JP5974758B2 - Network management system, management apparatus, wireless LAN access point, method for managing a plurality of wireless LAN stations, program, and recording medium - Google Patents

Description

  The present invention relates to a network management system.

  Wireless LAN access points (hereinafter also simply referred to as “access points”) are widely used as devices for relaying data transmitted from wireless LAN stations (hereinafter also simply referred to as “stations”). Before the station and the access point perform wireless communication with each other, information (hereinafter referred to as “connection information”) used for wireless connection such as an SSID (Service Set IDentifier), an encryption method, and an encryption key in advance. Need to share. Various methods for sharing connection information have been proposed. For example, Patent Document 1 describes a method of copying connection information set in an access point to a station via a memory card. In Patent Document 2, the access point and the station are wirelessly connected using the temporary connection connection information created based on the MAC (Media Access Control) address of the access point. A method is described in which connection information for main connection is transmitted from an access point to a station.

JP 2006-67174 A JP 2006-42087 A

  In the method described in Patent Document 1, connection information is copied to a station (hereinafter referred to as “illegal station”) that is different from the authorized user's station, for example, by a malicious third party illegally obtaining a memory card. In some cases, there is a problem that an unauthorized station can wirelessly connect to an access point. Further, in the method described in Patent Document 2, when a malicious third party illegally obtains connection information for temporary connection and sets it as an unauthorized station, the unauthorized station is connected to the connection information for main connection. There was a problem that it was possible to obtain a wireless connection to the access point. In addition, in order to grasp the connection configuration and operation state of the access point and the station, a network configuration map may be displayed on a management device configured by a personal computer or the like. However, since the connection information set for the unauthorized station is the same connection information (normal connection information) as the connection information set for the regular user's station (hereinafter referred to as “regular station”), In the network configuration map, it was impossible to distinguish between a regular station and an unauthorized station. Therefore, a technique that can easily identify a regular station and an unauthorized station has been desired. In addition, in the conventional management apparatus, it has been desired to reduce the size, reduce the cost, save resources, facilitate manufacturing, improve the usability, and the like.

  SUMMARY An advantage of some aspects of the invention is to solve at least a part of the problems described above, and the invention can be implemented as the following forms.

(1) According to an aspect of the present invention, a network management system is provided. The network management system includes a wireless LAN access point that can be wirelessly connected to a plurality of wireless LAN stations, a management device, and a display device; and the wireless LAN access point includes: Connection information including connection establishment information used for establishing a wireless connection between a plurality of wireless LAN stations and the wireless LAN access point and security information used for the wireless connection, at least of the plurality of wireless LAN stations. A connection information transmitting unit for transmitting to some of the wireless LAN stations; an identification information acquiring unit for acquiring identification information from the plurality of wireless LAN stations wirelessly connected to the wireless LAN access point; and the plurality of wireless LANs Of the station identification information, The identification that specifies the identification information of the first wireless LAN station that has transmitted the connection information from the wireless LAN access point and the identification information of the second wireless LAN station that has not transmitted the connection information in an identifiable manner. A specific information storage unit for storing information; and the management device; a specific information acquisition unit for acquiring the specific information from the wireless LAN access point; and the first information based on the acquired specific information. According to this form of the network management system, the display control unit causes the display device to display information indicating one wireless LAN station and information indicating the second wireless LAN station in an identifiable manner. The information indicating the first wireless LAN station and the information indicating the second wireless LAN station can be identified. Because it is displayed on the display device, the user can view the information, it is possible to easily identify the first wireless LAN station and a second wireless LAN station. There is a high possibility that the first wireless LAN station acquires connection information by receiving connection information from the wireless LAN access point, and is wirelessly connected to the wireless LAN access point using the connection information. Therefore, there is a possibility that the first wireless LAN station is a wireless LAN station (regular station) owned by the same user as the user of the wireless LAN access point or a trusted user (hereinafter referred to as “regular user”). high. On the other hand, the second wireless LAN station may acquire connection information without receiving connection information from the wireless LAN access point and wirelessly connect to the wireless LAN access point using the connection information. There is. In other words, the second wireless LAN station is a wireless that is not owned by a legitimate user who has obtained connection information by inputting connection information obtained by a user different from the legitimate user (hereinafter referred to as “illegal user”). There may be a LAN station (illegal station). Therefore, according to the network management system of this aspect, the user can easily identify the regular station and the unauthorized station by looking at the information displayed on the display device.

(2) In the network management system according to the above aspect, the display control unit includes symbols representing the plurality of wireless LAN stations based on the acquired specific information, and includes the first wireless LAN station and the second wireless LAN station. A network configuration map indicating that each wireless LAN station can be identified may be generated and displayed on the display device. According to the network management system of this aspect, a network configuration map including symbols representing a plurality of wireless LAN stations is displayed. In the network configuration map, the first wireless LAN station and the second wireless LAN station are respectively Displayed in an identifiable manner. Therefore, the user can easily grasp which of the plurality of wireless LAN stations is the first wireless LAN station or the second wireless LAN station by looking at the network configuration map.

(3) In the network management system according to the above aspect, when a predetermined event occurs, the display control unit displays a first message in association with a symbol representing the first wireless LAN station on the display device. Then, when the predetermined event occurs, a second message different from the first message may be displayed on the display device in association with the symbol representing the second wireless LAN station. According to the network management system of this aspect, when a predetermined event occurs, a message displayed in association with the symbol of the first wireless LAN station, and display in association with the symbol of the second wireless LAN station. Since these messages are different from each other, the user can easily identify the first wireless LAN station and the second wireless LAN station by viewing these messages. In addition, the display control unit can display an appropriate message according to the nature of the first wireless LAN station or the second wireless LAN station in an identifiable manner. Therefore, the user can take an appropriate action according to the message displayed in an identifiable manner.

(4) In the network management system of the above aspect, the display control unit displays a first icon in association with a symbol representing the first wireless LAN station on the display device when a predetermined event occurs. Then, when the predetermined event occurs, a second icon different from the first icon may be displayed on the display device in association with the symbol representing the second wireless LAN station. According to the network management system of this aspect, when a predetermined event occurs, an icon displayed in association with the symbol of the first wireless LAN station and a display associated with the symbol of the second wireless LAN station Since the icons are different from each other, the user can easily identify the first wireless LAN station and the second wireless LAN station by viewing these icons.

(5) In the network management system of the above aspect, the specific information acquisition unit further acquires state-related information that is information relating to an operation state of the plurality of wireless LAN stations; the display control unit includes the first control unit The state-related information related to the operating state of the first wireless LAN station is displayed on the display device in association with a symbol representing a wireless LAN station, and the second information is associated with a symbol representing the second wireless LAN station. The state-related information regarding the operation state of the wireless LAN station may not be displayed on the display device. According to the network management system of this aspect, since the state related information regarding the operation state of the second wireless LAN station is not displayed on the display device, the user can easily specify the second wireless LAN station. In addition, since state-related information regarding the operating state of the first wireless LAN station is displayed in association with the symbol of the first wireless LAN station, the user can view the first wireless LAN station by looking at the network configuration map. You can easily know the operating state of

(6) In the network management system according to the above aspect, the display control unit causes the display device to display a first operation menu in association with a symbol representing the first wireless LAN station, and the second wireless LAN. A second operation menu different from the first operation menu may be displayed on the display device in association with a symbol representing a station. According to this form of the network management system, the user simply selects an appropriate operation menu for the first wireless LAN station, that is, the wireless LAN station that is likely to be a regular station (first wireless LAN station). In addition, it is possible to easily select an appropriate operation menu for a wireless LAN station (second wireless LAN station) that is likely to be an unauthorized station.

(7) In the network management system according to the above aspect, the second operation menu includes a first specific menu for specifying the second wireless LAN station as the first wireless LAN station; When the first specific menu is executed, the control unit identifies in the network configuration map that the second wireless LAN station is a wireless LAN station that has transmitted the connection information from the wireless LAN access point. As described above, the network configuration map may be generated and displayed on the display device. According to the network management system of this aspect, when the user recognizes that the second wireless LAN station is a regular station, the user selects and executes the first specific menu to execute the second The wireless LAN station can be regarded as the first wireless LAN station. Therefore, in the network configuration map, it is not necessary to give extra attention to the user, and the convenience for the user can be improved.

(8) In the network management system according to the above aspect, the second operation menu includes a second specific menu for specifying the first wireless LAN station as the second wireless LAN station; When the second specific menu is executed, the device further transmits an identification for transmitting the identification information of the first wireless LAN station specified as the second wireless LAN station to the wireless LAN access point. You may have an information transmission part. According to the network management system of this aspect, the identification information of the first wireless LAN station specified as the second wireless LAN station can be transmitted to the management device. Therefore, in the management device, the second wireless LAN station Specific processing can be executed for the first wireless LAN station specified as.

(9) in a network management system of the above embodiment, the wireless LAN access point further, upon receiving the identification information from the management device, the packet is output from the first wireless LAN station having the identification information received or It received the may have a packet relaying unit that does not perform a relay of packets of the first wireless LAN station addressed with the identification information. According to the network management system of this aspect, when the user specifies a wireless LAN station that has illegally received connection information from the wireless LAN access point among the first wireless LAN stations, the second specific menu is displayed. By selecting and executing the packet, the packet output from the first wireless LAN station or the packet addressed to the first wireless LAN station can be prevented from being relayed at the wireless LAN access point.

(10) In the network management system according to the above aspect, the connection information transmitting unit is configured such that a standby connection that is a wireless connection having a lower transmission output than the main connection that is a wireless connection using the connection information is the wireless LAN access point and the wireless LAN access point. The connection information may be transmitted to the at least some wireless LAN stations when established with at least some of the wireless LAN stations. When the preliminary connection is established, since the transmission output is low, the distance between the wireless LAN access point and at least some of the wireless LAN stations needs to be relatively short. Therefore, the user is likely to place the wireless LAN access point and at least some wireless LAN stations relatively close to each other in order to establish a preliminary connection. The wireless LAN station having such an arrangement is likely to be a regular station. Therefore, according to the network management system of the above aspect, a wireless LAN station having a high possibility of being a regular station can be displayed as a first wireless LAN station so as to be distinguishable from the second wireless LAN station.

(11) In the network management system according to the above aspect, the management device may include the display device.

(12) According to another aspect of the present invention, a management device is provided. The management device is a management device connected via a network to a wireless LAN access point that can be wirelessly connected to a plurality of wireless LAN stations; among the identification information of the plurality of wireless LAN stations, A first wireless LAN that transmits connection information including connection establishment information used for establishing a wireless connection between a wireless LAN station and the wireless LAN access point and security information used for the wireless connection from the wireless LAN access point. Specific information for identifying each of the identification information of the station and the identification information of the second wireless LAN station that has not transmitted the connection information from the wireless LAN access point is acquired from the wireless LAN access point. A specific information acquisition unit; Comprises; on the basis of the information, and information indicating information and the second wireless LAN station indicating said first wireless LAN station, a display control unit for displaying each identifiably display device. According to the management apparatus of this aspect, the information indicating the first wireless LAN station and the information indicating the second wireless LAN station are displayed on the display unit in an identifiable manner. By viewing, the first wireless LAN station and the second wireless LAN station can be easily identified. There is a high possibility that the first wireless LAN station acquires connection information by receiving connection information from the wireless LAN access point, and is wirelessly connected to the wireless LAN access point using the connection information. Therefore, there is a possibility that the first wireless LAN station is a wireless LAN station (regular station) owned by the same user as the user of the wireless LAN access point or a trusted user (hereinafter referred to as “regular user”). high. On the other hand, the second wireless LAN station may acquire connection information without receiving connection information from the wireless LAN access point and wirelessly connect to the wireless LAN access point using the connection information. There is. In other words, the second wireless LAN station is a wireless that is not owned by a legitimate user who has obtained connection information by inputting connection information obtained by a user different from the legitimate user (hereinafter referred to as “illegal user”). There may be a LAN station (illegal station). Therefore, according to the management apparatus of this aspect, the user can easily identify the regular station and the unauthorized station by looking at the network configuration map.

(13) According to another aspect of the present invention, a wireless LAN access point is provided. The wireless LAN access point is a wireless LAN access point capable of wireless connection to a plurality of wireless LAN stations; connection establishment used for establishing a wireless connection between the plurality of wireless LAN stations and the wireless LAN access point A connection information transmission unit for transmitting connection information including information and security information used for the wireless connection to at least some of the plurality of wireless LAN stations; wirelessly connected to the wireless LAN access point; wherein the plurality of identification information acquiring unit and for acquiring the identification information from the wireless LAN stations are; of identification information of said plurality of wireless LAN station, the first wireless LAN station which has transmitted the connection information from the wireless LAN access point The identification information and the connection A specific information storage unit for storing identification information for identifying each of the second wireless LAN stations that have not transmitted information; and identifying the first wireless LAN station based on the specific information; The specific information is transmitted to the management device that displays the information and the information indicating the second wireless LAN station on the display device in an identifiable manner via another device or without another device. An information transmission unit; According to the wireless LAN access point of this embodiment, since the specific information is transmitted to the management device, the management device can identify the information indicating the first wireless LAN station and the information indicating the second wireless LAN station, respectively. Can be displayed.

  A plurality of constituent elements of each aspect of the present invention described above are not indispensable, and some or all of the effects described in the present specification are to be solved to solve part or all of the above-described problems. In order to achieve the above, it is possible to appropriately change, delete, replace with another new component, and partially delete the limited contents of some of the plurality of components. In order to solve part or all of the above-described problems or to achieve part or all of the effects described in this specification, technical features included in one embodiment of the present invention described above. A part or all of the technical features included in the other aspects of the present invention described above may be combined to form an independent form of the present invention.

  For example, one embodiment of the present invention can be realized as a system including one or more elements of three elements of a wireless LAN access point, a management apparatus, and a display apparatus. That is, this system may or may not have a wireless LAN access point. The system may or may not have a management device. Further, the system may or may not have a display device. The wireless LAN access point may or may not have a connection information transmission unit. The wireless LAN access point may or may not have an identification information acquisition unit. The wireless LAN access point may or may not have the specific information storage unit. The management device may or may not have the specific information acquisition unit. The management device may or may not have a display control unit. The connection information transmitting unit, for example, transmits connection information including connection establishment information used for establishing wireless connections between a plurality of wireless LAN stations and a wireless LAN access point and security information used for the wireless connections to a plurality of wireless You may comprise as a connection information transmission part which transmits to at least one part of wireless LAN station among LAN stations. The identification information acquisition unit may be configured as an identification information acquisition unit that acquires identification information from a plurality of wireless LAN stations that are wirelessly connected to the wireless LAN access point. The specific information storage unit includes the identification information of the first wireless LAN station that has transmitted the connection information from the wireless LAN access point among the identification information of the plurality of wireless LAN stations, and the second wireless LAN that has not transmitted the connection information. The station identification information may be configured as a specific information storage unit that stores specific information that can be identified. The specific information acquisition unit may be configured as a specific information acquisition unit that acquires specific information from a wireless LAN access point. The display control unit is configured as a display control unit that displays information indicating the first wireless LAN station and information indicating the second wireless LAN station on the display device in an identifiable manner based on the acquired specific information. May be. Such a system can be realized as, for example, a network management system, but can also be realized as a system or apparatus other than the network management apparatus. According to such a form, it is possible to solve at least one of various problems such as downsizing of the system, cost reduction, resource saving, power saving, easy manufacturing, and improvement in usability. Any or all of the technical features of each form of the network management system described above can be applied to this system.

  Further, for example, another embodiment of the present invention can be realized as an apparatus including one or more elements of two elements of a specific information acquisition unit and a display control unit. That is, this apparatus may or may not have the specific information acquisition unit. Further, the device may or may not have a display control unit. The specific information acquisition unit is used for, for example, connection establishment information used to establish a wireless connection between a plurality of wireless LAN stations and a wireless LAN access point among the identification information of the plurality of wireless LAN stations and the wireless connection. Identification information of a first wireless LAN station that has transmitted connection information including security information from the wireless LAN access point, and identification information of a second wireless LAN station that has not transmitted connection information from the wireless LAN access point, respectively. The specific information that can be identified may be configured as a specific information acquisition unit that acquires from the wireless LAN access point. For example, the display control unit is a display control unit that displays information indicating the first wireless LAN station and information indicating the second wireless LAN station on the display device in an identifiable manner based on the acquired specific information. It may be configured. Such a device can be realized as, for example, a management device, but can also be realized as a device other than the management device. According to such a form, it is possible to solve at least one of various problems such as downsizing of the apparatus, cost reduction, resource saving, power saving, easy manufacturing, and improvement in usability. Any or all of the technical features of each form of the management device described above can be applied to this device.

  Further, for example, another embodiment of the present invention includes one or more elements among four elements of a connection information transmission unit, an identification information acquisition unit, a specific information storage unit, and an information transmission unit. It can be realized as a device. That is, this apparatus may or may not have a connection information transmission unit. Further, the apparatus may or may not have an identification information acquisition unit. Moreover, the apparatus may or may not have the specific information storage unit. Further, the apparatus may or may not have the information transmission unit. The connection information transmitting unit transmits connection information including connection establishment information used for establishing a wireless connection between a plurality of wireless LAN stations and a wireless LAN access point and security information used for the wireless connection to the plurality of wireless LAN stations. May be configured as a connection information transmission unit that transmits to at least some of the wireless LAN stations. The identification information acquisition unit may be configured as an identification information acquisition unit that acquires identification information from a plurality of wireless LAN stations that are wirelessly connected to the wireless LAN access point. The specific information storage unit includes the identification information of the first wireless LAN station that has transmitted the connection information from the wireless LAN access point among the identification information of the plurality of wireless LAN stations, and the second wireless LAN station that has not transmitted the connection information The identification information may be configured as a specific information storage unit that stores specific information that can be identified. Based on the specific information, the information transmission unit is configured to display information indicating the first wireless LAN station and information indicating the second wireless LAN station on the display device in an identifiable manner with respect to another device. It may be configured as an information transmission unit that transmits specific information via or without other devices. Such a device can be realized as, for example, a wireless LAN access point, but can also be realized as a device other than the wireless LAN access point. According to such a form, it is possible to solve at least one of various problems such as downsizing of the apparatus, cost reduction, resource saving, power saving, easy manufacturing, and improvement in usability. Any or all of the technical features of each form of the wireless LAN access point described above can be applied to this apparatus.

  The present invention can be realized in various forms. For example, a method for managing a plurality of wireless LAN stations, a method for controlling a management device, a method for controlling a wireless LAN access point, a computer program for realizing these methods, and a non-temporary recording in which the computer program is recorded It can be realized in the form of a medium or the like.

It is explanatory drawing which shows schematic structure of the network management system as 1st Embodiment of this invention. It is a block diagram which shows the detailed structure of the router 300 shown in FIG. FIG. 2 is a block diagram showing a detailed configuration of the wireless LAN access point device 100 shown in FIG. 1. It is a block diagram which shows the detailed structure of the management apparatus 10 shown in FIG. It is explanatory drawing which shows the setting content of the operable menu list | wrist in 1st Embodiment. FIG. 2 is a block diagram showing a detailed configuration of a NAS 201 shown in FIG. It is a block diagram which shows the detailed structure of PC401 shown in FIG. FIG. 10 is a sequence diagram showing a procedure of automatic setting processing executed in the network management system 500. It is explanatory drawing which shows the setting content of the automatic setting list after step S130 of FIG. 8 is performed. FIG. 10 is a sequence diagram illustrating a procedure of configuration information acquisition processing executed in the network management system 500. It is explanatory drawing which shows an example of the subordinate apparatus list produced in step S515. It is explanatory drawing which shows an example of the subordinate apparatus list produced by step S615. It is a flowchart which shows the procedure of the approval list update process in 1st Embodiment. It is explanatory drawing which shows an example of the setting content of an approval list. It is a flowchart which shows the procedure of the message and icon determination process in 1st Embodiment. It is explanatory drawing which shows an example of the network structure map in 1st Embodiment. It is explanatory drawing which shows an example of the network structure map in 1st Embodiment. It is a flowchart which shows the procedure of the operation menu display process in 1st Embodiment. It is explanatory drawing which shows an example of the network structure map m1 on which the operation menu was displayed. It is explanatory drawing which shows an example of the network structure map m1 on which the operation menu was displayed. It is explanatory drawing which shows the setting content of the approval list after an update. It is a flowchart which shows the procedure of the operation menu display process in 2nd Embodiment. It is explanatory drawing which shows an example of the network structure map by which the operation menu in 2nd Embodiment was displayed. It is explanatory drawing which shows an example of the network structure map in 3rd Embodiment. It is a block diagram which shows the detailed structure of the wireless LAN access point apparatus 100a of 4th Embodiment. It is a flowchart which shows the procedure of the MAC address restriction list update process in 4th Embodiment.

A. First embodiment:
A1. System configuration:
FIG. 1 is an explanatory diagram showing a schematic configuration of a network management system as a first embodiment of the present invention. The network management system 500 includes a router 300, a wireless LAN access point device 100, a management device 10, a NAS (Network Attached Storage) 201, and a personal computer (hereinafter referred to as “PC”) 401. The network management system 500 manages the connection configuration and operation state between devices while realizing the exchange of data between devices and the exchange of data between devices and a device (not shown) connected to the Internet INT. It is a system to do.

  The router 300 is connected to the Internet INT via a mobile communication network. The router 300 is connected to the wireless LAN access point device 100 by a wired LAN (Local Area Network). In the network management system 500, a wireless LAN is constructed by the wireless LAN access point device 100, the management device 10, the NAS 201, and the PC 401. The wireless LAN access point device 100 is a bridge that connects a wired LAN and a wireless LAN with a function (wireless LAN access point function) that relays communication between the management device 10, NAS 201, and PC 401 that operate as a wireless LAN station. With functionality.

  As shown in FIG. 1, the router 300, the wireless LAN access point device 100, the management device 10, and the NAS 201 are arranged at a location A. On the other hand, the PC 401 is arranged at a location B different from the location A. As the location A and the location B, for example, the location A can be inside a certain house, and the location B can be inside a neighbor house of the location A. The PC 401 is arranged at a location where the wireless communication with the wireless LAN access point device 100 is possible at the location B.

  In the location A, the authorized user wirelessly connects the management device 10 and the NAS 201 to the wireless LAN access point device 100 and connects to the Internet INT via the wireless LAN access point device 100. At location B, an unauthorized user does not prepare a wireless LAN access point device and a router, and connects a PC 401 to a wireless LAN access point without establishing a service contract for connection with a mobile communication network. It is intended to connect to the device 100 wirelessly and connect to the Internet INT via the wireless LAN access point device 100.

  FIG. 2 is a block diagram showing a detailed configuration of the router 300 shown in FIG. The router 300 relays the packet in layer 3 (third layer of the OSI reference model). The router 300 includes a CPU (Central Processing Unit) 310, a flash memory 320, a mobile communication control unit 330, a wired LAN control unit 340, and a RAM (Random Access Memory) 350.

  The CPU 310 reads out a control program stored in the flash memory 320, develops it in the RAM 350, and executes it, whereby a configuration information acquisition unit 310a, a configuration information transmission unit 310b, a DHCP (Dynamic Host Configuration Protocol) server function unit 310c. , And the packet relay unit 310d.

  The configuration information acquisition unit 310a is a functional unit for acquiring configuration information that the router 300 itself has and configuration information that other devices have. In the present embodiment, the configuration information includes a device type, a device name, a connection interface type with another device, a MAC (Media Access Control) address, an IP (Internet Protocol) address, and information indicating an operation state. The configuration information transmission unit 310b transmits the configuration information acquired by the configuration information acquisition unit 310a to the management apparatus 10. The DHCP server function unit 310c functions as a DHCP server, and assigns an IP address, a subnet mask, and the like to each device. The packet relay unit 310d relays an IP packet received via each interface (the mobile communication control unit 330 and the wired LAN control unit 340) included in the router 300 according to the IP address.

  The flash memory 320 includes a configuration information storage unit 321 and a subordinate apparatus list storage unit 322. The configuration information storage unit 321 stores configuration information acquired from other devices in addition to the configuration information of the router 300. The configuration information of the router 300 includes, for example, the device type of the router 300, the device name of the router 300, the interface type of the router 300, the MAC address set in the router 300, the IP address set in the router 300, the router This corresponds to 300 operating states. The configuration information of other devices can be acquired in an initialization sequence defined by each interface when the router 300 or a connected device (wireless LAN access point device 100) is activated. The configuration information of the router 300 and other devices is also acquired in configuration information acquisition processing described later. The subordinate apparatus list storage unit 322 stores a subordinate apparatus list to be described later.

  The mobile communication control unit 330 includes a modulator, an amplifier, and an antenna. As a terminal, wireless communication is performed with a base station of a mobile communication network. The wired LAN control unit 340 includes a port to which a network cable is connected, and performs transmission / reception of frames conforming to IEEE (Institute of Electrical and Electronic Engineers) 802.3.

  FIG. 3 is a block diagram showing a detailed configuration of the wireless LAN access point device 100 shown in FIG. The wireless LAN access point device 100 includes a CPU 110, a flash memory 120, a wireless LAN control unit 130, a wired LAN control unit 140, a RAM 150, and operation buttons 160.

  The CPU 110 reads out a control program stored in the flash memory 120, expands it in the RAM 150, and executes it, whereby an automatic setting processing unit 110a, an automatic setting list management unit 110b, a configuration information acquisition handling unit 110c, and a packet relay unit 110d functions.

  The automatic setting processing unit 110a executes various types of information (hereinafter referred to as “connection information”) used to connect to the wireless LAN access point device 100 by executing automatic setting processing described later to each wireless LAN station. Let it be set. The connection information includes connection establishment information and security information. The connection establishment information is information used for establishing a wireless connection between the wireless LAN access point device 100 and the wireless LAN station, and corresponds to, for example, an SSID (Service Set IDentifier). The security information is information for establishing security of the wireless connection between the wireless LAN access point device 100 and the wireless LAN station, and corresponds to, for example, an encryption method or an encryption key. As described above, the connection information is information necessary and sufficient to establish a wireless connection between the wireless LAN access point device 100 and the wireless LAN station and to establish security in data exchange between these devices. Means. Therefore, for example, only information included in a beacon output from the wireless LAN access point device 100 (SSID, encryption / non-encryption, usable wireless channel information, etc.) is not connection information. This is because only the information included in the beacon cannot establish a wireless connection between the wireless LAN access point device 100 and the wireless LAN station, and cannot secure security in data exchange between these devices.

  The automatic setting list management unit 110b creates and updates an automatic setting list which will be described later. The configuration information acquisition handling unit 110 c acquires configuration information of the wireless LAN access point device 100 and notifies the router 300 of the configuration information. The packet relay unit 110d relays the packet according to the MAC address in layer 2 (second layer of the OSI reference model) received via the wireless LAN control unit 130 and the wired LAN control unit 140.

  The flash memory 120 includes an automatic setting list storage unit 121, a connection information storage unit 122, and a configuration information storage unit 123. The automatic setting list storage unit 121 stores an automatic setting list to be described later. The automatic setting list is created and updated in an automatic setting process described later. The connection information storage unit 122 stores connection information used when wirelessly connecting to the wireless LAN access point device 100. Such connection information is set in advance by a user (network administrator) and stored in the connection information storage unit 122. The configuration information storage unit 123 stores configuration information acquired from other devices in addition to the configuration information of the wireless LAN access point device 100. As illustrated in FIG. 3, the configuration information storage unit 123 includes, as configuration information of the wireless LAN access point device 100, a device type “wireless LAN access point”, a device name “A1”, a MAC address “MAC2”, and an IP address “ “IP2” is stored. In this embodiment, the MAC address and the IP address are shown as schematic values for convenience of explanation, but actually, a 48-bit address is used as the MAC address, and a 32-bit (IPv4) or 128 is used as the IP address. A bit (IPv6) address is assigned.

  The wireless LAN control unit 130 includes a modulator, an amplifier, and an antenna. For example, as a wireless LAN access point compliant with IEEE802.11a / b / g / n, the wireless LAN station management device 10, the NAS 201, and the PC 401 are wirelessly connected. Communicate. The wired LAN control unit 140 has the same configuration as the wired LAN control unit 340 of the router 300 shown in FIG.

  The operation button 160 is a button for giving the wireless LAN access point apparatus 100 an opportunity to start automatic setting processing (to be described later) in the wireless LAN access point apparatus 100.

  FIG. 4 is a block diagram showing a detailed configuration of the management apparatus 10 shown in FIG. The management apparatus 10 generates and displays a network configuration map in order to manage the entire network management system 500. Details of the network configuration map will be described later.

  The management device 10 is configured by a personal computer, and includes a CPU 12, a hard disk 13, a RAM 15, a nonvolatile memory 14, a wireless LAN control unit 16, an input / output interface unit 17, a display 18, a keyboard 19, and the like. It has.

  The CPU 12 reads out the control program stored in the nonvolatile memory 14, expands it in the RAM 15, and executes it, whereby the configuration information acquisition unit 12 a, the map generation unit 12 b, the user interface control unit 12 c, and the configuration information acquisition support unit 12d, which functions as an approval list update unit 12e.

  The configuration information acquisition unit 12 a acquires configuration information of the management device 10 and also acquires configuration information of each device included in the network management system 500. The map generation unit 12b creates a network configuration map for centrally managing the connection configuration of each device and the operation state of each device in the network management system 500. The user interface control unit 12c displays the configuration map generated by the map generation unit 12b on the display 18 in a display format that is easy for the user to recognize. In addition, the user interface control unit 12 c accepts various operations by the user using the keyboard 19. The configuration information acquisition handling unit 12d acquires the configuration information of the management device 10 and notifies the router 300 of the configuration information, similarly to the configuration information acquisition handling unit 110c of the wireless LAN access point device 100 shown in FIG. The approval list update unit 12e updates an approval list described later.

  The nonvolatile memory 14 includes an approval list storage unit 14a, an operable menu list storage unit 14b, and a configuration information storage unit 14c. The approval list storage unit 14a stores an approval list. Details of the approval list will be described later. The operable menu list storage unit 14b stores an operable menu list.

  FIG. 5 is an explanatory diagram showing the setting contents of the operable menu list in the first embodiment. The operable menu list is a list in which menus that can be operated by the user in the network configuration map are set for each device type. As shown in FIG. 5, the operable menu list includes an approval field f1, a device type field f2, and an operable menu field f3. In the approval field f1, a value indicating whether the device has been approved by the user or a device that is considered to be approved, a device that has not been approved, or a device that has been considered not to be approved is set. Details of approval and non-approval will be described later. In the device type field f2, device types of various devices that can belong to the network management system 500 are set. An operable menu is set in the operable menu field f3. In each record in which “approval” is set in the approval field f1, “router”, “NAS”, “wireless LAN access point”, “PC (personal computer)”, and the like are set as device types.

  In FIG. 5, for each record in which “router”, “wireless LAN access point”, and “PC” are set as device types, “open setting screen”, “IP address setting”, “ The “Delete” operation menu is set in association with it. “Open setting screen” is an operation menu for opening a setting screen for various parameters prepared in advance in each device. “IP address setting” is an operation menu for opening a setting screen for manually setting an IP address for each apparatus. “Delete” is an operation menu for deleting a symbol of each device in the network configuration map. In FIG. 5, “IP address setting”, “format”, and “deletion” are set as operable menus for records in which “NAS” is set as the device type. “Format” is an operation menu for formatting the hard disk of the NAS.

  In FIG. 5, “-” is set as the device type in the record in which “unapproved” is set in the approval field f1. This indicates that the operable menu set in the operable menu field f3 is associated regardless of the device type. A record in which “unapproved” is set in the approval field f1 is associated with operation menus of “approve” and “not approve” as operable menus. “Approve” is an operation menu that informs the management apparatus 10 that the user approves. “Do not approve” is an operation menu that informs the management device 10 that the user does not approve. The operable menu list is set in advance by the administrator.

  The configuration information storage unit 14 c illustrated in FIG. 4 stores configuration information of the management device 10. As shown in FIG. 4, in the configuration information storage unit 14c, as the configuration information of the management device 10, the device type “PC”, the device name “PC1”, the MAC address “MAC3”, the IP address “IP3”, the received signal strength “Strong” is stored.

  The wireless LAN control unit 16 includes a modulator, an amplifier, and an antenna, and performs wireless communication with the wireless LAN access point device 100 that is a wireless LAN access point as a wireless LAN station compliant with, for example, IEEE802.11a / b / g / n. Do. The input / output interface unit 17 controls data input / output between the display 18 and the keyboard 19 and the CPU 12. The display 18 can be configured as a display using a liquid crystal panel, for example.

  FIG. 6 is a block diagram showing a detailed configuration of the NAS 201 shown in FIG. As shown in FIG. 6, the NAS 201 includes a CPU 210, a flash memory 220, a wireless LAN control unit 230, a RAM 240, and a hard disk 250.

  The CPU 210 functions as a disk control unit 210a, a connection information setting unit 210b, and a configuration information acquisition corresponding unit 210c by reading out a control program stored in the flash memory 220, developing it in the RAM 240, and executing it.

  The disk control unit 210a performs access control to the hard disk 250, management of storage areas in the hard disk 250, and the like. The connection information setting unit 210b sets connection information based on information notified from the wireless LAN access point device 100. The configuration information acquisition handling unit 210 c acquires the configuration information of the NAS 201 and notifies the router 300 of the configuration information.

  The flash memory 220 includes a connection information storage unit 221 and a configuration information storage unit 222. The connection information storage unit 221 stores connection information for wireless connection with the wireless LAN access point device 100. The configuration information storage unit 222 stores the configuration information of the NAS 201. As shown in FIG. 6, in the configuration information storage unit 222, as the configuration information of the NAS 201, the device type “NAS”, the device name “N1”, the MAC address “MAC4”, the IP address “IP4”, the received signal strength “strong” Is stored.

  The wireless LAN control unit 230 includes a modulator, an amplifier, and an antenna. For example, as a wireless LAN station compliant with IEEE802.11a / b / g / n, the wireless LAN control unit 230 performs wireless communication with the wireless LAN access point device 100 that is a wireless LAN access point. Do. The wireless LAN control unit 230 includes an operation button 231. The operation button 231 is disposed so as to be exposed on the surface of the NAS 201. The operation button 231 is a button for instructing to shift the operation mode of the NAS 201 to the automatic setting processing mode. In other words, the operation button 231 is a button for giving the NAS 201 an opportunity to start automatic setting processing (to be described later) in the NAS 201.

  FIG. 7 is a block diagram showing a detailed configuration of the PC 401 shown in FIG. The PC 401 is composed of a portable personal computer, and includes a CPU 42, a hard disk 43, a RAM 45, a nonvolatile memory 44, a wireless LAN control unit 46, an input / output interface unit 47, a display 48, and a keyboard 49. It has.

  The CPU 42 functions as the connection information setting unit 42 a and the configuration information acquisition corresponding unit 42 b by reading out the control program stored in the nonvolatile memory 44, developing it in the RAM 45, and executing it. Since the connection information setting unit 42a has the same configuration as the connection information setting unit 210b of the NAS 201 described above, the description thereof is omitted. The configuration information acquisition handling unit 42b has the same configuration as the configuration information acquisition handling unit 210c of the NAS 201 described above, and a description thereof will be omitted.

  The nonvolatile memory 44 includes a connection information storage unit 44a and a configuration information storage unit 44b. Since the connection information storage unit 44a has the same configuration as the connection information storage unit 221 of the NAS 201 described above, description thereof is omitted. The configuration information storage unit 44b has the same configuration as that of the configuration information storage unit 222 of the NAS 201 described above, and a description thereof will be omitted.

  The wireless LAN control unit 46 has the same configuration as that of the wireless LAN control unit 16 of the management apparatus 10 described above, and thus the description thereof is omitted. The input / output interface unit 47 has the same configuration as the input / output interface unit 17 of the management apparatus 10, the display 48 has the same configuration as the display 18 of the management apparatus 10, and the keyboard 49 has the same configuration as the keyboard 19 of the management apparatus 10. Is omitted.

  As shown in FIG. 7, a window Wa is displayed on the display 48. This window Wa is an operation window for determining whether or not to shift the operation mode of the PC 401 to the automatic setting processing mode. The window Wa is displayed on the display 48 when the user selects a transition menu to the automatic setting processing mode in a menu window (not shown). The automatic setting process mode means an operation mode for executing an automatic setting process to be described later. The window Wa is provided with a button B11 and a button B12. The button B11 is a button for instructing the shift of the operation mode of the PC 401 to the automatic setting processing mode. In other words, the button B11 is a button for giving the PC 401 a trigger for starting an automatic setting process described later in the PC 401. The button B12 is a button for instructing not to shift the operation mode of the PC 401 to the automatic setting processing mode. Note that the window Wa can also be displayed in the management apparatus 10 described above.

  As shown in FIG. 7, in the configuration information storage unit 44b of the PC 401, as the configuration information of the PC 401, the device type “PC”, the device name “P2”, the MAC address “MAC5”, the IP address “IP5”, the received signal strength “Strong” is stored.

  In the network management system 500 having the above-described configuration, by performing each processing of automatic setting processing, configuration information collection processing, approval list creation processing, message and icon determination processing, which will be described later, the station of the authorized user in the network configuration map (Hereinafter referred to as “regular station”) and a station of a user different from the regular user (hereinafter referred to as “illegal station”) are displayed in an identifiable manner. Here, the regular user means the same user as the user of the wireless LAN access point apparatus 100 or a user (for example, a family member) trusted by the user of the wireless LAN access point apparatus 100.

  The display 18 included in the management device 10 corresponds to the display device in the claims. The automatic setting processing unit 110a is configured in the connection information transmitting unit in the claims, the configuration information acquisition handling unit 110c is configured in the identification information acquiring unit in the claims, and the automatic setting list storage unit 121 is configured in the specific information storage unit in the claims. The information acquisition unit 12a corresponds to the information acquisition unit in the claims, and the map generation unit 12b and the user interface control unit 12c correspond to the display control unit in the claims.

A2. Automatic setting process:
FIG. 8 is a sequence diagram showing a procedure of automatic setting processing executed in the network management system 500. The leftmost flowchart in FIG. 8 shows a procedure in the wireless LAN access point device 100. A central flowchart in FIG. 8 shows a procedure in the NAS 201. The rightmost flowchart in FIG. 8 shows the procedure in the PC 401. However, the PC 401 does not execute any processing because the operation mode does not shift to the automatic setting processing mode as will be described later.

  The automatic setting process is a process for automatically setting wireless information from the wireless LAN access point to the wireless LAN station in order to share connection information between the wireless LAN access point and the wireless LAN station. The automatic setting process is executed when a regular station is newly added to the network management system 500. Specifically, for example, when the NAS 201 is added to the network management system 500 by the authorized user, the operation button 160 of the wireless LAN access point device 100 is pressed, and the operation button 231 of the NAS 201 is pressed, The automatic setting process shown in FIG. 8 is started. Here, the unauthorized user does not know the timing when the authorized user presses the operation button 160 of the wireless LAN access point device 100. For this reason, the unauthorized user does not know the timing at which the operation mode of the PC 401 should be shifted to the automatic setting processing mode using the window Wa shown in FIG. Therefore, as shown in FIG. 8, when the automatic setting process is executed in the wireless LAN access point apparatus 100 and the NAS 201, the PC 401 does not enter the automatic setting process mode and cannot perform the automatic setting process.

  As shown in FIG. 8, the automatic setting processing unit 110a of the wireless LAN access point device 100 activates an SSID (hereinafter referred to as “setting SSID”) for establishing a temporary wireless connection (step S105). . The setting SSID is stored in the connection information storage unit 122 in advance. Note that “activate” includes processing for specifying a setting SSID as connection information used in wireless communication between a wireless LAN access point and a wireless LAN station. This temporary wireless connection corresponds to the preliminary connection in the claims.

When the operation mode of the NAS 201 shifts to the automatic setting processing mode (step S200),
The connection information setting unit 210b of the NAS 201 outputs a packet for searching for a wireless LAN access point (step S205).

  When receiving the packet for searching for the wireless LAN, the automatic setting processing unit 110a of the wireless LAN access point device 100 outputs a response packet to the transmission source of the packet (step S110).

  The connection information setting unit 210b of the NAS 201 receives the response packet output in step S110 (step S210). After step S210 is executed, a predetermined packet is exchanged between the wireless LAN access point device 100 and the NAS 201 to perform user authentication (step S115). On the other hand, as described above, since the operation mode has not shifted to the automatic setting processing mode, the PC 401 cannot execute any processing even if it receives the response packet output in step S110. After step S115 is executed, the connection information setting unit 210b of the NAS 201 reads the configuration information stored in the configuration information storage unit 222 and transmits it to the wireless LAN access point device 100 (step S215).

  When receiving the configuration information of the NAS 201 (step S120), the automatic setting processing unit 110a of the wireless LAN access point device 100 transmits the normal connection information stored in the connection information storage unit 122 to the NAS 201 (step S125). The regular connection information means connection information that is constantly used in the wireless communication between the wireless LAN access point device 100 and the NAS 201, unlike the temporary wireless connection. The wireless connection using the regular connection information corresponds to the main connection in the claims.

  When the connection information setting unit 210b of the NAS 201 receives the normal connection information from the wireless LAN access point device 100 (step S220), the normal connection information is stored in the connection information storage unit 221 and the normal connection information is stored in the wireless LAN access. It is specified as connection information used in wireless communication with the point device 100 (step S225).

  The automatic setting list management unit 110b of the wireless LAN access point device 100 adds the newly added wireless LAN station to the automatic setting list based on the configuration information acquired in step S120 (step S130).

  FIG. 9 is an explanatory diagram showing the setting contents of the automatic setting list after step S130 of FIG. 8 is executed. The automatic setting list includes a record number field f11, a MAC address field f12, a device name field f13, a corresponding band field f14, and a corresponding security field f15. In the record number field f11, an identifier of each record set in the automatic setting list is set. A MAC address of the wireless LAN station is set in the MAC address field f12. A device name of the wireless LAN station is set in the device name field f13. In the corresponding band field f14, the type of wireless use band supported by the wireless LAN station is registered. In the present embodiment, symbols (a, b, g, n, ac) representing wireless LAN standards defined in IEEE 802.11 are set as the corresponding bands. In the corresponding security field f15, an encryption method supported by the wireless LAN station is set.

  The record with the record number “1” shown in FIG. 9 is a record related to the management apparatus 10 and is a record registered before the automatic setting process related to the NAS 201 described above is started. The record with the record number “2” is a record related to the NAS 201 and is a record added in step S130 described above. As described above, the MAC address of the wireless LAN station which is the transmission destination of the regular connection information by the wireless LAN access point device 100 is registered in the automatic setting list.

  After step S130 of FIG. 8 is executed, the automatic setting processing unit 110a of the wireless LAN access point device 100 stops the setting SSID (step S135). Note that “stop” includes a process of not specifying the setting SSID as connection information used in wireless communication between the wireless LAN access point and the wireless LAN station. The automatic setting process described above can be executed by applying a protocol such as WPS (Wi-Fi Protected Setup) or AOSS (AirStation One-Touch Secure System: registered trademark), which is an existing technology.

  Note that since the PC 401 that is an unauthorized station has not shifted to the automatic setting processing mode, the above-described steps S215 to S225 executed by the NAS 201 are not executed. Therefore, the normal connection information is not transmitted from the wireless LAN access point apparatus 100 to the PC 401, and the record regarding the PC 401 is not registered in the automatic setting list.

  However, when an unauthorized user obtains regular connection information by some means and sets it in the PC 401, the PC 401 can connect to the wireless LAN access point apparatus 100 using the regular connection information. As will be described later, in the network management system 500, a wireless LAN station (PC 401) that has not acquired regular connection information from the wireless LAN access point device 100 by automatic setting processing is accessed by the management device 10 in wireless LAN access by automatic setting processing. The handling is different from that of the wireless LAN station (NAS 201) that has acquired the regular connection information from the point device 100.

  In the following description, it is assumed that the regular connection information is set in the management apparatus 10 and the NAS 201 by the automatic setting process, and the normal connection information is set in the PC 401 without using the automatic setting process.

A3. Configuration information acquisition processing and network configuration map:
FIG. 10 is a sequence diagram illustrating a procedure of configuration information acquisition processing executed in the network management system 500. In FIG. 10, the leftmost flowchart shows the procedure of the management apparatus 10. Further, the second flowchart from the left shows the procedure of the router 300, the third flowchart from the left shows the procedure of the apparatus having the subordinate apparatus excluding the router 300, and the rightmost flowchart shows the procedure of the apparatus having no subordinate apparatus. A “subordinate device” is a device connected to its own device, and is connected to a device that is more distant from the router 300 than its own device (the device that passes through the router 300 is its own device) Means more devices). In the network management system 500, the wireless LAN access point device 100 corresponds to a device having a subordinate device, and the management device 10, NAS 201, and PC 401 correspond to devices that do not have a subordinate device.

  In the network management system 500, after the management apparatus 10 is activated, configuration information collection processing is executed every predetermined period. First, the configuration information acquisition unit 12a of the management device 10 inquires of the router 300 about configuration information (step S405). The IP address of the router 300 used for such inquiry is set in the management apparatus 10 in advance. When receiving an inquiry from the management device 10, the configuration information acquisition unit 310a of the router 300 inquires of its subordinate device about configuration information (step S505). For example, when the DHCP server function unit 310c assigns an IP address to each device, the IP address of the subordinate device can be obtained by referring to a list in which the MAC address and IP address of each device are registered in association with each other.

  When an inquiry about configuration information is received from the router 300, the device having the subordinate device collects its own configuration information and responds to the router 300 that it has its own subordinate device and the subordinate device (step S605). Specifically, the configuration information acquisition corresponding unit 110c of the wireless LAN access point device 100 receives configuration information (device type, device name, MAC address, IP address) related to its own device stored in the configuration information storage unit 123. The configuration information is read and transmitted to the router 300.

  When there is an inquiry about configuration information from the router 300, the device that does not have a subordinate device collects its own configuration information and responds to the router 300 that it does not have its own subordinate device (step S705). ). In the network management system 500, there is no device that is directly connected to the router 300 and does not have a subordinate device. For example, when a personal computer is connected to the wired LAN control unit 340 of the router 300 via a network cable, the personal computer corresponds to a device that does not have a subordinate device. Therefore, step S705 is executed in such a personal computer.

  The configuration information acquisition unit 310a of the router 300 inquires each subordinate apparatus for configuration information (after step S505), acquires its own configuration information, and stores it in the configuration information storage unit 321 (step S510). For example, the configuration information acquisition unit 310 a inquires of the mobile communication control unit 330 about the operation state, acquires the operation state “communicating”, and stores it in the configuration information storage unit 321.

  The configuration information acquisition unit 310a of the router 300 stores the configuration information received from each subordinate device in the configuration information storage unit 321, and creates a subordinate device list based on the received configuration information to create the subordinate device list storage unit 322. (Step S515).

  FIG. 11 is an explanatory diagram showing an example of the subordinate apparatus list created in step S515. As shown in FIG. 11, the subordinate device list is a list in which the device type, device name, interface (I / F) type, MAC address, IP address, operation state, and subordinate device presence / absence are recorded for each subordinate device of the router 300. It is. Specifically, for the wireless LAN access point device 100, the device type “access point”, device name “A1”, I / F type “802.3”, MAC address “MAC2”, IP address “IP2”, operating state “Normal” and subordinate device presence / absence “present” are recorded.

  The configuration information transmission unit 310b of the router 300 transmits the own configuration information acquired in step S510 and the subordinate apparatus list created in step S515 to the management apparatus 10 (step S520).

  When the configuration information acquisition unit 12a of the management device 10 receives the subordinate device list, the configuration information acquisition unit 12a stores the subordinate device list in the configuration information storage unit 14c and determines the presence or absence of the subordinate device for each device described in the subordinate device list (step S410). Then, the device having the subordinate device is queried for configuration information (step S415). As described above, in the network management system 500, a device having a subordinate device is the wireless LAN access point device 100 except for the router 300. As shown in FIG. 11, the wireless LAN access point apparatus 100 is set to “with subordinate apparatus” in the subordinate apparatus list, and therefore the presence / absence of the subordinate apparatus can be determined based on the set value. Note that the address (MAC address, IP address) of a device having a subordinate device can be acquired from the subordinate device list.

  In a device having a subordinate device, the configuration information acquisition handling unit acquires the configuration information of the subordinate device upon receiving an inquiry about the configuration information from the management device 10 (step S610). Specifically, the configuration information acquisition handling unit 110c of the wireless LAN access point device 100 executes this process. The acquisition of the configuration information can be realized, for example, by transmitting a configuration information notification request to the subordinate apparatus and receiving the response. Also, for example, it can be realized by reading the configuration information acquired in the initialization sequence (for example, the above-described automatic setting process) when the subordinate apparatus is connected and stored in the memory (configuration information storage unit 123). .

  In the apparatus having the subordinate apparatus, the configuration information acquisition handling unit creates a subordinate apparatus list based on the acquired subordinate apparatus configuration information (step S615), and creates the subordinate apparatus list, its own configuration information, and the automatic setting list. It transmits to the management apparatus 10 (step S620). Specifically, the configuration information acquisition corresponding unit 110c of the wireless LAN access point device 100 creates a subordinate device list based on the configuration information of the management device 10, the NAS 201, and the PC 401, which are subordinate devices, The configuration information of the wireless LAN access point device 100 and the automatic setting list are transmitted to the management device 10.

  FIG. 12 is an explanatory diagram illustrating an example of the subordinate apparatus list created in step S615. Each field in FIG. 12 is the same as each field in FIG. As shown in FIG. 12, the subordinate list created in step S615 by the configuration information acquisition corresponding unit 110c of the wireless LAN access point device 100 includes the configuration information (top record) of the management device 10 and the configuration information of the NAS 201. (Second-stage record) and configuration information (third-stage record) of the PC 401 are included.

  In the management apparatus 10, after receiving the subordinate apparatus list from the apparatus having the subordinate apparatus after the above-described step S415, the configuration information acquiring unit 12a executes the above-described step S410 (that is, to the newly received subordinate apparatus list). For each listed device, determine if there is a subordinate device). Therefore, in the present embodiment, the processes in steps S410 and S415 are repeatedly executed until all the subordinate apparatuses have no further subordinate apparatuses. In step S410, when there is no device having a subordinate device in the subordinate device list (step S410: NO), the approval list update unit 12e of the wireless LAN access point device 100 executes an approval list update process (step S420). .

  FIG. 13 is a flowchart showing the procedure of the approval list update process in the first embodiment. The approval list update unit 12e determines whether or not a new device has been added to the network management system 500 based on the information transmitted from the device having the subordinate device (wireless LAN access point device 100) in step S620 (step S620). S805). This determination can be realized, for example, by comparing with a subordinate apparatus list received from the router 300 or an apparatus having a subordinate apparatus.

  If it is determined that a new device is not added (step S805: NO), the approval list update process ends. On the other hand, when it is determined that a new device has been added (step S805: YES), the approval list update unit 12e determines whether or not the newly added device is a wireless LAN station (step S805). S810). Such a determination can be realized by the device type and interface type in the subordinate device list.

  When it is determined that the added device is not a wireless LAN station (step S810: NO), the approval list update unit 12e registers the MAC address of the added device as “approved” in the approval list (step S820). . On the other hand, when it is determined that the added device is a wireless LAN station (step S810: YES), the approval list update unit 12e refers to the automatic setting list and adds the added device (wireless LAN station). ) Is registered in the automatic setting list (step S815).

  When it is determined that the added device is registered in the automatic setting list (step S815: YES), the above-described step S820 is executed, and the MAC address of the added device is “approved” in the approval list. be registered. On the other hand, when it is determined that the added device is not registered in the automatic setting list (step S815: NO), the approval list update unit 12e sets the MAC address of the added device as “unapproved”. Register in the approval list (step S825).

  FIG. 14 is an explanatory diagram illustrating an example of setting contents of the approval list. As shown in FIG. 14, in the approval list, an approval state and a MAC address are set in association with each other. MAC1, MAC2, MAC3, and MAC4 are registered as the MAC addresses of the devices whose approval status is “approved”. MAC1 is the MAC address of the router 300. MAC2 is the MAC address of the wireless LAN access point device 100, MAC3 is the MAC address of the management device 10, and MAC4 is the MAC address of the NAS 201.

  Since neither the router 300 nor the wireless LAN access point device 100 is a wireless LAN station, each MAC address is set in the approval list as “approved”. Also, as shown in FIG. 9, since the MAC address (MAC3) of the wireless LAN access point device 100 and the MAC address (MAC4) of the NAS 201 are registered in the automatic setting list, they are set in the approval list as “approved”. Has been. On the other hand, since the MAC address (MAC5) of the PC 401 is not registered in the automatic setting list, it is set in the approval list as “unapproved”. As described above, the MAC address of the wireless LAN station registered in the automatic setting list is registered as approved for the following reason. The wireless LAN station registered in the automatic setting list is a wireless LAN station in which regular connection information is set by automatic setting processing. Therefore, the wireless LAN station is a wireless LAN station that is explicitly instructed by the authorized user to start the automatic setting process, such as pressing the operation button 231, and is assumed to be approved for use by the authorized user. Because. On the other hand, the MAC address of the wireless LAN station that is not registered in the automatic setting list is registered as unapproved because the wireless LAN station that is not registered in the automatic setting list is normally connected by a process other than the automatic setting process. This is because information is set and use by an unauthorized user is confirmed.

  In the approval list, the “unapproved” field can be omitted. In this case, it is possible to specify other devices other than the device described in the “approved” column as “unapproved”.

  As shown in FIG. 10, after the approval list update process is executed, the map generation unit 12b of the management apparatus 10 executes a message and icon determination process (step S425). FIG. 15 is a flowchart illustrating a procedure of message and icon determination processing in the first embodiment. The message and icon determination process is a process for determining a message type and an icon type to be displayed accompanying the symbol of each device displayed on the network configuration map.

  The map generation unit 12b determines whether a new device has been added to the network management system 500 (step S905). This process is the same as step S805 of the approval list update process described above.

  When it is determined that a new device has been added (step S905: YES), the map generation unit 12b refers to the approval list to determine whether the added device has been approved (step S910). If the added device has been approved (step S910: YES), the map generation unit 12b displays a message and an icon for adding a highly reliable device as a message and an icon that are displayed in association with the symbol of the added device. Determine (step S915). On the other hand, if the added device is not approved, that is, if it has not been approved (step S910: NO), the map generation unit 12b adds the message and icon for adding the low-reliability device to the added device. The message and icon to be displayed accompanying the symbol are determined (step S920).

  If it is determined in step S905 described above that no new device has been added (step S905: NO), the map generation unit 12b refers to the subordinate device list to determine whether the existing device has been removed from the system. Is determined (step S925). If it is determined in step S925 that the existing device has not been removed from the system (step S925: NO), the message and icon determination process ends. On the other hand, if it is determined in step S925 that the existing device has been removed from the system (step S925: YES), it is determined whether or not the removed device has been approved (step S930). When the added device has been approved (step S930: YES), the map generation unit 12b displays a message and an icon for removing a highly reliable device as a message and an icon displayed along with the symbol of the removed device. Determination is made (step S935). On the other hand, if the removed device is not approved, that is, if it has not been approved (step S930: NO), the map generator 12b displays the message and icon for removing the low-reliability device as the removed device. The message and icon to be displayed accompanying the symbol are determined (step S940). The details of each message and icon determined in the message and icon determination process will be described later.

  As shown in FIG. 10, after the message and icon determination processing is executed, the map generation unit 12b of the management apparatus 10 is determined in the configuration information of the router 300 that has already been received, the subordinate apparatus list, and step S425. A network configuration map is created based on the message and icon (step S430). The user interface controller 12c displays the network configuration map created in step S420 on the display 18 (step S435).

  FIG. 16 is an explanatory diagram illustrating an example of a network configuration map according to the first embodiment. The network configuration map m1 is displayed in the window W1 on the display 18. FIG. 16 shows the network configuration map m1 immediately after the NAS 201 and the PC 401 are newly added to the network management system 500.

  The network configuration map m1 includes a connection mode area AR1 and an operation state display area AR2. The connection mode area AR1 is an area for displaying a symbol indicating each device constituting the network management system 500, a device type and a device name of each device, and a connection interface type between the devices. The operation status display area AR2 is an area for displaying the operation status of each device constituting the network management system 500.

  The shape of each device symbol is a rectangle of the same size, and the device type and device name are displayed in the symbol. The symbols of the respective devices are arranged in the connection mode area AR1 so that the hierarchical structure of each device is clear. Specifically, the symbol sb1 of the router 300 is located at the upper left. Also, the symbol sb2 of the wireless LAN access point device 100 directly connected to the router 300 is slightly offset to the right side of the symbol sb1 of the router 300. The symbol sb3 of the management apparatus 10 that is not directly connected to the router 300, the symbol sb4 of the NAS 201, and the symbol sb5 of the PC 401 are all offset further to the right than the symbol sb2 of the wireless LAN access point apparatus 100. ing. In addition, a connection interface between the devices is connected between the symbols of the devices so as to be specified. Specifically, the symbol sb1 of the router 300 and the symbol sb2 of the wireless LAN access point device 100 are connected by a solid line, which indicates that they are connected by a wired LAN. Also, the symbol sb2 of the wireless LAN access point device 100 and the symbols sb3 to sb5 of each wireless LAN station (management device 10, NAS 201, PC 401) are connected by a broken line, which is connected by a wireless LAN. Represents that.

  In the operation state display area AR2, information indicating the operation state of each device is displayed at a position corresponding to the symbol of each device (a position adjacent to the symbol of each device in the horizontal direction). Specifically, information indicating that the mobile communication control unit 330 is activated (ON) and is communicating is displayed at the position corresponding to the symbol sb1 of the router 300. In addition, a symbol indicating that the intensity of the radio wave received from the management apparatus 10 in the wireless LAN access point apparatus 100 is “strong” is displayed at a position corresponding to the symbol sb3 of the management apparatus 10. Further, at the position corresponding to the symbol sb4 of the NAS 201, the wireless LAN access point apparatus 100 has a symbol indicating that the intensity of the radio wave received from the NAS 201 is “strong” and the used capacity of the hard disk 250 of the NAS 201 is 50%. Information indicating that it is present is displayed. In addition, a symbol indicating that the strength of the radio wave received from the PC 401 in the wireless LAN access point device 100 is “strong” is displayed at a position corresponding to the symbol sb5 of the PC 401.

  Along with the symbol sb4 of the NAS 201, a highly reliable device addition message ms1 and a highly reliable device addition icon ic1 are displayed. The highly reliable device addition message ms1 is specifically composed of a character string “a new device has been added to the map”. This highly reliable device addition message ms1 is merely a message that tells the user that the device is to be added, and does not strongly alert the user or prompt any operation. In addition, the icon ic1 for adding a highly reliable device is not generally an icon that strongly calls attention. As described above, when the NAS 201 is added, the message or icon not accompanied by the strong alert accompanying the symbol sb4 of the NAS 201 is displayed for the following reason. An approved device such as NAS 201 is the property of a legitimate user, and the legitimate user places such a device close to the wireless LAN access point device 100 before executing the automatic setting process, and the wireless LAN access point device. An operation such as pressing the operation button 160 of 100 is performed. Therefore, the reason why such a device is added to the network management system 500 and its symbol is added to the network configuration map m1 is a predictable event for a legitimate user and does not require a particularly strong alert. . Note that, as the content of the highly reliable device addition message ms1, an arbitrary message not accompanied by a strong alert can be adopted instead of the content shown in FIG.

  Along with the symbol sb5 of the PC 401, a low reliability device addition message ms2 and a low reliability device addition icon ic2 are displayed. The unreliable device addition message ms2 includes a character string “An unknown device has been added to the map. Do you want to approve it?”. This low-reliability device addition message ms2 is a message that conveys the occurrence of an unexpected event for an authorized user “addition of an unknown device”, and strongly alerts the user. In addition, the message prompts the user to perform an “approve” operation. Further, the icon ic2 for adding a low-reliability device is an icon that generally gives strong attention. As described above, when the PC 401 is added, the message or icon that strongly calls attention accompanying the symbol sb5 of the PC 401 is displayed for the following reason. An unapproved device such as the PC 401 may not be the property of the authorized user, and the authorized user may not perform operations such as device placement and connection state setting. Therefore, the reason why such a device is added to the network management system 500 and the symbol is added to the network configuration map m1 is an event that is unpredictable for a regular user and requires strong attention. Note that the high-reliability device addition message ms1, the high-reliability device addition icon ic1, and the low-reliability device addition message ms2 and the low-reliability device addition icon ic2 are all predetermined operations (for example, single Click). As the content of the low-reliability device addition message ms2, an arbitrary message accompanied by a strong alert can be adopted instead of the content shown in FIG.

  FIG. 17 is an explanatory diagram illustrating an example of a network configuration map according to the first embodiment. FIG. 17 shows the network configuration map m1 immediately after the NAS 201 and the PC 401 are both removed from the network management system 500 (disconnected from the network). The network configuration map m1 in FIG. 17 is displayed along with the display mode of the symbol sb4 of the NAS 201, the display mode of the symbol sb5 of the PC 401, the message and icon displayed along with the symbol sb4, and the symbol sb5. The message and icon are different from the network configuration map m1 shown in FIG. 16, and other configurations are the same as the network configuration map m1 shown in FIG.

  As shown in FIG. 17, when the NAS 201 and the PC 401 are removed from the network management system 500, the NAS 201 symbol sb4 and the PC 401 symbol sb5 are grayed out, and the operation states of the NAS 201 and the PC 401 are deleted.

  Along with the symbol sb4 of the NAS 201, a highly reliable device removal message ms3 and a highly reliable device addition icon ic3 are displayed. The highly reliable device removal message ms3 is composed of a character string “Disconnected. Check the device status”. This highly reliable device removal message ms3 is a message that conveys the occurrence of an event that is important for a legitimate user that “an authorized device is disconnected from the network, that is, removed from the network management system 500”. Is strongly alerted. In addition, the message prompts the user to check the status of the device. The high reliability device addition icon ic3 is the same icon as the low reliability device addition icon ic2 described above, and is generally an icon that strongly calls attention. As described above, when the NAS 201 is removed from the network management system 500, the message or icon that strongly calls attention accompanying the symbol sb4 of the NAS 201 is displayed for the following reason. The removal of an approved device such as the NAS 201 from the network management system 500 is highly likely to indicate that an event that cannot be predicted by the user, such as a device failure, has occurred. Therefore, in the network management system 500, when an approved device is removed from the network management system 500, a message and an icon that strongly calls attention are displayed in association with the symbol of the approved device. . Note that, as the content of the highly reliable device removal message ms3, an arbitrary message accompanied by a strong alert can be adopted instead of the content shown in FIG.

  On the other hand, a low-reliability device removal message ms4 and a low-reliability device removal icon ic4 are displayed accompanying the symbol sb5 of the PC 401. The low-reliability device removal message ms4 is composed of a character string “an unknown device has been disconnected”. This low-reliability device removal message ms4 is merely a message that informs the user of the disconnection of the unknown device, and does not strongly alert the user or prompt any operation. In addition, the low-reliability device removal icon ic4 is generally not an icon that strongly calls attention. As described above, when the PC 401 is removed from the network management system 500, a message or icon without strong alerting is displayed on the symbol sb5 of the PC 401 for the following reason. In the first place, an unapproved device such as the PC 401 is not approved by an authorized user for being added to the network management system 500, so even if it is removed from the network management system 500, it is necessary to pay attention to the authorized user. Because there is no. In particular, if the device is illegally added to the network management system 500 such as an unauthorized station, the removal from the network management system 500 is an event that should be welcomed by authorized users. Note that, as the content of the low-reliability device removal message ms4, an arbitrary message not accompanied by a strong alert can be adopted instead of the content shown in FIG.

  The addition to the network management system 500 and the removal from the network management system 500 described above correspond to predetermined events in the claims. The high reliability device addition message ms1 and the high reliability device removal message ms3 are the first message in the claims, and the low reliability device addition message ms2 and the low reliability device removal message ms4 are in the claims. In the second message, the high reliability device addition icon ic1 and the high reliability device addition icon ic3 are added to the first icon in the claims, the low reliability device addition icon ic2 and the low reliability device removal icon ic4. Corresponds to a second icon in the claims.

A4. Operation menu display processing:
FIG. 18 is a flowchart showing the procedure of the operation menu display process in the first embodiment. When the user performs a predetermined operation (for example, double-clicking the symbol of each device) for displaying the operation menu by designating the symbol of each device displayed on the network configuration map m1, the operation menu display processing is executed. The

  The map generation unit 12b of the management device 10 refers to the approval list and determines whether or not the specified device has been approved (step S5). When it determines with having been approved (step S5: YES), the map production | generation part 12b specifies the apparatus classification of the designated apparatus with reference to a subordinate apparatus list (step S10). The map generation unit 12b refers to the operable menu list, and identifies the operable menu associated with the device type identified in step S10 (step S15).

  If it is determined in step S5 described above that the designated device has not been approved, that is, has not been approved (step S5: NO), the map generation unit 12b refers to the operable menu list, and has not been approved. An operable menu associated with the device is identified (step S20). The user interface control unit 12c causes the display 18 to display the operation menu including the operable menu specified in step S15 or step S20 in association with the designated device symbol (step S25).

  FIG. 19 is an explanatory diagram showing an example of the network configuration map m1 on which an operation menu is displayed. FIG. 19 shows a network configuration map m1 displayed after the user performs an operation to display the operation menu by designating the symbol sb4 of the NAS 201. The network configuration map m1 in FIG. 19 is different from the network configuration map m1 in FIG. 16 in that the operation menu window W11 is displayed, and other configurations are the same as the network configuration map m1 in FIG. In FIG. 19, the high-reliability device addition message ms1, the high-reliability device addition icon ic1, the low-reliability device addition message ms2, and the low-reliability device addition icon ic2 are omitted for the sake of illustration. .

  As shown in FIG. 19, an operation menu window W11 is displayed accompanying the symbol sb4 of the NAS 201. In the operation menu window W11, an “IP address setting” menu, a “format” menu, and a “delete” menu are displayed. In FIG. 19, the “IP address setting” menu is selected. As shown in FIG. 5, these operation menus displayed in the operation menu window W11 include “approval” in the approval field f1 and “NAS” in the device type field f2 among the records in the operable menu list. In a certain record, this corresponds to the operation menu set in the operable menu field f3. Thus, in the network management system 500, the operation menu set in advance according to each device type is displayed by a predetermined operation on the symbol of each device.

  FIG. 20 is an explanatory diagram illustrating an example of the network configuration map m1 on which an operation menu is displayed. FIG. 20 shows a network configuration map m1 displayed after the user designates the symbol sb5 of the PC 401 and performs an operation for displaying an operation menu. The network configuration map m1 in FIG. 20 is different from the network configuration map m1 in FIG. 16 in that the operation menu window W12 is displayed, and other configurations are the same as the network configuration map m1 in FIG. In FIG. 20, the high-reliability device addition message ms1, the high-reliability device addition icon ic1, the low-reliability device addition message ms2, and the low-reliability device addition icon ic2 are omitted for the sake of illustration. .

  As shown in FIG. 20, an operation menu window W12 is displayed accompanying the symbol sb5 of the PC 401. In the operation menu window W12, an “Approve” menu and an “Disapprove” menu are displayed. In FIG. 20, the “approve” menu is selected. These operation menus displayed in the operation menu window W12 are set in the operable menu field f3 in the record in which the approval field f1 is “unapproved” among the records in the operable menu list, as shown in FIG. Corresponds to the operation menu.

  In FIG. 19, each operable menu displayed in the operation menu window W11 corresponds to the first operation menu in the claims. In FIG. 20, each of the operable menus displayed in the operation menu window W12 is an operation in the second operation menu in the claims, and the “approve” menu in the operation menu window W12 is in the first specific menu in the claims. The “not approved” menu in the menu window W12 corresponds to the second specific menu in the claims.

  As shown in FIG. 20, in a state where the “Approve” menu is selected in the operation menu window W12, a predetermined operation (for example, double-clicking on the selected operation menu) for the user to execute the operation menu is performed. When executed, the approval list update unit 12e of the management apparatus 10 updates the approval list.

  FIG. 21 is an explanatory diagram showing the setting contents of the updated approval list. When the symbol sb5 of the PC 401 is designated and the “approve” menu is executed, the approval list update unit 12e deletes the MAC address of the PC 401 from the unapproved record and adds it to the approved record. Therefore, as shown in FIG. 21, the MAC address “MA5” of the PC 401 is registered in the “approved” record, unlike the approval list of FIG.

  In this way, when the MAC address “MA5” of the PC 401 is registered in the “approved” record in the approval list, when the PC 401 is subsequently removed from the network management system 500, it is attached to the symbol sb5 of the PC 401. The message and icon displayed in this manner are different from the low-reliability device removal message ms4 and the low-reliability device removal icon ic4 shown in FIG. In this case, in the message and icon determination process shown in FIG. 15, since it is determined in step S930 that the removed device has been approved (step S930: YES), step S940 is executed, and the low-reliability device is determined. The removal message and icon are determined as a message and icon to be displayed accompanying the symbol sb5 of the removed PC 401. Therefore, the high-reliability device removal message ms3 and the high-reliability device addition icon ic3 in FIG. 17 are displayed accompanying the symbol sb5 of the PC 401.

  As described above, in the network management system 500 of the first embodiment, when the NAS 201 that is a regular station is added to the network management system 500, a message to be displayed accompanying the symbol sb4 of the NAS 201 in the network configuration map m1 The icon and the message and icon displayed in association with the symbol sb5 of the PC 401 in the network configuration map m1 when the PC 401 as an unauthorized station is added to the network management system 500 are made different. In addition, when the NAS 201 is removed from the network management system 500, a message and icon to be displayed accompanying the symbol sb4 in the network configuration map m1 and in the network configuration map m1 when the PC 401 is removed from the network management system 500 The message and icon to be displayed accompanying the symbol sb5 are made different. Therefore, the user can easily identify the regular station and the unauthorized station by looking at the network configuration map m1.

  In addition, when the PC 401 is added to the network management system 500, a message and an icon to be displayed accompanying the symbol sb5 of the PC 401 in the network configuration map m1 are accompanied by a strong alert, and a predetermined operation is performed for the user. Since a message and an icon for prompting are displayed, the user can be alerted. On the other hand, when the NAS 201 is added to the network management system 500, a general message and icon without strong alert are displayed as a message and icon to be displayed accompanying the symbol sb4 of the NAS 201 in the network configuration map m1. Since the information is displayed, unnecessary attention is not required for the user, and convenience can be improved.

  Further, when the NAS 201 is removed from the network management system 500 (disconnected from the network), the network configuration map m1 is accompanied by a strong alert as a message and icon to be displayed accompanying the symbol sb4 of the NAS 201. Since a message and an icon prompting the user to perform a predetermined operation are displayed, the user can be alerted. On the other hand, when the PC 401 is removed from the network management system 500, in the network configuration map m1, a general message and icon without a strong alert are displayed as a message and icon to be displayed accompanying the symbol sb5. Therefore, unnecessary user alerting is not required, and convenience can be improved.

  In addition, the management apparatus 10 uses the automatic setting list in which the MAC address of the station for which the normal connection information is set by the automatic setting process, that is, the station to which the normal connection information is transmitted by the wireless LAN access point apparatus 100, is registered. Since it is acquired by the collection process, the regular station and the unauthorized station can be easily identified based on the automatic setting list. Here, in the station where the regular connection information is set by the automatic setting process, some operation for instructing the execution of the automatic setting process such as pressing the operation button 231 is performed by the authorized user before the automatic setting process is executed. It has been broken. Therefore, such a station is very likely to be a legitimate station that is owned by the legitimate user and approved for use by the legitimate user (connected to the network by the legitimate user's will). On the other hand, a station for which regular connection information is set by processing other than automatic setting processing is the property of an unauthorized user, and there is a possibility that the authorized connection information is illegally set by the unauthorized user. Therefore, in the approval list update process, it is determined whether the station is approved or not approved based on the automatic setting list (step S815), so that the accuracy of the determination can be improved.

  Further, in the network management system 500, the operable menus to be displayed accompanying the symbols of the respective devices are made different from each other according to the presence / absence of approval and the device type. Therefore, the user can easily select an appropriate operation menu according to the approval / disapproval and the device type. In particular, only the “Approve” menu and the “Disapprove” menu are displayed as the operable menus accompanying the symbol sb5 of the PC 401. Therefore, unnecessary operations (for example, setting of an IP address) can be prevented from being performed on an unauthorized station.

  In addition, when the “approve” menu is selected, a device that is an execution target of the operation menu is handled as an approved device. For example, the message and icon displayed with the symbol of such a device are the same as the message and icon displayed with the symbol of the approved device. Alternatively, the operation menu displayed on the device is the same as the operation menu displayed on an approved device of the same device type. Therefore, for example, when a regular user manually sets regular connection information without performing automatic setting processing for a regular station for some reason, the station is initially registered as “unapproved”. By executing the “Approve” menu, the authorized station can be registered as “Approved” and handled as an approved device. Therefore, convenience can be improved.

B. Second embodiment:
FIG. 22 is a flowchart illustrating a procedure of operation menu display processing in the second embodiment. The network management system of the second embodiment is different from the network management system 500 of the first embodiment in the procedure of the operation menu display process, and the system configuration and other process procedures are the same as those of the network management system 500 of the first embodiment. Since it is the same, explanation is omitted.

  The operation menu display process of the second embodiment differs from the operation menu display process of the first embodiment shown in FIG. 18 in that steps S21 and S23 are added and executed. Specifically, in the operation menu display process of the second embodiment, after step S20 is executed, the map generation unit 12b refers to the operable menu list and is an “approved” device, and is designated. The operable menu set for the device of the same device type as the specified device is specified (step S21). Specifically, for example, when the PC 401 is a designated device, as shown in FIG. 5, the device (record) whose approval field f1 is “approved” and whose device type field f2 is “PC” is shown in FIG. “Open setting screen”, “IP address setting”, and “delete”, which are set operable menus, are specified.

  After step S21 is executed, the user interface control unit 12c has designated an operation menu including the operable menu set for the unapproved device and the operable menu identified in step S21. It is displayed on the display 18 in association with the symbol of the device (step S23).

  FIG. 23 is an explanatory diagram illustrating an example of a network configuration map on which an operation menu according to the second embodiment is displayed. FIG. 23 shows a network configuration map m1 displayed after the user designates the symbol sb5 of the PC 401 and performs an operation for displaying an operation menu. As shown in FIG. 23, an operation menu window W12a is displayed accompanying the symbol sb5 of the PC 401. In the operation menu window W12a, as in the operation menu window W12 in the first embodiment shown in FIG. 20, an “approve” menu and an “not approve” menu are displayed as operation menus. In the operation menu window W12a, the “Open setting screen” menu, the “IP address setting” menu, and the “Delete” menu are grayed out below the “Approve” menu and the “Not approve” menu. Is displayed. These “open setting screen” menu, “IP address setting” menu, and “delete” menu are “NAS” which is the device type of the PC 401 and are displayed along with the symbols of the approved devices. Yes (see operation menu window W11 in FIG. 19). However, in the operation menu window W12a, these “open setting screen” menu, “IP address setting” menu, and “delete” menu cannot be selected, and these menus are displayed when the “approve” menu is executed. Will be able to choose.

  The network management system of the second embodiment having the above configuration has the same effects as the network management system 500 of the first embodiment. In addition, in the network management system according to the second embodiment, as an operable menu to be displayed accompanying the symbol of the device registered as “unapproved” (symbol sb5 of the PC 401), the “unapproved” device is displayed. In addition to the operable menu registered in advance, the “operated” device that is an “approved” device and is registered in advance for devices of the same device type is grayed out and displayed. Therefore, when the “approve” menu is selected and executed, the user can easily understand what menu is the operable menu.

C. Third embodiment:
FIG. 24 is an explanatory diagram illustrating an example of a network configuration map according to the third embodiment. Unlike the network management system 500 of the first embodiment, the network management system of the third embodiment differs from the network management system 500 of the first embodiment in the display contents of the network configuration map, and has the same procedure as the network management system 500 of the first embodiment. is there. The network configuration map m2 of the third embodiment is different from the device of the same device type in that the operation state to be displayed is different between an approved device and an unapproved device. , Different from the network configuration map m1) of FIG.

  Specifically, as shown in FIG. 24, the position corresponding to the symbol sb5 of the PC 401 (the position adjacent in the horizontal direction of the symbol sb5 of the PC 401) is strongly alerted instead of the symbol indicating the strength of the radio wave. An icon ic5 and a character string “unapproved” are displayed. The icon ic5 in FIG. 24 is the same as ic2 in FIG. 16 and ic3 in FIG.

  The network management system of the third embodiment having the above configuration has the same effects as the network management system 500 of the first embodiment. In addition, in the network management system according to the third embodiment, the operation state is not displayed in association with the symbol sb5 of the PC 401, which is an unapproved device, and instead, the icon ic5 and the “unapproved” character that strongly calls attention Since the column is displayed, it is easy for the user that the PC 401 is an unapproved device even after the PC 401 is added to the network management system 500 and the low reliability device addition message ms2 shown in FIG. 16 is deleted. Can be understood.

D. Fourth embodiment:
FIG. 25 is a block diagram illustrating a detailed configuration of the wireless LAN access point device 100a according to the fourth embodiment. The network management system of the fourth embodiment differs from the network management system 500 of the first embodiment in that the configuration of the wireless LAN access point apparatus and the wireless LAN access point apparatus 100a perform MAC address restriction processing. The system configuration and the procedure of each process are the same as those of the network management system 500 of the first embodiment.

  As shown in FIG. 25, in the wireless LAN access point device 100a of the fourth embodiment, the flash memory 120 includes a MAC address restriction list storage unit 124, and the CPU 110 has a relay control unit 110e and a restriction list update unit 110f. Unlike the wireless LAN access point device 100 of the first embodiment shown in FIG. 3, the other configuration is the same as that of the wireless LAN access point device 100.

  The MAC address restriction list storage unit 124 stores a MAC address restriction list. The MAC address restriction list is a list in which MAC addresses of transmission sources and destinations of packets (layer 2 frames) that are not relayed by the packet relay unit 110d are registered.

  The relay control unit 110e controls the packet relay unit 110d to realize the MAC address restriction process. Specifically, the relay control unit 110e does not relay, in the relay control unit 110e, the packet whose MAC address registered in the MAC address restriction list 124 is the destination address and the packet whose MAC address is the source address. Dispose of. The restriction list update unit 110f executes a MAC address restriction list change process described later to update the MAC address restriction list stored in the MAC address restriction list storage unit 124. In the fourth embodiment, when a new device is added to the network management system, if the device is registered as “unapproved”, the MAC address of the device is registered in the MAC address restriction list. Is done. Therefore, the wireless LAN access point device 100a does not relay packets for devices registered as “unapproved”. For example, as described in the first embodiment, when the PC 401 is added to the network management system, since the PC 401 is registered as “unapproved”, the wireless LAN access point device 100a is output from the PC 401. And relaying packets destined to the PC 401 are not performed.

  FIG. 26 is a flowchart illustrating a procedure of MAC address restriction list update processing in the fourth embodiment. In FIG. 26, the flowchart on the left shows the procedure in the wireless LAN access point device 100a. In FIG. 26, the flowchart on the right shows the procedure in the management apparatus 10. In the wireless LAN access point device 100a and the management device 10, when the power is turned on, the MAC address restriction list update process is started.

  In the management apparatus 10, the approval list update unit 12e determines whether or not the approval list has been changed (step S42). If there has been a change (step S42: YES), the change content (“approved”) is displayed. Or change to “unapproved”) and the MAC address of the target device is transmitted to the wireless LAN access point device 100a (step S44).

  In the wireless LAN access point device 100a, the restriction list update unit 110f waits until the change contents and MAC address of the approval list are received from the management apparatus 10 (step S52), and receives the change contents and the MAC address (step S52: YES), the MAC address restriction list is updated based on the received change contents and the MAC address (step S54).

  Specifically, for example, the “Approve” menu is selected and executed for the PC 401 (see FIG. 20), and the MAC address “MAC5” of the PC 401 is deleted from the “unapproved” record in the approval list. , When added to the “approved” record (see FIG. 21), the approval list update unit 12e transmits the change to “approved” and the MAC address “MAC5” to the wireless LAN access point device 100a. To do. Upon receiving the change to “approved” and the MAC address “MAC5”, the restriction list update unit 110f deletes the MAC address “MAC5” registered in the MAC address restriction list. Therefore, after that, the wireless LAN access point device 100a executes relay of the packet output from the PC 401 and the packet destined for the PC 401.

  On the other hand, for example, the “disapproved” menu is selected and executed for the NAS 201, and the MAC address “MAC4” of the NAS 201 is deleted from the “approved” record in the approved list, and “unapproved” Is added to the record, the approval list update unit 12e transmits to the wireless LAN access point device 100a the change to “unapproved” and the MAC address “MAC4”. When the restriction list update unit 110 f receives the change to “unapproved” and the MAC address “MAC4”, the restriction list update unit 110 f deletes the MAC address “MAC4” from the MAC address restriction list. Therefore, thereafter, the wireless LAN access point device 100a does not relay the packet output from the NAS 201 and the packet destined for the NAS 201.

  The network management system of the fourth embodiment having the above configuration has the same effects as the network management system 500 of the first embodiment. In addition, the wireless LAN access point device 100a of the fourth embodiment does not relay packets output from devices registered as “unapproved” and packets destined for devices registered as “unapproved”. It is possible to prevent unauthorized stations from connecting to the Internet INT via the wireless LAN access point device 100a. When a certain device is changed from “unapproved” to “approved”, the MAC address of the device is deleted from the MAC address restriction list. The destination packet can be relayed in the wireless LAN access point device 100a. On the contrary, when a certain device is changed from “approved” to “unapproved”, the MAC address of the device is added to the MAC address restriction list, so that the packet output from the device In addition, it is possible to prevent the packet destined for such a device from being relayed in the wireless LAN access point device 100a. In the fourth embodiment described above, the approval list update unit 12e corresponds to the identification information transmission unit in the claims.

E. Variations:
E1. Modification 1:
In the fourth embodiment, the device registered as “unapproved” is the target of the MAC address restriction process in the wireless LAN access point device 100a. However, the present invention is not limited to the MAC address restriction process. Specifically, for example, even when an association request is received from a device (station) registered as “unapproved”, the wireless LAN access point device 100a may adopt a configuration that does not respond to such a request. In this case, since the association fails between the station and the wireless LAN access point device 100a, the packet output from the station and the packet destined for the station are relayed in the wireless LAN access point device 100a. There is nothing.

  In the fourth embodiment, the wireless LAN access point device 100a registers the MAC address of the source and destination of the packet (layer 2 frame) that is not relayed by the packet relay unit 110d as the MAC address restriction list. However, instead of this, it is also possible to register only the source and destination MAC addresses of packets (layer 2 frames) to be relayed by the packet relay unit 110d. In this case, the packet relay unit 110d can be configured not to relay a packet having a destination address or a source address as a MAC address not listed in the list.

E2. Modification 2:
In the first embodiment, the device registered as “approved” and the device registered as “unapproved” are displayed in the message accompanying the symbol, the icon displayed in the symbol, and the operation menu. By making the operable menus to be displayed different from each other, they are displayed in an identifiable manner on the network configuration map m1. In the third embodiment, the information (operation state or icon and message) for displaying the device registered as “approved” and the device registered as “unapproved” in association with the symbols is different from each other. By doing so, it is displayed in an identifiable manner on the network configuration map m2. However, the present invention is not limited to these methods. For example, by changing the shape, size, color, etc. of the symbols displayed on the network configuration map from each other, the device registered as “approved” and the device registered as “unapproved” It can also be displayed in an identifiable manner on the map.

  In the first embodiment, the network management system displays different messages and icons on the network configuration map m1 between the device registered as “approved” and the device registered as “unapproved”. Although it is the case where it was added to 500 and the case where it was removed from the network management system 500, the present invention is not limited to these cases. For example, after being removed from the network management system 500, a message and an icon to be displayed when added to the network management system 500 (connected to the network) again, a device registered as “approved”, and “unapproved” It can also be made different from the device registered as. Specifically, for example, when a device registered as “approved” is added to the network management system 500 again, nothing can be displayed. On the other hand, when a device registered as “unapproved” is added to the network management system 500 again, the same message and icon as when the device was first added to the network management system 500 (addition of a low-reliability device). Message ms2 and low reliability device addition icon ic2) can be displayed. When a device registered as “approved” is added to the network management system 500 again, this event is an event that does not require any attention to the user, so there is no need to display a message and an icon. On the other hand, when a device registered as “unapproved” is added to the network management system 500 again, the event is an unexpected event for the user as in the case where the device is first added to the network management system 500. is there. Therefore, in such a case, the user can be alerted by displaying a message and an icon accompanied by a strong alert to the user.

E3. Modification 3:
In each embodiment, in the network configuration map, the message to be displayed accompanying each symbol is the same as long as the presence or absence of approval is the same even if the device type is different. It is not limited. For example, in the case of an “approved” device (station) and the device type is “multifunctional mobile phone (smartphone)” or “portable game machine”, the highly reliable device removal message ms3 shown in FIG. Instead of ("Disconnected. Check the device status"), a message consisting of the character string "Disconnected. Are you out of the office?" Is displayed along with the symbol of the device. You can also. Devices with high portability, such as multi-function mobile phones and portable game machines, are likely to be removed from the network management system (disconnected from the network). It is not an unexpected event for the user. Therefore, in this case, it is preferable to display the above-mentioned message (“You are disconnected. Are you going out?”) Without strong alerting.

E4. Modification 4:
In each embodiment, in the configuration information acquisition process, the management apparatus 10 identifies the MAC address and IP address of each apparatus based on the subordinate apparatus list notified from the router 300. However, the present invention is not limited to this. It is not something. For example, it is possible to employ a configuration in which the management device 10 searches for each device belonging to the network management system 500 and identifies each device. Specifically, the management apparatus 10 broadcasts a response request. This response request is simply a request for only a response, and the management device 10 can specify the MAC address and IP address of each device belonging to the network management system 500 by receiving a response to the request. In addition, after specifying the MAC address and the IP address of each device, the management device 10 can also obtain the configuration information of each device by inquiring each device about the configuration information. With such a configuration, even when the router 300 is out of order, the management device 10 can acquire the configuration information of each device other than the router 300.

E5. Modification 5:
In each embodiment, in order to display the operation menu, a predetermined operation is performed by designating a symbol of a device to be operated, but the present invention is not limited to this. For example, a dedicated icon for opening the operation menu window is displayed at a position corresponding to the symbol of each device (for example, a position on the right side of the operation state display area AR2), and the operation menu is displayed when the dedicated icon is selected. A configuration in which processing is executed can also be adopted. For example, a character string such as “open operation menu” can be attached to the dedicated icon. With such a configuration, the user can easily understand the operation for opening the operation menu.

E6. Modification 6:
In each embodiment, the information indicating the operation status of each device displayed on the network configuration map is the hard disk usage capacity, received signal strength, interface operation status, and the like, as shown in FIG. However, the present invention is not limited to this. For example, firmware version information of each device can be employed. Further, although the device name is displayed on the network configuration map as information that can identify each device, the present invention is not limited to this. For example, instead of the device name or in addition to the device name, identification information of each device such as an IP address and a MAC address can be displayed on the network configuration map.

E7. Modification 7:
In each embodiment, the network configuration map is displayed on the display 18 included in the management apparatus 10, but the present invention is not limited to this. For example, in a configuration in which a router including a display device such as a liquid crystal display is employed as the router 300, a network configuration map can be displayed on the display device. With such a configuration, it is possible to easily check the connection configuration of each device while working in the router 300 (for example, cable insertion / extraction). For example, as the router 300, a router having an interface for connecting a display device such as HDMI (High-Definition Multimedia Interface) or WHDI (Wireless Home Digital Interface) is adopted, and the router 300 is connected to the router 300 via the interface. When adopting a configuration in which a television receiver is connected, a network configuration map can be displayed on the television receiver. According to the configuration in which the network configuration map is displayed on the television receiver, the network configuration map can be displayed larger.

  In each embodiment, the function unit that collects the configuration information and generates and displays the network configuration map is configured by the management apparatus 10, but the present invention is not limited to this. For example, the management apparatus 10 may be omitted, and the router 300 may function as a functional unit that collects configuration information and generates and displays a network configuration map. That is, a configuration in which the router 300 includes each functional unit of the management device 10 can be employed. In this configuration, the router 300 corresponds to the management device in the claims.

E8. Modification 8:
In each embodiment, the network configuration maps m1 and m2 are generated and displayed on the management device 10 based on the collected configuration information. However, the present invention is not limited to this. For example, instead of the network configuration map, it is possible to adopt a configuration in which a list in which the device name of each device is associated with information indicating whether or not it is approved is displayed. Even in such a configuration, the user can easily identify which device has been approved, in other words, whether the device is an authorized station. That is, generally, information indicating a wireless LAN station that has transmitted connection information from the wireless LAN access point apparatus 100 and information indicating a wireless LAN station that has not transmitted connection information from the wireless LAN access point apparatus 100 are identified. Any configuration that can be displayed can be employed.

E9. Modification 9:
In each embodiment, an unauthorized user cannot know the timing when the automatic setting process is started in the wireless LAN access point apparatus 100, in other words, the timing when the operation button 160 is pressed in the wireless LAN access point apparatus 100. The PC 401 cannot be switched to the automatic setting processing mode at an appropriate timing, and the normal connection information cannot be set in the PC 401. However, the present invention is not limited to this. Even if the button B11 of the window Wa is pressed on the PC 401 at the timing when the wireless LAN access point apparatus 100 starts the automatic setting process, the regular connection information can be prevented from being set in the PC 401. Specifically, for example, the wireless output in the wireless LAN access point device 100 when executing the automatic setting process is weakened, and only wireless LAN stations arranged within a short distance (for example, about several meters) are wireless. The wireless signal output from the LAN access point device 100 can be received.

E10. Modification 10:
In the first embodiment, as shown in FIG. 20, the PC 401 is handled as an approved device by pressing the “Approve” menu displayed accompanying the symbol sb5 of the PC 401. By pressing “not approved”, the device specified as an approved device can be specified (handled) again as an unapproved device.

E11. Modification 11:
In each embodiment, some of the devices belonging to the network management system can be omitted. For example, in this configuration in which the router 300 also operates as a wireless LAN access point, the wireless LAN access point devices 100 and 100a are omitted, and each wireless LAN station (management device 10, NAS 201, PC 401) is replaced by a router. A configuration of performing wireless communication with 300 can also be adopted. In addition, other devices can belong to the network management system. For example, a multi-function mobile phone or a portable game machine can belong as a subordinate device (station) of the wireless LAN access point devices 100 and 100a. In addition, a television tuner or a hard disk recorder can belong as a subordinate device of the router 300.

  In each embodiment, the connection interface between the devices is a wired LAN interface (LAN interface conforming to IEEE802.3) and a wireless LAN interface (LAN interface conforming to IEEE802.11a / b / g / n). However, the present invention is not limited to this. For example, a wireless LAN interface can be adopted as a connection interface between the router 300 and the wireless LAN access point devices 100 and 100a. Further, for example, a configuration in which at least one of the NAS 201 and the PC 401 has a wired LAN interface can be adopted, and a configuration in which a device having a wired LAN interface is connected to the router 300 via the wired LAN can be adopted. In addition, the connection interface is not limited to a network interface such as a wired LAN interface and a wireless LAN interface, but an interface compliant with USB 1.1 or USB 3.0, an interface compliant with IEEE 1394 or PCI Express (PCIe), HDMI, A bus interface such as an interface compliant with WirelessHD (WiHD) can also be employed. The router 300 is connected to the Internet INT via the mobile communication control unit 330 (mobile communication network), but instead of the mobile communication control unit 330, the router INT is connected to the Internet INT via the wired LAN control unit 340. Can also be connected.

E12. Modification 12:
In the above embodiment, a part of the configuration realized by software may be replaced with hardware. On the contrary, a part of the configuration realized by hardware may be replaced with software.

  The present invention is not limited to the above-described embodiments, examples, and modifications, and can be realized with various configurations without departing from the spirit thereof. For example, the technical features in the embodiments and the modifications corresponding to the technical features in each embodiment described in the summary section of the invention are to solve some or all of the above-described problems, or In order to achieve part or all of the effects, replacement or combination can be performed as appropriate. Further, if the technical feature is not described as essential in the present specification, it can be deleted as appropriate.

500 ... Network management system 100, 100a ... Wireless LAN access point device 10 ... Management device 201 ... NAS
300 ... Router INT ... Internet 310 ... CPU
310a ... Configuration information acquisition unit 310b ... Configuration information transmission unit 310c ... Server function unit 310d ... Packet relay unit 320 ... Flash memory 321 ... Configuration information storage unit 322 ... Subordinate device list storage unit 330 ... Mobile communication control unit 340 ... Wired LAN Control unit 350 ... RAM
110 ... CPU
110a ... automatic setting processing unit 110b ... automatic setting list management unit 110c ... configuration information acquisition support unit 110d ... packet relay unit 110e ... relay control unit 110f ... restriction list update unit 120 ... flash memory 121 ... automatic setting list storage unit 122 ... connection Information storage unit 123 ... Configuration information storage unit 130 ... Wireless LAN control unit 140 ... Wired LAN control unit 150 ... RAM
160 ... Operation buttons 12 ... CPU
12a ... Configuration information acquisition unit 12b ... Map generation unit 12c ... User interface control unit 12d ... Configuration information acquisition support unit 12e ... Approval list update unit 13 ... Hard disk 14 ... Non-volatile memory 14a ... Approval list storage unit 14b ... Operable menu list Storage unit 14c ... Configuration information storage unit 15 ... RAM
16 ... Wireless LAN control unit 17 ... I / O interface unit 18 ... Display 19 ... Keyboard f1 ... Approval field f2 ... Device type field f3 ... Operable menu field 210 ... CPU
210a ... Disk control unit 210b ... Connection information setting unit 210c ... Configuration information acquisition support unit 220 ... Flash memory 221 ... Connection information storage unit 222 ... Configuration information storage unit 230 ... Wireless LAN control unit 250 ... Hard disk 401 ... Personal computer (PC)
42 ... CPU
42a ... Connection information setting unit 42b ... Configuration information acquisition corresponding unit 43 ... Hard disk 44 ... Non-volatile memory 44a ... Connection information storage unit 44b ... Configuration information storage unit 45 ... RAM
46 ... Wireless LAN control unit 47 ... Input / output interface unit 48 ... Display 49 ... Keyboard Wa ... Window B11, B12 ... Button f11 ... Record number field f12 ... MAC address field f13 ... Product name field f14 ... Corresponding band field f15 ... Corresponding security Field m1, m2 ... Network configuration map W1 ... Window AR1 ... Connection mode area AR2 ... Operation status display area sb1 to sb5 ... Symbol ms1 ... Message for adding high reliability device ms2 ... Message for adding low reliability device ms3 ... High reliability Device removal message ms4 ... Low reliability device removal message ic1 ... High reliability device addition icon ic2 ... Low reliability device addition icon ic3 ... High reliability device addition icon ic4 ... Low reliability Sex apparatus for removing icon W11, W12, W12a ... operation menu window ic5 ... icon

Claims (17)

A network management system comprising a wireless LAN access point that can be wirelessly connected to a plurality of wireless LAN stations, a management device, and a display device,
The wireless LAN access point is
Connection information including connection establishment information used for establishing a wireless connection between the plurality of wireless LAN stations and the wireless LAN access point and security information used for the wireless connection is obtained from the plurality of wireless LAN stations. A connection information transmitter for transmitting to at least some wireless LAN stations;
An identification information acquisition unit for acquiring identification information from the plurality of wireless LAN stations wirelessly connected to the wireless LAN access point;
Among the identification information of the plurality of wireless LAN stations, the identification information of the first wireless LAN station that has transmitted the connection information from the wireless LAN access point and the second wireless LAN station that has not transmitted the connection information. A specific information storage unit that stores specific information for identifying each of the identification information in an identifiable manner;
Have
The management device
A specific information acquisition unit that acquires the specific information from the wireless LAN access point;
A display control unit that displays information indicating the first wireless LAN station and information indicating the second wireless LAN station on the display device in an identifiable manner based on the acquired specific information;
A network management system. The network management system according to claim 1,
The display control unit includes symbols representing the plurality of wireless LAN stations based on the acquired specific information, and indicates the first wireless LAN station and the second wireless LAN station in an identifiable manner. A network management system for generating a network configuration map and displaying the map on the display device. The network management system according to claim 2,
The display control unit causes the display device to display a first message in association with a symbol representing the first wireless LAN station when a predetermined event occurs, and when the predetermined event occurs A network management system for causing the display device to display a second message different from the first message in association with a symbol representing the second wireless LAN station. In the network management system according to claim 2 or 3,
The display control unit displays a first icon on the display device in association with a symbol representing the first wireless LAN station when a predetermined event occurs, and when the predetermined event occurs A network management system for causing the display device to display a second icon different from the first icon in association with a symbol representing the second wireless LAN station. The network management system according to any one of claims 2 to 4, wherein the specific information acquisition unit further acquires state-related information that is information regarding operation states of the plurality of wireless LAN stations,
The display control unit causes the display device to display the state-related information related to the operation state of the first wireless LAN station in association with a symbol representing the first wireless LAN station, and the second wireless LAN station. A network management system that does not cause the display device to display the state-related information related to the operation state of the second wireless LAN station in association with a symbol representing. In the network management system according to any one of claims 2 to 5,
The display control unit causes the display device to display a first operation menu in association with a symbol representing the first wireless LAN station, and associates the first operation menu with the symbol representing the second wireless LAN station. A network management system for causing the display device to display a second operation menu different from the operation menu. The network management system according to claim 6, wherein
The second operation menu includes a first specific menu for specifying the second wireless LAN station as the first wireless LAN station,
When the first specific menu is executed, the display control unit is a wireless LAN station in which the second wireless LAN station transmits the connection information from the wireless LAN access point in the network configuration map. A network management system that generates the network configuration map and displays the network configuration map on the display device. The network management system according to claim 6, wherein
The second operation menu includes a second specific menu for specifying the first wireless LAN station as the second wireless LAN station,
When the second specific menu is executed, the management device further transmits the identification information of the first wireless LAN station specified as the second wireless LAN station to the wireless LAN access point . A network management system having an identification information transmission unit. The network management system according to claim 8,
The wireless LAN access point further, upon receiving the identification information from the management device, the first having the identification information packet or received output from the first wireless LAN station having the identification information received A network management system having a packet relay unit that does not relay a packet addressed to a wireless LAN station. In the network management system according to any one of claims 1 to 9,
The connection information transmitting unit is configured such that a standby connection, which is a wireless connection having a lower transmission output than the main connection, which is a wireless connection using the connection information, is between the wireless LAN access point and the at least some wireless LAN stations. A network management system that, when established, transmits the connection information to the at least some wireless LAN stations. The network management system according to any one of claims 1 to 10,
The network management system, wherein the management device includes the display device. A management device connected via a network to a wireless LAN access point that can be wirelessly connected to a plurality of wireless LAN stations,
Of the identification information of the plurality of wireless LAN stations, a connection including connection establishment information used to establish a wireless connection between the plurality of wireless LAN stations and the wireless LAN access point and security information used for the wireless connection Identification information of a first wireless LAN station that has transmitted information from the wireless LAN access point and identification information of a second wireless LAN station that has not transmitted the connection information from the wireless LAN access point can be identified. Specific information acquisition unit for acquiring specific information to be specified from the wireless LAN access point;
A display control unit that displays information indicating the first wireless LAN station and information indicating the second wireless LAN station on a display device in an identifiable manner based on the acquired specific information;
A management device comprising: A wireless LAN access point capable of wireless connection to a plurality of wireless LAN stations,
Connection information including connection establishment information used for establishing a wireless connection between the plurality of wireless LAN stations and the wireless LAN access point and security information used for the wireless connection is obtained from the plurality of wireless LAN stations. A connection information transmitter for transmitting to at least some wireless LAN stations;
An identification information acquisition unit for acquiring identification information from the plurality of wireless LAN stations wirelessly connected to the wireless LAN access point;
Among the identification information of the plurality of wireless LAN stations, the identification information of the first wireless LAN station that has transmitted the connection information from the wireless LAN access point and the second wireless LAN station that has not transmitted the connection information. A specific information storage unit that stores specific information for identifying each of the identification information in an identifiable manner;
Based on the specific information, the management device that displays the information indicating the first wireless LAN station and the information indicating the second wireless LAN station on the display device in an identifiable manner via another device. Or an information transmission unit that transmits the specific information without going through another device;
A wireless LAN access point comprising: A method for managing a plurality of wireless LAN stations wirelessly connectable to a wireless LAN access point,
Connection information including connection establishment information used for establishing a wireless connection between the plurality of wireless LAN stations and the wireless LAN access point and security information used for the wireless connection is obtained from the wireless LAN access point. Transmitting to at least some of the wireless LAN stations of
In the wireless LAN access point, obtaining identification information of the wireless LAN station from the plurality of wireless LAN stations wirelessly connected to the wireless LAN access point;
The wireless LAN access point does not transmit the connection information and the identification information of the first wireless LAN station that transmitted the connection information from the wireless LAN access point among the identification information of the plurality of wireless LAN stations. Storing identification information for identifying each of the identification information of the second wireless LAN stations so as to be identifiable, and
In the management apparatus connected to the wireless LAN access point via a network, obtaining the specific information from the wireless LAN access point;
In the management device, based on the obtained specific information, displaying the information indicating the first wireless LAN station and the information indicating the second wireless LAN station on the display device in an identifiable manner,
A method comprising: A program for controlling a management device connected via a network to a wireless LAN access point that can be wirelessly connected to a plurality of wireless LAN stations,
Of the identification information of the plurality of wireless LAN stations, a connection including connection establishment information used to establish a wireless connection between the plurality of wireless LAN stations and the wireless LAN access point and security information used for the wireless connection Identification information of a first wireless LAN station that has transmitted information from the wireless LAN access point and identification information of a second wireless LAN station that has not transmitted the connection information from the wireless LAN access point can be identified. A function for acquiring the specific information to be specified from the wireless LAN access point;
A function for displaying information indicating the first wireless LAN station and information indicating the second wireless LAN station on a display device in an identifiable manner based on the acquired specific information;
For causing a computer included in the management apparatus to implement the above. A wireless LAN access point control program capable of wireless connection to a plurality of wireless LAN stations,
Connection information including connection establishment information used for establishing a wireless connection between the plurality of wireless LAN stations and the wireless LAN access point and security information used for the wireless connection is obtained from the plurality of wireless LAN stations. A function to transmit to at least some wireless LAN stations;
A function of acquiring identification information from the plurality of wireless LAN stations wirelessly connected to the wireless LAN access point;
Among the identification information of the plurality of wireless LAN stations, the identification information of the first wireless LAN station that has transmitted the connection information from the wireless LAN access point and the second wireless LAN station that has not transmitted the connection information. A function for storing identification information and specific information for identifying each identification information;
Based on the specific information, the management device that displays the information indicating the first wireless LAN station and the information indicating the second wireless LAN station on the display device in an identifiable manner via another device. Or the function of transmitting the specific information without going through another device,
For causing a computer included in the wireless LAN access point to realize the above.   The computer-readable recording medium which recorded the program of Claim 15 or Claim 16.

Images