Embodiment
In one embodiment, as shown in figure 1, a kind of cable data identification authentication method, comprises the following steps:
Step S110:Obtain wired differentiation push Portal demands.
Step S120:The default corresponding relation selection pair of Portal demands and predetermined threshold value is pushed according to wired differentiation
The pre-configured pattern answered, corresponding pre-configured pattern include pre-configured port mode and pre-configured network pattern.Specifically, at this
In embodiment, step S120 includes:When wired differentiation push Portal demands are less than predetermined threshold value, pre-configured end is selected
Mouth mold formula;When wired differentiation push Portal demands are more than or equal to predetermined threshold value, pre-configured network pattern is selected.
Specifically, predetermined threshold value can be set according to specific needs, and pre-configured port mode is binding any user end
Mouth is wire user port, according to the push needs of reality, is corresponding with line user end mouth and configures corresponding Portal pushing certifications
Template;Pre-configured network pattern is that any network segment of binding is wire user network, according to the push needs of reality, corresponding wired use
The corresponding Portal pushing certifications template of family network configuration.
Step S130:When selection pre-configured pattern for pre-configured port mode when, according to default port data and
One authentication data carries out data identification and Portal authentication processings to the message of reception.In the present embodiment, step S130 includes
Step 132 and step 134.
Step 132:When the message of reception is uplink data messages, when the pre-configured pattern of selection is pre-configured port mould
During formula, data identification and Portal are carried out to the uplink data messages of reception according to default port data and the first authentication data
Authentication processing.In the present embodiment, step 132 includes step 1322 to step 1326.
Step 1322:Uplink data messages are received, are judged according to default port data when transmission uplink data messages
Whether port is pre-configured wire user port.
Specifically, default port data includes port type and IP acquisition modes etc., and port type can be according to specific
Need specifically to be set, in the present embodiment, port type is that pre-configured wire user port and CAPWAP ports, IP are obtained
It is to obtain and do not obtained by DHCP modes by DHCP modes to take mode, and IP herein refers to the source IP or purpose IP of message.
Step 1324:When the port for sending uplink data messages is pre-configured wire user port, line number in judgement
Whether obtained according to the source IP of message by DHCP modes.
Specifically, step 1324 also includes:When the port for sending uplink data messages is not pre-configured wire user end
Mouthful when, according to default port data judge transmission uplink data messages port whether be
CAPWAP ports;If so, then uplink data messages are handled according to CAPWAP message handling process;If it is not,
Then uplink data messages are abandoned.Wherein, CAPWAP ports are wireless user port.
Step 1326:If so, then when judging user by Portal certifications according to the first authentication data, by upstream data
Message is let pass to network, and when judging user not by Portal certifications according to default authentication data, by uplink data messages
Send to user management process, user management process is according to the Portal templates of pre-configured wire user port binding to correspondingly
User sends redirection message.
Specifically, user refers to user corresponding to port, and the first authentication data includes user profile, specifically includes each user
Whether also included by Portal authentication datas, step 1326:When the source IP of uplink data messages is obtained by DHCP modes
When taking, uplink data messages are abandoned.
Specifically, as shown in Fig. 2 the present invention be existing AC (Wireless Access Point Controller,
That is wireless controller) on transformed, realize the same management and certification of wire user, wireless user data, as shown in Fig. 2
When AC ports receive uplink data messages, whether the port for first determining whether to send uplink data messages is pre-configured wired use
Family port, if not then further determining whether it is CAPWAP (Control And Provisioning of Wireless
Access Points Protocol Specification, mean control and the configuration protocol of WAP) port, if
It is that CAPWAP ports are then handled uplink data messages according to CAPWAP message handling process, otherwise abandons the upstream data
Message;If the port for sending uplink data messages is pre-configured wire user port, the upstream data is determined whether
Whether message source IP is by DHCP (Dynamic Host Configuration Protocol, DHCP)
Mode obtains, and if not disabled user is then considered, directly abandons uplink data messages;If obtained by DHCP modes
, it is believed that it is validated user, then whether the user is further judged by Portal certifications by look-up table, if so, then direct
Let pass to Internet, otherwise send the uplink data messages to user management process, user management process is according to pre-configured
Wire user port binding Portal certifications template send redirection message give the wire user.
Specifically, Portal certifications are a kind of authentication modes, and the form of expression of the first authentication data is the first storage form,
Specific manifestation form is not unique, and AC judges whether have corresponding to the User IP in database when receiving the message of user
User profile, (there is no the user profile in the i.e. first storage form) if not, then learn the user profile, the user profile is defeated
Enter in the first storage form and obtain the first authentication data, if (having the user profile in the i.e. first storage form), according to first
Authentication data judges that the user whether by Portal certifications, that is, judges whether the user can be by tabling look-up by Portal certifications
Method is inquired about, if correspond to the presentation of information Portal certifications of user in the first storage form by, directly clearance to network,
If without Portal certifications by pushing Portal certification templates to corresponding user, can just be put after Portal certifications
Row is to network, and further, default port data can build table storage in advance, when receiving data message, by the letter in message
The various information that breath can determine whether to judge in data process method by look-up table inquiry contrast, for example send uplink data messages
Port whether be pre-configured wire user port, uplink data messages source IP whether be to be obtained by DHCP modes etc..
Step 134:When the message of reception is downlink data message, when the pre-configured pattern of selection is pre-configured port mould
During formula, data identification is carried out to the downlink data message of reception according to default port data.In the present embodiment, step 134
Including step 1342 and step 1344.
Step 1342:Downlink data message is received, the purpose road of downlink data message is judged according to default port data
Whether it is pre-configured wire user port by port.
Step 1344:When the purpose routed port of downlink data message is pre-configured wire user port, mesh is judged
IP whether be wire user;If so, by downlink data message routing forwarding to wire user;If it is not, then by downlink data report
Text abandons.
Specifically, step 1344 also includes:When the purpose routed port of downlink data message is not pre-configured wired use
During the port of family, whether the purpose routed port for judging downlink data message is CAPWAP ports;If so, then according to CAPWAP message
Handling process is handled downlink data message;If it is not, then downlink data message is entered according to non-user Message processing flow
Row processing.
Specifically, as shown in figure 3, when AC receives downlink data message, the purpose route end of downlink data message is judged
Whether mouth is pre-configured wire user port, if whether pre-configured wire user port, determine whether purpose IP
For wire user, the data if wire user is then let pass, the downlink data message is otherwise abandoned;Have if not pre-configured
Line user end mouth, further determine whether as CAPWAP ports, if it is according to CAPWAP message handling process to lower line number
Handled according to message, otherwise downlink data message is handled according to non-user Message processing flow.
Step S140:When selection pre-configured pattern for pre-configured network pattern when, according to default network segment data and
Two authentication datas carry out data identification and Portal authentication processings to the message of reception.In the present embodiment, step S140 includes
Step 142 and step 144.
Step 142:When the message of reception is uplink data messages, when the pre-configured pattern of selection is pre-configured network mould
During formula, data identification and Portal are carried out to the uplink data messages of reception according to default network segment data and the second authentication data
Authentication processing.In the present embodiment, step 142 includes step 1422 to step 1426.
Step 1422:Uplink data messages are received, whether judge uplink data messages source IP according to default network segment data
In pre-configured wired segment.
Specifically, default network segment data include default network segment type, IP acquisition modes and user type, default net
Segment type includes pre-configured wired segment and the CAPWAP network segments, and IP acquisition modes are to be obtained and do not passed through by DHCP modes
DHCP modes obtain, and user type includes wire user and wireless user.
Step 1424:When uplink data messages source IP is in pre-configured wired segment, uplink data messages source is judged
Whether IP is obtained by DHCP modes.
Specifically, step 1424 also includes:When uplink data messages source IP is not in pre-configured wired segment, judge
Uplink data messages source IP whether the CAPWAP network segments;If so, then uplink data messages are entered according to CAPWAP message handling process
Row processing;If it is not, then uplink data messages are abandoned.
Step 1426:If so, then when judging uplink data messages by Portal certifications according to the second authentication data, will
Uplink data messages are let pass to network;If by Portal certifications, uplink data messages are not sent to use for uplink data messages
Family managing process, user management process send to corresponding user according to the Portal templates that pre-configured wired segment is bound and reset
To message.
Specifically, the second authentication data includes each network segment user profile, specifically includes whether each network user passes through
Portal authentication datas;Step 1426 also includes:, will be upper when the source IP of uplink data messages is obtained by DHCP modes
Row data packet loss.
Further, the form of expression of the second authentication data is the second storage form, and specific manifestation form is not unique, AC
When receiving the message of each network segment user, judge whether there is user profile corresponding to the network segment User IP in database, if not
(not having the user profile in the i.e. second storage form), then learn the user profile, the user profile inputted into the second storage table
The second authentication data is obtained in lattice, if (having the user profile in the i.e. second storage form), judges according to the second authentication data
Whether network segment user is by Portal certifications, if corresponding to the presentation of information Portal certifications of user in the second storage form
By then directly letting pass to network, if without Portal certifications by pushing Portal certification templates, warp to corresponding user
Crossing after Portal certifications can just let pass to network.Further, the second storage form and the first storage form can be same
Two parts in individual form, or independent two forms.
As shown in figure 4, when AC is configured to network mode and receives uplink data messages, uplink data messages are first determined whether
Whether source IP is in pre-configured wired segment, is further determined whether if pre-configured wired segment is not belonging to
In the CAPWAP network segments, if in the CAPWAP network segments, uplink data messages are handled according to CAPWAP message handling process,
If not abandoning the uplink data messages if the CAPWAP network segments, if belonging to pre-configured wired segment, judge the IP whether be
Obtained from AC by DHCP modes, if not disabled user is then considered, directly abandon the uplink data messages, if it is
The user is determined whether by Portal certifications, if by Portal certifications, directly should for certification user
Uplink data messages are let pass, and are otherwise sent the uplink data messages to user management process, user management process is according to prewired
The Portal certifications template for the wired segment binding put sends corresponding redirection message to user.
Step 144:When the message of reception is downlink data message, when the pre-configured pattern of selection is pre-configured network mould
During formula, data identification is carried out to the downlink data message of reception according to default network segment data.In the present embodiment, step 144
Including step 1442 and step 1444.
Step 1442:Downlink data message is received, the purpose IP of downlink data message is judged according to default network segment data
Whether in pre-configured wired segment.
Step 1444:When the purpose IP of downlink data message is in pre-configured wired segment, downlink data report is judged
Whether the IP of text is obtained by DHCP modes;If so, downlink data message is sent to corresponding wire user;Otherwise under abandoning
Row data message.
Specifically, step 1444 also includes:When the purpose IP of downlink data message is not in pre-configured wired segment,
Judge the purpose IP of downlink data message whether in the CAPWAP network segments;If so, then according to CAPWAP message handling process under
Row data message is handled;If it is not, then downlink data message is handled according to non-user Message processing flow.
Specifically, as shown in figure 5, when AC is configured to network mode and receives downlink data message, downlink data report is judged
Whether whether literary purpose IP, if in the network segment, determine whether the IP by DHCP side in pre-configured wired segment
Formula obtains, if being obtained by DHCP modes, then downlink data message directly is sent into wire user, otherwise that this is descending
Data message directly abandons;If downlink data message purpose IP determines whether purpose IP not in the pre-configured network segment
Whether it is the CAPWAP ports network segment, if it is downlink data message is handled according to CAPWAP message handling process, such as
Fruit is not then by non-user Message processing.
Specifically, Fig. 2, Fig. 3, Fig. 4 and Fig. 5 are a kind of data message handling process of embodiment, if selection
Pre-configured port mode, can first be judged to send the port of uplink data messages or lower line number according to default port data
Whether it is pre-configured wire user port according to the purpose routed port of message, if it is not, then judging to send uplink data messages
Port or downlink data message purpose routed port whether be CAPWAP interfaces or first according to default port
Data judge whether the port of transmission uplink data messages or the purpose routed port of downlink data message are CAPWAP interfaces,
If it is not, then judge to send whether the port of uplink data messages or the purpose routed port of downlink data message are pre-configured
Wire user port, then carry out subsequent treatment;Similarly, can be first according to default if the pre-configured network pattern of selection
Network segment data judge whether send the source IP of uplink data messages or the purpose IP of downlink data message has in pre-configured
In gauze section, if it is not, whether the source IP for then judging to send uplink data messages is in the CAPWAP network segments or downlink data message
Purpose routed port whether be CAPWAP interfaces or first according to default port data judge send upstream data report
Whether the port of text or the purpose IP network section of downlink data message are the CAPWAP ports network segment, if it is not, then judging to send
Whether the purpose IP of row data message source IP or downlink data message is in the pre-configured network segment, then carries out subsequent treatment.
Specifically, using pre-configured network and the method for port, there is provided both of which realizes effective knowledge to wire user
Not, the particularly method of pre-configured network, it is possible to achieve to the push Portal more to become more meticulous of wire user.
Above-mentioned cable data identification authentication method, is transformed existing AC, is pushed by obtaining wired differentiation
Portal demands, according to corresponding to the default corresponding relation selection of wired differentiation push Portal demands and predetermined threshold value
Pre-configured pattern, corresponding provisioning module include pre-configured port mode and pre-configured network pattern, pre-configured when selection
When pattern is pre-configured port mode, data knowledge is carried out to the message of reception according to default port data and the first authentication data
Not and Portal authentication processings, when selection pre-configured pattern for pre-configured network pattern when, according to default network segment data with
Second authentication data carries out data identification and Portal authentication processings to the message of reception, and Portal is pushed according to wired differentiation
Pre-configured pattern corresponding to demand selection, according to default port data, the first authentication data or default network segment data, the
Two authentication datas carry out alignment processing to the message of reception, can effectively, conveniently by way of Configuration network pattern, port mode
Identification cable data, in order to the unified management of wired, wireless authentication user data, effectively solve numerous network applications
Scene is wired, wireless terminal user unified management, certification the problems such as, conveniently accomplish unified management, certification is wired and wireless user
Data, improve the convenience being managed collectively to user data.
In one embodiment, as shown in fig. 6, a kind of cable data identifies Verification System, including data acquisition module
110th, pre-configured mode selection module 120, port mode data message processing module 130 and network mode data message processing mould
Block 140.
In one embodiment, data acquisition module 110 is used to obtain wired differentiation push Portal demands.
In one embodiment, pre-configured mode selection module 120, for pushing Portal demands according to wired differentiation
Pre-configured pattern corresponding to first default corresponding relation selection of amount and predetermined threshold value, corresponding pre-configured pattern includes pre-configured
Port mode and pre-configured network pattern.In the present embodiment, pre-configured mode selection module 120 is included when wired differentiation pushes away
When sending the Portal demands to be less than predetermined threshold value, pre-configured port mode is selected;When wired differentiation pushes Portal demands
During more than or equal to predetermined threshold value, pre-configured network pattern is selected.
In one embodiment, port mode data message processing module 130 is used for when the pre-configured pattern of selection is pre-
When configuring port mode, the message of reception is carried out according to default port data and the first authentication data data identification and
Portal authentication processings.In the present embodiment, port mode data message processing module 130 is included at the first uplink data messages
Manage unit and first downstream data message process unit.
First uplink data messages processing unit is used for when the message of reception is uplink data messages, prewired when selection
When to put pattern be pre-configured port mode, the uplink data messages according to default port data and the first authentication data to reception
Carry out data identification and Portal authentication processings.In the present embodiment, the first uplink data messages processing unit includes the first use
Family port type judging unit, source IP acquisition modes judging unit and the first certification pass through judging unit.
First user port type judging unit is used to receive uplink data messages, judges to work as according to default port data
Whether the port for sending uplink data messages is pre-configured wire user port.
First source IP acquisition modes judging unit is used for when the port for sending uplink data messages is pre-configured wired use
During the port of family, judge whether the source IP of uplink data messages is obtained by DHCP modes.
Specifically, the first source IP acquisition modes judging unit is additionally operable to when the port for sending uplink data messages is not prewired
Whether it is CAPWAP ends according to the port that default port data judges to send uplink data messages during the wire user port put
Mouthful;If the port for sending uplink data messages is CAPWAP ports, according to CAPWAP message handling process to upstream data report
Text is handled;If it is not, then uplink data messages are abandoned.
The source IP that first certification is used to work as uplink data messages by judging unit is obtained by DHCP modes, and works as root
When judging user by Portal certifications according to the first authentication data, uplink data messages are let pass to network, and when according to default
When authentication data judges user not by Portal certifications, uplink data messages are sent to user management process, user management
Process sends redirection message according to the Portal templates of pre-configured wire user port binding to corresponding user.
Specifically, the first certification is additionally operable to when the source IP for judging uplink data messages is not to pass through DHCP by judging unit
When mode obtains, uplink data messages are abandoned.
First downstream data message process unit is used for when the message of reception is downlink data message, prewired when selection
When to put pattern be pre-configured port mode, the downlink data message received according to default port data carries out data identification.
In the present embodiment, first downstream data processing unit includes the second wire user port judging unit and purpose user type judges
Unit.
Second user port type judging unit is used to receive downlink data message, under being judged according to default port data
Whether the purpose routed port of row data message is pre-configured wire user port.
Purpose user type judging unit is used for when the purpose routed port of downlink data message is pre-configured wired use
During the port of family, judge whether purpose IP is wire user;If purpose IP is wire user, downlink data message routing forwarding is given
Wire user;If purpose IP is not wire user, downlink data message is abandoned.
Specifically, purpose user type judging unit is additionally operable to the purpose routed port when downlink data message not to be prewired
During the wire user port put, whether the purpose routed port for judging downlink data message is CAPWAP ports;If downlink data
The purpose routed port of message is CAPWAP ports, then according to CAPWAP message handling process to downlink data message at
Reason;If the purpose routed port of downlink data message is not CAPWAP ports, according to non-user Message processing flow to descending
Data message is handled.
In one embodiment, network mode data message processing module 140, it is pre- for the pre-configured pattern when selection
During Configuration network pattern, the message of reception is carried out according to default network segment data and the second authentication data data identification and
Portal authentication processings.In the present embodiment, network mode data message processing module 140 is included at the second uplink data messages
Manage unit and second downstream data message process unit.
Second uplink data messages processing unit is used for when the message of reception is uplink data messages, prewired when selection
When to put pattern be pre-configured network pattern, the uplink data messages according to default network segment data and the second authentication data to reception
Carry out data identification and Portal authentication processings.In the present embodiment, the second uplink data messages processing unit includes the first net
Segment type judge module, the second source IP acquisition modes judging unit and the second certification pass through judging unit.
First network segment type judging module is used to receive uplink data messages, judges upper line number according to default network segment data
According to message source IP whether in pre-configured wired segment.
Second source IP acquisition modes judging unit is used for when uplink data messages source IP is in pre-configured wired segment,
Judge whether uplink data messages source IP is obtained by DHCP modes.
Specifically, the second source IP acquisition modes judging unit is additionally operable to when uplink data messages source IP does not have in pre-configured
When in gauze section, judge uplink data messages source IP whether in the CAPWAP network segments;If uplink data messages source IP is in CAPWAP
In the network segment, then uplink data messages are handled according to CAPWAP message handling process;If uplink data messages source IP does not exist
In the CAPWAP network segments, then uplink data messages are abandoned.
If the second certification is used for uplink data messages source IP by judging unit to be obtained by DHCP modes, work as basis
When second authentication data judges uplink data messages by Portal certifications, uplink data messages are let pass to network;It is if up
Data message by Portal certifications, uplink data messages is not sent to user management process, user management process is according to pre-
The Portal templates of the wired segment binding of configuration send redirection message to corresponding user.
Specifically, the second certification is additionally operable to when the source IP for judging uplink data messages is not to pass through DHCP by judging unit
When mode obtains, uplink data messages are abandoned.
Second downstream data message process unit is used for when the message of reception is downlink data message, prewired when selection
When to put pattern be pre-configured network pattern, data identification is carried out to the downlink data message of reception according to default network segment data.
In the present embodiment, second downstream data message process unit includes the second network segment type judging unit and IP acquisition modes judge
Unit.
Second network segment type judging unit is used to receive downlink data message, judges lower line number according to default network segment data
According to the purpose IP of message whether in pre-configured wired segment.
IP acquisition modes judging unit is used for when the purpose IP of downlink data message is in pre-configured wired segment, sentences
Whether the IP of disconnected downlink data message is obtained by DHCP modes, if the IP of downlink data message is obtained by DHCP modes,
Downlink data message is sent to corresponding wire user, otherwise abandons downlink data message.
Specifically, IP acquisition modes judging unit is additionally operable to the purpose IP when downlink data message not pre-configured wired
When in the network segment, judge the purpose IP of downlink data message whether in the CAPWAP network segments;If the purpose IP of downlink data message exists
In the CAPWAP network segments, then downlink data message is handled according to CAPWAP message handling process;If downlink data message
Purpose IP is then handled downlink data message not in the CAPWAP network segments according to non-user Message processing flow.
Above-mentioned cable data identifies Verification System, Portal demands is pushed by obtaining wired differentiation, according to wired
Differentiation pushes pre-configured pattern corresponding to the default corresponding relation selection of Portal demands and predetermined threshold value, corresponding prewired
Putting module includes pre-configured port mode and pre-configured network pattern, when the pre-configured pattern of selection is pre-configured port mode
When, data identification and Portal authentication processings are carried out to the message of reception according to default port data and the first authentication data,
When selection pre-configured pattern for pre-configured network pattern when, according to default network segment data and the second authentication data to reception
Message carries out data identification and Portal authentication processings, prewired according to corresponding to wired differentiation pushes the selection of Portal demands
Pattern is put, according to default port data, the first authentication data or default network segment data, the second authentication data to the report of reception
Text carries out alignment processing, realizes and cable data is identified and Portal certifications, conveniently accomplish unified management, certification it is wired and
Wireless user data, improve the convenience being managed collectively to user data.
Each technical characteristic of embodiment described above can be combined arbitrarily, to make description succinct, not to above-mentioned reality
Apply all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, the scope that this specification is recorded all is considered to be.
Embodiment described above only expresses the several embodiments of the present invention, and its description is more specific and detailed, but simultaneously
Can not therefore it be construed as limiting the scope of the patent.It should be pointed out that come for one of ordinary skill in the art
Say, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the protection of the present invention
Scope.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.