CN108965241A - Based on WLAN source address verification method - Google Patents
Based on WLAN source address verification method Download PDFInfo
- Publication number
- CN108965241A CN108965241A CN201810524132.2A CN201810524132A CN108965241A CN 108965241 A CN108965241 A CN 108965241A CN 201810524132 A CN201810524132 A CN 201810524132A CN 108965241 A CN108965241 A CN 108965241A
- Authority
- CN
- China
- Prior art keywords
- equipment
- binding
- mac
- address
- controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of based on WLAN source address verification methods, comprising: creation binding table, and make to preserve the MAC Address and the binding relationship for the IP address for distributing to the equipment into each equipment in all devices of WLAN in binding table;The message from equipment, and MAC Address based on equipment are obtained, the IP address with MAC Address binding is searched in binding table;The IP address of message is obtained, and in the IP address situation identical with the IP address of the message for judging to search, determines that the source address of the message is legal, and forward the message.This method can accurate validation enter the message of each equipment in all devices of WLAN source address it is whether legal, prevent the disparate networks in WLAN based on forgery of source address from attacking, substantially increase the safety in utilization of WLAN.
Description
Technical field
The present invention relates to Internet technical field more particularly to a kind of based on WLAN source address verification methods.
Background technique
Existing IP/TCP agreement at the beginning of design not doing excessive consideration in safety problem, in agreement default network
The source address information that data packet includes all be it is true and reliable, screening and inspection will not be carried out to the legitimacy in data packet source.
However, slowly being set from the basis that the tool of academic colleague's exchange becomes the whole society with the great change of internet use environment
It applies, the network attack carried out by cook source address field is more and more, brings very big challenge to the development of entire internet.
This kind of attack tends to initiate but to be difficult to trace, and endangers network security, also brings to network management, diagnosis, charging etc. huge
It is big to hinder.In order to guarantee the reliability of source address information in network, prevent forgery of source address from attacking, those skilled in the art are proposed
A series of source address verification methods.
WLAN (Wireless Local Area Network, WLAN) utilizes wireless communication technique, by limited model
Equipment in enclosing is connected with each other, and user is moved in signal cover and keeps connecting.WLAN
Security risk it is larger, the equipment such as existing a large amount of smart phones, tablet computer, laptop much pass through wireless access
Internet, and they are possible to remotely be controlled by attacker, initiate the disparate networks attack based on forgery of source address, generate huge
Harm, and be difficult to trace.However, although a series of source address verification methods are currently suggested, not by this method
Applied to each deployment scenario of WLAN, so that not can solve all kinds of nets in WLAN based on forgery of source address
Network attack.
Accordingly, it is desirable to provide a kind of based on WLAN source address verification method.
Summary of the invention
The technical problems to be solved by the present invention are: being currently suggested a series of source address verification methods, but will not
This method is applied to each deployment scenario of WLAN, so that not can solve in WLAN based on forgery of source address
Disparate networks attack.
In order to solve the above-mentioned technical problems, the present invention provides a kind of based on WLAN source address verification method,
Include:
Binding table is created, and makes to be preserved in the binding table into each equipment in all devices of WLAN
The binding relationship of MAC Address and the IP address for distributing to the equipment;
The message from the equipment, and the MAC Address based on the equipment are obtained, searches and is somebody's turn to do in the binding table
The IP address of MAC Address binding;
The IP address of the message is obtained, and is judging the IP address the searched situation identical as the IP address of the message
Under, determine that the source address of the message is legal, and forward the message.
In a preferred embodiment, binding table is created, and makes to preserve in the binding table into wireless local area
The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of net, comprising:
Obtain the MAC Address of each equipment in all devices for entering WLAN and the IP address for distributing to the equipment
Binding relationship;
Judge whether the binding relationship is legal, if legal, then the binding relationship is added to binding table;Otherwise, it loses
Abandon the binding relationship.
In a preferred embodiment, with obtaining the MAC of each equipment in all devices for entering WLAN
The binding relationship of location and the IP address for distributing to the equipment, comprising:
Obtain the specified MAC into each equipment in the equipment component of WLAN of administrative staff by WLAN
The binding relationship of address and the IP address for distributing to the equipment;And
It obtains and each equipment and address distribution clothes in remaining equipment of WLAN is entered by wireless router sniff
The mutual message of business device, and therefrom obtain the MAC Address and the binding relationship for the IP address for distributing to the equipment of the equipment.
In a preferred embodiment, the binding table includes: IP-MAC binding table and MAC-IP binding table.
In a preferred embodiment, binding table is created, and makes to be preserved in the binding table into centralized nothing
The MAC Address of each equipment and the IP address for distributing to the equipment in all devices of the FIT-AP deployment scenario of line local area network
Binding relationship, comprising:
It obtains the MAC Address of each equipment in all devices for entering the FIT-AP deployment scenario and distributes to the equipment
IP address binding relationship, and the binding relationship is sent to controller;
Judge whether the binding relationship is legal by the controller, if legal, is then tied up by the controller by described
Determine relationship and be added to IP-MAC binding table, and notify wireless router that the binding relationship is added to MAC-IP binding table, with reality
Existing IP-MAC binding table is synchronous with MAC-IP binding table;Otherwise, the binding relationship is abandoned.
In a preferred embodiment, the IP-MAC binding table and the MAC-IP binding table synchronize pass through expansion
Agreement is opened up to execute.
In a preferred embodiment, when all of FIT-AP deployment scenario for entering Centralized Wireless LAN set
Each equipment is moved to from the range of the first wireless router connecting with the equipment controlled by the first controller by the in standby
When the range of the second wireless router of one controller control, the first wireless router is detecting the equipment and its company of disconnection
After connecing, it is automatically deleted binding relationship relevant to the equipment in the MAC-IP binding table being stored in the first wireless router;
After the second wireless router detects the equipment, the second wireless router is stored in the request of the first controller
Binding relationship relevant to the equipment in IP-MAC binding table in first controller;
After the first controller receives to request, which is sent to the second wireless router, the second wireless routing
The binding relationship is stored in the MAC-IP binding table in the second wireless router by device, to realize the binding relationship of the equipment
Migration.
In a preferred embodiment, when all of FIT-AP deployment scenario for entering Centralized Wireless LAN set
Each equipment is moved to from the range of the third wireless router controlled by second controller in standby is controlled by third controller
When the range of the 4th wireless router, the 4th wireless router notifies third controller, third control after detecting the equipment
Binding relevant to the equipment is closed in the IP-MAC binding table that device processed is stored in second controller to second controller request
System;
After second controller receives to request, which is sent to third controller, third controller ties up this
Determine in the IP-MAC binding table that relationship is stored in third controller, and the binding relationship is sent to the 4th wireless router,
The binding relationship is stored in the MAC-IP binding table in the 4th wireless router by the 4th wireless router;
Second controller is automatically deleted relevant to the equipment in the IP-MAC binding table being stored in second controller
Binding relationship, third wireless router are automatically deleted in the MAC-IP binding table being stored in third wireless router and set with described
Standby relevant binding relationship, to realize the migration of the binding relationship of the equipment.
In a preferred embodiment, binding table is created, and makes to be preserved in the binding table into centralized nothing
The MAC Address of each equipment and the IP address for distributing to the equipment in all devices of the FIT-AC deployment scenario of line local area network
Binding relationship, comprising:
It obtains the MAC Address of each equipment in all devices for entering the FIT-AC deployment scenario and distributes to the equipment
IP address binding relationship, and the binding relationship is sent to controller;
Judge whether the binding relationship is legal by the controller, if legal, is then tied up by the controller by described
Determine relationship and is added to IP-MAC binding table and MAC-IP binding table;Otherwise, the binding relationship is abandoned.
In a preferred embodiment, when all of FIT-AC deployment scenario for entering Centralized Wireless LAN set
Each equipment is moved to from the range of the 5th wireless router controlled by the 4th controller by the control of the 5th controller in standby
When the range of the 6th wireless router, the 6th wireless router notifies the 5th controller, the 5th control after detecting the equipment
It is set in the IP-MAC binding table and MAC-IP binding table that device processed is stored in the 4th controller to the request of the 4th controller with described
Standby relevant binding relationship;
After the 4th controller receives to request, which is sent to the 5th controller, the 5th controller ties up this
Determine in the IP-MAC binding table and MAC-IP binding table that relationship is stored in the 5th controller;
4th controller be automatically deleted in the IP-MAC binding table and MAC-IP binding table being stored in the 4th controller with
The relevant binding relationship of the equipment, to realize the migration of the binding relationship of the equipment.
In a preferred embodiment, binding table is created, and makes to be preserved in the binding table into distributed nothing
The MAC Address of each equipment and the IP address for distributing to the equipment in all devices of the FAT-AP deployment scenario of line local area network
Binding relationship, comprising:
It obtains the MAC Address of each equipment in all devices for entering the FAT-AP deployment scenario and distributes to the equipment
IP address binding relationship;
Judge whether the binding relationship is legal by wireless router, if legal, then by the wireless router by institute
It states binding relationship and is added to IP-MAC binding table and MAC-IP binding table;Otherwise, the binding relationship is abandoned.
In a preferred embodiment, when all of FAT-AP deployment scenario for entering distributed wireless local area network set
When each equipment is moved to the range of the 8th wireless router from the range of the 7th wireless router in standby, the 8th wireless router
After detecting the equipment, to the 7th wireless router IP-MAC binding table that is stored in the 7th wireless router of request and
Binding relationship relevant to the equipment in MAC-IP binding table;
After the 7th wireless router receives to request, which is sent to the 8th wireless router, the 8th is wireless
The binding relationship is stored in the IP-MAC binding table and MAC-IP binding table in the 8th wireless router by router;
7th wireless router is automatically deleted the IP-MAC binding table being stored in the 7th wireless router and MAC-IP is tied up
Binding relationship relevant to the equipment in table is determined, to realize the migration of the binding relationship of the equipment.
In a preferred embodiment, the binding relationship of the equipment migrates across Extended Protocol to execute.
Compared with prior art, one or more embodiments in above scheme can have following advantage or beneficial to effect
Fruit:
Using based on WLAN source address verification method provided in an embodiment of the present invention, according to WLAN
Feature devises more specific and effective source address validation scheme, and the institute of WLAN is entered so as to accurate validation
There is the source address of the message of each equipment in equipment whether legal, prevents all kinds of nets in WLAN based on forgery of source address
Network attack, substantially increases the safety in utilization of WLAN.
Other features and advantages of the present invention will be illustrated in the following description, and partly becomes from specification
It is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by wanting in specification, right
Specifically noted structure is sought in book and attached drawing to be achieved and obtained.
Detailed description of the invention
Attached drawing is used to provide further understanding of the present invention, and constitutes part of specification, with reality of the invention
It applies example and is used together to explain the present invention, be not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the flow diagram of the based on WLAN source address verification method of first embodiment of the invention;
Fig. 2 is the flow diagram of the step S101 in Fig. 1;
Fig. 3 is the flow diagram of the based on WLAN source address verification method of second embodiment of the invention;
Fig. 4 is the flow diagram of the step S201 in Fig. 3;
Fig. 5 the IP-MAC binding table in the AC of second embodiment and the MAC-IP binding table in AP to illustrate the invention it is same
The schematic diagram of step process;
The schematic diagram of Fig. 6 equipment roam procedure between different AP of second embodiment to illustrate the invention;
The schematic diagram of Fig. 7 equipment roam procedure between different AC of second embodiment to illustrate the invention;
Fig. 8 is the flow diagram of the based on WLAN source address verification method of third embodiment of the invention;
Fig. 9 is the flow diagram of the step S301 in Fig. 8;
The schematic diagram of Figure 10 equipment roam procedure between different AC of 3rd embodiment to illustrate the invention;
Figure 11 is the flow diagram of the based on WLAN source address verification method of fourth embodiment of the invention;
Figure 12 is the flow diagram of the step S401 in Figure 11.
Specific embodiment
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings and examples, how to apply to the present invention whereby
Technological means solves technical problem, and the realization process for reaching technical effect can fully understand and implement.It needs to illustrate
As long as not constituting conflict, each feature in each embodiment and each embodiment in the present invention can be combined with each other,
It is within the scope of the present invention to be formed by technical solution.
Currently, in order to guarantee the reliability of source address information in network, prevent forgery of source address from attacking, those skilled in the art
Member proposes a series of source address verification methods.For example, Tsinghua University in 2008 is from the level of network architecture, summarize and
Existing method is summarized, " the network addressing architecture based on real IPv 6 source address " (Source Address is proposed
Validation Architecture, SAVA), adopted by IETF and forms related RFC.Position and function of the SAVA according to deployment
Can difference, source address verification method is divided into three levels, bottom-up is that access net source address validation, domain are endogenous respectively
Source address validation between address validation and domain.The same year, Tsinghua University have set up SAVI working group (Source under IETF promotion
Address Validation Improvement, SAVI), working group is proposing a series of related drafts later and is being formulated
For RFC.These RFC have obtained the support of numerous manufacturers, are realized on a series of hardware devices, enhance network address
The manageability in source provides possibility for address backtracking, improves the grade of network security.Also, SAVI working group needle
Some standards have been formulated to part IP address distribution method and network environment, including for Dynamic Host Configuration Protocol (DHCP and
DHCPv6 source address validation scheme SAVI-DHCP), for the source address of stateless address distributorship agreement (SLAAC) under IPv6
Proof scheme SAVI-FCFS, source address validation scheme SAVI-SEND, Yi Jizhen for being directed to Secure Neighbor Discovery Protocol (SEND)
The source address validation scheme SAVI-MIX of network environment etc. that a variety of address distributions are coexisted.
However, current SAVI standard is formulated based on existing network mode and the network equipment.It is substantially former
Reason is that the interactive process of address assignment protocol is monitored by SAVI interchanger, determines the state of address distribution, and then will be allocated
IP address is tied in selected trust anchor (including MAC Address, exchange interface etc.), forms binding table.For reaching
The data message of interchanger, it is all having matched binding table, it is regarded as the legal message of source address;Otherwise it is assumed that being source
The message that address is forged.The message of forgery will be dropped, and be attacked to greatly reduce by the network that cook source address field carries out
It hits.
WLAN is due to good flexibility and mobility, install convenient, being easy to extend, fault location appearance
Easily, the advantages that being easy to carry out the network planning and adjustment, is widely used in enterprise, medical treatment, warehousing management, container yard, exhibition
Show the fields such as meeting-place, food and drink and retail.Currently, most of WLAN is based on IEEE802.11 standard, and with Wi-Fi
As trade (brand) name.In a wireless local area network, it is all by wireless medium interconnect equipment be referred to as receiving end (Station,
STA), including access point (Access Points, AP) and terminal (Client).Access point is usually wireless router, hair
It send and receives signal and enable a device to access network, and terminal typically refers to smart phone, laptop etc. and is equipped with nothing
The access device of gauze card.
WLAN has a characteristic that compared to cable LAN
1, comprising more terminal device, a usual access point can provide connection for dozens of terminal, and a nothing
Line local area network may include dozens of access point;
2, terminal can be initiated or be disconnected at any time;
3, need to consider the situation of terminal roaming, often carried terminal in different access points (AP) or accesses user
The internetwork roaming of controller (AC).
Therefore, the security risk of WLAN is larger, and the equipment into WLAN is probably remote by attacker
The disparate networks attack based on forgery of source address is initiated in process control.
To solve the above-mentioned problems, the present invention provides a kind of based on WLAN source address verification methods.
The based on WLAN source address verification method of each embodiment of the present invention is described in detail with reference to the accompanying drawing.
Embodiment one
Fig. 1 is the flow diagram of the based on WLAN source address verification method of first embodiment of the invention.
As shown in Figure 1, the based on WLAN source address verification method of first embodiment of the invention, main includes step
Rapid S101 to step S103.
In step s101, binding table is created, and makes to preserve in binding table into all devices of WLAN
The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment.
Specifically, as shown in Figure 2.Firstly, executing step S1011, obtain every in all devices for entering WLAN
The binding relationship of the MAC Address of a equipment and the IP address for distributing to the equipment, specifically includes: obtaining the pipe by WLAN
The specified MAC Address into each equipment in the equipment component of WLAN of reason personnel and the IP address of distributing to the equipment
Binding relationship;And it obtains and each equipment and address point in remaining equipment of WLAN is entered by wireless router sniff
Mutual message with server (DHCP or DAD server), and therefrom obtain the MAC Address of the equipment and distribute to the equipment
The binding relationship of IP address.
Wherein, refer into the equipment component of WLAN into some key equipments in WLAN, such as
Controller, address allocation server etc., can be by each equipment in these equipment of administrative staff's manual configuration of WLAN
The binding relationship of MAC Address and the IP address for distributing to the equipment.
In addition to the above key equipment, into each equipment in remaining equipment of WLAN MAC Address with
The binding relationship for distributing to the IP address of the equipment is to be obtained by wireless router sniff DHCP or DAD message, specifically smells
Spy process is as follows:
Into each equipment in remaining equipment of WLAN and address allocation server (DHCP or DAD server)
Mutual message can all pass through wireless router, and therefore, wireless router can intercept and capture these messages, so which equipment Shen learnt
Please which IP address.Assuming that the MAC Address of equipment is 11:22:33:44:55:66, application is with having arrived fc00::2 this IP
Location, wireless router just record this binding relationship ((11:22:33:44:55:66)-(fc00::2)), as sniff
Process.
Secondly, executing step S1012, judge whether the binding relationship is legal.If legal, then the binding relationship is added to
Binding table;Otherwise, the binding relationship is abandoned.
In a preferred embodiment, which includes: IP-MAC binding table and MAC-IP binding table.
Specifically, IP-MAC binding table is used to store the mapping of IP address to corresponding MAC Address.One IP address can only be right
Unique MAC Address is answered, and multiple IP address may map to the same MAC Address.IP-MAC binding table is according to IP address
The MAC Address for carrying out query facility, is mainly used for backup information.
MAC-IP binding table is for storing the mapping of MAC Address to IP address.One MAC Address can correspond to multiple and different
IP address.MAC-IP binding table is to inquire IP address according to the MAC Address of equipment, is mainly used for packet filtering.The table needs
It is realized between IP-MAC binding table synchronous.
In step s 102, obtain the message from equipment, and MAC Address based on equipment, searched in binding table with
The IP address of MAC Address binding.
In step s 103, obtain the IP address of message, and judge search IP address and the message IP address whether
It is identical.In the IP address situation identical with the IP address of the message for judging to search, determine that the source address of the message is legal,
And forward the message;In the different situation of IP address of the IP address and the message judging to search, the message is determined
Source address is illegal, and abandons the message.
Still step S102 and S103 are illustrated by taking above example as an example.
It is 11:22:33:44 from MAC Address therefore because in a wireless local area network, equipment can not forge MAC Address:
The source address of the legal message sent in the equipment of 55:66 must be fc00::2.When wireless router is received from MAC
When location is the message of the equipment of 11:22:33:44:55:66, which can inquire MAC-IP binding table to obtain and MAC
Address is the IP address of the apparatus bound of 11:22:33:44:55:66, and in this example, it can inquire fc00::2.Then,
Wireless router can read the IP address of message, and judge whether the IP address searched is identical as the IP address of the message.Sentencing
In the disconnected IP address situation identical with the IP address of the message searched out, determine that the source address of the message is legal, and forwarding should
Message;In the different situation of IP address of the IP address and the message judging to search, the source address of the message is determined not
It is legal, and abandon the message.
It should be noted that in a wireless local area network, equipment can not forge MAC Address, therefore, in the present embodiment, into
Enter the binding relationship of the MAC Address of each equipment in all devices of WLAN and the IP address for distributing to the equipment just
True property depends on the safety of the MAC Address of the equipment.In radio local network environment, there are many security mechanisms that can protect
This point is demonstrate,proved, such as 802.11i or other mechanism.Therefore, it before equipment sends message, needs to complete under 802.11i standard
Access authentication and key agreement, so that equipment can not forge the MAC Address of itself, to guarantee the peace of link layer address
Quan Xing.
Therefore, in the present embodiment, for the message from equipment of acquisition, firstly, MAC Address based on equipment,
The IP address with MAC Address binding is searched in binding table.Then, the IP address of message is obtained, and judges the IP address searched
It is whether identical as the IP address of the message.It is whether legal to verify the source address of message by means of which, it greatly reduces logical
Cross the network attack of cook source address field progress.
Using based on WLAN source address verification method provided in an embodiment of the present invention, according to WLAN
Feature devises more specific and effective source address validation scheme, and the institute of WLAN is entered so as to accurate validation
There is the source address of the message of each equipment in equipment whether legal, prevents all kinds of nets in WLAN based on forgery of source address
Network attack, substantially increases the safety in utilization of WLAN.
WLAN is complex compared to cable LAN, needs to combine its specific implementation (network association of use
View, the operational mode used etc.), pointedly design source address verification method.Below for the specific deployment of WLAN
Scene describes its respective source address verification method respectively.
WLAN specifically includes that Centralized Wireless LAN and distributed wireless local area network.
It in Centralized Wireless LAN structure, is come by an access controller (Access Controller, AC)
It is responsible for managing and controlling one or more wireless terminal points (Wireless Termination Points, WTPs) or access
Point (Access Point, AP), to realize flexible networking, load balancing and preferably roaming support.Wherein, access controller is normal
It for dedicated hardware device, but can also be realized with software, in addition, access control also may be implemented in part interchanger.The concentration
Formula WLAN is mainly used in complicated, large-scale WLAN (enterprise or Campus Networks).The centralization wireless local area
Net includes two kinds of deployment scenarios: FIT-AP (the FIT Access Point) deployment scenario and centralization of Centralized Wireless LAN
FIT-AC (FIT Access Controller) deployment scenario of WLAN.
Distributed wireless local area network is made of access point (Access Point, AP).Distributed wireless local area network only wraps
Containing access point (Access Point, AP), do not include access controller (Access Controller, AC).The distributed wireless
Local area network includes a kind of deployment scenario: the FAT-AP deployment of distributed wireless local area network.
The source address verification method under these three deployment scenarios is described in detail below with reference to Fig. 3 to Figure 12.
Embodiment two
The present embodiment mainly describes the source address verification method under the FIT-AP deployment scenario of Centralized Wireless LAN.
Under this deployment scenario, IP-MAC binding table be by AC control plane safeguard, and MAC-IP binding table be by
AP safeguards that the filtering into the message of each equipment in all devices of the deployment scenario is real on each AP in data plane
It is existing.
Fig. 3 is the flow diagram of the based on WLAN source address verification method of second embodiment of the invention.
As shown in figure 3, the based on WLAN source address verification method of second embodiment of the invention, main includes step
Rapid S201 to step S203.
In step s 201, binding table is created, and makes to preserve the FIT- into Centralized Wireless LAN in binding table
The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of AP deployment scenario.
Specifically, as shown in Figure 4.Firstly, executing step S2011, the FIT-AP for entering Centralized Wireless LAN is obtained
The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of deployment scenario, and should
Binding relationship is sent to controller.It specifically includes: obtaining and disposed by specified FIT-AP that enters of administrative staff of WLAN
The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in the equipment component of scene;And it obtains logical
Wireless router (AP) sniff is crossed into each equipment and address allocation server in remaining equipment of the FIT-AP deployment scenario
The mutual message of (DHCP or DAD server), and therefrom obtain the MAC Address of the equipment and distribute to the IP address of the equipment
Binding relationship.
It should be noted that due in the step acquisition of binding relationship it is similar with the step S1011 in embodiment one,
This is repeated no more.
Secondly, executing step S2012, judge whether the binding relationship is legal by controller.If legal, then by controller
Binding relationship is added to IP-MAC binding table, and notifies wireless router (AP) that the binding relationship is added to MAC-IP binding
Table, to realize that IP-MAC binding table is synchronous with MAC-IP binding table;Otherwise, the binding relationship is abandoned.
In a preferred embodiment, IP-MAC binding table it is synchronous with MAC-IP binding table by Extended Protocol come
It executes.Preferably, which is CAPWAP Extended Protocol.
Specifically, as shown in figure 5, being extended to former CAPWAP message format by CAPWAP Extended Protocol makes it carry phase
The IP address and MAC Address answered, the new CAPWAP message format after making extension includes MAC Address, the address IPv4 and the address IPv6
Domain.Therefore, wireless router (AP) can use that the new CAPWAP message will acquire into Centralized Wireless LAN
The MAC Address of each equipment and the binding relationship for the IP address for distributing to the equipment are sent out in all devices of FIT-AP deployment scenario
Controller is given, judges whether the binding relationship is legal by controller.If legal, binding relationship is added to IP- by controller
MAC binding table, and be sent to the binding relationship wireless router (AP) using the new CAPWAP message, notify wireless router
(AP) binding relationship is added to MAC-IP binding table, to realize in the IP-MAC binding table in controller and wireless router
MAC-IP binding table synchronization.
In addition, also can use the new CAPWAP message if needing to realize the synchronization of IP-MAC binding table between AC and realize
Binding relationship sends and receives.
In step S202, obtain the message from equipment, and MAC Address based on equipment, searched in binding table with
The IP address of MAC Address binding.
In step S203, obtain the IP address of message, and judge search IP address and the message IP address whether
It is identical.In the IP address situation identical with the IP address of the message for judging to search, determine that the source address of the message is legal,
And forward the message;In the different situation of IP address of the IP address and the message judging to search, the message is determined
Source address is illegal, and abandons the message.
It should be noted that since step S202 and step S203 is identical as the step S102 and S103 in embodiment one,
Details are not described herein.
Roaming scenario of the equipment in the deployment scenario is described in detail below.
In the deployment scenario, equipment moves between different AP or AC, it will triggers the binding relationship of the equipment
Migration.
In a preferred embodiment, into all devices of the FIT-AP deployment scenario of Centralized Wireless LAN
In the binding relationship of each equipment migrate across Extended Protocol to execute.Preferably, which is CAPWAP extension association
View.
Specifically, as shown in fig. 6, being extended to former CAPWAP message format by CAPWAP Extended Protocol makes it carry phase
The IP address and MAC Address answered, the new CAPWAP message format after making extension includes MAC Address, the address IPv4 and the address IPv6
Domain.Therefore, when enter Centralized Wireless LAN FIT-AP deployment scenario all devices in each equipment from by first control
The range for the first wireless router (AP1) of device (AC1) control processed connecting with the equipment is moved to by the first controller (AC1)
When the range of the second wireless router (AP2) of control, the first wireless router (AP1) is detecting the equipment and its company of disconnection
After connecing, it is automatically deleted binding relevant to the equipment in the MAC-IP binding table being stored in the first wireless router (AP1) and closes
System.After the second wireless router (AP2) detects the equipment, the second wireless router (AP2) utilizes the new CAPWAP message
It is relevant to the equipment in the IP-MAC binding table being stored in the first controller (AC1) to the first controller (AC1) request to tie up
Determine relationship.After the first controller (AC1) receives to request, the binding relationship is sent to the second nothing using the new CAPWAP message
The binding relationship is stored in the second wireless router (AP2) by line router (AP2), the second wireless router (AP2)
In MAC-IP binding table, to realize the migration of the binding relationship of equipment.
As shown in fig. 7, when each equipment in all devices into the FIT-AP deployment scenario of Centralized Wireless LAN
It is moved to from the range of the third wireless router (AP3) controlled by second controller (AC2) and is controlled by third controller (AC3)
The 4th wireless router (AP4) range when, the 4th wireless router (AP4) is new using this after detecting the equipment
The roaming item of CAPWAP message informing third controller (AC3) equipment and the source of the equipment, third controller (AC3)
The IP-MAC binding table being stored in second controller (AC2) using the new CAPWAP message to second controller (AC2) request
In binding relationship relevant to the equipment.After second controller (AC2) receives to request, this is tied up using the new CAPWAP message
Determine relationship to be sent to third controller (AC3), which is stored in third controller (AC3) by third controller (AC3)
In IP-MAC binding table in, and the binding relationship is sent to the 4th wireless router (AP4) using the new CAPWAP message,
The binding relationship is stored in the MAC-IP binding table in the 4th wireless router (AP4) by the 4th wireless router (AP4).With
Afterwards, second controller (AC2) is automatically deleted related to the equipment in the IP-MAC binding table being stored in second controller (AC2)
Binding relationship, third wireless router (AP3) be automatically deleted be stored in third wireless router (AP3) MAC-IP binding
Binding relationship relevant to the equipment in table, to realize the migration of the binding relationship of equipment.
Using based on WLAN source address verification method provided in an embodiment of the present invention, according to the wireless office of centralization
The characteristics of FIT-AP deployment scenario of domain net, more specific and effective source address validation scheme is devised, so as to accurate
Whether the source address that verifying enters the message of each equipment in all devices of FIT-AP deployment scenario is legal, prevents wireless local area
Disparate networks attack in net based on forgery of source address, substantially increases the safety in utilization of WLAN.
Embodiment three
The present embodiment mainly describes the source address verification method under the FIT-AC deployment scenario of Centralized Wireless LAN.
Under this deployment scenario, IP-MAC binding table and MAC-IP binding table are safeguarded by AC, into the deployment field
The filtering of the message of each equipment is also to realize on AC in all devices of scape.
Fig. 8 is the flow diagram of the based on WLAN source address verification method of third embodiment of the invention.
As shown in figure 8, the based on WLAN source address verification method of third embodiment of the invention, main includes step
Rapid S301 to step S303.
In step S301, binding table is created, and make to preserve the FIT- into Centralized Wireless LAN in binding table
The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of AC deployment scenario.
Specifically, as shown in Figure 9.Firstly, executing step S3011, the FIT-AC for entering Centralized Wireless LAN is obtained
The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of deployment scenario, and should
Binding relationship is sent to controller.It specifically includes: obtaining and disposed by specified FIT-AC that enters of administrative staff of WLAN
The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in the equipment component of scene;And it obtains logical
Wireless router (AP) sniff is crossed into each equipment and address allocation server in remaining equipment of the FIT-AC deployment scenario
The mutual message of (DHCP or DAD server), and therefrom obtain the MAC Address of the equipment and distribute to the IP address of the equipment
Binding relationship.
It should be noted that due in the step acquisition of binding relationship it is similar with the step S1011 in embodiment one,
This is repeated no more.
It is similar with embodiment two, it is every in remaining equipment that wireless router (AP) sniff enters the FIT-AC deployment scenario
The mutual message of a equipment and address allocation server (DHCP or DAD server), and therefrom obtain the MAC Address of the equipment with
It is equally to be sent to the binding relationship using above-mentioned new CAPWAP message after the binding relationship for distributing to the IP address of the equipment
Controller, details are not described herein.
Secondly, executing step S3012, judge whether the binding relationship is legal by controller.If legal, then by controller
The binding relationship is added to IP-MAC binding table and MAC-IP binding table;Otherwise, the binding relationship is abandoned.
In step s 302, obtain the message from equipment, and MAC Address based on equipment, searched in binding table with
The IP address of MAC Address binding.
In step S303, obtain the IP address of message, and judge search IP address and the message IP address whether
It is identical.In the IP address situation identical with the IP address of the message for judging to search, determine that the source address of the message is legal,
And forward the message;In the different situation of IP address of the IP address and the message judging to search, the message is determined
Source address is illegal, and abandons the message.
It should be noted that since step S302 and step S303 is identical as the step S102 and S103 in embodiment one,
Details are not described herein.
In the deployment scenario, equipment movement between different AP will not trigger moving for the binding relationship of the equipment
It moves.If equipment moves between different AC, it will the migration of the binding relationship of the equipment between triggering AC.
In a preferred embodiment, into all devices of the FIT-AC deployment scenario of Centralized Wireless LAN
In the binding relationship of each equipment migrate across Extended Protocol to execute.Preferably, which is CAPWAP extension association
View.
Specifically, as shown in Figure 10, being extended to former CAPWAP message format by CAPWAP Extended Protocol makes its carrying
Corresponding IP address and MAC Address, new CAPWAP message format after making extension include MAC Address, the address IPv4 and IPv6
Location domain.Therefore, when enter Centralized Wireless LAN FIT-AC deployment scenario all devices in each equipment from by the 4th
The range of 5th wireless router (AP5) of controller (AC4) control is moved to the 6th nothing controlled by the 5th controller (AC5)
When the range of line router (AP6), the 6th wireless router (AP6) utilizes the new CAPWAP message after detecting the equipment
The 5th controller (AC5), the 5th controller (AC5) is notified to deposit using the new CAPWAP message to the request of the 4th controller (AC4)
Storage binding relationship relevant to the equipment in the IP-MAC binding table and MAC-IP binding table in the 4th controller (AC4).When
After 4th controller (AC4) receives request, the binding relationship is sent to the 5th controller using the new CAPWAP message
(AC5), which is stored in IP-MAC binding table and MAC- in the 5th controller (AC5) by the 5th controller (AC5)
In IP binding table.Then, the 4th controller (AC4) is automatically deleted the IP-MAC binding table being stored in the 4th controller (AC4)
With binding relationship relevant to the equipment in MAC-IP binding table, to realize the migration of the binding relationship of equipment.
Using based on WLAN source address verification method provided in an embodiment of the present invention, according to the wireless office of centralization
The characteristics of FIT-AC deployment scenario of domain net, more specific and effective source address validation scheme is devised, so as to accurate
Whether the source address that verifying enters the message of each equipment in all devices of FIT-AC deployment scenario is legal, prevents wireless local area
Disparate networks attack in net based on forgery of source address, substantially increases the safety in utilization of WLAN.
Example IV
The present embodiment mainly describes the source address verification method under the FAT-AP deployment scenario of distributed wireless local area network.
Under this deployment scenario, IP-MAC binding table and MAC-IP binding table are safeguarded by AP, into the deployment field
The filtering of the message of each equipment is also to realize on AP in all devices of scape.
Figure 11 is the flow diagram of the based on WLAN source address verification method of fourth embodiment of the invention.
As shown in figure 11, the based on WLAN source address verification method of fourth embodiment of the invention mainly includes
Step S401 to step S403.
In step S401, binding table is created, and make to preserve the FAT- into distributed wireless local area network in binding table
The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of AP deployment scenario.
Specifically, as shown in figure 12.Firstly, executing step S4011, the FAT-AP for entering distributed wireless local area network is obtained
The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of deployment scenario.Specific packet
It includes: obtaining specified into each equipment in the equipment component of the FAT-AP deployment scenario by the administrative staff of WLAN
The binding relationship of MAC Address and the IP address for distributing to the equipment;And it obtains to enter by wireless router (AP) sniff and be somebody's turn to do
Each equipment and address allocation server (DHCP or DAD server) interacts report in remaining equipment of FAT-AP deployment scenario
Text, and therefrom obtain the MAC Address and the binding relationship for the IP address for distributing to the equipment of the equipment.
It should be noted that due in the step acquisition of binding relationship it is similar with the step S1011 in embodiment one,
This is repeated no more.
Secondly, executing step S4012, judge whether the binding relationship is legal by wireless router.If legal, then by nothing
The binding relationship is added to IP-MAC binding table and MAC-IP binding table by line router;Otherwise, the binding relationship is abandoned.
In step S402, obtain the message from equipment, and MAC Address based on equipment, searched in binding table with
The IP address of MAC Address binding.
In step S403, obtain the IP address of message, and judge search IP address and the message IP address whether
It is identical.In the IP address situation identical with the IP address of the message for judging to search, determine that the source address of the message is legal,
And forward the message;In the different situation of IP address of the IP address and the message judging to search, the message is determined
Source address is illegal, and abandons the message.
It should be noted that since step S402 and step S403 is identical as the step S102 and S103 in embodiment one,
Details are not described herein.
In the deployment scenario, movement of the equipment between different AP will trigger moving for the binding relationship of the equipment
It moves.
In a preferred embodiment, into all devices of the FAT-AP deployment scenario of distributed wireless local area network
In the binding relationship of each equipment migrate across Extended Protocol to execute.Preferably, which is CAPWAP extension association
View.
Specifically, being extended to former CAPWAP message format by CAPWAP Extended Protocol makes it carry corresponding IP address
With MAC Address, the new CAPWAP message format after making extension includes MAC Address, the address IPv4 and IPv6 address field.Therefore, when
Into each equipment in all devices of the FAT-AP deployment scenario of distributed wireless local area network from the 7th wireless router (AP7)
Range when being moved to the range of the 8th wireless router (AP8), the 8th wireless router (AP8) after detecting the equipment,
The IP- being stored in the 7th wireless router (AP7) using the new CAPWAP message to the request of the 7th wireless router (AP7)
Binding relationship relevant to the equipment in MAC binding table and MAC-IP binding table.When the 7th wireless router (AP7) receives request
Afterwards, the binding relationship is sent to the 8th wireless router (AP8), the 8th wireless router using the new CAPWAP message
(AP8) binding relationship is stored in the IP-MAC binding table and MAC-IP binding table in the 8th wireless router (AP8).With
Afterwards, the 7th wireless router (AP7) is automatically deleted the IP-MAC binding table and MAC- being stored in the 7th wireless router (AP7)
Binding relationship relevant to the equipment in IP binding table, to realize the migration of the binding relationship of equipment.
Using based on WLAN source address verification method provided in an embodiment of the present invention, according to distributed wireless office
The characteristics of FAT-AP deployment scenario of domain net, more specific and effective source address validation scheme is devised, so as to accurate
Whether the source address that verifying enters the message of each equipment in all devices of FAT-AP deployment scenario is legal, prevents wireless local area
Disparate networks attack in net based on forgery of source address, substantially increases the safety in utilization of WLAN.
Here, it should be noted that device-dependent binding relationship is automatically deleted, and is not limited to above-mentioned each implementation
Example.When there are following three kinds of situations, access controller (AC) or access point (AP) will be automatically deleted device-dependent binding
Relationship: if (1) lifetime of device-dependent binding relationship be already expired, be automatically deleted;(2) if occurrence of equipment is mobile simultaneously
It is disconnected from access point, is then automatically deleted all binding relationships relevant to the equipment;(3) DHCP RELEASE message will trigger certainly
It is dynamic to delete corresponding binding relationship.The present embodiment has referred only to second situation, when first or the third situation occurs, access control
Device (AC) processed or access point (AP) will also be automatically deleted device-dependent binding relationship.
Hardware is disposed, it should be noted that (it is embedding that OpenWrt is such as equipped with for customized access point apparatus
Enter the wireless router of formula operating system) and customized access controller (control software such as based on common server or
SDN controller), corresponding software module can be increased, to support various embodiments of the present invention.
Those skilled in the art should be understood that above-mentioned each step of the invention can be with general computing device come real
Existing, they can be concentrated on a single computing device, or be distributed over a network of multiple computing devices, optional
Ground, they can be realized with the program code that computing device can perform, it is thus possible to be stored in storage device by
Computing device executes, perhaps they are fabricated to each integrated circuit modules or by them multiple modules or
Step is fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific hardware and softwares to combine.
While it is disclosed that embodiment content as above but described only to facilitate understanding the present invention and adopting
Embodiment is not intended to limit the invention.Any those skilled in the art to which this invention pertains are not departing from this
Under the premise of the disclosed spirit and scope of invention, any modification and change can be made in the implementing form and in details,
But protection scope of the present invention still should be subject to the scope of the claims as defined in the appended claims.
Claims (13)
1. a kind of based on WLAN source address verification method characterized by comprising
Binding table is created, and makes to preserve the MAC into each equipment in all devices of WLAN in the binding table
The binding relationship of address and the IP address for distributing to the equipment;
The message from the equipment, and the MAC Address based on the equipment are obtained, is searched and the MAC in the binding table
The IP address of address binding;
The IP address of the message is obtained, and in the IP address situation identical with the IP address of the message for judging to search,
It determines that the source address of the message is legal, and forwards the message.
2. based on WLAN source address verification method according to claim 1, which is characterized in that creation binding
Table, and make to preserve MAC Address into each equipment in all devices of WLAN in the binding table and distribute to
The binding relationship of the IP address of the equipment, comprising:
Obtain the MAC Address of each equipment in all devices for entering WLAN and tying up for the IP address for distributing to the equipment
Determine relationship;
Judge whether the binding relationship is legal, if legal, then the binding relationship is added to binding table;Otherwise, abandoning should
Binding relationship.
3. based on WLAN source address verification method according to claim 2, which is characterized in that obtain and enter nothing
The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of line local area network, comprising:
Obtain the specified MAC Address into each equipment in the equipment component of WLAN of administrative staff by WLAN
With the binding relationship for the IP address for distributing to the equipment;And
It obtains and each equipment and address allocation server in remaining equipment of WLAN is entered by wireless router sniff
Mutual message, and therefrom obtain the binding relationship of the MAC Address of the equipment with the IP address for distributing to the equipment.
4. based on WLAN source address verification method according to claim 3, which is characterized in that the binding table
It include: IP-MAC binding table and MAC-IP binding table.
5. based on WLAN source address verification method according to claim 4, which is characterized in that creation binding
Table, and make to be preserved in the binding table into each in all devices of the FIT-AP deployment scenario of Centralized Wireless LAN
The binding relationship of the MAC Address of equipment and the IP address for distributing to the equipment, comprising:
Obtain the MAC Address of each equipment in all devices for entering the FIT-AP deployment scenario and the IP for distributing to the equipment
The binding relationship of address, and the binding relationship is sent to controller;
Judge whether the binding relationship is legal by the controller, if legal, is then closed the binding by the controller
System is added to IP-MAC binding table, and notifies wireless router that the binding relationship is added to MAC-IP binding table, to realize IP-
MAC binding table is synchronous with MAC-IP binding table;Otherwise, the binding relationship is abandoned.
6. based on WLAN source address verification method according to claim 5, which is characterized in that the IP-MAC
Binding table is synchronous with the MAC-IP binding table to be executed by Extended Protocol.
7. based on WLAN source address verification method according to claim 4, which is characterized in that
When enter Centralized Wireless LAN FIT-AP deployment scenario all devices in each equipment from by the first controller
The range for the first wireless router of control connecting with the equipment is moved to the second wireless routing controlled by the first controller
When the range of device, the first wireless router is automatically deleted after detecting the equipment and disconnecting with it and is stored in the first nothing
Binding relationship relevant to the equipment in MAC-IP binding table in line router;
After the second wireless router detects the equipment, the second wireless router is stored in first to the request of the first controller
Binding relationship relevant to the equipment in IP-MAC binding table in controller;
After the first controller receives to request, which is sent to the second wireless router, the second wireless router will
The binding relationship is stored in the MAC-IP binding table in the second wireless router, to realize that the binding relationship of the equipment moves
It moves.
8. based on WLAN source address verification method according to claim 4, which is characterized in that
When enter Centralized Wireless LAN FIT-AP deployment scenario all devices in each equipment from by second controller
When the range of the third wireless router of control is moved to the range of the 4th wireless router controlled by third controller, the 4th
Wireless router notifies third controller, third controller to be stored in second controller request after detecting the equipment
Binding relationship relevant to the equipment in IP-MAC binding table in second controller;
After second controller receives to request, which is sent to third controller, third controller closes the binding
It is in the IP-MAC binding table that is stored in third controller, and the binding relationship is sent to the 4th wireless router, the 4th
The binding relationship is stored in the MAC-IP binding table in the 4th wireless router by wireless router;
Second controller is automatically deleted binding relevant to the equipment in the IP-MAC binding table being stored in second controller
Relationship, third wireless router are automatically deleted in the MAC-IP binding table being stored in third wireless router and the equipment phase
The binding relationship of pass, to realize the migration of the binding relationship of the equipment.
9. based on WLAN source address verification method according to claim 4, which is characterized in that creation binding
Table, and make to be preserved in the binding table into each in all devices of the FIT-AC deployment scenario of Centralized Wireless LAN
The binding relationship of the MAC Address of equipment and the IP address for distributing to the equipment, comprising:
Obtain the MAC Address of each equipment in all devices for entering the FIT-AC deployment scenario and the IP for distributing to the equipment
The binding relationship of address, and the binding relationship is sent to controller;
Judge whether the binding relationship is legal by the controller, if legal, is then closed the binding by the controller
System is added to IP-MAC binding table and MAC-IP binding table;Otherwise, the binding relationship is abandoned.
10. based on WLAN source address verification method according to claim 4, which is characterized in that
When enter Centralized Wireless LAN FIT-AC deployment scenario all devices in each equipment from by the 4th controller
When the range of 5th wireless router of control is moved to the range by the 6th wireless router of the 5th controller control, the 6th
Wireless router notifies the 5th controller, the 5th controller to be stored in the request of the 4th controller after detecting the equipment
Binding relationship relevant to the equipment in IP-MAC binding table and MAC-IP binding table in 4th controller;
After the 4th controller receives to request, which is sent to the 5th controller, the 5th controller closes the binding
System is stored in IP-MAC binding table and MAC-IP binding table in the 5th controller;
4th controller be automatically deleted in the IP-MAC binding table and MAC-IP binding table being stored in the 4th controller with it is described
The relevant binding relationship of equipment, to realize the migration of the binding relationship of the equipment.
11. based on WLAN source address verification method according to claim 4, which is characterized in that creation binding
Table, and make to be preserved in the binding table into each in all devices of the FAT-AP deployment scenario of distributed wireless local area network
The binding relationship of the MAC Address of equipment and the IP address for distributing to the equipment, comprising:
Obtain the MAC Address of each equipment in all devices for entering the FAT-AP deployment scenario and the IP for distributing to the equipment
The binding relationship of address;
Judge whether the binding relationship is legal by wireless router, if legal, is then tied up by the wireless router by described
Determine relationship and is added to IP-MAC binding table and MAC-IP binding table;Otherwise, the binding relationship is abandoned.
12. based on WLAN source address verification method according to claim 4, which is characterized in that
When in all devices of FAT-AP deployment scenario for entering distributed wireless local area network each equipment from the 7th wireless routing
When the range of device is moved to the range of the 8th wireless router, the 8th wireless router is after detecting the equipment, to the 7th
In wireless router request the IP-MAC binding table and MAC-IP binding table that are stored in the 7th wireless router with the equipment
Relevant binding relationship;
After the 7th wireless router receives to request, which is sent to the 8th wireless router, the 8th wireless routing
The binding relationship is stored in the IP-MAC binding table and MAC-IP binding table in the 8th wireless router by device;
7th wireless router is automatically deleted the IP-MAC binding table and MAC-IP binding table being stored in the 7th wireless router
In binding relationship relevant to the equipment, to realize the migration of the binding relationship of the equipment.
13. the based on WLAN source address verification method according to any one of claim 7,8,10 and 12,
It is characterized in that, the binding relationship of the equipment migrates across Extended Protocol to execute.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810524132.2A CN108965241A (en) | 2018-05-28 | 2018-05-28 | Based on WLAN source address verification method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810524132.2A CN108965241A (en) | 2018-05-28 | 2018-05-28 | Based on WLAN source address verification method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108965241A true CN108965241A (en) | 2018-12-07 |
Family
ID=64492232
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810524132.2A Pending CN108965241A (en) | 2018-05-28 | 2018-05-28 | Based on WLAN source address verification method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108965241A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112087449A (en) * | 2020-09-08 | 2020-12-15 | 清华大学 | Verification method and system of source address, storage medium and electronic equipment |
CN112566128A (en) * | 2021-03-01 | 2021-03-26 | 深圳市乙辰科技股份有限公司 | Wireless router management and control method based on mac address |
CN114268816A (en) * | 2021-12-24 | 2022-04-01 | 广东悦伍纪网络技术有限公司 | Advertisement directional distribution method, device and system based on local area network equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101621513A (en) * | 2009-07-20 | 2010-01-06 | 清华大学 | Method for normalizing verification scheme of source address accessed into subnetwork |
US20170063680A1 (en) * | 2015-08-24 | 2017-03-02 | Alibaba Group Holding Limited | Verifying source addresses associated with a terminal |
-
2018
- 2018-05-28 CN CN201810524132.2A patent/CN108965241A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101621513A (en) * | 2009-07-20 | 2010-01-06 | 清华大学 | Method for normalizing verification scheme of source address accessed into subnetwork |
US20170063680A1 (en) * | 2015-08-24 | 2017-03-02 | Alibaba Group Holding Limited | Verifying source addresses associated with a terminal |
CN106487742A (en) * | 2015-08-24 | 2017-03-08 | 阿里巴巴集团控股有限公司 | For verifying the method and device of source address effectiveness |
Non-Patent Citations (1)
Title |
---|
J. BI,J. WU,Y. WANG,T. LIN: "A SAVI Solution for WLAN", 《HTTPS://TOOLS.IETF.ORG/HTML/DRAFT-BI-SAVI-WLAN-14》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112087449A (en) * | 2020-09-08 | 2020-12-15 | 清华大学 | Verification method and system of source address, storage medium and electronic equipment |
CN112566128A (en) * | 2021-03-01 | 2021-03-26 | 深圳市乙辰科技股份有限公司 | Wireless router management and control method based on mac address |
CN114268816A (en) * | 2021-12-24 | 2022-04-01 | 广东悦伍纪网络技术有限公司 | Advertisement directional distribution method, device and system based on local area network equipment |
CN114268816B (en) * | 2021-12-24 | 2023-11-21 | 广东悦伍纪网络技术有限公司 | Advertisement directional distribution method, device and system based on local area network equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103891355B (en) | A kind of method of service register and discovery, equipment and system | |
Akyol et al. | A survey of wireless communications for the electric power system | |
CN105392127B (en) | Relay method of wireless relay equipment and wireless relay equipment | |
CN102075904A (en) | Method and device for preventing re-authentication of roaming user | |
CN107094293A (en) | A kind of device and method for obtaining WiFi terminal real MAC address | |
US20180048633A1 (en) | Perception-free authentication method and system, and control method and system based on the same | |
CN108965241A (en) | Based on WLAN source address verification method | |
CN107864508A (en) | A kind of pre-synchronization method and device of radio roaming authentication state | |
CN109391498A (en) | The management method and the network equipment of networking component | |
CN102833268A (en) | Method, equipment and system for resisting wireless network flooding attack | |
CN107182098A (en) | For realizing the method and apparatus that user equipment switches between WAP | |
CN101621433B (en) | Method, device and system for configuring access equipment | |
CN106792684A (en) | The wireless network secure guard system and means of defence of a kind of multiple-protection | |
CN110324274A (en) | The method and network element of controlling terminal access network | |
CN102035703A (en) | Family wireless network and implementation method thereof | |
CN103906055A (en) | Service data distribution method and service data distribution system | |
CN105657711B (en) | A kind of method for connecting network and electronic equipment | |
CN102215515B (en) | Data processing method, communication system and related equipment | |
CN107820246A (en) | The methods, devices and systems of user authentication | |
CN1921496B (en) | Method for DHCP client terminal to identifying DHCP server | |
CN105744524B (en) | Mobile device networking authentication method in a kind of WIA-PA industry wireless network | |
CN102217239A (en) | Method, apparatus and system for updating group transient key | |
US20150120930A1 (en) | Provisioning access point bandwidth based on predetermined events | |
CN108112015A (en) | A kind of switching method of speech business, device and mobile terminal | |
CN102149172A (en) | Method, device and system for selecting access gateway |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181207 |
|
RJ01 | Rejection of invention patent application after publication |