WO2008098510A1 - Mehtod and apparatus for acquiring access controller information in wireless lan - Google Patents

Mehtod and apparatus for acquiring access controller information in wireless lan Download PDF

Info

Publication number
WO2008098510A1
WO2008098510A1 PCT/CN2008/070278 CN2008070278W WO2008098510A1 WO 2008098510 A1 WO2008098510 A1 WO 2008098510A1 CN 2008070278 W CN2008070278 W CN 2008070278W WO 2008098510 A1 WO2008098510 A1 WO 2008098510A1
Authority
WO
WIPO (PCT)
Prior art keywords
wtp
message
information
standby
aaa server
Prior art date
Application number
PCT/CN2008/070278
Other languages
French (fr)
Chinese (zh)
Inventor
Chengping Ye
Changsheng Wan
Wei Yan
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008098510A1 publication Critical patent/WO2008098510A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to the field of communications, and more particularly to a method and apparatus for obtaining access controller information in a wireless local area network.
  • the physical layer of the STA is connected to the wireless medium; the AP is an entity capable of providing a delivery service for the STA.
  • WLAN has two service sets: BSS (Basic Service
  • the BSS consists of an AP and a STA associated with the AP.
  • the scope covered by an AP is the basic service set.
  • the association between the STA and the AP uses the basic service set identifier (BSSID).
  • BSSID basic service set identifier
  • An ESS is a structured network consisting of multiple APs and a distributed system connecting them. All APs must share the same Extended Service Set Identifier (ES SID), and an ESS can contain multiple BSSs.
  • the networking and deployment of the AN is redefined.
  • the CAPWAP working group divided the WLAN into an autonomous architecture and centralized structure (Centralized WLAN).
  • Self-organizing structure is all WTP (Wireless Termination)
  • each WTP transmits data over Ethernet.
  • the centralized structure is currently the most commonly used networking structure. As shown in Figure 1, in the centralized structure, WTP passes AC (Access).
  • WTP can have one or more ACs.
  • This networking method can separate data, control and management.
  • the control plane can be placed on the AC.
  • it is divided into local MAC, split MAC, and remote MAC.
  • Local The MAC fabric mode is a mode in which the access policy and management of the network is placed on the AC, and the 802.11 MAC function is placed on the WTP (including 802.11 management and control frames).
  • the MAC structure pattern is different from the local MAC structure, which is 802.11
  • the MAC function (including 802.11 management and control frames) is centralized on the AC, and the AC provides management and monitoring services for the WTP.
  • the WTP only provides services for some real services.
  • the MAC structure mode is that WTP only provides the physical layer function, and all other functions are concentrated on the AC. In this way, the burden of WTP is the lightest.
  • WTP can obtain the address of the AC through static configuration, but this method is not easy to manage and control.
  • WTP can also obtain the address of the AC through the CAPWAP protocol. For example, the WTP sends a discovery request message, and the AC that receives the message returns a discovery response to the WTP.
  • the obvious shortcoming of this method is that it is not convenient for centralized management of AC itself.
  • the embodiment of the present invention provides a method for obtaining access controller information in a wireless local area network, where the method includes
  • the authentication, authorization, and account AAA server receives the message of the request authentication sent by the WTP, and authenticates the WTP. After the authentication is passed, the message that the AC information is requested is sent to the access controller AC information server; [10] The AAA server obtains AC information suitable for the WTP from a message returned by the AC information server, and sends a message containing the AC information to the WTP.
  • the embodiment of the present invention further provides a method for obtaining access controller information in a wireless local area network, including: [12]
  • the AAA server receives a message sent by the standby AC to verify the WTP, and the request is verified by the WTP.
  • the message is: the standby AC receives the message sent by the WTP transmission after the request to establish a connection with the standby AC;
  • the AAA server After the AAA server passes the verification of the WTP, it sends a message that the WTP authentication is passed to the standby AC, and after the standby AC receives the message that the WTP authentication passes, sends a response message to the WTP. .
  • An embodiment of the present invention provides an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes: [15] an authentication module, configured to: after receiving the message requesting authentication sent by the WTP, authenticating the WTP, and outputting the authentication result;
  • the AC selection module is configured to: after the authentication module passes the WTP authentication, obtain AC information suitable for the WTP from the AC information server, and send the AC information to the WTP.
  • An embodiment of the present invention provides an AAA server, where the AAA server includes an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes:
  • an authentication module configured to: after receiving the message requesting authentication sent by the WTP, authenticating the WTP, and outputting the authentication result;
  • the AC selection module is configured to: after the authentication module passes the WTP authentication, obtain AC information suitable for the WTP from the AC information server, and send the AC information to the WTP.
  • the embodiment of the present invention provides a network for obtaining access controller information, where the network includes: [21] a wireless termination point, configured to send a message requesting authentication;
  • the AAA server is configured to: after receiving the message sent by the wireless endpoint, authenticate the wireless termination point, and send a message requesting access to the controller information after the authentication is passed;
  • the access controller information server is configured to: after receiving the message sent by the AAA server, select an access controller information that is suitable for the wireless termination point, and pass the access controller information by using the The AAA server forwards to the wireless endpoint.
  • the embodiment of the present invention further provides an apparatus for obtaining access controller information in a wireless local area network, including: [25] a selecting module for selecting a standby AC;
  • the verification module is configured to: after receiving the message that the request sent by the WTP is connected to the standby AC selected by the selecting module, verify the WTP, and send the verification result to the establishing module;
  • the establishing module is configured to establish a connection between the standby AC selected by the selecting module and the WTP after the verification module passes the WTP verification.
  • An embodiment of the present invention further provides an AAA server, where the AAA server includes an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes:
  • the selection module is used to select an alternate AC
  • the verification module is configured to: after receiving the message that the request sent by the WTP is connected to the standby AC selected by the selecting module, verify the WTP, and send the verification result to the establishing module; [31]
  • the establishing module is configured to establish a connection between the standby AC selected by the selecting module and the WTP after the verification module passes the WTP verification.
  • the embodiment of the present invention further provides a network for obtaining access controller information, where the network includes: [33] a wireless termination point, configured to send a message requesting authentication;
  • an AAA server configured to: after receiving the message sent by the wireless endpoint, authenticate the wireless endpoint, and send a message requesting access to the controller information after the authentication is passed;
  • an access controller information server configured to: after receiving the message sent by the AAA server, select an access controller information that is suitable for the wireless termination point, and pass the access controller information by using the The AAA server forwards to the wireless endpoint.
  • An embodiment of the present invention further provides an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes:
  • the verification module is configured to: after receiving the message that the request sent by the WTP is connected to the standby AC selected by the selecting module, verify the WTP, and send the verification result to the establishing module;
  • the establishing module is configured to establish a connection between the standby AC selected by the selecting module and the WTP after the verification module passes the WTP verification.
  • An embodiment of the present invention further provides an AAA server, where the AAA server includes:
  • the verification module is configured to: after the WTP request establishes a connection with the standby AC, verify the WTP, and send a verification result to the standby AC, where the verification result is used to determine whether between the WTP and the standby AC. establish connection.
  • the embodiment of the present invention provides a method for obtaining AC information by using the AAA server and the AC information server, and solves the problem that the WTP cannot establish a connection with the AC because the AC information cannot be obtained.
  • FIG. 1 is a schematic diagram of a WLAN networking with a centralized structure
  • FIG. 2 is a flowchart of a method for obtaining access controller information when the WTP is first started in the embodiment of the present invention.
  • FIG. 3 is an embodiment of the present invention, when the WTP is started for the first time, access control is obtained.
  • Message flow chart 4 is a flow chart of a method for enabling a standby AC when the WTP and the current AC are disconnected according to an embodiment of the present invention;
  • FIG. 5 is a message flow diagram of enabling an alternate AC when the WTP and the current AC are disconnected according to an embodiment of the present invention
  • FIG. 6 is a structural diagram of an apparatus for obtaining access controller information in a wireless local area network according to an embodiment of the present invention
  • FIG. 7 is a structural diagram of an AAA server having the function of obtaining access controller information according to an embodiment of the present invention.
  • FIG. 8 is a structural diagram of a network for obtaining access controller information according to an embodiment of the present invention.
  • FIG. 9 is a structural diagram of another apparatus for obtaining access controller information in a wireless local area network according to an embodiment of the present invention.
  • FIG. 10 is a structural diagram of another AAA server having the function of obtaining access controller information according to an embodiment of the present invention.
  • FIG. 11 is a structural diagram of another network for obtaining access controller information according to an embodiment of the present invention.
  • the embodiment of the present invention proposes a WTP using AAA (Authentication, Authorization and Accounting) protocol and ACIS (AC Information).
  • AAA Authentication, Authorization and Accounting
  • ACIS AC Information
  • AC Information Server A method of obtaining and authenticating AC information.
  • the WTP is started for the first time, or when the WTP and the current AC are interrupted, the AC information can be obtained using the method proposed by the embodiment of the present invention.
  • the WTP sends a message requesting authentication to the AAA server.
  • the AAA server authenticates the WTP.
  • the message sends the request AC information to the ACIS.
  • the AAA server obtains AC information suitable for WTP from the message returned by the ACIS, and sends a message containing the AC information to the WTP.
  • Step 101 The WTP sends an authentication request message to the AAA server.
  • the authentication request message includes the WTP-ID encrypted with WTP-AAA_key, and also includes the WTP identifier (WT).
  • WTP MAC type WTP MAC
  • the WTP identifier is used to identify the WTP identity. This identifier is unique in a mobile domain.
  • the discovery type is used to describe how to discover the WTP.
  • the WTP descriptor is used to describe the status of the requesting AC. For example, the current WTP number of the AC connection, and the maximum connection WTP. Number; WTP
  • the MAC type indicates the type of MAC supported by WTP. For example, WTP supports split MAC, and local MAC supports both.
  • WTP frame tunnel mode indicates the tunnel mode supported by WTP.
  • Step 102 After receiving the authentication request message, the AAA server verifies the WTP-ID.
  • the AAA server decrypts the encrypted WTP-ID obtained from the authentication request message with WTP-AAA_key, and compares the decrypted WTP-ID with the WTP-ID obtained from the authentication request message, if two If the WTP-ID is the same, step 104 is performed. If the two WTP-IDs are different, step 103 is performed.
  • Step 103 The AAA server returns an error code to WTP.
  • Step 104 The AAA server sends an AC information request message to the ACIS.
  • the AC information request message includes the WTP identifier (WTP-ID), the discovery type (Discovery)
  • WTP MAC Type WTP MAC Type
  • Step 105 The ACIS searches its own information table according to the WTP-ID, and returns the AC suitable for WTP request to the AAA server with an AC information reply message.
  • the AC information response message includes a preferred AC, and may also include at least one standby AC, and each AC includes an AC descriptor (AC Descriptor) and an AC name (AC Name).
  • AC Descriptor is used to indicate the status of the requesting AC, such as the current WTP number of the AC connection, and the maximum connection W.
  • AC Name is the identifier of an AC in a domain.
  • Step 106 After receiving the AC information response message, the AAA server generates a random number for the preferred AC, and generates a WTP-AC_key by using the random number, and sends a first AC verification request message to the preferred AC.
  • the AAA server uses the generated random number and the shared secret material generated between the WTP and the AAA server.
  • the first AC check request message includes WTP-AC_key and the AC name obtained from the AC information reply message.
  • Step 107 After receiving the first AC verification request message, the preferred AC checks the received AC and sends it to the AA.
  • the A server sends a first AC check response message.
  • the preferred AC compares the AC name obtained from the first AC check request message with its own AC name. If the two AC names are the same, the first AC check response message indicating that the preferred AC request is successful is sent to the AAA server. If the two AC names are different, send a first AC check response message indicating that the preferred AC request failed to the AAA server.
  • Step 108 The AAA server receives the first AC check response message, and determines the content of the first AC check response message. If the first AC check response message indicates that the preferred AC request is successful, step 109 is performed, if the first AC check is performed. If the response message indicates that the preferred AC request fails, the AAA server selects the standby AC as the preferred AC, and step 106 is performed.
  • Step 109 The AAA server sends an authentication response message to the WTP.
  • the authentication response message sent by the AAA server includes the random number generated in step 106 and the preferred AC in step 108.
  • Step 110 After receiving the authentication response message, the WTP calculates the WT according to the random number in the authentication response message.
  • P-AC_key sends the first AC discovery request message to the preferred AC.
  • the first AC discovery request message includes WTP-ID, WTP-ID, discovery type, encrypted with WTP-AC_key,
  • WTP descriptor WTP frame tunnel mode
  • WTP MAC type WTP MAC
  • Step 111 After receiving the first AC discovery request message, the AC checks the WTP-ID and sends the first
  • the AC finds a response message to the WTP.
  • the preferred AC decrypts the encrypted WTP-ID, and compares the decrypted WTP-ID with the WTP-ID obtained from the first AC discovery request message. If the two WTP-IDs are the same, the preferred AC sends a notification request to the WTP. The successful first AC discovery response message, if the two WTP-IDs are not the same, the preferred AC sends a first AC discovery response message indicating that the request failed to the WTP.
  • Step 112 After receiving the first AC discovery response message, the WTP determines the content of the first AC discovery response message. If the WTP receives the first AC discovery response message indicating that the request is successful, the step S113 is performed, if the WTP receives the indication request. If the failed first AC discovery response message is sent, the WTP resends the authentication request message to the AAA server, and step 101 is performed.
  • Step 113 WTP performs other CAPWAP operations.
  • the WTP obtains the AC information through the AAA server and the ACIS, the possibility that the WTP obtains the AC information is greatly improved, and the WTP can also implement the bootstrapping.
  • WTP will be disconnected from the current AC for some reason, so WTP will activate the standby AC.
  • the WTP selects a standby AC and sends a message to the standby AC to establish a connection with the standby AC.
  • the standby AC After receiving the message sent by the WTP, the standby AC sends a message requesting WTP authentication to the AAA server. After the WTP authentication is passed, the WTP authentication message is sent to the standby AC. After receiving the WTP authentication message, the standby AC sends a response message to the WTP.
  • Step 201 The WTP generates a random number for the standby AC, and calculates the WTP-AC_key by using the random number and the shared secret material between the WTP and the AAA server.
  • Step 202 The WTP sends the first AC Discovery Request message to the standby AC.
  • the first AC discovery request message includes a WTP-ID encrypted with WTP-AAA_key, a WTP-ID encrypted with WTP-AC_key, a random number encrypted with WTP-AAA_key, and also includes a WTP-ID, a discovery type, and a WTP descriptor. , WTP frame tunnel mode, WTP
  • the random number encrypted by WTP-AAA_key is the random number generated in step 201.
  • Step 203 After receiving the first AC discovery request message, the standby AC sends a WTP authentication request message to the AAA server.
  • WTP Authentication Request message includes WTP-ID encrypted with WTP-AAA_key
  • Step 204 After receiving the WTP verification request message, the AAA server decrypts the random number sent by the WTP, and uses the random number to calculate the WTP-AC_key and sends the WT to the standby AC.
  • Step 205 After receiving the WTP verification confirmation message, the standby AC checks the WTP-ID and sends the first A.
  • the standby AC After receiving the WTP verification confirmation message, the standby AC decrypts the encrypted WTP-ID with the WTP-AC_key obtained from the WTP verification confirmation message, and decrypts the decrypted WTP-ID with the first AC discovery request message. The obtained WTP-ID is compared. If the two WTP-IDs are the same, the standby AC sends a first AC discovery response message indicating that the request is successful to the WTP. If the two WTP-IDs are different, the standby AC sends the WTP to the WTP. Indicates the first AC discovery response message indicating that the request failed.
  • Step 206 After receiving the first AC discovery response message, the WTP determines the content of the first AC discovery response message. If the WTP receives the first AC discovery response message indicating that the request is successful, step 207 is performed, if the WTP receives the indication request. If the failed first AC finds the response message, the WTP enables the other standby ACs, and step 201 is performed.
  • WTP When the WTP receives the first AC discovery response message indicating that the request failed, WTP can enable other alternate ACs if there are other alternate ACs available. In addition, WTP can be enabled for the first boot process.
  • Step 207 WTP performs other CAPWAP operations.
  • the WTP obtains the AC information through the AAA server, so that when the WTP is disconnected from the current AC, the WTP can implement the connection between the WTP and the AC by starting the standby AC, thereby ensuring continuous communication. Sex.
  • an embodiment of the present invention provides a device for obtaining access controller information in a wireless local area network.
  • the device includes an authentication module and an AC selection module
  • the authentication module is configured to: after receiving the message requesting authentication sent by the WTP, authenticate the WTP, and send the authentication result to the AC selection module;
  • the AC selection module is used to obtain the appropriate information from the AC information server after the authentication module passes the WTP authentication.
  • This embodiment obtains AC information through the authentication module and the AC selection module, which greatly improves W.
  • an embodiment of the present invention provides an AAA server, where the AAA server includes an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes an authentication module and an AC selection module.
  • the authentication module is configured to: after receiving the message requesting authentication sent by the WTP, authenticate the WTP, and send the authentication result to the AC selection module;
  • the AC selection module is used to obtain the appropriate information from the AC information server after the authentication module passes the WTP authentication.
  • a device for obtaining access controller information in a wireless local area network is added to the AAA server, so that the AAA server not only has the functions of authentication, authorization, and account, but also provides a wireless termination point. For access to controller information.
  • an embodiment of the present invention provides a network for obtaining access controller information, where the network includes a wireless termination point, an AAA server, and an access controller information server.
  • the wireless endpoint is used to send a message requesting authentication to the AAA server;
  • the AAA server After receiving the message sent by the wireless endpoint, the AAA server authenticates the wireless endpoint, and sends a message requesting access to the controller information to the access controller information server after the authentication is passed;
  • the access controller information server After receiving the message sent by the AAA server, the access controller information server selects the access controller information suitable for the wireless endpoint, and forwards the access controller information to the wireless endpoint through the AAA server.
  • a wireless termination point provides a network for obtaining access controller information, and the wireless termination point of the network can obtain an access controller suitable for itself without an access controller being available. Information, thereby establishing a connection.
  • an embodiment of the present invention further provides an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes a selection module, a verification module, and an establishment module;
  • the selection module is used to select an alternate AC
  • the verification module is configured to: after receiving the message that the request sent by the WTP is connected with the standby AC selected by the selection module, verify the WTP, and send the verification result to the establishing module;
  • the setup module is used to select the alternate AC and WT selected in the module after the verification module passes the WTP verification.
  • a connection is established between P.
  • the standby AC is enabled by the selection module and the verification module, so that when the connection between the WTP and the current AC is interrupted, the connection between the WTP and the AC can be implemented by starting the standby AC, thereby ensuring continuity of communication. .
  • an embodiment of the present invention further provides an AAA server, where the AAA server includes means for obtaining access controller information in a wireless local area network, where the apparatus includes a verification module;
  • the verification module receives the message sent by the WTP and establishes a connection with the standby AC selected by the module, and then verifies the WTP, and sends the verification result to the establishment module;
  • the setup module is used to select the alternate AC and WT selected in the module after the verification module passes the WTP verification.
  • a connection is established between P.
  • a verification module is added to the AAA server, so that the AAA server not only has the verification.
  • authorization and account functions can also provide access controller information for wireless endpoints.
  • an embodiment of the present invention further provides a network for obtaining access controller information, where the network includes a wireless termination point and an AAA server;
  • the wireless endpoint is used to send a message to the AAA server requesting to establish a connection with the standby access controller;
  • the AAA server is configured to verify the wireless endpoint after receiving the message sent by the wireless endpoint, and After the verification is passed, the message that the verification is passed is sent to the wireless endpoint.
  • a wireless termination point provides a network for obtaining access controller information, and the wireless termination point of the network can obtain an access controller suitable for itself without an access controller being available. Information, thereby establishing a connection.
  • Embodiments of the invention may be implemented in software, for example, utilized.
  • Language programming such as C++ or JAVA
  • the corresponding software can be stored in a readable storage medium, such as a computer hard disk, memory.

Abstract

A method and apparatus for acquiring access controller information in wireless LAN are provided which belong to the communication field. The method for acquiring access controller information in wireless LAN includes: AAA server receiving the message of requesting to certification which sent by WTP, certificating the WTP, sending a message of requesting for AC information to the AC information server after the certification is passed; AAA server acquiring AC information corresponding to WTP from the returning message of AC information server and sending the message including the AC information to the WTP which improve the possibility of acquiring the AC by WTP.

Description

说明书 在无线局域网获得接入控制器信息的方法和装置  Method and apparatus for obtaining access controller information in a wireless local area network
[1] 技术领域 [1] Technical field
[2] 本发明涉及通信领域, 特别涉及在无线局域网获得接入控制器信息的方法和装 置。  [2] The present invention relates to the field of communications, and more particularly to a method and apparatus for obtaining access controller information in a wireless local area network.
[3] 发明背景  [3] Background of the invention
[4] WLAN (Wireless Local Area  [4] WLAN (Wireless Local Area
Network, 无线局域网) 由 STA (Station, 移动端) 和 AP (Access  Network, WLAN) by STA (Station, mobile) and AP (Access)
Point, 接入点) 构成: STA的物理层连接无线媒介; AP是一个能够为 STA提供 传送服务的实体。 WLAN有两种服务集: BSS (Basic Service  Point, access point) Composition: The physical layer of the STA is connected to the wireless medium; the AP is an entity capable of providing a delivery service for the STA. WLAN has two service sets: BSS (Basic Service
Set, 基本服务集) 和 ESS (Extended Service  Set, basic service set) and ESS (Extended Service
Set, 扩展服务集) 。 BSS由一个 AP和与 AP关联的 STA构成, 通常一个 AP所覆盖 的范围就是基本服务集。 STA与 AP的关联釆用基本服务集标示符 (BSSID) , 通常情况下釆用 AP的 MAC地址作为 BSSID。 ESS是指由多个 AP以及连接它们的 分布式系统组成的结构化网络, 所有 AP必须共享同一个扩展服务集标示符 (ES SID) , 一个 ESS中可以包含多个 BSS。  Set, extended service set). The BSS consists of an AP and a STA associated with the AP. Usually, the scope covered by an AP is the basic service set. The association between the STA and the AP uses the basic service set identifier (BSSID). Generally, the AP's MAC address is used as the BSSID. An ESS is a structured network consisting of multiple APs and a distributed system connecting them. All APs must share the same Extended Service Set Identifier (ES SID), and an ESS can contain multiple BSSs.
[5] CAPWAP工作组在总结了目前全球大多数公司的 WLAN的组网方式后, 对 WL[5] After the CAPWAP working group summarized the networking methods of WLANs of most companies in the world,
AN的组网和部署方式重新进行了定义。 CAPWAP工作组将 WLAN分成了自组结 构 (Autonomous Architecture) 禾口集中结构 (Centralized WLAN The networking and deployment of the AN is redefined. The CAPWAP working group divided the WLAN into an autonomous architecture and centralized structure (Centralized WLAN).
Architecture) 。 自组结构是所有的 WTP (Wireless Termination  Architecture). Self-organizing structure is all WTP (Wireless Termination)
Point, 无线终结点) 通过一个二层设备相连, 各个 WTP通过以太网来传输数据 。 集中结构是目前最常用的一种组网结构, 如图 1所示, 在集中结构中, WTP通 过 AC (Access  Point, Wireless Endpoint) Connected through a Layer 2 device, each WTP transmits data over Ethernet. The centralized structure is currently the most commonly used networking structure. As shown in Figure 1, in the centralized structure, WTP passes AC (Access).
Controller, 接入控制器) 进行连接。 在这种组网方式下, WTP可以有一个或多 个 AC。 这种组网方式可以将数据, 控制和管理分开, 例如, 可以将控制平面都 放在 AC上。 在集中结构中, 又分为本地 MAC (local MAC) , 分离 MAC(split MAC)和远程 MAC (remote MAC) 。 Local MAC结构模式是将网络的接入策略和管理放在 AC上, 而将 802.11 MAC功能放在 WTP上 (包括 802.11管理和控制帧) 的一种模式。 Split Controller, access controller) Connect. In this networking mode, WTP can have one or more ACs. This networking method can separate data, control and management. For example, the control plane can be placed on the AC. In the centralized structure, it is divided into local MAC, split MAC, and remote MAC. Local The MAC fabric mode is a mode in which the access policy and management of the network is placed on the AC, and the 802.11 MAC function is placed on the WTP (including 802.11 management and control frames). Split
MAC结构模式不同于 local MAC结构, 它是将 802.11  The MAC structure pattern is different from the local MAC structure, which is 802.11
MAC功能 (包括 802.11管理和控制帧) 集中到了 AC上, 由 AC为 WTP提供管理和 监控服务, WTP上仅仅提供一些实吋业务的服务。 Remote  The MAC function (including 802.11 management and control frames) is centralized on the AC, and the AC provides management and monitoring services for the WTP. The WTP only provides services for some real services. Remote
MAC结构模式是 WTP只提供物理层的功能, 其它的所有功能集中到了 AC上, 这 种方式下, WTP的负担是最轻的。  The MAC structure mode is that WTP only provides the physical layer function, and all other functions are concentrated on the AC. In this way, the burden of WTP is the lightest.
[6] WTP可以通过静态配置来获得 AC的地址, 但是这种方式不便于管理和控制。  [6] WTP can obtain the address of the AC through static configuration, but this method is not easy to manage and control.
如果当前的 AC不可用吋, WTP必须得到一个新的可用的 AC, 这吋静态配置方法 可能不是十分奏效。 另外, WTP还可以通过 CAPWAP协议来得到 AC的地址, 如 WTP发送一个发现请求消息, 收到这个消息的 AC会返回发现回应到 WTP。 但是 这种方法的明显不足是不便于 AC自身的集中管理。  If the current AC is not available, WTP must get a new available AC, so the static configuration method may not work very well. In addition, WTP can also obtain the address of the AC through the CAPWAP protocol. For example, the WTP sends a discovery request message, and the AC that receives the message returns a discovery response to the WTP. However, the obvious shortcoming of this method is that it is not convenient for centralized management of AC itself.
[7] 发明内容  [7] Summary of the invention
[8] 本发明实施例提出了在无线局域网获得接入控制器信息的方法, 所述方法包括  [8] The embodiment of the present invention provides a method for obtaining access controller information in a wireless local area network, where the method includes
[9] 验证、 授权和帐户 AAA服务器收到 WTP发送的请求认证的消息, 对所述 WTP 进行认证, 认证通过后, 向接入控制器 AC信息服务器发送请求 AC信息的消息; [10] 所述 AAA服务器从所述 AC信息服务器返回的消息中获得适合所述 WTP的 AC信 息, 并向所述 WTP发送含有所述 AC信息的消息。 [9] The authentication, authorization, and account AAA server receives the message of the request authentication sent by the WTP, and authenticates the WTP. After the authentication is passed, the message that the AC information is requested is sent to the access controller AC information server; [10] The AAA server obtains AC information suitable for the WTP from a message returned by the AC information server, and sends a message containing the AC information to the WTP.
[11] 本发明实施例还提出了一种在无线局域网获得接入控制器信息的方法, 包括: [12] AAA服务器接收备用 AC发送来的请求对 WTP验证的消息, 所述请求对 WTP验 证的消息为: 备用 AC接收到 WTP传输来的请求与备用 AC建立连接的消息后发送 的消息; [11] The embodiment of the present invention further provides a method for obtaining access controller information in a wireless local area network, including: [12] The AAA server receives a message sent by the standby AC to verify the WTP, and the request is verified by the WTP. The message is: the standby AC receives the message sent by the WTP transmission after the request to establish a connection with the standby AC;
[13] 所述 AAA服务器对所述 WTP验证通过后, 向所述备用 AC发送 WTP验证通过的 消息, 使所述备用 AC收到所述 WTP验证通过的消息后, 向所述 WTP发送应答消 息。  [13] After the AAA server passes the verification of the WTP, it sends a message that the WTP authentication is passed to the standby AC, and after the standby AC receives the message that the WTP authentication passes, sends a response message to the WTP. .
[14] 本发明实施例提供了一种在无线局域网获得接入控制器信息的装置, 该装置包 括: [15] 认证模块, 用于接收到 WTP发送的请求认证的消息后, 对所述 WTP进行认证, 并输出认证结果; [14] An embodiment of the present invention provides an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes: [15] an authentication module, configured to: after receiving the message requesting authentication sent by the WTP, authenticating the WTP, and outputting the authentication result;
[16] AC选择模块, 用于在所述认证模块对所述 WTP认证通过后, 从 AC信息服务器 处获取适合所述 WTP的 AC信息, 并向 WTP发送该 AC信息。  [16] The AC selection module is configured to: after the authentication module passes the WTP authentication, obtain AC information suitable for the WTP from the AC information server, and send the AC information to the WTP.
[17] 本发明实施例提供了一种 AAA服务器, 所述 AAA服务器包括在无线局域网获 得接入控制器信息的装置, 所述装置包括:  An embodiment of the present invention provides an AAA server, where the AAA server includes an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes:
[18] 认证模块, 用于接收到 WTP发送的请求认证的消息后, 对所述 WTP进行认证, 并输出认证结果;  [18] an authentication module, configured to: after receiving the message requesting authentication sent by the WTP, authenticating the WTP, and outputting the authentication result;
[19] AC选择模块, 用于在所述认证模块对所述 WTP认证通过后, 从 AC信息服务器 处获取适合所述 WTP的 AC信息, 并向 WTP发送该 AC信息。  [19] The AC selection module is configured to: after the authentication module passes the WTP authentication, obtain AC information suitable for the WTP from the AC information server, and send the AC information to the WTP.
[20] 本发明实施例提供了一种用于获得接入控制器信息的网络, 所述网络包括: [21] 无线终结点, 用于发送请求认证的消息; [20] The embodiment of the present invention provides a network for obtaining access controller information, where the network includes: [21] a wireless termination point, configured to send a message requesting authentication;
[22] AAA服务器, 用于接收到所述无线终结点发送的消息后, 对所述无线终结点进 行认证, 在认证通过后, 发送请求接入控制器信息的消息;  [22] The AAA server is configured to: after receiving the message sent by the wireless endpoint, authenticate the wireless termination point, and send a message requesting access to the controller information after the authentication is passed;
[23] 接入控制器信息服务器, 用于接收到所述 AAA服务器发送的消息后, 选择出适 合所述无线终结点的接入控制器信息,, 并将该接入控制器信息通过所述 AAA服 务器转发给所述无线终结点。 [23] The access controller information server is configured to: after receiving the message sent by the AAA server, select an access controller information that is suitable for the wireless termination point, and pass the access controller information by using the The AAA server forwards to the wireless endpoint.
[24] 本发明实施例还提供了一种在无线局域网获得接入控制器信息的装置, 包括: [25] 选择模块用于选择一个备用 AC; [24] The embodiment of the present invention further provides an apparatus for obtaining access controller information in a wireless local area network, including: [25] a selecting module for selecting a standby AC;
[26] 验证模块用于接收到 WTP下发的请求与所述选择模块选择的备用 AC建立连接 的消息后, 对所述 WTP进行验证, 并将验证结果发送给所述建立模块;  [26] The verification module is configured to: after receiving the message that the request sent by the WTP is connected to the standby AC selected by the selecting module, verify the WTP, and send the verification result to the establishing module;
[27] 建立模块用于在所述验证模块对所述 WTP验证通过后, 在所述选择模块选择的 备用 AC与所述 WTP之间建立连接。  [27] The establishing module is configured to establish a connection between the standby AC selected by the selecting module and the WTP after the verification module passes the WTP verification.
[28] 本发明实施例还提供了一种 AAA服务器, 所述 AAA服务器包括在无线局域网 获得接入控制器信息的装置, 所述装置包括:  An embodiment of the present invention further provides an AAA server, where the AAA server includes an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes:
[29] 选择模块用于选择一个备用 AC;  [29] The selection module is used to select an alternate AC;
[30] 验证模块用于接收到 WTP下发的请求与所述选择模块选择的备用 AC建立连接 的消息后, 对所述 WTP进行验证, 并将验证结果发送给建立模块; [31] 建立模块用于在所述验证模块对所述 WTP验证通过后, 在所述选择模块选择的 备用 AC与所述 WTP之间建立连接。 [30] The verification module is configured to: after receiving the message that the request sent by the WTP is connected to the standby AC selected by the selecting module, verify the WTP, and send the verification result to the establishing module; [31] The establishing module is configured to establish a connection between the standby AC selected by the selecting module and the WTP after the verification module passes the WTP verification.
[32] 本发明实施例还提供了一种用于获得接入控制器信息的网络, 所述网络包括: [33] 无线终结点, 用于发送请求认证的消息; [32] The embodiment of the present invention further provides a network for obtaining access controller information, where the network includes: [33] a wireless termination point, configured to send a message requesting authentication;
[34] AAA服务器, 用于接收到所述无线终结点发送的消息后, 对所述无线终结点进 行认证, 在认证通过后, 发送请求接入控制器信息的消息;  [34] an AAA server, configured to: after receiving the message sent by the wireless endpoint, authenticate the wireless endpoint, and send a message requesting access to the controller information after the authentication is passed;
[35] 接入控制器信息服务器, 用于接收到所述 AAA服务器发送的消息后, 选择出适 合所述无线终结点的接入控制器信息,, 并将该接入控制器信息通过所述 AAA服 务器转发给所述无线终结点。 [35] an access controller information server, configured to: after receiving the message sent by the AAA server, select an access controller information that is suitable for the wireless termination point, and pass the access controller information by using the The AAA server forwards to the wireless endpoint.
[36] 本发明实施例还提供一种在无线局域网获得接入控制器信息的装置, 该装置包 括: [36] An embodiment of the present invention further provides an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes:
[37] 选择模块, 用于选择一个备用 AC;  [37] Select module for selecting an alternate AC;
[38] 验证模块, 用于接收到 WTP下发的请求与所述选择模块选择的备用 AC建立连 接的消息后, 对所述 WTP进行验证, 并将验证结果发送给所述建立模块;  [38] the verification module is configured to: after receiving the message that the request sent by the WTP is connected to the standby AC selected by the selecting module, verify the WTP, and send the verification result to the establishing module;
[39] 建立模块用于在所述验证模块对所述 WTP验证通过后, 在所述选择模块选择的 备用 AC与所述 WTP之间建立连接。 [39] The establishing module is configured to establish a connection between the standby AC selected by the selecting module and the WTP after the verification module passes the WTP verification.
[40] 本发明实施例还提供一种 AAA服务器, 该 AAA服务器包括: An embodiment of the present invention further provides an AAA server, where the AAA server includes:
[41] 验证模块, 用于在 WTP请求与备用 AC建立连接后, 对所述 WTP进行验证, 并 向所述备用 AC发送验证结果, 所述验证结果用于决定是否在 WTP与备用 AC之间 建立连接。 [41] The verification module is configured to: after the WTP request establishes a connection with the standby AC, verify the WTP, and send a verification result to the standby AC, where the verification result is used to determine whether between the WTP and the standby AC. establish connection.
[42] 本发明实施例通过弓 I入 AAA服务器和 AC信息服务器, 为 WTP提供了一种获得 AC信息的方法, 解决了因无法获得 AC信息, 使得 WTP无法与 AC建立连接的问 题。  [42] The embodiment of the present invention provides a method for obtaining AC information by using the AAA server and the AC information server, and solves the problem that the WTP cannot establish a connection with the AC because the AC information cannot be obtained.
[43] 附图简要说明  [43] BRIEF DESCRIPTION OF THE DRAWINGS
[44] 图 1是具有集中结构的 WLAN组网示意图;  [44] FIG. 1 is a schematic diagram of a WLAN networking with a centralized structure;
[45] 图 2是本发明实施例当 WTP第一次启动吋, 获得接入控制器信息的方法流程图 [46] 图 3是本发明实施例当 WTP第一次启动吋, 获得接入控制器信息的消息流程图 [47] 图 4是本发明实施例当 WTP和当前的 AC断连吋, 启用备用 AC的方法流程图;2 is a flowchart of a method for obtaining access controller information when the WTP is first started in the embodiment of the present invention. [46] FIG. 3 is an embodiment of the present invention, when the WTP is started for the first time, access control is obtained. Message flow chart 4 is a flow chart of a method for enabling a standby AC when the WTP and the current AC are disconnected according to an embodiment of the present invention;
[48] 图 5是本发明实施例当 WTP和当前的 AC断连吋, 启用备用 AC的消息流程图;5 is a message flow diagram of enabling an alternate AC when the WTP and the current AC are disconnected according to an embodiment of the present invention;
[49] 图 6是本发明实施例一种在无线局域网获得接入控制器信息的装置的结构图;6 is a structural diagram of an apparatus for obtaining access controller information in a wireless local area network according to an embodiment of the present invention;
[50] 图 7是本发明实施例一种具有获得接入控制器信息功能的 AAA服务器的结构图 7 is a structural diagram of an AAA server having the function of obtaining access controller information according to an embodiment of the present invention;
[51] 图 8是本发明实施例一种用于获得接入控制器信息的网络的组成结构图; FIG. 8 is a structural diagram of a network for obtaining access controller information according to an embodiment of the present invention; FIG.
[52] 图 9是本发明实施例另一种在无线局域网获得接入控制器信息的装置的结构图  9 is a structural diagram of another apparatus for obtaining access controller information in a wireless local area network according to an embodiment of the present invention;
[53] 图 10是本发明实施例另一种具有获得接入控制器信息功能的 AAA服务器的结构 图; FIG. 10 is a structural diagram of another AAA server having the function of obtaining access controller information according to an embodiment of the present invention; FIG.
[54] 图 11是本发明实施例另一种用于获得接入控制器信息的网络的组成结构图。  11 is a structural diagram of another network for obtaining access controller information according to an embodiment of the present invention.
[55] 实施本发明的方式  [55] Mode for carrying out the invention
[56] 本发明实施例提出了一种 WTP利用 AAA (Authentication, Authorization and Accounting, 验证、 授权和帐户) 协议和 ACIS (AC Information  [56] The embodiment of the present invention proposes a WTP using AAA (Authentication, Authorization and Accounting) protocol and ACIS (AC Information).
Server, AC信息服务器) 获得并认证 AC信息的方法。 当 WTP第一次启动吋, 或 者当 WTP和当前的 AC中断吋, 都可以使用本发明实施例所提出的方法获得 AC信 息。  Server, AC Information Server) A method of obtaining and authenticating AC information. When the WTP is started for the first time, or when the WTP and the current AC are interrupted, the AC information can be obtained using the method proposed by the embodiment of the present invention.
[57] 当 WTP第一次启动吋, WTP会向 AAA服务器发送请求认证的消息, AAA服务 器收到 WTP发送的消息后, 要对 WTP进行认证, 认证通过后, 向 ACIS发送请求 AC信息的消息, AAA服务器从 ACIS返回的消息中获得适合 WTP的 AC信息, 并 向 WTP发送含有 AC信息的消息。  [When the WTP is started for the first time, the WTP sends a message requesting authentication to the AAA server. After receiving the message sent by the WTP, the AAA server authenticates the WTP. After the authentication is passed, the message sends the request AC information to the ACIS. The AAA server obtains AC information suitable for WTP from the message returned by the ACIS, and sends a message containing the AC information to the WTP.
[58] 釆用上述技术方案 WTP获得 AC信息的方法具体包括如下步骤, 参见图 2和图 3  [58] 上述 Using the above technical solution WTP method for obtaining AC information specifically includes the following steps, see Figure 2 and Figure 3
[59] 步骤 101 : WTP发送认证请求消息到 AAA服务器。 [59] Step 101: The WTP sends an authentication request message to the AAA server.
[60] 认证请求消息中包括用 WTP-AAA_key加密的 WTP-ID, 还包括 WTP标识 (WT MAC类型 (WTP MAC [60] The authentication request message includes the WTP-ID encrypted with WTP-AAA_key, and also includes the WTP identifier (WT). MAC type (WTP MAC
Type) 。 WTP标识用于标识 WTP身份, 在一个移动域内这个标识是唯一的; 发 现类型用于说明如何发现 WTP; WTP描述符用于说明请求 AC的状态, 例如 AC 连接的当前的 WTP数, 最大连接 WTP数等; WTP  Type). The WTP identifier is used to identify the WTP identity. This identifier is unique in a mobile domain. The discovery type is used to describe how to discover the WTP. The WTP descriptor is used to describe the status of the requesting AC. For example, the current WTP number of the AC connection, and the maximum connection WTP. Number; WTP
MAC类型表明 WTP支持的 MAC类型, 例如 WTP是支持分离 MAC, 本地 MAC还 是两者都支持; WTP帧隧道模式表明 WTP所支持的隧道模式。  The MAC type indicates the type of MAC supported by WTP. For example, WTP supports split MAC, and local MAC supports both. WTP frame tunnel mode indicates the tunnel mode supported by WTP.
[61] 步骤 102: AAA服务器收到认证请求消息后, 验证该 WTP-ID。 [61] Step 102: After receiving the authentication request message, the AAA server verifies the WTP-ID.
[62] AAA服务器用 WTP- AAA_key对从认证请求消息中得到的加密的 WTP-ID进行解 密, 并将解密后的 WTP-ID与从认证请求消息中得到的 WTP-ID进行比较, 如果 两个 WTP-ID相同, 则执行步骤 104, 如果两个 WTP-ID不同, 则执行步骤 103。 [62] The AAA server decrypts the encrypted WTP-ID obtained from the authentication request message with WTP-AAA_key, and compares the decrypted WTP-ID with the WTP-ID obtained from the authentication request message, if two If the WTP-ID is the same, step 104 is performed. If the two WTP-IDs are different, step 103 is performed.
[63] 步骤 103: AAA服务器向 WTP返回错误代码。 [63] Step 103: The AAA server returns an error code to WTP.
[64] WTP收到错误代码, 获知认证失败。 [64] WTP received an error code and was notified that the authentication failed.
[65] 步骤 104: AAA服务器向 ACIS发送 AC信息请求消息。 [65] Step 104: The AAA server sends an AC information request message to the ACIS.
[66] AC信息请求消息中包括 WTP标识 (WTP-ID) 、 发现类型 (Discovery [66] The AC information request message includes the WTP identifier (WTP-ID), the discovery type (Discovery)
Type) 、 WTP描述符 (WTP Descriptor) 、 WTP帧隧道模式 (WTP Frame Tunnel Type), WTP Descriptor, WTP Frame Tunnel Mode
Mode) 、 WTP MAC类型 (WTP MAC Type) 。 Mode), WTP MAC Type (WTP MAC Type).
[67] 步骤 105: ACIS根据 WTP-ID査找自己的信息表, 将适合 WTP要求的 AC以 AC信 息应答消息返回给 AAA服务器。 [67] Step 105: The ACIS searches its own information table according to the WTP-ID, and returns the AC suitable for WTP request to the AAA server with an AC information reply message.
[68] AC信息应答消息中包括一个首选 AC, 还可以包括至少一个备用 AC, 每个 AC 包括 AC描述符 (AC Descriptor) 和 AC名 (AC Name) 。 AC描述符 (AC descriptor) 用于说明请求 AC的状态, 例如 AC连接的当前的 WTP数, 最大连接 W[68] The AC information response message includes a preferred AC, and may also include at least one standby AC, and each AC includes an AC descriptor (AC Descriptor) and an AC name (AC Name). The AC descriptor is used to indicate the status of the requesting AC, such as the current WTP number of the AC connection, and the maximum connection W.
TP数等; AC Name是一个域内 AC的标识。 TP number, etc.; AC Name is the identifier of an AC in a domain.
[69] 步骤 106: AAA服务器收到 AC信息应答消息后, 为首选 AC生成一个随机数, 并利用此随机数生成 WTP-AC_key, 发送首 AC校验请求消息到首选 AC。 [69] Step 106: After receiving the AC information response message, the AAA server generates a random number for the preferred AC, and generates a WTP-AC_key by using the random number, and sends a first AC verification request message to the preferred AC.
[70] AAA服务器利用生成的随机数和 WTP与 AAA服务器之间的共享秘密材料生成[70] The AAA server uses the generated random number and the shared secret material generated between the WTP and the AAA server.
WTP-AC_key。 首 AC校验请求消息包括 WTP-AC_key和从 AC信息应答消息中得 到的 AC名。 WTP-AC_key. The first AC check request message includes WTP-AC_key and the AC name obtained from the AC information reply message.
[71] 步骤 107: 首选 AC收到首 AC校验请求消息后, 对收到的 AC进行校验, 并向 AA A服务器发送首 AC校验应答消息。 [71] Step 107: After receiving the first AC verification request message, the preferred AC checks the received AC and sends it to the AA. The A server sends a first AC check response message.
[72] 首选 AC将从首 AC校验请求消息中得到的 AC名与自身的 AC名进行比较, 如果 两个 AC名相同, 则向 AAA服务器发送表明首选 AC请求成功的首 AC校验应答消 息, 如果两个 AC名不相同, 则向 AAA服务器发送表明首选 AC请求失败的首 AC 校验应答消息。 [72] The preferred AC compares the AC name obtained from the first AC check request message with its own AC name. If the two AC names are the same, the first AC check response message indicating that the preferred AC request is successful is sent to the AAA server. If the two AC names are different, send a first AC check response message indicating that the preferred AC request failed to the AAA server.
[73] 步骤 108: AAA服务器收到首 AC校验应答消息, 判断首 AC校验应答消息的内 容, 如果首 AC校验应答消息表明首选 AC请求成功, 则执行步骤 109, 如果首 AC 校验应答消息表明首选 AC请求失败, 则 AAA服务器选择备用 AC作为首选 AC, 执行步骤 106。  [73] Step 108: The AAA server receives the first AC check response message, and determines the content of the first AC check response message. If the first AC check response message indicates that the preferred AC request is successful, step 109 is performed, if the first AC check is performed. If the response message indicates that the preferred AC request fails, the AAA server selects the standby AC as the preferred AC, and step 106 is performed.
[74] 步骤 109: AAA服务器发送认证应答消息到 WTP。  [74] Step 109: The AAA server sends an authentication response message to the WTP.
[75] AAA服务器发送的认证应答消息中包括在步骤 106中生成的随机数和步骤 108中 校验成功的首选 AC。  [75] The authentication response message sent by the AAA server includes the random number generated in step 106 and the preferred AC in step 108.
[76] 步骤 110: WTP收到认证应答消息后, 根据认证应答消息中的随机数计算出 WT [76] Step 110: After receiving the authentication response message, the WTP calculates the WT according to the random number in the authentication response message.
P-AC_key, 发送首 AC发现请求消息到首选 AC。 P-AC_key, sends the first AC discovery request message to the preferred AC.
[77] 首 AC发现请求消息包括用 WTP- AC_key加密的 WTP-ID、 WTP-ID、 发现类型、[77] The first AC discovery request message includes WTP-ID, WTP-ID, discovery type, encrypted with WTP-AC_key,
WTP描述符、 WTP帧隧道模式、 WTP MAC类型。 WTP descriptor, WTP frame tunnel mode, WTP MAC type.
[78] 步骤 111 : 首选 AC收到首 AC发现请求消息后, 校验其中的 WTP-ID, 并发送首[78] Step 111: After receiving the first AC discovery request message, the AC checks the WTP-ID and sends the first
AC发现应答消息到 WTP。 The AC finds a response message to the WTP.
[79] 首选 AC收到首 AC发现请求消息后, 用从首 AC校验请求消息中得到的 WTP-AC[79] Preferred WTP-AC obtained from the first AC check request message after the AC receives the first AC discovery request message.
_key对加密的 WTP-ID进行解密, 并将解密后的 WTP-ID与从首 AC发现请求消息 中得到的 WTP-ID进行比较, 如果两个 WTP-ID相同, 则首选 AC向 WTP发送表明 请求成功的首 AC发现应答消息, 如果两个 WTP-ID不相同, 则首选 AC向 WTP发 送表明请求失败的首 AC发现应答消息。 _key decrypts the encrypted WTP-ID, and compares the decrypted WTP-ID with the WTP-ID obtained from the first AC discovery request message. If the two WTP-IDs are the same, the preferred AC sends a notification request to the WTP. The successful first AC discovery response message, if the two WTP-IDs are not the same, the preferred AC sends a first AC discovery response message indicating that the request failed to the WTP.
[80] 步骤 112: WTP收到首 AC发现应答消息后, 判断首 AC发现应答消息的内容, 如果 WTP收到表明请求成功的首 AC发现应答消息, 则执行步骤 113, 如果 WTP 收到表明请求失败的首 AC发现应答消息, 则 WTP重新发送认证请求消息到 AAA 服务器, 执行步骤 101。 [00] Step 112: After receiving the first AC discovery response message, the WTP determines the content of the first AC discovery response message. If the WTP receives the first AC discovery response message indicating that the request is successful, the step S113 is performed, if the WTP receives the indication request. If the failed first AC discovery response message is sent, the WTP resends the authentication request message to the AAA server, and step 101 is performed.
[81] 步骤 113: WTP执行其它的 CAPWAP操作。 [82] 本实施例由于 WTP通过 AAA服务器和 ACIS获得了 AC的信息, 所以大大地提高 了 WTP获得 AC信息的可能性, 同吋 WTP也能够实现自举。 [81] Step 113: WTP performs other CAPWAP operations. [82] In this embodiment, since the WTP obtains the AC information through the AAA server and the ACIS, the possibility that the WTP obtains the AC information is greatly improved, and the WTP can also implement the bootstrapping.
[83] 在实际的应用中, 有吋 WTP会由于一些原因和当前的 AC断连, 这吋 WTP会启 用备用 AC。 在这种情况下, WTP会选择一个备用 AC, 向备用 AC发送请求与备 用 AC建立连接的消息, 备用 AC收到 WTP发送的消息后, 向 AAA服务器发送请 求对 WTP验证的消息, AAA服务器对 WTP验证通过后, 向备用 AC发送 WTP验证 通过的消息, 备用 AC收到 WTP验证通过的消息后, 向 WTP发送应答消息。  [83] In practical applications, WTP will be disconnected from the current AC for some reason, so WTP will activate the standby AC. In this case, the WTP selects a standby AC and sends a message to the standby AC to establish a connection with the standby AC. After receiving the message sent by the WTP, the standby AC sends a message requesting WTP authentication to the AAA server. After the WTP authentication is passed, the WTP authentication message is sent to the standby AC. After receiving the WTP authentication message, the standby AC sends a response message to the WTP.
[84] WTP启用备用 AC的过程具体包括如下步骤, 参见图 4和图 5:  [84] The process of WTP enabling alternate AC specifically includes the following steps, see Figure 4 and Figure 5:
[85] 步骤 201 : WTP为备用 AC生成一个随机数, 并利用该随机数和 WTP与 AAA服 务器之间的共享秘密材料计算出 WTP-AC_key。  [85] Step 201: The WTP generates a random number for the standby AC, and calculates the WTP-AC_key by using the random number and the shared secret material between the WTP and the AAA server.
[86] 步骤 202: WTP发送首 AC发现请求消息到备用 AC。  [86] Step 202: The WTP sends the first AC Discovery Request message to the standby AC.
[87] 首 AC发现请求消息包括用 WTP- AAA_key加密的 WTP-ID、 用 WTP-AC_key加密 的 WTP-ID、 用 WTP-AAA_key加密的随机数, 还包括 WTP-ID、 发现类型、 WTP 描述符、 WTP帧隧道模式、 WTP  [87] The first AC discovery request message includes a WTP-ID encrypted with WTP-AAA_key, a WTP-ID encrypted with WTP-AC_key, a random number encrypted with WTP-AAA_key, and also includes a WTP-ID, a discovery type, and a WTP descriptor. , WTP frame tunnel mode, WTP
MAC类型。 被 WTP-AAA_key加密的随机数为步骤 201中生成的随机数。  MAC type. The random number encrypted by WTP-AAA_key is the random number generated in step 201.
[88] 步骤 203: 备用 AC收到首 AC发现请求消息后, 向 AAA服务器发送 WTP验证请 求消息。 [88] Step 203: After receiving the first AC discovery request message, the standby AC sends a WTP authentication request message to the AAA server.
[89] WTP验证请求消息包括用 WTP-AAA_key加密的 WTP-ID  [89] WTP Authentication Request message includes WTP-ID encrypted with WTP-AAA_key
、 用 WTP-AAA_key加密的随机数及 WTP-ID。  , random number encrypted with WTP-AAA_key and WTP-ID.
[90] 步骤 204: AAA服务器收到 WTP验证请求消息后, AAA服务器解密得到由 WTP 发送来的随机数, 禾 1」用此随机数计算出 WTP-AC_key, 并向备用 AC发送含有 WT[90] Step 204: After receiving the WTP verification request message, the AAA server decrypts the random number sent by the WTP, and uses the random number to calculate the WTP-AC_key and sends the WT to the standby AC.
P-AC_key的 WTP验证确认消息。 WTP verification confirmation message of P-AC_key.
[91] 步骤 205: 备用 AC收到 WTP验证确认消息后, 校验其中的 WTP-ID, 并发送首 A[91] Step 205: After receiving the WTP verification confirmation message, the standby AC checks the WTP-ID and sends the first A.
C发现应答消息到 WTP。 C finds a reply message to WTP.
[92] 备用 AC收到 WTP验证确认消息后, 用从 WTP验证确认消息中得到的 WTP-AC_ key对加密的 WTP-ID进行解密, 并将解密后的 WTP-ID与从首 AC发现请求消息中 得到的 WTP-ID进行比较, 如果两个 WTP-ID相同, 则备用 AC向 WTP发送表明请 求成功的首 AC发现应答消息, 如果两个 WTP-ID不相同, 则备用 AC向 WTP发送 表明请求失败的首 AC发现应答消息。 [92] After receiving the WTP verification confirmation message, the standby AC decrypts the encrypted WTP-ID with the WTP-AC_key obtained from the WTP verification confirmation message, and decrypts the decrypted WTP-ID with the first AC discovery request message. The obtained WTP-ID is compared. If the two WTP-IDs are the same, the standby AC sends a first AC discovery response message indicating that the request is successful to the WTP. If the two WTP-IDs are different, the standby AC sends the WTP to the WTP. Indicates the first AC discovery response message indicating that the request failed.
[93] 步骤 206: WTP收到首 AC发现应答消息后, 判断首 AC发现应答消息的内容, 如果 WTP收到表明请求成功的首 AC发现应答消息, 则执行步骤 207, 如果 WTP 收到表明请求失败的首 AC发现应答消息, 则 WTP启用其它的备用 AC, 执行步骤 201。 [00] Step 206: After receiving the first AC discovery response message, the WTP determines the content of the first AC discovery response message. If the WTP receives the first AC discovery response message indicating that the request is successful, step 207 is performed, if the WTP receives the indication request. If the failed first AC finds the response message, the WTP enables the other standby ACs, and step 201 is performed.
[94] 当 WTP收到表明请求失败的首 AC发现应答消息后, 如果还有其它的备用 AC可 以使用的话, WTP可以启用其它的备用 AC。 此外, 还可以启用 WTP第一次启动 过程。  [94] When the WTP receives the first AC discovery response message indicating that the request failed, WTP can enable other alternate ACs if there are other alternate ACs available. In addition, WTP can be enabled for the first boot process.
[95] 步骤 207: WTP执行其它的 CAPWAP操作。  [95] Step 207: WTP performs other CAPWAP operations.
[96] 本实施例由于 WTP通过 AAA服务器获得了 AC的信息, 这样使得当 WTP与当前 AC连接中断后, WTP可以通过启动备用 AC来实现 WTP与 AC之间的连接, 从而 保证了通信的连续性。  [96] In this embodiment, the WTP obtains the AC information through the AAA server, so that when the WTP is disconnected from the current AC, the WTP can implement the connection between the WTP and the AC by starting the standby AC, thereby ensuring continuous communication. Sex.
[97] 参见图 6, 本发明实施例提供了一种在无线局域网获得接入控制器信息的装置 [97] Referring to FIG. 6, an embodiment of the present invention provides a device for obtaining access controller information in a wireless local area network.
, 该装置包括认证模块和 AC选择模块; The device includes an authentication module and an AC selection module;
[98] 认证模块用于接收到 WTP发送的请求认证的消息后, 对 WTP进行认证, 并将认 证结果发送给 AC选择模块; [98] The authentication module is configured to: after receiving the message requesting authentication sent by the WTP, authenticate the WTP, and send the authentication result to the AC selection module;
[99] AC选择模块用于在认证模块对 WTP认证通过后, 从 AC信息服务器处获取适合[99] The AC selection module is used to obtain the appropriate information from the AC information server after the authentication module passes the WTP authentication.
WTP的 AC信息, 并发送该 AC信息。 WTP AC information, and send the AC information.
[100] 本实施例通过认证模块和 AC选择模块获得了 AC的信息, 这样大大地提高了 W[100] This embodiment obtains AC information through the authentication module and the AC selection module, which greatly improves W.
TP获得 AC信息的可能性。 The possibility of TP obtaining AC information.
[101] 参见图 7, 本发明实施例提供了一种 AAA服务器, 该 AAA服务器包括在无线局 域网获得接入控制器信息的装置, 装置包括认证模块和 AC选择模块; [007] Referring to FIG. 7, an embodiment of the present invention provides an AAA server, where the AAA server includes an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes an authentication module and an AC selection module.
[102] 认证模块用于接收到 WTP发送的请求认证的消息后, 对 WTP进行认证, 并将认 证结果发送给 AC选择模块; [102] The authentication module is configured to: after receiving the message requesting authentication sent by the WTP, authenticate the WTP, and send the authentication result to the AC selection module;
[103] AC选择模块用于在认证模块对 WTP认证通过后, 从 AC信息服务器处获取适合[103] The AC selection module is used to obtain the appropriate information from the AC information server after the authentication module passes the WTP authentication.
WTP的 AC信息, 并发送该 AC信息。 WTP AC information, and send the AC information.
[104] 本实施例在 AAA服务器中增加了在无线局域网获得接入控制器信息的装置, 使 得 AAA服务器不仅具备了验证、 授权和帐户功能, 而且还可以为无线终结点提 供接入控制器信息。 [104] In this embodiment, a device for obtaining access controller information in a wireless local area network is added to the AAA server, so that the AAA server not only has the functions of authentication, authorization, and account, but also provides a wireless termination point. For access to controller information.
[105] 参见图 8, 本发明实施例提供了一种用于获得接入控制器信息的网络, 该网络 包括无线终结点、 AAA服务器和接入控制器信息服务器;  [008] Referring to FIG. 8, an embodiment of the present invention provides a network for obtaining access controller information, where the network includes a wireless termination point, an AAA server, and an access controller information server.
[106] 无线终结点用于向 AAA服务器发送请求认证的消息; [106] The wireless endpoint is used to send a message requesting authentication to the AAA server;
[107] AAA服务器用于接收到无线终结点发送的消息后, 对无线终结点进行认证, 在 认证通过后, 向接入控制器信息服务器发送请求接入控制器信息的消息;  [107] After receiving the message sent by the wireless endpoint, the AAA server authenticates the wireless endpoint, and sends a message requesting access to the controller information to the access controller information server after the authentication is passed;
[108] 接入控制器信息服务器用于接收到 AAA服务器发送的消息后, 选择出适合无线 终结点的接入控制器信息, 并将该接入控制器信息通过 AAA服务器转发给无线 终结点。 [108] After receiving the message sent by the AAA server, the access controller information server selects the access controller information suitable for the wireless endpoint, and forwards the access controller information to the wireless endpoint through the AAA server.
[109] 本实施例为无线终结点提供了一种获得接入控制器信息的网络, 通过该网络无 线终结点可以在没有接入控制器可用的情况下, 获得到适合自己的接入控制器 信息, 从而建立连接。  [109] In this embodiment, a wireless termination point provides a network for obtaining access controller information, and the wireless termination point of the network can obtain an access controller suitable for itself without an access controller being available. Information, thereby establishing a connection.
[110] 参见图 9, 本发明实施例还提供了一种在无线局域网获得接入控制器信息的装 置, 该装置包括选择模块、 验证模块和建立模块;  [110] Referring to FIG. 9, an embodiment of the present invention further provides an apparatus for obtaining access controller information in a wireless local area network, where the apparatus includes a selection module, a verification module, and an establishment module;
[111] 选择模块用于选择一个备用 AC; [111] The selection module is used to select an alternate AC;
[112] 验证模块用于接收到 WTP下发的请求与选择模块选择的备用 AC建立连接的消 息后, 对 WTP进行验证, 并将验证结果发送给建立模块;  [112] The verification module is configured to: after receiving the message that the request sent by the WTP is connected with the standby AC selected by the selection module, verify the WTP, and send the verification result to the establishing module;
[113] 建立模块用于在验证模块对 WTP验证通过后, 在选择模块选择的备用 AC与 WT[113] The setup module is used to select the alternate AC and WT selected in the module after the verification module passes the WTP verification.
P之间建立连接。 A connection is established between P.
[114] 本实施例通过选择模块和验证模块启用了备用 AC, 这样使得当 WTP与当前 AC 连接中断后, 可以通过启动备用 AC来实现 WTP与 AC之间的连接, 从而保证了通 信的连续性。  [114] In this embodiment, the standby AC is enabled by the selection module and the verification module, so that when the connection between the WTP and the current AC is interrupted, the connection between the WTP and the AC can be implemented by starting the standby AC, thereby ensuring continuity of communication. .
[115] 参见图 10, 本发明实施例还提供了一种 AAA服务器, 该 AAA服务器包括在无 线局域网获得接入控制器信息的装置, 该装置包括验证模块;  [115] Referring to FIG. 10, an embodiment of the present invention further provides an AAA server, where the AAA server includes means for obtaining access controller information in a wireless local area network, where the apparatus includes a verification module;
[116] 在选择模块选择一个备用 AC后, 验证模块接收到 WTP下发的请求与选择模块 选择的备用 AC建立连接的消息后, 对 WTP进行验证, 并将验证结果发送给建立 模块;  [116] After the selection module selects a standby AC, the verification module receives the message sent by the WTP and establishes a connection with the standby AC selected by the module, and then verifies the WTP, and sends the verification result to the establishment module;
[117] 建立模块用于在验证模块对 WTP验证通过后, 在选择模块选择的备用 AC与 WT P之间建立连接。 [117] The setup module is used to select the alternate AC and WT selected in the module after the verification module passes the WTP verification. A connection is established between P.
[118] 本实施例在 AAA服务器中增加了验证模块, 使得 AAA服务器不仅具备了验证 [118] In this embodiment, a verification module is added to the AAA server, so that the AAA server not only has the verification.
、 授权和帐户功能, 而且还可以为无线终结点提供接入控制器信息。 , authorization and account functions, and can also provide access controller information for wireless endpoints.
[119] 参见图 11, 本发明实施例还提供了一种用于获得接入控制器信息的网络, 该网 络包括无线终结点和 AAA服务器; [119] Referring to FIG. 11, an embodiment of the present invention further provides a network for obtaining access controller information, where the network includes a wireless termination point and an AAA server;
[120] 无线终结点用于向 AAA服务器发送请求与备用接入控制器建立连接的消息; [121] AAA服务器用于接收到无线终结点发送的消息后, 对无线终结点进行验证, 并 在验证通过后, 向无线终结点发送验证通过的消息。 [120] The wireless endpoint is used to send a message to the AAA server requesting to establish a connection with the standby access controller; [121] the AAA server is configured to verify the wireless endpoint after receiving the message sent by the wireless endpoint, and After the verification is passed, the message that the verification is passed is sent to the wireless endpoint.
[122] 本实施例为无线终结点提供了一种获得接入控制器信息的网络, 通过该网络无 线终结点可以在没有接入控制器可用的情况下, 获得到适合自己的接入控制器 信息, 从而建立连接。 [122] In this embodiment, a wireless termination point provides a network for obtaining access controller information, and the wireless termination point of the network can obtain an access controller suitable for itself without an access controller being available. Information, thereby establishing a connection.
[123] 本发明实施例可以利用软件实现, 例如利用。、 C++或 JAVA等语言编程实现, 相应的软件可以存储在可读取的存储介质中, 例如计算机的硬盘、 内存中。  [123] Embodiments of the invention may be implemented in software, for example, utilized. Language programming such as C++ or JAVA, the corresponding software can be stored in a readable storage medium, such as a computer hard disk, memory.
[124] 以上所述的实施例只是本发明较优选的具体实施方式的, 本领域的技术人员在 本发明技术方案范围内进行的通常变化和替换都应包含在本发明的保护范围内  The embodiments described above are only preferred embodiments of the present invention, and the usual variations and substitutions made by those skilled in the art within the scope of the technical solutions of the present invention are included in the scope of the present invention.

Claims

权利要求书 Claim
[1] 1.一种在无线局域网获得接入控制器信息的方法, 其特征在于, 所述方法 包括:  [1] A method for obtaining access controller information in a wireless local area network, the method comprising:
验证、 授权和帐户 AAA服务器收到 WTP发送的请求认证的消息, 对所述 W TP进行认证, 认证通过后, 向接入控制器 AC信息服务器发送请求 AC信息 的消息;  Authentication, authorization, and account The AAA server receives the request authentication message sent by the WTP, and authenticates the W TP. After the authentication is passed, the AAA server sends a message requesting the AC information to the access controller AC information server.
所述 AAA服务器从所述 AC信息服务器返回的消息中获得适合所述 WTP的 A C信息, 并向所述 WTP发送含有所述 AC信息的消息。  And the AAA server obtains A C information suitable for the WTP from a message returned by the AC information server, and sends a message containing the AC information to the WTP.
[2] 2.如权利要求 1所述的在无线局域网获得接入控制器信息的方法, 其特征在 于, AAA服务器收到 WTP发送的请求认证的消息, 对所述 WTP进行认证, 认证通过后, 向 AC信息服务器发送请求 AC信息的消息具体包括: 所述 AAA服务器从所述 WTP发送的请求认证的消息中得到密钥、 加密的 W TP标识和未加密的 WTP标识, 用该密钥对加密的 WTP标识进行解密, 并将 解密后的 WTP标识与未加密的 WTP标识进行比较, 如果两个 WTP标识相同 , 贝 I」向所述 AC信息服务器发送请求 AC信息的消息。  [2] The method for obtaining access controller information in a wireless local area network according to claim 1, wherein the AAA server receives the message requesting authentication sent by the WTP, and performs authentication on the WTP, after the authentication is passed. The sending the message requesting the AC information to the AC information server includes: obtaining, by the AAA server, a key, an encrypted W TP identifier, and an unencrypted WTP identifier from the message requesting the authentication sent by the WTP, and using the key pair The encrypted WTP identifier is decrypted, and the decrypted WTP identifier is compared with the unencrypted WTP identifier. If the two WTP identifiers are the same, the shell I" sends a message requesting AC information to the AC information server.
[3] 3.如权利要求 1所述的在无线局域网获得接入控制器信息的方法, 其特征在 于, 所述 AAA服务器从所述 AC信息服务器返回的消息中获得适合所述 WT P的 AC信息, 并向所述 WTP发送含有所述 AC信息的消息具体包括: 所述 AAA服务器从所述 AC信息服务器返回的消息中获得适合所述 WTP的 首选 AC信息, 并为所述首选 AC生成一个随机数, 用该随机数生成所述 WT P与所述首选 AC之间的密钥, 向所述首选 AC发送含有该密钥和所述首选 A C信息的消息;  [3] The method for obtaining access controller information in a wireless local area network according to claim 1, wherein the AAA server obtains an AC suitable for the WT P from a message returned by the AC information server. And the sending, by the AAA server, the preferred AC information that is suitable for the WTP, and generating one for the preferred AC, by using the message returned by the AC information server. a random number, the key between the WT P and the preferred AC is generated by using the random number, and the message containing the key and the preferred AC information is sent to the preferred AC;
所述首选 AC对收到的所述首选 AC信息进行校验, 校验通过后, 向所述 AA A服务器发送应答消息;  The preferred AC checks the received preferred AC information, and sends a response message to the AA A server after the verification is passed;
所述 AAA服务器收到所述应答消息后, 向所述 WTP发送含有所述首选 AC 信息的消息。  After receiving the response message, the AAA server sends a message containing the preferred AC information to the WTP.
[4] 4.如权利要求 3所述的在无线局域网获得接入控制器信息的方法, 其特征在 于, 所述 AC信息服务器返回的消息还包括: 备用 AC信息; 且 AAA服务器 接收到首选 AC返回的校验失败的应答消息后, 选择备用 AC作为首选 AC。 [4] The method for obtaining access controller information in a wireless local area network according to claim 3, wherein the message returned by the AC information server further comprises: standby AC information; and an AAA server After receiving the response message of the verification failure returned by the preferred AC, select the standby AC as the preferred AC.
[5] 5.如权利要求 3所述的在无线局域网获得接入控制器信息的方法, 其特征在 于, 所述 AAA服务器收到所述应答消息后, 向所述 WTP发送含有所述首选 AC信息的消息之后还包括: [5] The method for obtaining access controller information in a wireless local area network according to claim 3, wherein after receiving the response message, the AAA server sends the preferred AC to the WTP. The message of the message also includes:
所述 WTP从收到的消息中获得所述首选 AC信息后, 向所述首选 AC发送含 有所述 WTP标识和加密的所述 WTP标识的消息, 所述首选 AC对收到的所 述 WTP标识进行校验, 向所述 WTP发送应答消息。  After the WTP obtains the preferred AC information from the received message, the WTP sends a message including the WTP identifier and the encrypted WTP identifier to the preferred AC, where the preferred AC pair receives the WTP identifier. A check is performed to send a response message to the WTP.
[6] 6.如权利要求 5所述的在无线局域网获得接入控制器信息的方法, 其特征在 于, 所述首选 AC对收到的所述 WTP标识进行校验, 向所述 WTP发送应答 消息具体包括: [6] The method for obtaining access controller information in a wireless local area network according to claim 5, wherein the preferred AC checks the received WTP identifier, and sends a response to the WTP. The message specifically includes:
所述首选 AC用密钥对从消息中得到的加密的所述 WTP标识进行解密, 并将 解密后的所述 WTP标识与从消息中得到的所述 WTP标识进行比较, 如果两 个 WTP标识相同, 则所述首选 AC向所述 WTP发送表明请求成功的消息, 如果两个 WTP标识不相同, 则所述首选 AC向所述 WTP发送表明请求失败 的消息。  Decrypting the encrypted WTP identifier obtained from the message with the preferred AC key, and comparing the decrypted WTP identifier with the WTP identifier obtained from the message, if the two WTP identifiers are the same The preferred AC sends a message indicating that the request is successful to the WTP. If the two WTP identifiers are different, the preferred AC sends a message indicating that the request fails to the WTP.
[7] 7.如权利要求 1所述的在无线局域网获得接入控制器信息的方法, 其特征在 于, 向所述 WTP发送的含有所述 AC信息的消息具体包括: 所述 AC描述符 和 AC名, 所述 AC描述符包括所述 AC当前连接的 WTP数和连接 WTP的最大 数。  [7] The method for obtaining access controller information in a wireless local area network according to claim 1, wherein the message containing the AC information sent to the WTP specifically includes: the AC descriptor and AC name, the AC descriptor includes the number of WTPs currently connected by the AC and the maximum number of connected WTPs.
[8] 8.—种在无线局域网获得接入控制器信息的方法, 其特征在于, 所述方法 包括:  [8] 8. A method for obtaining access controller information in a wireless local area network, wherein the method comprises:
AAA服务器接收备用 AC发送来的请求对 WTP验证的消息, 所述请求对 WT P验证的消息为: 备用 AC接收到 WTP传输来的请求与备用 AC建立连接的消 息后发送的消息;  The AAA server receives the message sent by the standby AC to verify the WTP, and the message that the request is authenticated to the WT P is: the message sent by the standby AC after receiving the message from the WTP transmission to establish a connection with the standby AC;
所述 AAA服务器对所述 WTP验证通过后, 向所述备用 AC发送 WTP验证通 过的消息, 使所述备用 AC收到所述 WTP验证通过的消息后, 向所述 WTP 发送应答消息。  After the AAA server passes the verification of the WTP, the AAA server sends a message that the WTP authentication passes to the standby AC, and after the standby AC receives the message that the WTP authentication passes, sends a response message to the WTP.
[9] 9.如权利要求 8所述的在无线局域网获得接入控制器信息的方法, 其特征在 于, 所述方法具体包括: [9] 9. The method for obtaining access controller information in a wireless local area network according to claim 8, wherein The method specifically includes:
WTP选择一个备用 AC, 并为所述备用 AC生成一个随机数, 利用所述 WTP 与 AAA服务器之间的密钥对该随机数进行加密, 并向所述备用 AC发送含有 加密的随机数、 所述 WTP标识、 加密的所述 WTP标识的消息; 所述备用 AC收到所述 WTP发送的消息后, 向所述 AAA服务器发送含有加 密的随机数、 所述 WTP标识、 加密的所述 WTP标识的消息; 所述 AAA服务器对从消息中获得的加密的随机数解密, 用解密后的随机数 计算出所述 WTP与所述备用 AC之间的密钥, 并向所述备用 AC发送含有该 密钥的消息;  The WTP selects a standby AC, generates a random number for the standby AC, encrypts the random number by using a key between the WTP and the AAA server, and sends the encrypted random number to the standby AC. The WTP identifier, the encrypted WTP identifier message, and the standby AC, after receiving the message sent by the WTP, sending the encrypted random number, the WTP identifier, and the encrypted WTP identifier to the AAA server. The AAA server decrypts the encrypted random number obtained from the message, calculates a key between the WTP and the standby AC by using the decrypted random number, and sends the key to the standby AC. Key message
所述备用 AC用从消息中获得的密钥对所述 WTP标识进行校验, 并向所述 W TP发送应答消息。  The standby AC checks the WTP identifier with a key obtained from the message, and sends a response message to the WTP.
[10] 10.如权利要求 9所述的在无线局域网获得接入控制器信息的方法, 其特征 在于, 所述备用 AC用从消息中获得的密钥对所述 WTP标识进行校验, 并向 所述 WTP发送应答消息具体包括:  [10] The method for obtaining access controller information in a wireless local area network according to claim 9, wherein the standby AC checks the WTP identifier with a key obtained from the message, and Sending a response message to the WTP specifically includes:
所述备用 AC用从消息中得到的密钥对加密的所述 WTP标识进行解密, 并将 解密后的 WTP标识与从请求消息中获得的 WTP标识进行比较, 如果两个 W TP标识相同, 则所述备用 AC向所述 WTP发送表明请求成功的应答消息, 如果两个 WTP不相同, 则所述备用 AC向所述 WTP发送表明请求失败的应 答消息。  The standby AC decrypts the encrypted WTP identifier by using a key obtained from the message, and compares the decrypted WTP identifier with the WTP identifier obtained from the request message. If the two W TP identifiers are the same, The standby AC sends a response message indicating that the request is successful to the WTP. If the two WTPs are different, the standby AC sends a response message indicating that the request fails to the WTP.
[11] 11.一种在无线局域网获得接入控制器信息的装置, 其特征在于, 所述装置 包括:  [11] 11. An apparatus for obtaining access controller information in a wireless local area network, wherein the apparatus comprises:
认证模块, 用于接收到 WTP发送的请求认证的消息后, 对所述 WTP进行认 证, 并输出认证结果;  An authentication module, configured to: after receiving the message requesting authentication sent by the WTP, authenticating the WTP, and outputting the authentication result;
AC选择模块, 用于在所述认证模块对所述 WTP认证通过后, 从 AC信息服 务器处获取适合所述 WTP的 AC信息, 并向 WTP发送该 AC信息。  The AC selection module is configured to: after the authentication module passes the WTP authentication, obtain AC information suitable for the WTP from the AC information server, and send the AC information to the WTP.
[12] 12.—种 AAA服务器, 其特征在于, 所述 AAA服务器包括在无线局域网获得 接入控制器信息的装置, 所述装置包括: [12] 12. An AAA server, wherein the AAA server includes means for obtaining access controller information in a wireless local area network, the device comprising:
认证模块, 用于接收到 WTP发送的请求认证的消息后, 对所述 WTP进行认 证, 并输出认证结果; An authentication module, configured to: after receiving the message requesting authentication sent by the WTP, identify the WTP Certificate, and output the certification result;
AC选择模块, 用于在所述认证模块对所述 WTP认证通过后, 从 AC信息服 务器处获取适合所述 WTP的 AC信息, 并向 WTP发送该 AC信息。  The AC selection module is configured to: after the authentication module passes the WTP authentication, obtain AC information suitable for the WTP from the AC information server, and send the AC information to the WTP.
[13] 13.—种用于获得接入控制器信息的网络, 其特征在于, 所述网络包括: 无线终结点, 用于发送请求认证的消息; [13] 13. The network for obtaining access controller information, wherein the network comprises: a wireless termination point, configured to send a message requesting authentication;
AAA服务器, 用于接收到所述无线终结点发送的消息后, 对所述无线终结 点进行认证, 在认证通过后, 发送请求接入控制器信息的消息; 接入控制器信息服务器, 用于接收到所述 AAA服务器发送的消息后, 选择 出适合所述无线终结点的接入控制器信息,, 并将该接入控制器信息通过所 述 AAA服务器转发给所述无线终结点。  An AAA server, configured to: after receiving the message sent by the wireless endpoint, authenticate the wireless endpoint, send a message requesting access to the controller information after the authentication is passed; and access the controller information server, where After receiving the message sent by the AAA server, the access controller information suitable for the wireless termination point is selected, and the access controller information is forwarded to the wireless termination point by using the AAA server.
[14] 14.一种在无线局域网获得接入控制器信息的装置, 其特征在于, 所述装置 包括: [14] 14. An apparatus for obtaining access controller information in a wireless local area network, wherein the apparatus comprises:
选择模块, 用于选择一个备用 AC;  a selection module for selecting an alternate AC;
验证模块, 用于接收到 WTP下发的请求与所述选择模块选择的备用 AC建立 连接的消息后, 对所述 WTP进行验证, 并将验证结果发送给所述建立模块 建立模块用于在所述验证模块对所述 WTP验证通过后, 在所述选择模块选 择的备用 AC与所述 WTP之间建立连接。  a verification module, configured to: after receiving a message that the request sent by the WTP is connected to the standby AC selected by the selection module, verify the WTP, and send the verification result to the establishment module to be used in the After the verification module passes the verification of the WTP, a connection is established between the standby AC selected by the selection module and the WTP.
[15] 15.—种 AAA服务器, 其特征在于, 所述 AAA服务器包括: [15] 15. An AAA server, characterized in that the AAA server comprises:
验证模块, 用于在 WTP请求与备用 AC建立连接后, 对所述 WTP进行验证 , 并向所述备用 AC发送验证结果, 所述验证结果用于决定是否在 WTP与备 用 AC之间建立连接。  And a verification module, configured to: after the WTP request establishes a connection with the standby AC, verify the WTP, and send a verification result to the standby AC, where the verification result is used to determine whether a connection is established between the WTP and the standby AC.
PCT/CN2008/070278 2007-02-13 2008-02-04 Mehtod and apparatus for acquiring access controller information in wireless lan WO2008098510A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2007100050640A CN101247295A (en) 2007-02-13 2007-02-13 Method and device for acquiring access controller information in wireless local area network
CN200710005064.0 2007-02-13

Publications (1)

Publication Number Publication Date
WO2008098510A1 true WO2008098510A1 (en) 2008-08-21

Family

ID=39689671

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/070278 WO2008098510A1 (en) 2007-02-13 2008-02-04 Mehtod and apparatus for acquiring access controller information in wireless lan

Country Status (2)

Country Link
CN (1) CN101247295A (en)
WO (1) WO2008098510A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101646171B (en) * 2009-02-27 2011-08-17 西安西电捷通无线网络通信股份有限公司 Method for realizing integration of WAPI and CAPWAP by separation MAC mode
CN101577916B (en) * 2009-02-27 2011-07-06 西安西电捷通无线网络通信股份有限公司 Method for realizing convergence of WAPI and CAPWAP in local MAC mode
US8478854B2 (en) * 2009-05-14 2013-07-02 Avaya Inc. Tolerant device licensing in a distributed environment
CN101557591B (en) * 2009-05-14 2011-01-26 西安西电捷通无线网络通信股份有限公司 STA switching method for completing WPI by WTP in convergent-type WLAN and system thereof
CN103916853A (en) * 2012-12-31 2014-07-09 中兴通讯股份有限公司 Control method for access node in wireless local-area network and communication system
EP3041293B1 (en) * 2013-08-30 2020-07-22 Huawei Technologies Co., Ltd. Wtp access method, management method, apparatus and system
EP3043621B1 (en) * 2013-10-10 2018-08-29 Huawei Technologies Co., Ltd. Wireless termination point and control method and system thereof and wireless control point
CN104812021B (en) * 2015-04-01 2018-12-25 新华三技术有限公司 A kind of method and device of AP access AC
CN110138622B (en) * 2019-06-04 2022-05-27 江苏创通电子股份有限公司 Wireless local area network management system based on cloud technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040208187A1 (en) * 2003-04-16 2004-10-21 Jerry Mizell Home agent redirection for mobile IP
JP2004304824A (en) * 1999-10-05 2004-10-28 Nec Corp Authentication method and authentication apparatus in wireless lan system
CN1625853A (en) * 2002-04-23 2005-06-08 Sk电信有限公司 Authentication system and method having mobility in public wireless local area network
CN1265580C (en) * 2002-12-26 2006-07-19 华为技术有限公司 Identification and business management for network user
CN1283062C (en) * 2004-06-24 2006-11-01 华为技术有限公司 Cut-in identification realizing method for wireless local network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004304824A (en) * 1999-10-05 2004-10-28 Nec Corp Authentication method and authentication apparatus in wireless lan system
CN1625853A (en) * 2002-04-23 2005-06-08 Sk电信有限公司 Authentication system and method having mobility in public wireless local area network
CN1265580C (en) * 2002-12-26 2006-07-19 华为技术有限公司 Identification and business management for network user
US20040208187A1 (en) * 2003-04-16 2004-10-21 Jerry Mizell Home agent redirection for mobile IP
CN1283062C (en) * 2004-06-24 2006-11-01 华为技术有限公司 Cut-in identification realizing method for wireless local network

Also Published As

Publication number Publication date
CN101247295A (en) 2008-08-20

Similar Documents

Publication Publication Date Title
US8959601B2 (en) Client configuration during timing window
US9232398B2 (en) Method and apparatus for link setup
RU2407181C1 (en) Authentication of safety and control of keys in infrastructural wireless multilink network
US7587598B2 (en) Interlayer fast authentication or re-authentication for network communication
JP3869392B2 (en) User authentication method in public wireless LAN service system and recording medium storing program for causing computer to execute the method
WO2008098510A1 (en) Mehtod and apparatus for acquiring access controller information in wireless lan
CN101616410B (en) Access method and access system for cellular mobile communication network
JP5042834B2 (en) Security-related negotiation method using EAP in wireless mobile internet system
US7155526B2 (en) Method and system for transparently and securely interconnecting a WLAN radio access network into a GPRS/GSM core network
WO2013119043A1 (en) Method and apparatus for associating station (sta) with access point (ap)
US20050226423A1 (en) Method for distributes the encrypted key in wireless lan
US20120026916A1 (en) Method and System for Transporting Configuration Protocol Messages Across a Distribution System (DS) in a Wireless Local Area Network (WLAN)
JP2018523950A (en) Method and apparatus for direct communication key establishment
WO2011144174A1 (en) Method, device and system for configuring access device
WO2008006306A1 (en) Method and device for deriving local interface key
WO2004102884A1 (en) A method for performing authentication in a wireless lan
EP2957114B1 (en) Method and network node for obtaining a permanent identity of an authenticating wireless device
WO2011137782A1 (en) Method、device and system for transmitting key in wireless local area network
WO2006097041A1 (en) A general authentication former and a method for implementing the authentication
WO2013107423A1 (en) Network access authentication method, system and device
WO2007028328A1 (en) Method, system and device for negotiating about cipher key shared by ue and external equipment
KR20080086127A (en) A method and apparatus of security and authentication for mobile telecommunication system
WO2009074050A1 (en) A method, system and apparatus for authenticating an access point device
WO2007022731A1 (en) Encryption key negotiation method, system and equipment in the enhanced universal verify frame
CN112671763A (en) Data synchronization method and device under networking environment and computer equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08706651

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08706651

Country of ref document: EP

Kind code of ref document: A1