CN1964576A - A method for wireless access and access controller - Google Patents
A method for wireless access and access controller Download PDFInfo
- Publication number
- CN1964576A CN1964576A CNA2006101656371A CN200610165637A CN1964576A CN 1964576 A CN1964576 A CN 1964576A CN A2006101656371 A CNA2006101656371 A CN A2006101656371A CN 200610165637 A CN200610165637 A CN 200610165637A CN 1964576 A CN1964576 A CN 1964576A
- Authority
- CN
- China
- Prior art keywords
- access
- wireless
- roamer
- wireless user
- access controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The disclosed wireless access method comprises: the access controller decides whether current user is cruised, yes to skip the access identification and provide the wireless access service directly; then, the controller identifies user access, and stops service if the identification failure. This invention provides seamless service.
Description
Technical field
The present invention relates to the wireless LAN communication technology, specifically, relate to a kind of radio switch-in method and access controller.
Background technology
In recent years, the user presents characteristics such as broadband, mobile and facilitation to the demand of access service.(Wireless Local Area Network, WLAN) technology and product have catered to people's demand, and have obtained large-scale promotion and application in the world based on the WLAN (wireless local area network) of IEEE802.11 standard.WLAN provides a kind of wireless access service of local area network (LAN), comprise access controller (AccessController, AC) and access point (Access Point, WLAN AP) is called integral WLAN.In integral WLAN, AC is used for WLAN is managed concentratedly; AP is a wireless transmitting-receiving equipments, it by and AC set up the link back and add WLAN, and and AC be that (Station STA) provides the wireless access service to the wireless user together.
Wireless access point control and configuration (Control and Provisioning of Wireless AccessPoints, CAPWAP) protocol definition the structure of integral WLAN, the division of WLAN function on AP equipment and AC equipment described.The CAPWAP agreement has also defined the communication protocol between AP and the AC.A WLAN can comprise a plurality of AC and AP, and this provides wide service-domain and roaming territory for the wireless user.The wireless user can select any AP in the service-domain to insert WLAN, and can roam between each AP in WLAN.
Fig. 1 is the networking structure schematic diagram of integral WLAN.As shown in Figure 1, described WLAN comprises two access controllers: the first access controller AC1, the second access controller AC2, two access points: the first access point AP1, the second access point AP2 wherein establish CAPWAP tunnel (Tunnel) between AP1, the AC1 and between AP2, the AC2.AC1, AC2 are connected with router (Router), and by the router access internet.AC1, AC2 also are connected with certificate server, by certificate server the wireless user are carried out access authentication.Certificate server can be remote authentication dial-in user service (Remote Authentication Dial In User Service, Radius) server.
Fig. 2 is the flow chart of radio switch-in method.Describe the method that wireless user STA inserts WLAN below in conjunction with Fig. 1 and Fig. 2, this method may further comprise the steps:
Step 201: wireless user STA selects to insert the AP of WLAN.
STA finds that AP1 and AP2 provide the wireless access service, but AP1 has higher signal strength signal intensity (promptly more high s/n ratio) than AP2, thereby STA initial selected AP1 inserts WLAN.
Step 202:STA and AC1 carry out link authentication and link negotiation.
STA sends the link authentication request message by AP1 to AC1, by AC1 STA is carried out link authentication.If the link authentication success, STA sends the link negotiation request message by AP1 to AC1, and AC1 handles accordingly according to this request message.
Step 203:AC1 carries out access authentication to STA.
AC1 carries out access authentication by the Radius server to STA, and access authentication adopts the IEEE802.1x agreement to carry out.Access authentication procedure comprises: 1) STA sends the access authentication request message to AC1, comprises the username and password of STA in this request message; 2) AC1 is transmitted to the Radius server with this request message; 3) after the Radius server was confirmed user identity, (PairwiseMaster Key PMK), and sent to STA by AC1 with this PMK, all preserves this PMK among Radius server and the STA for STA distributes symmetrical master key; 4) after the Radius server carries out the access authentication success to STA, respond the access authentication success message to AC1, and carry described PMK; 5) after AC1 receives the access authentication success message, preserve described PMK, and set up medium access control (Medium AccessControl, MAC) corresponding relation of address and described PMK of STA.
Step 204:AC1 and STA carry out key agreement.
For the privacy protection to user data is provided, after STA being carried out the access authentication success, AC1 initiates cipher key agreement process, and (Pairwise Temporary Key PTK), generates PTK according to PMK to consult symmetrical temporary key with STA.PTK is used for unicast data is encrypted.
Step 205:AC1 and AP1 provide the wireless access service for STA.
STA is by the access authentication of AC1, and behind the successful arranging key, just can conduct interviews to network by AP1 and AC1.
In WLAN, STA may move between AP.When STA from AP1 gradually when AP2 moves, STA determines that AP2 can provide better service, has higher signal strength signal intensity such as AP2, at this moment, STA can select to insert WLAN by AP2.
When STA had selected new access point AP2, its access procedure promptly also needed to finish link authentication and link negotiation, access authentication and key agreement with above-described consistent.After finishing these steps, STA is linked into WLAN again, thereby has finished roam procedure.But, finish these steps, need carry out repeatedly message negotiation, cause again access procedure consuming time longer.Like this, just can not guarantee the continuity of high-level business, also just can't provide seamless roaming service for the user.
Therefore, there is defective in prior art, and awaits improving.
Summary of the invention
Technical problem to be solved by this invention provides a kind of radio switch-in method and access controller, when the wireless user roams, for it provides seamless roaming service.
In order to address the above problem, it is as follows to the invention provides technical scheme:
A kind of radio switch-in method comprises: access controller judges whether the wireless user of current access is the roamer, when definite described wireless user is the roamer, skips the access authentication step, directly provides the wireless access service for this wireless user.
Method of the present invention, wherein, access controller judges whether the wireless user of current access is that the roamer is: access controller sends roamer's query messages to its neighbours' access controller, carry this wireless user's MAC Address in this query messages, confirm in order to request neighbours access controller whether it preserves the PMK corresponding with described MAC Address, and determine according to roamer's acknowledge message that neighbours' access controller returns whether the wireless user is the roamer.
Method of the present invention, wherein, access controller utilizes synchronization mechanism to obtain the PMK information that other access controllers are preserved in wireless network; Access controller judges whether the wireless user of current access is that the roamer is: judge whether this access controller preserves the PMK corresponding with this wireless user's MAC Address, if determine that then described wireless user is the roamer.
Method of the present invention, wherein, access controller judges whether the wireless user of current access is that the roamer is: judge whether this access controller preserves the PMK corresponding with this wireless user's MAC Address, if determine that then described wireless user is the roamer; Otherwise, access controller sends roamer's query messages to its neighbours' access controller, carry this wireless user's MAC Address in this query messages, confirm in order to request neighbours access controller whether it preserves the PMK corresponding with described MAC Address, and determine according to roamer's acknowledge message that neighbours' access controller returns whether the wireless user is the roamer.
Method of the present invention, wherein, for the wireless user provides before the wireless access service, further comprise: access controller and described wireless user carry out key agreement after skipping the access authentication step.
Method of the present invention, wherein, after providing the wireless access service for the wireless user, further comprise: access controller carries out access authentication to the wireless user, and when access authentication is failed, stops to provide the wireless access service to the wireless user.
A kind of access controller comprises, wireless access service unit, and roamer's judging unit; Roamer's judging unit is used to judge whether the wireless user is the roamer, and when definite wireless user is the roamer, sends the wireless access service message to the wireless access service unit; The wireless access service unit is used for skipping access authentication when receiving described wireless access service message, directly provides the wireless access service for the wireless user.
Access controller of the present invention, wherein, roamer's judging unit is used for judging by sending roamer's query messages to neighbours' access controller whether the wireless user is the roamer, carry this wireless user's MAC Address in the described query messages, confirm in order to request neighbours access controller whether it preserves the PMK corresponding with described MAC Address.
Access controller of the present invention wherein, also comprises lock unit, is used for obtaining PMK information from other access controllers of wireless network; Roamer's judging unit is used for by judging whether this access controller is preserved the PMK that from other access controllers obtain corresponding with wireless user's MAC Address and judged whether the wireless user is the roamer.
Access controller of the present invention, wherein, roamer's judging unit is used for by judging whether this access controller is preserved the PMK corresponding with wireless user's MAC Address and judged whether the wireless user is the roamer; And when in determining this access controller, not having to preserve the PMK corresponding with described MAC Address, judge by sending roamer's query messages whether the wireless user is the roamer to neighbours' access controller, carry this wireless user's MAC Address in the described query messages, confirm in order to request neighbours access controller whether it preserves the PMK corresponding with described MAC Address.
Access controller of the present invention wherein, also comprises, the key agreement unit is used for carrying out key agreement with described wireless user the wireless access service unit provides the wireless access service for the wireless user before.
Access controller of the present invention, wherein, also comprise, the access authentication unit, be used for after the wireless access service unit provides the wireless access service for the wireless user, the wireless user is carried out access authentication, and when access authentication is failed, stop the wireless access service message to the transmission of wireless access service unit; The wireless access service unit is further used for receiving describedly when stopping the wireless access service message, stops to provide the wireless access service to the wireless user.
A kind of computer software product wherein, comprises that some instructions are used so that a computer equipment is carried out the method for the invention.
A kind of computer equipment comprises in order to the software of carrying out the method for the invention and moves the necessary hardware of this software.
Compared with prior art, the invention has the beneficial effects as follows:
Judging needs whether the wireless user who inserts is the roamer, when definite wireless user is the roamer, for this wireless user provides access service fast, promptly after carrying out link authentication and link negotiation, do not carry out access authentication, directly for the wireless user provides access service, thereby guaranteed the continuity of high-level business, for the user provides seamless roaming service.After providing access service fast for the wireless user, can also carry out the back authentication to the wireless user, further guaranteed the fail safe of WLAN.
Description of drawings
Fig. 1 is the networking structure schematic diagram of integral WLAN;
Fig. 2 is the flow chart of radio switch-in method of the prior art;
Fig. 3 is the flow chart of the described radio switch-in method of the embodiment of the invention;
Fig. 4 is the structural representation of the described access controller of the embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, describe the present invention below in conjunction with the accompanying drawings and the specific embodiments.
Key of the present invention is: when the wireless user need insert, AC judges whether this wireless user is the roamer, when definite wireless user is the roamer, for this wireless user provides access service fast, promptly after carrying out link authentication and link negotiation, do not carry out access authentication, directly provide access service for the wireless user, thereby guaranteed the continuity of high-level business, can provide seamless roaming service for the user.For improving the fail safe of data communication, before the wireless access service is provided for the wireless user, can also comprise cipher key agreement process.
Fig. 3 is the flow chart of the described radio switch-in method of the embodiment of the invention.Describe the radio switch-in method of the embodiment of the invention below in conjunction with Fig. 1 and Fig. 3, this method may further comprise the steps:
Step 301:STA selects to insert the AP of WLAN.
STA can be by receiving beacon (Beacon) message that AP sends passively, and perhaps transmission is detected (Probe) message and found WLAN access service on every side on one's own initiative.STA finds that AP1 and AP2 provide the wireless access service, supposes that STA initial selected AP1 inserts WLAN.When STA from AP1 gradually when AP2 moves, STA determines that AP2 can provide better service, has higher signal strength signal intensity such as AP2, at this moment, STA selects to insert WLAN by AP2.
Step 302:STA and AC2 carry out link authentication and link negotiation.
STA sends the link authentication request message by AP2 to AC2, comprises the MAC Address of STA in this request message.AC2 carries out link authentication to STA, checks promptly in the MAC Address tabulation of its preservation whether the MAC Address corresponding with STA is arranged, and responds the link authentication response message to STA.If the link authentication success, STA sends the link negotiation request message by AP2 to AC2, after AC2 handles accordingly according to this request message, responds the link negotiation response message to STA.The foundation of data link between STA and the AP2 has also just been finished in link negotiation success, and the foundation of logical links between STA and the AC2.
Step 303:AC2 judges whether STA is the roamer, when confirming that STA is the roamer, and execution in step 304; Otherwise, carry out normal the access and handle, and process ends.
AC2 can judge whether STA is the roamer by sending roamer's query messages to all neighbours' access controllers.Here only inquiring about to AC1 with AC2 is that example describes.If STA roams into AC2 by AC1, then it is when initially inserting AC1, and AC1 can carry out access authentication to it.As stated in the Background Art, after the access authentication success, preserve MAC Address and the corresponding PMK of STA among the AC1.That is to say,, can determine that then STA is the roamer if preserve the PMK corresponding among the AC1 with the MAC Address of STA.Thereby described query script comprises: AC2 sends roamer's query messages, the MAC Address of carrying STA in this query messages to AC1; Whether the AC1 inquiry self preserves the PMK corresponding with described MAC Address, if, then respond roamer's acknowledge message to AC2, carry described MAC Address and corresponding PMK in the message; AC2 receives described roamer's acknowledge message, determines that then STA is the roamer.
In addition, also have another situation, when promptly STA is linked into WLAN for the first time, just relevant information is carried out on all AC synchronously, described relevant information is included as the PMK of its distribution.For this situation, judge whether STA is that the roamer is: AC2 judges whether this access controller preserves the PMK corresponding with the MAC Address of STA, if determine that then STA is the roamer.
Whether relevant information is carried out synchronous situation on all AC when not knowing that STA is linked into WLAN for the first time, AC2 can also judge whether this access controller preserves the PMK corresponding with the MAC Address of STA earlier, if determine that then STA is the roamer; If not, judge by sending roamer's query messages whether STA is the roamer again to all neighbours' access controllers.
Because access authentication procedure need be carried out repeatedly message negotiation, and be needed the participation of Radius server, thereby consuming time longer.When definite STA is the roamer, illustrate that STA has passed through the access authentication of AC1, the legitimacy of STA has obtained preliminary assurance, and in order to improve roamer's access speed, AC2 can temporarily not carry out access authentication to STA, but directly carries out key agreement.
Step 304:AC2 and STA carry out key agreement.
For the privacy protection to user data is provided, initiate cipher key agreement process by AC2, consult PTK with STA, PTK is used for unicast data is encrypted.AC2 and STA carry out key agreement by the 4-Way Handshake process, and generate PTK according to the PMK of the MAC Address correspondence of STA, in this process, AC2 and STA need verify whether both sides preserve the PMK of coupling, if not, the 4-Way Handshake procedure failure connects also and therefore interrupts.Thereby cipher key agreement process also provides the assurance to wireless user's legitimacy.
Step 305:AC2 and AP2 provide the wireless access service for STA.
After key agreement was finished, STA can be by the logical links accesses network of setting up.The data that STA sends are received by AP2 earlier, send to AC2 by CAPWAP tunnel then, carry out two layers of forwarding by AC2 again, finally send to destination device; Send to the data of STA for needs, send to AP2 by CAPWAP tunnel again after sending to AC2 earlier, finally the wave point by AP2 sends to STA.
When the wireless access service was provided for STA, AC2 can also send to AC1 and stop the wireless access service message, comprises the MAC Address of STA in this message.After AC1 receives this message, stop wireless access service to STA.
Because AC2 does not carry out access authentication just for it provides the wireless access service to roamer STA,, after this STA inserts WLAN by AP2, can also carry out access authentication (perhaps being called the back authentication) to it by AC2 in order further to guarantee the fail safe of WLAN.Thereby the described radio switch-in method of the embodiment of the invention can further include after step 304: AC2 carries out access authentication to STA, and when access authentication is failed, stops to provide the wireless access service to STA.
AC2 can carry out access authentication to STA by certificate server, and certificate server can be the Radius server.Access authentication adopts the IEEE802.1x agreement to carry out, and adopts IEEE 802.1x agreement that the process that STA carries out access authentication is described in background technology, repeats no more here.In the process of carrying out access authentication, STA is visited WLAN normally.If the access authentication success, then STA roams successfully, and AC2 and AP2 continue as STA the wireless access service is provided, and simultaneously, AC2 sends the roaming success message to AC1, comprises the MAC Address of STA in this message.After AC1 receives this message, delete the information relevant with STA.If the access authentication failure, then STA roaming failure, AC2 and AP2 stop to provide the wireless access service to STA.
Those skilled in the art are understood that easily access authentication also can adopt other agreement to carry out.In simple WLAN, access authentication procedure also can not need the participation of certificate server, but is directly finished by AC.
Fig. 4 is the structural representation of the described access controller of the embodiment of the invention.As shown in Figure 4, the access controller of the embodiment of the invention comprises: link authentication and negotiation element 41, roamer's judging unit 42, access authentication unit 43, key agreement unit 44 and wireless access service unit 45.
Link authentication and negotiation element 41 are used for the wireless user is carried out link authentication and link negotiation, and judge message to roamer's judging unit 42 transmission roamers.Access controller carries out link authentication and link negotiation by link authentication and 41 couples of wireless users of negotiation element after receiving the link authentication and link negotiation request message of wireless user's transmission.After the link negotiation success, send the roamer to roamer's judging unit 42 and judge message.
Roamer's judging unit 42, be used for receiving described roamer when judging message, judge whether the wireless user is the roamer, and when definite wireless user is non-roaming user, send access authentication message to access authentication unit 43, when definite wireless user is the roamer, send key negotiation information to key agreement unit 44.
Roamer's judging unit 42 can judge whether the wireless user is the roamer by sending roamer's query messages to all neighbours' access controllers.Carry wireless user's MAC Address in this query messages; Whether the inquiry of neighbours' access controller self preserves the PMK corresponding with described MAC Address, if, then respond roamer's acknowledge message to roamer's judging unit 42, carry described MAC Address and corresponding PMK in the message; Roamer's judging unit 42 receives described roamer's acknowledge message, determines that then the wireless user is the roamer.
When being linked into WLAN for the first time for the wireless user, just relevant information is carried out synchronous situation on all AC, the described access controller of the embodiment of the invention further comprises lock unit, is used for obtaining PMK information from other access controllers of wireless network.Whether roamer's judging unit 42 can also be preserved the PMK corresponding with wireless user's MAC Address and judge whether the wireless user is the roamer by judging this access controller, if determine that then the wireless user is the roamer.
Whether relevant information is carried out synchronous situation on all AC when not knowing that the wireless user is linked into WLAN for the first time, roamer's judging unit 42 judges earlier whether this access controller preserves the PMK corresponding with wireless user's MAC Address earlier, if determine that then the wireless user is the roamer; If not, judge by sending roamer's query messages whether the wireless user is the roamer again to all neighbours' access controllers.
When definite wireless user is the roamer,, directly send key negotiation information to key agreement unit 44 in order to improve roamer's access speed.When definite wireless user is non-roaming user, carry out normal wireless access process, promptly send access authentication message to access authentication unit 43.
Wireless access service unit 45 is used for when receiving described wireless access service message, for the wireless user provides the wireless access service.
In the access controller of another embodiment of the present invention, in order further to guarantee the fail safe of WLAN, after the roamer inserted WLAN, described access controller also further carried out access authentication (perhaps being called the back authentication) to the wireless user.Wherein:
Wireless access service unit 45 is further used for receiving describedly when stopping the wireless access service message, stops to provide the wireless access service to the wireless user.
Those skilled in the art are understood that easily, in some not high occasions of security requirement to data communication, also can not carry out key agreement.That is to say that the described access controller of the embodiment of the invention also can not comprise key agreement unit 44.When roamer's judging unit 42 is the roamer definite wireless user, directly send the wireless access service message to wireless access service unit 45; Wireless access service unit 45 is according to described wireless access service message, for the wireless user provides the wireless access service.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds necessary general hardware platform, can certainly pass through hardware, but obviously the former is better execution mode.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product comprises that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the described method of the embodiment of the invention.
Equally, can also realize that described computer equipment comprises in order to the software of carrying out the method for the invention and moves the necessary hardware of this software by a kind of computer equipment.
In sum, described radio switch-in method of the embodiment of the invention and access controller, when the wireless user need insert, AC judges whether this wireless user is the roamer, when definite wireless user is the roamer, for this wireless user provides access service fast, promptly after carrying out link authentication and link negotiation, directly carry out key agreement, after key agreement is finished, immediately for the wireless user provides access service, thereby guaranteed the continuity of high-level business, for the user provides seamless roaming service.
Should be noted that at last, above embodiment is only unrestricted in order to technical scheme of the present invention to be described, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement technical scheme of the present invention, and not breaking away from the spiritual scope of technical solution of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (14)
1. a radio switch-in method is characterized in that, comprising:
Access controller judges whether the wireless user of current access is the roamer, when definite described wireless user is the roamer, skips the access authentication step, directly provides the wireless access service for this wireless user.
2. method according to claim 1 is characterized in that, access controller judges whether the wireless user of current access is that the roamer is:
Access controller sends roamer's query messages to its neighbours' access controller, carry this wireless user's media access control MAC address in this query messages, confirm in order to request neighbours access controller whether it preserves the symmetrical master key PMK corresponding with described MAC Address, and determine according to roamer's acknowledge message that neighbours' access controller returns whether the wireless user is the roamer.
3. method according to claim 1 is characterized in that:
Access controller utilizes synchronization mechanism to obtain the PMK information that other access controllers are preserved in wireless network;
Access controller judges whether the wireless user of current access is that the roamer is:
Judge whether this access controller preserves the PMK corresponding with this wireless user's MAC Address, if determine that then described wireless user is the roamer.
4. method according to claim 1 is characterized in that, access controller judges whether the wireless user of current access is that the roamer is:
Judge whether this access controller preserves the PMK corresponding with this wireless user's MAC Address, if determine that then described wireless user is the roamer; Otherwise,
Access controller sends roamer's query messages to its neighbours' access controller, carry this wireless user's MAC Address in this query messages, confirm in order to request neighbours access controller whether it preserves the PMK corresponding with described MAC Address, and determine according to roamer's acknowledge message that neighbours' access controller returns whether the wireless user is the roamer.
5. method according to claim 1 is characterized in that, for the wireless user provides before the wireless access service, further comprises after skipping the access authentication step:
Access controller and described wireless user carry out key agreement.
6. according to each described method in the claim 1 to 5, it is characterized in that, after providing the wireless access service, further comprise for the wireless user:
Access controller carries out access authentication to the wireless user, and when access authentication is failed, stops to provide the wireless access service to the wireless user.
7. an access controller comprises, the wireless access service unit is characterized in that, also comprises roamer's judging unit, wherein:
Roamer's judging unit is used to judge whether the wireless user is the roamer, and when definite wireless user is the roamer, sends the wireless access service message to the wireless access service unit;
The wireless access service unit is used for skipping access authentication when receiving described wireless access service message, directly provides the wireless access service for the wireless user.
8. access controller according to claim 7 is characterized in that:
Roamer's judging unit is used for judging by sending roamer's query messages to neighbours' access controller whether the wireless user is the roamer, carry this wireless user's MAC Address in the described query messages, confirm in order to request neighbours access controller whether it preserves the PMK corresponding with described MAC Address.
9. access controller according to claim 7 is characterized in that:
Also comprise lock unit, be used for obtaining PMK information from other access controllers of wireless network;
Roamer's judging unit is used for by judging whether this access controller is preserved the PMK that from other access controllers obtain corresponding with wireless user's MAC Address and judged whether the wireless user is the roamer.
10. access controller according to claim 7 is characterized in that:
Roamer's judging unit is used for by judging whether this access controller is preserved the PMK corresponding with wireless user's MAC Address and judged whether the wireless user is the roamer;
And when in determining this access controller, not having to preserve the PMK corresponding with described MAC Address, judge by sending roamer's query messages whether the wireless user is the roamer to neighbours' access controller, carry this wireless user's MAC Address in the described query messages, confirm in order to request neighbours access controller whether it preserves the PMK corresponding with described MAC Address.
11. access controller according to claim 7 is characterized in that, also comprises:
The key agreement unit is used for carrying out key agreement with described wireless user the wireless access service unit provides the wireless access service for the wireless user before.
12. according to each described access controller in the claim 7 to 11, it is characterized in that, also comprise:
The access authentication unit is used for after the wireless access service unit provides the wireless access service for the wireless user wireless user being carried out access authentication, and when access authentication is failed, stops the wireless access service message to the transmission of wireless access service unit;
The wireless access service unit is further used for receiving describedly when stopping the wireless access service message, stops to provide the wireless access service to the wireless user.
13. a computer software product is characterized in that: comprise that some instructions are used so that a computer equipment is carried out as the described method of claim 1-6.
14. a computer equipment is characterized in that: comprise in order to carry out as the software of method as described in the claim 1-6 and to move the necessary hardware of this software.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101656371A CN100558187C (en) | 2006-12-11 | 2006-12-11 | A kind of radio switch-in method and access controller |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101656371A CN100558187C (en) | 2006-12-11 | 2006-12-11 | A kind of radio switch-in method and access controller |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1964576A true CN1964576A (en) | 2007-05-16 |
| CN100558187C CN100558187C (en) | 2009-11-04 |
Family
ID=38083400
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006101656371A Active CN100558187C (en) | 2006-12-11 | 2006-12-11 | A kind of radio switch-in method and access controller |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100558187C (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101925065A (en) * | 2010-08-05 | 2010-12-22 | 北京星网锐捷网络技术有限公司 | Authentication method, device, system and wireless access point |
| CN102271125A (en) * | 2010-06-02 | 2011-12-07 | 杭州华三通信技术有限公司 | Method for carrying out 802.1X authentication cross equipment, access equipment and access control equipment |
| CN103188265A (en) * | 2013-03-26 | 2013-07-03 | 汉柏科技有限公司 | Method for preventing IKE ((Internet Key Exchange) negotiation failure caused by overlong authentication time |
| CN103596161A (en) * | 2012-08-14 | 2014-02-19 | 杭州华三通信技术有限公司 | A wireless roaming method and an access controller |
| CN103747431A (en) * | 2013-12-19 | 2014-04-23 | 杭州华三通信技术有限公司 | Method and device for realizing rapid roaming based on neighbor detection |
| CN105516960A (en) * | 2015-12-09 | 2016-04-20 | 上海斐讯数据通信技术有限公司 | Non-perceptual authentication method system, management method and system based on the method system |
| CN107820246A (en) * | 2016-09-14 | 2018-03-20 | 华为技术有限公司 | The methods, devices and systems of user authentication |
| CN110352585A (en) * | 2016-10-17 | 2019-10-18 | 全球里驰科技公司 | The improvement and associated improvement of network communication |
-
2006
- 2006-12-11 CN CNB2006101656371A patent/CN100558187C/en active Active
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9066231B2 (en) | 2010-06-02 | 2015-06-23 | Hangzhou H3C Technologies Co., Ltd. | Method for 802.1X authentication, access device and access control device |
| CN102271125A (en) * | 2010-06-02 | 2011-12-07 | 杭州华三通信技术有限公司 | Method for carrying out 802.1X authentication cross equipment, access equipment and access control equipment |
| CN101925065A (en) * | 2010-08-05 | 2010-12-22 | 北京星网锐捷网络技术有限公司 | Authentication method, device, system and wireless access point |
| CN103596161B (en) * | 2012-08-14 | 2016-06-08 | 杭州华三通信技术有限公司 | A kind of wireless roaming method and Access Control device |
| CN103596161A (en) * | 2012-08-14 | 2014-02-19 | 杭州华三通信技术有限公司 | A wireless roaming method and an access controller |
| CN103188265B (en) * | 2013-03-26 | 2015-11-18 | 汉柏科技有限公司 | A kind ofly prevent the long method causing ike negotiation failure of authenticated time |
| CN103188265A (en) * | 2013-03-26 | 2013-07-03 | 汉柏科技有限公司 | Method for preventing IKE ((Internet Key Exchange) negotiation failure caused by overlong authentication time |
| CN103747431A (en) * | 2013-12-19 | 2014-04-23 | 杭州华三通信技术有限公司 | Method and device for realizing rapid roaming based on neighbor detection |
| CN103747431B (en) * | 2013-12-19 | 2017-05-10 | 新华三技术有限公司 | Method and device for realizing rapid roaming based on neighbor detection |
| CN105516960A (en) * | 2015-12-09 | 2016-04-20 | 上海斐讯数据通信技术有限公司 | Non-perceptual authentication method system, management method and system based on the method system |
| CN105516960B (en) * | 2015-12-09 | 2020-01-07 | 上海斐讯数据通信技术有限公司 | Non-perception authentication method and system, and management method and system based on method and system |
| CN107820246A (en) * | 2016-09-14 | 2018-03-20 | 华为技术有限公司 | The methods, devices and systems of user authentication |
| CN107820246B (en) * | 2016-09-14 | 2020-07-21 | 华为技术有限公司 | User authentication method, device and system |
| CN110352585A (en) * | 2016-10-17 | 2019-10-18 | 全球里驰科技公司 | The improvement and associated improvement of network communication |
| US11297047B2 (en) | 2016-10-17 | 2022-04-05 | Global Reach Technology, Inc | Network communications |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100558187C (en) | 2009-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2520772C (en) | Facilitating 802.11 roaming by pre-establishing session keys | |
| CN109309920B (en) | Security implementation method, related device and system | |
| EP2019518B1 (en) | Method for fast roaming in a wireless network | |
| US7236477B2 (en) | Method for performing authenticated handover in a wireless local area network | |
| EP2095596B1 (en) | Managing user access in a communications network | |
| CN100558187C (en) | A kind of radio switch-in method and access controller | |
| CN101366291B (en) | Wireless router assisted security handoff(wrash) in a multi-hop wireless network | |
| JP6120865B2 (en) | Method and apparatus for managing security key for communication authentication with terminal in wireless communication system | |
| EP3700162B1 (en) | Systems and methods for authentication | |
| CN102111766B (en) | Network accessing method, device and system | |
| US20060067526A1 (en) | Apparatus, and an associated method, for facilitating fast transition in a network system | |
| US20060013398A1 (en) | Method and system for pre-authentication | |
| CN101785343B (en) | Method, system and device for fast transitioning resource negotiation | |
| CN102461062A (en) | Proactive authentication | |
| KR20090005971A (en) | A method of establishing fast security association for handover between heterogeneous radio access networks | |
| CN101300877A (en) | System and method for optimizing a wireless connection between wireless devices | |
| KR20100085185A (en) | Inter-working function for a communication system | |
| US20160134610A1 (en) | Privacy during re-authentication of a wireless station with an authentication server | |
| EP3562185B1 (en) | Method and device for joining access node group | |
| CN101150472A (en) | Authentication method, authentication server and terminal in WIMAX | |
| CN103796206B (en) | Roaming method and communication system applied to traffic system | |
| WO2017171835A1 (en) | Key management for fast transitions | |
| CN101827066A (en) | Networking authentication method and device | |
| WO2023093277A1 (en) | Roaming method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: NEW H3C TECHNOLOGIES Co.,Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: HANGZHOU H3C TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230616 Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd. Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466 Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd. |