CN1175626C - Method for realizing access controller function on radio access point - Google Patents
Method for realizing access controller function on radio access point Download PDFInfo
- Publication number
- CN1175626C CN1175626C CNB021554986A CN02155498A CN1175626C CN 1175626 C CN1175626 C CN 1175626C CN B021554986 A CNB021554986 A CN B021554986A CN 02155498 A CN02155498 A CN 02155498A CN 1175626 C CN1175626 C CN 1175626C
- Authority
- CN
- China
- Prior art keywords
- area network
- network
- module
- packet
- lan
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a method for realizing access controller functions on wireless access points. A user authentication of module, a route forwarding module, a network address forwarding NAT module and a flow control module are added on the wireless access point so that a network data packet is simultaneously forwarded in two layers and three layers on the wireless access point, and simultaneously a user authentication process and a data flow control process are realized on the wireless access point. After the method of the present invention is adopted, when people in medium and small enterprises, hot areas and industries which need wireless coverage and broadband access application deploy a wireless local area network, people only need to deploy wireless access point equipment added with the access controller function; simultaneously, the present invention also saves the cost of system management and maintenance, and is favorable for the network establishment of systems, the maintenance and the management of the systems, and the expansibility of the network.
Description
Technical field
The present invention relates to the wireless local area network technology field, relate in particular to the radio reception device that is applied in the wireless local area network (WLAN) system.
Background technology
At present, adopt the WLAN (wireless local area network) soverlay technique of IEEE802.11 agreement to rise, but it is still taking the wired access controller AC (AccessController) of tradition that user's access control is handled with business such as runing charging aspect access control and the operation charging.As Fig. 1, usually, wireless client 10 is linked in the local area network (LAN) by radio access point AP (Access Point) 20, uses the access rights of access controller 30 control wireless clients 10, available upstream and downstream bandwidth, customer charging information and other application then between local area network (LAN) and wide area network.Adopt this access control mode, must dispose an access controller 30 in addition to the outlet of wide area network at local area network (LAN), configuration router 40 or switch again in access controller 30 back then, wherein the function that realizes of radio access point 20 comprises wireless bridge, Packet Filtering, Simple Network Management Protocol, ICP/IP protocol stack or the like; The function of the realization of access controller 30 comprises access control, Bandwidth Management, authentification of user, mandate and charging etc.
Above-mentioned existing local area network building mode is very inconvenient for medium-sized and small enterprises, hot zones (hotspot) or some sector application, simultaneously since the price of access controller 30 all than higher, so also can bring some burdens economically economically to the network operator.
Summary of the invention
The technical problem to be solved in the present invention is to propose a kind of radio reception device, reducing the networking cost of WLAN (wireless local area network), and helps the maintenance management of WLAN (wireless local area network).
For addressing the above problem, the present invention proposes a kind of radio reception device, be used for wireless local area network (WLAN) system the user is carried out access control, comprising:
Wireless network card is used to make wireless local network user to insert wireless local area network (WLAN) system;
The bridge module is connected with described wireless network card, is used for packet mutual between wireless local network user is carried out two layers of forwarding;
Flow-control module is connected with described bridge module, is used for packet mutual between local area network (LAN) and wide area network is carried out flow control;
The network address translation routing module is connected with described flow-control module, is used for packet mutual between local area network (LAN) and wide area network is carried out three layers of forwarding;
Authentication module is connected with described network address translation routing module, is used for LAN subscriber is carried out the identification authentication authentication, and carries out three layers of forwarding in authentication by the packet that the back allows the network address translation routing module that this LAN subscriber is sent;
The wide area network control module is connected with described network address translation routing module, is used for packet mutual between local area network (LAN) and wide area network is received and dispatched control.
Described radio reception device also comprises the local area network (LAN) control module that is connected with described bridge module, is used for mutual packet between packet mutual between local area network (LAN) or local area network (LAN) and wide area network is received and dispatched control.
Wherein said bridge module is transmitted the packet between wireless local network user based on Spanning-Tree Protocol.
Wherein said authentication module is the IEEE802.1X authentication module; Or be remote dial user capture service client authentication module; Or be the network gateway authentication module.
Wherein said flow-control module further comprises:
Flow threshold values memory is used for storing respectively the data packet flow threshold values of each LAN subscriber;
The flow rate calculation device, be used in each time period, respectively data packet flow mutual between each LAN subscriber and the wide area network being calculated, and in each time period when initial respectively on the data packet flow end value that calculates of a time period carry out clear operation;
Comparator, be connected with flow threshold values memory with the flow rate calculation device respectively, be used for the data packet flow end value of the LAN subscriber of flow rate calculation device calculating and this user's data bag flow threshold values of flow threshold values memory stores in each time period are compared;
The processing data packets unit is connected with described comparator, is used for the comparative result according to comparator, during smaller or equal to this user's data bag flow threshold values, this user's data bag is added queue in the data packet flow end value that calculates LAN subscriber; Otherwise packet discard.
After adopting radio reception device of the present invention to set up WLAN (wireless local area network), all medium-sized and small enterprises, hot zones and some need use industry that WLAN (wireless local area network) uses in the process of disposing WLAN (wireless local area network), only need to dispose this radio reception device (AP, Access Point), need not on access controller, to have invested in addition.If WLAN (wireless local area network) covers and has any problem for wiring, can also pass through the local area network (LAN) covering that wireless distribution system (WDS, wireless distribution system) carries out complete wireless mode.In addition, adopted the WLAN (wireless local area network) of radio reception device of the present invention, on system management and safeguarding, also only need concentrate on the radio reception device and get final product, and need not the radio access point AP and the access controller AC that separate are managed maintenance respectively, therefore saved the maintenance cost of system, also be convenient to the network maintenance staff simultaneously network is carried out maintenance management.
Description of drawings
Fig. 1 is based on the WLAN (wireless local area network) topological diagram of prior art;
Fig. 2 A is that the simple module of radio reception device of the present invention is formed structure chart;
Fig. 2 B is the concrete composition frame chart of flow-control module in the radio reception device of the present invention;
Fig. 3 is two layers of forwarding mechanism of radio reception device of the present invention carry out bridge joint and forwarding to packet by spanning-tree bridge STP Bridge a schematic diagram;
Fig. 4 is radio reception device of the present invention carries out route to the data that are sent to wide area network by network address translation router NAT Router51 a schematic diagram;
Fig. 5 is radio reception device of the present invention carries out route to the data that receive wide area network by the network address translation router a schematic diagram;
Fig. 6 is the schematic diagram that adds the subscriber identity authentication authentication module in radio reception device of the present invention;
Fig. 7 is the system schematic that adds flow-control module in radio reception device of the present invention;
Fig. 8 is radio reception device of the present invention adds flow control on the basis of network address translation router a packet forwarding schematic diagram;
Fig. 9 adopts wired mode to connect the topological diagram that radio access point is formed local area network (LAN) after adopting radio reception device of the present invention;
Figure 10 adopts wireless distribution system to connect the topological diagram that radio access point is formed local area network (LAN) after adopting radio reception device of the present invention.
Embodiment
Below in conjunction with accompanying drawing specific embodiments of the present invention is done further and to be illustrated.
With reference to Fig. 2 A, this figure is that the simple module of radio reception device of the present invention is formed structure chart; Wherein the main composition of radio reception device of the present invention is to form on the basis in the functional module of prior art radio access point AP, and then the functional module of adding prior art access controller AC, thereby make radio reception device of the present invention not only can finish former AP carries out two layers to packet mutual between the LAN subscriber forwarding processing, can also finish former AC and packet mutual between local area network (LAN) and the wide area network is carried out three layers forwarding handle, the LAN subscriber into wide area network of can achieving a butt joint simultaneously carries out the identification authentication authentication and charges handling etc.Then specifically comprise for the radio reception device of realizing above-mentioned functions:
Wireless network card S1 is used to make wireless local network user to insert wireless local area network (WLAN) system; Wherein wireless network card S1 meets IEEE802.11a, IEEE802.11b or IEEE802.11g standard, has the high speed access ability of 11Mbps to 54Mbps.Mainly contain Mini pci interface form, pcmcia interface form, CF interface shape and USB interface form, the means of the wireless access WLAN (wireless local area network) of multiple standard are provided for wireless local network user;
Bridge module S2, S1 is connected with wireless network card, is used for packet mutual between wireless local network user is carried out two layers of forwarding; Certainly also can carry out two layers and transmit processing packet mutual between packet mutual between wireless local network user and the LAN subscriber or the LAN subscriber; Because bridge module S2 is operated in data link layer (OSI two layers), purpose links up two local area network (LAN)s, transmit packet according to the medium access control MAC Address, the general first-selected Spanning-Tree Protocol STP of bridge module S2 (SpanningTree Protocol) follows agreement as bridge, packet between the LAN is carried out bridges forward, thereby realize that the user between the LAN carries out the exchange of data message by this bridge module S2;
Flow-control module S3, S2 is connected with the bridge module, is used for packet mutual between local area network (LAN) and the wide area network is carried out flow control; Wherein the flow-control module S3 here carries out flow control to packet mutual between local area network (LAN) and the wide area network and carried out before packet queuing is transmitted.
With reference to Fig. 2 B, this figure is the concrete composition frame chart of flow-control module in the radio reception device of the present invention; Wherein the concrete composition of the flow-control module S3 in the radio reception device comprises:
Flow threshold values memory S32 is used for storing in advance respectively the data packet flow threshold values Stream1 of each LAN subscriber;
Flow rate calculation device S31, be used in each time period, respectively data packet flow Stream mutual between each LAN subscriber and the wide area network being calculated respectively, and respectively in each time period when initial on the data packet flow end value Stream that calculates of a time period carry out clear operation;
Comparator S33, be connected with flow threshold values memory S32 with flow rate calculation device S31 respectively, be used for the data packet flow end value Stream of LAN subscriber that flow rate calculation device S31 in each time period is calculated and this user's data bag flow threshold values Stream1 of flow threshold values memory S32 storage and compare processing;
Processing data packets cell S 34, S33 is connected with comparator, be used for comparative result according to comparator S33, at the data packet flow end value Stream that calculates LAN subscriber during smaller or equal to the data packet flow threshold values Stream1 of this LAN subscriber, packet is added queue, handle with three layers of forwarding waiting for subsequent network address transition routing module S4; And at the data packet flow end value Stream that calculates this LAN subscriber during greater than the data packet flow threshold values Stream1 of this LAN subscriber, processing data packets cell S 34 will be made packet discard and handle.
Network address translation routing module S4, S3 is connected with flow-control module, is used for that packet mutual between local area network (LAN) and the wide area network is carried out three layers and transmits processing; At network address translation routing module (NATRouter, Network Address Translation Router) generally the server in the local area network (LAN) is only distributed to a legal IP address among the S4, purpose is the resource of saving the IP address, and each terminal of local area network (LAN) inside is distributed to different private IP address respectively, so just be faced with the positive and negative transfer problem between private IP address and the legitimate ip address during for LAN subscriber visit wan resource, when described network address translation routing module S4 purpose realizes communicating by letter between local area network (LAN) and the wide area network exactly, the transfer problem of private IP address and legitimate ip address.Network address translation routing module S4 is operated in the three-layer network layer of OSI, when LAN subscriber inserts wide area network, packet mutual between local area network (LAN) and the wide area network is carried out the conversion and the routing effect of IP address, thereby finish the forwarding of packet mutual between local area network (LAN) and the wide area network in network layer;
Authentication module S5, S4 is connected with the network address translation routing module, be used for LAN subscriber is carried out the identification authentication authentication, and carry out the forwarding processing of three layers (network layers) at the packet that authentication allows network address translation routing module S4 that this LAN subscriber is sent by the back;
Wherein authentication module S5 is made up of the authentication module that the LAN subscriber of visiting its resource carries out authentication the wide area network of some standards, and described authentication module S5 can be the IEEE802.1X authentication module; Also can be remote dial user capture service client authentication module (Radius Client); Certainly can also be network gateway authentication module (Web Portal).Wherein these authentication module all are to adopt the software authentication mode, in fact authentication module S5 and network address translation routing module S4 are a kind of logic connecting relation, the concrete course of work is that at first authentication module S5 carries out the identification authentication authentication to the LAN subscriber of attempting to insert wide area network, if authentication by notify the CPU of radio reception device, CPU receives command information according to this, and the packet that informing network address transition routing module S4 sends this LAN subscriber carries out three layers and transmits processing.
Continuation is with reference to Fig. 2 A, and radio reception device of the present invention also comprises:
Wide area network control module S6, S4 is connected with the network address translation routing module, is used for packet mutual between local area network (LAN) and the wide area network is received and dispatched control.Wherein wide area network control module S6 is the ethernet controller of standard, the effect here is to make local area network (LAN) expand to wide area network, make this local area network (LAN) can and wide area network between carry out the transmitting-receiving control and treatment of packet, it can further be connected by the RJ45 interface of standard and other routing devices of wide area network;
Local area network (LAN) control module S7 is connected with above-mentioned bridge module S2, is used for mutual packet between packet mutual between the local area network (LAN) or local area network (LAN) and the wide area network is received and dispatched control.Wherein local area network (LAN) control module S7 also is the ethernet controller of standard, also can make local exchange territory net can carry out the transmission and the transmitting-receiving control of packet with other local area network (LAN)s, it also can be further undertaken being connected of wired mode by the switching equipment in RJ45 interface and other local area network (LAN)s etc.
Simultaneously for realizing radio reception device of the present invention, at first on the basis of realizing radio access point AP function, adopt the more powerful microprocessor of performance, extension facility memory and peripheral interface equipment, for example general radio access point AP adopts 4M Flash flash memory and 8M synchronous DRAM SDRAM, and this invention radio reception device extends to 8M F1ash flash memory and 128M synchronous DRAM SDRAM; And general radio access point AP uses 1 802.11 wireless network card and an Ethernet card, and this invention radio reception device can use 2 802.11 wireless network cards and 4 Ethernet cards, to enlarge the wireless channel capacity and to support wired virtual LAN VLAN.Like this, radio reception device of the present invention has not only kept the function of existing radio access point AP, has also possessed the hardware condition that access controller AC needs fully.
On the basis that has possessed above-mentioned hardware platform, the key that realizes this invention radio reception device is the design of software function and integrated.The basic functions that radio access point has possessed comprises:
Wireless access function is comprising the support to 40bit WEP encryption technology and 128bit RC4 encryption technology;
The bridge STP Bridge that has Spanning-Tree Protocol STP (Spanning Tree Protocol);
Realize radio interconnected between the accessing points by wireless distribution system WDS, thereby realize wireless network system fully.
Utilize existing function of radio access point and more powerful processor and bigger memory space and peripheral interface, can come the function of extended wireless accessing points by increasing software module, and make it can on radio access point AP, realize the function of radio access point AP and access controller AC simultaneously by corresponding mode.
The software module that needs like this to increase on radio access point AP has network address translation NAT (Network Address Translation) module and Port-Level NAT (NetworksAddress Port Translation) module, the dynamic host configuration protocol DHCP server module and WEB server or the IEEE802.1x authentication module that are used for authentication, other module also has the user access control module based on RADIUS, Bandwidth Management module based on flow control, NTP (Network Time Protocol) NTP (Network Time Protocol) module is in order to the network enabled time synchronized.
Generally, radio access point AP is one two layers a bridging device, by spanning-tree bridge STP Bridge packet is carried out bridge joint and forwarding, and access controller AC can be understood as the equipment that plays route or gateway effect more than three layers or three layers, NATRouter carries out route and forwarding to packet mutual between local area network (LAN) and the wide area network by the network address translation router, and both have adopted different bag forwarding mechanisms on the principle that packet is transmitted.Therefore, when on radio access point AP, realizing the function of access controller AC, need realize the bag forwarding of two layers and three layers simultaneously.Two layers of bridge module determine by inquiry bridge learning table two layers packet to which port is transmitted; And three-layer network address transition routing module determines by table of query and routing how the 3rd layer IP packet is transmitted.
As shown in Figure 3, it is two layers of forwarding mechanism of radio reception device of the present invention carry out bridge joint and forwarding to packet by spanning-tree bridge STPBridge schematic diagram, because remaining in local area network (LAN) inside, data flow bridge joint and forwarding carry out, therefore the packet that remains basically on two layers is transmitted, wherein the forwarding of data flow 1,2,3 to do not adopt the radio access point forwarding mechanism before the present invention similar, the packet that utilizes 50 couples of spanning-tree bridge STPBridge to belong to the wireless user of this same radio access point under covering carries out bridge joint and forwarding.If there is data flow 4 need send to wide area network WAN or other local area network (LAN)s, then will be by the route forwarding function on realizing three layers on the same radio access point.The realization of this function leans against the network address translation router NAT Router 51 that increases in the radio access point and realizes, it has the effect of route and gateway to the data forwarding between local area network (LAN) and the wide area network,
Carry out the schematic diagram of route as Fig. 4 data that to be radio reception device of the present invention be sent to wide area network by 51 couples of network address translation router NAT Router; Be all must carry out route and forwarding through network address translation router NAT Router 51 from cable LAN or from the packet that WLAN (wireless local area network) mails to wide area network; In like manner the packet that mails to WLAN (wireless local area network) or cable LAN by wide area network in Fig. 5 also must be by after network address translation router NAT Router 51 routes, enter two layers spanning-tree bridge STP Bridge 50 modules then, by it packet of receiving is carried out bridge joint and forwarding, mail to corresponding wireless local network user or cable LAN user terminal once more.
In radio reception device of the present invention, realize also will realize access control function once more, and two key issues of solution access control function being: user's authentication and user's flow control, i.e. broadband management on the basis of the double-deck forwarding of packet principle.
As Fig. 6 is to have added the authentication management that dynamic host configuration protocol DHCP Server module 52 and WEB server 53 are realized the user at radio reception device of the present invention, by adopting the authentication mode of DHCP+Web Portal, provide the user surf the Net account number and password, as user ID and authentication authority.This authentication mode only needs client that Web browser is arranged, do not need to install special software, use more convenient, simultaneously owing to there is network address translation protocol NAT to carry out network address translation and packet forwarding, therefore only dynamic host configuration protocol DHCP server and Web server need be in accessing points, realized, this kind authentication method can be realized easily.
Dynamic host configuration protocol DHCP and Web Portal authentication mode are fairly simple, but fail safe is not high; Can also add IEEE802.1X authentication software module 54 and Radius client program 55 this moment in radio reception device, realize 802.1x authentication mode, the user offers user certificate or smart card (for example SIM card) by certain mode, the certificate or the information on the smart card that provide by the checking user determine whether providing this user desired service, and the dynamic key exchanging mechanism that 802.1x provides can make the transfer of data of wireless client safer.
Next need realize the user data traffic controlled function on radio reception device, customer flow control promptly after the user is by authentication and authorization, carries out to the user that business is controlled and data traffic collection, restriction as required, and charging information is provided simultaneously.Customer flow control both can realize on two layers of spanning-tree bridge forwarding mechanism of packet, also can realize in three layers of routing forwarding mechanism, and basic principle is exactly that the data of Control Network interface are sent out speed outward.Because realize that in radio access point the user data traffic that the access controller function need be controlled mainly is to insert the data traffic of wide area network, therefore we can control user data traffic on the basis of three-layer network address transition NAT module here.
User data traffic control realizes by queue mechanism.For the function that realizes access controller on radio access point, we can regard wireless lan interfaces and cable LAN interface as downlink port, and wide area network WAN Ethernet interface is regarded uplink port as.
User data traffic control will be controlled the user sends out data by equipment interface speed exactly, control user's upstream data rate if desired, just need the control user to send and by the data transmission rate of device forwards to uplink port, and control user's downstream rate if desired, then need control to mail to the user's data transmission rate to downlink port by device forwards.Since we can the Control Network interface transmission rate, we can be inserted into flow control function two stages in the flow process: promptly before the packet queuing or packet control after lining up.Consider if after the packet queuing, carry out flow control again, need formation to have enough big capacity just to be unlikely to cause easily overflowing of formation, and need the extra processing time, therefore adopt before the packet queuing and just carry out flow control, with conserve system resources.
No matter packet is to mail to downlink port or mail to uplink port from downlink port from uplink port, packet will carry out data traffic control through flow-control module 56 before entering network address translation router NAT Router 51 and ranking, come the forwarding speed of control data, as shown in Figure 7.
As shown in Figure 8, network address translation router NAT Router at first receives packet from the upstream or downstream network interface in step 100, then in step 200, network address translation router NATRouter can carry out necessary filtration according to the packet that the packet header sign butt joint of packet is received, keep the packet that needs forwarding, abandon illegal packet; In step 300 packet being transmitted from up link or down link then, before joining the packet queuing of waiting to send out, at first is seven relevant parameters of each user definition in step 400, comprising:
The MAC Address macAddr of client;
The upstream rate upRate of client;
The downstream rate downRate of client;
The current period (1 second), interior user uplink sent data counts upCount;
The descending transmission data counts of (1 second) interior user of current period downCount;
User uplink sends data amount and counts upTotal;
The descending transmission data amount of user is counted downTotal;
The method that increases flow control is, packet needs to check before queuing on the user has sent in the current period (1 second)/the downlink data amount whether greater than on the user/data volume of downstream rate defined, if not, just forward in the step 600 this packet is joined in the outgoing queue, in step 700, packet is sent to uplink port or downlink port then; Otherwise forward step 800 to this packet is done discard processing.Wherein the numerical value of upCount/downCount constantly upgrades along with data transmission procedure, it is clearly once zero that the beginning of promptly 1 second each cycle period is set, can guarantee that like this data that at every turn are checked through are the data that refresh always, make user data traffic precisely controlled.
Be to adopt wired mode to connect the topological diagram that radio access point is formed local area network (LAN) after adopting radio reception device of the present invention as shown in Figure 9.The radio access point 60 (being radio reception device of the present invention) that has increased the access controller function among the figure is connected with other radio access points 20 by wired mode, wire transmission is taked in information transmission between the wireless client 10 under the covering of different radio accessing points, thereby form a wireless access system, the local area network (LAN) at a plurality of wireless clients 10 places and the data communication between the outside wide area network only need WLAN (wireless local area network) exit wiring intelligent radio access point 60 (being radio reception device of the present invention) get final product, need not to have connected up access controller AC in addition.Intelligent then radio access point 60 is linked among the wide area network Internet by router four 0, realizes the combination of local area network (LAN) and wide area network.
As Figure 10 is that employing wireless distribution system WDS (wirelessdistribution system) technology connects different radio accessing points composition radio interconnected local area network (LAN) topological diagram fully after adopting radio reception device of the present invention, data communication between wireless client 10 and wide area network also only need the wiring of WLAN (wireless local area network) exit intelligent radio access point 60 get final product, this intellectuality radio access point 60 have following three effects:
Wireless client is carried out access control, authentication and accounting;
As radio access point, wireless client is covered;
A node as WLAN (wireless local area network) is connected with other radio access points by wireless distribution system WDS.
This local area network (LAN) by having realized the access controller function radio access point 60 and common radio access point 20 between utilize wireless distribution system WDS technology, can set up a wireless access system easily.In this system, the radio access point of having realized the access controller function need possess very powerful data-handling capacity, it is the control maincenter of whole WLAN (wireless local area network), whole network system does not need cable (can expand cable network, but optional), therefore all highly beneficial for the autgmentability of system group network, system maintenance and management, network.In addition should intellectuality radio access point couple in router 40 once more, insert the radio access point 60 that wide area network only just can realize by intellectuality by it and just make WLAN (wireless local area network) and the organic combination of wide area network.
Claims (5)
1, a kind of radio reception device is used for wireless local area network (WLAN) system the user is carried out access control, comprising:
Wireless network card is used to make wireless local network user to insert wireless local area network (WLAN) system;
The bridge module is connected with described wireless network card, is used for packet mutual between wireless local network user is carried out two layers of forwarding;
It is characterized in that, also comprise:
Flow-control module is connected with described bridge module, is used for packet mutual between local area network (LAN) and wide area network is carried out flow control;
The network address translation routing module is connected with described flow-control module, is used for packet mutual between local area network (LAN) and wide area network is carried out three layers of forwarding;
Authentication module is connected with described network address translation routing module, is used for LAN subscriber is carried out the identification authentication authentication, and carries out three layers of forwarding in authentication by the packet that the back allows the network address translation routing module that this LAN subscriber is sent;
The wide area network control module is connected with described network address translation routing module, is used for packet mutual between local area network (LAN) and wide area network is received and dispatched control.
2, radio reception device according to claim 1 is characterized in that, also comprises the local area network (LAN) control module that is connected with described bridge module, is used for mutual packet between packet mutual between local area network (LAN) or local area network (LAN) and wide area network is received and dispatched control.
3, radio reception device according to claim 2 is characterized in that, described bridge module is transmitted the packet between wireless local network user based on Spanning-Tree Protocol.
4, radio reception device according to claim 1 is characterized in that,
Described authentication module is the IEEE802.1X authentication module; Or
Be remote dial user capture service client authentication module; Or
Be the network gateway authentication module.
5, radio reception device according to claim 1 is characterized in that, described flow-control module further comprises:
Flow threshold values memory is used for storing respectively the data packet flow threshold values of each LAN subscriber;
The flow rate calculation device, be used in each time period, respectively data packet flow mutual between each LAN subscriber and the wide area network being calculated, and in each time period when initial respectively on the data packet flow end value that calculates of a time period carry out clear operation;
Comparator, be connected with flow threshold values memory with the flow rate calculation device respectively, be used for the data packet flow end value of the LAN subscriber of flow rate calculation device calculating and this user's data bag flow threshold values of flow threshold values memory stores in each time period are compared;
The processing data packets unit is connected with described comparator, is used for the comparative result according to comparator, during smaller or equal to this user's data bag flow threshold values, this user's data bag is added queue in the data packet flow end value that calculates LAN subscriber; Otherwise packet discard.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021554986A CN1175626C (en) | 2002-12-16 | 2002-12-16 | Method for realizing access controller function on radio access point |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021554986A CN1175626C (en) | 2002-12-16 | 2002-12-16 | Method for realizing access controller function on radio access point |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1426201A CN1426201A (en) | 2003-06-25 |
| CN1175626C true CN1175626C (en) | 2004-11-10 |
Family
ID=4752662
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB021554986A Expired - Fee Related CN1175626C (en) | 2002-12-16 | 2002-12-16 | Method for realizing access controller function on radio access point |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1175626C (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1331328C (en) * | 2003-06-06 | 2007-08-08 | 华为技术有限公司 | Address converting method based on identity authentication |
| BRPI0516099A (en) * | 2004-10-06 | 2008-08-26 | Sybase 365 Inc | method and system for providing access to services, method for providing access credentials |
| CN1848797B (en) * | 2005-04-15 | 2010-10-06 | 上海艾泰科技有限公司 | Method for searching multi-routing optimum path and load balancing on middle and lower end router |
| CN100426770C (en) * | 2005-05-08 | 2008-10-15 | 中兴通讯股份有限公司 | Radio local network net bridge, bridging system and its realizing method |
| CN100362792C (en) * | 2005-08-16 | 2008-01-16 | 浙江中控技术有限公司 | Intelligent gate bridge and its method for realizing network isolation control ' |
| CN100479433C (en) * | 2005-11-14 | 2009-04-15 | 华为技术有限公司 | Base station in wide-band wireless access-in system and method for realizing multi-cast business |
| CN101179477B (en) * | 2006-11-10 | 2010-12-08 | 中国科学院声学研究所 | Method for implementing built-in router |
| CN100463462C (en) * | 2006-12-18 | 2009-02-18 | 西安西电捷通无线网络通信有限公司 | Coordinate access control system of ternary structure |
| GB2456290B (en) * | 2007-10-05 | 2011-03-30 | Iti Scotland Ltd | Distributed protocol for authorisation |
| US8467355B2 (en) * | 2009-01-22 | 2013-06-18 | Belair Networks Inc. | System and method for providing wireless local area networks as a service |
| CN102088399B (en) * | 2009-12-08 | 2012-12-19 | 华为技术有限公司 | Flow control method of peer-to-peer (P2P) network, routing equipment and communication system |
| CN101771612B (en) | 2010-01-13 | 2012-07-04 | 华为技术有限公司 | Tunnel establishing method, equipment and network system |
| CN102355660B (en) * | 2011-10-12 | 2014-03-19 | 杭州华三通信技术有限公司 | Uplink wireless access method and wireless access network bridge device |
| CN102726089A (en) * | 2011-11-25 | 2012-10-10 | 华为技术有限公司 | Method and model for precise spot selection in planning stage of deploying Wi-Fi hotspots |
| CN103986692B (en) * | 2014-04-17 | 2017-04-19 | 深圳市信锐网科技术有限公司 | Data forwarding method and system based on wireless access point |
| CN105743867B (en) * | 2014-12-12 | 2019-03-19 | 华为技术有限公司 | A kind of network legal power inter-linked controlling method and equipment |
| CN107493581A (en) * | 2016-06-13 | 2017-12-19 | 上海技腾通讯设备有限公司 | Wireless access point device access system and cut-in method |
| CN114567600B (en) * | 2022-01-27 | 2024-04-16 | 深圳市潮流网络技术有限公司 | Traffic management method and related equipment |
-
2002
- 2002-12-16 CN CNB021554986A patent/CN1175626C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1426201A (en) | 2003-06-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1175626C (en) | Method for realizing access controller function on radio access point | |
| CN1172489C (en) | Data communication system and method between networks | |
| CN101958822A (en) | Cryptographic communication system and gateway device | |
| CN1845491A (en) | Access authentication method of 802.1x | |
| CN1606849A (en) | Personal virtual bridged local area networks | |
| CN101651597B (en) | Deployment method of IPSec-VPN in address discrete mapping network | |
| CN101711031B (en) | Portal authenticating method during local forwarding and access controller (AC) | |
| CN101175014A (en) | General wireless grouping service wireless router with virtual special network function | |
| CN101150481B (en) | Method and device for WLAN and LAN intercommunication | |
| CN1271823C (en) | Business tunnel unpack method for wireless LAN | |
| CN1496641A (en) | Method for connection of data terminal devices to data network | |
| CN1905528A (en) | Data transmitting method and apparatus based on virtual LAN | |
| CN1812355A (en) | Method for guaranteeing end-to-end business service quality and switching in network | |
| CN1625141A (en) | Method of composing broadband radio city local network for providing hierarchical serivce | |
| CN1297105C (en) | Method for implementing multirole main machine based on virtual local network | |
| CN1741500A (en) | Virtual exchanging method capable of routing | |
| CN106059885A (en) | Method and system for processing CAPWAP message by wireless controller | |
| CN1852222A (en) | Method and apparatus for managing wireless access-in wide-band users | |
| CN1728663A (en) | Mobile access controller, mobile locak area network and metropolitan area network, and access method | |
| CN102137446A (en) | Method and device for realizing various services diversion in home base station | |
| CN1411223A (en) | Method and device for realizing virtual GGSN of enterprise inserting business | |
| CN1527557A (en) | Method of transmitting 802.1X audit message via bridging device | |
| CN1225870C (en) | Method and apparatus for VLAN based network access control | |
| CN100596349C (en) | Information processing method based on high-speed network data processing platform VPN gateway system | |
| CN1848977A (en) | Method for insertion point obtaining insertion gateway address in mobile communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20041110 Termination date: 20100118 |