JP2017147502A - Communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a communication system that dramatically reduces a work time of a network administrator and makes it possible to avoid a human error in network setting.SOLUTION: A communication system comprises: a controller for controlling transfer setting with respect to transfer of communication data between respective devices connected to a network; and a network apparatus for transferring the communication data via the network on the basis of the transfer setting. The controller comprises: establishment means for establishing communication with the network apparatus; generation means for generating transfer setting to be set to the network apparatus with which the establishment means has established the communication; and output means for outputting the transfer setting generated by the generation means using the communication having been established by the establishment means. The network apparatus comprises: input means for receiving input of the transfer setting output from the output means, using the communication having been established by the establishment means; setting means for setting the transfer setting received by the input means; and transfer means for transferring the communication data via the network on the basis of the transfer setting set by the setting means.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a communication system.

  In recent years, organizations such as corporations have established LANs (Local Area Networks) and connected information processing apparatuses used inside the organizations via LANs (hereinafter referred to as intra-organization LANs). .

  Patent Document 1 discloses a communication system that allows an information processing apparatus outside the organization to be easily connected to the intra-organization LAN while maintaining security in such an intra-organization LAN. The technique described in Patent Literature 1 requests a connection permission from a user inside an organization when an information processing device outside the organization is connected to a network device connected to the intra-organization LAN. An information processing apparatus outside the organization can connect to the intra-organization LAN when connection permission is obtained.

  However, when an administrator of an intra-organization LAN newly connects a network device to the intra-organization LAN, various settings of the network have to be changed, which requires a lot of labor.

  In order to solve the above-described problems and achieve the object, the present invention provides a control device that controls transfer settings related to transfer of communication data between devices connected to a network, and the network based on the transfer settings. A network device that transfers the communication data via the network device, wherein the control device establishes communication with the network device, and the network device with which the establishing device has established the communication Generating means for generating the transfer setting to be set to, and output means for outputting the transfer setting generated by the generating means by the communication established by the establishing means, wherein the network device outputs from the output means Input means for accepting the input of the transfer setting made by the communication established by the establishment means, and the input means accepted by the input means Setting means for setting the transmission setting, on the basis of the transfer setting to the setting unit has set, and a transfer means for transferring the communication data via the network.

  According to the present invention, it is possible to greatly shorten the work time of the network administrator and avoid an artificial mistake in network setting.

FIG. 1 is an explanatory diagram illustrating an example of a communication system according to the first embodiment. FIG. 2 is a block diagram illustrating an example of a hardware configuration of the external terminal device. FIG. 3 is a block diagram illustrating an example of a hardware configuration of the switch device. FIG. 4 is a block diagram illustrating an example of a hardware configuration of the controller device. FIG. 5 is a block diagram illustrating an example of a hardware configuration of the internal terminal device. FIG. 6 is a block diagram illustrating an example of functional blocks showing a characteristic functional configuration of the external terminal device. FIG. 7 is a block diagram illustrating an example of a functional block showing a characteristic functional configuration of the switch device. FIG. 8 is a block diagram illustrating an example of a functional block showing a characteristic functional configuration of the controller device. FIG. 9 is a block diagram illustrating an example of a functional block showing a characteristic functional configuration of the internal terminal device. FIG. 10 is a sequence diagram illustrating an example of the addition process. FIG. 11 is a sequence diagram illustrating an example of the addition process. FIG. 12 is a flowchart illustrating an example of the connection request process. FIG. 13 is a flowchart illustrating an example of the connection permission process. FIG. 14 is an explanatory diagram illustrating an example of a configuration of a communication system according to the second embodiment. FIG. 15 is a block diagram illustrating an example of a hardware configuration of the access point. FIG. 16 is a block diagram illustrating an example of a functional block showing a characteristic functional configuration of an access point. FIG. 17 is a sequence diagram illustrating an example of the addition process. FIG. 18 is a sequence diagram illustrating an example of the addition process.

  Hereinafter, embodiments of a communication system will be described in detail with reference to the accompanying drawings. In addition, embodiment described below is one Embodiment of a communication system, Comprising: The structure, a specification, etc. are not limited.

(First embodiment)
FIG. 1 is an explanatory diagram illustrating an example of a communication system 1 according to the first embodiment. The communication system 1 illustrated in FIG. 1 includes an external terminal device 10, a switch device 20, a controller device 30, and internal terminal devices 40a, 40b, and 40c. The communication system 1 connects an external terminal device 10, a switch device 20, a controller device 30, and an internal terminal device 40 via a LAN (Local Area Network) 50 so that they can communicate with each other. For example, the LAN 50 is an intra-organization LAN that connects various devices used inside the organization. The LAN 50 prevents unauthorized intrusion from outside the organization. The LAN 50 performs communication using, for example, TCP / IP (Transmission Control Protocol / Internet Protocol) as a protocol. The communication system 1 shown in FIG. 1 includes one external terminal device 10, one switch device 20, one controller device 30, and three internal terminal devices 40a, 40b, and 40c. It is described. However, the number of devices included in the communication system 1 is not limited to this and may be an arbitrary number.

  The external terminal device 10 is, for example, an information processing device such as a personal computer, a tablet terminal, or a smartphone that has been used outside the organization.

  The switch device 20 is a network device that transfers communication data via a network related to the LAN 50. The switch device 20 is applied to a concept called SDN (Software-Defined Network). SDN is a concept that enables the movement of communication data on a network to be controlled by software. Conventionally, network devices such as access points set communication data transfer paths based on autonomously collected information using routing protocols such as AODV (Ad-hoc On Demand Distance Vector) and OLSR (Optimized Link State Routing). Was. However, as the network becomes more complex, it has become difficult for the prior art to quickly change the network configuration. Therefore, it is required that the network configuration can be quickly changed by SDN.

  As a specification for realizing SDN, there is a specification called OpenFlow. OpenFlow is a specification that separates an OpenFlow controller that controls a transfer path of communication data and an OpenFlow switch that transfers communication data. A network configuration is set in the OpenFlow controller. The OpenFlow controller generates a transfer setting to be set for each of the OpenFlow switches based on the set network configuration. The OpenFlow controller transmits the generated transfer setting to each of the OpenFlow switches. The OpenFlow switch transfers communication data based on the received transfer setting. When changing the network configuration, the OpenFlow controller generates transfer settings to be set in each of the OpenFlow switches based on the changed network configuration. The OpenFlow controller transmits the generated transfer setting to each of the OpenFlow switches. If the network administrator changes the network configuration, the changed transfer settings are set in each of the OpenFlow switches, so that the network configuration can be quickly changed.

  The switch device 20 has a function of an OpenFlow switch. That is, the switch device 20 transfers the communication data via the LAN 50 based on the transfer setting. For example, the switch device 20 is an information processing device such as a desktop personal computer, a mobile personal computer, NUC (Next Unit of Computing), or AP (Access Point). When the external terminal device 10 is connected, the switch device 20 asks a user inside the organization for permission to connect to the LAN 50. In other words, the switch device 20 requests the internal terminal device 40 to determine whether or not to permit connection. The switch device 20 connects the corresponding external terminal device 10 to the LAN 50 when the connection is permitted.

  The controller device 30 is a control device that controls transfer settings relating to transfer of communication data between devices such as the switch device 20 connected to the LAN 50. For example, the controller device 30 is an information processing device such as a desktop personal computer, a mobile personal computer, or a NUC. The controller device 30 has a function of an OpenFlow controller. That is, the controller device 30 manages the network configuration related to the LAN 50. For example, the controller device 30 constructs a network configuration related to the LAN 50 or changes the network configuration related to the LAN 50. The controller device 30 generates network setting information to be set for the network device connected to the LAN 50 based on the network configuration.

  The network setting information is information indicating settings for a network device connected to the LAN 50 to communicate with other network devices. More specifically, the network setting information includes an IP (Internet Protocol) address set in the switch device 20, an IP address of another accessible device, restrictions on all networks, routing protocols of all networks, and layer 3 switch information. Information such as settings. Here, the layer 3 switch is a device that performs high-speed hardware data transfer processing of IP, which is a network layer (layer 3) protocol in an OSI (Open Systems Interconnection) reference model.

  The network setting information includes a flow table. The flow table is information in which processing contents corresponding to application conditions of communication data to be transferred are defined. The application condition is, for example, a port number that has received communication data, a transmission destination, a VLAN, or the like. The processing contents include, for example, processing for transferring received communication data, processing for discarding received communication data, and the like. Processing for transferring received communication data includes processing for specifying a port number for transmitting communication data, processing for assigning a destination IP address, and the like. That is, in the flow table, a route for transferring communication data is defined according to application conditions such as a destination of communication data to be transmitted.

  The controller device 30 has a function of authenticating an external terminal device 10 or a user who uses the external terminal device 10. That is, the controller device 30 has a function as a RADIUS server in, for example, RADIUS (Remote Authentication Dial In User Service) authentication. The controller device 30 determines whether to connect the external terminal device 10 to the LAN 50. The controller device 30 receives a connection request from the external terminal device 10 via the switch device 20. The controller device 30 receives an instruction from the internal terminal device 40 authenticated in the LAN 50 and responds to the switch device 20 as to whether or not the external terminal device 10 can be connected.

  The internal terminal devices 40a, 40b, and 40c are information processing devices such as personal computers, MFPs (Multi-Function Printers), and IWBs (Interactive White Boards) used in the organization. The internal terminal device 40a is, for example, an MFP. The internal terminal device 40a, which is an MFP, is a device having at least two functions among a copy function, a scanner function, a fax function, and a printer function. The internal terminal device 40b is, for example, IWB. The internal terminal device 40b, which is an IWB, is an electronic blackboard that can display various images. The internal terminal device 40c is, for example, a personal computer. The internal terminal device 40c, which is a personal computer, can output various images to the MFP or display various images on the IWB, for example. In the following description, when the internal terminal devices 40a, 40b, and 40c are not distinguished, the internal terminal device 40 will be described.

  The controller device 30 transmits advertisement information to an unspecified device by short-range wireless communication such as BLE (Bluetooth (registered trademark) Low Energy). The advertisement information is information for notifying the surrounding switch device 20 and the like of the presence of the controller device 30 itself. The advertisement information includes a communicable range in which the controller device 30 can communicate by short-range wireless communication. For example, the advertisement information defines a radius within a predetermined distance from the controller device 30 around the controller device 30 as a communicable range.

  When the switch device 20 receives the advertisement information, the switch device 20 determines whether or not the switch device 20 itself has entered the communicable range. When the switch device 20 itself enters the communicable range, the switch device 20 and the controller device 30 establish near field communication.

  When the short-range wireless communication is established, the controller device 30 transmits network setting information corresponding to each of the switch devices 20. Then, the switch device 20 selects and transmits a transfer path for communication data received from the external terminal device 10 based on the network setting information.

  The network setting information may include authentication setting information. Here, the authentication setting information is information indicating settings related to communication data processing with the external terminal device 10 and an authentication server or the like that authenticates a user or the like who uses the external terminal device 10. Specifically, the authentication setting information is settings such as the IP address of the authentication server, the port number of the authentication server, the password of the authentication server, and the authentication method. The switch device 20 functions as a client device for user authentication when the authentication setting information is included in the network setting information. The switch device 20 functions as a RADIUS client in RADIUS authentication, for example. The switch device 20 executes communication data processing for the RADIUS server based on the setting of the authentication setting information.

  Next, the hardware configuration of various devices included in the communication system 1 will be described.

  First, the hardware configuration of the external terminal device 10 will be described. FIG. 2 is a block diagram illustrating an example of a hardware configuration of the external terminal device 10.

  The external terminal device 10 includes a control unit 11, a display unit 12, an operation unit 13, a memory unit 14, a storage unit 15, and a communication unit 16.

  The control unit 11 is an arithmetic device or the like that controls the operation of the entire external terminal device 10 such as a CPU.

  The display unit 12 is, for example, a liquid crystal display device (LCD). The operation unit 13 is an operation device such as a touch panel, a keyboard, or a mouse. The operation unit 13 receives various inputs according to user operations.

  The memory unit 14 is, for example, a volatile memory. For example, the memory unit 14 functions as a work area for developing various types of input data, and is a storage area for temporarily storing the various types of data that has been expanded.

  The storage unit 15 is a non-volatile storage device such as an HDD or an SSD. The storage unit 15 stores a control program. The control program is software for causing the functions of the external terminal device 10 to be exhibited.

  The communication unit 16 is a communication interface connected to the switch device 20. For example, the communication unit 16 communicates with a wireless communication protocol such as IEEE 802.11 (WiFi (Wireless Fidelity)). Note that the communication unit 16 is not limited to wireless communication, and may communicate by wire. The communication unit 16 may or may not encrypt communication data by WEP (Wired Equivalent Privacy) or the like.

  Next, the hardware configuration of the switch device 20 will be described. FIG. 3 is a block diagram illustrating an example of a hardware configuration of the switch device 20.

  The switch device 20 includes a control unit 21, a display unit 22, an operation unit 23, a memory unit 24, a storage unit 25, a communication unit 26, a LAN communication unit 27, and a short-range wireless communication unit 28. .

  The control unit 21 is an arithmetic unit or the like that controls the operation of the entire switch device 20 such as a CPU.

  The display unit 22 is, for example, a liquid crystal display device (LCD). The operation unit 23 is an operation device such as a touch panel, a keyboard, or a mouse. The operation unit 23 receives various inputs according to user operations.

  The memory unit 24 is, for example, a volatile memory. For example, the memory unit 24 functions as a work area for developing various types of input data, and is a storage area for temporarily storing the various types of expanded data.

  The storage unit 25 is a non-volatile storage device such as an HDD or an SSD. The storage unit 25 stores a control program. The control program is software for exhibiting the functions of the switch device 20.

  The communication unit 26 is a communication interface that connects to the external terminal device 10. For example, the communication unit 26 communicates using a wireless communication protocol such as IEEE 802.11 (WiFi). Note that the communication unit 26 is not limited to wireless communication, and may communicate by wire. Further, the communication unit 26 may encrypt communication data by WEP or the like, or may not be encrypted.

  The LAN communication unit 27 is a communication interface connected to the LAN 50.

  The short-range wireless communication unit 28 is a communication interface that communicates with the controller device 30 by short-range wireless communication. For example, the short-range wireless communication unit 28 performs communication according to a standard such as BLE. Or the near field communication part 28 communicates by NFC (Near Field Communication), a sound wave, etc.

  Next, the hardware configuration of the controller device 30 will be described. FIG. 4 is a block diagram illustrating an example of a hardware configuration of the controller device 30.

  The controller device 30 includes a control unit 31, a display unit 32, an operation unit 33, a memory unit 34, a storage unit 35, a LAN communication unit 36, and a short-range wireless communication unit 37.

  The control unit 31 is an arithmetic device or the like that controls the operation of the entire controller device 30 such as a CPU.

  The display unit 32 is, for example, a liquid crystal display device (LCD). The operation unit 33 is an operation device such as a touch panel, a keyboard, or a mouse. The operation unit 33 receives various inputs according to user operations.

  The memory unit 34 is, for example, a volatile memory. For example, the memory unit 34 functions as a work area for developing various input data and is a storage area for temporarily holding the various data.

  The storage unit 35 is, for example, a non-volatile storage device such as an HDD or an SSD. The storage unit 35 stores a control program. The control program is software for causing a function of the controller device 30 to be exhibited.

  The LAN communication unit 36 is a communication interface connected to the LAN 50.

  The short-range wireless communication unit 37 is a communication interface that communicates with the switch device 20 by short-range wireless communication. For example, the short-range wireless communication unit 37 communicates according to a standard such as BLE. Or the near field communication part 37 communicates by NFC, a sound wave, etc.

  Next, the hardware configuration of the internal terminal device 40 will be described. FIG. 5 is a block diagram illustrating an example of a hardware configuration of the internal terminal device 40.

  The internal terminal device 40 includes a control unit 41, a display unit 42, an operation unit 43, a memory unit 44, a storage unit 45, and a LAN communication unit 46.

  The control unit 41 is an arithmetic device or the like that controls the operation of the entire internal terminal device 40 such as a CPU.

  The display unit 42 is, for example, a liquid crystal display device (LCD). The operation unit 43 is an operation device such as a touch panel, a keyboard, or a mouse. The operation unit 43 receives various inputs according to user operations.

  The memory unit 44 is, for example, a volatile memory. The memory unit 44 functions as a work area for developing various input data, for example, and is a storage area for temporarily storing the various data developed.

  The storage unit 45 is a non-volatile storage device such as an HDD or an SSD. The storage unit 45 stores a control program. The control program is software for causing the functions of the internal terminal device 40 to be exhibited.

  The LAN communication unit 46 is a communication interface connected to the LAN 50.

  Next, characteristic functions of each device of the communication system 1 will be described.

  Here, FIG. 6 is a block diagram illustrating an example of functional blocks indicating a characteristic functional configuration of the external terminal device 10 according to the first embodiment. For convenience, FIG. 6 mainly illustrates the functions according to the first embodiment, but the functions of the external terminal device 10 are not limited to these.

  The control unit 11 of the external terminal device 10 realizes various functions by executing a control program or the like stored in the storage unit 15. Specifically, the control unit 11 realizes a communication control unit 101, an operation control unit 102, a connection control unit 103, and a display control unit 104.

  The communication control unit 101 controls the communication unit 16 to communicate with the switch device 20.

  The operation control unit 102 controls the operation unit 13 to accept various operations. For example, the operation control unit 102 receives input of identification information that can identify the switch device 20 to be connected. The identification information that can identify the switch device 20 is, for example, an SSID (Service Set Identifier).

  The connection control unit 103 controls connection with the switch device 20. The connection control unit 103 is connected to the switch device 20 of the identification information received by the operation control unit 102 in cooperation with the communication control unit 101.

  The display control unit 104 controls the display unit 12 to display various screens.

  Here, FIG. 7 is a block diagram illustrating an example of a functional block indicating a characteristic functional configuration of the switch device 20 according to the first embodiment. For convenience, FIG. 7 mainly illustrates the functions according to the first embodiment, but the functions of the switch device 20 are not limited to these.

  The control unit 21 of the switch device 20 implements various functions by executing a control program or the like stored in the storage unit 25. Specifically, the control unit 21 includes a communication control unit 201, a connection control unit 202, an identification information adding unit 203, a LAN communication control unit 204, a short-range wireless communication control unit 205, and a connection storage unit 206. The connection setting unit 207 is realized.

  The communication control unit 201 has an access point function. That is, the communication control unit 201 controls the communication unit 26 to communicate with the external terminal device 10. The communication control unit 201 establishes communication with the external terminal device 10 when receiving identification information such as an SSID specifying the switch device 20 itself from the external terminal device 10. The communication control unit 201 outputs communication data received from the external terminal device 10 to the identification information adding unit 203 when communication is established. Note that the communication control unit 201 determines whether the identification information is SSID or the like based on an identifier included in the communication data, for example.

  The connection control unit 202 determines whether to permit the connection of the external terminal device 10 to the LAN 50. When the connection control unit 202 receives permission for connection of the external terminal device 10 from the controller device 30, the connection control unit 202 connects the corresponding external terminal device 10 to the LAN 50. On the other hand, the connection control unit 202 does not connect the corresponding external terminal device 10 to the LAN 50 when the connection prohibition of the external terminal device 10 is received from the controller device 30.

  The identification information adding unit 203 adds identification information indicating the connection destination internal terminal device 40 to the communication data output from the communication control unit 201. More specifically, the identification information adding unit 203 requests the connection storage unit 206 to extract processing contents according to the communication data conditions. The identification information adding unit 203 adds the IP address indicated in the processing content extracted by the connection storage unit 206 to the communication data.

  The LAN communication control unit 204 controls the LAN communication unit 27 to communicate with the LAN 50. The LAN communication control unit 204 serving as a transfer unit transfers communication data via the LAN 50 based on the network setting information set by the connection setting unit 207. Further, the LAN communication control unit 204 executes communication data processing based on the setting of the authentication setting information for an authentication device such as a RADIUS server that authenticates the user.

  The short-range wireless communication control unit 205 controls the short-range wireless communication unit 28 to communicate with the controller device 30. When the short-range wireless communication control unit 205 receives the advertisement information from the controller device 30, the short-range wireless communication control unit 205 determines whether or not the switch device 20 is within the communicable range indicated by the advertisement information. When the short-range wireless communication control unit 205 serving as the first notification unit is within the communicable range indicated by the advertisement information, the short-range wireless communication control unit 205 notifies the response signal indicating that the mobile terminal has entered the communicable range. The response signal includes identification information that can identify the switch device 20. The identification information is, for example, a MAC (Media Access Control) address. On the other hand, when the short-range wireless communication control unit 205 is outside the communicable range indicated by the advertisement information, the short-range wireless communication control unit 205 notifies the response signal indicating that the mobile terminal has exited the communicable range. Further, the short-range wireless communication control unit 205 serving as the second notification unit notifies the controller unit 305 whether or not the switch device 20 is compatible with SDN. The short-range wireless communication control unit 205 serving as an input unit receives the network setting information transmitted from the controller device 30 when the switch device 20 is compatible with SDN.

  The connection storage unit 206 stores the information received by the short-range wireless communication control unit 205 in the storage unit 25. For example, the connection storage unit 206 causes the storage unit 25 to store a flow table included in the network setting information received by the short-range wireless communication control unit 205. Further, the connection storage unit 206 extracts processing contents according to communication data conditions in response to a request from the identification information adding unit 203.

  The connection setting unit 207 as setting means sets the network setting information received from the controller device 30 by the LAN communication control unit 204.

  Here, FIG. 8 is a block diagram illustrating an example of a functional block indicating a characteristic functional configuration of the controller device 30 according to the first embodiment. For convenience, FIG. 8 mainly illustrates the functions according to the first embodiment, but the functions of the controller device 30 are not limited to these.

  The control unit 31 of the controller device 30 implements various functions by executing a control program or the like stored in the storage unit 35. Specifically, the control unit 31 implements a short-range wireless communication control unit 301, a connection storage unit 302, a LAN communication control unit 303, a connection management unit 304, a controller unit 305, and an authentication unit 306. .

  The short-range wireless communication control unit 301 controls the short-range wireless communication unit 37 to communicate with the switch device 20. The short-range wireless communication control unit 301 serving as a transmission unit transmits advertisement information to an unspecified device. The short-range wireless communication control unit 301 receives a response signal indicating that it is within the communicable range as a response to the advertisement information. Thereby, the short-range wireless communication control unit 301 detects the switch device 20 within the communicable range. Alternatively, the short-range wireless communication control unit 301 detects that the switch device 20 has left the communicable range. The short-range wireless communication control unit 301 serving as an establishing unit establishes short-range wireless communication with the detected switch device 20.

  Further, the short-range wireless communication control unit 301 receives information indicating whether or not a device within the communicable range is compatible with SDN. The short-range wireless communication control unit 301 does not transmit network setting information to devices that do not support SDN. The short-range wireless communication control unit 301 serving as an output unit transmits the network setting information generated by the controller unit 305 to the switch device 20 corresponding to the SDN within the communicable range. The short-range wireless communication control unit 301 stops the transmission of the network setting information generated by the controller unit 305 when the switch device 20 leaves outside the communicable range.

  The connection storage unit 302 causes the storage unit 35 to store information received from the switch device 20 by the short-range wireless communication control unit 301.

  The LAN communication control unit 303 controls the LAN communication unit 36 to communicate with each device connected to the LAN 50.

  When the LAN communication control unit 303 receives a connection request from the external terminal device 10, the connection management unit 304 stores identification information indicated by the external terminal device 10 that has transmitted the connection request in the memory unit 34. When the LAN communication control unit 303 receives an inquiry from the internal terminal device 40 regarding whether or not the external terminal device 10 has transmitted the connection request, the connection management unit 304 performs LAN communication control on the identification information stored in the memory unit 34. The data is transmitted to the unit 303. When the connection management unit 304 receives a notification that permits connection of the external terminal device 10 that has transmitted the connection request, the connection management unit 304 notifies the controller unit 305 of identification information of the external terminal device 10 that is permitted to connect.

  The controller unit 305 has a function related to the OpenFlow controller. The controller unit 305 receives an input for setting a network configuration by the network administrator via the operation unit 33. The controller unit 305 updates the network configuration when receiving a notification of identification information of the external terminal device 10 that is permitted to connect from the connection management unit 304. The controller unit 305 serving as a generation unit sets a network setting to be set in each of the switch devices 20 connected to the LAN 50 when the short-range wireless communication control unit 301 establishes communication with the switch device 20 that supports SDN. Generate information. The controller unit 305 generates network setting information having authentication setting information based on the network configuration. Conventionally, it is necessary to set authentication setting information in advance for each RADIUS client based on the setting of the RADIUS server, and it takes a long time to set the authentication setting information. However, the controller unit 305 causes the short-range wireless communication control unit 301 to transmit authentication setting information. Then, the switch device 20 sets the received authentication setting information. Therefore, the controller unit 305 can greatly reduce the time required for the initial setting. Then, the controller unit 305 causes the short-range wireless communication control unit 301 to transmit the generated network setting information to the switch device 20. In addition, the controller unit 305 causes the LAN communication control unit 303 to transmit the generated network setting information to the internal terminal device 40.

  The authentication unit 306 has a function as an authentication device that authenticates the external terminal device 10 or a user who uses the external terminal device 10. For example, the authentication unit 306 determines whether the user who uses the external terminal device 10 has the authority to connect to the LAN 50. Specifically, the authentication unit 306 determines whether or not a user can be authenticated when user authentication is requested via the switch device 20 functioning as a client. The authentication unit 306 notifies the user who uses the external terminal device 10 of the authentication determination result via the switch device 20. Note that the authentication unit 306 may be mounted on a device other than the controller device 30.

  Here, FIG. 9 is a block diagram illustrating an example of functional blocks indicating a characteristic functional configuration of the internal terminal device 40 according to the first embodiment. For convenience, FIG. 9 mainly illustrates the functions according to the first embodiment, but the functions of the internal terminal device 40 are not limited to these.

  The control unit 41 of the internal terminal device 40 implements various functions by executing a control program or the like stored in the storage unit 45. Specifically, the control unit 41 implements a communication control unit 401, an operation control unit 402, a connection control unit 403, and a display control unit 404.

  The communication control unit 401 controls the LAN communication unit 46 to communicate with the switch device 20.

  The operation control unit 402 controls the operation unit 43 to accept various operations. For example, the operation control unit 402 receives input of identification information that can identify the switch device 20 to be connected. The identification information that can identify the switch device 20 is, for example, an SSID.

  The connection control unit 403 controls connection with the switch device 20. The connection control unit 403 is connected to the switch device 20 of the identification information received by the operation control unit 402 in cooperation with the communication control unit 401.

  The display control unit 404 controls the display unit 42 to display various screens.

  Next, an addition process for adding the switch device 20 to the LAN 50 will be described. Here, FIG. 10 is a sequence diagram illustrating an example of additional processing executed by each device of the communication system 1 according to the first embodiment.

  First, the controller unit 305 of the controller device 30 receives an input for setting a network configuration related to the LAN 50 (step S1). Next, the short-range wireless communication control unit 301 of the controller device 30 transmits the advertisement information to unspecified devices including the switch device 20 (step S2).

  When the switch device 20 is within the communicable range included in the advertisement information, the short-range wireless communication control unit 205 of the switch device 20 transmits a response signal indicating that the switch device 20 is within the communicable range (step S3).

  Next, the short-range wireless communication control unit 205 of the switch device 20 establishes short-range wireless communication with the controller device 30 (step S4). Similarly, the near field communication control part 301 of the controller apparatus 30 establishes near field communication with the switch apparatus 20 (step S5).

  Next, the controller unit 305 of the controller device 30 executes an update for adding the switch device 20 that has entered the near field communication range to the network configuration related to the LAN 50 (step S6). Next, the controller unit 305 of the controller device 30 generates network setting information to be transmitted to each device based on the network configuration related to the LAN 50 (step S7).

  Next, the short-range wireless communication control unit 301 of the controller device 30 transmits network setting information to the switch device 20 (step S8). Next, the LAN communication control unit 303 of the controller device 30 transmits the network setting information generated based on the updated network configuration to another device connected to the LAN 50 (step S9).

  The connection storage unit 206 of the switch device 20 stores the network setting information received from the controller device 30 in the storage unit 25 (step S10). Next, the connection setting unit 207 of the switch device 20 sets network setting information (step S11).

  Thus, the additional process executed by each device of the communication system 1 is completed.

  Next, a case where the switch device 20 leaves the communicable range in the addition process for adding the switch device 20 to the LAN 50 will be described. Here, FIG. 11 is a sequence diagram illustrating an example of additional processing executed by each device of the communication system 1 according to the first embodiment.

  The processing from step S21 to step S22 is the same as the processing from step S1 to step S2 shown in FIG.

  When the switch device 20 is outside the communicable range included in the advertisement information, the short-range wireless communication control unit 205 of the switch device 20 transmits a response signal indicating that the switch device 20 is out of the communicable range (step S23).

  Next, the short-range wireless communication control unit 205 of the switch device 20 disconnects the short-range wireless communication with the controller device 30 (step S24). Similarly, the short-range wireless communication control unit 301 of the controller device 30 disconnects the short-range wireless communication with the switch device 20 (step S25).

  Thus, the additional process executed by each device of the communication system 1 is completed.

  Next, connection request processing for connecting the external terminal device 10 to the LAN 50 via the switch device 20 will be described. Here, FIG. 12 is a flowchart illustrating an example of a connection request process executed by the external terminal device 10 according to the first embodiment.

  First, the communication control unit 101 of the external terminal device 10 determines whether or not a radio wave transmitted from the switch device 20 has been detected (step S31). When the radio wave transmitted from the switch device 20 is not detected (step S31; No), the communication control unit 101 of the external terminal device 10 stands by until the radio wave is detected.

  On the other hand, when the radio wave transmitted from the switch device 20 is detected (step S31; Yes), the operation control unit 102 of the external terminal device 10 determines whether or not the input of the identification information of the switch device 20 to be connected is completed. Is determined (step S32). When the input of the identification information of the switch device 20 to be connected is not completed (step S32; No), the operation control unit 102 of the external terminal device 10 stands by until the input of the identification information is completed.

  On the other hand, when the input of the identification information of the switch device 20 to be connected is completed (step S32; Yes), the connection control unit 103 of the external terminal device 10 establishes communication with the switch device 20 of the input identification information. (Step S33).

  Next, the display control unit 104 of the external terminal device 10 displays an authentication information input screen (step S34). Next, the operation control unit 102 of the external terminal device 10 determines whether or not the input of authentication information has been completed (step S35). When the input of authentication information has not been completed (step S35; No), the operation control unit 102 of the external terminal device 10 stands by until the input of authentication information is completed.

  When the input of authentication information is completed (step S35; Yes), the communication control unit 101 of the external terminal device 10 transmits a connection request having authentication information to the controller device 30 via the switch device 20 (step S36). ).

  Thus, the connection request process executed by the external terminal device 10 is completed.

  Next, a connection permission process of the internal terminal device 40 that is requested to connect to the LAN 50 will be described. Here, FIG. 13 is a flowchart illustrating an example of a connection permission process executed by the internal terminal device 40 according to the first embodiment.

  First, the communication control unit 401 of the internal terminal device 40 establishes communication with the controller device 30 (step S41). Next, the communication control unit 401 of the internal terminal device 40 inquires of the controller device 30 whether there is a connection request (step S42).

  Next, the connection control unit 403 of the internal terminal device 40 determines whether there is a connection request based on the response signal from the controller device 30 (step S43). When there is no connection request (step S43; No), the internal terminal device 40 proceeds to step S41.

  On the other hand, when there is a connection request (step S43; Yes), the display control unit 404 of the internal terminal device 40 displays an identification information display screen on which identification information that can identify the external terminal device 10 that has requested connection is displayed. (Step S44). On the identification information display screen, an operator for inputting whether or not to permit connection is displayed in response to a connection request from the external terminal device 10.

  Next, the operation control unit 402 of the internal terminal device 40 determines whether or not the input indicating whether or not connection is possible has been completed (step S45). When the connection permission / prohibition input is not completed (step S45; No), the internal terminal device 40 stands by until the connection permission / prohibition input is completed.

  On the other hand, when the connection permission input is completed (step S45; Yes), the communication control unit 401 of the internal terminal device 40 transmits the connection permission based on the input content (step S46).

  As described above, the connection permission process executed by the internal terminal device 40 is completed.

  As described above, according to the communication system 1 according to the first embodiment, the controller device 30 detects the switch device 20 based on the response signal of the advertisement information. The controller device 30 transmits network setting information to the detected switch device 20. The switch device 20 sets the received network setting information. The switch device 20 communicates with the internal terminal device 40 connected to the LAN 50 based on the set network setting information. Therefore, the network administrator does not need to make various settings for each of the switch devices 20. Therefore, the communication system 1 according to the first embodiment can significantly reduce the work time of the network administrator and avoid an artificial mistake in network setting.

(Second Embodiment)
Next, the communication system 2 according to the second embodiment will be described. In the following description, differences from the first embodiment will be mainly described. Constituent elements having the same functions as those of the first embodiment are given the same names and symbols as those of the first embodiment, and description thereof is omitted.

  Here, FIG. 14 is an explanatory diagram illustrating an example of a configuration of the communication system 2 according to the second embodiment. The communication system 2 illustrated in FIG. 14 includes an external terminal device 10a and an access point 60 in addition to the devices included in the communication system 1 according to the first embodiment. The external terminal device 10 a is connected to the LAN 50 via the access point 60. The external terminal device 10a has the same configuration as the hardware configuration and functional configuration of the external terminal device 10 according to the first embodiment. The access point 60 is a network device having the same function as the switch device 20. However, the access point 60 is different from the switch device 20 in that it does not support SDN.

  Next, the hardware configuration of the access point 60 will be described. FIG. 15 is a block diagram illustrating an example of a hardware configuration of the access point 60.

  The access point 60 includes a control unit 61, a display unit 62, an operation unit 63, a memory unit 64, a storage unit 65, a communication unit 66, a LAN communication unit 67, and a short-range wireless communication unit 68. . The control unit 61, the display unit 62, the operation unit 63, the memory unit 64, the storage unit 65, the communication unit 66, the LAN communication unit 67, and the short-range wireless communication unit 68 are the same as the switch device 20. It is the composition of. However, the difference is that the control program stored in the storage unit 65 does not support SDN.

  Next, characteristic functions of the access point 60 will be described. Here, FIG. 16 is a block diagram illustrating an example of functional blocks indicating a characteristic functional configuration of the access point 60 according to the second embodiment. For convenience, FIG. 16 mainly illustrates the functions according to the second embodiment, but the functions of the access point 60 are not limited to these.

  The control unit 61 of the access point 60 implements various functions by executing a control program or the like stored in the storage unit 65. Specifically, the control unit 61 includes a communication control unit 601, a connection control unit 602, an identification information adding unit 603, a LAN communication control unit 604, a short-range wireless communication control unit 605, and a connection storage unit 606. The connection setting unit 607 is realized.

  The communication control unit 601, the connection control unit 602, the identification information adding unit 603, the LAN communication control unit 604, the short-range wireless communication control unit 605, and the connection storage unit 606 are communication control units included in the switch device 20. 201, a connection control unit 202, an identification information adding unit 203, a LAN communication control unit 204, a short-range wireless communication control unit 205, and a connection storage unit 206.

  The connection setting unit 607 sets a transfer path for communication data on the network. Since the connection setting unit 607 does not support SDN, the transfer setting path of communication data is set based on information autonomously collected by a routing protocol such as AODV or OLSR.

  Next, an additional process related to the communication system 2 according to the second embodiment will be described. Here, FIG. 17 is a sequence diagram illustrating an example of additional processing executed by each device of the communication system 2 according to the second embodiment. The additional process shown in FIG. 17 is an additional process for the switch apparatus 20 or the like corresponding to SDN in the communication system 2 in which network devices such as the switch apparatus 20 corresponding to SDN or the access point 60 not corresponding to SDN coexist. Is shown.

  The processing from step S51 to step S55 is the same as the processing from step S1 to step S5 according to the first embodiment.

  Next, the short-range wireless communication control unit 205 of the switch device 20 transmits an SDN correspondence notification indicating whether or not the device is compatible with SDN to the controller device 30 (step S56).

  The processing from step S57 to step S58 is the same as the processing from step S6 to step S7 according to the first embodiment.

  Next, the short-range wireless communication control unit 301 of the controller device 30 transmits network setting information to the network device corresponding to the SDN such as the switch device 20 (step S59).

  The processing from step S60 to step S62 is the same as the processing from step S9 to step S11 according to the first embodiment.

  When the switch device 20 has left the communicable range, processing similar to that from step S23 to step S25 according to the first embodiment is executed.

  Thus, the additional process executed by each device of the communication system 2 is completed.

  Next, an additional process related to the communication system 2 according to the second embodiment will be described. Here, FIG. 18 is a sequence diagram illustrating an example of additional processing executed by each device of the communication system 2 according to the second embodiment. The additional processing shown in FIG. 18 is performed for an access point 60 that does not support SDN in the communication system 2 in which network devices such as the switch device 20 that supports SDN and the access point 60 that does not support SDN coexist. Indicates additional processing.

  The processing from step S71 to step S78 is the same as the processing from step S51 to step S58 shown in FIG.

  The short-range wireless communication control unit 301 of the controller device 30 does not transmit network setting information to a network device that does not support SDN such as the access point 60. Then, the LAN communication control unit 303 of the controller device 30 transmits the network setting information generated based on the updated network configuration to another device corresponding to the SDN connected to the LAN 50 (step S79).

  Next, the connection setting unit 607 of the access point 60 that does not support SDN sets a communication data transfer path by a routing protocol (step S80).

  When the switch device 20 has left the communicable range, processing similar to that from step S23 to step S25 according to the first embodiment is executed.

  Thus, the additional process executed by each device of the communication system 2 is completed.

  As described above, according to the communication system 2 according to the second embodiment, the switch device 20 transmits information indicating whether or not the SDN is supported to the controller device 30. The controller device 30 transmits network setting information to the switch device 20 corresponding to the SDN. The switch device 20 corresponding to the SDN sets network setting information. On the other hand, the access point 60 that does not support SDN sets information autonomously collected by a routing protocol. Therefore, the communication system 2 according to the second embodiment reduces the work time of the network administrator even when a device that supports SDN and a device that does not support SDN coexist. It can be greatly shortened and human errors in network settings can be avoided.

  Although several embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof.

  The function of each unit of the external terminal device 10 (communication control unit 101, operation control unit 102, connection control unit 103, and display control unit 104) is controlled by the CPU of the control unit 11 as a storage device (for example, the storage unit 15). However, the present invention is not limited to this. For example, at least a part of the functions of each unit of the external terminal device 10 is a dedicated hardware circuit (for example, a semiconductor integrated circuit or the like). ).

  Functions of each unit of the switch device 20 described above (communication control unit 201, connection control unit 202, identification information adding unit 203, LAN communication control unit 204, short-range wireless communication control unit 205, connection storage unit 206, and connection setting unit 207 ) Is realized by the CPU of the control unit 21 executing a control program or the like stored in a storage device (for example, the storage unit 25), but is not limited to this, for example, the function of each unit of the switch device 20 At least a part of them may be realized by a dedicated hardware circuit (for example, a semiconductor integrated circuit).

  The functions of the respective units of the controller device 30 described above (short-range wireless communication control unit 301, connection storage unit 302, LAN communication control unit 303, connection management unit 304, controller unit 305, and authentication unit 306) are the CPU of the control unit 31. However, the present invention is realized by executing a control program or the like stored in a storage device (for example, the storage unit 35). However, the present invention is not limited to this, and for example, at least some of the functions of each unit of the controller device 30 are dedicated. You may implement | achieve with a hardware circuit (for example, semiconductor integrated circuit etc.).

  The functions (communication control unit 401, operation control unit 402, connection control unit 403, and display control unit 404) of each unit of the internal terminal device 40 described above are stored in the storage device (for example, the storage unit 45) by the CPU of the control unit 41. This is realized by executing a stored control program or the like, but is not limited thereto. For example, at least a part of the functions of each unit of the internal terminal device 40 is a dedicated hardware circuit (for example, a semiconductor integrated circuit). It may be realized with.

  Functions of the respective units of the access point 60 described above (communication control unit 601, connection control unit 602, identification information adding unit 603, LAN communication control unit 604, short-range wireless communication control unit 605, connection storage unit 606, and connection setting unit 607) ) Is realized by the CPU of the control unit 61 executing a control program or the like stored in a storage device (for example, the storage unit 65), but is not limited to this, for example, the function of each unit of the access point 60 At least a part of them may be realized by a dedicated hardware circuit (for example, a semiconductor integrated circuit).

  The program executed by each device of the above embodiment is provided by being incorporated in advance in a storage medium (ROM or storage unit) included in each device, but is not limited thereto. For example, an installable or executable file is recorded on a computer-readable recording medium such as a CD-ROM, a flexible disk (FD), a CD-R, or a DVD (Digital Versatile Disk). You may comprise. Furthermore, the storage medium is not limited to a medium independent of a computer or an embedded system, but also includes a storage medium that downloads and stores or temporarily stores a program transmitted via a LAN, the Internet, or the like.

  Further, the program executed by each device of the above embodiment may be stored on a computer connected to a network such as the Internet and provided by being downloaded via the network, or the network such as the Internet. It may be configured to be provided or distributed via. The program of each device of the present embodiment may be configured to be provided by being incorporated in advance in a ROM or the like.

1, 2 Communication system 10 External terminal device 20 Switch device 30 Controller device 40, 40a, 40b, 40c Internal terminal device 50 LAN
60 access point 201 communication control unit 202 connection control unit 203 identification information adding unit 204 LAN communication control unit 205 short-range wireless communication control unit 206 connection storage unit 207 connection setting unit 301 short-range wireless communication control unit 302 connection storage unit 303 LAN communication Control unit 304 Connection management unit 305 Controller unit 306 Authentication unit

Japanese Patent Laying-Open No. 2015-84515

Claims (7)

A communication system comprising: a control device that controls transfer settings relating to transfer of communication data between devices connected to a network; and a network device that transfers the communication data via the network based on the transfer settings. And
The controller is
Establishing means for establishing communication with the network device;
Generating means for generating the transfer setting that is set in the network device by which the establishing means has established the communication;
An output means for outputting the transfer setting generated by the generating means by the communication established by the establishing means,
The network device is:
An input means for receiving the transfer setting input output from the output means by the communication established by the establishment means;
Setting means for setting the transfer setting received by the input means;
Transfer means for transferring the communication data via the network based on the transfer setting set by the setting means;
A communication system comprising: The output means outputs the transfer setting by short-range wireless communication,
The input means receives the transfer setting input output by the short-range wireless communication;
The communication system according to claim 1. The network device further comprises first notification means for notifying that the communication device has entered a communicable range that can be communicated by the short-range wireless communication from the control device to a predetermined distance,
The establishment means establishes the communication with the network device notified by the first notification means;
The communication system according to claim 2. The control device further includes transmission means for transmitting the communicable range,
The first notification unit notifies that the communication unit has entered the communicable range based on the communicable range transmitted by the transmission unit.
The communication system according to claim 3. The first notification means notifies that the user has left the communicable range;
The establishing means disconnects the communication with the network device when notified from the first notification means that the network device has left the communicable range,
The output means stops outputting the transfer setting;
The communication system according to claim 3 or 4. The output means outputs the transfer setting related to the transfer of the communication data with an authentication device for authenticating a user,
The setting means sets the transfer setting related to the authentication device,
The transfer means transfers the communication data to the authentication device based on the transfer setting related to the authentication device.
The communication system according to any one of claims 1 to 5. The network device further comprises second notification means for notifying whether or not the network device is capable of setting the transfer setting accepted by the input means,
The output unit outputs the transfer setting generated by the generation unit to the network device capable of setting the transfer setting based on the content notified from the second notification unit.
The communication system according to any one of claims 1 to 6.

Images