CN108574693A - A kind of access management method and wireless router of wireless router - Google Patents
A kind of access management method and wireless router of wireless router Download PDFInfo
- Publication number
- CN108574693A CN108574693A CN201810342553.3A CN201810342553A CN108574693A CN 108574693 A CN108574693 A CN 108574693A CN 201810342553 A CN201810342553 A CN 201810342553A CN 108574693 A CN108574693 A CN 108574693A
- Authority
- CN
- China
- Prior art keywords
- terminal device
- address
- access
- predeterminable area
- intranet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The invention discloses a kind of access management method of wireless router and wireless router, method includes the following steps:Access terminal equipment is divided in the corresponding predeterminable area of white list by S100 according to default zoning ordinance, and according to preset IP address allocation strategy, and corresponding IP address is distributed to the terminal device in predeterminable area;Each predeterminable area has corresponding access rights;The access website address request of S200 receiving terminal apparatus;It includes IP address and purpose IP address to access website address request;Judge whether the corresponding terminal device of IP address has and accesses the permission that purpose IP address corresponds to network address;If so, the terminal device is allowed to access the corresponding network address of purpose IP address;Otherwise, refusal terminal device accesses the corresponding network address of purpose IP address.The management method of the present invention makes router while opening white list, has the function of guest network, and the access rights by limiting guest network improve internet security to prevent information leakage.
Description
Technical field
The invention belongs to router technology field, more particularly to the access management method of a kind of wireless router and without circuit
By device.
Background technology
White list technology refers to that equipment is directed to user setting list, only when user is added in list, just it is allowed to connect
Enter and service for it, otherwise refusal access, abandons it and ask summed data.By the way that white list is arranged, equipment can improve its access
Safety with service and convenience.
White list technology has been widely used in router now.White list technology is due to being in router device
The attribute of portion's setting, thus it is different from WIFI pin modes, it can not be cracked, and safe coefficient is high.And white list is once
It opens, if distant terminal equipment not in white list, can not surf the Internet knowing wireless cipher.Open white list
Afterwards, only allow particular mac address terminal device surf the Internet, guest network can close, if there is visitor's visiting at this time, general execution with
Lower two kinds of operations:The first is that visitor is added in white list;Second is to close white list, opens and accesses network.The
A kind of operation may cause guest access Intranet, be easy to cause information leakage etc.;Second of operation is the control failure of white list,
Internet security is reduced to a certain extent.Both operations can all cause internet security to reduce, and be easy to cause information leakage.
And visitor terminates after leaving, it is still necessary to remove the equipment from white list manually, increase the complexity of operation.
Invention content
The object of the present invention is to provide a kind of access management method of wireless router and wireless routers, make wireless routing
Device can limit the access rights of terminal device, improve internet security while opening white list.
Technical solution provided by the invention is as follows:
A kind of access management method of wireless router, includes the following steps:
Access terminal equipment is divided in the corresponding predeterminable area of white list by S100 according to default zoning ordinance,
And according to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area;It is each default
Region has corresponding access rights;
S200 receives the access website address request of the terminal device;It includes the IP address and destination IP to access website address request
Address;Judge whether the corresponding terminal device of the IP address has and accesses the permission that the destination IP address corresponds to network address;If
It is that the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse described in the terminal device access
The corresponding network address of purpose IP address.
Further, the step S100 is specifically included:
S110 judges whether the identification information of the terminal device the first preset areas is added according to default zoning ordinance
Domain;If so, executing step S120;Otherwise, step S130 is executed;The terminal device in first predeterminable area, which has, visits
Ask Intranet and the access rights of outer net;
First predeterminable area is added in the identification information of the terminal device by S120, and is distributed to the terminal device
IP address in first predeterminable area;
The second predeterminable area is added in the identification information of the terminal device by S130, and to described in terminal device distribution
IP address in second predeterminable area;The terminal device in second predeterminable area has the access right for accessing outer net
Limit.
Further, the step S200 is specifically included:
S210 receives the Intranet access request of the terminal device;The Intranet access request includes Intranet destination IP
Location;
S220 verifies the IP address of the terminal device whether in first predeterminable area;If so, executing step
S230;Otherwise, step S240 is executed;
S230 allows the terminal device to access the corresponding network address of the Intranet purpose IP address;
S240 refuses the terminal device and accesses the corresponding network address of the Intranet purpose IP address.
Further, further include after the step S200:
S300 obtains the access state information of the terminal device, judges whether the access state information reaches the end
The corresponding default access thresholds of the affiliated predeterminable area of end equipment;If so, executing step S400;
S400 deletes the identification information of the terminal device in the corresponding predeterminable area in white list.
Further, the step S300 includes:
S310 obtains the access state information of the terminal device when the terminal device is located at the second predeterminable area,
Judge whether the access state information reaches the corresponding default access thresholds of second predeterminable area;If so, executing step
S410;
The step S400 includes step:
S410 deletes the identification information of the terminal device in the second predeterminable area described in white list.
The present invention also provides a kind of wireless routers, including:
Processing module, for according to zoning ordinance is preset, it is corresponding pre- that access terminal equipment to be divided to white list
If in region, and according to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area;
Each predeterminable area has corresponding access rights;
Control module, the access website address request for receiving the terminal device;It includes the IP to access website address request
Location and purpose IP address;Judge whether the corresponding terminal device of the IP address there is access the destination IP address to correspond to network address
Permission;If so, the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse the terminal to set
It is standby to access the corresponding network address in the destination IP address.
Further, the processing module includes:
The identification information of the terminal device is added the by judging unit for according to zoning ordinance is preset, judging whether
One predeterminable area, the terminal device in first predeterminable area have the access rights for accessing Intranet and outer net;
First execution unit is used for when the first predeterminable area is added in the identification information of the terminal device by judgement, will
First predeterminable area is added in the identification information of the terminal device, and distributes first preset areas to the terminal device
IP address in domain;
Second execution unit is used for when the first predeterminable area is not added in the identification information of the terminal device by judgement,
The second predeterminable area is added in the identification information of the terminal device, and second predeterminable area is distributed to the terminal device
Interior IP address;The terminal device in second predeterminable area has the access rights for accessing outer net.
Further, the control module includes:
Receiving unit, the Intranet access request for receiving the terminal device;The Intranet access request includes Intranet
Purpose IP address;
Authentication unit, for verifying the IP address of the terminal device whether in first predeterminable area;
Allow unit, for when the IP address for verifying the terminal device is in first predeterminable area, allowing
The terminal device accesses the corresponding network address of IP address of the Intranet;
Refuse unit, for when verifying the IP address of the terminal device not in first predeterminable area, refusing
The terminal device accesses the corresponding network address of IP address of the Intranet.
Further, the wireless router further includes:
Acquisition module, the access state information for obtaining the terminal device;
Judgment module is corresponded to for judging whether the access state information reaches the affiliated predeterminable area of the terminal device
Default access thresholds;
Removing module, for working as the access state information, to reach the affiliated predeterminable area of the terminal device corresponding default
When access thresholds, the identification information of the terminal device in white list in the corresponding predeterminable area is deleted.
Further, the acquisition module is additionally operable to when the terminal device is located at the second predeterminable area, described in acquisition
It is corresponding default to judge whether the access state information reaches second predeterminable area for the access state information of terminal device
Access thresholds;
The removing module is additionally operable to reach the corresponding default visit of second predeterminable area when the access state information
When asking threshold value, the identification information of the terminal device in the second predeterminable area described in white list is deleted.
Compared with prior art, the beneficial effects of the present invention are:Multiple predeterminable areas are provided in white list, often
A predeterminable area has corresponding access rights, by the way that different predeterminable areas is added in terminal device and distributes corresponding preset areas
IP address in domain, when terminal device accesses network address, wireless router determines end by verifying the IP address of terminal device
The access rights of end equipment so that wireless router has the function of guest network while opening white list, passes through restriction
The access rights of guest network improve internet security to prevent information leakage.
Description of the drawings
Below by a manner of clearly understandable, preferred embodiment is described with reference to the drawings, to a kind of above-mentioned characteristic, technology
Feature, advantage and its realization method are further described.
Fig. 1 is a kind of flow diagram of the access management method of wireless router of the embodiment of the present invention one;
Fig. 2 is a kind of flow diagram of the access management method of wireless router of the embodiment of the present invention two;
Fig. 3 is a kind of flow diagram of the access management method of wireless router of the embodiment of the present invention three;
Fig. 4 is a kind of flow diagram of the access management method of wireless router of the embodiment of the present invention four;
Fig. 5 is a kind of structural schematic block diagram of wireless router of the present invention.
Drawing reference numeral explanation:
10, processing module;11, judging unit;12, the first execution unit;13, the second execution unit;20, control module;
21, receiving unit;22, authentication unit;23, allow unit;Refuse unit;30, acquisition module;40, judgment module;50, it deletes
Module.
Specific implementation mode
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, control is illustrated below
The specific implementation mode of the present invention.It should be evident that drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, other are can also be obtained according to these attached drawings
Attached drawing, and obtain other embodiments.
To make simplified form, part related to the present invention is only schematically shown in each figure, they are not represented
Its practical structures as product.In addition, so that simplified form is easy to understand, there is identical structure or function in some figures
Component only symbolically depicts one of those, or has only marked one of those.Herein, "one" is not only indicated
" only this ", can also indicate the situation of " more than one ".
According to first embodiment provided by the invention, as shown in Figure 1,
A kind of access management method of wireless router, includes the following steps:
Access terminal equipment is divided in the corresponding predeterminable area of white list by S100 according to default zoning ordinance,
And according to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area;It is each default
Region has corresponding access rights;
S200 receives the access website address request of the terminal device;It includes the IP address and destination IP to access website address request
Address;Judge whether the corresponding terminal device of the IP address has and accesses the permission that the destination IP address corresponds to network address;If
It is that the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse described in the terminal device access
The corresponding network address of purpose IP address.
Specifically, when work, the function of white name list of wireless router and DHCP are opened, by presetting multiple centres
Value, the IP address interval division by DHCP distribution is multiple predeterminable areas, and sets the access rights of each predeterminable area.When not
When terminal device in white list attempts networking, identification information such as terminal device title and the terminal device of terminal device
MAC Address etc. then appear in and intercept in list, at this point it is possible to which white list is added in terminal device from selection in list is intercepted
The a certain predeterminable area of list, DHCP distribute the IP address in the correspondence predeterminable area to terminal device, and terminal device has at this time
There are the corresponding access rights of the predeterminable area.
When terminal device accesses network address, the access website address request of wireless router receiving terminal apparatus accesses network address and asks
Include the IP address and purpose IP address of terminal device in asking, it is default that wireless router judges which purpose IP address belongs to
Then terminal device is verified whether in the predeterminable area, if so, then proving that terminal is set in region according to the IP address of terminal device
The standby permission that there is the access purpose IP address to correspond to network address, wireless router allow terminal device to access the purpose IP address pair
The network address answered;If not, proving that terminal device does not have accesses the permission that the purpose IP address corresponds to network address, wireless router
Refusal terminal device accesses the corresponding network address of the purpose IP address.
For the present invention since function of white name list is opened, the terminal device of white list, which is only added, could access network, because
This, can be arranged the wireless access point in predeterminable area without password, and terminal device is not necessarily to when connecting wireless router
Password is inputted, the safety that will not reduce wireless router while operation is simplified.
Second embodiment provided by the invention, as shown in Fig. 2,
A kind of access management method of wireless router, includes the following steps:
S110 judges whether the identification information of the terminal device the first preset areas is added according to default zoning ordinance
Domain;If so, executing step S120;Otherwise, step S130 is executed;The terminal device in first predeterminable area, which has, visits
Ask Intranet and the access rights of outer net;
First predeterminable area is added in the identification information of the terminal device by S120, and is distributed to the terminal device
IP address in first predeterminable area;
The second predeterminable area is added in the identification information of the terminal device by S130, and to described in terminal device distribution
IP address in second predeterminable area;The terminal device in second predeterminable area has the access right for accessing outer net
Limit;
S210 receives the Intranet access request of the terminal device;The Intranet access request includes Intranet destination IP
Location;
S220 verifies the IP address of the terminal device whether in first predeterminable area;If so, executing step
S230;Otherwise, step S240 is executed;
S230 allows the terminal device to access the corresponding network address of the Intranet purpose IP address;
S240 refuses the terminal device and accesses the corresponding network address of the Intranet purpose IP address.
As an example, if the IP address range that DHCP is dynamically distributed is [a, b], that is, the network segment distributed is ranging from
192.168.3.a-192.168.3.b, it is divided by preset value d, then [a, a+ (b-a)/d] is the first predeterminable area, [a
+ (b-a)/d, b] it is the second predeterminable area, it, can be pre- to adjust two according to actual conditions by adjusting the size of d values when setting
If the range in region.Then the terminal device being arranged in the first predeterminable area has the access rights for accessing Intranet and outer net, the
One predeterminable area can specialize in household internal personnel use, in addition, finer differentiation can also be made to the Intranet of access, such as
When Intranet is divided into Intranet A and Intranet B, the affiliated person that can limit wireless router is able to access that Intranet A and Intranet B, no circuit
Intranet B can only be accessed by the household of the affiliated person of device, such as Intranet A is the corresponding administration authority net of setting management wireless router
Location;There are the terminal device being arranged in the second predeterminable area the access rights for accessing outer net, the second predeterminable area to make for visitor
With, visitor can be set and there was only the access rights for accessing outer net, without the permission for accessing Intranet, to prevent information leakage,
Visitor can also be set and there was only the permission for accessing outer net and partial target Intranet network address so that outer net can be used normally in visitor
Simultaneously, moreover it is possible to use the permission of part Intranet network address, such as target Intranet network address can be that enterprise, school administration system are corresponding
Intranet network address.
Certainly, finer differentiation can also be made to the outer net of access, such as outer net is divided into target outer net and non-targeted outer
When net, wireless router can limit visitor can only access target outer net, and non-targeted outer net cannot be accessed, such as non-targeted outer
Net can be game network address, video network address and live video network address etc., by the way that target outer net and non-targeted outer net is arranged, and only permit
Perhaps guest access target outer net can reduce the network addiction of visitor, visitor is avoided to indulge in network, with reduce surf time of visitor from
And protect the eyesight of visitor.
If certain router includes n access point, white list can also be divided into n predeterminable area, with public affairs
For department, pass through and n predeterminable area is set so that different departments is added different predeterminable areas, in each predeterminable area
Terminal device has respective access rights, and the terminal device of respective department, which can only access, allows access in respective predeterminable area
Network address, and the network address of other departments cannot be accessed.By the way that predeterminable area is isolated, connect that is, realizing different departments
Connect different wireless signals, to protect each department transmission data safety.
By taking n=3 as an example, the DHCP IP address dynamically distributed is divided into three predeterminable areas, then [a, a+ (b-a)/d1] is
First area, [a+ (b-a)/d1, a+ (b-a)/d2] are second area, and [a+ (b-a)/d2, b] is third region, wherein d1 >
Then d2 is respectively defined the access rights of first area, second area and third region, make first area, the secondth area
Terminal device in domain and third region is respectively provided with corresponding access rights.Herein, second area is equal with third region
In the second predeterminable area of the present invention, the second predeterminable area does not make quantity and range limits, and outer net power is accessed as long as only having
The region of limit is the second predeterminable area of the present invention.
3rd embodiment provided by the invention, as shown in figure 3,
A kind of access management method of wireless router, includes the following steps:
Access terminal equipment is divided in the corresponding predeterminable area of white list by S100 according to default zoning ordinance,
And according to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area;It is each default
Region has corresponding access rights;
S200 receives the access website address request of the terminal device;It includes the IP address and destination IP to access website address request
Address;Judge whether the corresponding terminal device of the IP address has and accesses the permission that the destination IP address corresponds to network address;If
It is that the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse described in the terminal device access
The corresponding network address of purpose IP address.
S300 obtains the access state information of the terminal device, judges whether the access state information reaches the end
The corresponding default access thresholds of the affiliated predeterminable area of end equipment;If so, executing step S400;
S400 deletes the identification information of the terminal device in the corresponding predeterminable area in white list.
Specifically, access thresholds can be set to each predeterminable area, it is regular and wide that timer rule, timer is such as added
Band restrictive rule limits the default access duration of the terminal device in each predeterminable area, default access time section, presets access
Any one or multinomial in consumed flow and default online bandwidth.When default access thresholds are default access duration, such as
When the access duration of fruit terminal device reaches the default access thresholds in affiliated corresponding predeterminable area, wireless router is automatically deleted
The identification information of the terminal device removes the terminal device from the predeterminable area of white list automatically, without manual
The identification information for removing terminal device, simplifies operation;Or when default access thresholds are default access time section, if eventually
When the access time point of end equipment reaches the preset time point in affiliated corresponding predeterminable area, it is default that wireless router deletes this automatically
The identification information of terminal device in region, if the preset time point in a certain predeterminable area is 9 points at night, when the preset areas
The access time point of terminal device in domain reach at night 9 when, wireless router is automatically deleted the terminal in the predeterminable area
The identification information of equipment.When default access thresholds are default access consumed flow, if what the access of terminal device was consumed
When total flow reaches the default access consumed flow in affiliated corresponding predeterminable area, wireless router is automatically deleted the terminal device
Identification information, i.e., the terminal device is removed from the predeterminable area of white list automatically, is set without manually removes terminal
Standby identification information, while simplifying operation, moreover it is possible to avoid the flow that the equipment in wireless router consumes excessive and increase
The campus network of user;When default access thresholds are default online bandwidth, if uplink and downlink data when the access of terminal device
When the occupied online bandwidth of access transport is more than the default online bandwidth in affiliated corresponding predeterminable area, wireless router is automatic
The identification information of the terminal device is deleted, i.e., the terminal device is removed from the predeterminable area of white list automatically, is not necessarily to
The identification information of manually removes terminal device, while simplifying operation, moreover it is possible to avoid the hold facility band in wireless router
Since bandwidth not enough leads to the problem of blocking of surfing the Internet when being wider than the high affiliated person online for leading to wireless router, it is pre- that this can be reduced
If the terminal device in region influences the online bandwidth of the terminal device in other predeterminable areas because occupying more bandwidth, and
When reject the identification information of terminal device in white list in predeterminable area, the net of disconnected end equipment and wireless router
Network connects, and can promote the affiliated person's online experience of router.Each different situations of default access thresholds are only listed above,
Combination does not repeat one by one herein.
Fourth embodiment provided by the invention, as shown in figure 4,
A kind of access management method of wireless router, includes the following steps:
S110 judges whether the identification information of the terminal device the first preset areas is added according to default zoning ordinance
Domain;If so, executing step S120;Otherwise, step S130 is executed;The terminal device in first predeterminable area, which has, visits
Ask Intranet and the access rights of outer net;
First predeterminable area is added in the identification information of the terminal device by S120, and is distributed to the terminal device
IP address in first predeterminable area;
The second predeterminable area is added in the identification information of the terminal device by S130, and to described in terminal device distribution
IP address in second predeterminable area;The terminal device in second predeterminable area has the access right for accessing outer net
Limit.
S210 receives the Intranet access request of the terminal device;The Intranet access request includes Intranet destination IP
Location;
S220 verifies the IP address of the terminal device whether in first predeterminable area;If so, executing step
S230;Otherwise, step S240 is executed;
S230 allows the terminal device to access the corresponding network address of the Intranet purpose IP address;
S240 refuses the terminal device and accesses the corresponding network address of the Intranet purpose IP address;
S310 obtains the access state information of the terminal device when the terminal device is located at the second predeterminable area,
Judge whether the access state information reaches the corresponding default access thresholds of second predeterminable area;If so, executing step
S410;
S410 deletes the identification information of the terminal device in the second predeterminable area described in white list.
Specifically, by presetting access thresholds to the terminal device setting of the second predeterminable area, to limit the second preset areas
Access duration, online bandwidth, access time section and the access consumed flow of terminal device in domain so that in the second predeterminable area
Terminal device online when, occupy the online bandwidth in the first predeterminable area less as possible.Meanwhile when in the second predeterminable area
When the default access thresholds of terminal device accessed in the second predeterminable area of duration or access time section arrival, wireless router is certainly
The dynamic identification information for deleting the terminal device in the second predeterminable area, without being deleted manually so that operation is easier.
5th embodiment provided by the invention, as shown in figure 5,
A kind of wireless router, including processing module 10, for according to zoning ordinance is preset, access terminal equipment to be divided
To the corresponding predeterminable area of white list, and according to preset IP address allocation strategy, to the terminal in the predeterminable area
Equipment distributes corresponding IP address;Each predeterminable area has corresponding access rights;
Control module 20, the access website address request for receiving the terminal device;It includes the IP to access website address request
Address and purpose IP address;Judge whether the corresponding terminal device of the IP address there is access the destination IP address to correspond to net
The permission of location;If so, the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse the terminal
Equipment accesses the corresponding network address in the destination IP address.
Processing module 10 includes:
Judging unit 11, for according to zoning ordinance is preset, judging whether the identification information of terminal device being added first
Predeterminable area, the terminal device in first predeterminable area have the access rights for accessing Intranet and outer net;
First execution unit 12 is used for when the first predeterminable area is added in the identification information of the terminal device by judgement,
First predeterminable area is added in the identification information of the terminal device, and default to terminal device distribution described first
IP address in region;
Second execution unit 13, for the first predeterminable area not being added in the identification information of the terminal device when judgement
When, the second predeterminable area is added in the identification information of the terminal device, and default to terminal device distribution described second
IP address in region;The terminal device in second predeterminable area has the access rights for accessing outer net.
Control module 20 includes:
Receiving unit 21, the Intranet access request for receiving the terminal device;The Intranet access request includes interior
Net purpose IP address;
Authentication unit 22, for verifying the IP address of the terminal device whether in first predeterminable area;
Allow unit 23, for when the IP address for verifying the terminal device is in first predeterminable area, permitting
Perhaps the corresponding network address of IP address that the described terminal device accesses the Intranet;
Refuse unit 24, for when verifying the IP address of the terminal device not in first predeterminable area, refusing
The exhausted terminal device accesses the corresponding network address of IP address of the Intranet.
Preferably, wireless router further includes acquisition module 30, the access state information for obtaining the terminal device;
Acquisition module 30 is additionally operable to obtain the access state letter of the terminal device when the terminal device is located at the second predeterminable area
Breath, judges whether the access state information reaches the corresponding default access thresholds of second predeterminable area;
Wireless router further includes judgment module 40, is set for judging whether the access state information reaches the terminal
The corresponding default access thresholds of standby affiliated predeterminable area;
Wireless router further includes removing module 50, is reached belonging to the terminal device for working as the access state information
When the corresponding default access thresholds of predeterminable area, deletes the terminal in white list in the corresponding predeterminable area and set
Standby identification information;Wherein, the access state information includes accessing duration and/or flowing of access.Removing module 50 is additionally operable to
When the access state information reaches the corresponding default access thresholds of second predeterminable area, institute in white list is deleted
State the identification information of the terminal device in the second predeterminable area.
The concrete mode that modules in the present embodiment execute operation carries out in the embodiment of the method
Detailed description, will be not set forth in detail explanation herein.
It should be noted that above-described embodiment can be freely combined as needed.The above is only the preferred of the present invention
Embodiment, it is noted that for those skilled in the art, in the premise for not departing from the principle of the invention
Under, several improvements and modifications can also be made, these improvements and modifications also should be regarded as protection scope of the present invention.
Claims (10)
1. a kind of access management method of wireless router, which is characterized in that include the following steps:
Access terminal equipment is divided in the corresponding predeterminable area of white list, and root by S100 according to default zoning ordinance
According to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area;Each predeterminable area
With corresponding access rights;
S200 receives the access website address request of the terminal device;It includes the IP address and destination IP to access website address request
Location;Judge whether the corresponding terminal device of the IP address has and accesses the permission that the destination IP address corresponds to network address;If so,
The terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse the terminal device and access the mesh
The corresponding network address of IP address.
2. the access management method of wireless router according to claim 1, which is characterized in that the step S100 is specific
Including:
S110 judges whether the identification information of the terminal device the first predeterminable area is added according to default zoning ordinance;If
It is to execute step S120;Otherwise, step S130 is executed;The terminal device in first predeterminable area has in access
The access rights of net and outer net;
First predeterminable area is added in the identification information of the terminal device by S120, and to described in terminal device distribution
IP address in first predeterminable area;
The second predeterminable area is added in the identification information of the terminal device by S130, and distributes described second to the terminal device
IP address in predeterminable area;The terminal device in second predeterminable area has the access rights for accessing outer net.
3. the access management method of wireless router according to claim 2, which is characterized in that the step S200 is specific
Including:
S210 receives the Intranet access request of the terminal device;The Intranet access request includes Intranet purpose IP address;
S220 verifies the IP address of the terminal device whether in first predeterminable area;If so, executing step S230;It is no
Then, step S240 is executed;
S230 allows the terminal device to access the corresponding network address of the Intranet purpose IP address;
S240 refuses the terminal device and accesses the corresponding network address of the Intranet purpose IP address.
4. according to the access management method of claim 1-3 any one of them wireless routers, which is characterized in that the step
Further include after S200:
S300 obtains the access state information of the terminal device, judges whether the access state information reaches the terminal and set
The corresponding default access thresholds of standby affiliated predeterminable area;If so, executing step S400;
S400 deletes the identification information of the terminal device in the corresponding predeterminable area in white list.
5. the access management method of wireless router according to claim 4, which is characterized in that the step S300 packets
It includes:
S310 obtains the access state information of the terminal device when the terminal device is located at the second predeterminable area, judges
Whether the access state information reaches the corresponding default access thresholds of second predeterminable area;If so, executing step S410;
The step S400 includes step:
S410 deletes the identification information of the terminal device in the second predeterminable area described in white list.
6. a kind of wireless router, which is characterized in that including:
Processing module, for according to zoning ordinance is preset, access terminal equipment to be divided to the corresponding preset areas of white list
In domain, and according to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area;Each
Predeterminable area has corresponding access rights;
Control module, the access website address request for receiving the terminal device;Access website address request include the IP address and
Purpose IP address;Judge whether the corresponding terminal device of the IP address has the power that the destination IP address corresponds to network address that accesses
Limit;If so, the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse the terminal device to visit
Ask the destination IP address corresponding network address.
7. wireless router according to claim 6, which is characterized in that the processing module includes:
The identification information of the terminal device is added first in advance by judging unit for according to zoning ordinance is preset, judging whether
If region, the terminal device in first predeterminable area has the access rights for accessing Intranet and outer net;
First execution unit is used for when the first predeterminable area is added in the identification information of the terminal device by judgement, will be described
First predeterminable area is added in the identification information of terminal device, and is distributed in first predeterminable area to the terminal device
IP address;
Second execution unit is used for when the first predeterminable area is not added in the identification information of the terminal device by judgement, by institute
The second predeterminable area is added in the identification information for stating terminal device, and is distributed in second predeterminable area to the terminal device
IP address;The terminal device in second predeterminable area has the access rights for accessing outer net.
8. wireless router according to claim 7, which is characterized in that the control module includes:
Receiving unit, the Intranet access request for receiving the terminal device;The Intranet access request includes Intranet purpose
IP address;
Authentication unit, for verifying the IP address of the terminal device whether in first predeterminable area;
Allow unit, for when the IP address for verifying the terminal device is in first predeterminable area, described in permission
Terminal device accesses the corresponding network address of IP address of the Intranet;
Refuse unit, is used for when verifying the IP address of the terminal device not in first predeterminable area, described in refusal
Terminal device accesses the corresponding network address of IP address of the Intranet.
9. according to claim 6-8 any one of them wireless routers, which is characterized in that further include:
Acquisition module, the access state information for obtaining the terminal device;
Judgment module, for judging it is corresponding pre- whether the access state information reaches the affiliated predeterminable area of the terminal device
If access thresholds;
Removing module reaches the corresponding default access of the affiliated predeterminable area of the terminal device for working as the access state information
When threshold value, the identification information of the terminal device in white list in the corresponding predeterminable area is deleted.
10. the access management method of wireless router according to claim 9, which is characterized in that
The acquisition module is additionally operable to, when the terminal device is located at the second predeterminable area, obtain the visit of the terminal device
It asks status information, judges whether the access state information reaches the corresponding default access thresholds of second predeterminable area;
The removing module is additionally operable to reach the corresponding default access threshold of second predeterminable area when the access state information
When value, the identification information of the terminal device in the second predeterminable area described in white list is deleted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810342553.3A CN108574693A (en) | 2018-04-17 | 2018-04-17 | A kind of access management method and wireless router of wireless router |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810342553.3A CN108574693A (en) | 2018-04-17 | 2018-04-17 | A kind of access management method and wireless router of wireless router |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108574693A true CN108574693A (en) | 2018-09-25 |
Family
ID=63574971
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810342553.3A Pending CN108574693A (en) | 2018-04-17 | 2018-04-17 | A kind of access management method and wireless router of wireless router |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108574693A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109743402A (en) * | 2019-01-31 | 2019-05-10 | 深圳云合科技有限公司 | Processing method, transmission method, receiver and the device for answering question of answering information |
CN110620773A (en) * | 2019-09-20 | 2019-12-27 | 深圳市信锐网科技术有限公司 | TCP flow isolation method, device and related components |
CN110740490A (en) * | 2019-10-22 | 2020-01-31 | 深圳市信锐网科技术有限公司 | Terminal network access method, gateway equipment, system, storage medium and device |
CN111130901A (en) * | 2019-12-30 | 2020-05-08 | 京信通信系统(中国)有限公司 | Device management method, device, communication device and storage medium |
CN111835678A (en) * | 2019-04-16 | 2020-10-27 | 北京大学 | On-line authorization method for semi-open wireless network access based on invitation mechanism |
CN112202711A (en) * | 2020-08-26 | 2021-01-08 | 网神信息技术(北京)股份有限公司 | Network access control method and device of terminal, electronic equipment and storage medium |
CN113055385A (en) * | 2021-03-12 | 2021-06-29 | 绍兴文理学院元培学院 | WiFi network management method and system |
CN113328975A (en) * | 2020-02-28 | 2021-08-31 | 中国电信股份有限公司 | Terminal access method, terminal access system, and computer-readable storage medium |
CN115455397A (en) * | 2022-10-28 | 2022-12-09 | 湖北芯擎科技有限公司 | Input/output interface control method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050220099A1 (en) * | 2004-03-30 | 2005-10-06 | Canon Kabushiki Kaisha | Packet relay apparatus and control method for data relay apparatus |
CN101909298A (en) * | 2010-07-15 | 2010-12-08 | 优视科技有限公司 | Secure access control method and device for wireless network |
CN103179554A (en) * | 2011-12-22 | 2013-06-26 | 中国移动通信集团广东有限公司 | Control method and device for wireless broadband network access and network equipment |
CN105246133A (en) * | 2015-11-13 | 2016-01-13 | 上海斐讯数据通信技术有限公司 | Guest network control method, guest network control device and router |
CN107592639A (en) * | 2017-10-26 | 2018-01-16 | 上海斐讯数据通信技术有限公司 | A kind of terminal device adds the method and system of router white list |
-
2018
- 2018-04-17 CN CN201810342553.3A patent/CN108574693A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050220099A1 (en) * | 2004-03-30 | 2005-10-06 | Canon Kabushiki Kaisha | Packet relay apparatus and control method for data relay apparatus |
CN101909298A (en) * | 2010-07-15 | 2010-12-08 | 优视科技有限公司 | Secure access control method and device for wireless network |
CN103179554A (en) * | 2011-12-22 | 2013-06-26 | 中国移动通信集团广东有限公司 | Control method and device for wireless broadband network access and network equipment |
CN105246133A (en) * | 2015-11-13 | 2016-01-13 | 上海斐讯数据通信技术有限公司 | Guest network control method, guest network control device and router |
CN107592639A (en) * | 2017-10-26 | 2018-01-16 | 上海斐讯数据通信技术有限公司 | A kind of terminal device adds the method and system of router white list |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109743402A (en) * | 2019-01-31 | 2019-05-10 | 深圳云合科技有限公司 | Processing method, transmission method, receiver and the device for answering question of answering information |
CN109743402B (en) * | 2019-01-31 | 2020-07-07 | 深圳云合科技有限公司 | Processing method, transmission method, receiver and answering machine of answering information |
CN111835678A (en) * | 2019-04-16 | 2020-10-27 | 北京大学 | On-line authorization method for semi-open wireless network access based on invitation mechanism |
CN110620773A (en) * | 2019-09-20 | 2019-12-27 | 深圳市信锐网科技术有限公司 | TCP flow isolation method, device and related components |
CN110620773B (en) * | 2019-09-20 | 2023-02-10 | 深圳市信锐网科技术有限公司 | TCP flow isolation method, device and related components |
CN110740490A (en) * | 2019-10-22 | 2020-01-31 | 深圳市信锐网科技术有限公司 | Terminal network access method, gateway equipment, system, storage medium and device |
CN111130901A (en) * | 2019-12-30 | 2020-05-08 | 京信通信系统(中国)有限公司 | Device management method, device, communication device and storage medium |
CN113328975A (en) * | 2020-02-28 | 2021-08-31 | 中国电信股份有限公司 | Terminal access method, terminal access system, and computer-readable storage medium |
CN112202711A (en) * | 2020-08-26 | 2021-01-08 | 网神信息技术(北京)股份有限公司 | Network access control method and device of terminal, electronic equipment and storage medium |
CN112202711B (en) * | 2020-08-26 | 2023-04-25 | 奇安信网神信息技术(北京)股份有限公司 | Network access control method and device of terminal, electronic equipment and storage medium |
CN113055385A (en) * | 2021-03-12 | 2021-06-29 | 绍兴文理学院元培学院 | WiFi network management method and system |
CN115455397A (en) * | 2022-10-28 | 2022-12-09 | 湖北芯擎科技有限公司 | Input/output interface control method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108574693A (en) | A kind of access management method and wireless router of wireless router | |
US7346340B2 (en) | Provision of user policy to terminal | |
US20020110123A1 (en) | Network connection control apparatus and method | |
US9001659B2 (en) | OpenFlow enabled WiFi management entity architecture | |
US8209529B2 (en) | Authentication system, network line concentrator, authentication method and authentication program | |
CN115699840A (en) | Methods, systems, and computer readable media for mitigating 5G roaming security attacks using a Secure Edge Protection Proxy (SEPP) | |
CN101730155A (en) | System and method for performing resource control on user | |
EP3649761B1 (en) | User data transported over non-access stratum | |
JP3987539B2 (en) | Session information management method and session information management apparatus | |
CN106856511B (en) | Method, gateway, PCRF network element and system for dynamically assigning IP address pool | |
CN108234677A (en) | A kind of block chain network node serve device towards multi-tiling platform chain | |
CN102823219B (en) | Protect the method to the access via the addressable data of the equipment realizing this method or service and relevant device | |
US20120304259A1 (en) | Method and apparatus for authenticating a user equipment | |
CN106604278B (en) | Multi-authority mobile network sharing method | |
AU2011288210B2 (en) | Limiting resources consumed by rejected subscriber end stations | |
CN106411852A (en) | Distributed terminal access control method, and apparatus | |
US20210185534A1 (en) | Method for securing accesses to a network, system and associated device | |
CN105681352B (en) | A kind of wireless network access safety management-control method and system | |
CN105656927B (en) | A kind of safety access method and system | |
CN107547561A (en) | A kind of method and device for carrying out DDOS attack protective treatment | |
US7949769B2 (en) | Arrangements and methods relating to security in networks supporting communication of packet data | |
CN116094979A (en) | Policy route management method | |
JP3668648B2 (en) | Session information management method and session information management apparatus | |
CN106453350A (en) | Anti-attack method and apparatus | |
KR102123549B1 (en) | Server and method for controlling of internet page access |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180925 |
|
WD01 | Invention patent application deemed withdrawn after publication |