CN108574693A - A kind of access management method and wireless router of wireless router - Google Patents

A kind of access management method and wireless router of wireless router Download PDF

Info

Publication number
CN108574693A
CN108574693A CN201810342553.3A CN201810342553A CN108574693A CN 108574693 A CN108574693 A CN 108574693A CN 201810342553 A CN201810342553 A CN 201810342553A CN 108574693 A CN108574693 A CN 108574693A
Authority
CN
China
Prior art keywords
terminal device
address
access
predeterminable area
intranet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810342553.3A
Other languages
Chinese (zh)
Inventor
刘妮妮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Feixun Information Technology Co Ltd
Original Assignee
Sichuan Feixun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Feixun Information Technology Co Ltd filed Critical Sichuan Feixun Information Technology Co Ltd
Priority to CN201810342553.3A priority Critical patent/CN108574693A/en
Publication of CN108574693A publication Critical patent/CN108574693A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Abstract

The invention discloses a kind of access management method of wireless router and wireless router, method includes the following steps:Access terminal equipment is divided in the corresponding predeterminable area of white list by S100 according to default zoning ordinance, and according to preset IP address allocation strategy, and corresponding IP address is distributed to the terminal device in predeterminable area;Each predeterminable area has corresponding access rights;The access website address request of S200 receiving terminal apparatus;It includes IP address and purpose IP address to access website address request;Judge whether the corresponding terminal device of IP address has and accesses the permission that purpose IP address corresponds to network address;If so, the terminal device is allowed to access the corresponding network address of purpose IP address;Otherwise, refusal terminal device accesses the corresponding network address of purpose IP address.The management method of the present invention makes router while opening white list, has the function of guest network, and the access rights by limiting guest network improve internet security to prevent information leakage.

Description

A kind of access management method and wireless router of wireless router
Technical field
The invention belongs to router technology field, more particularly to the access management method of a kind of wireless router and without circuit By device.
Background technology
White list technology refers to that equipment is directed to user setting list, only when user is added in list, just it is allowed to connect Enter and service for it, otherwise refusal access, abandons it and ask summed data.By the way that white list is arranged, equipment can improve its access Safety with service and convenience.
White list technology has been widely used in router now.White list technology is due to being in router device The attribute of portion's setting, thus it is different from WIFI pin modes, it can not be cracked, and safe coefficient is high.And white list is once It opens, if distant terminal equipment not in white list, can not surf the Internet knowing wireless cipher.Open white list Afterwards, only allow particular mac address terminal device surf the Internet, guest network can close, if there is visitor's visiting at this time, general execution with Lower two kinds of operations:The first is that visitor is added in white list;Second is to close white list, opens and accesses network.The A kind of operation may cause guest access Intranet, be easy to cause information leakage etc.;Second of operation is the control failure of white list, Internet security is reduced to a certain extent.Both operations can all cause internet security to reduce, and be easy to cause information leakage. And visitor terminates after leaving, it is still necessary to remove the equipment from white list manually, increase the complexity of operation.
Invention content
The object of the present invention is to provide a kind of access management method of wireless router and wireless routers, make wireless routing Device can limit the access rights of terminal device, improve internet security while opening white list.
Technical solution provided by the invention is as follows:
A kind of access management method of wireless router, includes the following steps:
Access terminal equipment is divided in the corresponding predeterminable area of white list by S100 according to default zoning ordinance, And according to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area;It is each default Region has corresponding access rights;
S200 receives the access website address request of the terminal device;It includes the IP address and destination IP to access website address request Address;Judge whether the corresponding terminal device of the IP address has and accesses the permission that the destination IP address corresponds to network address;If It is that the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse described in the terminal device access The corresponding network address of purpose IP address.
Further, the step S100 is specifically included:
S110 judges whether the identification information of the terminal device the first preset areas is added according to default zoning ordinance Domain;If so, executing step S120;Otherwise, step S130 is executed;The terminal device in first predeterminable area, which has, visits Ask Intranet and the access rights of outer net;
First predeterminable area is added in the identification information of the terminal device by S120, and is distributed to the terminal device IP address in first predeterminable area;
The second predeterminable area is added in the identification information of the terminal device by S130, and to described in terminal device distribution IP address in second predeterminable area;The terminal device in second predeterminable area has the access right for accessing outer net Limit.
Further, the step S200 is specifically included:
S210 receives the Intranet access request of the terminal device;The Intranet access request includes Intranet destination IP Location;
S220 verifies the IP address of the terminal device whether in first predeterminable area;If so, executing step S230;Otherwise, step S240 is executed;
S230 allows the terminal device to access the corresponding network address of the Intranet purpose IP address;
S240 refuses the terminal device and accesses the corresponding network address of the Intranet purpose IP address.
Further, further include after the step S200:
S300 obtains the access state information of the terminal device, judges whether the access state information reaches the end The corresponding default access thresholds of the affiliated predeterminable area of end equipment;If so, executing step S400;
S400 deletes the identification information of the terminal device in the corresponding predeterminable area in white list.
Further, the step S300 includes:
S310 obtains the access state information of the terminal device when the terminal device is located at the second predeterminable area, Judge whether the access state information reaches the corresponding default access thresholds of second predeterminable area;If so, executing step S410;
The step S400 includes step:
S410 deletes the identification information of the terminal device in the second predeterminable area described in white list.
The present invention also provides a kind of wireless routers, including:
Processing module, for according to zoning ordinance is preset, it is corresponding pre- that access terminal equipment to be divided to white list If in region, and according to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area; Each predeterminable area has corresponding access rights;
Control module, the access website address request for receiving the terminal device;It includes the IP to access website address request Location and purpose IP address;Judge whether the corresponding terminal device of the IP address there is access the destination IP address to correspond to network address Permission;If so, the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse the terminal to set It is standby to access the corresponding network address in the destination IP address.
Further, the processing module includes:
The identification information of the terminal device is added the by judging unit for according to zoning ordinance is preset, judging whether One predeterminable area, the terminal device in first predeterminable area have the access rights for accessing Intranet and outer net;
First execution unit is used for when the first predeterminable area is added in the identification information of the terminal device by judgement, will First predeterminable area is added in the identification information of the terminal device, and distributes first preset areas to the terminal device IP address in domain;
Second execution unit is used for when the first predeterminable area is not added in the identification information of the terminal device by judgement, The second predeterminable area is added in the identification information of the terminal device, and second predeterminable area is distributed to the terminal device Interior IP address;The terminal device in second predeterminable area has the access rights for accessing outer net.
Further, the control module includes:
Receiving unit, the Intranet access request for receiving the terminal device;The Intranet access request includes Intranet Purpose IP address;
Authentication unit, for verifying the IP address of the terminal device whether in first predeterminable area;
Allow unit, for when the IP address for verifying the terminal device is in first predeterminable area, allowing The terminal device accesses the corresponding network address of IP address of the Intranet;
Refuse unit, for when verifying the IP address of the terminal device not in first predeterminable area, refusing The terminal device accesses the corresponding network address of IP address of the Intranet.
Further, the wireless router further includes:
Acquisition module, the access state information for obtaining the terminal device;
Judgment module is corresponded to for judging whether the access state information reaches the affiliated predeterminable area of the terminal device Default access thresholds;
Removing module, for working as the access state information, to reach the affiliated predeterminable area of the terminal device corresponding default When access thresholds, the identification information of the terminal device in white list in the corresponding predeterminable area is deleted.
Further, the acquisition module is additionally operable to when the terminal device is located at the second predeterminable area, described in acquisition It is corresponding default to judge whether the access state information reaches second predeterminable area for the access state information of terminal device Access thresholds;
The removing module is additionally operable to reach the corresponding default visit of second predeterminable area when the access state information When asking threshold value, the identification information of the terminal device in the second predeterminable area described in white list is deleted.
Compared with prior art, the beneficial effects of the present invention are:Multiple predeterminable areas are provided in white list, often A predeterminable area has corresponding access rights, by the way that different predeterminable areas is added in terminal device and distributes corresponding preset areas IP address in domain, when terminal device accesses network address, wireless router determines end by verifying the IP address of terminal device The access rights of end equipment so that wireless router has the function of guest network while opening white list, passes through restriction The access rights of guest network improve internet security to prevent information leakage.
Description of the drawings
Below by a manner of clearly understandable, preferred embodiment is described with reference to the drawings, to a kind of above-mentioned characteristic, technology Feature, advantage and its realization method are further described.
Fig. 1 is a kind of flow diagram of the access management method of wireless router of the embodiment of the present invention one;
Fig. 2 is a kind of flow diagram of the access management method of wireless router of the embodiment of the present invention two;
Fig. 3 is a kind of flow diagram of the access management method of wireless router of the embodiment of the present invention three;
Fig. 4 is a kind of flow diagram of the access management method of wireless router of the embodiment of the present invention four;
Fig. 5 is a kind of structural schematic block diagram of wireless router of the present invention.
Drawing reference numeral explanation:
10, processing module;11, judging unit;12, the first execution unit;13, the second execution unit;20, control module; 21, receiving unit;22, authentication unit;23, allow unit;Refuse unit;30, acquisition module;40, judgment module;50, it deletes Module.
Specific implementation mode
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, control is illustrated below The specific implementation mode of the present invention.It should be evident that drawings in the following description are only some embodiments of the invention, for For those of ordinary skill in the art, without creative efforts, other are can also be obtained according to these attached drawings Attached drawing, and obtain other embodiments.
To make simplified form, part related to the present invention is only schematically shown in each figure, they are not represented Its practical structures as product.In addition, so that simplified form is easy to understand, there is identical structure or function in some figures Component only symbolically depicts one of those, or has only marked one of those.Herein, "one" is not only indicated " only this ", can also indicate the situation of " more than one ".
According to first embodiment provided by the invention, as shown in Figure 1,
A kind of access management method of wireless router, includes the following steps:
Access terminal equipment is divided in the corresponding predeterminable area of white list by S100 according to default zoning ordinance, And according to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area;It is each default Region has corresponding access rights;
S200 receives the access website address request of the terminal device;It includes the IP address and destination IP to access website address request Address;Judge whether the corresponding terminal device of the IP address has and accesses the permission that the destination IP address corresponds to network address;If It is that the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse described in the terminal device access The corresponding network address of purpose IP address.
Specifically, when work, the function of white name list of wireless router and DHCP are opened, by presetting multiple centres Value, the IP address interval division by DHCP distribution is multiple predeterminable areas, and sets the access rights of each predeterminable area.When not When terminal device in white list attempts networking, identification information such as terminal device title and the terminal device of terminal device MAC Address etc. then appear in and intercept in list, at this point it is possible to which white list is added in terminal device from selection in list is intercepted The a certain predeterminable area of list, DHCP distribute the IP address in the correspondence predeterminable area to terminal device, and terminal device has at this time There are the corresponding access rights of the predeterminable area.
When terminal device accesses network address, the access website address request of wireless router receiving terminal apparatus accesses network address and asks Include the IP address and purpose IP address of terminal device in asking, it is default that wireless router judges which purpose IP address belongs to Then terminal device is verified whether in the predeterminable area, if so, then proving that terminal is set in region according to the IP address of terminal device The standby permission that there is the access purpose IP address to correspond to network address, wireless router allow terminal device to access the purpose IP address pair The network address answered;If not, proving that terminal device does not have accesses the permission that the purpose IP address corresponds to network address, wireless router Refusal terminal device accesses the corresponding network address of the purpose IP address.
For the present invention since function of white name list is opened, the terminal device of white list, which is only added, could access network, because This, can be arranged the wireless access point in predeterminable area without password, and terminal device is not necessarily to when connecting wireless router Password is inputted, the safety that will not reduce wireless router while operation is simplified.
Second embodiment provided by the invention, as shown in Fig. 2,
A kind of access management method of wireless router, includes the following steps:
S110 judges whether the identification information of the terminal device the first preset areas is added according to default zoning ordinance Domain;If so, executing step S120;Otherwise, step S130 is executed;The terminal device in first predeterminable area, which has, visits Ask Intranet and the access rights of outer net;
First predeterminable area is added in the identification information of the terminal device by S120, and is distributed to the terminal device IP address in first predeterminable area;
The second predeterminable area is added in the identification information of the terminal device by S130, and to described in terminal device distribution IP address in second predeterminable area;The terminal device in second predeterminable area has the access right for accessing outer net Limit;
S210 receives the Intranet access request of the terminal device;The Intranet access request includes Intranet destination IP Location;
S220 verifies the IP address of the terminal device whether in first predeterminable area;If so, executing step S230;Otherwise, step S240 is executed;
S230 allows the terminal device to access the corresponding network address of the Intranet purpose IP address;
S240 refuses the terminal device and accesses the corresponding network address of the Intranet purpose IP address.
As an example, if the IP address range that DHCP is dynamically distributed is [a, b], that is, the network segment distributed is ranging from 192.168.3.a-192.168.3.b, it is divided by preset value d, then [a, a+ (b-a)/d] is the first predeterminable area, [a + (b-a)/d, b] it is the second predeterminable area, it, can be pre- to adjust two according to actual conditions by adjusting the size of d values when setting If the range in region.Then the terminal device being arranged in the first predeterminable area has the access rights for accessing Intranet and outer net, the One predeterminable area can specialize in household internal personnel use, in addition, finer differentiation can also be made to the Intranet of access, such as When Intranet is divided into Intranet A and Intranet B, the affiliated person that can limit wireless router is able to access that Intranet A and Intranet B, no circuit Intranet B can only be accessed by the household of the affiliated person of device, such as Intranet A is the corresponding administration authority net of setting management wireless router Location;There are the terminal device being arranged in the second predeterminable area the access rights for accessing outer net, the second predeterminable area to make for visitor With, visitor can be set and there was only the access rights for accessing outer net, without the permission for accessing Intranet, to prevent information leakage, Visitor can also be set and there was only the permission for accessing outer net and partial target Intranet network address so that outer net can be used normally in visitor Simultaneously, moreover it is possible to use the permission of part Intranet network address, such as target Intranet network address can be that enterprise, school administration system are corresponding Intranet network address.
Certainly, finer differentiation can also be made to the outer net of access, such as outer net is divided into target outer net and non-targeted outer When net, wireless router can limit visitor can only access target outer net, and non-targeted outer net cannot be accessed, such as non-targeted outer Net can be game network address, video network address and live video network address etc., by the way that target outer net and non-targeted outer net is arranged, and only permit Perhaps guest access target outer net can reduce the network addiction of visitor, visitor is avoided to indulge in network, with reduce surf time of visitor from And protect the eyesight of visitor.
If certain router includes n access point, white list can also be divided into n predeterminable area, with public affairs For department, pass through and n predeterminable area is set so that different departments is added different predeterminable areas, in each predeterminable area Terminal device has respective access rights, and the terminal device of respective department, which can only access, allows access in respective predeterminable area Network address, and the network address of other departments cannot be accessed.By the way that predeterminable area is isolated, connect that is, realizing different departments Connect different wireless signals, to protect each department transmission data safety.
By taking n=3 as an example, the DHCP IP address dynamically distributed is divided into three predeterminable areas, then [a, a+ (b-a)/d1] is First area, [a+ (b-a)/d1, a+ (b-a)/d2] are second area, and [a+ (b-a)/d2, b] is third region, wherein d1 > Then d2 is respectively defined the access rights of first area, second area and third region, make first area, the secondth area Terminal device in domain and third region is respectively provided with corresponding access rights.Herein, second area is equal with third region In the second predeterminable area of the present invention, the second predeterminable area does not make quantity and range limits, and outer net power is accessed as long as only having The region of limit is the second predeterminable area of the present invention.
3rd embodiment provided by the invention, as shown in figure 3,
A kind of access management method of wireless router, includes the following steps:
Access terminal equipment is divided in the corresponding predeterminable area of white list by S100 according to default zoning ordinance, And according to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area;It is each default Region has corresponding access rights;
S200 receives the access website address request of the terminal device;It includes the IP address and destination IP to access website address request Address;Judge whether the corresponding terminal device of the IP address has and accesses the permission that the destination IP address corresponds to network address;If It is that the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse described in the terminal device access The corresponding network address of purpose IP address.
S300 obtains the access state information of the terminal device, judges whether the access state information reaches the end The corresponding default access thresholds of the affiliated predeterminable area of end equipment;If so, executing step S400;
S400 deletes the identification information of the terminal device in the corresponding predeterminable area in white list.
Specifically, access thresholds can be set to each predeterminable area, it is regular and wide that timer rule, timer is such as added Band restrictive rule limits the default access duration of the terminal device in each predeterminable area, default access time section, presets access Any one or multinomial in consumed flow and default online bandwidth.When default access thresholds are default access duration, such as When the access duration of fruit terminal device reaches the default access thresholds in affiliated corresponding predeterminable area, wireless router is automatically deleted The identification information of the terminal device removes the terminal device from the predeterminable area of white list automatically, without manual The identification information for removing terminal device, simplifies operation;Or when default access thresholds are default access time section, if eventually When the access time point of end equipment reaches the preset time point in affiliated corresponding predeterminable area, it is default that wireless router deletes this automatically The identification information of terminal device in region, if the preset time point in a certain predeterminable area is 9 points at night, when the preset areas The access time point of terminal device in domain reach at night 9 when, wireless router is automatically deleted the terminal in the predeterminable area The identification information of equipment.When default access thresholds are default access consumed flow, if what the access of terminal device was consumed When total flow reaches the default access consumed flow in affiliated corresponding predeterminable area, wireless router is automatically deleted the terminal device Identification information, i.e., the terminal device is removed from the predeterminable area of white list automatically, is set without manually removes terminal Standby identification information, while simplifying operation, moreover it is possible to avoid the flow that the equipment in wireless router consumes excessive and increase The campus network of user;When default access thresholds are default online bandwidth, if uplink and downlink data when the access of terminal device When the occupied online bandwidth of access transport is more than the default online bandwidth in affiliated corresponding predeterminable area, wireless router is automatic The identification information of the terminal device is deleted, i.e., the terminal device is removed from the predeterminable area of white list automatically, is not necessarily to The identification information of manually removes terminal device, while simplifying operation, moreover it is possible to avoid the hold facility band in wireless router Since bandwidth not enough leads to the problem of blocking of surfing the Internet when being wider than the high affiliated person online for leading to wireless router, it is pre- that this can be reduced If the terminal device in region influences the online bandwidth of the terminal device in other predeterminable areas because occupying more bandwidth, and When reject the identification information of terminal device in white list in predeterminable area, the net of disconnected end equipment and wireless router Network connects, and can promote the affiliated person's online experience of router.Each different situations of default access thresholds are only listed above, Combination does not repeat one by one herein.
Fourth embodiment provided by the invention, as shown in figure 4,
A kind of access management method of wireless router, includes the following steps:
S110 judges whether the identification information of the terminal device the first preset areas is added according to default zoning ordinance Domain;If so, executing step S120;Otherwise, step S130 is executed;The terminal device in first predeterminable area, which has, visits Ask Intranet and the access rights of outer net;
First predeterminable area is added in the identification information of the terminal device by S120, and is distributed to the terminal device IP address in first predeterminable area;
The second predeterminable area is added in the identification information of the terminal device by S130, and to described in terminal device distribution IP address in second predeterminable area;The terminal device in second predeterminable area has the access right for accessing outer net Limit.
S210 receives the Intranet access request of the terminal device;The Intranet access request includes Intranet destination IP Location;
S220 verifies the IP address of the terminal device whether in first predeterminable area;If so, executing step S230;Otherwise, step S240 is executed;
S230 allows the terminal device to access the corresponding network address of the Intranet purpose IP address;
S240 refuses the terminal device and accesses the corresponding network address of the Intranet purpose IP address;
S310 obtains the access state information of the terminal device when the terminal device is located at the second predeterminable area, Judge whether the access state information reaches the corresponding default access thresholds of second predeterminable area;If so, executing step S410;
S410 deletes the identification information of the terminal device in the second predeterminable area described in white list.
Specifically, by presetting access thresholds to the terminal device setting of the second predeterminable area, to limit the second preset areas Access duration, online bandwidth, access time section and the access consumed flow of terminal device in domain so that in the second predeterminable area Terminal device online when, occupy the online bandwidth in the first predeterminable area less as possible.Meanwhile when in the second predeterminable area When the default access thresholds of terminal device accessed in the second predeterminable area of duration or access time section arrival, wireless router is certainly The dynamic identification information for deleting the terminal device in the second predeterminable area, without being deleted manually so that operation is easier.
5th embodiment provided by the invention, as shown in figure 5,
A kind of wireless router, including processing module 10, for according to zoning ordinance is preset, access terminal equipment to be divided To the corresponding predeterminable area of white list, and according to preset IP address allocation strategy, to the terminal in the predeterminable area Equipment distributes corresponding IP address;Each predeterminable area has corresponding access rights;
Control module 20, the access website address request for receiving the terminal device;It includes the IP to access website address request Address and purpose IP address;Judge whether the corresponding terminal device of the IP address there is access the destination IP address to correspond to net The permission of location;If so, the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse the terminal Equipment accesses the corresponding network address in the destination IP address.
Processing module 10 includes:
Judging unit 11, for according to zoning ordinance is preset, judging whether the identification information of terminal device being added first Predeterminable area, the terminal device in first predeterminable area have the access rights for accessing Intranet and outer net;
First execution unit 12 is used for when the first predeterminable area is added in the identification information of the terminal device by judgement, First predeterminable area is added in the identification information of the terminal device, and default to terminal device distribution described first IP address in region;
Second execution unit 13, for the first predeterminable area not being added in the identification information of the terminal device when judgement When, the second predeterminable area is added in the identification information of the terminal device, and default to terminal device distribution described second IP address in region;The terminal device in second predeterminable area has the access rights for accessing outer net.
Control module 20 includes:
Receiving unit 21, the Intranet access request for receiving the terminal device;The Intranet access request includes interior Net purpose IP address;
Authentication unit 22, for verifying the IP address of the terminal device whether in first predeterminable area;
Allow unit 23, for when the IP address for verifying the terminal device is in first predeterminable area, permitting Perhaps the corresponding network address of IP address that the described terminal device accesses the Intranet;
Refuse unit 24, for when verifying the IP address of the terminal device not in first predeterminable area, refusing The exhausted terminal device accesses the corresponding network address of IP address of the Intranet.
Preferably, wireless router further includes acquisition module 30, the access state information for obtaining the terminal device; Acquisition module 30 is additionally operable to obtain the access state letter of the terminal device when the terminal device is located at the second predeterminable area Breath, judges whether the access state information reaches the corresponding default access thresholds of second predeterminable area;
Wireless router further includes judgment module 40, is set for judging whether the access state information reaches the terminal The corresponding default access thresholds of standby affiliated predeterminable area;
Wireless router further includes removing module 50, is reached belonging to the terminal device for working as the access state information When the corresponding default access thresholds of predeterminable area, deletes the terminal in white list in the corresponding predeterminable area and set Standby identification information;Wherein, the access state information includes accessing duration and/or flowing of access.Removing module 50 is additionally operable to When the access state information reaches the corresponding default access thresholds of second predeterminable area, institute in white list is deleted State the identification information of the terminal device in the second predeterminable area.
The concrete mode that modules in the present embodiment execute operation carries out in the embodiment of the method Detailed description, will be not set forth in detail explanation herein.
It should be noted that above-described embodiment can be freely combined as needed.The above is only the preferred of the present invention Embodiment, it is noted that for those skilled in the art, in the premise for not departing from the principle of the invention Under, several improvements and modifications can also be made, these improvements and modifications also should be regarded as protection scope of the present invention.

Claims (10)

1. a kind of access management method of wireless router, which is characterized in that include the following steps:
Access terminal equipment is divided in the corresponding predeterminable area of white list, and root by S100 according to default zoning ordinance According to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area;Each predeterminable area With corresponding access rights;
S200 receives the access website address request of the terminal device;It includes the IP address and destination IP to access website address request Location;Judge whether the corresponding terminal device of the IP address has and accesses the permission that the destination IP address corresponds to network address;If so, The terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse the terminal device and access the mesh The corresponding network address of IP address.
2. the access management method of wireless router according to claim 1, which is characterized in that the step S100 is specific Including:
S110 judges whether the identification information of the terminal device the first predeterminable area is added according to default zoning ordinance;If It is to execute step S120;Otherwise, step S130 is executed;The terminal device in first predeterminable area has in access The access rights of net and outer net;
First predeterminable area is added in the identification information of the terminal device by S120, and to described in terminal device distribution IP address in first predeterminable area;
The second predeterminable area is added in the identification information of the terminal device by S130, and distributes described second to the terminal device IP address in predeterminable area;The terminal device in second predeterminable area has the access rights for accessing outer net.
3. the access management method of wireless router according to claim 2, which is characterized in that the step S200 is specific Including:
S210 receives the Intranet access request of the terminal device;The Intranet access request includes Intranet purpose IP address;
S220 verifies the IP address of the terminal device whether in first predeterminable area;If so, executing step S230;It is no Then, step S240 is executed;
S230 allows the terminal device to access the corresponding network address of the Intranet purpose IP address;
S240 refuses the terminal device and accesses the corresponding network address of the Intranet purpose IP address.
4. according to the access management method of claim 1-3 any one of them wireless routers, which is characterized in that the step Further include after S200:
S300 obtains the access state information of the terminal device, judges whether the access state information reaches the terminal and set The corresponding default access thresholds of standby affiliated predeterminable area;If so, executing step S400;
S400 deletes the identification information of the terminal device in the corresponding predeterminable area in white list.
5. the access management method of wireless router according to claim 4, which is characterized in that the step S300 packets It includes:
S310 obtains the access state information of the terminal device when the terminal device is located at the second predeterminable area, judges Whether the access state information reaches the corresponding default access thresholds of second predeterminable area;If so, executing step S410;
The step S400 includes step:
S410 deletes the identification information of the terminal device in the second predeterminable area described in white list.
6. a kind of wireless router, which is characterized in that including:
Processing module, for according to zoning ordinance is preset, access terminal equipment to be divided to the corresponding preset areas of white list In domain, and according to preset IP address allocation strategy, corresponding IP address is distributed to the terminal device in the predeterminable area;Each Predeterminable area has corresponding access rights;
Control module, the access website address request for receiving the terminal device;Access website address request include the IP address and Purpose IP address;Judge whether the corresponding terminal device of the IP address has the power that the destination IP address corresponds to network address that accesses Limit;If so, the terminal device is allowed to access the corresponding network address in the destination IP address;Otherwise, refuse the terminal device to visit Ask the destination IP address corresponding network address.
7. wireless router according to claim 6, which is characterized in that the processing module includes:
The identification information of the terminal device is added first in advance by judging unit for according to zoning ordinance is preset, judging whether If region, the terminal device in first predeterminable area has the access rights for accessing Intranet and outer net;
First execution unit is used for when the first predeterminable area is added in the identification information of the terminal device by judgement, will be described First predeterminable area is added in the identification information of terminal device, and is distributed in first predeterminable area to the terminal device IP address;
Second execution unit is used for when the first predeterminable area is not added in the identification information of the terminal device by judgement, by institute The second predeterminable area is added in the identification information for stating terminal device, and is distributed in second predeterminable area to the terminal device IP address;The terminal device in second predeterminable area has the access rights for accessing outer net.
8. wireless router according to claim 7, which is characterized in that the control module includes:
Receiving unit, the Intranet access request for receiving the terminal device;The Intranet access request includes Intranet purpose IP address;
Authentication unit, for verifying the IP address of the terminal device whether in first predeterminable area;
Allow unit, for when the IP address for verifying the terminal device is in first predeterminable area, described in permission Terminal device accesses the corresponding network address of IP address of the Intranet;
Refuse unit, is used for when verifying the IP address of the terminal device not in first predeterminable area, described in refusal Terminal device accesses the corresponding network address of IP address of the Intranet.
9. according to claim 6-8 any one of them wireless routers, which is characterized in that further include:
Acquisition module, the access state information for obtaining the terminal device;
Judgment module, for judging it is corresponding pre- whether the access state information reaches the affiliated predeterminable area of the terminal device If access thresholds;
Removing module reaches the corresponding default access of the affiliated predeterminable area of the terminal device for working as the access state information When threshold value, the identification information of the terminal device in white list in the corresponding predeterminable area is deleted.
10. the access management method of wireless router according to claim 9, which is characterized in that
The acquisition module is additionally operable to, when the terminal device is located at the second predeterminable area, obtain the visit of the terminal device It asks status information, judges whether the access state information reaches the corresponding default access thresholds of second predeterminable area;
The removing module is additionally operable to reach the corresponding default access threshold of second predeterminable area when the access state information When value, the identification information of the terminal device in the second predeterminable area described in white list is deleted.
CN201810342553.3A 2018-04-17 2018-04-17 A kind of access management method and wireless router of wireless router Pending CN108574693A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810342553.3A CN108574693A (en) 2018-04-17 2018-04-17 A kind of access management method and wireless router of wireless router

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810342553.3A CN108574693A (en) 2018-04-17 2018-04-17 A kind of access management method and wireless router of wireless router

Publications (1)

Publication Number Publication Date
CN108574693A true CN108574693A (en) 2018-09-25

Family

ID=63574971

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810342553.3A Pending CN108574693A (en) 2018-04-17 2018-04-17 A kind of access management method and wireless router of wireless router

Country Status (1)

Country Link
CN (1) CN108574693A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743402A (en) * 2019-01-31 2019-05-10 深圳云合科技有限公司 Processing method, transmission method, receiver and the device for answering question of answering information
CN110620773A (en) * 2019-09-20 2019-12-27 深圳市信锐网科技术有限公司 TCP flow isolation method, device and related components
CN110740490A (en) * 2019-10-22 2020-01-31 深圳市信锐网科技术有限公司 Terminal network access method, gateway equipment, system, storage medium and device
CN111130901A (en) * 2019-12-30 2020-05-08 京信通信系统(中国)有限公司 Device management method, device, communication device and storage medium
CN111835678A (en) * 2019-04-16 2020-10-27 北京大学 On-line authorization method for semi-open wireless network access based on invitation mechanism
CN112202711A (en) * 2020-08-26 2021-01-08 网神信息技术(北京)股份有限公司 Network access control method and device of terminal, electronic equipment and storage medium
CN113055385A (en) * 2021-03-12 2021-06-29 绍兴文理学院元培学院 WiFi network management method and system
CN113328975A (en) * 2020-02-28 2021-08-31 中国电信股份有限公司 Terminal access method, terminal access system, and computer-readable storage medium
CN115455397A (en) * 2022-10-28 2022-12-09 湖北芯擎科技有限公司 Input/output interface control method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050220099A1 (en) * 2004-03-30 2005-10-06 Canon Kabushiki Kaisha Packet relay apparatus and control method for data relay apparatus
CN101909298A (en) * 2010-07-15 2010-12-08 优视科技有限公司 Secure access control method and device for wireless network
CN103179554A (en) * 2011-12-22 2013-06-26 中国移动通信集团广东有限公司 Control method and device for wireless broadband network access and network equipment
CN105246133A (en) * 2015-11-13 2016-01-13 上海斐讯数据通信技术有限公司 Guest network control method, guest network control device and router
CN107592639A (en) * 2017-10-26 2018-01-16 上海斐讯数据通信技术有限公司 A kind of terminal device adds the method and system of router white list

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050220099A1 (en) * 2004-03-30 2005-10-06 Canon Kabushiki Kaisha Packet relay apparatus and control method for data relay apparatus
CN101909298A (en) * 2010-07-15 2010-12-08 优视科技有限公司 Secure access control method and device for wireless network
CN103179554A (en) * 2011-12-22 2013-06-26 中国移动通信集团广东有限公司 Control method and device for wireless broadband network access and network equipment
CN105246133A (en) * 2015-11-13 2016-01-13 上海斐讯数据通信技术有限公司 Guest network control method, guest network control device and router
CN107592639A (en) * 2017-10-26 2018-01-16 上海斐讯数据通信技术有限公司 A kind of terminal device adds the method and system of router white list

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743402A (en) * 2019-01-31 2019-05-10 深圳云合科技有限公司 Processing method, transmission method, receiver and the device for answering question of answering information
CN109743402B (en) * 2019-01-31 2020-07-07 深圳云合科技有限公司 Processing method, transmission method, receiver and answering machine of answering information
CN111835678A (en) * 2019-04-16 2020-10-27 北京大学 On-line authorization method for semi-open wireless network access based on invitation mechanism
CN110620773A (en) * 2019-09-20 2019-12-27 深圳市信锐网科技术有限公司 TCP flow isolation method, device and related components
CN110620773B (en) * 2019-09-20 2023-02-10 深圳市信锐网科技术有限公司 TCP flow isolation method, device and related components
CN110740490A (en) * 2019-10-22 2020-01-31 深圳市信锐网科技术有限公司 Terminal network access method, gateway equipment, system, storage medium and device
CN111130901A (en) * 2019-12-30 2020-05-08 京信通信系统(中国)有限公司 Device management method, device, communication device and storage medium
CN113328975A (en) * 2020-02-28 2021-08-31 中国电信股份有限公司 Terminal access method, terminal access system, and computer-readable storage medium
CN112202711A (en) * 2020-08-26 2021-01-08 网神信息技术(北京)股份有限公司 Network access control method and device of terminal, electronic equipment and storage medium
CN112202711B (en) * 2020-08-26 2023-04-25 奇安信网神信息技术(北京)股份有限公司 Network access control method and device of terminal, electronic equipment and storage medium
CN113055385A (en) * 2021-03-12 2021-06-29 绍兴文理学院元培学院 WiFi network management method and system
CN115455397A (en) * 2022-10-28 2022-12-09 湖北芯擎科技有限公司 Input/output interface control method and system

Similar Documents

Publication Publication Date Title
CN108574693A (en) A kind of access management method and wireless router of wireless router
US7346340B2 (en) Provision of user policy to terminal
US20020110123A1 (en) Network connection control apparatus and method
US9001659B2 (en) OpenFlow enabled WiFi management entity architecture
US8209529B2 (en) Authentication system, network line concentrator, authentication method and authentication program
CN115699840A (en) Methods, systems, and computer readable media for mitigating 5G roaming security attacks using a Secure Edge Protection Proxy (SEPP)
CN101730155A (en) System and method for performing resource control on user
EP3649761B1 (en) User data transported over non-access stratum
JP3987539B2 (en) Session information management method and session information management apparatus
CN106856511B (en) Method, gateway, PCRF network element and system for dynamically assigning IP address pool
CN108234677A (en) A kind of block chain network node serve device towards multi-tiling platform chain
CN102823219B (en) Protect the method to the access via the addressable data of the equipment realizing this method or service and relevant device
US20120304259A1 (en) Method and apparatus for authenticating a user equipment
CN106604278B (en) Multi-authority mobile network sharing method
AU2011288210B2 (en) Limiting resources consumed by rejected subscriber end stations
CN106411852A (en) Distributed terminal access control method, and apparatus
US20210185534A1 (en) Method for securing accesses to a network, system and associated device
CN105681352B (en) A kind of wireless network access safety management-control method and system
CN105656927B (en) A kind of safety access method and system
CN107547561A (en) A kind of method and device for carrying out DDOS attack protective treatment
US7949769B2 (en) Arrangements and methods relating to security in networks supporting communication of packet data
CN116094979A (en) Policy route management method
JP3668648B2 (en) Session information management method and session information management apparatus
CN106453350A (en) Anti-attack method and apparatus
KR102123549B1 (en) Server and method for controlling of internet page access

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180925

WD01 Invention patent application deemed withdrawn after publication