CN104104516B - A kind of portal authentication method and equipment - Google Patents
A kind of portal authentication method and equipment Download PDFInfo
- Publication number
- CN104104516B CN104104516B CN201410369824.6A CN201410369824A CN104104516B CN 104104516 B CN104104516 B CN 104104516B CN 201410369824 A CN201410369824 A CN 201410369824A CN 104104516 B CN104104516 B CN 104104516B
- Authority
- CN
- China
- Prior art keywords
- terminal
- address
- access device
- identification information
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention provides a kind of portal authentication method and equipment, and wherein method includes: that access device receives the network access request that terminal is sent;Access device returns to redirection message to the terminal, the redirection message carries Portal server address and the corresponding terminal identification information of the terminal, so that the terminal identification information is sent to Portal server according to the Portal server address by the terminal.The present invention solves the problems, such as IP address conflict when Portal certification.
Description
Technical field
The present invention relates to portal authentication technology, in particular to a kind of portal authentication method and equipment.
Background technique
Portal certification is also commonly referred to as web authentication, and Portal authentication website is generally known as portal website, when user needs
It when accessing internet, needs to be authenticated in portal website, Internet resources just can be used after passing through in only certification.With
The development of network technology, operator starts the networking mode using " LTE-Fi+AC ", with the portion with WLAN that increases network utilization
Administration and coverage rate, in the networking of this mode, the LTE-Fi as access device uses distributed deployment, by wireless controller
(Access Controller, AC) manages multiple LTE-Fi of these distributed deployments.It can be accessed under each LTE-Fi more
A terminal needed using Internet resources, these terminals are also to need to carry out Portal certification when using Internet resources,
But Portal certification concentrates on AC being managed.For example, LTE-Fi is in the Portal certification request for receiving terminal transmission
When, it can be redirected to Portal server, the certification request of terminal is forwarded to AC, AC whereabouts certification clothes by Portal server
Business device certification;If certification passes through, AC can issue data forwarding rule to LTE-Fi, turn for data of the terminal on LTE-Fi
Hair.
Aforesaid way there may be the problem of be, terminal surf the Internet required for IP address be to be distributed by associated LTE-Fi
, if each LTE-Fi respectively distributes oneself responsible IP address section, it is possible to two terminals under different LTE-Fi occur
IP address having the same;And in the side AC of centralized management certification, AC is that different terminals are distinguished according to IP address, such as AC
It will record that terminal that IP address is * * * is authenticated to be passed through, and search the corresponding terminal association of the IP address in which LTE-Fi,
And data forwarding rule is sent to the LTE-Fi, but identical terminal will lead to AC for nothing if the side AC finds two IP address
Method is distinguished, therefore, the case where there can be no IP address conflicts by AC.In order to avoid IP address conflict, there is consideration in the related technology
IP address planning is done between each different LTE-Fi, the IP address section that distribution is used between each LTE-Fi cannot be overlapped, but
It is in this way when LTE-Fi quantity much has thousands of sometimes, carrying out IP address planning will be a very big workload, no
Adapt to the large scale deployment of LTE-Fi.
Summary of the invention
In view of this, the present invention provides a kind of portal authentication method and equipment, with solving IP when Portal certification
The problem of location conflicts.
Specifically, the present invention is achieved through the following technical solutions:
In a first aspect, providing a kind of portal authentication method, comprising:
Access device receives the network access request that terminal is sent;
The access device returns to redirection message to the terminal, and the redirection message is with carrying Portal server
Location and the corresponding terminal identification information of the terminal, so that the terminal is according to the Portal server address by institute
It states terminal identification information and is sent to Portal server.
Optionally, the terminal identification information, comprising: the MAC Address of the terminal.
Optionally, the terminal identification information further includes at least one following: the IP address of the terminal;Alternatively, institute
State the MAC Address of access device and the VLAN of terminal access;Alternatively, timestamp information, the timestamp information is used for table
Show the sending time of the redirection message.
Optionally, the access device is before receiving the network access request that terminal is sent, further includes: the access is set
The standby address assignment request for receiving the terminal and sending;The access device is determined according to the address assignment request for dividing
The IP address to be allocated of terminal described in dispensing, and check the access device associated terminal IP address whether with it is described to
It is identical to distribute IP address, if it exists IP address associated terminal identical with the IP address to be allocated, then it will be described to be allocated
IP address is changed to another IP address.
Optionally, further includes: the access device is associated with new terminal foundation, and the new terminal is set from another access
It is standby to move to the access device;In the IP address of the associated terminal of the IP address and the access device that determine the new terminal
When identical, sent to the new terminal and be used to indicate the address reconfiguration request for re-requesting address;The access device receives institute
The address assignment request of new terminal transmission is stated, and is distributed and the IP address according to the address assignment request to the new terminal
Another different IP address.
Second aspect provides a kind of portal authentication method, comprising:
Portal server receives the redirection message that terminal is sent, and the redirection message is with carrying the IP of the terminal
Location and terminal identification information;
The Portal server obtains the authentication information of the terminal, and sends certification request to wireless controller AC,
The certification request carries the IP address and the terminal identification information of the authentication information, the terminal, so that the AC
The terminal is identified according to the IP address and the terminal identification information.
The third aspect provides a kind of portal authentication method, comprising:
Wireless controller receives the certification request that Portal server is sent, and request certification is carried in the certification request
The first IP address, authentication information and the corresponding terminal identification information of the terminal of the terminal;
The MAC Address and the corresponding authentication information of the first IP address are sent to certification clothes by the wireless controller
Business device is authenticated, and when certification passes through, and sends data forwarding rule, the data to the access device of the terminal association
Forward rule forwards the data of the terminal for the access device.
Optionally, the terminal identification information, comprising: the MAC Address of the terminal.
Optionally, in the terminal identification information further include: corresponding second IP address of the terminal of encryption;Described
Wireless controller receives after the certification request that Portal server is sent, further includes:
The wireless controller decrypts the terminal identification information, obtains second IP address;The wireless controller
By second IP address compared with the first IP address carried in the certification request, if first IP address and the 2nd IP
Address is different, then fails to the Portal server return authentication.
Optionally, in the terminal identification information further include: timestamp information, the timestamp information is for indicating described
The sending time of redirection message;After the certification request that the wireless controller receives that Portal server is sent, also wrap
Include: the wireless controller decrypts the terminal identification information, obtains the timestamp information;The wireless controller will be described
Timestamp information is compared with current time, if the interval between the timestamp information and the current time is more than pre- timing
It is long, then fail to Portal server return authentication.
Optionally, in the terminal identification information further include: the MAC Address of the access device and the terminal access
VLAN;The wireless controller sends data forwarding rule to the access device of the terminal association, comprising: the wireless control
The VLAN that device is accessed according to the MAC Address of the access device and the terminal sends data forwarding rule to the access device
Then.
Fourth aspect provides a kind of access device, comprising:
Receiving unit, for receiving the network access request of terminal transmission;
Processing unit, for carrying Portal server address and the corresponding terminal identification information of the terminal
In redirection message;
Transmission unit, for returning to the redirection message to the terminal, so that the terminal is according to
The terminal identification information is sent to Portal server by Portal server address.
Optionally, the terminal identification information further includes at least one following: the MAC Address of the terminal;Alternatively, institute
State the IP address of terminal;Alternatively, the VLAN of the MAC Address of the access device and terminal access;Alternatively, timestamp is believed
Breath, the timestamp information are used to indicate the sending time of the redirection message.
Optionally, the receiving unit is also used to receive the address assignment request that the terminal is sent;
The processing unit, is also used to according to the address assignment request, determine for distribute to the terminal to point
With IP address, and check whether the IP address of the associated terminal of the access device is identical as the IP address to be allocated, if
There are IP address associated terminals identical with the IP address to be allocated, then the IP address to be allocated are changed to another
IP address.
Optionally, the processing unit is also used to be associated with new terminal foundation, and the new terminal is set from another access
It is standby to move to the access device;And determine the IP address of the IP address of the new terminal and the associated terminal of the access device
It is identical;The transmission unit is also used to send the address reconfiguration request for being used to indicate and re-requesting address to the new terminal;Institute
Receiving unit is stated, is also used to receive the address assignment request that the new terminal is sent, and indicate the processing unit according to
Address assignment request distributes another IP address different from the IP address to the new terminal.
5th aspect, provides a kind of Portal server, comprising:
Information receiving unit, for receiving the redirection message of terminal transmission, the redirection message carries the terminal
IP address and terminal identification information;
Certification request unit sends certification request for obtaining the authentication information of the terminal, and to wireless controller AC,
The certification request carries the IP address and the terminal identification information of the authentication information, the terminal, so that the AC
The terminal is identified according to the IP address and terminal identification information.
6th aspect, provides a kind of wireless controller, comprising:
Request reception unit is carried in the certification request and is asked for receiving the certification request of Portal server transmission
Ask the first IP address, authentication information and the corresponding terminal identification information of the terminal of the terminal of certification;Authentication processing
Unit, for the MAC Address and the corresponding authentication information of the first IP address to be sent to certificate server and authenticate;
As a result transmission unit, for sending data forwarding rule, the number to the access device of the terminal association when certification passes through
The data of the terminal are forwarded for the access device according to forward rule.
Optionally, the authentication processing unit, is also used to decrypt the terminal identification information, obtains in terminal identification information
Including the second IP address;By second IP address compared with the first IP address carried in the certification request;Described
One IP address is different from the second IP address, then indicates that the result transmission unit loses to the Portal server return authentication
It loses.
Optionally, the authentication processing unit, is also used to decrypt the terminal identification information, obtains in terminal identification information
Including timestamp information, the timestamp information is used to indicate the sending time of the redirection message;By the timestamp
Information, if the interval between the timestamp information and the current time is more than scheduled duration, refers to compared with current time
Show that the result transmission unit fails to the Portal server return authentication.
Optionally, in the received terminal identification information of the request reception unit further include: the access device
The VLAN of MAC Address and terminal access;The result transmission unit is particularly used for when sending data forwarding rule
According to the VLAN that the MAC Address of the access device and the terminal access, data forwarding rule is sent to the access device.
Portal authentication method and equipment of the invention, AP, can be by the ends of terminal when sending redirection message to terminal
End identification information also sends jointly to terminal, and such terminal can be by the terminal identification information when being redirected to Portal server
It is also sent to Portal server, so that Portal server also can be equally by the end of the terminal when sending certification request to AC
End identification information is sent to AC, and AC can be in conjunction with the identical terminal of terminal identification information identification IP address.
Detailed description of the invention
Fig. 1 is the application scenario diagram of portal authentication method provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of portal authentication method provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of another portal authentication method provided in an embodiment of the present invention;
Fig. 4 is the flow diagram of another portal authentication method provided in an embodiment of the present invention;
Fig. 5 is the signalling diagram of another portal authentication method provided in an embodiment of the present invention;
Fig. 6 is the signalling diagram of another portal authentication method provided in an embodiment of the present invention;
Fig. 7 is the signalling diagram of another portal authentication method provided in an embodiment of the present invention;
Fig. 8 is the signalling diagram of another portal authentication method provided in an embodiment of the present invention;
Fig. 9 is the structural schematic diagram of access device AP provided in an embodiment of the present invention;
Figure 10 is the structural schematic diagram of Portal server provided in an embodiment of the present invention;
Figure 11 is the structural schematic diagram of wireless controller provided in an embodiment of the present invention.
Specific embodiment
Portal certification is a kind of common gate verification mode in network access, and current operator authenticates Portal
Apply in the networking of " LTE-Fi+AC " that (LTE-FI is the product that 4G is merged with WIFI, by 4G-LTE technology and WiFi skill
Art is organically combined together, and returns WiFi business for 4G network as transparent channel), it is implementation of the present invention referring to Fig. 1, Fig. 1
The application scenario diagram for the portal authentication method that example provides.LTE-Fi is the combination by 4G network and WiFi technology, by 4G network
As transparent channel return WiFi business, LTE-Fi be integrated with FitAP and 4G function (Fit AP be with Fat AP comparatively
, Fat AP rolls into one the functions such as the physical layer of WLAN, encryption, user authentication, network management;And FitAP is one
There is the AP of radio frequency and communication function, have a single function, cannot work independently).In large-scale carrier network, due to user volume compared with
Greatly, LTE-Fi uses distributed deployment, and referring to Fig. 1, LTE-Fi is referred to as AP by the embodiment of the present invention, and Fig. 1 shows three AP,
It is AP1, AP2 and AP3 respectively, each AP distributes IP to the user equipment (User Equipment, UE) for being associated with oneself respectively
Address, but the UE of these three AP carries out concentration user management in the side AC.
By taking the scene of Fig. 1 as an example, when carrying out Portal certification, the network access request that UE is sent to AP can be by AP weight
It is directed to Portal server, UE needs input authentication information (for example, username and password) to Portal server;Again by
Portal server sends certification request to AC, carries the mark and authentication information of UE.Also, under three AP shown in Fig. 1
Each UE (for example, UE1, UE2 and UE3), when carrying out Portal certification, certification request all can by Portal concentrate issue
AC, then authentication information is sent to certificate server (for example, aaa server) by AC and is authenticated.
The portal authentication method of the present embodiment will be directed to above-mentioned Portal identifying procedure, so that AC is being managed concentratedly
When UE under each AP, different UE can be distinguished, and even if the UE under difference AP IP address occur identical
Situation can also be distinguished in AC.See below each embodiment:
Embodiment one
Fig. 2 is a kind of flow diagram of portal authentication method provided in an embodiment of the present invention, the method for the present embodiment
It is to be executed by access device AP (i.e. LTE-Fi), by taking AP2 as an example;May include:
201, AP receives the network access request that UE is sent;
For example, the network access request is the HTTP access request initiated to some URL, such as associated UE2 under AP2,
The website of some .com domain name is accessed, then UE2 will send the access request that access the domain name to AP2.It needs to illustrate
, at this time when UE initiates access request to AP, UE has been associated on AP, including AP establishes wireless connection with UE
And IP address is assigned with for UE.
202, AP returns to redirection message to terminal, which carries Portal server address and terminal
Corresponding terminal identification information;
In the present embodiment, when AP receives the access request of UE transmission, however, it was found that when UE not yet carries out Portal certification
(only Portal certification passes through just accessible Internet resources), UE can be redirected to Portal server and authenticated by AP.
Specifically, AP2 can send redirection message to UE2 by taking AP2 as an example, which carries Portal service
Device address, so that UE2 connects Portal server according to the Portal server address;And it is also carried in redirection message
The corresponding terminal identification information of terminal.Terminal identification information is sent to UE2 by AP2, UE2 according to Portal server address to
When Portal server accesses, which can be sent jointly to Portal server.
It optionally, may include: the MAC Address of UE2 in above-mentioned terminal identification information, so that Portal server will
After MAC Address is sent to AC, AC realizes the differentiation to the identical terminal of IP address according to the MAC Address.It, can also in specific implementation
, come identification terminal, to be distinguished as long as can play to the terminal of identical IP address using the other information except MAC Address
Function.
The portal authentication method of the present embodiment, AP, can be by the MAC Address of terminal when sending redirection message to terminal
Also terminal is sent jointly to, which can be also sent to Portal when being redirected to Portal server by such terminal
Server, so that the MAC Address of the terminal also equally can be sent to AC when sending certification request to AC by Portal server,
AC can combine the MAC Address identification terminal.
Embodiment two
Fig. 3 is the flow diagram of another portal authentication method provided in an embodiment of the present invention, the side of the present embodiment
Method is executed by Portal server;As shown in figure 3, may include:
301, Portal server receive terminal send redirection message, the IP address of the message carried terminal and
Terminal identification information;
For example, the terminal identification information includes: the MAC Address of terminal;
In the present embodiment, the terminal identification information that terminal is sent to Portal server is the hair of the AP as associated by terminal
It send to terminal;It should be noted that the present embodiment claims the message of the carrying Portal server address for being sent to terminal AP
For redirection message, the access request that terminal is sent according to the Portal server address to Portal server (is carried eventually
Hold identification information) also referred to as redirection message, other titles can certainly be used in specific implementation.
302, Portal server obtains the authentication information of the terminal, and sends certification request to wireless controller AC,
The certification request carries the IP address and above-mentioned terminal identification information of authentication information, terminal;
In the present embodiment, Portal server can push login interface after the redirection message for receiving UE transmission
To UE, the user of the side UE returns to Portal server after the interface inputs username and password, which can
With referred to as authentication information.
Portal server will send certification request to AC, carry above-mentioned authentication information, the IP address of terminal and above-mentioned
The MAC Address of UE in terminal identification information;In this way, the side AC can be according to IP address and MAC Address identification terminal, such as AC
It can recorde as the authentication information of " IP+MAC " corresponding terminal.
The portal authentication method of the present embodiment, Portal server can by the IP of UE when sending certification request to AC
Location and terminal identification information are sent together;Different UE can be identified according to " IP+MAC " in AC in this way, even if two UE
IP address it is identical, but the MAC Address of the two is different, therefore AC still is able to identify the two UE, to solve
IP address conflict problem.
Embodiment three
Fig. 4 is the flow diagram of another portal authentication method provided in an embodiment of the present invention, the side of the present embodiment
Method is executed by wireless controller AC;As shown in figure 4, may include:
401, AC receives the certification request that Portal server is sent;
Wherein, Portal server, can be by the certification after the authentication information (including username and password) for receiving UE
Information carrying is sent to AC in certification request, and IP address, the corresponding terminal identification information of UE of UE are also carried in certification request
(MAC Address of UE).In the present embodiment, in order to distinguish with the IP address that occurs in subsequent embodiment, the present embodiment will here
The IP address of the UE carried in certification request is known as the first IP address.
402, the authentication information of MAC Address and the corresponding terminal of the first IP address is sent to certificate server and recognized by AC
Card, and when certification passes through, data forwarding rule is sent to the AP of terminal association.
In the present embodiment, AC is that different terminals is distinguished according to " IP+MAC ", and AC can be by the authentication information (example of terminal
Such as include username and password) it is sent to certificate server, such as aaa server.After aaa server certification passes through, AC meeting
Data forwarding rule is sent to AP associated by terminal.The data forwarding rule is the data for AP forwarding terminal.
The portal authentication method of the present embodiment, the available IP address and MAC Address to terminal of AC, and according to
" IP+MAC " distinguishes different terminals, accordingly even when in the user of AC centralized management, there are two the IP address of UE is identical, but
It is since the MAC Address of the two is different, AC can also distinguish two UE, to solve asking for IP address conflict
Topic.
Method through the embodiment of the present invention, can effective settling IP address conflict the problem of, even if there are IP address phases
Same UE, AC can be also distinguish in conjunction with MAC, allow for not having to the side the AP unified planning IP address in distributed deployment in this way
The distribution of section does not need to divide individual IP address section to each AP, reduces workload, be conducive to the big rule of LTE-Fi equipment
Mould deployment.
Example IV
Fig. 5 is the signalling diagram of another portal authentication method provided in an embodiment of the present invention, the side of the present embodiment
Method describes the entire flow of the Portal certification executed with the equipment such as AP, Portal and AC;As shown in figure 5, this implementation
Example method may include:
501, UE sends network access request to AP;
Wherein, it is wirelessly connected when UE and AP is established, and AP is after UE is assigned with IP address, UE sends network access to AP
Request.
502, AP returns to the first redirection message to UE;
Wherein, when AP determines that UE not yet carries out Portal certification (if having passed through certification, the side AP has record), AP
Redirection message will be sent to UE, the present embodiment is known as the first redirection message.
Specifically, carrying Portal server address and the corresponding terminal iidentification letter of UE in first redirection message
It ceases, may include: the MAC Address of UE in the terminal identification information.In the present embodiment, in order to guarantee safety, terminal identification information
Using encryption;For example, can be using data encryption algorithm (Data Encryption Standard, referred to as: DES) or high
The Encryption Algorithm such as grade encryption standard (Advanced Encryption Standard, AES).The Encryption Algorithm and correlation that AP is used
Parameter can be configured in AP in advance.The terminal identification information of encryption can be some privately owned field in the first redirection message
Middle setting.
503, UE sends the second redirection message to Portal server;
In this step, UE will send the second redirection message to Portal server according to Portal server address,
The middle IP address for carrying UE and the terminal identification information of encryption.That is, UE is in the terminal iidentification for receiving encryption from AP
After information, the terminal identification information of the encryption can be sent to Portal server when redirecting.
It should be noted that in 502 AP when sending the first redirection message to UE, in Portal server address and
Except terminal identification information, other parameters, such as the IP address of AP etc. can also be carried, this is routine techniques, the present embodiment
No longer it is described in detail;Also, likewise, UE to Portal server send the second redirection message when, UE IP address and
Except terminal identification information, other parameters, such as service set (the Service Set that UE is added can also be carried
Identifier, SSID) etc..
504, Portal server sends login interface to UE;
Wherein, Portal server can be by the IP address of the UE in the second redirection message received, the terminal of encryption
Identification information etc. extracts, and is saved.
505, UE sends authentication information to Portal server;
For example, the user of the side UE can input the information such as user name, password by login interface, it is sent to Portal clothes
Business device, request authenticate authentication information.
506, Portal server sends certification request to AC, carries in the certification request: the IP address and terminal mark of UE
Know information;
In the present embodiment, Portal server is by the IP of the terminal identification information of the encryption received in 504 and UE
Location is sent to AC together;Certainly, in certification request also carry for request certification authentication information, such as user user name with
Password.
507, the corresponding authentication information of MAC and IP is sent to aaa server request certification by AC;
In the present embodiment, equipment of the AC as each UE under different AP is managed concentratedly comes area with the combination of " IP+MAC "
Divide different UE;For example, AC can recorde " IP1+MAC1 " corresponding UE1, authentication information is * * * *, is recorded " IP2+MAC2 "
Corresponding UE2, authentication information are * * * *.The corresponding authentication information of UE, such as username and password are sent to AAA and asked by AC
Ask certification.
508, the certification that AC receives aaa server return successfully notifies;
509, AC is authenticated successfully to Portal server notice;
In addition, Portal server is receiving certification successfully after notice, UE can be notified to authenticate successfully, these can be with
It is carried out according to routine techniques, the present embodiment is no longer described in detail.
510, AC sends data forwarding rule to AP associated by the corresponding UE of MAC and IP;
In the present embodiment, AC will issue the corresponding data of the UE and turn after the corresponding UE of determination " IP+MAC " is authenticated successfully
Hair rule, the rule will be issued on AP associated by UE;For example, with reference to the UE1 in Fig. 1, AC can send out data forwarding rule
It send to AP1, AP1 and will forward the data of UE according to the rule.
The portal authentication method of the present embodiment, Portal server can send out the corresponding IP address of UE and MAC Address
Different UE can be identified according to IP+MAC " by sending to AC, AC, so that even if AC has found the identical UE of two IP address,
It can be distinguished in conjunction with MAC.
Embodiment five
The difference of the present embodiment and example IV is, further include in terminal identification information UE MAC Address except its
His some information, these information are the safeties for improving Portal certification, Fig. 6 process as described below, and Fig. 6 is illustrated only
Some main processes distinguished with example IV, are for example sent to aaa server for authentication information for identical process
Deng the present embodiment can also execute, but these will not be repeated again in the present embodiment, also no longer show in Fig. 6.
Fig. 6 is the signalling diagram of another portal authentication method provided in an embodiment of the present invention, as shown in fig. 6, this
The method of embodiment may include:
601, UE sends network access request to AP;
602, AP returns to the first redirection message to UE;
The terminal iidentification letter of Portal server address and encryption is carried in the present embodiment, in the first redirection message
Breath, which not only includes the MAC Address of UE, further includes at least one of following: the IP address and timestamp of UE
Information, the timestamp information are used to indicate the sending time of the first redirection message.It is at least one of described here to mean,
Except the MAC Address of UE, the IP address of UE can be only included in terminal identification information or only include timestamp information or
Both person's timestamp information and IP address are included in terminal identification information.
603, UE sends the second redirection message to Portal server, and the terminal identification information of encryption is also carried and is being reported
Portal server is sent in text;
604, Portal server sends login interface to UE;
605, UE sends authentication information to Portal server;
606, Portal server sends certification request to AC, carries in the certification request: the IP address of UE and encryption
Terminal identification information;
In this step, IP address from Portal server to the AC UE sent there are two, one of IP address be
UE is sent to Portal server in 603, this be also in routine techniques Portal server need to send the IP address of UE
To AC;Another IP address is carried in the terminal identification information of encryption, and the terminal identification information of this encryption is in AP
After the encryption of side, Portal server is transmitted to by UE, Portal server will not decrypt the information, but by the end of the encryption
End identification information is sent to AC, includes the IP address of UE in terminal identification information.
It, can will be in the terminal identification information of encryption in order to clearly distinguish the two IP address in subsequent descriptions
Including IP address be known as the second IP address, another is known as the first IP address.
607, AC decryption terminal identification information, obtains IP address and timestamp information;
In the present embodiment, AC decryption terminal identification information it is available including the second IP address, can also obtain
Timestamp information.It crosses as described previously, terminal identification information includes at least one in the second IP address and timestamp information
, it is for both carrying here.
In addition, AC and AP can be preconfigured identical Encryption Algorithm and relevant parameter, such terminal identification information
After the encryption of the side AP, AC can be decrypted using identical algorithm.
608, AC carries out initial authentication judgement according to the terminal identification information of decryption;
For example, AC can carry out the comparison of IP address, the first IP address carried in certification request and decryption are obtained
Second IP address compares, if the first IP address is different from the second IP address, shows authentification failure, executes 609;Otherwise, AC
After initial authentication passes through, then it can request to authenticate from AC to aaa server, it can be in conjunction with referring to example IV.
IP address compares to determine whether authenticate by such, is exemplified below: assuming that UE1 is carrying out Portal certification
Process requests access to Internet resources;Some user UE4 wants counterfeit UE1, has intercepted and captured UE1 and has reset to Portal transmission first
The terminal identification information of the encryption carried when to message because according to the process of the present embodiment, UE1 be when redirecting need by
The terminal identification information of the encryption is sent to Portal, therefore counterfeit user can be by the terminal identification information of encryption after intercepting and capturing
It is sent to Portal server.But carried in terminal identification information be UE1 IP address, and UE4 is to Portal server
Another IP address also carried in the certification request of transmission is the IP address of UE4 itself, the two addresses are different, and AC can
To judge that the terminal identification information of encryption may be to be intercepted and captured by counterfeit user accordingly.
In another example AC can also be compared according to timestamp information, by timestamp information compared with current time, deserve
The preceding time can be AC decryption and obtain the time of the timestamp, or be also possible to the time that AC receives the certification request,
It can be described as the time of this processing certification request of AC;If the interval between timestamp information and current time is more than scheduled duration
(such as the scheduled duration is 5 minutes) then fails to Portal server return authentication.
By the comparison of timestamp to determine whether certification is by such, it is exemplified below: assuming that UE1 is being carried out
Portal identifying procedure, AP return timestamp information after receiving the network access request of UE1, to UE1;Normal condition
Under, if UE1 continues to execute subsequent login Portal, to AC request certification etc., Portal server is received in AC and is sent
Certification request when should be unable to too long.But some special circumstances, such as Portal server push login interface to UE1
Afterwards, the user of UE1 does not input username and password and authenticates, and is off input then does other things, then
This identifying procedure just interrupts here in login interface.
The user of UE1, which is possible to preserve the login interface, is such as placed on collection, direct when waiting online in second day
The login interface for opening collection yesterday is inputted, but at this time may UE1 different from the yesterday (user of IP address
IP address is redistributed when online), then the terminal for the encryption that is Portal server was received and stored in yesterday
IP address in identification information is the UE1 of yesterday, this does not just meet actual conditions, and UE1 is needed to send primary net to AP again
Network access request is issued the terminal identification information for once carrying the encryption of this IP address from AP to UE again, therefore, this
AC will feed back authentification failure, triggering Portal server notice UE restarting access.
609, AC fails to Portal server return authentication.
The portal authentication method of the present embodiment is believed by the IP address and timestamp of adding UE in terminal identification information
Breath, allow AC according to these information to before AAA request certification, indicate that the authentication information of user there are problem,
Directly fail to Portal return authentication;The speed of identifying procedure is accelerated in this way, and improves the safety of certification.
Embodiment six
The present embodiment increases in terminal identification information on the process base of example IV: the MAC Address and UE of AP
The vlan information of access;It certainly, also may include timestamp described in embodiment five etc. in terminal identification information.The MAC of AP
The vlan information of address and UE access, primarily to improving the downloading speed of data forwarding rule when certification passes through.
For example, AC, after the notice that the certification for receiving aaa server return passes through, AC will issue data forwarding rule to AP
Then;At this point, AC can be quickly quasi- according to the MAC Address for the AP that decryption terminal identification information obtains and the vlan information of UE access
True is issued to data forwarding rule AP, and the vlan information of UE access has corresponded to some port on AP, to the port
The data forwarding rule for UE is issued.
Embodiment seven
The mainly UE that the present embodiment is directed to is the different AP internetwork roamings the case where, for example, it is assumed that UE1 is roamed to from AP1
AP2, the method that AP2 can execute the present embodiment at this time, the problem of carrying out settling IP address conflict.Fig. 7 is that the embodiment of the present invention mentions
The signalling diagram of another portal authentication method supplied, as shown in fig. 7, may include:
701, AP receives the address assignment request that UE is sent;
For example, being located at associated UE2 under AP2, address assignment request is sent to AP2.
702, AP determines the IP address to be allocated for distributing to UE according to address assignment request;
For example, AP2 determines that IP address to be allocated is IP1, prepare IP1 distributing to UE2.
703, AP checks whether the IP address of associated terminal is identical as IP address to be allocated;
For example, UE1 above-mentioned roams to AP2 from AP1, AP2 can compare the IP address of associated terminal UE1, be
It is no identical as address ip 1 to be allocated.If identical, 704 are executed.
704, IP address to be allocated is changed to another IP address by AP;
For example, IP address IP1 to be allocated is changed to IP2 by AP2, certain IP1 and IP2 are the IP sections that AP2 is responsible for from oneself
Middle selection distribution.
705, IP address is sent to UE by AP.
For example, IP2 is sent to UE2 by AP2, the IP address as distribution to UE2.If the judging result in 703 is two
A IP address is different, and initial address ip to be allocated 1 directly can be sent to UE by AP2.
In process shown in Fig. 7, AP can be checked first and be associated with certainly when the UE to be associated with oneself distributes IP address
It whether there is terminal identical with IP to be allocated in oneself terminal, if there is then replacing IP distribution.
Fig. 8 is the signalling diagram of another portal authentication method provided in an embodiment of the present invention, as shown in figure 8, can
To include:
801, AP is associated with new terminal foundation;
For example, UE1 roams to AP2 from AP1, then UE1 is new terminal for AP2.
802, AP determines that the IP address of new terminal is identical as the IP address of associated terminal of AP;
For example, the associated terminal of AP2 is UE2, the IP address of UE2 and the IP address of UE1 are identical, the IP of UE1 here
Address is distributed before being UE1 roaming in AP1.When the IP address of both AP2 discoveries is identical, 803 can be continued to execute;
803, AP sends re-association instruction to new terminal;
For example, AP2 sends re-association instruction to UE1, notice UE1 re-starts association.
804, new terminal is indicated according to re-association, and re-association process is executed between AP, and AP is requested to distribute IP address;
The re-association that UE1 can be sent according to AP indicates, re-association process is executed between AP;Such as UE1 sends to AP and closes
Connection claim frame starts to be associated with, and carries the information such as SSID and negotiated speed, and re-association process can be executed according to old process, no longer
It is described in detail.After establishing association, UE1 will request distribution IP address to AP.
805, AP distributes another IP address to new terminal;
AP2 can distribute an IP address different from UE2 to UE1 at this time.
Portal authentication method through this embodiment, the side AP can avoid under the same AP in the UE of association roaming
IP address conflict the occurrence of.
Following embodiment eight provides the structure of equipment, in these embodiments only to device structure to embodiment ten
It is briefly described, specific working principle can be in conjunction with referring to embodiment of the method.
Embodiment eight
Fig. 9 is the structural schematic diagram of access device AP provided in an embodiment of the present invention, as shown in figure 9, the AP may include:
Receiving unit 91, processing unit 92 and transmission unit 93;Wherein,
Receiving unit 91, for receiving the network access request of terminal transmission;
Processing unit 92, for carrying Portal server address and the corresponding terminal identification information of the terminal
In redirection message;For example, the terminal identification information includes: the MAC Address of terminal;
Transmission unit 93, for returning to the redirection message to the terminal, so that the terminal is according to
The terminal identification information is sent to Portal server by Portal server address.
Further, the terminal identification information further includes at least one following: the IP address of the terminal;Alternatively,
The VLAN of the MAC Address of the access device and terminal access;Alternatively, timestamp information, the timestamp information is used for
Indicate the sending time of the redirection message.
Further, the receiving unit 91 is also used to receive the address assignment request that the terminal is sent;The processing
Unit 92 is also used to be determined for distributing to the IP address to be allocated of the terminal, and check according to the address assignment request
Whether the IP address of the associated terminal of the access device identical as the IP address to be allocated, if it exists IP address with it is described
The identical associated terminal of IP address to be allocated, then be changed to another IP address for the IP address to be allocated.
Further, the processing unit 92 is also used to be associated with new terminal foundation, and the new terminal is connect from another
Enter equipment and moves to the access device;And determine the IP of the IP address of the new terminal and the associated terminal of the access device
Address is identical;The transmission unit 93 is also used to send the address for being used to indicate re-request address to the new terminal and is reconfigured
Request.Receiving unit 91 is also used to receive the address assignment request that the new terminal is sent, and indicates the processing unit 92
Another IP address different from the IP address is distributed to the new terminal according to the address assignment request.
Embodiment nine
Figure 10 is the structural schematic diagram of Portal server provided in an embodiment of the present invention, as shown in Figure 10, the Portal
Server may include: information receiving unit 1001 and certification request unit 1002;Wherein,
Information receiving unit 1001, for receiving the redirection message of terminal transmission, described in the redirection message carries
The IP address and terminal identification information of terminal;For example, the terminal identification information includes: the MAC Address of terminal;
Certification request unit 1002 for obtaining the authentication information of the terminal, and sends to wireless controller AC and authenticates
Request, the certification request carries the IP address and the terminal identification information of the authentication information, the terminal, so that institute
It states AC and the terminal is identified according to the IP address and MAC Address.
Embodiment ten
Figure 11 is the structural schematic diagram of wireless controller provided in an embodiment of the present invention, as shown in figure 11, the wireless control
Device may include: request reception unit 1101, authentication processing unit 1102 and result transmission unit 1103;Wherein,
Request reception unit 1101 is taken in the certification request for receiving the certification request of Portal server transmission
The first IP address, authentication information and the corresponding terminal identification information of the terminal of the terminal with request certification;Example
Such as, which includes: the MAC Address of terminal;
Authentication processing unit 1102, for sending the corresponding authentication information of the MAC Address and the first IP address
It is authenticated to certificate server;
As a result transmission unit 1103, for sending data to the access device of the terminal association and turning when certification passes through
Hair rule, the data forwarding rule forward the data of the terminal for the access device.
Further, authentication processing unit 1102 is also used to decrypt the terminal identification information, obtains terminal identification information
In include the second IP address;By second IP address compared with the first IP address carried in the certification request;It is described
First IP address is different from the second IP address, then indicates that the result transmission unit loses to the Portal server return authentication
It loses.
Further, authentication processing unit 1102 is also used to decrypt the terminal identification information, obtains terminal identification information
In include timestamp information, the timestamp information is used to indicate the sending time of the redirection message;By the time
Information is stabbed compared with current time, if the interval between the timestamp information and the current time is more than scheduled duration,
Indicate that the result transmission unit fails to the Portal server return authentication.
Further, in the received terminal identification information of request reception unit 1101 further include: the access device
MAC Address and the terminal access VLAN;As a result it is specifically used when sending data forwarding rule transmission unit 1103
In the VLAN according to the MAC Address of the access device and terminal access, data forwarding rule are sent to the access device
Then.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the present invention.
Claims (18)
1. a kind of portal authentication method, which is characterized in that the portal authentication method is applied to include access device and nothing
In the networking of lane controller, the access device use distributed deployment, and each access device respectively to association to itself
Terminal distribution IP address, and the terminal under each access device of the distributed deployment is collected in the wireless controller
Middle user management;The described method includes:
Access device receives the network access request that terminal is sent;
The access device returns to redirection message to the terminal, the redirection message carry Portal server address,
And the corresponding terminal identification information of the terminal, so that the terminal is according to the Portal server address by the end
End identification information is sent to Portal server;The terminal identification information, comprising: the MAC Address of the terminal and the end
The IP address at end.
2. the method according to claim 1, wherein the terminal identification information further includes following at least one
:
The VLAN of the MAC Address of the access device and terminal access;
Alternatively, timestamp information, the timestamp information is used to indicate the sending time of the redirection message.
3. the method according to claim 1, wherein the access device is in the network access for receiving terminal transmission
Before request, further includes:
The access device receives the address assignment request that the terminal is sent;
The access device determines the IP address to be allocated for distributing to the terminal according to the address assignment request, and
Check whether the IP address of the associated terminal of the access device identical as the IP address to be allocated, if it exists IP address with
The identical associated terminal of the IP address to be allocated, then be changed to another IP address for the IP address to be allocated.
4. the method according to claim 1, wherein further include:
The access device is associated with new terminal foundation, and the new terminal is to move to the access from another access device to set
It is standby;
When the IP address for determining the new terminal is identical as the IP address of associated terminal of the access device, to described new
Terminal, which is sent, is used to indicate the address reconfiguration request for re-requesting address;
The access device receives the address assignment request that the new terminal is sent, and according to the address assignment request to described
New terminal distributes another IP address different from the IP address.
5. a kind of portal authentication method, which is characterized in that the portal authentication method is applied to include access device and nothing
In the networking of lane controller, the access device use distributed deployment, and each access device respectively to association to itself
Terminal distribution IP address, and the terminal under each access device of the distributed deployment is collected in the wireless controller
Middle user management;The described method includes:
Portal server receive terminal send redirection message, the redirection message carry the terminal IP address,
And terminal identification information;The terminal identification information includes the MAC Address of the terminal;
The Portal server obtains the authentication information of the terminal, and sends certification request to wireless controller AC, described
Certification request carries the IP address and the terminal identification information of the authentication information, the terminal so that the AC according to
The IP address and the terminal identification information identify the terminal.
6. a kind of portal authentication method, which is characterized in that the portal authentication method is applied to include access device and nothing
In the networking of lane controller, the access device use distributed deployment, and each access device respectively to association to itself
Terminal distribution IP address, and the terminal under each access device of the distributed deployment is collected in the wireless controller
Middle user management;The described method includes:
Wireless controller receives the certification request that Portal server is sent, and the described of request certification is carried in the certification request
First IP address of terminal, authentication information and the corresponding terminal identification information of the terminal, the terminal identification information include
The MAC Address of the terminal;
The MAC Address and the corresponding authentication information of the first IP address are sent to certificate server by the wireless controller
It is authenticated, and when certification passes through, sends data forwarding rule, the data forwarding to the access device of the terminal association
Rule forwards the data of the terminal for the access device.
7. according to the method described in claim 6, it is characterized in that, in the terminal identification information further include: encryption it is described
Corresponding second IP address of terminal;
After the certification request that the wireless controller receives that Portal server is sent, further includes:
The wireless controller decrypts the terminal identification information, obtains second IP address;
The wireless controller by second IP address compared with the first IP address carried in the certification request, if described
First IP address is different from the second IP address, then fails to the Portal server return authentication.
8. according to the method described in claim 6, it is characterized in that, in the terminal identification information further include: timestamp information,
The timestamp information is used to indicate the sending time of redirection message;
After the certification request that the wireless controller receives that Portal server is sent, further includes:
The wireless controller decrypts the terminal identification information, obtains the timestamp information;
The wireless controller by the timestamp information compared with current time, if the timestamp information and it is described current when
Between between interval be more than scheduled duration, then to the Portal server return authentication fail.
9. according to the method described in claim 6, it is characterized in that, in the terminal identification information further include: the access is set
The VLAN of standby MAC Address and terminal access;
The wireless controller sends data forwarding rule to the access device of the terminal association, comprising: the wireless control
The VLAN that device is accessed according to the MAC Address of the access device and the terminal sends data forwarding rule to the access device
Then.
10. a kind of access device, which is characterized in that the access device is applied to including access device and wireless controller
In networking carry out Portal certification, the access device use distributed deployment, and each access device respectively to association extremely
The terminal distribution IP address of itself, and the terminal under each access device of the distributed deployment the wireless controller into
Row concentrates user management;The equipment includes:
Receiving unit, for receiving the network access request of terminal transmission;
Processing unit, for resetting Portal server address and the corresponding terminal identification information carrying of the terminal
Into message;The terminal identification information, comprising: the IP address of the MAC Address of the terminal and the terminal;
Transmission unit, for returning to the redirection message to the terminal, so that the terminal takes according to the Portal
The terminal identification information is sent to Portal server by business device address.
11. access device according to claim 10, which is characterized in that the terminal identification information further include it is following extremely
One item missing: the VLAN of the MAC Address of the access device and terminal access;Alternatively, timestamp information, the timestamp letter
Cease the sending time for indicating the redirection message.
12. access device according to claim 10, which is characterized in that
The receiving unit is also used to receive the address assignment request that the terminal is sent;
The processing unit is also used to determine the IP to be allocated for distributing to the terminal according to the address assignment request
Address, and check whether the IP address of the associated terminal of the access device is identical as the IP address to be allocated, if it exists
IP address associated terminal identical with the IP address to be allocated, then with being changed to another IP by the IP address to be allocated
Location.
13. access device according to claim 10, which is characterized in that
The processing unit, be also used to new terminal establish be associated with, the new terminal be moved to from another access device described in
Access device;And determine that the IP address of the new terminal is identical as the IP address of associated terminal of the access device;
The transmission unit is also used to send the address reconfiguration request for being used to indicate and re-requesting address to the new terminal;
The receiving unit is also used to receive the address assignment request that the new terminal is sent, and indicates the processing unit root
Another IP address different from the IP address is distributed to the new terminal according to the address assignment request.
14. a kind of Portal server, which is characterized in that the Portal server is applied to including access device and wirelessly
Portal certification is carried out in the networking of controller, the access device uses distributed deployment, and each access device is distinguished
To association to itself terminal distribution IP address, and the terminal under each access device of the distributed deployment is described wireless
Controller carries out concentration user management;The server includes:
Information receiving unit, for receiving the redirection message of terminal transmission, the redirection message carries the IP of the terminal
Address and terminal identification information;Terminal identification information includes the MAC Address of the terminal;
Certification request unit sends certification request for obtaining the authentication information of the terminal, and to wireless controller AC, described
Certification request carries the IP address and the terminal identification information of the authentication information, the terminal so that the AC according to
The IP address and terminal identification information identify the terminal.
15. a kind of wireless controller, which is characterized in that the wireless server is applied to including access device and wireless control
Portal certification is carried out in the networking of device, the access device uses distributed deployment, and each access device is respectively to pass
It is coupled to the terminal distribution IP address of itself, and the terminal under each access device of the distributed deployment is in the wireless control
Device carries out concentration user management;The server includes:
Request reception unit carries request in the certification request and recognizes for receiving the certification request of Portal server transmission
The first IP address, authentication information and the corresponding terminal identification information of the terminal of the terminal of card;Terminal identification information
MAC Address including the terminal;
Authentication processing unit, for the MAC Address and the corresponding authentication information of the first IP address to be sent to certification clothes
Business device is authenticated;
As a result transmission unit, for sending data forwarding rule, institute to the access device of the terminal association when certification passes through
State the data that data forwarding rule forwards the terminal for the access device.
16. wireless controller according to claim 15, which is characterized in that
The authentication processing unit, is also used to decrypt the terminal identification information, obtains include in terminal identification information second
IP address;By second IP address compared with the first IP address carried in the certification request;First IP address with
Second IP address is different, then indicates that the result transmission unit fails to the Portal server return authentication.
17. wireless controller according to claim 15, which is characterized in that
The authentication processing unit, is also used to decrypt the terminal identification information, obtains the time for including in terminal identification information
Information is stabbed, the timestamp information is used to indicate the sending time of redirection message;By the timestamp information and current time
Compare, if the interval between the timestamp information and the current time is more than scheduled duration, indicates that the result is sent
Unit fails to the Portal server return authentication.
18. wireless controller according to claim 15, which is characterized in that
In the received terminal identification information of request reception unit further include: the MAC Address of the access device and institute
State the VLAN of terminal access;
The result transmission unit is particularly used for the MAC Address according to the access device when sending data forwarding rule
With the VLAN of terminal access, data forwarding rule is sent to the access device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410369824.6A CN104104516B (en) | 2014-07-30 | 2014-07-30 | A kind of portal authentication method and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410369824.6A CN104104516B (en) | 2014-07-30 | 2014-07-30 | A kind of portal authentication method and equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104104516A CN104104516A (en) | 2014-10-15 |
CN104104516B true CN104104516B (en) | 2018-12-25 |
Family
ID=51672343
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410369824.6A Active CN104104516B (en) | 2014-07-30 | 2014-07-30 | A kind of portal authentication method and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104104516B (en) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105704109B (en) * | 2014-11-28 | 2019-05-24 | 华为软件技术有限公司 | A kind of network access verifying method and equipment |
CN105791451B (en) * | 2014-12-22 | 2020-02-21 | 华为技术有限公司 | Message response method and device |
CN104469758B (en) * | 2014-12-25 | 2018-07-27 | 上海迈外迪网络科技有限公司 | More equipment safety login methods |
CN104469757B (en) * | 2014-12-25 | 2018-01-16 | 上海迈外迪网络科技有限公司 | Safe login method |
CN104821940A (en) * | 2015-04-16 | 2015-08-05 | 京信通信技术(广州)有限公司 | Method and equipment for sending portal redirected address |
CN104936181B (en) * | 2015-06-25 | 2018-12-25 | 新华三技术有限公司 | A kind of access authentication method and device connecting specified AP |
CN104955036B (en) * | 2015-07-07 | 2019-04-05 | 北京长亭科技有限公司 | Safe networking method and apparatus under public Wi-Fi environment |
CN106559405B (en) * | 2015-09-30 | 2020-11-03 | 华为技术有限公司 | Portal authentication method and equipment |
CN106656911B (en) * | 2015-10-29 | 2019-10-01 | 华为技术有限公司 | A kind of portal authentication method, access device and management server |
CN106921970A (en) * | 2015-12-28 | 2017-07-04 | 华为技术有限公司 | A kind of access authentication method, device and system |
CN111654464A (en) * | 2015-12-31 | 2020-09-11 | 华为技术有限公司 | Access control method, authentication device and system |
CN106453119A (en) * | 2016-11-18 | 2017-02-22 | 杭州华三通信技术有限公司 | Authentication control method and device |
CN106506675A (en) * | 2016-11-25 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of page reorientation method and device |
CN107580325B (en) * | 2017-08-02 | 2021-08-06 | 台州智奥通信设备有限公司 | WDS (Wireless data System) connection method, wireless access point and terminal equipment |
CN109413649B (en) * | 2018-11-06 | 2020-10-02 | 新华三技术有限公司 | Access authentication method and device |
CN109510839B (en) * | 2018-12-24 | 2023-10-27 | 深圳市潮流网络技术有限公司 | Distributed Portal access method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101651682A (en) * | 2009-09-15 | 2010-02-17 | 杭州华三通信技术有限公司 | Method, system and device of security certificate |
CN102238543A (en) * | 2010-04-27 | 2011-11-09 | 杭州华三通信技术有限公司 | Wireless Portal authentication method and access controller |
CN102685725A (en) * | 2012-05-11 | 2012-09-19 | 中国联合网络通信集团有限公司 | Information receiving method, information sending method, devices, and system |
CN102739684A (en) * | 2012-06-29 | 2012-10-17 | 杭州迪普科技有限公司 | Portal authentication method based on virtual IP address, and server thereof |
CN103297968A (en) * | 2012-03-02 | 2013-09-11 | 华为技术有限公司 | Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system |
-
2014
- 2014-07-30 CN CN201410369824.6A patent/CN104104516B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101651682A (en) * | 2009-09-15 | 2010-02-17 | 杭州华三通信技术有限公司 | Method, system and device of security certificate |
CN102238543A (en) * | 2010-04-27 | 2011-11-09 | 杭州华三通信技术有限公司 | Wireless Portal authentication method and access controller |
CN103297968A (en) * | 2012-03-02 | 2013-09-11 | 华为技术有限公司 | Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system |
CN102685725A (en) * | 2012-05-11 | 2012-09-19 | 中国联合网络通信集团有限公司 | Information receiving method, information sending method, devices, and system |
CN102739684A (en) * | 2012-06-29 | 2012-10-17 | 杭州迪普科技有限公司 | Portal authentication method based on virtual IP address, and server thereof |
Also Published As
Publication number | Publication date |
---|---|
CN104104516A (en) | 2014-10-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104104516B (en) | A kind of portal authentication method and equipment | |
US7849499B2 (en) | Enterprise wireless local area network (LAN) guest access | |
US9967738B2 (en) | Methods and arrangements for enabling data transmission between a mobile device and a static destination address | |
EP2534889B1 (en) | Method and apparatus for redirecting data traffic | |
CN103369531B (en) | A kind of method and device that control of authority is carried out based on end message | |
US8763075B2 (en) | Method and apparatus for network access control | |
CN109413194B (en) | User information cloud cooperative processing and transferring method for mobile communication system | |
CN107534664B (en) | Multi-factor authorization for IEEE802.1X enabled networks | |
CN110933084A (en) | Cross-domain shared login state method, device, terminal and storage medium | |
CN109413649A (en) | A kind of access authentication method and device | |
US20160345170A1 (en) | Wireless network segmentation for internet connected devices using disposable and limited security keys and disposable proxies for management | |
WO2016192608A3 (en) | Authentication method, authentication system and associated device | |
CN106572465B (en) | A kind of wireless connection method and system | |
CN109067788A (en) | A kind of method and device of access authentication | |
CN107360266B (en) | Method and system for realizing terminal STA roaming in large two-layer network | |
CN111565165B (en) | Cloud mobile phone authentication, maintenance and state change system and method | |
TW201824900A (en) | Access control method and device | |
US8639741B2 (en) | Method for distributing requests to server computers | |
CN104640111B (en) | Network insertion processing method, apparatus and system | |
Li et al. | SDN-based access authentication and automatic configuration for IPsec | |
CN105959251B (en) | method and device for preventing NAT from traversing authentication | |
CN104717062B (en) | The method and device that a kind of visitor based on BYOD management systems quickly accesses | |
CN108307683A (en) | The means of communication, micro-base station, micro-base station controller, terminal and system | |
CN106487940B (en) | Home eNodeB and the method for IP configuration | |
CN116112984B (en) | 5G wireless network fusion management and control method, system, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |