE1 in fig. 1, the AC would send a data forwarding rule to AP1 and AP1 would forward the UE's data according to the rule.
In the Portal authentication method of the embodiment, the Portal server sends the IP address and the MAC address corresponding to the UE to the AC, and the AC can identify different UEs according to IP + MAC', so that even if the AC finds the two UEs with the same IP address, the two UEs can be distinguished by combining the MAC.
EXAMPLE five
The difference between this embodiment and the fourth embodiment is that the terminal identification information further includes some other information besides the MAC address of the UE, and these information are used to improve the security of Portal authentication, which is described in detail in the flow of fig. 6 below, fig. 6 only shows some main flows that are different from the fourth embodiment, and this embodiment is also executed for the same flow, for example, authentication information is sent to an AAA server, etc., but these will not be described repeatedly in this embodiment, and are not shown in fig. 6.
Fig. 6 is a signaling diagram of another Portal authentication method provided in the embodiment of the present invention, and as shown in fig. 6, the method of the embodiment may include:
601. UE sends a network access request to AP;
602. the AP returns a first redirection message to the UE;
in this embodiment, the first redirection packet carries a Portal server address and encrypted terminal identification information, where the terminal identification information includes not only an MAC address of the UE but also at least one of the following: the IP address of the UE and the time stamp information, wherein the time stamp information is used for representing the sending time of the first redirection message. At least one item described herein means that, in addition to the MAC address of the UE, the terminal identification information may include only the IP address of the UE, or only the time stamp information, or both the time stamp information and the IP address in the terminal identification information.
603. The UE sends a second redirection message to the Portal server, and sends the encrypted terminal identification information carried in the message to the Portal server;
604. the Portal server sends a login interface to the UE;
605. UE sends authentication information to Portal server;
606. the Portal server sends an authentication request to the AC, wherein the authentication request carries: an IP address of the UE and encrypted terminal identification information;
in this step, there are two IP addresses of the UE sent by the Portal server to the AC, where one IP address is sent by the UE to the Portal server in 603, which is also the case that the Portal server needs to send the IP address of the UE to the AC in the conventional technology; the other IP address is carried in the encrypted terminal identification information, the encrypted terminal identification information is encrypted at the AP side and then forwarded to a Portal server by the UE, the Portal server does not decrypt the information, but sends the encrypted terminal identification information to the AC, and the terminal identification information comprises the IP address of the UE.
In order to clearly distinguish the two IP addresses in the following description, the IP address included in the encrypted terminal identification information may be referred to as a second IP address, and the other may be referred to as a first IP address.
607. The AC decrypts the terminal identification information to obtain an IP address and timestamp information;
in this embodiment, the AC decryption terminal identification information may obtain the second IP address included therein, and may also obtain the timestamp information. As described above, the terminal identification information may include at least one of the second IP address and the timestamp information, and both are carried here as an example.
In addition, the AC and the AP may be the same encryption algorithm and related parameters configured in advance, so that after the terminal identification information is encrypted at the AP side, the AC may use the same algorithm for decryption.
608. The AC performs initial authentication judgment according to the decrypted terminal identification information;
for example, the AC may compare the IP addresses, compare the first IP address carried in the authentication request with the decrypted second IP address, if the first IP address is different from the second IP address, it indicates that the authentication has failed, and execute 609; otherwise, after the AC initial authentication is passed, the AC may then request authentication from the AAA server, as described in example four.
The IP address comparison to determine whether authentication passes is as follows: suppose the UE1 is performing a Portal authentication procedure, requesting access to network resources; a UE4 of a certain user wants to copy the UE1, which intercepts the encrypted terminal id information carried by the UE1 when sending the first redirection packet to the Portal, because according to the procedure of this embodiment, the UE1 needs to send the encrypted terminal id information to the Portal when redirecting, so the copy user will send the encrypted terminal id information to the Portal server after intercepting it. However, the IP address of the UE1 is carried in the terminal identification information, and the other IP address carried in the authentication request sent by the UE4 to the Portal server is the IP address of the UE4 itself, which are different, and the AC can determine that the encrypted terminal identification information may be intercepted by a spoofed user.
For another example, the AC may compare the timestamp information with a current time according to the timestamp information, where the current time may be a time when the AC decrypts to obtain the timestamp, or may be a time when the AC receives the authentication request, or may be a time when the AC processes the authentication request this time; if the interval between the timestamp information and the current time exceeds a predetermined time (e.g., the predetermined time is 5 minutes), an authentication failure is returned to the Portal server.
The comparison of the timestamps to determine whether the authentication passed is as follows: assuming that the UE1 is performing a Portal authentication procedure, the AP returns timestamp information to the UE1 after receiving a network access request of the UE 1; normally, if the UE1 continues to perform subsequent login to Portal, request authentication from the AC, etc., it should not be too long when the AC receives the authentication request sent by the Portal server. However, in special cases, for example, after the Portal server pushes the login interface to the UE1, the user of the UE1 does not enter the user name and password for authentication, but stops entering the user name and password and then does other things, and the authentication procedure is interrupted at the login interface.
The user of the UE1 may save the login interface to, for example, put it in a favorite, and wait for the next day to surf the internet to directly open the login interface of yesterday favorite for input, but at this time, the IP address of the UE1 may already be different from yesterday (the user needs to reassign the IP address when surfing the internet), that is, the IP address in the encrypted terminal identification information received and stored by the Portal server in yesterday is that of yesterday UE1, which is not practical, it is necessary for the UE1 to send a network access request to the AP again, and the AP sends the encrypted terminal identification information carrying the IP address to the UE again, so that the AC should feed back authentication failure, and trigger the Portal server to notify the UE to restart access.
609. The AC returns an authentication failure to the Portal server.
In the Portal authentication method, the IP address and the timestamp information of the UE are added into the terminal identification information, so that the AC can judge that the authentication information of the user has problems before requesting authentication from the AAA according to the information, and directly returns authentication failure to the Portal; therefore, the speed of the authentication process is increased, and the security of the authentication is improved.
EXAMPLE six
In this embodiment, on the basis of the flow of the fourth embodiment, the following is added to the terminal identification information: MAC address of AP and VLAN information accessed by UE; of course, the terminal identification information may also include the timestamp described in the fifth embodiment. The MAC address of the AP and the VLAN information accessed by the UE are mainly used to increase the issuing speed of the data forwarding rule when the authentication is passed.
For example, after receiving the notification that the authentication returned by the AAA server passes, the AC issues a data forwarding rule to the AP; at this time, the AC may quickly and accurately issue the data forwarding rule to the AP according to the MAC address of the AP and the VLAN information accessed by the UE, which are obtained by decrypting the terminal identification information, and the VLAN information accessed by the UE corresponds to a certain port on the AP and issues the data forwarding rule for the UE to the port.
EXAMPLE seven
The present embodiment mainly addresses the case where the UE roams between different APs, for example, assuming that the UE1 roams from AP1 to AP2, at this time, the AP2 may perform the method of the present embodiment to solve the problem of IP address collision. Fig. 7 is a signaling diagram of another Portal authentication method according to an embodiment of the present invention, and as shown in fig. 7, the method may include:
701. the AP receives an address allocation request sent by the UE;
for example, associated UE2, located under AP2, sends an address allocation request to AP 2.
702. The AP determines an IP address to be allocated for the UE according to the address allocation request;
for example, the AP2 determines that the IP address to be allocated is IP1, preparing to allocate IP1 to the UE 2.
703. The AP checks whether the IP address of the associated terminal is the same as the IP address to be allocated;
for example, the aforementioned UE1 has roamed from AP1 to AP2, and the AP2 may compare the IP address of the associated terminal UE1 to determine whether it is the same as the IP1 to be allocated. If so, then 704 is performed.
704. The AP changes the IP address to be allocated into another IP address;
for example, the AP2 changes the IP address IP1 to be allocated to IP2, and of course IP1 and IP2 are allocated by the AP2 from its own IP segment.
705. The AP sends the IP address to the UE.
For example, the AP2 sends IP2 to the UE2 as an IP address assigned to the UE 2. If the two IP addresses are different as a result of the determination in 703, the AP2 may directly send the initial to-be-allocated address IP1 to the UE.
In the flow shown in fig. 7, when the AP allocates an IP address to the UE associated with the AP, it first checks whether there is a terminal that is the same as an IP to be allocated among terminals associated with the AP, and if so, changes the IP allocation.
Fig. 8 is a signaling diagram of another Portal authentication method according to an embodiment of the present invention, and as shown in fig. 8, the method may include:
801. the AP establishes association with the new terminal;
for example, UE1 roams from AP1 to AP2, then UE1 is the new terminal for AP 2.
802. The AP determines that the IP address of the new terminal is the same as the IP address of the associated terminal of the AP;
for example, the associated terminal of the AP2 is UE2, the IP address of UE2 is the same as the IP address of UE1, where the IP address of UE1 was allocated at AP1 before UE1 roamed. When the AP2 finds that the IP addresses of both are the same, execution may continue 803;
803. the AP sends a re-association indication to the new terminal;
for example, the AP2 sends a reassociation indication to the UE1 informing the UE1 to reassociate.
804. The new terminal executes a re-association process with the AP according to the re-association instruction and requests the AP to distribute an IP address;
the UE1 will execute a reassociation procedure with the AP according to the reassociation instruction sent by the AP; for example, the UE1 sends an association request frame to the AP to start association, and carries information such as SSID and negotiation rate, and the re-association procedure may be performed according to a conventional procedure, which is not described in detail. After establishing the association, the UE1 will request allocation of an IP address to the AP.
805. The AP allocates another IP address to the new terminal;
at this point, the AP2 may assign a different IP address to the UE1 than the UE 2.
By the Portal authentication method, the AP side can avoid the occurrence of IP address conflict under the same AP when associating roaming UE.
The following eight to ten embodiments provide the structure of the device, and in these embodiments, only the structure of the device is briefly described, and the specific working principle thereof may be referred to in combination with the method embodiment.
Example eight
Fig. 9 is a schematic structural diagram of an access device AP according to an embodiment of the present invention, and as shown in fig. 9, the AP may include: a receiving unit 91, a processing unit 92, and a transmitting unit 93; wherein,
a receiving unit 91, configured to receive a network access request sent by a terminal;
the processing unit 92 is configured to carry the address of the Portal server and the terminal identification information corresponding to the terminal in the redirection message; for example, the terminal identification information includes: the MAC address of the terminal;
and the sending unit 93 is configured to return the redirection packet to the terminal, so that the terminal sends the terminal identification information to a Portal server according to the Portal server address.
Further, the terminal identification information further includes at least one of: the IP address of the terminal; or, the MAC address of the access device and the VLAN accessed by the terminal; or, timestamp information, where the timestamp information is used to indicate sending time of the redirection packet.
Further, the receiving unit 91 is further configured to receive an address assignment request sent by the terminal; the processing unit 92 is further configured to determine an IP address to be allocated to the terminal according to the address allocation request, check whether an IP address of an associated terminal of the access device is the same as the IP address to be allocated, and change the IP address to be allocated to another IP address if an associated terminal with the same IP address as the IP address to be allocated exists.
Further, the processing unit 92 is further configured to establish an association with a new terminal, where the new terminal is moved from another access device to the access device; determining that the IP address of the new terminal is the same as the IP address of the associated terminal of the access equipment; the sending unit 93 is further configured to send an address reconfiguration request for indicating a re-request address to the new terminal. The receiving unit 91 is further configured to receive an address assignment request sent by the new terminal, and instruct the processing unit 92 to assign another IP address different from the IP address to the new terminal according to the address assignment request.
Example nine
Fig. 10 is a schematic structural diagram of a Portal server provided in an embodiment of the present invention, and as shown in fig. 10, the Portal server may include: an information receiving unit 1001 and an authentication request unit 1002; wherein,
an information receiving unit 1001, configured to receive a redirection packet sent by a terminal, where the redirection packet carries an IP address of the terminal and terminal identification information; for example, the terminal identification information includes: the MAC address of the terminal;
an authentication request unit 1002, configured to acquire authentication information of the terminal, and send an authentication request to a wireless controller AC, where the authentication request carries the authentication information, an IP address of the terminal, and the terminal identification information, so that the AC identifies the terminal according to the IP address and the MAC address.
Example ten
Fig. 11 is a schematic structural diagram of a wireless controller according to an embodiment of the present invention, and as shown in fig. 11, the wireless controller may include: a request receiving unit 1101, an authentication processing unit 1102, and a result transmitting unit 1103; wherein,
a request receiving unit 1101, configured to receive an authentication request sent by a Portal server, where the authentication request carries a first IP address of the terminal requesting authentication, authentication information, and terminal identification information corresponding to the terminal; for example, the terminal identification information includes: the MAC address of the terminal;
an authentication processing unit 1102, configured to send the authentication information corresponding to the MAC address and the first IP address to an authentication server for authentication;
a result sending unit 1103, configured to send a data forwarding rule to the access device associated with the terminal when the authentication is passed, where the data forwarding rule is used for the access device to forward data of the terminal.
Further, the authentication processing unit 1102 is further configured to decrypt the terminal identification information to obtain a second IP address included in the terminal identification information; comparing the second IP address with the first IP address carried in the authentication request; and if the first IP address is different from the second IP address, indicating the result sending unit to return authentication failure to the Portal server.
Further, the authentication processing unit 1102 is further configured to decrypt the terminal identification information to obtain timestamp information included in the terminal identification information, where the timestamp information is used to indicate sending time of the redirection packet; and comparing the timestamp information with the current time, and if the interval between the timestamp information and the current time exceeds a preset time, indicating the result sending unit to return authentication failure to the Portal server.
Further, the terminal identification information received by the request receiving unit 1101 further includes: the MAC address of the access equipment and the VLAN accessed by the terminal; the result sending unit 1103 is specifically configured to send the data forwarding rule to the access device according to the MAC address of the access device and the VLAN accessed by the terminal when sending the data forwarding rule.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (18)

1. A Portal authentication method is characterized in that the Portal authentication method is applied to networking comprising access equipment and a wireless controller, the access equipment is deployed in a distributed mode, each access equipment allocates an IP address to a terminal associated with the access equipment, and the terminals under each access equipment deployed in the distributed mode carry out centralized user management on the wireless controller; the method comprises the following steps:
the access equipment receives a network access request sent by a terminal;
the access equipment returns a redirection message to the terminal, and the redirection message carries a Portal server address and terminal identification information corresponding to the terminal, so that the terminal sends the terminal identification information to the Portal server according to the Portal server address; the terminal identification information includes: the MAC address of the terminal and the IP address of the terminal.
2. The method of claim 1, wherein the terminal identification information further comprises at least one of:
the MAC address of the access equipment and the VLAN accessed by the terminal;
or, timestamp information, where the timestamp information is used to indicate sending time of the redirection packet.
3. The method of claim 1, wherein the access device, before receiving the network access request sent by the terminal, further comprises:
the access equipment receives an address allocation request sent by the terminal;
and the access equipment determines an IP address to be allocated for the terminal according to the address allocation request, checks whether the IP address of the associated terminal of the access equipment is the same as the IP address to be allocated, and changes the IP address to be allocated into another IP address if the associated terminal with the same IP address as the IP address to be allocated exists.
4. The method of claim 1, further comprising:
the access equipment establishes association with a new terminal, and the new terminal is moved to the access equipment from another access equipment;
sending an address reconfiguration request for indicating a re-request address to the new terminal when the IP address of the new terminal is determined to be the same as the IP address of the associated terminal of the access equipment;
and the access equipment receives an address allocation request sent by the new terminal and allocates another IP address different from the IP address to the new terminal according to the address allocation request.
5. A Portal authentication method is characterized in that the Portal authentication method is applied to networking comprising access equipment and a wireless controller, the access equipment is deployed in a distributed mode, each access equipment allocates an IP address to a terminal associated with the access equipment, and the terminals under each access equipment deployed in the distributed mode carry out centralized user management on the wireless controller; the method comprises the following steps:
a Portal server receives a redirection message sent by a terminal, wherein the redirection message carries an IP address of the terminal and terminal identification information; the terminal identification information includes an MAC address of the terminal;
the Portal server acquires authentication information of the terminal and sends an authentication request to a wireless controller (AC), wherein the authentication request carries the authentication information, the IP address of the terminal and the terminal identification information, so that the AC identifies the terminal according to the IP address and the terminal identification information.
6. A Portal authentication method is characterized in that the Portal authentication method is applied to networking comprising access equipment and a wireless controller, the access equipment is deployed in a distributed mode, each access equipment allocates an IP address to a terminal associated with the access equipment, and the terminals under each access equipment deployed in the distributed mode carry out centralized user management on the wireless controller; the method comprises the following steps:
the method comprises the steps that a wireless controller receives an authentication request sent by a Portal server, wherein the authentication request carries a first IP address of a terminal requesting authentication, authentication information and terminal identification information corresponding to the terminal, and the terminal identification information comprises an MAC address of the terminal;
and the wireless controller sends the authentication information corresponding to the MAC address and the first IP address to an authentication server for authentication, and sends a data forwarding rule to access equipment associated with the terminal when the authentication is passed, wherein the data forwarding rule is used for the access equipment to forward the data of the terminal.
7. The method of claim 6, wherein the terminal identification information further comprises: the encrypted second IP address corresponding to the terminal;
after the wireless controller receives the authentication request sent by the Portal server, the method further comprises the following steps:
the wireless controller decrypts the terminal identification information to obtain the second IP address;
and the wireless controller compares the second IP address with the first IP address carried in the authentication request, and if the first IP address is different from the second IP address, the wireless controller returns authentication failure to the Portal server.
8. The method of claim 6, wherein the terminal identification information further comprises: timestamp information, wherein the timestamp information is used for representing the sending time of the redirection message;
after the wireless controller receives the authentication request sent by the Portal server, the method further comprises the following steps:
the wireless controller decrypts the terminal identification information to obtain the timestamp information;
and the wireless controller compares the timestamp information with the current time, and if the interval between the timestamp information and the current time exceeds a preset time, the wireless controller returns authentication failure to the Portal server.
9. The method of claim 6, wherein the terminal identification information further comprises: the MAC address of the access equipment and the VLAN accessed by the terminal;
the wireless controller sends a data forwarding rule to the access device associated with the terminal, and the data forwarding rule comprises the following steps: and the wireless controller sends a data forwarding rule to the access equipment according to the MAC address of the access equipment and the VLAN accessed by the terminal.
10. An access device is characterized in that the access device is applied to Portal authentication in networking comprising the access device and a wireless controller, the access device is deployed in a distributed mode, each access device allocates an IP address to a terminal associated with the access device, and the terminals under each access device deployed in the distributed mode carry out centralized user management on the wireless controller; the apparatus comprises:
the receiving unit is used for receiving a network access request sent by a terminal;
the processing unit is used for carrying the address of the Portal server and the terminal identification information corresponding to the terminal in the redirection message; the terminal identification information includes: the MAC address of the terminal and the IP address of the terminal;
and the sending unit is used for returning the redirection message to the terminal so that the terminal sends the terminal identification information to a Portal server according to the Portal server address.
11. The access device of claim 10, wherein the terminal identification information further comprises at least one of: the MAC address of the access equipment and the VLAN accessed by the terminal; or, timestamp information, where the timestamp information is used to indicate sending time of the redirection packet.
12. The access device of claim 10,
the receiving unit is further configured to receive an address allocation request sent by the terminal;
the processing unit is further configured to determine an IP address to be allocated to the terminal according to the address allocation request, check whether an IP address of an associated terminal of the access device is the same as the IP address to be allocated, and change the IP address to be allocated to another IP address if an associated terminal having the same IP address as the IP address to be allocated exists.
13. The access device of claim 10,
the processing unit is further configured to establish association with a new terminal, where the new terminal is moved from another access device to the access device; determining that the IP address of the new terminal is the same as the IP address of the associated terminal of the access equipment;
the sending unit is further configured to send an address reconfiguration request for indicating a re-request address to the new terminal;
the receiving unit is further configured to receive an address allocation request sent by the new terminal, and instruct the processing unit to allocate another IP address different from the IP address to the new terminal according to the address allocation request.
14. A Portal server is characterized in that the Portal server is applied to Portal authentication in networking comprising access equipment and a wireless controller, the access equipment is deployed in a distributed mode, each access equipment distributes an IP address to a terminal associated with the access equipment, and the terminals under each access equipment deployed in the distributed mode perform centralized user management on the wireless controller; the server includes:
the information receiving unit is used for receiving a redirection message sent by a terminal, wherein the redirection message carries an IP address of the terminal and terminal identification information; the terminal identification information includes the MAC address of the terminal;
and the authentication request unit is used for acquiring the authentication information of the terminal and sending an authentication request to a wireless controller (AC), wherein the authentication request carries the authentication information, the IP address of the terminal and the terminal identification information, so that the AC identifies the terminal according to the IP address and the terminal identification information.
15. A wireless controller is characterized in that a wireless server is applied to Portal authentication in networking comprising access equipment and the wireless controller, the access equipment is deployed in a distributed mode, each access equipment allocates an IP address to a terminal associated with the access equipment, and the terminals under each access equipment deployed in the distributed mode carry out centralized user management on the wireless controller; the server includes:
the request receiving unit is used for receiving an authentication request sent by a Portal server, wherein the authentication request carries a first IP address of the terminal requesting authentication, authentication information and terminal identification information corresponding to the terminal; the terminal identification information includes the MAC address of the terminal;
the authentication processing unit is used for sending the authentication information corresponding to the MAC address and the first IP address to an authentication server for authentication;
and the result sending unit is used for sending a data forwarding rule to the access equipment associated with the terminal when the authentication is passed, wherein the data forwarding rule is used for the access equipment to forward the data of the terminal.
16. The wireless controller of claim 15,
the authentication processing unit is further configured to decrypt the terminal identification information to obtain a second IP address included in the terminal identification information; comparing the second IP address with the first IP address carried in the authentication request; and if the first IP address is different from the second IP address, indicating the result sending unit to return authentication failure to the Portal server.
17. The wireless controller of claim 15,
the authentication processing unit is further configured to decrypt the terminal identification information to obtain timestamp information included in the terminal identification information, where the timestamp information is used to indicate sending time of the redirection packet; and comparing the timestamp information with the current time, and if the interval between the timestamp information and the current time exceeds a preset time, indicating the result sending unit to return authentication failure to the Portal server.
18. The wireless controller of claim 15,
the terminal identification information received by the request receiving unit further includes: the MAC address of the access equipment and the VLAN accessed by the terminal;
the result sending unit, when sending the data forwarding rule, is specifically configured to send the data forwarding rule to the access device according to the MAC address of the access device and the VLAN to which the terminal is accessed.
CN201410369824.6A 2014-07-30 2014-07-30 A kind of portal authentication method and equipment Active CN104104516B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410369824.6A CN104104516B (en) 2014-07-30 2014-07-30 A kind of portal authentication method and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410369824.6A CN104104516B (en) 2014-07-30 2014-07-30 A kind of portal authentication method and equipment

Publications (2)

Publication Number Publication Date
CN104104516A CN104104516A (en) 2014-10-15
CN104104516B true CN104104516B (en) 2018-12-25

Family

ID=51672343

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410369824.6A Active CN104104516B (en) 2014-07-30 2014-07-30 A kind of portal authentication method and equipment

Country Status (1)

Country Link
CN (1) CN104104516B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105704109B (en) * 2014-11-28 2019-05-24 华为软件技术有限公司 A kind of network access verifying method and equipment
CN105791451B (en) * 2014-12-22 2020-02-21 华为技术有限公司 Message response method and device
CN104469758B (en) * 2014-12-25 2018-07-27 上海迈外迪网络科技有限公司 More equipment safety login methods
CN104469757B (en) * 2014-12-25 2018-01-16 上海迈外迪网络科技有限公司 Safe login method
CN104821940A (en) * 2015-04-16 2015-08-05 京信通信技术(广州)有限公司 Method and equipment for sending portal redirected address
CN104936181B (en) * 2015-06-25 2018-12-25 新华三技术有限公司 A kind of access authentication method and device connecting specified AP
CN104955036B (en) * 2015-07-07 2019-04-05 北京长亭科技有限公司 Safe networking method and apparatus under public Wi-Fi environment
CN106559405B (en) * 2015-09-30 2020-11-03 华为技术有限公司 Portal authentication method and equipment
CN106656911B (en) * 2015-10-29 2019-10-01 华为技术有限公司 A kind of portal authentication method, access device and management server
CN106921970A (en) * 2015-12-28 2017-07-04 华为技术有限公司 A kind of access authentication method, device and system
CN111654464A (en) * 2015-12-31 2020-09-11 华为技术有限公司 Access control method, authentication device and system
CN106453119A (en) * 2016-11-18 2017-02-22 杭州华三通信技术有限公司 Authentication control method and device
CN106506675A (en) * 2016-11-25 2017-03-15 杭州华三通信技术有限公司 A kind of page reorientation method and device
CN107580325B (en) * 2017-08-02 2021-08-06 台州智奥通信设备有限公司 WDS (Wireless data System) connection method, wireless access point and terminal equipment
CN109413649B (en) * 2018-11-06 2020-10-02 新华三技术有限公司 Access authentication method and device
CN109510839B (en) * 2018-12-24 2023-10-27 深圳市潮流网络技术有限公司 Distributed Portal access method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101651682A (en) * 2009-09-15 2010-02-17 杭州华三通信技术有限公司 Method, system and device of security certificate
CN102238543A (en) * 2010-04-27 2011-11-09 杭州华三通信技术有限公司 Wireless Portal authentication method and access controller
CN102685725A (en) * 2012-05-11 2012-09-19 中国联合网络通信集团有限公司 Information receiving method, information sending method, devices, and system
CN102739684A (en) * 2012-06-29 2012-10-17 杭州迪普科技有限公司 Portal authentication method based on virtual IP address, and server thereof
CN103297968A (en) * 2012-03-02 2013-09-11 华为技术有限公司 Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101651682A (en) * 2009-09-15 2010-02-17 杭州华三通信技术有限公司 Method, system and device of security certificate
CN102238543A (en) * 2010-04-27 2011-11-09 杭州华三通信技术有限公司 Wireless Portal authentication method and access controller
CN103297968A (en) * 2012-03-02 2013-09-11 华为技术有限公司 Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system
CN102685725A (en) * 2012-05-11 2012-09-19 中国联合网络通信集团有限公司 Information receiving method, information sending method, devices, and system
CN102739684A (en) * 2012-06-29 2012-10-17 杭州迪普科技有限公司 Portal authentication method based on virtual IP address, and server thereof

Also Published As

Publication number Publication date
CN104104516A (en) 2014-10-15

Similar Documents

Publication Publication Date Title
CN104104516B (en) A kind of portal authentication method and equipment
US11968181B2 (en) Secure network enrollment
US9288756B2 (en) Systems and methods for device-to-device communication in the absence of network coverage
KR102142576B1 (en) Method and apparatus for discovery of device-to-device communications
CN105706390B (en) Method and apparatus for performing device-to-device communication in a wireless communication network
US9246872B2 (en) Methods and arrangements for enabling data transmission between a mobile device and a static destination address
WO2015101125A1 (en) Network access control method and device
US9967099B2 (en) Method and apparatus for providing information
CN104955172A (en) Method for realizing mobile network virtualization, control platform, virtualization base station and system
CN107534664B (en) Multi-factor authorization for IEEE802.1X enabled networks
US11706823B2 (en) Communication management and wireless roaming support
CN110784434B (en) Communication method and device
CN111182546A (en) Method, equipment and system for accessing wireless network
CN104349511B (en) The distribution method and device of AP addresses in wlan network
WO2014107902A1 (en) Registration method for user equipment, short-distance service server and mobility management entity
CN107257558B (en) Message forwarding method and device
CN107360266B (en) Method and system for realizing terminal STA roaming in large two-layer network
EP3319277B1 (en) Provision of access to a network
WO2018054272A1 (en) Data transmission method and device, and computer storage medium
WO2018049655A1 (en) Device networking method, apparatus and system
CN113543131A (en) Network connection management method and device, computer readable medium and electronic equipment
US9980143B2 (en) Communication system, base station, and terminal
JP6546846B2 (en) Authentication server, access point and program
JP2016143947A (en) Wireless access point, communication control method, program thereof, and wireless communication system
JP2023002449A (en) Device and method for providing communication service for accessing ip network, and program therefor

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: Huasan Communication Technology Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant