Invention content
Based on this, it is necessary in view of the above-mentioned problems, a kind of wireless access point that certification accuracy can be improved of offer is recognized safely
Demonstrate,prove method and system.
A kind of wireless access point safety certifying method, includes the following steps:
It is sent from wireless access point and finds request message to wireless controller;The discovery request message includes wireless access
The sequence number and MAC Address of point;
The discovery request message is received from the wireless controller and carries out the sequence that parsing obtains the wireless access point
Row number and MAC Address, and send and find response message to the wireless access point;The discovery response message includes described wireless
The IP address information of controller;
The discovery back message is received from the wireless access point and carries out the IP that parsing obtains the wireless controller
Address information, and bound the wireless access point and wireless controller according to the IP address information of the wireless controller, with
And connection request message is sent to the wireless controller;
After the wireless controller receives the connection request message, judge the wireless access point sequence number and
Whether MAC Address matches with the sequence number and MAC Address to prestore;
If so, establishing the communication tunnel between wireless access point from the wireless controller.
A kind of wireless access point security certification system, including:
Sending module finds request message to wireless controller for being sent from wireless access point;The discovery request report
Text includes the sequence number and MAC Address of wireless access point;
Request message parsing module is obtained for receiving the discovery request message from the wireless controller and carrying out parsing
The sequence number and MAC Address of the wireless access point are taken, and sends and finds response message to the wireless access point;The discovery
Response message includes the IP address information of the wireless controller;
Response message parsing module, for receiving the discovery response message from the wireless access point and parse
To the IP address information of the wireless controller, and according to the IP address information of the wireless controller by the wireless access point
It is bound with wireless controller, and sends connection request message to the wireless controller;
Judgment module judges the wireless access after receiving the connection request message from the wireless controller
Whether the sequence number and MAC Address of point, match with the sequence number and MAC Address to prestore;
Communication connection module, sequence number and MAC Address for judging the wireless access point in the judgment module with
When sequence number and the MAC Address matching to prestore, the communication tunnel between wireless access point is established from the wireless controller.
Above-mentioned wireless access point safety certifying method and system send from wireless access point and find request message to wireless controlled
Device processed;It is received from wireless controller and finds request message and carry out sequence number and MAC Address that parsing obtains wireless access point, and
It sends and finds response message to wireless access point.It is received from wireless access point and finds back message and carry out parsing acquisition wireless controlled
The IP address information of device processed, and bound wireless access point and wireless controller according to the IP address information of wireless controller, with
And connection request message is sent to wireless controller.After wireless controller receives connection request message, wireless access point is judged
Sequence number and MAC Address, whether matched with the sequence number and MAC Address to prestore;If so, from wireless controller foundation and nothing
The communication tunnel of line access point.The sequence number and MAC Address that will determine that wireless access point be with the sequence number and MAC Address to prestore
No matching, as whether allow wireless access point access foundation, avoid the wireless access point not allowed connect wireless controller.
Compared with traditional wireless access point safety certifying method, certification accuracy is improved.
Specific implementation mode
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, below in conjunction with the accompanying drawings to the present invention
Specific implementation mode be described in detail.Many details are elaborated in the following description in order to fully understand this hair
It is bright.But the invention can be embodied in many other ways as described herein, those skilled in the art can be not
Similar improvement is done in the case of violating intension of the present invention, therefore the present invention is not limited by following public specific embodiment.
Unless otherwise defined, all of technologies and scientific terms used here by the article and belong to the technical field of the present invention
The normally understood meaning of technical staff is identical.Used term is intended merely to description tool in the description of the invention herein
The purpose of the embodiment of body, it is not intended that in the limitation present invention.
A kind of wireless access point safety certifying method, as shown in Figure 1, including the following steps:
Step S120:It is sent from wireless access point and finds request message to wireless controller.
It was found that request message includes the sequence number and MAC (Media Access Control, medium access of wireless access point
Control) address, the basis for estimation of safety certification is carried out for subsequent step.Wireless access point searching and detecting wireless control can be passed through
Device, and send and find request message to wireless controller.There are many modes that discovery request message is sent from wireless access point,
It can specifically be sent by static mode, mode of unicast, broadcast mode or OPTION43 modes and find request message to wireless control
Device.
Further, find request message specifically may include type of message, server number, identification code, message element and
Five parts of message element length, wherein message element are used to carry the hardware revision information of the wireless access point of wireless access point
And MAC Address, hardware revision information include the sequence number of wireless access point, as different wireless access point is identified.
Hardware revision information may also include the model of wireless access point, the hardware version numbers of manufacturer's extended sequence number and wireless access point
Deng.In addition, message element can also carry in the tunnel type for finding types value, hardware configuration information and wireless access point support
It is one or more.
Step S130:It is received from wireless controller and finds request message and carry out the sequence number that parsing obtains wireless access point
And MAC Address, and send and find response message to wireless access point.
The discovery request message received to wireless controller parses, and extraction finds the data information that request message carries
It is cached, is sent after obtaining the data information for finding request message carrying and find response message to wireless access point.It was found that
Response message includes the IP address information of wireless controller, is tied up with wireless controller as wireless access point in subsequent step
Fixed, IP address information specifically may include that the wireless access accessed in the usable interface address of wireless controller and usable interface is counted
Mesh, so that wireless access point to be accessed carries out binding selection.It moreover has been found that response message may also include the shape of wireless controller
One or more in state information, identifier and priority number, wherein the status information of wireless controller is for illustrating that it is worked as
The identifier of preceding state, such as working condition or dead status, wireless controller plays recognition reaction, and priority number can be used as nothing
The wireless controller of line access point selection highest priority is bound.
Step S140:It is received from wireless access point and finds back message and carry out the IP address that parsing obtains wireless controller
Information, and bound wireless access point and wireless controller according to the IP address information of wireless controller, and send connection and ask
Ask message to wireless controller.
It is received by wireless access point and finds back message and parsed, after obtaining the IP address information of wireless controller
It is bound with wireless controller.Include that the usable interface address of wireless controller and usable interface have accessed with IP address information
Wireless access count out for, select suitable usable interface address according to having accessed wireless access and counting out, wirelessly connect
The usable interface address binding of access point and the wireless controller of selection carries out data interactive communication and provides base after passing through for certification
Plinth.By after the usable interface address binding of wireless access point and the wireless controller of selection, sends connection from wireless access point and ask
Ask message to wireless controller.
Step S150:After wireless controller receives connection request message, with judging sequence number and the MAC of wireless access point
Whether location matches with the sequence number and MAC Address to prestore.
After wireless controller receives connection request message, judge wireless access point sequence number and MAC Address with it is pre-
Whether the sequence number and MAC Address deposited match, if so, carrying out step S160.
The quantity of the sequence number and MAC Address that prestore can be one, can also be two or more.An implementation wherein
In example, the sequence number and MAC Address that prestore in wireless controller are stored by the form of list, obtain that control is allowed to access
List.Specifically can be by building SQLITE databases, being established in the database allows accesses control list to store sequence number
And MAC Address.Accesses control list is allowed to may include number, wireless access point sequence number and wireless access point MAC Address three,
Storage allows the number and corresponding sequence number and MAC Address of the wireless access point accessed respectively.Sequence is stored in the form of a list
Row number and MAC Address, it is convenient and efficient and not error-prone so as to subsequent matching operation, improve matching reliability.
Step S160:The communication tunnel between wireless access point is established from wireless controller.
If the sequence number and MAC Address of wireless access point are matched with the sequence number and MAC Address to prestore, illustrate to be accessed
Wireless access point is legal, carries out DTLS dohandshake actions, establishes the communication tunnel between wireless access point and wireless controller.
Above-mentioned wireless access point safety certifying method will determine that the sequence number of wireless access point and MAC Address and prestore
Whether sequence number and MAC Address match, as whether allow wireless access point access foundation, avoid the wireless access not allowed
Point connection wireless controller.Compared with traditional wireless access point safety certifying method, certification accuracy is improved.
Further include setting up to find request message from wireless access point in one of the embodiments, before step S120
Step.
The sequence number of different radio access point is different, and can be obtained directly from the hardware revision information of wireless access point
It arrives.The MAC Address of wireless access point is obtained in the present embodiment by sockets interface.Can by the sequence number of wireless access point and
MAC Address is stored in WTP (wireless terminator point, wireless terminal point) plate data structure, then to WTP plate numbers
According in structure sequence number and MAC Address recombinated, obtain find request message.
Sockets interface is used interface when web application is communicated using network protocol stack, is allowed multiple
Program process carries out output transmission, and it is portable good to have the characteristics that.By the IP address of communication target, the transport layer used
Agreement and the port numbers used combine binds with sockets interface, and application layer can be distinguished by sockets interface from not
With program process or the communication of network connection, the concurrent services of data transmission are realized.It is obtained using sockets interface wireless
The MAC Address of access point, it is easy to operate, and implementation cost is low.
If in one of the embodiments, as shown in Fig. 2, the sequence number and MAC Address of wireless access point, with the sequence to prestore
Row number and MAC Address mismatch, and further include step S170.
Step S170:Preset warning message is exported from wireless controller.
If judging, sequence number and MAC Address mismatch, and illustrate that wireless access point to be accessed is illegal, export alarm signal
Breath reminds staff.Warning message can be picture, word or audio-frequency information etc., and in the present embodiment, step S170 is specially
Preset picture character shown by display simultaneously, and preset audio file is played by loud speaker to alarm,
Know in time convenient for staff.
It may also include step S180 in one of the embodiments, after step S160 with continued reference to Fig. 2.
Step S180:Connection response message is sent to wireless access point from wireless controller.
After judging that wireless access point to be accessed is legal, connection response message is sent extremely by wireless controller
Wireless access point can carry out data communication flow journey to inform that wireless access point safety certification passes through.
In one of the embodiments, after step S130, it may also include step S132.
Step S132:From wireless controller to finding that request message stores.
The discovery request message that wireless access point is sent is stored using wireless controller, be staff subsequently into
The operations such as row system rectification repair provide data basis.
The present invention also provides a kind of wireless access point security certification systems, as shown in figure 3, including sending module 120, asking
Ask packet parsing module 130, response message parsing module 140, judgment module 150 and communication connection module 160.
Sending module 120, which is used to send from wireless access point, finds request message to wireless controller.
It was found that request message includes the sequence number and MAC Address of wireless access point, safety certification is carried out for subsequent step
Basis for estimation.There are many modes that discovery request message is sent from wireless access point, can specifically pass through static mode, unicast side
Formula, broadcast mode or OPTION43 modes, which are sent, finds request message to wireless controller.
Further, find request message specifically may include type of message, server number, identification code, message element and
Five parts of message element length, wherein message element are used to carry the hardware revision information and MAC Address of wireless access point, firmly
Part version information includes the sequence number of wireless access point, as different wireless access point is identified.Hardware revision information
It may also include the model of wireless access point, the hardware version numbers etc. of manufacturer's extended sequence number and wireless access point.In addition, message element
Element can also carry one or more in the tunnel type for finding types value, hardware configuration information and wireless access point support.
Request message parsing module 130 finds request message and carries out parsing to obtain wirelessly for receiving from wireless controller
The sequence number and MAC Address of access point, and send and find response message to wireless access point.
It was found that response message includes the IP address information of wireless controller, as wireless access point in subsequent step and wirelessly
Controller is bound.IP address information specifically may include what the usable interface address of wireless controller and usable interface had been accessed
Wireless access is counted out, so that wireless access point to be accessed carries out binding selection.It moreover has been found that response message may also include nothing
It is one or more in the status information of lane controller, identifier and priority number, the wherein status information of wireless controller
For illustrating that its current state, such as working condition or dead status, the identifier of wireless controller play recognition reaction, priority
The wireless controller that number can be used as wireless access point selection highest priority is bound.
Response message parsing module 140 is used to receive from wireless access point and finds response message and parsed to obtain wireless
The IP address information of controller, and bound wireless access point and wireless controller according to the IP address information of wireless controller,
And connection request message is sent to wireless controller.
Include the usable interface address of wireless controller and the wireless access point that usable interface has accessed with IP address information
For number, suitable usable interface address is selected according to having accessed wireless access and counting out, wireless access point and selection
The usable interface address binding of wireless controller carries out data interactive communication and provides basis after passing through for certification.By wireless access
Point sends connection request message to wireless controlled with after the usable interface address binding of the wireless controller of selection from wireless access point
Device processed.
Judgment module 150 is used for after wireless controller receives connection request message, judges the sequence number of wireless access point
And MAC Address, whether matched with the sequence number and MAC Address to prestore.
The quantity of the sequence number and MAC Address that prestore can be one, can also be two or more.An implementation wherein
In example, the sequence number and MAC Address that prestore in wireless controller are stored by the form of list, obtain that control is allowed to access
List.Specifically can be by building SQLITE databases, being established in the database allows accesses control list to store sequence number
And MAC Address.Accesses control list is allowed to may include number, wireless access point sequence number and wireless access point MAC Address three,
Storage allows the number and corresponding sequence number and MAC Address of the wireless access point accessed respectively.Sequence is stored in the form of a list
Row number and MAC Address, it is convenient and efficient and not error-prone so as to subsequent matching operation, improve matching reliability.
Communication connection module 160 be used for judgment module 150 judge wireless access point sequence number and MAC Address with prestore
Sequence number and MAC Address match when, from wireless controller establish and wireless access point between communication tunnel.
If the sequence number and MAC Address of wireless access point are matched with the sequence number and MAC Address to prestore, illustrate to be accessed
Wireless access point is legal, carries out DTLS dohandshake actions, establishes the communication tunnel between wireless access point and wireless controller.
Above-mentioned wireless access point security certification system will determine that the sequence number of wireless access point and MAC Address and prestore
Whether sequence number and MAC Address match, as whether allow wireless access point access foundation, avoid the wireless access not allowed
Point connection wireless controller.Compared with traditional wireless access point safety certifying method, certification accuracy is improved.
Wireless access point security certification system further includes that message sets up module in one of the embodiments, and message is set up
Module is used for before sending module 120 sends discovery request message to wireless controller from wireless access point, from wireless access
Point, which is set up, finds request message.
The sequence number of different radio access point is different, and can be obtained directly from the hardware revision information of wireless access point
It arrives.The MAC Address of wireless access point is obtained in the present embodiment by sockets interface.Can by the sequence number of wireless access point and
MAC Address be stored in WTP plate data structures, then in WTP plate data structures sequence number and MAC Address recombinate, obtain
It was found that request message.The MAC Address of wireless access point is obtained using sockets interface, it is easy to operate, and implementation cost is low.
In one of the embodiments, as shown in figure 4, wireless access point security certification system further includes alarm module 170,
Alarm module 170 be used for judgment module 150 judge wireless access point sequence number and MAC Address and the sequence number that prestores and
When MAC Address mismatches, preset warning message is exported from wireless controller.
If judging, sequence number and MAC Address mismatch, and illustrate that wireless access point to be accessed is illegal, export alarm signal
Breath reminds staff.Warning message can be picture, word or audio-frequency information etc., in the present embodiment, specially pass through simultaneously
Display shows preset picture character, and plays preset audio file by loud speaker to alarm, and is convenient for work
Personnel know in time.
With continued reference to Fig. 4, wireless access point security certification system further includes returning to module in one of the embodiments,
180, it returns to module 180 and is used to establish the communication tunnel between wireless access point from wireless controller in communication connection module 160
After road, connection response message is sent to wireless access point from wireless controller.
After judging that wireless access point to be accessed is legal, connection response message is sent extremely by wireless controller
Wireless access point can carry out data communication flow journey to inform that wireless access point safety certification passes through.
Wireless access point security certification system further includes memory module 190, memory module in one of the embodiments,
190 find request message and carry out parsing acquisition wirelessly to connect for receiving from wireless controller in request message parsing module 130
The sequence number and MAC Address of access point, and send find response message to wireless access point after, from wireless controller to find ask
Message is stored.
The discovery request message that wireless access point is sent is stored, system rectification repair is subsequently carried out for staff
Equal operations provide data basis.
Several embodiments of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
Cannot the limitation to the scope of the claims of the present invention therefore be interpreted as.It should be pointed out that for those of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the guarantor of the present invention
Protect range.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.