CN114500175A - Communication method for reversely dividing home VLAN based on IP address of user equipment - Google Patents

Communication method for reversely dividing home VLAN based on IP address of user equipment Download PDF

Info

Publication number
CN114500175A
CN114500175A CN202210155719.7A CN202210155719A CN114500175A CN 114500175 A CN114500175 A CN 114500175A CN 202210155719 A CN202210155719 A CN 202210155719A CN 114500175 A CN114500175 A CN 114500175A
Authority
CN
China
Prior art keywords
user equipment
vlan
address
access point
wireless access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210155719.7A
Other languages
Chinese (zh)
Other versions
CN114500175B (en
Inventor
王佳毅
蔡贤森
赵云
曹东海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhizhou Technology Co ltd
Original Assignee
Beijing Zhizhou Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhizhou Technology Co ltd filed Critical Beijing Zhizhou Technology Co ltd
Priority to CN202210155719.7A priority Critical patent/CN114500175B/en
Publication of CN114500175A publication Critical patent/CN114500175A/en
Application granted granted Critical
Publication of CN114500175B publication Critical patent/CN114500175B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/20Selecting an access point
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Abstract

The invention provides a communication method for reversely dividing an attribution VLAN based on an IP address of user equipment, which comprises the following steps: step 1, configuring a flow; step 2, the user equipment UE is accessed to the wireless wifi, and a two-layer wifi connection process is established; and step 3, dividing the flow. The invention provides a method for selecting a VLAN to which User Equipment (UE) belongs, which can avoid network environment change caused by frequent change of IP when the UE moves in different areas of a park, and can provide a fixed VLAN mark for the UE for distinguishing network access authority.

Description

Communication method for reversely dividing home VLAN based on IP address of user equipment
Technical Field
The invention belongs to the technical field of data communication, and particularly relates to a communication method for reversely dividing an attribution VLAN based on an IP address of user equipment.
Background
At present, a lot of wireless WiFi access networks which are laid in a mode of access switches, routers, wireless AC + AP and the like are used in a garden and a metropolitan area network. Since WiFi is a wireless access technology using a free frequency band, it can be widely applied to the laying and coverage of private wireless networks.
The process of accessing the IP network by the user equipment UE comprises the steps of physical layer negotiation, link layer negotiation, IP address acquisition and the like.
Wherein, the physical layer negotiates: refers to the determination process of physical layer access and physical layer transmission rate of User Equipment (UE). Such as ethernet line access to a wired network, negotiations to the link are for a specified rate network, such as a hundred megabyte ethernet or a gigabit ethernet. And for example WiFi network access to a WiFi standard version determined to be followed by the WiFi network, such as WiFi5 and WiFi6
Link layer negotiation: the method refers to a process that after User Equipment (UE) accesses data forwarding equipment, two-layer forwarding addresses of the opposite side are mutually discovered. In the wired ethernet, the MAC address mutual discovery process is generally referred to; in the WiFi access process, User Equipment (UE) is also involved in negotiating a wireless encryption process until the WiFi network is completely accessed. After the procedure is completed, the virtual local area network VLA N to which the user equipment UE belongs has been determined.
Obtaining an IP address: refers to a process of acquiring an IP address by user equipment UE. In general, the IP address is automatically assigned using a DHCP server, or may be manually assigned by a user.
In the process of accessing the user equipment UE to the network, the VLAN to which the user equipment UE belongs is already determined in the link layer negotiation process. This approach has the following problems: the phenomenon of overlarge network and overlarge broadcast flow easily occurs to the WiFi network in the large park.
In order to avoid excessive broadcast traffic, the WiFi network may group the APs by the AC, correspond to different physical areas, and configure different VLANs. The scheme can effectively solve the problem of excessive broadcast flow, but when the user moves to a different network area, the user can switch among a plurality of VLANs, which means that the mobile device of the user needs to perform the IP address acquisition process again in a new VLAN. However, in order to facilitate the user to remember the access SSID or password, the campus network generally requires the same WiFi access configuration. Therefore, the mobile device cannot identify the network boundary when roaming, and cannot initiatively restart the IP address acquisition process. Therefore, after roaming between areas, the mobile device cannot get on the internet. Unless the user manually disconnects the WiFi network and re-accesses it, a re-acquisition of the IP address is triggered.
In order to solve the problem of user roaming, a wireless VLAN pool access technology has emerged. The AC may configure multiple VLANs for the WiFi network. After the user accesses the WiFi network, the user is randomly added into a certain VLAN, and the user is ensured to be always in the same VLAN within the user activity time. The scheme can solve the problem of cross-regional roaming of users, and the users can be evenly distributed into a plurality of VLANs, so that each VLAN is ensured not to have too many users. However, VLAN and IP addresses are also commonly used for other service features, such as that a campus wants users in different departments or floors to enter a fixed VLAN, and the VLAN tag is used to distinguish the users to obtain different network access rights. The VLAN pool scheme cannot ensure that users enter the same VLAN, and is not beneficial to the safety access management of the campus network.
On the basis, part of the WiFi network using the 802.1x authentication or MAC authentication scheme carries VLAN information used by the user in the authentication success message. When the user accesses the WiFi network, centralized authentication is needed, and the VLAN distributed by the authentication result is obtained after the authentication is passed. The scheme can solve the problems of user VLAN change and roaming, but needs to collect MAC addresses of all users or register authentication accounts for all users, and has high maintenance cost.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a communication method for reversely dividing the home VLAN based on the IP address of the user equipment, which can effectively solve the problems.
The technical scheme adopted by the invention is as follows:
the invention provides a communication method for reversely dividing home VLANs based on IP addresses of user equipment, which comprises the following steps:
step 1, configuring a flow:
step 1.1, connecting a wireless controller AC with a plurality of wireless access points AP; each wireless access point, AP, has a corresponding AP coverage area at which a wireless WiFi network is provided;
the wireless controller AC divides a provided service network into a plurality of service VLANs, and each service VLAN is provided with a service VLAN identification; the wireless controller AC configures an IP address segment corresponding to each service VLAN, thereby forming a mapping relation table of the IP address segment-the service VLAN;
the method comprises the steps that a wireless controller AC creates a default VLAN corresponding to each wireless access point AP, each default VLAN is provided with a default VLAN mark, and therefore a mapping relation table of the wireless access points AP and the default VLAN is formed;
step 1.2, the wireless controller AC issues a VLAN identification table to each wireless access point AP, where the VLAN identification table stores VLAN identifications of all VLANs, including: a service VLAN identification and a default VLAN identification;
step 1.3, the wireless access point AP stores the received VLAN identification table;
step 2, the user equipment UE accesses wireless wifi, and a two-layer wifi connection process is established:
step 2.1, initially, the user equipment UE is not configured with an IP address, and at the moment, the IP address is a default value of 0;
step 2.2, the user equipment UE searches wireless access points AP of the nearby area to obtain a wireless access point AP list; selecting a wireless access point AP with the highest priority according to the wireless access point AP list, wherein the wireless access point AP is represented as a wireless access point AP (best), and the user equipment UE sends a connection request to the wireless access point AP (best), wherein the connection request carries a user equipment UE identifier and an IP address;
step 2.3, the wireless access point AP (best) forwards the connection request to the wireless controller AC;
step 2.4, the wireless controller AC parses the connection request to obtain that the IP address of the user equipment UE is a default value 0, so that according to the network access policy, a mapping relation table between the wireless access point AP and the default VLAN is searched, a default VLAN corresponding to the wireless access point AP (best) is obtained and is denoted as a default VLAN (default), and the identifier of the default VLAN (default) is sent to the wireless access point AP (best);
step 2.5, the wireless access point AP (best) establishes a first record table, the matching relation between the user equipment UE and the default VLAN (default) is added to the first record table, and the user equipment UE is added into the default VLAN (default), so that the user equipment UE is accessed into the wireless wifi network;
step 3, dividing the flow:
step 3.1, after establishing wireless wifi connection between User Equipment (UE) and a wireless Access Point (AP) (best) and performing limited internet access connection service through a default VLAN (default), the User Equipment (UE) sends a data message in a wireless wifi network; the data message comprises a non-IP message and an IP message;
step 3.2, the wireless access point AP (best) locally establishes a second record table of the user equipment UE identification, the source IP address and the attributive service VLAN identification; the second record table is used for recording the mapping relation between the source IP address of each user equipment UE and the added service VLAN of each user equipment UE in the coverage area of the wireless access point AP (best);
a wireless access point AP (best) captures all IP messages of each user equipment UE in the coverage area of the wireless access point AP (best), and extracts a source IP address and a user equipment UE identification from each captured IP message; wherein, the source IP address is the IP address of the user equipment UE;
for a certain IP packet, assuming that the extracted UE identity is UE identity (UEID), the wireless access point ap (best) searches the second record table, first determining whether the currently captured UE identity (UEID) exists in the second record table, if not, indicating that the UE is UE newly entering the coverage area of the wireless access point ap (best), then executing step 3.3; if so, executing step 3.4;
step 3.3, the processing flow of the newly added user equipment UE is as follows:
step 3.3.1, the wireless access point AP (best) reports the user equipment UE identification (UEID) and the source IP address to the wireless controller AC;
step 3.3.2, the wireless controller AC searches a user equipment network attribution table, the user equipment network attribution table is used for storing the matching relation between the user equipment UE and the service VLAN, whether the service VLAN corresponding to the current user equipment UE identification (UEID) exists in the user equipment network attribution table is judged, and if the service VLAN exists, the step 3.3.3 is executed; if not, executing step 3.3.4;
step 3.3.3, when the information exists, it indicates that the current user equipment UE is divided into a corresponding service VLAN, and the user equipment UE roams into the coverage area of the current wireless access point ap (best), so that the wireless controller AC issues a notification message that the service VLAN is maintained unchanged to the wireless access point ap (best), and the notification message carries the matched service VLAN identifier;
the wireless access point AP (best) adds the user equipment UE identification (UEID), the source IP address and the service VLAN identification issued by the wireless controller AC into the second recording table to realize the updating of the second recording table, so that the user equipment UE still keeps communicating in the originally divided service VLAN;
step 3.3.4, when the information does not exist, the current user equipment UE still belongs to the default VLAN, the wireless controller AC searches the mapping relation table of the IP address field-service VLAN, judges whether the source IP address of the user equipment UE is matched with a certain IP address field in the mapping relation table of the IP address field-service VLAN, and if the matching fails, sends a notification message that the default VLAN is maintained unchanged to a wireless access point AP (best); when the wireless access point ap (best) receives the notification message, no operation is performed, so that the user equipment UE is still maintained in the default VLAN;
if the matching is successful, the matched service VLAN is sent to a wireless access point AP (best); the wireless access point AP (best) adds the user equipment UE identification (UEID), the source IP address and the service VLAN identification issued by the wireless controller AC into the second recording table to realize the updating of the second recording table, and simultaneously adds the user equipment UE into the service VLAN issued by the wireless controller AC, thereby realizing the access of the user equipment UE into the corresponding service VLAN;
step 3.4, the processing flow of the added user equipment UE is as follows:
step 3.4.1, the wireless access point ap (best) further determines whether the source IP address of the UE is the same as the source IP address recorded in the first record table, and if so, indicates that the source IP address of the UE is not changed, so that the UE does not perform any operation and remains in the originally divided service VLAN for communication; if not, go to step 3.4.2;
step 3.4.2, the wireless access point ap (best) reports the UE identity (UEID) and the source IP address to the wireless controller AC;
step 3.4.3, the wireless controller AC searches a mapping relation table of the IP address field and the service VLAN, judges whether the source IP address of the user equipment UE is matched with a certain IP address field in the mapping relation table of the IP address field and the service VLAN, if the matching is failed, sends a notification message for dividing the user equipment UE into default VLANs to a wireless access point AP (best), and the wireless access point AP (best) updates a second recording table and adds the user equipment UE into the default VLAN;
if the matching is successful, the matched service VLAN is sent to a wireless access point AP (best); and the wireless access point AP (best) updates the second record table and adds the user equipment UE into the service VLAN issued by the wireless controller AC.
Preferably, the user equipment UE identity is a MAC address of the user equipment UE.
Preferably, when the mapping relation table of the IP address field-service VLAN is configured, different service VLANs have different network access rights.
Preferably, the source IP address of the user equipment UE is a static IP address.
The communication method for reversely dividing the home VLAN based on the IP address of the user equipment has the following advantages that:
the invention provides a method for selecting a VLAN to which User Equipment (UE) belongs, which can avoid network environment change caused by frequent change of IP when the UE moves in different areas of a park, and can provide a fixed VLAN mark for the UE for distinguishing network access authority.
Drawings
Fig. 1 is a schematic flow chart of a communication method for reverse dividing a home VLAN based on an IP address of a user equipment according to the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects solved by the present invention more clearly apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a method for selecting a VLAN (virtual local area network) to which User Equipment (UE) belongs according to a static IP address configured by the UE, which relates to TCP/IP two-layer and three-layer network technologies, in particular to a technology for reversely classifying the VLAN belonging to the two-layer network by using the three-layer network address of the UE.
The following first explains the keywords involved in the present invention:
TCP/IP network: TCP/IP networks based on ethernet switching technology (IEEE802.3) are a network switching technology widely used in campus and metropolitan area networks. This network technology uses the ethernet switching technology standard as a two-layer network standard and uses the TCP/IP protocol standard as a three-layer network standard. To efficiently handle data traffic, TCP/IP networks define transmission standards for broadcast data for detecting the presence of other hosts and unicast data transmission standards for the transmission of regular data. In such networks, a two-layer switch and an ethernet cable are typically used to provide physical layer access to the network for the subscriber host, and a three-layer switch and router are used to handle the forwarding of subscriber data.
With the development of TCP/IP network, the size of the network becomes gradually huge, and the number of hosts in the network increases day by day, which leads to the broadcast data scale increasing and occupies too much network transmission resources. The ieee802.1q VLAN partition standard has emerged to solve the problem of network oversize. The technology avoids too many hosts working in the same broadcast domain by dividing the hosts into different VLANs which do not share broadcast data. Hosts in the same VLAN can communicate directly through broadcast communication, while data across VLANs require three-tier switches or routers for data forwarding. In addition, various security policies, access control policies, and other functions may also be implemented on switches and router devices based on VLANs.
Typically, which VLAN a host is assigned to depends on how the access switch manages. Generally, the method is divided based on switch interfaces, host MAC addresses and IP subnets.
WiFi: WiFi is a wireless local area network technology created from the IEEE 802.11 standard. With the development of wireless technology, WiFi is widely used as a wireless access layer technology in mobile office scenes in a campus. The notebook computer and the working terminal are accessed to the wireless controller and the service network through WiFi wireless signals and enter the appointed VLAN according to wireless service configuration. In this link, WiFi is a wireless access technology, and avoids the process that the user must use a network cable to connect to the access switch.
Wireless controller (AC): large WiFi networks use a large number of WiFi access devices. A wireless device management scheme of the AC + AP architecture has emerged for centrally managing WiFi access devices. Where the wireless controller (AC) does not itself transmit WiFi signals but is used to manage all wireless Access Points (APs) in a large WiFi network.
Wireless Access Point (AP): in order to meet the wireless network deployment requirement of a large area, a large amount of wireless signal transmitting equipment is needed. A wireless Access Point (AP) is a wireless access device that provides WiFi access signals exclusively.
The invention provides a method for selecting a VLAN (virtual local area network) to which User Equipment (UE) belongs, which can avoid the change of network environment caused by frequent change of IP (Internet protocol) when the UE moves in different areas of a park, and can provide a fixed VLAN mark for the UE for distinguishing network access authority.
Referring to fig. 1, the present invention provides a communication method for reverse dividing home VLANs based on user equipment IP addresses, comprising the steps of:
step 1, configuring a flow:
step 1.1, connecting a wireless controller AC with a plurality of wireless access points AP; each wireless access point, AP, has a corresponding AP coverage area at which a wireless WiFi network is provided;
the wireless controller AC divides a provided service network into a plurality of service VLANs, and each service VLAN is provided with a service VLAN identification; the wireless controller AC configures an IP address segment corresponding to each service VLAN, thereby forming a mapping relation table of the IP address segment-the service VLAN;
the method comprises the steps that a wireless controller AC creates a default VLAN corresponding to each wireless access point AP, each default VLAN is provided with a default VLAN mark, and therefore a mapping relation table of the wireless access points AP and the default VLAN is formed;
step 1.2, the wireless controller AC issues a VLAN identification table to each wireless access point AP, where the VLAN identification table stores VLAN identifications of all VLANs, including: a service VLAN identification and a default VLAN identification;
step 1.3, the wireless access point AP stores the received VLAN identification table;
step 2, the user equipment UE accesses wireless wifi, and a two-layer wifi connection process is established:
step 2.1, initially, the user equipment UE is not configured with an IP address, and at the moment, the IP address is a default value of 0;
step 2.2, the user equipment UE searches wireless access points AP of the nearby area to obtain a wireless access point AP list; selecting a wireless access point AP with the highest priority according to the wireless access point AP list, wherein the wireless access point AP is represented as a wireless access point AP (best), and the user equipment UE sends a connection request to the wireless access point AP (best), wherein the connection request carries a user equipment UE identifier and an IP address;
step 2.3, the wireless access point AP (best) forwards the connection request to the wireless controller AC;
step 2.4, the wireless controller AC parses the connection request to obtain that the IP address of the user equipment UE is a default value 0, so that according to the network access policy, a mapping relation table between the wireless access point AP and the default VLAN is searched, a default VLAN corresponding to the wireless access point AP (best) is obtained and is denoted as a default VLAN (default), and the identifier of the default VLAN (default) is sent to the wireless access point AP (best);
step 2.5, the wireless access point AP (best) establishes a first record table, the matching relation between the user equipment UE and the default VLAN (default) is added to the first record table, and the user equipment UE is added into the default VLAN (default), so that the user equipment UE is accessed into the wireless wifi network;
step 3, dividing the flow:
in the invention, for the user equipment UE, the division process of the step 3 is carried out only after the wireless wifi is accessed through the step 2.
The main scenes of the flow are divided into three types:
first, the AC allocates service VLAN to the UE for the first time
And (3) after the user equipment UE just performs the access process of the step (2), the user equipment UE is in the coverage range of the AP1, the user equipment UE sends an IP message, the AP1 captures the IP message and reports the IP message to the AC. The AC obtains a matched service VLAN by searching the mapping relation table of the IP address field and the service VLAN, and sends the matched service VLAN to the AP1, so that the AP1 divides the user equipment UE into the corresponding service VLANs. Then, the AP1 records the correspondence table of the identity, the IP address, and the service VLAN of the user equipment UE.
Second, for the user equipment UE to which the traffic VLAN has been assigned, it is still in the coverage of the AP1
In this case, when the IP address of the UE is not changed, it still continuously sends the IP packet; the AP1 captures the IP packet, obtains the IP address of the UE by analyzing the IP packet, and finds out that the IP address of the UE is not changed by looking up the local mapping table, so the AP1 does not perform any operation, and the UE is still maintained in the original service VLAN and does not change.
In this case, when the IP address of the UE changes, it still continuously sends the IP packet; the AP1 captures the IP packet, obtains the IP address of the UE by analyzing the IP packet, and finds out that the IP address of the UE changes by looking up the local mapping table. Therefore, the AP1 reports the IP address of the UE to the AC, so that the AC is re-matched to a new service VLAN, and if the AC does not match to a new service VLAN, the AC is divided into default VLANs. And the AC sends the matching result to the AP.
Third, for a user equipment UE that has been assigned a traffic VLAN, it roams from the coverage of AP1 to the coverage of AP2
When the user equipment UE roams to the coverage area of the AP2, the user equipment UE sends an IP message, and the AP2 captures the IP message to obtain the identification and the IP address of the user equipment UE; the AP2 finds the local mapping table, and knows that the UE is a device newly roaming to the local area, and therefore the AP2 reports the IP address of the UE and the identity of the UE to the AC. The AC searches a user equipment network attribution table to obtain a matched service VLAN, then searches a mapping relation table of an IP address section-service VLAN to obtain a service VLAN matched with the IP address, if the two are consistent, the IP address of the user equipment UE is not changed, and the service VLAN does not need to be changed, therefore, the identification of the service VLAN and the notification of the unchanged service VLAN are sent to the AP2, the AP2 only updates the local corresponding relation table, and the service VLAN of the user equipment UE is not changed. In this case, the user equipment UE roams from the coverage area of the AP1 to the coverage area of the AP2, but remains in the original traffic VLAN because its IP address is not changed.
If the two are not consistent, the change of the IP address of the user equipment UE is indicated, so that the service VLAN obtained through the mapping relation table of the IP address field and the service VLAN and the notification of changing the service VLAN are sent to the AP2, and meanwhile, the AC updates the network attribution table of the user equipment. And for the AP, updating the local corresponding relation table, and performing change operation on the service VLAN of the user equipment UE. In this case, the user equipment UE roams from the coverage of the AP1 to the coverage of the AP2, but the IP address changes, and therefore the traffic VLAN needs to be updated.
The specific dividing process comprises the following steps:
step 3.1, after establishing wireless wifi connection between User Equipment (UE) and a wireless Access Point (AP) (best) and performing limited internet access connection service through a default VLAN (default), the User Equipment (UE) sends a data message in a wireless wifi network; the data message comprises a non-IP message and an IP message;
step 3.2, the wireless access point AP (best) locally establishes a second record table of the user equipment UE identification, the source IP address and the attributive service VLAN identification; the second record table is used for recording the mapping relation between the source IP address of each user equipment UE and the added service VLAN of each user equipment UE in the coverage area of the wireless access point AP (best);
a wireless access point AP (best) captures all IP messages of each user equipment UE in the coverage area of the wireless access point AP (best), and extracts a source IP address and a user equipment UE identification from each captured IP message; wherein, the source IP address is the IP address of the user equipment UE;
for a certain IP packet, assuming that the extracted UE identity is UE identity (UEID), the wireless access point ap (best) searches the second record table, first determining whether the currently captured UE identity (UEID) exists in the second record table, if not, indicating that the UE is UE newly entering the coverage area of the wireless access point ap (best), then executing step 3.3; if so, executing step 3.4;
step 3.3, the processing flow of the newly added user equipment UE is as follows:
step 3.3.1, the wireless access point AP (best) reports the user equipment UE identification (UEID) and the source IP address to the wireless controller AC;
step 3.3.2, the wireless controller AC searches a user equipment network attribution table, the user equipment network attribution table is used for storing the matching relation between the user equipment UE and the service VLAN, whether the service VLAN corresponding to the current user equipment UE identification (UEID) exists in the user equipment network attribution table is judged, and if the service VLAN exists, the step 3.3.3 is executed; if not, executing step 3.3.4;
step 3.3.3, when the information exists, it indicates that the current user equipment UE is divided into a corresponding service VLAN, and the user equipment UE roams into the coverage area of the current wireless access point ap (best), so that the wireless controller AC issues a notification message that the service VLAN is maintained unchanged to the wireless access point ap (best), and the notification message carries the matched service VLAN identifier;
the wireless access point AP (best) adds the user equipment UE identification (UEID), the source IP address and the service VLAN identification issued by the wireless controller AC into the second recording table to realize the updating of the second recording table, so that the user equipment UE still keeps communicating in the originally divided service VLAN;
step 3.3.4, when the information does not exist, the current user equipment UE still belongs to the default VLAN, the wireless controller AC searches the mapping relation table of the IP address field-service VLAN, judges whether the source IP address of the user equipment UE is matched with a certain IP address field in the mapping relation table of the IP address field-service VLAN, and if the matching fails, sends a notification message that the default VLAN is maintained unchanged to a wireless access point AP (best); when the wireless access point ap (best) receives the notification message, no operation is performed, so that the user equipment UE is still maintained in the default VLAN;
if the matching is successful, the matched service VLAN is sent to a wireless access point AP (best); the wireless access point AP (best) adds the user equipment UE identification (UEID), the source IP address and the service VLAN identification issued by the wireless controller AC into the second recording table to realize the updating of the second recording table, and simultaneously adds the user equipment UE into the service VLAN issued by the wireless controller AC, thereby realizing the access of the user equipment UE into the corresponding service VLAN;
step 3.4, the processing flow of the added user equipment UE is as follows:
step 3.4.1, the wireless access point ap (best) further determines whether the source IP address of the UE is the same as the source IP address recorded in the first record table, and if so, indicates that the source IP address of the UE is not changed, so that the UE does not perform any operation and remains in the originally divided service VLAN for communication; if not, go to step 3.4.2;
step 3.4.2, the wireless access point ap (best) reports the UE identity (UEID) and the source IP address to the wireless controller AC;
step 3.4.3, the wireless controller AC searches a mapping relation table of the IP address field and the service VLAN, judges whether the source IP address of the user equipment UE is matched with a certain IP address field in the mapping relation table of the IP address field and the service VLAN, if the matching is failed, sends a notification message for dividing the user equipment UE into default VLANs to a wireless access point AP (best), and the wireless access point AP (best) updates a second recording table and adds the user equipment UE into the default VLAN;
if the matching is successful, the matched service VLAN is sent to a wireless access point AP (best); and the wireless access point AP (best) updates the second record table and adds the user equipment UE into the service VLAN issued by the wireless controller AC.
In the present invention, the UE identity may be the MAC address of the UE.
In the invention, when the mapping relation table of the IP address field-service VLAN is configured, different service VLANs have different network access rights. And the source IP address of the UE is a static IP address.
One specific embodiment is described below:
the invention provides a method for dividing User Equipment (UE) attribution VLAN according to IP address used by the UE, which mainly defines the relation between the IP address and the VLAN in advance and realizes matching the VLAN in a mode of manually configuring the IP by a user.
The invention mainly distributes and manages the IP address and the VLAN in advance and issues the related information to the network management equipment, thereby realizing that the user divides the home VLAN according to the equipment IP. Referring to the flow chart, it can be seen that the implementation work of the scheme is mainly in the configuration process of the wireless WiFi service and the access process of the user accessing the WiFi network. The main work flow can be divided into a configuration flow, an access flow and a division flow.
Step 1: a configuration flow:
the configuration flow is a basic deployment flow of the WiFi network.
Step 1.1: when the wireless controller AC deploys wireless services, the rules that different IPs enter different service VLANs can be configured by taking the IP subnet as a unit, and a wireless WiFi network is deployed on the basis.
Specifically, the wireless controller AC needs to support configuring the corresponding relationship between the IP address field and the service VLAN, and store the relationship after issuing the WiFi service so as not to allow the relationship to be changed during service operation, so as to determine the service VLAN to which the user equipment UE belongs in the WiFi service in real time.
Step 1.2: the wireless controller AC configures a default VLAN for the wireless network for accommodating that the user equipment UE not properly configured with an IP address acquires a restricted network service.
Step 2: an access process:
the method refers to a process of accessing a WiFi network by user equipment UE, and is mainly different from a common process of accessing the WiFi network in that: the user needs to manually set the static IP address of the user equipment UE, and directly uses the IP address stored in the last manual configuration when accessing again.
The user manually configures an IP address on demand, typically assigned by a network administrator, on the user equipment UE.
And step 3: dividing the flow:
the process is a process specific to the method. After the general WiFi network access process is finished, the user equipment UE enters the designated VLAN of the WiFi network to carry out the internet surfing service. In the method of the invention, after the user equipment UE accesses the WiFi network, the IP address used by the data service needs to be additionally judged: and if the UE IP address of the user equipment is matched with the VLAN division rule, dynamically modifying the VLAN where the user is located, otherwise, the user stays in the default VLAN of the WiFi network. The network administrator may notify the user equipment (optionally) that the UE currently stays in the traffic restricted VLAN at the default VLAN via traffic such as Portal or ACL.
For the wireless network service configured with the VLAN division rule, the following process will be available when the user equipment UE is accessed to the network and then the division process is carried out
Step 1-A: when the user equipment UE accesses WiFi and does not set IP, the user enters a default VLAN which cannot be accessed to the Internet.
Step 1-B: when the user equipment UE accesses the WiFi and the user equipment UE is configured with the IP address, the IP message carrying the active IP is automatically sent to the wireless access point AP after the WiFi is connected. After receiving the IP message, the wireless access point AP reports the IP address to the AC
Step 2: and after receiving the IP address message, the AC analyzes and matches the IP address.
E.g., source IP 10.110.2.100, to a corresponding binary address as follows
00001010 01101110 00000010 01100100
According to the configured IP matching rule IP-based 10.110.2.1/24vlan 2, the IP address users representing the IP in the subnet 10.110.2.1/24 can be divided into vlans 2. 10.110.2.1 into corresponding binary addresses as follows 00001010011011100000001000000001
Compared with the source IP 10.110.2.100, the first 24 network numbers are 000010100110111000000010, i.e. the network numbers are the same. Therefore, the AC sends the notice that the UE is divided into the VLAN2 to the AP
And step 3: after receiving the notification of dividing the VLAN by the user equipment UE, the AP modifies the VLAN where the user equipment UE is located, divides the user equipment UE into the VLAN2, and the user equipment UE can perform normal network communication service in the VLAN2
The VLAN splitting rules as described above may support multiple simultaneous VLANs for joining different user equipments UEs to different VLANs.
After the division process is completed, the user equipment UE can enter the expected assigned VLAN to acquire the network service. In addition, during the continuous use of the network service, the user equipment UE may roam or modify the IP address manually. The division process is therefore essentially continuous throughout the time the user is connected to the network. In the service process, the AC receives the user roaming event or the user IP address change event at any time. For events that are likely to occur at any time, the AC follows the following processing principles:
when User Equipment (UE) is accessed, the AP prestores a second record table of User Equipment (UE) identification, a source IP address and an attributive service VLAN identification of the accessed user equipment; and the AP judges whether the IP address of the current user equipment UE is the same as the source IP address in the second record table, and if so, no operation is performed. If the UE identifier and the source IP address are different, the AP reports the UE identifier and the source IP address to the wireless controller AC;
the AC matches the reported IP address and the mapping relation table of the IP address field-service VLAN, and if the matching fails, a new matching result is issued to the wireless access point AP; if the matching is successful, the user equipment UE is matched with the VLAN, and WiFi roaming is carried out. At this time, the last matching result should be directly notified to the AP, so as to accelerate the VLAN division speed.
An embodiment is described as follows:
step 1: when the wireless controller AC deploys wireless services, the rules that different IPs enter different service VLANs are configured by taking the IP subnet as a unit, and the wireless WiFi network is deployed on the basis.
Step 2: the wireless controller AC configures a default VLAN for the wireless network for accommodating that the user equipment UE not properly configured with an IP address acquires a restricted network service.
And step 3: the user manually configures the IP address on demand at the user equipment UE, which is typically assigned by a network administrator.
And 4, step 4: and the user equipment UE accesses the wireless WiFi signal and enters the appointed VLAN according to the configured IP.
Step 4 further comprises the following processing steps:
4-1, before determining the home VLAN of the user equipment UE, the AP needs to distinguish the data message of the user equipment UE and directly forwards the non-IP message, the message with the source IP of 0 and the like.
And 4-2, analyzing the IP message by the AP, extracting a source IP of the IP message and informing the AC of VLAN matching.
And 4-3, the AC receives the source IP reported by the AP and carries out binary matching according to the existing IP-VLAN matching rule. If the matching is successful, a user VLAN change notice is issued to the AP, and the matching record is locally stored.
4-4. if the AC does not match any VLAN rule, the AP is not notified.
And 4-5, after receiving the user VLAN change notification, the AP changes the VLAN to which the user belongs. Otherwise the user stays in the default VLAN.
And 5: when a user moves in a network and enters different coverage areas, the user cannot enter other VLANs because the designated IP addresses are the same.
Step 5 further comprises the following processing steps:
and 5-1, when the UE successfully obtains the home VLAN, is in the mobile service and enters the coverage range of a new AP (WiFi roaming), the AC receives a user roaming notification and locally inquires about a UE VLAN matching record. And if the VLAN matching record is inquired, informing the new AP user equipment UE of the home VLAN according to the matching record.
And 5-2, after the new AP acquires the home VLAN of the user equipment UE, the new AP still continuously analyzes the user message, acquires the user source IP and informs the AC.
And 5-3, matching after the AC receives the UE IP address report notice reported by the AP, hitting the same matching result, not notifying and refreshing the matching record.
Step 6: and the user equipment UE modifies the IP address and enters a new VLAN according to the newly configured IP address.
Step 6 further comprises the following process steps
And 6-1, continuously analyzing the IP message of the UE by the AP, and informing the AC of the IP address modified by the user.
And 6-2, the AC receives the IP address of the user equipment UE reported by the AP and carries out binary matching according to the existing IP-VLAN matching rule. If the matching is successful, a user VLAN change notice is sent to the AP, and the matching record is locally stored.
6-3, if the AC is not matched with any VLAN rule, informing the AP to delete the home VLAN information of the user and deleting the matching record stored locally.
For the traditional network VLAN division method, the general idea is to divide the VLAN by some kind of immutable access resource during the access process. And the wired network divides the VLAN according to the eth interface ip of the switch, or divides the VLAN according to the user MAC address and divides the VLAN according to the user authentication account. Generally, IP addresses are dynamically assigned to users by a DHCP server in a conventional IP network, and do not require manual configuration by the user.
The invention reverses the thought, and hands the management of the IP address to the network management personnel, and the user configures the IP address by self and allocates the user VLAN according to the IP address.
Networks that require access rights management designed from VLANs generally have strong information security requirements. Fixed equipment IP is therefore often also suitable for such networks. Therefore, the scheme can be well matched with a large network with fixed ip distribution and strictly limited access authority.
The invention provides a method for dividing a user home VLAN according to an IP address used by a user. The method has the main design idea that the relation between an IP address and a VLAN is predefined, and the VLAN division rule is matched in a mode that a user manually configures the IP.
Compared with the prior art, the invention has the beneficial effects that
1. Compared with the traditional scheme of dividing the wireless VLAN according to the area, the method and the device have the advantages that when the user equipment UE moves in different coverage areas, the VLAN and the IP cannot be changed due to roaming.
2. Compared with the traditional wireless VLAN pool solution, the user equipment UE in the solution of the invention has the same service VLAN ID continuously, so that the access of the user can be limited through the VLAN. And the user equipment UE can enter different service VLANs by changing the local IP address to acquire services with different permissions without adding access restriction rules for the user equipment UE.
3. Compared with the traditional scheme of allocating VLAN according to MAC address or allocating VLAN through 802.1x authentication, the scheme of the invention does not need to collect the MAC address of User Equipment (UE) or register a user authentication account, and does not need to additionally increase the maintenance configuration of the corresponding relation between the MAC address and the VLAN when a user is newly added.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and improvements can be made without departing from the principle of the present invention, and such modifications and improvements should also be considered within the scope of the present invention.

Claims (4)

1.A communication method for reversely dividing home VLANs based on IP addresses of user equipment is characterized by comprising the following steps:
step 1, configuring a flow:
step 1.1, connecting a wireless controller AC with a plurality of wireless access points AP; each wireless access point, AP, has a corresponding AP coverage area at which a wireless WiFi network is provided;
the wireless controller AC divides a provided service network into a plurality of service VLANs, and each service VLAN is provided with a service VLAN identification; the wireless controller AC configures an IP address segment corresponding to each service VLAN, thereby forming a mapping relation table of the IP address segment-the service VLAN;
the method comprises the steps that a wireless controller AC creates a default VLAN corresponding to each wireless access point AP, each default VLAN is provided with a default VLAN mark, and therefore a mapping relation table of the wireless access points AP and the default VLAN is formed;
step 1.2, the wireless controller AC issues a VLAN identification table to each wireless access point AP, where the VLAN identification table stores VLAN identifications of all VLANs, including: a service VLAN identification and a default VLAN identification;
step 1.3, the wireless access point AP stores the received VLAN identification table;
step 2, the user equipment UE is accessed to the wireless wifi, and a two-layer wifi connection process is established:
step 2.1, initially, the user equipment UE is not configured with an IP address, and at the moment, the IP address is a default value of 0;
step 2.2, the user equipment UE searches wireless access points AP of the nearby area to obtain a wireless access point AP list; selecting a wireless access point AP with the highest priority according to the wireless access point AP list, wherein the wireless access point AP is represented as a wireless access point AP (best), and the user equipment UE sends a connection request to the wireless access point AP (best), wherein the connection request carries a user equipment UE identifier and an IP address;
step 2.3, the wireless access point AP (best) forwards the connection request to the wireless controller AC;
step 2.4, the wireless controller AC parses the connection request to obtain that the IP address of the user equipment UE is a default value 0, so that according to the network access policy, a mapping relation table between the wireless access point AP and the default VLAN is searched, a default VLAN corresponding to the wireless access point AP (best) is obtained and is denoted as a default VLAN (default), and the identifier of the default VLAN (default) is sent to the wireless access point AP (best);
step 2.5, the wireless access point AP (best) establishes a first record table, the matching relation between the user equipment UE and the default VLAN (default) is added to the first record table, and the user equipment UE is added into the default VLAN (default), so that the user equipment UE is accessed into the wireless wifi network;
step 3, dividing the flow:
step 3.1, after establishing wireless wifi connection between User Equipment (UE) and a wireless Access Point (AP) (best) and performing limited internet access connection service through a default VLAN (default), the User Equipment (UE) sends a data message in a wireless wifi network; the data message comprises a non-IP message and an IP message;
step 3.2, the wireless access point AP (best) locally establishes a second record table of the user equipment UE identification, the source IP address and the attributive service VLAN identification; the second record table is used for recording the mapping relation between the source IP address of each user equipment UE and the added service VLAN of each user equipment UE in the coverage area of the wireless access point AP (best);
a wireless access point AP (best) captures all IP messages of each user equipment UE in the coverage area of the wireless access point AP (best), and extracts a source IP address and a user equipment UE identification from each captured IP message; wherein, the source IP address is the IP address of the user equipment UE;
for a certain IP packet, assuming that the extracted UE identity is UE identity (UEID), the wireless access point ap (best) searches the second record table, first determining whether the currently captured UE identity (UEID) exists in the second record table, if not, indicating that the UE is UE newly entering the coverage area of the wireless access point ap (best), then executing step 3.3; if so, executing step 3.4;
step 3.3, the processing flow of the newly added user equipment UE is as follows:
step 3.3.1, the wireless access point AP (best) reports the user equipment UE identification (UEID) and the source IP address to the wireless controller AC;
step 3.3.2, the wireless controller AC searches a user equipment network attribution table, the user equipment network attribution table is used for storing the matching relation between the user equipment UE and the service VLAN, whether the service VLAN corresponding to the current user equipment UE identification (UEID) exists in the user equipment network attribution table is judged, and if the service VLAN exists, the step 3.3.3 is executed; if not, executing step 3.3.4;
step 3.3.3, when the information exists, it indicates that the current user equipment UE is divided into a corresponding service VLAN, and the user equipment UE roams into the coverage area of the current wireless access point ap (best), so that the wireless controller AC issues a notification message that the service VLAN is maintained unchanged to the wireless access point ap (best), and the notification message carries the matched service VLAN identifier;
the wireless access point AP (best) adds the user equipment UE identification (UEID), the source IP address and the service VLAN identification issued by the wireless controller AC into the second recording table to realize the updating of the second recording table, so that the user equipment UE still keeps the communication in the originally divided service VLAN;
step 3.3.4, when the information does not exist, the current user equipment UE still belongs to the default VLAN, the wireless controller AC searches the mapping relation table of the IP address field-service VLAN, judges whether the source IP address of the user equipment UE is matched with a certain IP address field in the mapping relation table of the IP address field-service VLAN, and if the matching fails, sends a notification message that the default VLAN is maintained unchanged to a wireless access point AP (best); when the wireless access point ap (best) receives the notification message, no operation is performed, so that the user equipment UE is still maintained in the default VLAN;
if the matching is successful, the matched service VLAN is sent to a wireless access point AP (best); the wireless access point AP (best) adds the user equipment UE identification (UEID), the source IP address and the service VLAN identification issued by the wireless controller AC into the second recording table to realize the updating of the second recording table, and simultaneously adds the user equipment UE into the service VLAN issued by the wireless controller AC, thereby realizing the access of the user equipment UE into the corresponding service VLAN;
step 3.4, the processing flow of the added user equipment UE is as follows:
step 3.4.1, the wireless access point ap (best) further determines whether the source IP address of the UE is the same as the source IP address recorded in the first record table, and if so, indicates that the source IP address of the UE is not changed, so that the UE does not perform any operation and remains in the originally divided service VLAN for communication; if not, go to step 3.4.2;
step 3.4.2, the wireless access point ap (best) reports the UE identity (UEID) and the source IP address to the wireless controller AC;
step 3.4.3, the wireless controller AC searches a mapping relation table of the IP address field and the service VLAN, judges whether the source IP address of the user equipment UE is matched with a certain IP address field in the mapping relation table of the IP address field and the service VLAN, if the matching is failed, sends a notification message for dividing the user equipment UE into default VLANs to a wireless access point AP (best), and the wireless access point AP (best) updates a second recording table and adds the user equipment UE into the default VLAN;
if the matching is successful, the matched service VLAN is sent to a wireless access point AP (best); and the wireless access point AP (best) updates the second record table and adds the user equipment UE into the service VLAN issued by the wireless controller AC.
2. The communication method of claim 1, wherein the user equipment UE is identified as the MAC address of the user equipment UE.
3. The communication method of claim 1, wherein different service VLANs have different network access rights when configuring the mapping table of IP address segment-service VLAN.
4. The communication method of claim 1, wherein the source IP address of the UE is a static IP address.
CN202210155719.7A 2022-02-21 2022-02-21 Communication method for reversely dividing home VLAN based on IP address of user equipment Active CN114500175B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210155719.7A CN114500175B (en) 2022-02-21 2022-02-21 Communication method for reversely dividing home VLAN based on IP address of user equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210155719.7A CN114500175B (en) 2022-02-21 2022-02-21 Communication method for reversely dividing home VLAN based on IP address of user equipment

Publications (2)

Publication Number Publication Date
CN114500175A true CN114500175A (en) 2022-05-13
CN114500175B CN114500175B (en) 2022-09-16

Family

ID=81481929

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210155719.7A Active CN114500175B (en) 2022-02-21 2022-02-21 Communication method for reversely dividing home VLAN based on IP address of user equipment

Country Status (1)

Country Link
CN (1) CN114500175B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115134230A (en) * 2022-07-27 2022-09-30 苏州浪潮智能科技有限公司 Switch management method, system, equipment and readable storage medium

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101388901A (en) * 2007-09-14 2009-03-18 大唐移动通信设备有限公司 Method and system for supporting customer static IP addressing in long term evolution system
CN103095654A (en) * 2011-10-31 2013-05-08 华为技术有限公司 Virtual local area network (VLAN) configuration method, wireless access point and network control point
US8514828B1 (en) * 2012-10-30 2013-08-20 Aruba Networks, Inc. Home virtual local area network identification for roaming mobile clients
CN104333552A (en) * 2014-11-04 2015-02-04 福建星网锐捷网络有限公司 Authentication determination method and accessing equipment
US20160100356A1 (en) * 2012-11-14 2016-04-07 Boomsense Technology Co., Ltd. Method and controller for implementing wireless network cloud
CN105872126A (en) * 2016-05-05 2016-08-17 成都西加云杉科技有限公司 Method and gateway for distributing IP addresses
CN106899500A (en) * 2016-12-16 2017-06-27 新华三技术有限公司 A kind of message processing method and device across virtual expansible LAN
CN107317740A (en) * 2017-08-01 2017-11-03 京信通信系统(中国)有限公司 A kind of processing method and processing device of data message
CN108419305A (en) * 2018-04-02 2018-08-17 广州市孚海软件技术有限公司 A kind of WLAN small wireless network network-building methods of lightweight
CN109413649A (en) * 2018-11-06 2019-03-01 新华三技术有限公司 A kind of access authentication method and device
CN112187740A (en) * 2020-09-14 2021-01-05 锐捷网络股份有限公司 Network access control method and device, electronic equipment and storage medium

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101388901A (en) * 2007-09-14 2009-03-18 大唐移动通信设备有限公司 Method and system for supporting customer static IP addressing in long term evolution system
CN103095654A (en) * 2011-10-31 2013-05-08 华为技术有限公司 Virtual local area network (VLAN) configuration method, wireless access point and network control point
US8514828B1 (en) * 2012-10-30 2013-08-20 Aruba Networks, Inc. Home virtual local area network identification for roaming mobile clients
US20160100356A1 (en) * 2012-11-14 2016-04-07 Boomsense Technology Co., Ltd. Method and controller for implementing wireless network cloud
CN104333552A (en) * 2014-11-04 2015-02-04 福建星网锐捷网络有限公司 Authentication determination method and accessing equipment
CN105872126A (en) * 2016-05-05 2016-08-17 成都西加云杉科技有限公司 Method and gateway for distributing IP addresses
CN106899500A (en) * 2016-12-16 2017-06-27 新华三技术有限公司 A kind of message processing method and device across virtual expansible LAN
CN107317740A (en) * 2017-08-01 2017-11-03 京信通信系统(中国)有限公司 A kind of processing method and processing device of data message
CN108419305A (en) * 2018-04-02 2018-08-17 广州市孚海软件技术有限公司 A kind of WLAN small wireless network network-building methods of lightweight
CN109413649A (en) * 2018-11-06 2019-03-01 新华三技术有限公司 A kind of access authentication method and device
CN112187740A (en) * 2020-09-14 2021-01-05 锐捷网络股份有限公司 Network access control method and device, electronic equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115134230A (en) * 2022-07-27 2022-09-30 苏州浪潮智能科技有限公司 Switch management method, system, equipment and readable storage medium
CN115134230B (en) * 2022-07-27 2023-08-15 苏州浪潮智能科技有限公司 Switch management method, system, equipment and readable storage medium

Also Published As

Publication number Publication date
CN114500175B (en) 2022-09-16

Similar Documents

Publication Publication Date Title
US20210185517A1 (en) System and method of fast roaming in an enterprise fabric network
CA2652795C (en) Method for configuring and managing access point and access controller
US7602746B2 (en) Method for optimized layer 2 roaming and policy enforcement in a wireless environment
US20050185626A1 (en) Method for grouping 802.11 stations into authorized service sets to differentiate network access and services
US8161523B2 (en) Method and apparatus for network access control (NAC) in roaming services
US11218384B2 (en) Method of creating and deleting vWLAN dynamically in a fixed access network sharing environment
WO2014183107A2 (en) Virtual enterprise access point control and management
IL150608A (en) System and method for using an ip address as a wireless unit identifier
US20150288581A1 (en) Ipv6 address tracing method, apparatus, and system
CN106255089B (en) A kind of method and apparatus of radio three layer roaming
US8094674B2 (en) Method and system for implementing network device access management
CN114500175B (en) Communication method for reversely dividing home VLAN based on IP address of user equipment
KR20170076064A (en) Method, apparatus and computer program for subnetting of software defined network
CN104253798A (en) Network security monitoring method and system
US10911411B2 (en) Extending public WiFi hotspot to private enterprise network
WO2017181626A1 (en) Shared neighborhood network establishing method, use method, and shared neighborhood network system
CN103582068B (en) A kind of radio switch-in method and system
CN109600265B (en) Access circuit AC configuration information issuing method, device and server
JP5937563B2 (en) Communication base station and control method thereof
CN113556337A (en) Terminal address identification method, network system, electronic device and storage medium
KR101127764B1 (en) Portable terminal and method for access controlling
JP4094485B2 (en) User terminal connection control method and connection control server
JP2004040651A (en) Communication method, communication device, terminal equipment and communication service providing server
US11627464B2 (en) Grouping users by pre-shared key (PSK) in hospitality
CN114363056A (en) Configuration method and device for network isolation and network management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant