CN1571377A - Method for implementing VLAN on WLAN access point equipment - Google Patents

Method for implementing VLAN on WLAN access point equipment Download PDF

Info

Publication number
CN1571377A
CN1571377A CNA031399320A CN03139932A CN1571377A CN 1571377 A CN1571377 A CN 1571377A CN A031399320 A CNA031399320 A CN A031399320A CN 03139932 A CN03139932 A CN 03139932A CN 1571377 A CN1571377 A CN 1571377A
Authority
CN
China
Prior art keywords
access point
point device
data frames
area network
vlan
Prior art date
Application number
CNA031399320A
Other languages
Chinese (zh)
Other versions
CN1317861C (en
Inventor
王占利
郭钟
唐建国
王伟
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to CNB031399320A priority Critical patent/CN1317861C/en
Publication of CN1571377A publication Critical patent/CN1571377A/en
Application granted granted Critical
Publication of CN1317861C publication Critical patent/CN1317861C/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. local area networks [LAN], wide area networks [WAN]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/003Secure pairing of devices, e.g. bootstrapping a secure communication link between pairing terminals; Secure socializing
    • H04W12/00305Secure pairing of devices, e.g. bootstrapping a secure communication link between pairing terminals; Secure socializing involving three or more devices, e.g. group pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/12Fraud detection or prevention
    • H04W12/1201Wireless intrusion detection system [WIDS]; Wireless intrusion prevention system [WIPS]
    • H04W12/1202Protecting against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/005Context aware security
    • H04W12/0051Identity aware
    • H04W12/00516Access point logical identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices

Abstract

The invention relates to a method to realize wireless local area network access points devices to virtual local area network. It includes the following steps: first, adding the access points device that links to the distributed system to manage area, and distributing a exclusive mark in the manage area to the device; second, the data frame should be packaged with VLAN label, and sending to the distributed system; third, checking the data frames received by the distributed system, and abandoning the data frames that have not the VLAN labels; fourth, having VID match checking to the data frames with VLAN label, abandoning the data frames not matched, and transmitting the matched data frames after taking off the VLAN labels. The invention could realize the free switch between the wireless terminals in the different area network constructions, and reduce the dependence on external VLAN exchanger while in network construction application. Moreover, it saves the cost to construct network, improves the flexible of operation and strengthens the security of the network.

Description

无线局域网接入点设备虚拟局域网的实现方法 Wireless LAN access point device virtual local area network implementation

技术领域 FIELD

本发明涉及通讯领域中无线局域网的组网方法,特别是涉及一种IEEE802.11无线局域网(WLAN)接入点设备虚拟局域网(VLAN)的实现方法。 The present invention relates to the field of wireless local area network communications networking method, particularly to a IEEE802.11 wireless LAN (WLAN) access point virtual local area network (VLAN) implementation.

背景技术 Background technique

安全性一直是无线局域网组网时关注的一个焦点,目前,业内已经有了各种解决无线局域网安全的方案,其中IEEE 802.1Q标准的虚拟局域网技术在无线局域网上的应用,为保障无线局域网的安全提供了一种有效的手段。 Security has always been a focus of attention when the wireless LAN network, at present, the industry has had to address a variety of wireless LAN security scheme, in which the application of the standard IEEE 802.1Q virtual local area network technology in the wireless local area network, wireless local area network for the protection of security provides an effective means. 当前比较普遍使用的组网方法是:在无线局域网组网时将多个接入点设备(以下简称AP)连接到VLAN交换机,在交换机上划分多个VLAN域,每个VLAN域可能包括一个或多个AP,这样一来,就在分布系统(Distribution System)内形成了多个虚拟子网集合,将所有AP最终汇聚到接入控制器(以下简称AC)或具有相当功能的设备时,AC可以控制不同VLAN域间各接入点设备所对应的无线终端是否能够互访,否则不同VLAN域间的无线终端不能互相访问。 Comparison of the current networking method is commonly used: the network when a plurality of wireless LAN access point device (hereinafter referred to as AP) connected to a VLAN switch, a plurality of divided domains VLAN on switch, each VLAN domain may comprise one or a plurality of AP, this way, to form a set of multiple virtual subnets within a distribution system (distribution system), when all the AP eventually converge to the access controller (hereinafter referred to as AC) function or device having considerable, the AC each access point device may be controlled between different VLAN field corresponding to whether or not the wireless terminal can communicate, the wireless terminal or between different VLAN domain can not access each other. 当无线终端从一个VLAN域的AP切换到另一个VLAN域的AP时,由于不同VLAN域的AP间无法直接传递该无线终端的切换信息,并且一旦无线终端所属VLAN域被改变,则会造成其与原来VLAN域无线终端的连接中断。 When a wireless terminal from AP to AP VLAN field of another VLAN domain, because the information of the wireless terminal to switch between different AP VLAN domain can not directly transmitted, and, once the wireless terminal belongs to VLAN field is changed, it will result in VLAN field wireless connection to the old terminal is interrupted. 因此,上述现有技术的VLAN实现方法明显存在以下不足:(1)在组网时,VLAN的划分必须通过交换机实现,即VLAN的实现依赖于AP外部的交换机;(2)无线终端在不同VLAN域的AP间切换时,切换信息不能直接在AP间传递,且无线终端不能保持原来的VLAN域属性,会造成与原VLAN域无线终端连接中断。 Thus, the above-described prior art implementation VLAN apparent following shortcomings: (1) When network, VLAN switch must be implemented division, i.e. AP VLAN implementation relies on external switches; different VLAN (2) the radio terminal when the inter-AP domain handover, the handover information can not be passed directly between the AP, and the wireless terminal can not maintain the original VLAN domain properties, cause breaks the connection to the wireless terminal primary VLAN field.

通过专利检索,发现与本发明领域最为接近的中国知识产权局受理的申请号为02139275.7的《以太网接入网虚拟局域网接入技术》一案也与本发明有较大区别,即(1)该专利是以太网交换设备上的VLAN实现方法,而本专利是无线局域网AP设备上的VLAN实现方法;(2)在实现方法上,该专利对VLAN域的划分是以太网交换设备通过自动学习而得到的,而本发明的VLAN域的划分则是按照一定规则划分的。 By patent search, find application no art to which this invention closest China Intellectual Property Office is 02,139,275.7 of "virtual local area network Ethernet access network access technology" case is also quite different to the present invention, namely (1) this patent method is implemented on Ethernet VLAN switching device, and a method of this patent is to realize VLAN on a WLAN AP device; (2) on the implementation method, the division of this patent is an Ethernet VLAN field switching device by automatically learns obtained, divided VLAN field of the present invention is classified according to certain rules.

因此本发明所述的无线局域网接入点设备虚拟局域网的实现方法是无线局域网领域的一项新的技术突破。 Thus according to the present invention, the wireless LAN access point device virtual local area network implemented method is a new technological breakthrough in the field of wireless LAN.

发明内容 SUMMARY

本发明的目的正是针对上述背景技术中存在的缺陷,提供一种无线局域网中接入点设备虚拟局域网的实现方法,通过将加入到分布系统内的所有接入点设备划分到管理域,将对应于每个接入点设备的无线终端划分到用户域,及通过设定标签和标记对各接入点设备进行管理和控制。 The object of the present invention is the defects present in the above-described background art, virtual local area network access point device providing a method for implementing a wireless local area network, by adding devices to all access points in the distributed system management domain to be divided, the the wireless terminal corresponding to each access point device is divided into a user domain, and manages and controls each of the access point device by setting tags and labels.

为了达到上述目的,本发明还提供一种无线局域网接入点设备虚拟局域网的实现方法,该方法包括以下步骤:将加入分布系统的接入点设备加入管理域,为其分配管理域唯一标识;将接入的无线终端加入到一个用户域,为其分配用户域唯一标识;将数据帧封装成带有VLAN标签的数据帧,并发送到分布系统;检查从分布系统接收到的数据帧,对不带VLAN标签的数据帧进行丢弃处理;对带VLAN标签的数据帧作VID匹配性检查;对不匹配的数据帧作丢弃处理,对匹配的数据帧,去掉其所带的VLAN标签后,转发至相应的接入点设备或无线终端。 To achieve the above object, the present invention further provides a wireless LAN access point device implemented virtual local area network, the method comprising the steps of: the access point device will be added to the distribution management system to join the domain, the domain manager assigned unique identifier; the wireless access terminal to join a user domain, a user assigned a unique identifier field; encapsulated data frames into data frames with the VLAN tag, and sent to a distribution system; inspection data frames received from the distribution system to, for VLAN tag data does not discard the frame; data frame for the VLAN tag VID consistency check; does not match the data frames for discarding data frames match, remove the VLAN tag which is brought forwards to a corresponding access point or wireless terminal.

与现有技术相比,采用本发明所提供的无线局域网接入点设备虚拟局域网的实现方法,能够达到不同域的组网应用时,无线终端在AP间自由切换的效果,降低了组网应用时对外部VLAN交换机的依赖,节省了组网成本,提高了组网的灵活性;同时,所有AP被划分在一个特定的管理域,只有属于这个域的管理员才能对AP进行管理控制,进一步增强了网络的安全性。 Compared with the prior art, the use of wireless LAN access point device according to the present invention provides a method to achieve virtual local area network, the networking application can be achieved when different domains, the wireless terminal in inter-AP handoff free effect, reducing the networking application when the dependence on external VLAN switches, saving network costs and improve network flexibility; at the same time, all the AP is divided in a particular management domain, administrators can only belong to the domain of the AP management control, further enhanced network security.

下面将结合实施例并参照附图对本发明的技术方案进行详细说明。 Example embodiments below with reference to the drawings and the technical solutions of the present invention will be described in detail.

附图说明 BRIEF DESCRIPTION

图1为本发明所述的无线局域网接入点设备虚拟局域网的实现方法的流程图。 Wireless LAN access point device of the present invention, FIG. 1 a flowchart of method for implementing a virtual LAN.

图2为本发明所述的无线局域网接入点设备虚拟局域网的实现方法的组网应用实例一。 FIG 2 according to the present invention, the wireless LAN access point device virtual local area network implemented method of a network application examples.

图3为本发明所述的无线局域网接入点设备虚拟局域网的实现方法的组网应用实例二。 FIG 3 according to the present invention, the wireless LAN access point device virtual local area networking applications implemented method of Example II.

具体实施方式 Detailed ways

本发明所述在无线局域网AP上VLAN技术的实现方案如下:如图1所示,为本发明所述的无线局域网接入点设备虚拟局域网的实现方法的流程图,其包括以下步骤:首先,将加入到分布系统内的所有AP被划分到管理域,接入到每个AP的无线终端被划分到一个用户域,为加入分布系统的AP各分配一个唯一的VLAN标识符VID(VLAN Identifier,以下简称VID),同时每个无线终端也对应于一个唯一的用户域VID,步骤101;AP将由该无线终端或其本身发送到分布系统的数据帧封装成带有VLAN标签的(VLAN-Tagged)数据帧后,发送到分布系统,步骤102;检查从分布系统接收的数据帧,步骤103;判断该数据帧是否带VLAN标签,步骤104;如否,则对该数据帧作丢弃处理,步骤105;再对带有VLAN标签的数据帧进行VID匹配性检查,步骤106;对VID不匹配的数据帧进行丢弃处理,步骤105;对VID匹配的数据 The present invention is as follows VLAN technology implementations on the WLAN AP: As shown, the present invention is a wireless LAN access point device 1 is a flowchart of virtual local area network implemented method comprising the following steps: First, be added to all the distribution system to the management domain is divided AP, the wireless terminal to access each AP is divided into a user domain, a distribution system for the addition of each AP assigned a unique VLAN identifier VID (VLAN identifier, hereinafter referred VID), while each wireless terminal also corresponds to a unique user domain VID, step 101; AP transmitted by the wireless terminal to a data distribution system or are themselves encapsulated into frames (VLAN-tagged with VLAN tag) after the data frame is transmitted to the distribution system, step 102; checks the received data frame from a distribution system, step 103; determining whether the data frame is a VLAN tag, step 104; if not, then discards the data frame for step 105 ; then the data frames with the VLAN tag VID consistency check, step 106; VID data does not match the frame discarding step 105; VID matching data 帧去掉其带有的VLAN标签,步骤107;然后转发该数据帧至相应的AP或无线终端,步骤108。 Remove its frames with the VLAN tag, step 107; then forwards the data frame to the corresponding terminal or a wireless AP, step 108.

其中,步骤106中对带有VLAN标签的数据帧进行VID匹配性检查,是对接收到的数据帧所带的VID与管理域中AP的VID、或与用户域中的无线终端的VID是否匹配进行检查;本发明中,当无线终端在各接入点设备间发生切换时,当前接入的AP负责获得并维持该无线终端的原用户域属性,并向分布系统广播通知切换信息,而与该无线终端相对应的原接入的AP,则释放该用户域属性。 Wherein, in step 106 the data frames with a VLAN tag VID consistency check is performed, is the VID field with the AP management data frame carried VID received, or the wireless terminal matches the VID user domain inspection; the present invention, when the handover occurs between the wireless terminal devices each access point, AP currently accessed by the user is responsible for obtaining and maintaining the original properties of the wireless terminal domain, and distributed switching system broadcast information notification, with the AP the wireless terminal corresponding to the original access, the user releases the domain attribute.

下面,分别以两种不同的组网应用实例,来说明本发明所提出的无线局域网接入点设备虚拟局域网的实现方法:在无线局域网组网时,将分布系统划分为两类VLAN域,一个是由所有接入点设备202、管理员设备204(或接入控制器301)组成的VLAN域,在该域内管理员204(或接入控制器301)可以访问及控制所有接入点设备202,各接入点设备之间也可以自由访问,该VLAN域被称为管理域;另一个是由每个AP所接入的无线终端203所组成的多个VLAN域,即分布系统内形成的多个无线终端的虚拟子网集合,相同VLAN域的无线终端之间可以自由访问,不同VLAN域的无线终端之间不能互访,这些域被称为用户域。 Here, respectively two different examples of networking application, to illustrate the present invention, the proposed wireless LAN virtual local area network access point device implemented method: when the wireless LAN network, the distribution system is divided into two VLAN domain, a VLAN is a domain to all access point device 202, administrator device 204 (or the access controller 301) consisting of, access to and control of all of the access point device 202 in the domain administrator 204 (or the access controller 301) between each access point device can freely access the VLAN management domain is called domain; the other is a plurality of VLAN field by each wireless AP of the access terminal 203 consisting of, i.e., formed in the distributed system a plurality of virtual sub-set of wireless terminals, the wireless terminal can freely access the same VLAN domain, different wireless terminals can not communicate VLAN domains, these domains is referred to as a user domain.

如图2所示,为本发明所述的无线局域网接入点设备虚拟局域网的实现方法的组网应用实例一,它是无线局域网组网时,网络中没有接入控制器AC或者相当功能的其他设备时的VLAN组网应用,管理员设备204、接入点设备202分别与交换机201连接,并组成管理域,每个AP所接入的无线终端203所组成的多个VLAN域为多个用户域。 As shown, the present invention is a wireless LAN access point device virtual local area network implemented method of a network application example 2, which is a wireless local area network, not the network access controller AC or equivalent functions Network VLAN other devices when the application manager device 204, the access point device 202 are connected to the switch 201, and the composition of management domains, each AP of the wireless access terminal 203 consisting of a plurality of domains is a plurality of VLAN user domain.

如图3所示,为本发明所述的无线局域网接入点设备虚拟局域网的实现方法的组网应用实例二,它是无线局域网组网时,所有接入点设备AP汇聚到接入控制器AC或相当设备时的VLAN组网应用,与实例一不同的是,实例二的组网应用中组成管理域包括各接入点设备203和接入控制器301或者相当的其它设备,AP的连接与实例一相同,但接入控制器AC则一端与交换机201相连,另一端与INTERNET相连。 3, the present invention is a wireless local area network access point device virtual LAN application example of two-implemented method, which is a wireless LAN network, the access point device AP for all converge to the access controller Network VLAN applied when an AC or equivalent device, with a different example, the two examples of application of the composition of network management domain including the access point device 203 and the access controller 301, or other comparable devices, connection to the AP a same example, but the access controller AC is connected with one end of the switch 201, and the other end connected to the INTERNET.

本发明中,在AP上实现虚拟局域网的方法包括按照以下操作步骤第一步,当AP加入分布系统时,将其加入管理域,即使AP获得管理域标识VID;第二步,某一无线终端接入时,AP将该无线终端加入到一个用户域,即使该无线终端获得该用户域的VID;第三步,AP将由该无线终端或其本身发送到分布系统的数据帧,封装成带有VLAN标签(VLAN-Tagged)的数据帧,并发送到分布系统;第四步,AP检查从分布系统接收的数据帧,对不带VLAN-Tagged的数据帧进行丢弃处理;对带VLAN-Tagged的数据帧进一步作VID匹配检查,即检查该数据帧的VID是否匹配,对不匹配的数据帧作丢弃处理,对匹配的数据帧,则去掉其VLAN标签后,再转发该数据帧至相应的接入点设备或无线终端;第五步,当无线终端在不同AP间进行了切换时,当前接入的AP负责获得并维持该无线终端的原用户域属性,同时 In the present invention, a method implemented in the AP VLAN comprises a first step according to the following steps, when the AP was added a distribution system, which is added to the management domain, the management domain identifier is obtained even if the VID AP; a second step, a wireless terminal when the access, the wireless terminal the AP to join a user domain, even if the wireless terminal of the user domain to obtain the VID; a third step, the AP itself or by the wireless terminal transmits a data frame to the distribution system, as packaged with VLAN tag (VLAN-Tagged) data frames sent to the distribution of the system; the fourth step, the AP checks the received data frame from the distribution system, without the data VLAN-Tagged frames discards; of the tape VLAN-Tagged after the data frame is further for VID matching inspection, i.e. inspection of the data frame VID match, the data does not match the frame for discarding data frames match, then remove its VLAN tag, then forwards the data frame to the corresponding contact point or wireless terminal; a fifth step, when the wireless terminal performs a handover between different AP, the AP currently accessed is responsible for obtaining and maintaining the original user of the wireless terminal domain properties, while 在管理域内向分布系统发送无线终端切换的消息,原接入的AP收到该切换消息后,释放该无线终端的相关资源。 After the wireless terminal transmits the message to the domain management distributed switching system, the original AP receiving the handover access message, releases resources of the wireless terminal.

由于与AP之间的无线终端用户域属性消息的交互目前还没有标准支持,因此这里使用的是私有交互消息,即需要通过该私有交互消息,将无线终端的用户域VID等信息传递给对方。 Since the wireless terminal user domain attributes of the message and the interaction between the AP currently no standard support, hence the use of the private interactive message, i.e., the need to interact private message, transferring user domain information VID wireless terminals to each other.

AP上组建VLAN的具体应用按照两种组网应用实例,具体描述如下:(1)在应用实例一中,网络内没有AC或相当功能设备,适用于企业级应用。 AP VLAN formed on the specific application example according to the types of networking application, described as follows: (1) In an application example, there is no AC or equivalent functions within the network devices for enterprise applications. 管理员将进入分布系统的AP加入管理域,并在AP上配置无线终端的VID,当某一无线终端接入AP时,AP根据该无线终端的VID将其加入到一个用户域,形成了管理域和用户域1~3,如图2所示,该组网方式下,只有相同用户域的无线终端之间可以相互通信;若某一无线终端在AP间发生切换,则当前接入无线终端的AP用于获得并维持该无线终端的原用户域属性,并在管理域内向分布系统通知无线终端的切换消息。 The system administrator will enter the distribution of AP was added management domain, and configure the wireless terminal VID on AP, when a wireless access terminal AP, AP according to the wireless terminal VID added to a user domain management formed domains and user domains 1 to 3, shown in Figure 2, the wireless terminal can communicate with each other at the networking, only the same user domain; if a handover occurs between the wireless terminal the AP, the wireless terminal currently accesses the original user of the domain attribute AP for obtaining and maintaining the wireless terminal, and notifies the handover message to the radio terminal in a distribution system management domain.

(2)在应用实例二中,网络内所有AP最终汇聚到AC或相当功能的设备,适用于运营级应用。 (2) Second application example, within the network all AP eventually converge to an AC or equivalent function device for carrier-class application. AC或相当功能的设备将进入分布系统的AP加入管理域,当某一无线终端接入AP后,由AC配置该无线终端的VID,AP根据该无线终端的VID配置将其加入到一个用户域,形成了管理域和多个用户域如1~3,如图3所示,AC用于控制不同VLAN域的无线终端之间是否可以相互通信,当某一个无线终端在AP间切换时,当前接入的AP负责获得并维持该无线终端的原用户域属性,并在管理域内向分布系统通知无线终端的切换消息。 Or AC device function will enter fairly distributed system management domain join an AP, when a wireless access terminal AP, the wireless terminal by the AC VID configuration, according to the AP of the wireless terminal VID is arranged to join a user domain forming a plurality of management domains and user domains 1 to 3, as shown, the AC is used to control whether the communication may be mutually different VLAN domains between the wireless terminal 3, a wireless terminal when a switch between the AP, the current accessed AP is responsible for obtaining and maintaining the original user of the wireless terminal domain attributes, and notifies the handover message to the radio terminal in a distribution system management domain.

Claims (7)

1.一种无线局域网接入点设备虚拟局域网的实现方法,该方法包括以下步骤:将加入分布系统的接入点设备加入管理域,为其分配管理域唯一标识;将接入的无线终端加入到一个用户域,为其分配用户域唯一标识;将数据帧封装成带有VLAN标签的数据帧,并发送到分布系统;检查从分布系统接收到的数据帧,对不带VLAN标签的数据帧进行丢弃处理;对带VLAN标签的数据帧作VID匹配性检查;对不匹配的数据帧作丢弃处理,对匹配的数据帧,去掉其所带的VLAN标签后,转发至相应的接入点设备或无线终端。 A wireless LAN access point device implemented virtual local area network, the method comprising the steps of: the access point device will be added to the distribution management system to join the domain, the domain manager assigned unique identification; wireless access terminal to join a user domain, a user assigned a unique identifier field; encapsulated data frames into data frames with the VLAN tag, and sent to a distribution system; receiving from the distributed system to check the data frame, data frame without a VLAN tag discards; data frames with VLAN tag VID for consistency check; does not match the data frames for discarding data frames match, remove the VLAN tag carried by its forwarding to the corresponding access point device or a wireless terminal.
2.如权利要求1所述的无线局域网接入点设备虚拟局域网的实现方法,其特征在于,所述无线终端在各接入点设备间发生切换时,当前接入的接入点设备获得并维持该无线终端的原用户域属性,同时,在管理域内向分布系统发送无线终端切换的消息,原接入的接入点设备收到所述切换消息后,释放该无线终端的相关资源。 2. The wireless LAN access point device according to claim 1 virtual local area network implemented method, wherein, when switching the wireless terminal occurs between each access point device, the current access device obtains the access point and maintaining the original user of the wireless terminal domain properties, while the wireless terminal sends a message to the switching system in the distributed management domain, the original access point device receiving the handover access message, releases resources of the wireless terminal.
3.如权利要求1所述的无线局域网接入点设备虚拟局域网的实现方法,其特征在于,所述对带VLAN标签的数据帧作VID匹配性检查的步骤,包括对接收到的数据帧所带的VID与管理域中接入点设备的VID是否匹配进行检查。 Implementation WLAN virtual local area network access point device as claimed in claim 1, wherein said data frames with VLAN tag VID Procedures consistency check, including the received data frames VID VID and management device with the access points in the field to check the match.
4.如权利要求1所述的无线局域网接入点设备虚拟局域网的实现方法,其特征在于,所述对带VLAN标签的数据帧作VID匹配性检查的步骤,包括对接收到的数据帧所带的VID与或与用户域中的无线终端的VID是否匹配进行检查。 Implementation WLAN virtual local area network access point device as claimed in claim 1, wherein said data frames with VLAN tag VID Procedures consistency check, including the received data frames VID VID and the user domain or with the wireless terminal checks matches.
5.如权利要求1所述的无线局域网接入点设备虚拟局域网的实现方法,其特征在于,所述管理域包括管理员和接入的各接入点设备。 5. The wireless LAN access point device according to claim 1 implemented method of virtual local area network, wherein the management domain including the access point device and the administrator access.
6.如权利要求1所述的无线局域网接入点设备虚拟局域网的实现方法,其特征在于,所述管理域包括接入控制器及相当功能设备,和接入的各接入点设备。 6. The wireless local area network access point device according to claim 1 implemented method of virtual local area network, wherein the management domain comprises each access point device access controller functionality and the equivalent equipment, and access.
7.如权利要求1所述的无线局域网接入点设备虚拟局域网的实现方法,其特征在于,所述用户域包括多个与各接入点设备对应连接的无线终端。 7. The wireless LAN access point device according to claim 1 implemented method of virtual local area network, wherein the user domain comprises a plurality of wireless terminals connected to the respective points corresponding to the access device.
CNB031399320A 2003-07-21 2003-07-21 Method for implementing VLAN on WLAN access point equipment CN1317861C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB031399320A CN1317861C (en) 2003-07-21 2003-07-21 Method for implementing VLAN on WLAN access point equipment

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CNB031399320A CN1317861C (en) 2003-07-21 2003-07-21 Method for implementing VLAN on WLAN access point equipment
AU2003289599A AU2003289599A1 (en) 2003-07-21 2003-11-27 The method of implementing vlan on the device of wireless lan access point
PCT/CN2003/001010 WO2005008957A1 (en) 2003-07-21 2003-11-27 The method of implementing vlan on the device of wireless lan access point

Publications (2)

Publication Number Publication Date
CN1571377A true CN1571377A (en) 2005-01-26
CN1317861C CN1317861C (en) 2007-05-23

Family

ID=34069981

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB031399320A CN1317861C (en) 2003-07-21 2003-07-21 Method for implementing VLAN on WLAN access point equipment

Country Status (3)

Country Link
CN (1) CN1317861C (en)
AU (1) AU2003289599A1 (en)
WO (1) WO2005008957A1 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100389575C (en) 2005-07-13 2008-05-21 华为技术有限公司 Method for realizing access-in management of on-line apparatus
WO2008131680A1 (en) * 2007-04-27 2008-11-06 Huawei Technologies Co., Ltd. Verifying management virtual local area network identifier provisioning consistency
WO2008145050A1 (en) * 2007-05-25 2008-12-04 Huawei Technologies Co., Ltd. Method of preventing transport leaks in hybrid switching networks by extension of the link layer discovery protocol (lldp)
CN100466626C (en) 2006-11-27 2009-03-04 华为技术有限公司 Wireless service differentiation method and wireless transmission device
WO2009056039A1 (en) * 2007-10-22 2009-05-07 Huawei Technologies Co., Ltd. A METHOD AND DEVICE FOR REALIZING AUTOMATICAL DISTRIBUTION OF QinQ BUSINESS LABEL TERMINAL TO TERMINAL
CN100563244C (en) 2005-04-28 2009-11-25 华为技术有限公司 Method for identifying AAL5 frame package format automatically
WO2010012152A1 (en) * 2008-08-01 2010-02-04 阿尔卡特朗讯 Method and equipment for implementing data transmission in wireless network
CN1925442B (en) 2006-08-01 2011-06-29 程伟明 Automatic network-building method for wireless communication terminal in intelligent environment
CN102130890A (en) * 2010-01-18 2011-07-20 杭州华三通信技术有限公司 Method for increasing rate of performing network cloning by utilizing GHOST and equipment
US8140654B2 (en) 2007-04-27 2012-03-20 Futurewei Technologies, Inc. Verifying management virtual local area network identifier provisioning consistency
CN102869012A (en) * 2011-07-05 2013-01-09 横河电机株式会社 Wireless Local Area Network (WLAN) access point equipment, system and related method
CN104426791A (en) * 2013-08-29 2015-03-18 上海贝尔股份有限公司 Network enhancing node used for wireless network
CN105809917A (en) * 2014-12-29 2016-07-27 中国移动通信集团公司 Method and device for transmitting messages of internet of things

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AT402389B (en) * 1995-10-04 1997-04-25 Fischer Adv Components Gmbh Safety device mounted in the aircraft interior containers and containers for the airline industry
US5745481A (en) * 1996-06-03 1998-04-28 Motorola, Inc. Message system and method for efficient multi-frequency roaming
US6201811B1 (en) * 1998-03-24 2001-03-13 Telefonaktiebolaget Lm Ericsson (Publ) Transferring Identifier information in a telecommunications system
US6370380B1 (en) * 1999-02-17 2002-04-09 Telefonaktiebolaget Lm Ericsson (Publ) Method for secure handover
US7307963B2 (en) * 2001-08-03 2007-12-11 At&T Corp. Architecture and method for using IEEE 802.11-like wireless LAN system to emulate private land mobile radio system (PLMRS) radio service
JP2003143161A (en) * 2001-11-06 2003-05-16 Nippon Telegr & Teleph Corp <Ntt> Mobile terminal, access point and access node in radio communication access control system
CN1125545C (en) * 2001-12-31 2003-10-22 刘军民 Data formarding method for implementing virtual channel transmission in LAN
CN1124759C (en) * 2002-08-15 2003-10-15 西安西电捷通无线网络通信有限公司 Safe access method of mobile terminal to radio local area network

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100563244C (en) 2005-04-28 2009-11-25 华为技术有限公司 Method for identifying AAL5 frame package format automatically
CN100389575C (en) 2005-07-13 2008-05-21 华为技术有限公司 Method for realizing access-in management of on-line apparatus
CN1925442B (en) 2006-08-01 2011-06-29 程伟明 Automatic network-building method for wireless communication terminal in intelligent environment
CN100466626C (en) 2006-11-27 2009-03-04 华为技术有限公司 Wireless service differentiation method and wireless transmission device
US8140654B2 (en) 2007-04-27 2012-03-20 Futurewei Technologies, Inc. Verifying management virtual local area network identifier provisioning consistency
WO2008131680A1 (en) * 2007-04-27 2008-11-06 Huawei Technologies Co., Ltd. Verifying management virtual local area network identifier provisioning consistency
US7969888B2 (en) 2007-04-27 2011-06-28 Futurewei Technologies, Inc. Data communications network for the management of an ethernet transport network
US8442072B2 (en) 2007-05-25 2013-05-14 Futurewei Technologies, Inc. Method of preventing transport leaks in hybrid switching networks by extension of the link layer discovery protocol (LLDP)
WO2008145050A1 (en) * 2007-05-25 2008-12-04 Huawei Technologies Co., Ltd. Method of preventing transport leaks in hybrid switching networks by extension of the link layer discovery protocol (lldp)
WO2009056039A1 (en) * 2007-10-22 2009-05-07 Huawei Technologies Co., Ltd. A METHOD AND DEVICE FOR REALIZING AUTOMATICAL DISTRIBUTION OF QinQ BUSINESS LABEL TERMINAL TO TERMINAL
WO2010012152A1 (en) * 2008-08-01 2010-02-04 阿尔卡特朗讯 Method and equipment for implementing data transmission in wireless network
CN101640621B (en) 2008-08-01 2012-09-19 上海贝尔阿尔卡特股份有限公司 Method and device for realizing data transmission in wireless network
CN102130890B (en) 2010-01-18 2013-09-18 杭州华三通信技术有限公司 Method for increasing rate of performing network cloning by utilizing GHOST and equipment
CN102130890A (en) * 2010-01-18 2011-07-20 杭州华三通信技术有限公司 Method for increasing rate of performing network cloning by utilizing GHOST and equipment
CN102869012A (en) * 2011-07-05 2013-01-09 横河电机株式会社 Wireless Local Area Network (WLAN) access point equipment, system and related method
CN102869012B (en) * 2011-07-05 2018-11-06 横河电机株式会社 Device of wireless local area network access point and system and associated method
CN104426791A (en) * 2013-08-29 2015-03-18 上海贝尔股份有限公司 Network enhancing node used for wireless network
CN104426791B (en) * 2013-08-29 2017-10-03 上海贝尔股份有限公司 A kind of network for wireless network strengthens node
CN105809917A (en) * 2014-12-29 2016-07-27 中国移动通信集团公司 Method and device for transmitting messages of internet of things

Also Published As

Publication number Publication date
WO2005008957A1 (en) 2005-01-27
CN1317861C (en) 2007-05-23
AU2003289599A1 (en) 2005-02-04

Similar Documents

Publication Publication Date Title
US9397943B2 (en) Configuring virtual media access control addresses for virtual machines
US5490139A (en) Mobility enabling access point architecture for wireless attachment to source routing networks
KR101260100B1 (en) Public access point
ES2423658T3 (en) Switching and forwarding method, system and equipment in Ethernet
CA2572568C (en) Seamless roaming across wireless subnets using source address forwarding
EP3376712B1 (en) Method and apparatus for implementing communication between virtual machines
EP0861544B1 (en) Method for establishing restricted broadcast groups in a switched network
US7397811B2 (en) Method and apparatus for determining shared broadcast domains of network switches, ports and interfaces
KR100694296B1 (en) System and method for simultaneously offering multicast switching and routing
JP4190421B2 (en) Personal virtual bridge local area network
US6157647A (en) Direct addressing between VLAN subnets
US9448821B2 (en) Method and system for realizing virtual machine mobility
US6167052A (en) Establishing connectivity in networks
US8457031B2 (en) System and method for reliable multicast
US7505434B1 (en) VLAN tagging in WLANs
US20090141717A1 (en) Dynamic building of vlan interfaces based on subscriber information strings
JP2008504777A (en) Virtual broadcast network for inter-domain communication
CN1331330C (en) Device and method in access system
US7876704B1 (en) Tunneling protocols for wireless communications
CN102148749B (en) Method and device for extending switch port
US5909441A (en) Apparatus and method for reducing frame loss in route switched networks
JP2009538083A (en) MAC address learning in distributed bridge
US20090274060A1 (en) System and method for remote monitoring in a wireless network
US20040114588A1 (en) Application non disruptive task migration in a network edge switch
US5530963A (en) Method and system for maintaining routing between mobile workstations and selected network workstation using routing table within each router device in the network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant