JP2010178211A - Network management device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a network management device for facilitating group management by unifying the group management and also capable of performing communication between devices of different groups. <P>SOLUTION: A VLAN switch 1 is provided with a VLAN setting and storing part 12 for making a plurality of ports P0 to P4 to which devices 3 are connected associated with group identification information, and a connection device management storing part 13 for making the respective ports P0 to P4 associated with the identification information of the devices 3. A group extracting part 14 extracts the ports P0 to P4 to which the devices 3 of a transmission source and a transmission destination are connected from the VLAN setting and storing part 12 and the connection device management storing part 13. A routing part 11 makes a packet pass through when groups coincide with each other between the transmission source and the transmission destination, and transfers to a control part 2 an intermediate packet to which the group identification information of the ports P0 to P4 receiving the packet is added so as to make the control part 2 process the packet when the groups do not coincide with each other. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a network management apparatus that is connected to a plurality of devices having a communication function and controls permission and prohibition of communication between the connected devices.

  2. Description of the Related Art Conventionally, a network management apparatus that controls routing between a plurality of devices (terminals) having a communication function has been provided (see, for example, Patent Document 1). As shown in FIG. 3, the apparatus described in Patent Document 1 has a configuration in which a local switch 1 'is connected to a plurality of ports provided in a local router switch 2', and is provided in each local switch 1 '. An intranet is constructed by connecting the devices 3 each having a communication function to a plurality of ports.

  The local switch 1 ′ is a routing unit (intranet routing unit) 16 that performs intranet routing and a routing unit (VLAN learning / tuning) that cooperates with the local router switch 2 ′ when performing routing to another local switch 1 ′. (Identification / forwarding unit) 17, a group table in which the port of the local switch 1 ′, identification information (such as a MAC address) of the device 3, and group identification information (group ID) of the group to which the device 3 belongs are associated and registered. Virtual group registration / routing table section) 18. The routing unit 16 creates an intranet routing table and performs routing between the devices 3 based on the created routing table.

  On the other hand, the local router switch 2 'includes a route server unit 26 having a routing table 26a, a conversion processing unit (intranet processing unit) 27 for converting a protocol, a connection processing unit (VLAN learning / identification / forwarding unit) 28, have. The local router switch 2 ′ and the router switch 1 ′ mutually hold the contents of the routing table of the routing unit 16 and the routing table 26 a of the route server unit 26.

  In the configuration described in Patent Document 1, communication between devices 3 connected to one local switch 1 ′ is performed without transferring a packet to the local router switch 2 ′ or another local switch 1 ′. Communication between the devices 3 connected to different local switches 1 'is performed via the local router switch 2'.

  If the group identification information of the transmission destination is different from the group identification information of the transmission source and matches any group identification information under the management of the same local router switch 2 ′, the device having the identification information of the transmission destination The packet is transferred to the port of the local switch 1 'to which 3 is connected. That is, in the configuration described in Patent Document 1, grouping of the devices 3 constituting the intranet is enabled by providing the local switch 1 'with the group table 18.

JP-A-10-190715

  Incidentally, in the configuration described in Patent Document 1, the group table 18 provided in the local switch 1 ′ associates the port of the local switch 1 ′ with the identification information of the device 3 and the group identification information of the group to which the device 3 belongs. Therefore, it is possible to change the group to which each device 3 belongs by rewriting the contents of the group table 18.

  However, since the group of the devices 3 is managed by the group table 18 provided in each local switch 1 ′, the group management is distributed to a plurality of local switches 1 ′, and the group management cannot be unified. There is.

  Furthermore, in the configuration described in Patent Document 1, since each group is intended to construct a virtual LAN, communication between devices 3 belonging to different groups is not particularly taken into consideration. For example, assuming that a wall switch having a communication function and a lighting fixture are used as the device 3 and a group is formed for each manufacturer of the device 3, the devices 3 having the same manufacturer are in the same group. Communication is possible because it belongs, and lighting fixtures can be turned on / off by operation of the wall switch, but communication is impossible between devices 3 of different manufacturers, so only the lighting fixtures are manufactured by other manufacturers. If it is replaced with a person's, the problem arises that the lighting device cannot be operated with the original wall switch.

  SUMMARY OF THE INVENTION The present invention has been made in view of the above-mentioned reasons, and an object of the present invention is to make it easy to manage a group by unifying group management and to enable communication between devices in different groups. Is to provide.

  The invention of claim 1 has a plurality of ports connected to a device having a communication function via a communication line, divides the devices connected to each port into groups, and performs routing of packets transmitted by the devices. A network management device for constructing a virtual local network by using a VLAN switch unit for selecting a route of a packet received from a device through each port, and a group of a transmission source and a transmission destination among packets received by the VLAN switch unit. A VLAN switch storage unit that registers group identification information indicating a group in association with each port, and identification information of a device connected to each port. Is stored in association with each port, and the received packet is stored in V The group to which the port that received the packet belongs is extracted by collating with the AN setting storage unit, and the destination device is identified by collating the identification information of the destination device included in the received packet with the connected device management storage unit. A group extraction unit that extracts a group to which the port belongs by extracting the connected port and checking the port against the VLAN setting storage unit, and a group of a transmission source and a transmission destination of the packet extracted by the group extraction unit A routing unit that sends out the packet from a port to which the destination device is connected when the two match, and the routing unit is a group of the source and destination of the packet extracted by the group extraction unit If the packet does not match, the intermediate ID is added to the packet with the group identification information of the port that received the packet. When the intermediate packet with group identification information added is received from the control unit, a packet is generated by removing the group identification information from the intermediate packet, and the packet is sent to the destination The control unit changes the group identification information of the intermediate packet transferred from the routing unit to the group identification information of the group to which the port to which the packet destination device is connected belongs. A transmission management unit is provided.

  According to a second aspect of the present invention, in the first aspect of the invention, the transmission management unit changes the group identification information by checking the content of the intermediate packet transferred from the routing unit against a predetermined determination rule or determines whether the intermediate packet It is characterized by determining whether to delete.

  According to a third aspect of the present invention, in the first or second aspect of the present invention, the transmission management unit determines whether the transmission source and destination of the packet when the data amount of the intermediate packet transferred from the routing unit exceeds a prescribed threshold. It is characterized by limiting the amount of data passing through the port.

  According to a fourth aspect of the present invention, in any one of the first to third aspects, the one of the VLAN switch unit and the control unit stores the component device information in which the device identification information is registered in association with the group identification information. The transmission management unit has a function of collating a combination of identification information of a device that is a transmission source of a packet and group identification information associated with a port that has received the packet with a component device storage unit, The control unit includes an informing unit for informing when a matching result is not obtained by collation by the transmission management unit.

  According to a fifth aspect of the invention, there is provided a device registration interface according to the fourth aspect of the invention, wherein the correspondence relationship between the identification information of the device registered in the component device storage unit and the group identification information can be changed from the outside. It is characterized by.

  According to a sixth aspect of the present invention, in the fourth or fifth aspect of the present invention, the control unit obtains group identification information corresponding to the identification information of the device when a matching result is not obtained by collation by the transmission management unit. It further comprises a setting change unit that extracts from the component device storage unit and registers the group identification information in the VLAN setting storage unit in association with the port that received the packet.

  According to a seventh aspect of the invention, there is provided a port registration interface according to any one of the first to sixth aspects, wherein the correspondence between the group identification information registered in the VLAN setting storage unit and the port can be changed from the outside. It is characterized by that.

  According to the configuration of the first aspect of the present invention, in the VLAN switch unit having a plurality of ports to which the devices are connected, the VLAN setting storage unit for registering the group identification information in association with each port, and the connection to each port Since the connected device management storage unit for storing the identification information of the device is provided, the VLAN setting storage unit provided in the VLAN switch unit enables centralized management without distributing the management location of the group. In addition, the packet transmission source device group is extracted by comparing the port that received the packet with the VLAN setting storage unit, and the packet transmission destination device group is identified with the transmission destination device identification information. Since the port is connected to the connected device management storage unit and the port to which the destination device is connected is recognized, and the port is extracted by checking the VLAN setting storage unit, the VLAN setting storage unit, the connected device management storage unit, The group of the packet transmission source and the transmission destination can be defined by the combination of the contents of. In addition, the group of the packet transmission source and the transmission destination device is determined to be different, and if the group is the same group, the packet is transferred between the ports. If the group is different, the packet is transferred to the control unit. Packets can be processed by the control unit, and by appropriately setting rules in the transmission management unit provided in the control unit, packets can be transferred between devices in different groups.

  Further, between the VLAN switch unit and the control unit, group identification information indicating a group associated with the port that received the packet is added to the packet and transferred, so that the control unit transmits the received packet. While recognizing the group to which the original device belongs, it is possible to recognize the group to which the destination device belongs based on the information on the destination device included in the packet. It becomes possible to determine whether or not packet transfer is necessary. In addition, since an intermediate packet including group identification information is used between the VLAN switch unit and the control unit, and the VLAN switch unit performs addition and separation of group identification information in the intermediate packet, the VLAN switch unit and the control unit A physical configuration for dividing the group between the VLAN switch unit and the control unit is simplified, and the physical configuration between the VLAN switch unit and the control unit is simplified. In addition, the device connected to the port does not need to consider group identification information, and the user of the device can perform grouping of each port simply by setting the contents of the VLAN setting storage unit. Can be managed.

  In addition, a VLAN setting storage unit that associates a group with a port and a connection device management storage unit that associates device identification information with a port are provided, and when a device is grouped, a port is interposed instead of dividing the device into groups. Therefore, the combination of the VLAN setting storage unit and the connected device management storage unit can be made to function like a patch panel, and only the contents of the VLAN setting storage unit and the connected device management storage unit are managed. This makes it possible to dynamically group devices.

  According to the configuration of the invention of claim 2, when the group of the transmission source and the transmission destination is different, it is controlled whether the packet transfer is enabled or the packet transfer is prohibited by changing the group identification information Since the transmission management unit provided in the unit makes the determination, packet filtering can be performed by setting an appropriate rule.

  According to the configuration of the invention of claim 3, it is possible to monitor the data amount of packets between the transmission source and the transmission destination, and to perform bandwidth limitation, communication path blocking, and the like. In other words, it is possible to reduce network resources by suppressing unnecessary packets, and it is possible to improve security by not transferring unnecessary packets.

  According to the configuration of the invention of claim 4, the grouping using the identification information of the device is performed, and the comparison with the grouping by the port is performed. When the connected device is not assumed as a group with a device connected to another port, it is possible to warn by notification by the notification unit. That is, it is possible to notify the user of a connection error when an unexpected device is connected to the port.

  According to the configuration of the invention of claim 5, by providing the device registration interface, an external device such as a computer is connected to the device registration interface so that the identification information of any device and the group identification information are Correspondence can be set. That is, even when a new device that is not supposed to be connected is connected to the port, it is possible to cope with the problem by changing the contents of the component device storage unit.

  According to the configuration of the invention of claim 6, grouping can be performed preferentially using information registered in the component device storage unit, and when a new device is connected to a port, it is connected to the port. It is possible to automatically set a group according to the selected device. In other words, if a correspondence relationship between device identification information and groups is determined in advance in the component device storage unit, a group corresponding to the connected device is set to the port simply by connecting the device to the port. For example, the contents of the component device storage unit can be managed by the device manufacturer, the grouping according to communicable devices is automated, and the number of devices constituting the group is also connected to the port It becomes possible to change dynamically according to.

  According to the configuration of the seventh aspect of the invention, by connecting an external device such as a computer to the port registration interface, the correspondence between the group identification information registered in the VLAN setting storage unit and the port can be set or changed. Since it becomes possible, the group assigned to each port can be changed.

It is a block diagram which shows embodiment. It is a figure explaining the intermediate | middle packet used for the same as the above. It is a block diagram which shows a conventional structure.

  The network management apparatus described in the present embodiment constructs a virtual local network by dividing the devices 3 into groups by routing packets transmitted by the devices 3 having a communication function, as shown in FIG. The device 3 includes a VLAN switch unit 1 having a plurality of (five in the illustrated example) ports P0 to P4 connected to each other via the communication line Lc. Modular jacks or the like are used for the ports P0 to P4.

  The VLAN switch unit 1 can communicate with a separately provided control unit 2, and the routing between the ports P0 to P4 is determined by cooperation between the VLAN switch unit 1 and the control unit 2. The VLAN switch unit 1 and the control unit 2 are connected one-to-one via an MII (Media Independent Interface), and, as will be described later, a frame of the same format as a VLAN packet defined by IEEE 802.1Q It communicates using the intermediate packet which has. Therefore, the VLAN switch unit 1 and the control unit 2 physically secure a plurality of channels while using one port each. Note that the VLAN switch unit 1 and the control unit 2 include a microcomputer, and various functions described later are realized by operating the microcomputer according to appropriate programs. However, it may be configured by dedicated hardware instead of the microcomputer.

  The VLAN switch unit 1 includes a routing unit 11 that performs routing for packets received at any of the ports P0 to P4, and the routing unit 11 selects a route of the packet. The VLAN switch unit 1 is provided with a VLAN setting storage unit 12 which is a data table in order to assign groups to the ports P0 to P4. In the VLAN setting storage unit 12, as shown in Table 1, each port P0 -P4 and group identification information (hereinafter referred to as "VID") indicating a group are registered in association with each other. That is, a group is assigned to each port P0-P4. A technique for setting the contents of the VLAN setting storage unit 12 will be described later.

  Further, in the VLAN switch unit 1, identification information of the devices 3 connected to the ports P0 to P4 (identification information unique to the devices 3 and using, for example, a MAC address) corresponds to the ports P0 to P4. A connected device management storage unit 13 is provided as a data table to be added and stored. In the connected device management storage unit 13, as shown in Table 2, the identification information of the devices 3 connected to the ports P0 to P4 is registered for the ports P0 to P4 to which the devices 3 are connected.

  The identification information of the device 3 is acquired by communication between the VLAN switch unit 1 and the device 3. For example, in the VLAN switch unit 1, a life confirmation packet for confirming whether or not the device 3 is connected from each of the ports P0 to P4 is periodically transmitted, and the VLAN switch is determined by a response to the life confirmation packet. The unit 1 acquires the identification information of each device 3. Therefore, the identification information of the device 3 in the connected device management storage unit 13 is updated with the identification information of the device 3 included in the packet received from the device 3 through the ports P0 to P4. And the communication with the device 3 is performed, the correspondence between the identification information of the device 3 and the ports P0 to P4 is automatically set in the connected device management storage unit 14.

  In the VLAN setting storage unit 12, group identification information is associated with each port P0 to P4, and in the connected device management storage unit 13, identification information of the device 3 is associated with each port P0 to P4. By using information registered in the VLAN setting storage unit 12 and the connected device management storage unit 13, the identification information of each device 3 and the group identification information can be associated with each other. That is, it becomes possible to group the devices 3. In other words, since the cooperation relationship of the device 3 is determined by the combination of the VLAN setting storage unit 12 and the connected device management storage unit 13, the VLAN setting storage unit 12 and the connected device management storage unit 13 establish a communication path between the devices 3. It will function like a patch panel to decide.

  The correspondence between the ports P0 to P4 and the VID in the VLAN setting storage unit 12 is determined by the user or the builder, and registration of data in the VLAN setting storage unit 12 using an external device such as a computer is performed. For this purpose, the VLAN switch unit 1 or the control unit 2 is provided with a port registration interface 15. Therefore, it is possible to set or change the correspondence relationship between the VID registered in the VLAN setting storage unit 12 and the ports P0 to P4.

  The VLAN switch unit 1 includes a group extraction unit 14 that extracts a group of the transmission source and destination devices 3 from the received packet. In the group extraction unit 14, the group to which the ports P0 to P4 that have received the packet belong is assigned. And the group to which the ports P0 to P4 to which the packet transmission destination device 3 is connected belong.

  That is, in order to extract the group to which the ports P0 to P4 that received the packet belong, the group extraction unit 14 collates the received packet with the VLAN setting storage unit 12. Further, in order to extract the group to which the ports P0 to P4 to which the packet transmission destination device 3 is connected belong, the group extraction unit 14 uses the identification information of the transmission destination device 3 included in the received packet to connect device management. The group to which the ports P0 to P4 belong is extracted by collating with the storage unit 13 to extract the ports P0 to P4 to which the destination device 3 is connected, and collating the ports P0 to P4 with the VLAN setting storage unit 12. To extract. In this way, the group extraction unit 14 uses the VLAN setting storage unit 12 and the connected device management storage unit 13 in combination, so that the ports P0 to P0 to which the device 3 of the source and destination of the received packet are connected are connected. Extract groups for P4.

  Incidentally, the VLAN switch unit 1 is provided with the routing unit 11 as described above, and packets received from the device 3 through the ports P0 to P4 are input to the routing unit 11. The routing unit 11 inquires of the group extraction unit 14 about the group to which the device 3 of the source and destination of the received packet belongs, and whether the group of the device 3 of the source and destination matches or does not match. The packet passage route is selected according to the above.

  When the group of the source and destination of the received packet matches, the routing unit 1 sends the received packet from the ports P0 to P4 to which the destination device 3 is connected. That is, the packet is transmitted only through the VLAN switch unit 1. On the other hand, if the group of the source and destination of the received packet does not match, an intermediate packet in which VID (group identification information) indicating the group to which the ports P0 to P4 that received the packet belong is added to the packet The intermediate packet is transferred to the control unit 2, and the control unit 2 determines how to handle the packet. Here, as will be described later, when the routing unit 1 receives an intermediate packet to which a VID is added from the control unit 2, the routing unit 1 deletes the VID and transmits the packet as a normal packet from any of the ports P0 to P4. It also has.

  The control unit 2 includes a transmission management unit 21 that determines how to handle the intermediate packet according to the intermediate packet transferred from the VLAN switch unit 1. As shown in FIG. 2A, the intermediate packet includes transmission destination identification information (destination address) DA, transmission source identification information (source address) SA, tag TG, and type / length field TP. , Payload DATA and frame check sequence FCS. In other words, a tag TG is added to a packet used in Ethernet (registered trademark). As shown in FIGS. 2B and 2C, the tag TG has a tag protocol identifier TPID indicating that the intermediate packet is a tagged frame, a priority PCP indicating the priority level of the frame, and a MAC address as standard. A format format display CFI indicating whether the format is a non-standard format and a VID (group identification information) indicating a group. The priority order PCP, format format display CFI, and VID are collectively referred to as TCI.

  The intermediate packet frame shown in FIG. 2 has the same format as the VLAN packet frame defined by IEEE 802.1Q. However, the intermediate packet is used only for communication between the VLAN switch unit 1 and the control unit 2, and the packet used for communication between the devices 3 is a normal packet without a tag TG.

  The transmission management unit 21 in the control unit 2 determines the handling of the intermediate packet by judging the contents of the intermediate packet received from the VLAN switch unit 1 according to the rules. The main operation of the transmission manager 21 is as follows.

  The intermediate packet received from the VLAN switch unit 1 by the transmission management unit 21 is in the middle when communication between the transmission source and the transmission destination may be permitted because the groups of the transmission source and the transmission destination do not match. The source VID included in the packet is replaced with the destination VID and returned to the VLAN switch unit 1. In this case, the routing unit 11 provided in the VLAN switch unit 1 removes the VID from the intermediate packet received from the control unit 2 and sends it out from the ports P0 to P4 as a normal packet. This function of the transmission manager 21 enables communication between different groups. That is, it becomes possible to monitor and control by communication technology between the devices 3 belonging to different groups.

  By the way, as a case where a group is set in the device 3, there are a case where cooperation is impossible due to the specifications of the device 3, and a case where the range of the device 3 to be linked is limited. Here, when the manufacturers of the devices 3 are different, it is considered that there are many cases where the devices cannot be linked, but the devices whose standards are established so that the devices can be linked regardless of the manufacturer. 3 enables the devices 3 to be linked regardless of the manufacturer. However, in general, it is safer to prevent cooperation between different manufacturers of equipment 3, so that equipment 3 of different manufacturers can be treated as a different group in principle, and can be treated as the same group if necessary. It is desirable to do.

  Therefore, in addition to the function of changing the VID of the intermediate packet received from the VLAN switch unit 1 and returning it to the VLAN switch unit 1 as described above, the transmission management unit 21 checks the VID of the VID by comparing it with a prescribed determination rule. A function for determining whether to change or delete an intermediate packet is also provided. That is, depending on the contents of the intermediate packet, the intermediate packet is invalidated without changing the VID.

  The determination rule can be set as appropriate. For example, the device 3 such as a remote controller for a water heater and the device 3 such as a lighting fixture do not normally need to be linked. The determination rule is set so that the intermediate packet becomes invalid when the device 3 cannot be linked. In principle, such a determination rule is set on the condition of the type of the transmission source and the transmission destination and the content of request or response. For example, a case is assumed where a facility device (device 3) manufactured in-house and a facility device manufactured by another company or a personal computer (device 3) of a general user are linked. If the former device 3 is the device A and the latter device 3 is the device B, the determination rule is that the request from the device A to the device B is transferred and the request from the device B to the device A is not transferred. do it. Further, since the request from the device A to the device B is transferred, the determination rule is set so that the response from the device B to the device A is also transferred.

  Further, if it is determined whether or not the packet is an illegal intermediate packet based on the error detection code, and a determination rule is set so as to invalidate the illegal intermediate packet, transfer of the illegal packet is prohibited. By setting such a determination rule in the transmission management unit 21, the transmission management unit 21 can be provided with a filtering function for permitting or prohibiting the transfer of intermediate packets.

  When the transmission management unit 21 receives the intermediate packet from the VLAN switch unit 1, the transmission management unit 21 collates the identification information of the transmission source device 3 included in the intermediate packet with the connected device management storage unit 13 provided in the VLAN switch unit 1. By doing this, the port that received the original packet of the intermediate packet is extracted, and the passing amount of the packet for each port P0 to P4 per unit time (that is, the data amount of the intermediate packet) is detected. A function may be provided that restricts the amount of data that passes through the packet source and destination ports when the amount of data exceeds a prescribed threshold. In order to limit the amount of data that passes, it is possible to adopt a method by blocking the communication path in addition to limiting the bandwidth. In other words, it is possible to monitor the data amount of packets between the transmission source and the transmission destination, and to perform bandwidth limitation or blocking of the communication path. This can suppress the passage of unnecessary packets, reduce network resources, and improve security by prohibiting the passage of unnecessary packets.

  By the way, when the transmission management unit 21 receives the intermediate packet from the VLAN switch unit 1, the transmission management unit 21 associates the identification information of the device 3 that is the transmission source of the packet that is the source of the intermediate packet with the ports P0 to P4 that have received the packet. It has a function of collating the combination with the VID with the component device storage unit 22 provided in the control unit 2. As shown in Table 3, the component device storage unit 22 is obtained by registering the identification information of the device 3 in association with the VID. In principle, the contents of the component device storage unit 22 are registered in advance by the manufacturer of the control unit 2. The

  In the example shown in Table 3, the identification information of the device 3 is formed by combining a vendor code for identifying the manufacturer and a serial number unique to the device 3. The VID is defined for the vendor code, and the same VID is assigned to the devices 3 of the same manufacturer. In Table 3, the asterisk (*) part means a wild card. In other words, the same VID is assigned if the manufacturer of the device 3 is the same regardless of the identification information of the device 3. In addition to this example, the same VID is given to the same type of device 3 by giving identification information including a common portion for each type of device 3, or the identification including the common portion for each device 3 that can be linked in advance. By giving information, the same VID can be given to the devices 3 that can be linked.

  The transmission management unit 21 makes an inquiry to the VLAN setting storage unit 12 and the connected device management storage unit 13 of the VLAN switch unit 1 in order to obtain a VID for comparison with the VID registered in the component device storage unit 22. In other words, as described above, the identification information of the transmission source device 3 included in the intermediate packet is collated with the connected device management storage unit 13 provided in the VLAN switch unit 1 to receive the packet that is the source of the intermediate packet. The ports P0 to P4 are acquired, and the acquired ports P0 to P4 are collated with the VLAN setting storage unit 12, thereby acquiring the VID to which the ports P0 to P4 belong.

  In the component device storage unit 22, the identification information of the device 3 and the VID are associated with each other so that the same VID is assigned to the device 3 that is reserved to be able to cooperate. When the VID to which P4 belongs is different from the VID reserved for the device 3, there is a possibility that it is not possible to cooperate with other devices 3.

  Therefore, as described above, the transfer management unit 21 collates the information obtained from the intermediate packet with the VLAN setting storage unit 12 and the connected device management storage unit 13 of the VLAN switch unit 1, thereby identifying the identification information of the device 3. A combination with a VID is acquired, and the acquired combination is collated with the component device storage unit 22, and if information that matches the acquired combination is registered in the component device storage unit 22, a reserved combination Therefore, it can be guaranteed that cooperation is possible.

  On the other hand, if the acquired combination is not registered in the component device storage unit 22, there is a possibility that the transmission source device 3 and the transmission destination device 3 cannot cooperate with each other, so the notification unit 23 provided in the control unit 2 performs notification. The notification unit 23 may be one that performs visual notification such as an indicator lamp of a light emitting diode, or one that performs auditory notification such as a buzzer. As a result of this notification, when the ports P0 to P4 connected to the packet transmission source device 3 are not the devices 3 of the group assumed to be connected to the ports P0 to P4, the notification unit 23 notifies the user. It becomes possible to warn.

  Further, the control unit 2 extracts the VID corresponding to the identification information of the device 3 from the component device storage unit 22 when the information obtained from the intermediate packet does not match the information registered in the component device storage unit 22. A setting change unit 24 that registers the extracted VID in the VLAN setting storage unit 12 in association with the ports P0 to P4 that have received the packet may be provided. That is, when the setting change unit 24 is provided, the device 3 is simply connected to the ports P0 to P4, and the correspondence between the identification information of the device 3 registered in the component device storage unit 22 and the VID is used. It becomes possible to automatically set a group corresponding to the connected device 3 to the ports P0 to P4.

  The correspondence between the identification information of the device 3 registered in the component device storage unit 22 and the VID is registered by the manufacturer of the control unit 2 in principle, but an external device such as a computer is connected to the control unit 2 to configure the component device. The control unit 2 is provided with a device registration interface 25 for connecting an external device so that the contents of the storage unit 22 can be changed. Therefore, even when a new device 3 that is not supposed to be connected is connected to the ports P0 to P4, it is possible to cope with it by changing the contents of the component device storage unit 22. The constituent device storage unit 22 may be provided in the VLAN switch unit 1 instead of being provided in the control unit 2. The device registration interface 25 may be used in common with the port registration interface 15.

DESCRIPTION OF SYMBOLS 1 VLAN switch part 2 Control part 3 Equipment Lc Communication line P0-P4 Port 11 Routing part 12 VLAN setting memory | storage part 13 Connection equipment management memory | storage part 14 Group extraction part 15 Port registration interface 21 Transmission management part 22 Configuration equipment memory | storage part 23 Information Part 24 Setting change part 25 Device registration interface

Claims (7)

  A virtual local network is constructed by having a plurality of ports connected to a device having a communication function via a communication line, dividing the devices connected to each port into groups, and routing packets transmitted by the devices. A network management device, a VLAN switch unit that selects a route of a packet received from a device through each port, and a control that performs processing on packets received by the VLAN switch unit that have different groups of transmission source and transmission destination The VLAN switch unit includes a VLAN setting storage unit in which group identification information indicating a group is registered in association with each port, and identification information of a device connected to each port is associated with each port. The connected device management storage unit to be stored and the received packet to the VLAN setting storage unit The group to which the port that received the packet belongs is extracted, and the identification information of the destination device included in the received packet is checked against the connected device management storage unit to determine the port to which the destination device is connected. The group extraction unit that extracts the group to which the port belongs by extracting and collating the port with the VLAN setting storage unit, and the group of the transmission source and the transmission destination of the packet extracted by the group extraction unit are the same A routing unit that sends the packet from the port to which the destination device is connected, and the routing unit does not match the group of the source and destination of the packet extracted by the group extraction unit An intermediate packet is generated by adding the group identification information of the port that received the packet to the packet. When the intermediate packet is transferred to the control unit and the intermediate packet with the group identification information added is received from the control unit, a packet is generated by removing the group identification information from the intermediate packet, and the packet is transmitted from the port to which the destination device is connected. The control unit includes a transmission management unit that changes the group identification information of the intermediate packet transferred from the routing unit to the group identification information of the group to which the port to which the packet destination device is connected belongs. A network management device.   The transmission management unit determines whether to change the group identification information or delete the intermediate packet by checking the content of the intermediate packet transferred from the routing unit against a predetermined determination rule. Item 4. The network management device according to Item 1.   The transmission management unit restricts the amount of data passing through the packet source and destination ports when the data amount of the intermediate packet transferred from the routing unit exceeds a predetermined threshold. 3. The network management device according to 1 or 2.   One of the VLAN switch unit and the control unit has a component device storage unit in which the identification information of the device is registered in association with group identification information, and the transmission management unit is a device that transmits a packet. When the combination of the identification information and the group identification information associated with the port that received the packet is collated with the component device storage unit, and the control unit cannot obtain a matching result by the collation by the transmission management unit The network management device according to any one of claims 1 to 3, further comprising a notification unit that performs notification.   5. The network management apparatus according to claim 4, further comprising a device registration interface that allows a correspondence relationship between the device identification information registered in the component device storage unit and the group identification information to be changed from the outside.   The control unit extracts group identification information corresponding to the identification information of the device from the component device storage unit when a matching result is not obtained by collation by the transmission management unit, and further transmits the group identification information to the packet The network management apparatus according to claim 4, further comprising a setting change unit that registers the information in the VLAN setting storage unit in association with the port that received the message.   7. The network according to claim 1, further comprising a port registration interface that allows a correspondence relationship between the group identification information registered in the VLAN setting storage unit and the port to be changed from the outside. Management device.

Images