CN107360574A - A kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP - Google Patents

A kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP Download PDF

Info

Publication number
CN107360574A
CN107360574A CN201710455162.8A CN201710455162A CN107360574A CN 107360574 A CN107360574 A CN 107360574A CN 201710455162 A CN201710455162 A CN 201710455162A CN 107360574 A CN107360574 A CN 107360574A
Authority
CN
China
Prior art keywords
terminal device
blacklist
added
cloud controller
interim
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710455162.8A
Other languages
Chinese (zh)
Inventor
王斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Feixun Data Communication Technology Co Ltd
Original Assignee
Shanghai Feixun Data Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Feixun Data Communication Technology Co Ltd filed Critical Shanghai Feixun Data Communication Technology Co Ltd
Priority to CN201710455162.8A priority Critical patent/CN107360574A/en
Publication of CN107360574A publication Critical patent/CN107360574A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP, wherein, the terminal equipment managing method includes:Judge whether the number of same terminal device association in preset time period exceedes correlation threshold;If so, the terminal device is added into blacklist;The addition black list messages for the terminal device are sent to cloud controller, are added into interim blacklist.Frequently associated when judging a certain terminal device in WAP within a period of time with oneself, be then added into blacklist, while notify cloud controller to be added into interim blacklist, the network connection to the terminal device is managed, to prevent bringing burden to system.

Description

A kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP
Technical field
The present invention relates to communication technical field, more particularly to a kind of terminal equipment managing method, a kind of cloud controller and one Kind WAP
Background technology
With the rapid development of Internet, as the physical entity being connected in network, the network equipment (e.g., smart mobile phone, Tablet personal computer, routing device, gateway etc.) daily life is increasingly flooded with, it is ubiquitous.At the same time, with intelligence Terminal intellectuality and it is growing to the demand of wireless coverage, from office, house to public place, immanent WIFI (Wireless-Fidelity, Wireless Fidelity) wireless application is changing our life, we come into " equipment is carry-on, The wireless network life of network retinue ".
Wireless aps (Access Point, access point), are commonly called as " focus ", are the access points of a wireless network.Main bag Route switching access equipment integrating and pure access point apparatus are included, wherein, equipment integrating performs access and route work.As tradition A kind of alternative solution of routing network or extension, WLAN have been liberated out personal from office table side, make people can be with Information is obtained whenever and wherever possible, and facility is provided for people.
During wireless aps are connected, if same terminal device occur frequently associates a certain wireless aps, can be undoubtedly Command to bear, especially in public places, in the case where system itself load is heavier, if frequently occurring same end The situation that end equipment associates repeatedly may result in system and exception occurs.In addition, there is such case, cloud controller is often also very It is that wireless aps are out of joint by malicious attack or terminal device system itself that hardly possible, which judges, encounters such case such as with this Where, which is managed, becomes the technical problem of a urgent need to resolve.
The content of the invention
It is an object of the invention to provide a kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP, Effectively solve in the prior art to during terminal device frequency association WAP to caused by system infringement, while not president when Between influence terminal device use.
Technical scheme provided by the invention is as follows:
A kind of terminal equipment managing method, applied to wireless aps, the terminal equipment managing method includes:
Judge whether the number of same terminal device association in preset time period exceedes correlation threshold;If so,
The terminal device is added into blacklist;
The addition black list messages for the terminal device are sent to cloud AC (Cloud Controller, cloud controller), It is added into interim blacklist.
In the technical program, frequently associated when judging a certain terminal device in wireless aps within a period of time with oneself, Blacklist is then added into, while notifies cloud AC to be added into interim blacklist, the network connection to the terminal device carries out pipe Reason, to prevent bringing burden to system.
It is further preferred that sending the black list messages for the terminal device to cloud AC described, it is added into interim In blacklist, including:
Cloud AC receives the addition black list messages that wireless aps are sent;
Cloud AC parsings add black list messages and obtain the identification information of terminal device, are added into and faced according to the identification information When blacklist;
Cloud AC controls start timing for the timer of the terminal device.
It is further preferred that after cloud AC controls start timing for the timer of the terminal device, in addition to:
Judge whether timer expires;If so,
The terminal device is removed from interim blacklist;
Black list messages will be removed and feed back to wireless aps, be moved out blacklist.
It is each terminal device setting timer for adding interim blacklist in cloud AC, from end in the technical program End equipment adds blacklist and starts timing, until timer expires, interim blacklist is moved out, when simply being forbidden one section Between network connection, rather than blacklist is permanently set to, in order to avoid to user when terminal device its own system goes wrong Use bring inconvenience.
It is further preferred that sending the addition black list messages for the terminal device to cloud AC described, it is added into After interim blacklist, in addition to:
Cloud AC determines whether that other wireless aps receive the probe request of the terminal device;If so,
Cloud AC feeds back to the interim blacklist comprising the Terminal Equipment Identifier information institute that can receive probe request There are wireless aps, be added into blacklist.
In the technical program, after terminal device is added into interim blacklist, when there is other wireless aps to detect The probe request that the terminal device is sent, interim blacklist is sent immediately to respective wireless AP, by it in respective wireless AP Blacklist is added, in case terminal device is to these wireless aps malicious attacks.
It is further preferred that sending the addition black list messages for the terminal device to cloud AC described, it is added into After interim blacklist, in addition to:
Cloud AC receives the certification request that wireless aps are sent, and the certification request is after terminal device associates wireless aps, by nothing Line AP is sent to cloud AC;
Whether cloud AC judges terminal device to be certified in interim blacklist according to certification request;If so,
Cloud AC refuses the certification to the terminal device;
Cloud AC, which feeds back to the interim blacklist comprising the Terminal Equipment Identifier information, sends all wireless of certification request AP, it is added into blacklist.
In the technical program, after terminal device is added into interim blacklist, terminal is received when there are other wireless aps The association request that equipment is sent, after association, wireless aps transmission certification request to cloud AC, cloud AC send interim blacklist immediately To respective wireless AP, blacklist is added into respective wireless AP, in case terminal device is to these wireless aps malicious attacks.
Present invention also offers a kind of cloud AC, including:
First memory, for storing a plurality of instruction, and a plurality of instruction is loaded and performed suitable for first processor;
First processor, for reading the instruction stored in first memory and execution, a plurality of instruction includes:
Receive the addition black list messages that wireless aps are sent;
Parse the addition black list messages and obtain the identification information of terminal device, be added into and faced according to the identification information When blacklist;
Start timing for the timer of the terminal device.
It is further preferred that after instructing the timer for the terminal device to start timing, in addition to:
Judge whether timer expires;If so,
The terminal device is removed from interim blacklist;
Black list messages will be removed and feed back to wireless aps, be moved out blacklist.
In the technical program, the timing since terminal device adds blacklist, until timer expires, it is moved out facing When blacklist, simply forbidden the network connection of a period of time, rather than be permanently set to blacklist, in order to avoid terminal is set Use when standby its own system goes wrong to user brings inconvenience.
It is further preferred that after instruction is added into interim blacklist according to the identification information, in addition to:
Determine whether that other wireless aps receive the probe request of the terminal device;If so,
Interim blacklist comprising the Terminal Equipment Identifier information is fed back to being whether there is for probe request can be received Line AP, is added into blacklist.
In the technical program, after terminal device is added into interim blacklist, when there is other wireless aps to detect The probe request that the terminal device is sent, interim blacklist is sent immediately to respective wireless AP, by it in respective wireless AP Blacklist is added, in case terminal device is to these wireless aps malicious attacks.
It is further preferred that after instruction is added into interim blacklist according to the identification information, in addition to:
The certification request that wireless aps are sent is received, the certification request is after terminal device associates wireless aps, by wireless aps Send to cloud AC;
Judge terminal device to be certified whether in interim blacklist according to certification request;If so,
Refuse the certification to the terminal device;
Interim blacklist comprising the Terminal Equipment Identifier information is fed back to all wireless aps for sending certification request, will It adds blacklist.
In the technical program, after terminal device is added into interim blacklist, terminal is received when there are other wireless aps The association request that equipment is sent, after association, wireless aps transmission certification request to cloud AC, cloud AC send interim blacklist immediately To respective wireless AP, blacklist is added into respective wireless AP, in case terminal device is to these wireless aps malicious attacks.
Present invention also offers a kind of wireless aps, including:
Second memory, for storing a plurality of instruction, and a plurality of instruction is loaded and performed suitable for second processor;
Second processor, for reading the instruction stored in second memory and execution, a plurality of instruction includes:
Judge whether the number of same terminal device association in preset time period exceedes correlation threshold;If so,
The terminal device is added into blacklist;
The addition black list messages for the terminal device are sent to cloud AC.
In the technical program, frequently associated when judging a certain terminal device in wireless aps within a period of time with oneself, Blacklist is then added into, while notifies cloud AC to be added into interim blacklist, the network connection to the terminal device carries out pipe Reason, to prevent bringing burden to system.
It is further preferred that a plurality of instruction also includes:
The interim blacklist for including the Terminal Equipment Identifier information of cloud AC feedbacks is received, corresponding terminal equipment is added black List;And/or
Receive cloud AC feedbacks and remove black list messages, corresponding terminal equipment is removed into blacklist.
In the technical program, corresponding terminal equipment is added blacklist according to cloud AC instruction or is moved out by wireless aps Blacklist, so as to the management to terminal equipment access network.
Brief description of the drawings
Below by a manner of clearly understandable, preferred embodiment is described with reference to the drawings, to being inverted quantitative aerosol valve Above-mentioned characteristic, technical characteristic, advantage and its implementation be further described.
Fig. 1 is a kind of embodiment schematic flow sheet of terminal equipment managing method in the present invention;
Fig. 2 is terminal equipment managing method another embodiment schematic flow sheet in the present invention;
Fig. 3 is terminal equipment managing method another embodiment schematic flow sheet in the present invention;
Fig. 4 is terminal equipment managing method another embodiment schematic flow sheet in the present invention;
Fig. 5 is medium cloud AC schematic diagrames of the present invention;
Fig. 6 is wireless aps schematic diagram in the present invention;
Drawing reference numeral explanation:
100- clouds AC, 110- first memory, 120- first processors, 200- wireless aps, 210- second memories, 220- Second processor.
Embodiment
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, control is illustrated below The embodiment of the present invention.It should be evident that drawings in the following description are only some embodiments of the present invention, for For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings Accompanying drawing, and obtain other embodiments.
To make simplified form, part related to the present invention is only schematically show in each figure, their not generations Its practical structures as product of table.
It is a kind of embodiment schematic flow sheet of terminal equipment managing method provided by the invention as shown in Figure 1, specifically should Terminal equipment managing method is applied to wireless aps, it can be seen that including in the terminal equipment managing method:S10 sentences Whether the number of same terminal device association exceedes correlation threshold in disconnected preset time period;If so, jump to step S20;S20 will The terminal device adds blacklist;S30 sends the addition black list messages for the terminal device to cloud AC, is added into interim Blacklist.
In the present embodiment, in wireless aps, the number that terminal device associates repeatedly in preset time period is counted, specifically Here association refers to repeatedly:Terminal device sends association request to wireless aps, and after being successfully associated, wireless aps send certification request to cloud AC carries out authentication, after certification success, intermittent line when of short duration, then associates, operates repeatedly again.
After counting the number associated repeatedly, it is compared with default correlation threshold, if the number of association More than correlation threshold, blacklist is added into immediately, while sends and adds black list messages to cloud AC, with this cloud AC according to this Black list messages are added into blacklist;Otherwise do not process.Hereafter, if the terminal device sends association request to the nothing again Line access point, the WAP first determines whether the terminal device whether in blacklist, if so, refusing the pass of the terminal device Connection request;Otherwise the terminal device is associated, and sends ID authentication request to cloud AC.Specifically correlation threshold here and it is default when Between section set according to actual conditions, be not specifically limited in the present embodiment, such as in one example, by preset time period It is set as 5 minutes, correlation threshold is set as 20 times;And for example, preset time period is set as 2 minutes, correlation threshold is set It is inferior for 10.
Above-mentioned embodiment is improved to obtain present embodiment, as shown in Fig. 2 in the present embodiment, the terminal Device management method includes:S10 judges whether the number of same terminal device association in preset time period exceedes correlation threshold; If so, jump to step S20;The terminal device is added blacklist by S20;S31 clouds AC receives the black name of addition that wireless aps are sent Single message;S32 clouds AC parsings add black list messages and obtain the identification information of terminal device, are added into according to the identification information Interim blacklist;S33 clouds AC controls start timing for the timer of the terminal device.
In addition, after step S33, in addition to:S34 judges whether timer expires;If so, jump to step S35; S35 removes the terminal device from interim blacklist;S36 feeds back to wireless aps by black list messages are removed, and is moved out black List.
In the present embodiment, after wireless aps judge that terminal device associates repeatedly, blacklist is added into, is sent out simultaneously Send and add black list messages to cloud AC.Cloud AC, which is received, to be added after black list messages, and it is parsed immediately, added The identification information (such as MAC Address) of terminal device in black list messages, and be added into interim blacklist.
Afterwards, the timer for terminal device setting starts timing, until timer expires, is moved out interim black name It is single, while the interim blacklist comprising the Terminal Equipment Identifier information is sent to respective wireless AP, the wireless aps are notified, by terminal Equipment removes blacklist, and hereafter, the terminal device sends association request to the wireless aps, and the wireless aps are no longer refused, after association Certification request is sent to cloud AC, i.e., normal attended operation is recovered to the terminal device.It can be seen that in the present embodiment, simply Forbidden the network connection of a period of time, rather than be permanently set to blacklist, in case terminal device its own system goes out Use during existing problem to user brings inconvenience.In addition, before being managed to terminal device to the timing in cloud AC terminals Device is configured, and each terminal device for adding interim blacklist can be set to the timer of same time, can also be directed to Different terminal equipment sets the timer of special time, is not specifically limited, limits according to the actual requirements, such as sets all terminals Standby timer is set as half an hour etc..
In addition, in cloud AC, when the addition black list messages that cloud AC reception wireless aps are sent, corresponding terminal equipment is parsed Identification information after, judge for the terminal device addition black list messages number, if having exceeded preset times, by it Permanent blacklist is added, otherwise adds interim blacklist.Specifically preset times here are set according to actual conditions, such as will It is set as that 5 is inferior.
Above-mentioned embodiment is improved to obtain present embodiment, as shown in figure 3, in the present embodiment, terminal is set Standby management method includes:S10 judges whether the number of same terminal device association in preset time period exceedes correlation threshold;If It is to jump to step S20;The terminal device is added blacklist by S20;S30 sends the addition blacklist for the terminal device Message is added into interim blacklist to cloud AC;S40 clouds AC determines whether that other wireless aps receive the terminal device Probe request;If so, jump to step S50;S50 clouds AC feeds back the interim blacklist comprising the Terminal Equipment Identifier information To all wireless aps that can receive probe request, blacklist is added into.
In the present embodiment, after WAP judges that terminal device associates repeatedly, blacklist is added into, together When send and add black list messages to cloud AC.Cloud AC, which is received, to be added after black list messages, and it is parsed immediately, obtained The identification information (such as MAC Address) of terminal device in black list messages is added, and is added into after interim blacklist.
Belong in the wireless aps with the terminal device to be added to blacklist in other wireless aps of the same area, if can visit The probe request of terminal device transmission is measured, then the wireless aps send a message to cloud AC immediately, and cloud AC receives the message Afterwards, the interim blacklist comprising the Terminal Equipment Identifier information is sent to wireless aps, forbids the terminal device with this wireless aps Association.Specifically, same SSID is set in each wireless aps here, and corresponding connection password is identical, with this, when terminal device frequency Numerous to be associated with one of wireless aps and be added into after blacklist, other wireless aps can be added into black under cloud AC control List, from the attack of the terminal device.
Certainly, if wireless aps are not belonging to the same area, i.e. user's carried terminal equipment with adding the wireless aps of blacklist It is moved in another wireless network region.Now, if the wireless aps can detect the probe request of the terminal device, according to Whether the identification information of the terminal device sends information to cloud AC, and cloud AC receives the message, judge it in interim blacklist In, if so, then sending the interim blacklist for containing the Terminal Equipment Identifier information to the wireless aps, it is added into this black List, refuse the association of the terminal device.
Above-mentioned embodiment is improved to obtain present embodiment, as shown in figure 4, in the present embodiment, terminal is set Standby management method includes:S10 judges whether the number of same terminal device association in preset time period exceedes correlation threshold;If It is to jump to step S20;The terminal device is added blacklist by S20;S30 sends the addition blacklist for the terminal device Message is added into interim blacklist to cloud AC;S60 clouds AC according to certification request judge terminal device to be certified whether In interim blacklist;If so, jump to step S70;S70 clouds AC refuses the certification to the terminal device;S80 clouds AC will be included The interim blacklist of the Terminal Equipment Identifier information feeds back to all wireless aps for sending certification request, is added into blacklist.
In the present embodiment, if the wireless aps that the terminal device is not added to blacklist receive terminal device transmission Association request, receive its association, and certification request is sent to cloud AC.After cloud AC receives the certification request, parse To the identification information of terminal device, and the terminal device is judged whether in interim blacklist, if so, refusal is to the terminal device Certification, and by the interim blacklist comprising the Terminal Equipment Identifier information feed back to send certification request all wireless aps, Be added into blacklist, terminal device is kicked it is offline, in order to avoid terminal device is to these wireless aps malicious attacks.
In one example, in the same area, including wireless aps 1, wireless aps 2 and wireless aps 3, and it is wireless aps 1, wireless AP2 and wireless aps 3 are managed by same cloud AC, all arrange same SSID, and corresponding connection password is also identical.
When wireless aps 1 judge a certain smart mobile phone frequently associate oneself (number associated within 5 minutes reaches 30 times, It is far longer than default correlation threshold 20), blacklist is added into immediately, and is sent addition blacklist for the smart mobile phone and disappeared Cease to cloud AC.
After cloud AC receives the addition black list messages, parsing obtains the MAC Address of smart mobile phone, and is added into and faces When blacklist.
Belong to the same area with wireless aps 1 by wireless aps 2 and wireless aps 3, please in the detection for receiving smart mobile phone transmission After seeking frame, cloud AC is notified.Sending after cloud AC includes the interim blacklist of the smart mobile phone to wireless aps 2 and wireless aps 3, with This, the smart mobile phone equally adds blacklist by wireless aps 2 and wireless aps 3, and disconnects and being associated with smart mobile phone.
Cloud AC provided by the invention schematic diagram is illustrated in figure 5, cloud AC is communicated to connect with multiple wireless aps, it is entered Row management.Specifically, cloud AC100 includes:First memory 110, for storing a plurality of instruction, and a plurality of instruction is applied to the One processor is loaded and performed;First processor 120, for reading the instruction stored in first memory and execution.In one kind In embodiment, a plurality of instruction includes:
Receive the addition black list messages that wireless aps are sent;
Parsing adds black list messages and obtains the identification information of terminal device, is added into according to the identification information interim black List;
Start timing for the timer of the terminal device.
Specifically, after instructing the timer for the terminal device to start timing, in addition to:
Judge whether timer expires;If so,
The terminal device is removed from interim blacklist;
Black list messages will be removed and feed back to wireless aps, be moved out blacklist.
In the present embodiment, after wireless aps judge that terminal device associates repeatedly, blacklist is added into, is sent out simultaneously Send and add black list messages to cloud AC.Cloud AC, which is received, to be added after black list messages, and it is parsed immediately, added The identification information (such as MAC Address) of terminal device in black list messages, and be added into interim blacklist.
Afterwards, the timer for terminal device setting starts timing, until timer expires, is moved out interim black name It is single, while the interim blacklist comprising the Terminal Equipment Identifier information is sent to respective wireless AP, the wireless aps are notified, by terminal Equipment removes blacklist, and hereafter, the terminal device sends association request to the wireless aps, and the wireless aps are no longer refused, after association Certification request is sent to cloud AC, i.e., normal attended operation is recovered to the terminal device.It can be seen that in the present embodiment, simply Forbidden the network connection of a period of time, rather than be permanently set to blacklist, in case terminal device its own system goes out Use during existing problem to user brings inconvenience.
Above-mentioned embodiment is improved, in the present embodiment, in a plurality of instruction, above-mentioned instruction is according to the mark Information is added into after interim blacklist, in addition to:
Determine whether that other wireless aps receive the probe request of the terminal device;If so,
Interim blacklist comprising the Terminal Equipment Identifier information is fed back to being whether there is for probe request can be received Line AP, is added into blacklist.
In the present embodiment, after WAP judges that terminal device associates repeatedly, blacklist is added into, together When send and add black list messages to cloud AC.Cloud AC, which is received, to be added after black list messages, and it is parsed immediately, obtained The identification information (such as MAC Address) of terminal device in black list messages is added, and is added into after interim blacklist.
Belong in the wireless aps with the terminal device to be added to blacklist in other wireless aps of the same area, if can visit The probe request of terminal device transmission is measured, then the wireless aps send a message to cloud AC immediately, and cloud AC receives the message Afterwards, the interim blacklist comprising the Terminal Equipment Identifier information is sent to wireless aps, forbids the terminal device with this wireless aps Association.Specifically, same SSID is set in each wireless aps here, and corresponding connection password is identical, with this, when terminal device frequency Numerous to be associated with one of wireless aps and be added into after blacklist, other wireless aps can be added into black under cloud AC control List, from the attack of the terminal device.
Certainly, if wireless aps are not belonging to the same area, i.e. user's carried terminal equipment with adding the wireless aps of blacklist It is moved in another wireless network region.Now, if the wireless aps can detect the probe request of the terminal device, according to Whether the identification information of the terminal device sends information to cloud AC, and cloud AC receives the message, judge it in interim blacklist In, if so, then sending the interim blacklist for containing the Terminal Equipment Identifier information to the wireless aps, it is added into this black List, refuse the association of the terminal device.
Above-mentioned embodiment is improved, in the present embodiment, in a plurality of instruction, above-mentioned instruction is according to the mark Information is added into after interim blacklist, in addition to:
The certification request that wireless aps are sent is received, certification request is after terminal device associates wireless aps, to be sent by wireless aps To cloud AC;
Judge terminal device to be certified whether in interim blacklist according to certification request;If so,
Refuse the certification to the terminal device;
Interim blacklist comprising the Terminal Equipment Identifier information is fed back to all wireless aps for sending certification request, will It adds blacklist.
In the present embodiment, if the wireless aps that the terminal device is not added to blacklist receive terminal device transmission Association request, receive its association, and certification request is sent to cloud AC.After cloud AC receives the certification request, parse To the identification information of terminal device, and the terminal device is judged whether in interim blacklist, if so, refusal is to the terminal device Certification, and by the interim blacklist comprising the Terminal Equipment Identifier information feed back to send certification request all wireless aps, Be added into blacklist, terminal device is kicked it is offline, in order to avoid terminal device is to these wireless aps malicious attacks.
Wireless aps schematic diagram provided by the invention is illustrated in figure 6, it can be seen that being wrapped in the wireless aps 200 Include:Second memory 210, for storing a plurality of instruction, and a plurality of instruction is loaded and performed suitable for second processor;At second Device 220 is managed, for reading the instruction stored in second memory and execution, a plurality of instruction includes:
Judge whether the number of same terminal device association in preset time period exceedes correlation threshold;If so,
The terminal device is added into blacklist;
The addition black list messages for the terminal device are sent to cloud AC.
In addition, a plurality of instruction also includes:
The interim blacklist for including the Terminal Equipment Identifier information of cloud AC feedbacks is received, corresponding terminal device is added Blacklist;And/or receive cloud AC feedbacks and remove black list messages, corresponding terminal equipment is removed into blacklist.
In the present embodiment, in wireless aps, the number that terminal device associates repeatedly in preset time period is counted, specifically Here association refers to repeatedly:Terminal device sends association request to wireless aps, and after being successfully associated, wireless aps send certification request to cloud AC carries out authentication, after certification success, intermittent line when of short duration, then associates, operates repeatedly again.
After counting the number associated repeatedly, it is compared with default correlation threshold, if the number of association More than correlation threshold, blacklist is added into immediately, while sends and adds black list messages to cloud AC, with this cloud AC according to this Black list messages are added into blacklist;Otherwise do not process.Hereafter, if the terminal device sends association request to the nothing again Line access point, the WAP first determines whether the terminal device whether in blacklist, if so, refusing the pass of the terminal device Connection request;Otherwise the terminal device is associated, and sends ID authentication request to cloud AC.Specifically correlation threshold here and it is default when Between section set according to actual conditions, be not specifically limited in the present embodiment, such as in one example, by preset time period It is set as 5 minutes, correlation threshold is set as 20 times;And for example, preset time period is set as 2 minutes, correlation threshold is set It is inferior for 10.
In one example, wireless aps 1 and wireless aps 4 belong to different zones, still, are managed by same cloud AC, all arranged Same SSID, corresponding connection password are also identical.
When wireless aps 1 judge a certain smart mobile phone frequently associate oneself (number associated within 5 minutes reaches 30 times, It is far longer than default correlation threshold 20), blacklist is added into immediately, and is sent addition blacklist for the smart mobile phone and disappeared Cease to cloud AC.
After cloud AC receives the addition black list messages, parsing obtains the MAC Address of smart mobile phone, and judges for being somebody's turn to do The number for the addition black list messages that smart mobile phone receives, if now judging, the number is more than preset times, is added into Permanent blacklist, it will not now, in cloud AC be directed to smart mobile phone setting timer.
After wireless aps 4 receive the association request of the smart mobile phone and are associated, certification message is sent to cloud AC. Cloud AC judges it in permanent blacklist according to the MAC Address of the smart mobile phone, and send includes the permanent of the smart mobile phone immediately Blacklist is to wireless aps 4, and with this, the smart mobile phone is equally added blacklist by wireless aps 4, and disconnects the pass with smart mobile phone Connection.
It should be noted that above-described embodiment can independent assortment as needed.Described above is only the preferred of the present invention Embodiment, it is noted that for those skilled in the art, do not departing from the premise of the principle of the invention Under, some improvements and modifications can also be made, these improvements and modifications also should be regarded as protection scope of the present invention.

Claims (11)

1. a kind of terminal equipment managing method, it is characterised in that applied to WAP, in the terminal equipment managing method Including:
Judge whether the number of same terminal device association in preset time period exceedes correlation threshold;If so,
The terminal device is added into blacklist;
The addition black list messages for the terminal device are sent to cloud controller, are added into interim blacklist.
2. terminal equipment managing method according to claim 1, it is characterised in that be directed to the terminal device in the transmission Black list messages to cloud controller, be added into interim blacklist, including:
Cloud controller receives the addition black list messages that WAP is sent;
Cloud controller parsing adds black list messages and obtains the identification information of terminal device, is added into and faced according to the identification information When blacklist;
Cloud controller control starts timing for the timer of the terminal device.
3. terminal equipment managing method according to claim 2, it is characterised in that in cloud controller control for being somebody's turn to do After the timer of terminal device starts timing, in addition to:
Judge whether timer expires;If so,
The terminal device is removed from interim blacklist;
Black list messages will be removed and feed back to WAP, be moved out blacklist.
4. according to the terminal equipment managing method described in claim 1-3 any one, it is characterised in that be directed in the transmission The addition black list messages of the terminal device are added into after interim blacklist to cloud controller, in addition to:
Cloud controller determines whether that other WAPs receive the probe request of the terminal device;If so,
Cloud controller feeds back to the interim blacklist comprising the Terminal Equipment Identifier information institute that can receive probe request There is WAP, be added into blacklist.
5. according to the terminal equipment managing method described in claim 1-3 any one, it is characterised in that be directed in the transmission The addition black list messages of the terminal device are added into after interim blacklist to cloud controller, in addition to:
Cloud controller receives the certification request that WAP is sent, and the certification request is that terminal device associates WAP Afterwards, sent by WAP to cloud controller;
Whether cloud controller judges terminal device to be certified in interim blacklist according to certification request;If so,
Cloud controller refuses the certification to the terminal device;
Cloud controller, which feeds back to the interim blacklist comprising the Terminal Equipment Identifier information, sends all wireless of certification request Access point, it is added into blacklist.
6. a kind of cloud controller, it is characterised in that the cloud controller includes:
First memory, for storing a plurality of instruction, and a plurality of instruction is loaded and performed suitable for first processor;
First processor, for reading the instruction stored in first memory and execution, a plurality of instruction includes:
Receive the addition black list messages that WAP is sent;
Parse the addition black list messages and obtain the identification information of terminal device, be added into according to the identification information interim black List;
Start timing for the timer of the terminal device.
7. cloud controller as claimed in claim 6, it is characterised in that start to count for the timer of the terminal device in instruction When after, in addition to:
Judge whether timer expires;If so,
The terminal device is removed from interim blacklist;
Black list messages will be removed and feed back to WAP, be moved out blacklist.
8. cloud controller as claimed in claims 6 or 7, it is characterised in that be added into and faced according to the identification information in instruction When blacklist after, in addition to:
Determine whether that other WAPs receive the probe request of the terminal device;If so,
Interim blacklist comprising the Terminal Equipment Identifier information, which is fed back to, which can receive all of probe request, wirelessly connects Access point, it is added into blacklist.
9. cloud controller as claimed in claims 6 or 7, it is characterised in that be added into and faced according to the identification information in instruction When blacklist after, in addition to:
The certification request that WAP is sent is received, the certification request is after terminal device associates WAP, by nothing Line access point is sent to cloud controller;
Judge terminal device to be certified whether in interim blacklist according to certification request;If so,
Refuse the certification to the terminal device;
Interim blacklist comprising the Terminal Equipment Identifier information is fed back to all WAPs for sending certification request, will It adds blacklist.
10. a kind of WAP, it is characterised in that the WAP includes:
Second memory, for storing a plurality of instruction, and a plurality of instruction is loaded and performed suitable for second processor;
Second processor, for reading the instruction stored in second memory and execution, a plurality of instruction includes:
Judge whether the number of same terminal device association in preset time period exceedes correlation threshold;If so,
The terminal device is added into blacklist;
The addition black list messages for the terminal device are sent to cloud controller.
11. WAP as claimed in claim 10, it is characterised in that a plurality of instruction also includes:
The interim blacklist for including the Terminal Equipment Identifier information of cloud controller feedback is received, corresponding terminal equipment is added black List;And/or
Receive cloud controller feedback and remove black list messages, corresponding terminal equipment is removed into blacklist.
CN201710455162.8A 2017-06-16 2017-06-16 A kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP Pending CN107360574A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710455162.8A CN107360574A (en) 2017-06-16 2017-06-16 A kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710455162.8A CN107360574A (en) 2017-06-16 2017-06-16 A kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP

Publications (1)

Publication Number Publication Date
CN107360574A true CN107360574A (en) 2017-11-17

Family

ID=60272930

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710455162.8A Pending CN107360574A (en) 2017-06-16 2017-06-16 A kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP

Country Status (1)

Country Link
CN (1) CN107360574A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108990156A (en) * 2018-06-29 2018-12-11 努比亚技术有限公司 A kind of Wireless LAN communication method, terminal and computer readable storage medium
CN110266728A (en) * 2019-07-17 2019-09-20 杨鲲 Prevention-Security and method for detecting abnormality, apparatus and system based on MQTT message queue

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7854001B1 (en) * 2007-06-29 2010-12-14 Trend Micro Incorporated Aggregation-based phishing site detection
WO2014040292A1 (en) * 2012-09-17 2014-03-20 华为技术有限公司 Protection method and device against attacks
CN104333863A (en) * 2014-10-20 2015-02-04 小米科技有限责任公司 Connection management method, device and electronic equipment
CN105142146A (en) * 2015-09-24 2015-12-09 上海斐讯数据通信技术有限公司 Authentication method of WIFI hotspot access, device and system
CN105472610A (en) * 2015-11-20 2016-04-06 上海斐讯数据通信技术有限公司 Logging-in management method and apparatus of wireless router

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7854001B1 (en) * 2007-06-29 2010-12-14 Trend Micro Incorporated Aggregation-based phishing site detection
WO2014040292A1 (en) * 2012-09-17 2014-03-20 华为技术有限公司 Protection method and device against attacks
CN104333863A (en) * 2014-10-20 2015-02-04 小米科技有限责任公司 Connection management method, device and electronic equipment
CN105142146A (en) * 2015-09-24 2015-12-09 上海斐讯数据通信技术有限公司 Authentication method of WIFI hotspot access, device and system
CN105472610A (en) * 2015-11-20 2016-04-06 上海斐讯数据通信技术有限公司 Logging-in management method and apparatus of wireless router

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108990156A (en) * 2018-06-29 2018-12-11 努比亚技术有限公司 A kind of Wireless LAN communication method, terminal and computer readable storage medium
CN110266728A (en) * 2019-07-17 2019-09-20 杨鲲 Prevention-Security and method for detecting abnormality, apparatus and system based on MQTT message queue
CN110266728B (en) * 2019-07-17 2022-03-08 杨鲲 MQTT message queue-based security defense and anomaly detection method, device and system

Similar Documents

Publication Publication Date Title
EP3691209B1 (en) Traffic processing method and user plane apparatus
CN103997768B (en) A kind of method and device for preventing from accessing invalid Wi Fi focuses
CN103262625B (en) For the IP-based paging of DSDS
CN104333863B (en) Connection management method and device, electronic equipment
EP3166349A1 (en) Internet access traffic sharing method, device and terminal
EP3300408A1 (en) Secure method for mtc device triggering
US20180048633A1 (en) Perception-free authentication method and system, and control method and system based on the same
US20160095022A1 (en) Method, apparatus, and system for connecting to network
US9949116B2 (en) Method and apparatus for establishing SSID-based connection between terminal device and gateway device
JP2006197137A (en) Data communication regulating method of fixed rate system user, data communication regulation controller and portable terminal
CN105340212A (en) Methods and apparatus for generating keys in device-to-device communications
EP2739113A1 (en) Method and device for managing pdn connection
US20120202492A1 (en) Method and apparatus for enabling identification of a rejecting network in connection with registration area updating
EP3972332A1 (en) Congestion control method and device
KR102262146B1 (en) Information processing method, apparatus, computer readable storage medium and electronic device
CN113055972B (en) Session processing method in wireless communication and terminal equipment
CN105122930A (en) Method and apparatus for setting up/releasing radio resource control connection between evolved node b and user equipment in communication system
CN104219690A (en) Measuring controlling method of inter-system neighbor relation and base station
CN107659999A (en) WIFI connection methods and equipment
CN107124744B (en) Network switching method and wireless access point
CN107360574A (en) A kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP
CN104955136A (en) Terminal management apparatus, terminal, communication system, terminal management method, and program
WO2016184064A1 (en) Access control method and device for emergency communication network
CN117641327A (en) Network connection method, electronic device, and computer-readable storage medium
JP2022174023A (en) Network slice admission control (nsac) discovery and roaming enhancement

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20171117