CN108965241A - Based on WLAN source address verification method - Google Patents

Based on WLAN source address verification method Download PDF

Info

Publication number
CN108965241A
CN108965241A CN201810524132.2A CN201810524132A CN108965241A CN 108965241 A CN108965241 A CN 108965241A CN 201810524132 A CN201810524132 A CN 201810524132A CN 108965241 A CN108965241 A CN 108965241A
Authority
CN
China
Prior art keywords
equipment
binding
mac
address
controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810524132.2A
Other languages
Chinese (zh)
Inventor
毕军
乔奕
张梦豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN201810524132.2A priority Critical patent/CN108965241A/en
Publication of CN108965241A publication Critical patent/CN108965241A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of based on WLAN source address verification methods, comprising: creation binding table, and make to preserve the MAC Address and the binding relationship for the IP address for distributing to the equipment into each equipment in all devices of WLAN in binding table;The message from equipment, and MAC Address based on equipment are obtained, the IP address with MAC Address binding is searched in binding table;The IP address of message is obtained, and in the IP address situation identical with the IP address of the message for judging to search, determines that the source address of the message is legal, and forward the message.This method can accurate validation enter the message of each equipment in all devices of WLAN source address it is whether legal, prevent the disparate networks in WLAN based on forgery of source address from attacking, substantially increase the safety in utilization of WLAN.

Description

Based on WLAN source address verification method
Technical field
The present invention relates to Internet technical field more particularly to a kind of based on WLAN source address verification methods.
Background technique
Existing IP/TCP agreement at the beginning of design not doing excessive consideration in safety problem, in agreement default network The source address information that data packet includes all be it is true and reliable, screening and inspection will not be carried out to the legitimacy in data packet source. However, slowly being set from the basis that the tool of academic colleague's exchange becomes the whole society with the great change of internet use environment It applies, the network attack carried out by cook source address field is more and more, brings very big challenge to the development of entire internet. This kind of attack tends to initiate but to be difficult to trace, and endangers network security, also brings to network management, diagnosis, charging etc. huge It is big to hinder.In order to guarantee the reliability of source address information in network, prevent forgery of source address from attacking, those skilled in the art are proposed A series of source address verification methods.
WLAN (Wireless Local Area Network, WLAN) utilizes wireless communication technique, by limited model Equipment in enclosing is connected with each other, and user is moved in signal cover and keeps connecting.WLAN Security risk it is larger, the equipment such as existing a large amount of smart phones, tablet computer, laptop much pass through wireless access Internet, and they are possible to remotely be controlled by attacker, initiate the disparate networks attack based on forgery of source address, generate huge Harm, and be difficult to trace.However, although a series of source address verification methods are currently suggested, not by this method Applied to each deployment scenario of WLAN, so that not can solve all kinds of nets in WLAN based on forgery of source address Network attack.
Accordingly, it is desirable to provide a kind of based on WLAN source address verification method.
Summary of the invention
The technical problems to be solved by the present invention are: being currently suggested a series of source address verification methods, but will not This method is applied to each deployment scenario of WLAN, so that not can solve in WLAN based on forgery of source address Disparate networks attack.
In order to solve the above-mentioned technical problems, the present invention provides a kind of based on WLAN source address verification method, Include:
Binding table is created, and makes to be preserved in the binding table into each equipment in all devices of WLAN The binding relationship of MAC Address and the IP address for distributing to the equipment;
The message from the equipment, and the MAC Address based on the equipment are obtained, searches and is somebody's turn to do in the binding table The IP address of MAC Address binding;
The IP address of the message is obtained, and is judging the IP address the searched situation identical as the IP address of the message Under, determine that the source address of the message is legal, and forward the message.
In a preferred embodiment, binding table is created, and makes to preserve in the binding table into wireless local area The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of net, comprising:
Obtain the MAC Address of each equipment in all devices for entering WLAN and the IP address for distributing to the equipment Binding relationship;
Judge whether the binding relationship is legal, if legal, then the binding relationship is added to binding table;Otherwise, it loses Abandon the binding relationship.
In a preferred embodiment, with obtaining the MAC of each equipment in all devices for entering WLAN The binding relationship of location and the IP address for distributing to the equipment, comprising:
Obtain the specified MAC into each equipment in the equipment component of WLAN of administrative staff by WLAN The binding relationship of address and the IP address for distributing to the equipment;And
It obtains and each equipment and address distribution clothes in remaining equipment of WLAN is entered by wireless router sniff The mutual message of business device, and therefrom obtain the MAC Address and the binding relationship for the IP address for distributing to the equipment of the equipment.
In a preferred embodiment, the binding table includes: IP-MAC binding table and MAC-IP binding table.
In a preferred embodiment, binding table is created, and makes to be preserved in the binding table into centralized nothing The MAC Address of each equipment and the IP address for distributing to the equipment in all devices of the FIT-AP deployment scenario of line local area network Binding relationship, comprising:
It obtains the MAC Address of each equipment in all devices for entering the FIT-AP deployment scenario and distributes to the equipment IP address binding relationship, and the binding relationship is sent to controller;
Judge whether the binding relationship is legal by the controller, if legal, is then tied up by the controller by described Determine relationship and be added to IP-MAC binding table, and notify wireless router that the binding relationship is added to MAC-IP binding table, with reality Existing IP-MAC binding table is synchronous with MAC-IP binding table;Otherwise, the binding relationship is abandoned.
In a preferred embodiment, the IP-MAC binding table and the MAC-IP binding table synchronize pass through expansion Agreement is opened up to execute.
In a preferred embodiment, when all of FIT-AP deployment scenario for entering Centralized Wireless LAN set Each equipment is moved to from the range of the first wireless router connecting with the equipment controlled by the first controller by the in standby When the range of the second wireless router of one controller control, the first wireless router is detecting the equipment and its company of disconnection After connecing, it is automatically deleted binding relationship relevant to the equipment in the MAC-IP binding table being stored in the first wireless router;
After the second wireless router detects the equipment, the second wireless router is stored in the request of the first controller Binding relationship relevant to the equipment in IP-MAC binding table in first controller;
After the first controller receives to request, which is sent to the second wireless router, the second wireless routing The binding relationship is stored in the MAC-IP binding table in the second wireless router by device, to realize the binding relationship of the equipment Migration.
In a preferred embodiment, when all of FIT-AP deployment scenario for entering Centralized Wireless LAN set Each equipment is moved to from the range of the third wireless router controlled by second controller in standby is controlled by third controller When the range of the 4th wireless router, the 4th wireless router notifies third controller, third control after detecting the equipment Binding relevant to the equipment is closed in the IP-MAC binding table that device processed is stored in second controller to second controller request System;
After second controller receives to request, which is sent to third controller, third controller ties up this Determine in the IP-MAC binding table that relationship is stored in third controller, and the binding relationship is sent to the 4th wireless router, The binding relationship is stored in the MAC-IP binding table in the 4th wireless router by the 4th wireless router;
Second controller is automatically deleted relevant to the equipment in the IP-MAC binding table being stored in second controller Binding relationship, third wireless router are automatically deleted in the MAC-IP binding table being stored in third wireless router and set with described Standby relevant binding relationship, to realize the migration of the binding relationship of the equipment.
In a preferred embodiment, binding table is created, and makes to be preserved in the binding table into centralized nothing The MAC Address of each equipment and the IP address for distributing to the equipment in all devices of the FIT-AC deployment scenario of line local area network Binding relationship, comprising:
It obtains the MAC Address of each equipment in all devices for entering the FIT-AC deployment scenario and distributes to the equipment IP address binding relationship, and the binding relationship is sent to controller;
Judge whether the binding relationship is legal by the controller, if legal, is then tied up by the controller by described Determine relationship and is added to IP-MAC binding table and MAC-IP binding table;Otherwise, the binding relationship is abandoned.
In a preferred embodiment, when all of FIT-AC deployment scenario for entering Centralized Wireless LAN set Each equipment is moved to from the range of the 5th wireless router controlled by the 4th controller by the control of the 5th controller in standby When the range of the 6th wireless router, the 6th wireless router notifies the 5th controller, the 5th control after detecting the equipment It is set in the IP-MAC binding table and MAC-IP binding table that device processed is stored in the 4th controller to the request of the 4th controller with described Standby relevant binding relationship;
After the 4th controller receives to request, which is sent to the 5th controller, the 5th controller ties up this Determine in the IP-MAC binding table and MAC-IP binding table that relationship is stored in the 5th controller;
4th controller be automatically deleted in the IP-MAC binding table and MAC-IP binding table being stored in the 4th controller with The relevant binding relationship of the equipment, to realize the migration of the binding relationship of the equipment.
In a preferred embodiment, binding table is created, and makes to be preserved in the binding table into distributed nothing The MAC Address of each equipment and the IP address for distributing to the equipment in all devices of the FAT-AP deployment scenario of line local area network Binding relationship, comprising:
It obtains the MAC Address of each equipment in all devices for entering the FAT-AP deployment scenario and distributes to the equipment IP address binding relationship;
Judge whether the binding relationship is legal by wireless router, if legal, then by the wireless router by institute It states binding relationship and is added to IP-MAC binding table and MAC-IP binding table;Otherwise, the binding relationship is abandoned.
In a preferred embodiment, when all of FAT-AP deployment scenario for entering distributed wireless local area network set When each equipment is moved to the range of the 8th wireless router from the range of the 7th wireless router in standby, the 8th wireless router After detecting the equipment, to the 7th wireless router IP-MAC binding table that is stored in the 7th wireless router of request and Binding relationship relevant to the equipment in MAC-IP binding table;
After the 7th wireless router receives to request, which is sent to the 8th wireless router, the 8th is wireless The binding relationship is stored in the IP-MAC binding table and MAC-IP binding table in the 8th wireless router by router;
7th wireless router is automatically deleted the IP-MAC binding table being stored in the 7th wireless router and MAC-IP is tied up Binding relationship relevant to the equipment in table is determined, to realize the migration of the binding relationship of the equipment.
In a preferred embodiment, the binding relationship of the equipment migrates across Extended Protocol to execute.
Compared with prior art, one or more embodiments in above scheme can have following advantage or beneficial to effect Fruit:
Using based on WLAN source address verification method provided in an embodiment of the present invention, according to WLAN Feature devises more specific and effective source address validation scheme, and the institute of WLAN is entered so as to accurate validation There is the source address of the message of each equipment in equipment whether legal, prevents all kinds of nets in WLAN based on forgery of source address Network attack, substantially increases the safety in utilization of WLAN.
Other features and advantages of the present invention will be illustrated in the following description, and partly becomes from specification It is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by wanting in specification, right Specifically noted structure is sought in book and attached drawing to be achieved and obtained.
Detailed description of the invention
Attached drawing is used to provide further understanding of the present invention, and constitutes part of specification, with reality of the invention It applies example and is used together to explain the present invention, be not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the flow diagram of the based on WLAN source address verification method of first embodiment of the invention;
Fig. 2 is the flow diagram of the step S101 in Fig. 1;
Fig. 3 is the flow diagram of the based on WLAN source address verification method of second embodiment of the invention;
Fig. 4 is the flow diagram of the step S201 in Fig. 3;
Fig. 5 the IP-MAC binding table in the AC of second embodiment and the MAC-IP binding table in AP to illustrate the invention it is same The schematic diagram of step process;
The schematic diagram of Fig. 6 equipment roam procedure between different AP of second embodiment to illustrate the invention;
The schematic diagram of Fig. 7 equipment roam procedure between different AC of second embodiment to illustrate the invention;
Fig. 8 is the flow diagram of the based on WLAN source address verification method of third embodiment of the invention;
Fig. 9 is the flow diagram of the step S301 in Fig. 8;
The schematic diagram of Figure 10 equipment roam procedure between different AC of 3rd embodiment to illustrate the invention;
Figure 11 is the flow diagram of the based on WLAN source address verification method of fourth embodiment of the invention;
Figure 12 is the flow diagram of the step S401 in Figure 11.
Specific embodiment
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings and examples, how to apply to the present invention whereby Technological means solves technical problem, and the realization process for reaching technical effect can fully understand and implement.It needs to illustrate As long as not constituting conflict, each feature in each embodiment and each embodiment in the present invention can be combined with each other, It is within the scope of the present invention to be formed by technical solution.
Currently, in order to guarantee the reliability of source address information in network, prevent forgery of source address from attacking, those skilled in the art Member proposes a series of source address verification methods.For example, Tsinghua University in 2008 is from the level of network architecture, summarize and Existing method is summarized, " the network addressing architecture based on real IPv 6 source address " (Source Address is proposed Validation Architecture, SAVA), adopted by IETF and forms related RFC.Position and function of the SAVA according to deployment Can difference, source address verification method is divided into three levels, bottom-up is that access net source address validation, domain are endogenous respectively Source address validation between address validation and domain.The same year, Tsinghua University have set up SAVI working group (Source under IETF promotion Address Validation Improvement, SAVI), working group is proposing a series of related drafts later and is being formulated For RFC.These RFC have obtained the support of numerous manufacturers, are realized on a series of hardware devices, enhance network address The manageability in source provides possibility for address backtracking, improves the grade of network security.Also, SAVI working group needle Some standards have been formulated to part IP address distribution method and network environment, including for Dynamic Host Configuration Protocol (DHCP and DHCPv6 source address validation scheme SAVI-DHCP), for the source address of stateless address distributorship agreement (SLAAC) under IPv6 Proof scheme SAVI-FCFS, source address validation scheme SAVI-SEND, Yi Jizhen for being directed to Secure Neighbor Discovery Protocol (SEND) The source address validation scheme SAVI-MIX of network environment etc. that a variety of address distributions are coexisted.
However, current SAVI standard is formulated based on existing network mode and the network equipment.It is substantially former Reason is that the interactive process of address assignment protocol is monitored by SAVI interchanger, determines the state of address distribution, and then will be allocated IP address is tied in selected trust anchor (including MAC Address, exchange interface etc.), forms binding table.For reaching The data message of interchanger, it is all having matched binding table, it is regarded as the legal message of source address;Otherwise it is assumed that being source The message that address is forged.The message of forgery will be dropped, and be attacked to greatly reduce by the network that cook source address field carries out It hits.
WLAN is due to good flexibility and mobility, install convenient, being easy to extend, fault location appearance Easily, the advantages that being easy to carry out the network planning and adjustment, is widely used in enterprise, medical treatment, warehousing management, container yard, exhibition Show the fields such as meeting-place, food and drink and retail.Currently, most of WLAN is based on IEEE802.11 standard, and with Wi-Fi As trade (brand) name.In a wireless local area network, it is all by wireless medium interconnect equipment be referred to as receiving end (Station, STA), including access point (Access Points, AP) and terminal (Client).Access point is usually wireless router, hair It send and receives signal and enable a device to access network, and terminal typically refers to smart phone, laptop etc. and is equipped with nothing The access device of gauze card.
WLAN has a characteristic that compared to cable LAN
1, comprising more terminal device, a usual access point can provide connection for dozens of terminal, and a nothing Line local area network may include dozens of access point;
2, terminal can be initiated or be disconnected at any time;
3, need to consider the situation of terminal roaming, often carried terminal in different access points (AP) or accesses user The internetwork roaming of controller (AC).
Therefore, the security risk of WLAN is larger, and the equipment into WLAN is probably remote by attacker The disparate networks attack based on forgery of source address is initiated in process control.
To solve the above-mentioned problems, the present invention provides a kind of based on WLAN source address verification methods.
The based on WLAN source address verification method of each embodiment of the present invention is described in detail with reference to the accompanying drawing.
Embodiment one
Fig. 1 is the flow diagram of the based on WLAN source address verification method of first embodiment of the invention.
As shown in Figure 1, the based on WLAN source address verification method of first embodiment of the invention, main includes step Rapid S101 to step S103.
In step s101, binding table is created, and makes to preserve in binding table into all devices of WLAN The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment.
Specifically, as shown in Figure 2.Firstly, executing step S1011, obtain every in all devices for entering WLAN The binding relationship of the MAC Address of a equipment and the IP address for distributing to the equipment, specifically includes: obtaining the pipe by WLAN The specified MAC Address into each equipment in the equipment component of WLAN of reason personnel and the IP address of distributing to the equipment Binding relationship;And it obtains and each equipment and address point in remaining equipment of WLAN is entered by wireless router sniff Mutual message with server (DHCP or DAD server), and therefrom obtain the MAC Address of the equipment and distribute to the equipment The binding relationship of IP address.
Wherein, refer into the equipment component of WLAN into some key equipments in WLAN, such as Controller, address allocation server etc., can be by each equipment in these equipment of administrative staff's manual configuration of WLAN The binding relationship of MAC Address and the IP address for distributing to the equipment.
In addition to the above key equipment, into each equipment in remaining equipment of WLAN MAC Address with The binding relationship for distributing to the IP address of the equipment is to be obtained by wireless router sniff DHCP or DAD message, specifically smells Spy process is as follows:
Into each equipment in remaining equipment of WLAN and address allocation server (DHCP or DAD server) Mutual message can all pass through wireless router, and therefore, wireless router can intercept and capture these messages, so which equipment Shen learnt Please which IP address.Assuming that the MAC Address of equipment is 11:22:33:44:55:66, application is with having arrived fc00::2 this IP Location, wireless router just record this binding relationship ((11:22:33:44:55:66)-(fc00::2)), as sniff Process.
Secondly, executing step S1012, judge whether the binding relationship is legal.If legal, then the binding relationship is added to Binding table;Otherwise, the binding relationship is abandoned.
In a preferred embodiment, which includes: IP-MAC binding table and MAC-IP binding table.
Specifically, IP-MAC binding table is used to store the mapping of IP address to corresponding MAC Address.One IP address can only be right Unique MAC Address is answered, and multiple IP address may map to the same MAC Address.IP-MAC binding table is according to IP address The MAC Address for carrying out query facility, is mainly used for backup information.
MAC-IP binding table is for storing the mapping of MAC Address to IP address.One MAC Address can correspond to multiple and different IP address.MAC-IP binding table is to inquire IP address according to the MAC Address of equipment, is mainly used for packet filtering.The table needs It is realized between IP-MAC binding table synchronous.
In step s 102, obtain the message from equipment, and MAC Address based on equipment, searched in binding table with The IP address of MAC Address binding.
In step s 103, obtain the IP address of message, and judge search IP address and the message IP address whether It is identical.In the IP address situation identical with the IP address of the message for judging to search, determine that the source address of the message is legal, And forward the message;In the different situation of IP address of the IP address and the message judging to search, the message is determined Source address is illegal, and abandons the message.
Still step S102 and S103 are illustrated by taking above example as an example.
It is 11:22:33:44 from MAC Address therefore because in a wireless local area network, equipment can not forge MAC Address: The source address of the legal message sent in the equipment of 55:66 must be fc00::2.When wireless router is received from MAC When location is the message of the equipment of 11:22:33:44:55:66, which can inquire MAC-IP binding table to obtain and MAC Address is the IP address of the apparatus bound of 11:22:33:44:55:66, and in this example, it can inquire fc00::2.Then, Wireless router can read the IP address of message, and judge whether the IP address searched is identical as the IP address of the message.Sentencing In the disconnected IP address situation identical with the IP address of the message searched out, determine that the source address of the message is legal, and forwarding should Message;In the different situation of IP address of the IP address and the message judging to search, the source address of the message is determined not It is legal, and abandon the message.
It should be noted that in a wireless local area network, equipment can not forge MAC Address, therefore, in the present embodiment, into Enter the binding relationship of the MAC Address of each equipment in all devices of WLAN and the IP address for distributing to the equipment just True property depends on the safety of the MAC Address of the equipment.In radio local network environment, there are many security mechanisms that can protect This point is demonstrate,proved, such as 802.11i or other mechanism.Therefore, it before equipment sends message, needs to complete under 802.11i standard Access authentication and key agreement, so that equipment can not forge the MAC Address of itself, to guarantee the peace of link layer address Quan Xing.
Therefore, in the present embodiment, for the message from equipment of acquisition, firstly, MAC Address based on equipment, The IP address with MAC Address binding is searched in binding table.Then, the IP address of message is obtained, and judges the IP address searched It is whether identical as the IP address of the message.It is whether legal to verify the source address of message by means of which, it greatly reduces logical Cross the network attack of cook source address field progress.
Using based on WLAN source address verification method provided in an embodiment of the present invention, according to WLAN Feature devises more specific and effective source address validation scheme, and the institute of WLAN is entered so as to accurate validation There is the source address of the message of each equipment in equipment whether legal, prevents all kinds of nets in WLAN based on forgery of source address Network attack, substantially increases the safety in utilization of WLAN.
WLAN is complex compared to cable LAN, needs to combine its specific implementation (network association of use View, the operational mode used etc.), pointedly design source address verification method.Below for the specific deployment of WLAN Scene describes its respective source address verification method respectively.
WLAN specifically includes that Centralized Wireless LAN and distributed wireless local area network.
It in Centralized Wireless LAN structure, is come by an access controller (Access Controller, AC) It is responsible for managing and controlling one or more wireless terminal points (Wireless Termination Points, WTPs) or access Point (Access Point, AP), to realize flexible networking, load balancing and preferably roaming support.Wherein, access controller is normal It for dedicated hardware device, but can also be realized with software, in addition, access control also may be implemented in part interchanger.The concentration Formula WLAN is mainly used in complicated, large-scale WLAN (enterprise or Campus Networks).The centralization wireless local area Net includes two kinds of deployment scenarios: FIT-AP (the FIT Access Point) deployment scenario and centralization of Centralized Wireless LAN FIT-AC (FIT Access Controller) deployment scenario of WLAN.
Distributed wireless local area network is made of access point (Access Point, AP).Distributed wireless local area network only wraps Containing access point (Access Point, AP), do not include access controller (Access Controller, AC).The distributed wireless Local area network includes a kind of deployment scenario: the FAT-AP deployment of distributed wireless local area network.
The source address verification method under these three deployment scenarios is described in detail below with reference to Fig. 3 to Figure 12.
Embodiment two
The present embodiment mainly describes the source address verification method under the FIT-AP deployment scenario of Centralized Wireless LAN.
Under this deployment scenario, IP-MAC binding table be by AC control plane safeguard, and MAC-IP binding table be by AP safeguards that the filtering into the message of each equipment in all devices of the deployment scenario is real on each AP in data plane It is existing.
Fig. 3 is the flow diagram of the based on WLAN source address verification method of second embodiment of the invention.
As shown in figure 3, the based on WLAN source address verification method of second embodiment of the invention, main includes step Rapid S201 to step S203.
In step s 201, binding table is created, and makes to preserve the FIT- into Centralized Wireless LAN in binding table The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of AP deployment scenario.
Specifically, as shown in Figure 4.Firstly, executing step S2011, the FIT-AP for entering Centralized Wireless LAN is obtained The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of deployment scenario, and should Binding relationship is sent to controller.It specifically includes: obtaining and disposed by specified FIT-AP that enters of administrative staff of WLAN The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in the equipment component of scene;And it obtains logical Wireless router (AP) sniff is crossed into each equipment and address allocation server in remaining equipment of the FIT-AP deployment scenario The mutual message of (DHCP or DAD server), and therefrom obtain the MAC Address of the equipment and distribute to the IP address of the equipment Binding relationship.
It should be noted that due in the step acquisition of binding relationship it is similar with the step S1011 in embodiment one, This is repeated no more.
Secondly, executing step S2012, judge whether the binding relationship is legal by controller.If legal, then by controller Binding relationship is added to IP-MAC binding table, and notifies wireless router (AP) that the binding relationship is added to MAC-IP binding Table, to realize that IP-MAC binding table is synchronous with MAC-IP binding table;Otherwise, the binding relationship is abandoned.
In a preferred embodiment, IP-MAC binding table it is synchronous with MAC-IP binding table by Extended Protocol come It executes.Preferably, which is CAPWAP Extended Protocol.
Specifically, as shown in figure 5, being extended to former CAPWAP message format by CAPWAP Extended Protocol makes it carry phase The IP address and MAC Address answered, the new CAPWAP message format after making extension includes MAC Address, the address IPv4 and the address IPv6 Domain.Therefore, wireless router (AP) can use that the new CAPWAP message will acquire into Centralized Wireless LAN The MAC Address of each equipment and the binding relationship for the IP address for distributing to the equipment are sent out in all devices of FIT-AP deployment scenario Controller is given, judges whether the binding relationship is legal by controller.If legal, binding relationship is added to IP- by controller MAC binding table, and be sent to the binding relationship wireless router (AP) using the new CAPWAP message, notify wireless router (AP) binding relationship is added to MAC-IP binding table, to realize in the IP-MAC binding table in controller and wireless router MAC-IP binding table synchronization.
In addition, also can use the new CAPWAP message if needing to realize the synchronization of IP-MAC binding table between AC and realize Binding relationship sends and receives.
In step S202, obtain the message from equipment, and MAC Address based on equipment, searched in binding table with The IP address of MAC Address binding.
In step S203, obtain the IP address of message, and judge search IP address and the message IP address whether It is identical.In the IP address situation identical with the IP address of the message for judging to search, determine that the source address of the message is legal, And forward the message;In the different situation of IP address of the IP address and the message judging to search, the message is determined Source address is illegal, and abandons the message.
It should be noted that since step S202 and step S203 is identical as the step S102 and S103 in embodiment one, Details are not described herein.
Roaming scenario of the equipment in the deployment scenario is described in detail below.
In the deployment scenario, equipment moves between different AP or AC, it will triggers the binding relationship of the equipment Migration.
In a preferred embodiment, into all devices of the FIT-AP deployment scenario of Centralized Wireless LAN In the binding relationship of each equipment migrate across Extended Protocol to execute.Preferably, which is CAPWAP extension association View.
Specifically, as shown in fig. 6, being extended to former CAPWAP message format by CAPWAP Extended Protocol makes it carry phase The IP address and MAC Address answered, the new CAPWAP message format after making extension includes MAC Address, the address IPv4 and the address IPv6 Domain.Therefore, when enter Centralized Wireless LAN FIT-AP deployment scenario all devices in each equipment from by first control The range for the first wireless router (AP1) of device (AC1) control processed connecting with the equipment is moved to by the first controller (AC1) When the range of the second wireless router (AP2) of control, the first wireless router (AP1) is detecting the equipment and its company of disconnection After connecing, it is automatically deleted binding relevant to the equipment in the MAC-IP binding table being stored in the first wireless router (AP1) and closes System.After the second wireless router (AP2) detects the equipment, the second wireless router (AP2) utilizes the new CAPWAP message It is relevant to the equipment in the IP-MAC binding table being stored in the first controller (AC1) to the first controller (AC1) request to tie up Determine relationship.After the first controller (AC1) receives to request, the binding relationship is sent to the second nothing using the new CAPWAP message The binding relationship is stored in the second wireless router (AP2) by line router (AP2), the second wireless router (AP2) In MAC-IP binding table, to realize the migration of the binding relationship of equipment.
As shown in fig. 7, when each equipment in all devices into the FIT-AP deployment scenario of Centralized Wireless LAN It is moved to from the range of the third wireless router (AP3) controlled by second controller (AC2) and is controlled by third controller (AC3) The 4th wireless router (AP4) range when, the 4th wireless router (AP4) is new using this after detecting the equipment The roaming item of CAPWAP message informing third controller (AC3) equipment and the source of the equipment, third controller (AC3) The IP-MAC binding table being stored in second controller (AC2) using the new CAPWAP message to second controller (AC2) request In binding relationship relevant to the equipment.After second controller (AC2) receives to request, this is tied up using the new CAPWAP message Determine relationship to be sent to third controller (AC3), which is stored in third controller (AC3) by third controller (AC3) In IP-MAC binding table in, and the binding relationship is sent to the 4th wireless router (AP4) using the new CAPWAP message, The binding relationship is stored in the MAC-IP binding table in the 4th wireless router (AP4) by the 4th wireless router (AP4).With Afterwards, second controller (AC2) is automatically deleted related to the equipment in the IP-MAC binding table being stored in second controller (AC2) Binding relationship, third wireless router (AP3) be automatically deleted be stored in third wireless router (AP3) MAC-IP binding Binding relationship relevant to the equipment in table, to realize the migration of the binding relationship of equipment.
Using based on WLAN source address verification method provided in an embodiment of the present invention, according to the wireless office of centralization The characteristics of FIT-AP deployment scenario of domain net, more specific and effective source address validation scheme is devised, so as to accurate Whether the source address that verifying enters the message of each equipment in all devices of FIT-AP deployment scenario is legal, prevents wireless local area Disparate networks attack in net based on forgery of source address, substantially increases the safety in utilization of WLAN.
Embodiment three
The present embodiment mainly describes the source address verification method under the FIT-AC deployment scenario of Centralized Wireless LAN.
Under this deployment scenario, IP-MAC binding table and MAC-IP binding table are safeguarded by AC, into the deployment field The filtering of the message of each equipment is also to realize on AC in all devices of scape.
Fig. 8 is the flow diagram of the based on WLAN source address verification method of third embodiment of the invention.
As shown in figure 8, the based on WLAN source address verification method of third embodiment of the invention, main includes step Rapid S301 to step S303.
In step S301, binding table is created, and make to preserve the FIT- into Centralized Wireless LAN in binding table The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of AC deployment scenario.
Specifically, as shown in Figure 9.Firstly, executing step S3011, the FIT-AC for entering Centralized Wireless LAN is obtained The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of deployment scenario, and should Binding relationship is sent to controller.It specifically includes: obtaining and disposed by specified FIT-AC that enters of administrative staff of WLAN The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in the equipment component of scene;And it obtains logical Wireless router (AP) sniff is crossed into each equipment and address allocation server in remaining equipment of the FIT-AC deployment scenario The mutual message of (DHCP or DAD server), and therefrom obtain the MAC Address of the equipment and distribute to the IP address of the equipment Binding relationship.
It should be noted that due in the step acquisition of binding relationship it is similar with the step S1011 in embodiment one, This is repeated no more.
It is similar with embodiment two, it is every in remaining equipment that wireless router (AP) sniff enters the FIT-AC deployment scenario The mutual message of a equipment and address allocation server (DHCP or DAD server), and therefrom obtain the MAC Address of the equipment with It is equally to be sent to the binding relationship using above-mentioned new CAPWAP message after the binding relationship for distributing to the IP address of the equipment Controller, details are not described herein.
Secondly, executing step S3012, judge whether the binding relationship is legal by controller.If legal, then by controller The binding relationship is added to IP-MAC binding table and MAC-IP binding table;Otherwise, the binding relationship is abandoned.
In step s 302, obtain the message from equipment, and MAC Address based on equipment, searched in binding table with The IP address of MAC Address binding.
In step S303, obtain the IP address of message, and judge search IP address and the message IP address whether It is identical.In the IP address situation identical with the IP address of the message for judging to search, determine that the source address of the message is legal, And forward the message;In the different situation of IP address of the IP address and the message judging to search, the message is determined Source address is illegal, and abandons the message.
It should be noted that since step S302 and step S303 is identical as the step S102 and S103 in embodiment one, Details are not described herein.
In the deployment scenario, equipment movement between different AP will not trigger moving for the binding relationship of the equipment It moves.If equipment moves between different AC, it will the migration of the binding relationship of the equipment between triggering AC.
In a preferred embodiment, into all devices of the FIT-AC deployment scenario of Centralized Wireless LAN In the binding relationship of each equipment migrate across Extended Protocol to execute.Preferably, which is CAPWAP extension association View.
Specifically, as shown in Figure 10, being extended to former CAPWAP message format by CAPWAP Extended Protocol makes its carrying Corresponding IP address and MAC Address, new CAPWAP message format after making extension include MAC Address, the address IPv4 and IPv6 Location domain.Therefore, when enter Centralized Wireless LAN FIT-AC deployment scenario all devices in each equipment from by the 4th The range of 5th wireless router (AP5) of controller (AC4) control is moved to the 6th nothing controlled by the 5th controller (AC5) When the range of line router (AP6), the 6th wireless router (AP6) utilizes the new CAPWAP message after detecting the equipment The 5th controller (AC5), the 5th controller (AC5) is notified to deposit using the new CAPWAP message to the request of the 4th controller (AC4) Storage binding relationship relevant to the equipment in the IP-MAC binding table and MAC-IP binding table in the 4th controller (AC4).When After 4th controller (AC4) receives request, the binding relationship is sent to the 5th controller using the new CAPWAP message (AC5), which is stored in IP-MAC binding table and MAC- in the 5th controller (AC5) by the 5th controller (AC5) In IP binding table.Then, the 4th controller (AC4) is automatically deleted the IP-MAC binding table being stored in the 4th controller (AC4) With binding relationship relevant to the equipment in MAC-IP binding table, to realize the migration of the binding relationship of equipment.
Using based on WLAN source address verification method provided in an embodiment of the present invention, according to the wireless office of centralization The characteristics of FIT-AC deployment scenario of domain net, more specific and effective source address validation scheme is devised, so as to accurate Whether the source address that verifying enters the message of each equipment in all devices of FIT-AC deployment scenario is legal, prevents wireless local area Disparate networks attack in net based on forgery of source address, substantially increases the safety in utilization of WLAN.
Example IV
The present embodiment mainly describes the source address verification method under the FAT-AP deployment scenario of distributed wireless local area network.
Under this deployment scenario, IP-MAC binding table and MAC-IP binding table are safeguarded by AP, into the deployment field The filtering of the message of each equipment is also to realize on AP in all devices of scape.
Figure 11 is the flow diagram of the based on WLAN source address verification method of fourth embodiment of the invention.
As shown in figure 11, the based on WLAN source address verification method of fourth embodiment of the invention mainly includes Step S401 to step S403.
In step S401, binding table is created, and make to preserve the FAT- into distributed wireless local area network in binding table The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of AP deployment scenario.
Specifically, as shown in figure 12.Firstly, executing step S4011, the FAT-AP for entering distributed wireless local area network is obtained The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of deployment scenario.Specific packet It includes: obtaining specified into each equipment in the equipment component of the FAT-AP deployment scenario by the administrative staff of WLAN The binding relationship of MAC Address and the IP address for distributing to the equipment;And it obtains to enter by wireless router (AP) sniff and be somebody's turn to do Each equipment and address allocation server (DHCP or DAD server) interacts report in remaining equipment of FAT-AP deployment scenario Text, and therefrom obtain the MAC Address and the binding relationship for the IP address for distributing to the equipment of the equipment.
It should be noted that due in the step acquisition of binding relationship it is similar with the step S1011 in embodiment one, This is repeated no more.
Secondly, executing step S4012, judge whether the binding relationship is legal by wireless router.If legal, then by nothing The binding relationship is added to IP-MAC binding table and MAC-IP binding table by line router;Otherwise, the binding relationship is abandoned.
In step S402, obtain the message from equipment, and MAC Address based on equipment, searched in binding table with The IP address of MAC Address binding.
In step S403, obtain the IP address of message, and judge search IP address and the message IP address whether It is identical.In the IP address situation identical with the IP address of the message for judging to search, determine that the source address of the message is legal, And forward the message;In the different situation of IP address of the IP address and the message judging to search, the message is determined Source address is illegal, and abandons the message.
It should be noted that since step S402 and step S403 is identical as the step S102 and S103 in embodiment one, Details are not described herein.
In the deployment scenario, movement of the equipment between different AP will trigger moving for the binding relationship of the equipment It moves.
In a preferred embodiment, into all devices of the FAT-AP deployment scenario of distributed wireless local area network In the binding relationship of each equipment migrate across Extended Protocol to execute.Preferably, which is CAPWAP extension association View.
Specifically, being extended to former CAPWAP message format by CAPWAP Extended Protocol makes it carry corresponding IP address With MAC Address, the new CAPWAP message format after making extension includes MAC Address, the address IPv4 and IPv6 address field.Therefore, when Into each equipment in all devices of the FAT-AP deployment scenario of distributed wireless local area network from the 7th wireless router (AP7) Range when being moved to the range of the 8th wireless router (AP8), the 8th wireless router (AP8) after detecting the equipment, The IP- being stored in the 7th wireless router (AP7) using the new CAPWAP message to the request of the 7th wireless router (AP7) Binding relationship relevant to the equipment in MAC binding table and MAC-IP binding table.When the 7th wireless router (AP7) receives request Afterwards, the binding relationship is sent to the 8th wireless router (AP8), the 8th wireless router using the new CAPWAP message (AP8) binding relationship is stored in the IP-MAC binding table and MAC-IP binding table in the 8th wireless router (AP8).With Afterwards, the 7th wireless router (AP7) is automatically deleted the IP-MAC binding table and MAC- being stored in the 7th wireless router (AP7) Binding relationship relevant to the equipment in IP binding table, to realize the migration of the binding relationship of equipment.
Using based on WLAN source address verification method provided in an embodiment of the present invention, according to distributed wireless office The characteristics of FAT-AP deployment scenario of domain net, more specific and effective source address validation scheme is devised, so as to accurate Whether the source address that verifying enters the message of each equipment in all devices of FAT-AP deployment scenario is legal, prevents wireless local area Disparate networks attack in net based on forgery of source address, substantially increases the safety in utilization of WLAN.
Here, it should be noted that device-dependent binding relationship is automatically deleted, and is not limited to above-mentioned each implementation Example.When there are following three kinds of situations, access controller (AC) or access point (AP) will be automatically deleted device-dependent binding Relationship: if (1) lifetime of device-dependent binding relationship be already expired, be automatically deleted;(2) if occurrence of equipment is mobile simultaneously It is disconnected from access point, is then automatically deleted all binding relationships relevant to the equipment;(3) DHCP RELEASE message will trigger certainly It is dynamic to delete corresponding binding relationship.The present embodiment has referred only to second situation, when first or the third situation occurs, access control Device (AC) processed or access point (AP) will also be automatically deleted device-dependent binding relationship.
Hardware is disposed, it should be noted that (it is embedding that OpenWrt is such as equipped with for customized access point apparatus Enter the wireless router of formula operating system) and customized access controller (control software such as based on common server or SDN controller), corresponding software module can be increased, to support various embodiments of the present invention.
Those skilled in the art should be understood that above-mentioned each step of the invention can be with general computing device come real Existing, they can be concentrated on a single computing device, or be distributed over a network of multiple computing devices, optional Ground, they can be realized with the program code that computing device can perform, it is thus possible to be stored in storage device by Computing device executes, perhaps they are fabricated to each integrated circuit modules or by them multiple modules or Step is fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific hardware and softwares to combine.
While it is disclosed that embodiment content as above but described only to facilitate understanding the present invention and adopting Embodiment is not intended to limit the invention.Any those skilled in the art to which this invention pertains are not departing from this Under the premise of the disclosed spirit and scope of invention, any modification and change can be made in the implementing form and in details, But protection scope of the present invention still should be subject to the scope of the claims as defined in the appended claims.

Claims (13)

1. a kind of based on WLAN source address verification method characterized by comprising
Binding table is created, and makes to preserve the MAC into each equipment in all devices of WLAN in the binding table The binding relationship of address and the IP address for distributing to the equipment;
The message from the equipment, and the MAC Address based on the equipment are obtained, is searched and the MAC in the binding table The IP address of address binding;
The IP address of the message is obtained, and in the IP address situation identical with the IP address of the message for judging to search, It determines that the source address of the message is legal, and forwards the message.
2. based on WLAN source address verification method according to claim 1, which is characterized in that creation binding Table, and make to preserve MAC Address into each equipment in all devices of WLAN in the binding table and distribute to The binding relationship of the IP address of the equipment, comprising:
Obtain the MAC Address of each equipment in all devices for entering WLAN and tying up for the IP address for distributing to the equipment Determine relationship;
Judge whether the binding relationship is legal, if legal, then the binding relationship is added to binding table;Otherwise, abandoning should Binding relationship.
3. based on WLAN source address verification method according to claim 2, which is characterized in that obtain and enter nothing The binding relationship of the MAC Address of each equipment and the IP address for distributing to the equipment in all devices of line local area network, comprising:
Obtain the specified MAC Address into each equipment in the equipment component of WLAN of administrative staff by WLAN With the binding relationship for the IP address for distributing to the equipment;And
It obtains and each equipment and address allocation server in remaining equipment of WLAN is entered by wireless router sniff Mutual message, and therefrom obtain the binding relationship of the MAC Address of the equipment with the IP address for distributing to the equipment.
4. based on WLAN source address verification method according to claim 3, which is characterized in that the binding table It include: IP-MAC binding table and MAC-IP binding table.
5. based on WLAN source address verification method according to claim 4, which is characterized in that creation binding Table, and make to be preserved in the binding table into each in all devices of the FIT-AP deployment scenario of Centralized Wireless LAN The binding relationship of the MAC Address of equipment and the IP address for distributing to the equipment, comprising:
Obtain the MAC Address of each equipment in all devices for entering the FIT-AP deployment scenario and the IP for distributing to the equipment The binding relationship of address, and the binding relationship is sent to controller;
Judge whether the binding relationship is legal by the controller, if legal, is then closed the binding by the controller System is added to IP-MAC binding table, and notifies wireless router that the binding relationship is added to MAC-IP binding table, to realize IP- MAC binding table is synchronous with MAC-IP binding table;Otherwise, the binding relationship is abandoned.
6. based on WLAN source address verification method according to claim 5, which is characterized in that the IP-MAC Binding table is synchronous with the MAC-IP binding table to be executed by Extended Protocol.
7. based on WLAN source address verification method according to claim 4, which is characterized in that
When enter Centralized Wireless LAN FIT-AP deployment scenario all devices in each equipment from by the first controller The range for the first wireless router of control connecting with the equipment is moved to the second wireless routing controlled by the first controller When the range of device, the first wireless router is automatically deleted after detecting the equipment and disconnecting with it and is stored in the first nothing Binding relationship relevant to the equipment in MAC-IP binding table in line router;
After the second wireless router detects the equipment, the second wireless router is stored in first to the request of the first controller Binding relationship relevant to the equipment in IP-MAC binding table in controller;
After the first controller receives to request, which is sent to the second wireless router, the second wireless router will The binding relationship is stored in the MAC-IP binding table in the second wireless router, to realize that the binding relationship of the equipment moves It moves.
8. based on WLAN source address verification method according to claim 4, which is characterized in that
When enter Centralized Wireless LAN FIT-AP deployment scenario all devices in each equipment from by second controller When the range of the third wireless router of control is moved to the range of the 4th wireless router controlled by third controller, the 4th Wireless router notifies third controller, third controller to be stored in second controller request after detecting the equipment Binding relationship relevant to the equipment in IP-MAC binding table in second controller;
After second controller receives to request, which is sent to third controller, third controller closes the binding It is in the IP-MAC binding table that is stored in third controller, and the binding relationship is sent to the 4th wireless router, the 4th The binding relationship is stored in the MAC-IP binding table in the 4th wireless router by wireless router;
Second controller is automatically deleted binding relevant to the equipment in the IP-MAC binding table being stored in second controller Relationship, third wireless router are automatically deleted in the MAC-IP binding table being stored in third wireless router and the equipment phase The binding relationship of pass, to realize the migration of the binding relationship of the equipment.
9. based on WLAN source address verification method according to claim 4, which is characterized in that creation binding Table, and make to be preserved in the binding table into each in all devices of the FIT-AC deployment scenario of Centralized Wireless LAN The binding relationship of the MAC Address of equipment and the IP address for distributing to the equipment, comprising:
Obtain the MAC Address of each equipment in all devices for entering the FIT-AC deployment scenario and the IP for distributing to the equipment The binding relationship of address, and the binding relationship is sent to controller;
Judge whether the binding relationship is legal by the controller, if legal, is then closed the binding by the controller System is added to IP-MAC binding table and MAC-IP binding table;Otherwise, the binding relationship is abandoned.
10. based on WLAN source address verification method according to claim 4, which is characterized in that
When enter Centralized Wireless LAN FIT-AC deployment scenario all devices in each equipment from by the 4th controller When the range of 5th wireless router of control is moved to the range by the 6th wireless router of the 5th controller control, the 6th Wireless router notifies the 5th controller, the 5th controller to be stored in the request of the 4th controller after detecting the equipment Binding relationship relevant to the equipment in IP-MAC binding table and MAC-IP binding table in 4th controller;
After the 4th controller receives to request, which is sent to the 5th controller, the 5th controller closes the binding System is stored in IP-MAC binding table and MAC-IP binding table in the 5th controller;
4th controller be automatically deleted in the IP-MAC binding table and MAC-IP binding table being stored in the 4th controller with it is described The relevant binding relationship of equipment, to realize the migration of the binding relationship of the equipment.
11. based on WLAN source address verification method according to claim 4, which is characterized in that creation binding Table, and make to be preserved in the binding table into each in all devices of the FAT-AP deployment scenario of distributed wireless local area network The binding relationship of the MAC Address of equipment and the IP address for distributing to the equipment, comprising:
Obtain the MAC Address of each equipment in all devices for entering the FAT-AP deployment scenario and the IP for distributing to the equipment The binding relationship of address;
Judge whether the binding relationship is legal by wireless router, if legal, is then tied up by the wireless router by described Determine relationship and is added to IP-MAC binding table and MAC-IP binding table;Otherwise, the binding relationship is abandoned.
12. based on WLAN source address verification method according to claim 4, which is characterized in that
When in all devices of FAT-AP deployment scenario for entering distributed wireless local area network each equipment from the 7th wireless routing When the range of device is moved to the range of the 8th wireless router, the 8th wireless router is after detecting the equipment, to the 7th In wireless router request the IP-MAC binding table and MAC-IP binding table that are stored in the 7th wireless router with the equipment Relevant binding relationship;
After the 7th wireless router receives to request, which is sent to the 8th wireless router, the 8th wireless routing The binding relationship is stored in the IP-MAC binding table and MAC-IP binding table in the 8th wireless router by device;
7th wireless router is automatically deleted the IP-MAC binding table and MAC-IP binding table being stored in the 7th wireless router In binding relationship relevant to the equipment, to realize the migration of the binding relationship of the equipment.
13. the based on WLAN source address verification method according to any one of claim 7,8,10 and 12, It is characterized in that, the binding relationship of the equipment migrates across Extended Protocol to execute.
CN201810524132.2A 2018-05-28 2018-05-28 Based on WLAN source address verification method Pending CN108965241A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810524132.2A CN108965241A (en) 2018-05-28 2018-05-28 Based on WLAN source address verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810524132.2A CN108965241A (en) 2018-05-28 2018-05-28 Based on WLAN source address verification method

Publications (1)

Publication Number Publication Date
CN108965241A true CN108965241A (en) 2018-12-07

Family

ID=64492232

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810524132.2A Pending CN108965241A (en) 2018-05-28 2018-05-28 Based on WLAN source address verification method

Country Status (1)

Country Link
CN (1) CN108965241A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112087449A (en) * 2020-09-08 2020-12-15 清华大学 Verification method and system of source address, storage medium and electronic equipment
CN112566128A (en) * 2021-03-01 2021-03-26 深圳市乙辰科技股份有限公司 Wireless router management and control method based on mac address
CN114268816A (en) * 2021-12-24 2022-04-01 广东悦伍纪网络技术有限公司 Advertisement directional distribution method, device and system based on local area network equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621513A (en) * 2009-07-20 2010-01-06 清华大学 Method for normalizing verification scheme of source address accessed into subnetwork
US20170063680A1 (en) * 2015-08-24 2017-03-02 Alibaba Group Holding Limited Verifying source addresses associated with a terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621513A (en) * 2009-07-20 2010-01-06 清华大学 Method for normalizing verification scheme of source address accessed into subnetwork
US20170063680A1 (en) * 2015-08-24 2017-03-02 Alibaba Group Holding Limited Verifying source addresses associated with a terminal
CN106487742A (en) * 2015-08-24 2017-03-08 阿里巴巴集团控股有限公司 For verifying the method and device of source address effectiveness

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
J. BI,J. WU,Y. WANG,T. LIN: "A SAVI Solution for WLAN", 《HTTPS://TOOLS.IETF.ORG/HTML/DRAFT-BI-SAVI-WLAN-14》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112087449A (en) * 2020-09-08 2020-12-15 清华大学 Verification method and system of source address, storage medium and electronic equipment
CN112566128A (en) * 2021-03-01 2021-03-26 深圳市乙辰科技股份有限公司 Wireless router management and control method based on mac address
CN114268816A (en) * 2021-12-24 2022-04-01 广东悦伍纪网络技术有限公司 Advertisement directional distribution method, device and system based on local area network equipment
CN114268816B (en) * 2021-12-24 2023-11-21 广东悦伍纪网络技术有限公司 Advertisement directional distribution method, device and system based on local area network equipment

Similar Documents

Publication Publication Date Title
CN103891355B (en) A kind of method of service register and discovery, equipment and system
Akyol et al. A survey of wireless communications for the electric power system
CN105392127B (en) Relay method of wireless relay equipment and wireless relay equipment
CN102075904A (en) Method and device for preventing re-authentication of roaming user
CN107094293A (en) A kind of device and method for obtaining WiFi terminal real MAC address
US20180048633A1 (en) Perception-free authentication method and system, and control method and system based on the same
CN108965241A (en) Based on WLAN source address verification method
CN107864508A (en) A kind of pre-synchronization method and device of radio roaming authentication state
CN109391498A (en) The management method and the network equipment of networking component
CN102833268A (en) Method, equipment and system for resisting wireless network flooding attack
CN107182098A (en) For realizing the method and apparatus that user equipment switches between WAP
CN101621433B (en) Method, device and system for configuring access equipment
CN106792684A (en) The wireless network secure guard system and means of defence of a kind of multiple-protection
CN110324274A (en) The method and network element of controlling terminal access network
CN102035703A (en) Family wireless network and implementation method thereof
CN103906055A (en) Service data distribution method and service data distribution system
CN105657711B (en) A kind of method for connecting network and electronic equipment
CN102215515B (en) Data processing method, communication system and related equipment
CN107820246A (en) The methods, devices and systems of user authentication
CN1921496B (en) Method for DHCP client terminal to identifying DHCP server
CN105744524B (en) Mobile device networking authentication method in a kind of WIA-PA industry wireless network
CN102217239A (en) Method, apparatus and system for updating group transient key
US20150120930A1 (en) Provisioning access point bandwidth based on predetermined events
CN108112015A (en) A kind of switching method of speech business, device and mobile terminal
CN102149172A (en) Method, device and system for selecting access gateway

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181207

RJ01 Rejection of invention patent application after publication