CN101765114A - Method, system and equipment for controlling wireless user access - Google Patents
Method, system and equipment for controlling wireless user access Download PDFInfo
- Publication number
- CN101765114A CN101765114A CN201010001003A CN201010001003A CN101765114A CN 101765114 A CN101765114 A CN 101765114A CN 201010001003 A CN201010001003 A CN 201010001003A CN 201010001003 A CN201010001003 A CN 201010001003A CN 101765114 A CN101765114 A CN 101765114A
- Authority
- CN
- China
- Prior art keywords
- wireless terminal
- authentication
- bras
- user
- communication equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method, a system and equipment for controlling wireless user access. The method comprises the following steps that: wireless network equipment transmits a notice to a BRAS when detecting that a new wireless terminal is online on a subordinate AP; the BRAS receives the notice, acquires an authorization state of the wireless terminal, and transmits user information of the wireless terminal to the wireless network equipment after the wireless terminal passes the authorization; and the wireless network equipment acquires the number of accessed users passing the authorization on the AP according to the user information transmitted by the BRAS, and controlling the subsequent user access according to the pre-configured maximum number of the users which are allowed to access and pass the authorization. In the invention, wireless users really wanting to use a network can access the wireless network by controlling the number of users actually passing the authentication on the AP; and the wireless terminal users passing the authentication can be allocated to a designated bandwidth so that the smooth network application is ensured.
Description
Technical field
The present invention relates to communication technical field, relate in particular to method, system and equipment that a kind of wireless user of control inserts.
Background technology
Along with the quickening of 3G (3rd-generation, 3G (Third Generation) Moblie technology) pace of construction, utilize WLAN (Wireless Local Area Networks, WLAN) to insert and more and more be used widely as a kind of replenishing to the 3G business.A common wlan network comprises wireless terminal (Station), AP (Access Point, access point) and AC (Access Controller, access controller).
Wherein, wireless terminal is terminals such as the PC (Person Computer, personal computer) that has wireless network card or portable notebook computer; AP is used to provide the bridging functionality of wireless client to local area network (LAN), carries out wireless wired and wired wireless frame conversion of arriving of arriving between wireless client and local area network (LAN); Wherein, AP is divided into two kinds of Fat AP (promptly usually so-called fat AP) and Fit AP (promptly common so-called thin AP), and FatAP can finish the cut-in operation of wireless clients such as user's wireless access, user right authentication, user safety strategy enforcement.FitAP then need just can provide a complete set of wireless client cut-in operation in the cooperation of AC, and wherein AC is responsible for the OAMAgent, security control of configuration monitoring, roaming management, the AP of access control, forwarding and statistics, the AP of wireless network etc.
Fig. 1 is a kind of typical wireless communications application scene, and roughly flow process comprises:
(1) wireless terminal is linked into wireless network by AP, and wireless network can be that encrypt or open; For example,, the wireless terminal that inserts is carried out access control (for FitAP, by AC the wireless terminal that inserts being carried out access control), when cryptoguard, have only the password of wireless terminal input correctly just to allow to insert by AP for FatAP.
(2) wireless terminal by FatAP/AC to BRAS (BroadbandRemoteAccessServer, Broadband Remote Access Server) initiates authentication request, can be PPPoE (Point-to-Point Protocolover Ethernet is based on the point-to-point protocol of Ethernet) authentication, Dotlx authentication, Porta1 authentication;
(3) BRAS initiates user authentication request to AAA (Authentication, Authorization, Accounting, checking, authorization and accounting) server;
(4) the aaa authentication server is to BRAS and wireless terminal return authentication result; When this wireless terminal by aaa authentication, the accesses network of then having the right, when this wireless terminal not by aaa authentication, then have no right accesses network.
For wireless network, single AP (Access Point, access point) throughput is limited, if do not control the access quantity of user under this AP, can influence user's experience, so the user that generally can limit under certain AP or the SSID (Service Set Identifier, service set) inserts, insert user's network experience down to guarantee this AP.But wireless access subscriber and authentication do not have positive connection by the user, also just say if certain AP limits 15 users down and insert, but these 15 user's major parts just are linked into wireless network, not by aaa authentication, and real hope uses the people of network last because the access customer number quantitative limitation makes have more than is needed network on the contrary.And but major part is linked into wireless network the user who initiates authentication, is not that user institute is manual, almost most of operating system all can auto-associating before once with the wireless network of visit.
Existing technical scheme has just simply limited wireless user's access quantity, and these access users do not use network, makes and really wants to use the user of network can't be linked in the wireless network, and the bandwidth of waste AP influences user's use.
Summary of the invention
The invention provides method, system and equipment that a kind of wireless user of control inserts, the access customer number amount of control AP guarantees that can each user be assigned to designated bandwidth, guarantees the user network experience effect; Guarantee really to want to use the wireless user of network to be linked in the network.
The invention provides the method that a kind of wireless user of control inserts, be applied to comprise in the system of Wireless Communication Equipment, Broadband Remote Access Server BRAS and certificate server, said method comprising the steps of:
Described Wireless Communication Equipment detects when having new wireless terminal to reach the standard grade on the subordinate AP, sends notice to described BRAS;
Described BRAS receives described notice, obtains the authentication state of described wireless terminal, and after described wireless terminal is by authentication, the user profile of described wireless terminal is sent to described Wireless Communication Equipment;
The user profile that described Wireless Communication Equipment sends according to described BRAS knows that described AP goes up the number of users that passes through authentication that inserts, and allows to insert the access of controlling subsequent user by the number of users of authentication according to the upward pre-configured maximum of described AP.
Described BRAS receives described notice, obtains the authentication state of described wireless terminal, and after described wireless terminal is by authentication, the user profile of described wireless terminal is sent to described Wireless Communication Equipment comprise:
Described BRAS is according to user's list item of described notice inquiry storage;
If store user's list item of described wireless terminal correspondence, and the authentication state of described wireless terminal passes through for authentication, and described BRAS is according to the described user's list item of described update notifications, and the user profile of described wireless terminal is sent to corresponding wireless network equipment;
If do not store user's list item of described wireless terminal correspondence, described BRAS generates user's list item of described wireless terminal according to described notice, comprises MAC, the VLAN of described wireless terminal, affiliated AC, affiliated AP and authentication state in described user's list item;
Described BRAS receives the authentication request of described wireless terminal, initiates authentication to described certificate server, and upgrades described user's list item according to the authentication result that described certificate server returns; If described wireless terminal is by authentication, described BRAS sends the user profile of described wireless terminal to described Wireless Communication Equipment.
Described Wireless Communication Equipment detects to be had new wireless terminal to reach the standard grade to comprise on the subordinate AP:
Described Wireless Communication Equipment detects new wireless terminal and reaches the standard grade by subordinate AP; Perhaps
The incidence relation that described Wireless Communication Equipment detects wireless terminal and subordinate AP moves to another AP by an AP.
The user profile that described Wireless Communication Equipment sends according to described BRAS knows that described AP goes up before the number of users that passes through authentication that inserts, and also comprises:
The message that described Wireless Communication Equipment sends described BRAS carries out legitimacy and detects;
If it is qualified to detect, described Wireless Communication Equipment is resolved described message, obtains the user profile that described message carries.
Described BRAS sends to described Wireless Communication Equipment with the user profile of described wireless terminal and comprises:
Described BRAS packing sends the user profile of passing through the wireless terminal of authentication in the time period; Perhaps
After described BRAS knew that described wireless terminal is by authentication, the user profile with described wireless terminal sent to described Wireless Communication Equipment in real time.
The invention provides a kind of Wireless Communication Equipment, be applied to comprise that described equipment comprises in the system of Wireless Communication Equipment, Broadband Remote Access Server BRAS and certificate server:
Detecting unit, whether be used to detect has new wireless terminal to reach the standard grade on the subordinate AP;
Transmit-Receive Unit is connected with described detecting unit, and the testing result that is used for described detecting unit notifies the described wireless terminal of described BRAS to reach the standard grade when being; And after described wireless terminal is by authentication, receive the user profile of the described wireless terminal of described BRAS transmission;
Control unit, be connected with described Transmit-Receive Unit, be used for knowing that according to the user profile that described Transmit-Receive Unit receives described AP goes up the number of users that passes through authentication that inserts, allow to insert the access of controlling subsequent user by the number of users of authentication according to the upward pre-configured maximum of described AP.
Described detecting unit also is used for:
Whether whether detection have new wireless terminal to reach the standard grade by subordinate AP or have or not the incidence relation of line terminal and subordinate AP to move to another AP by an AP.
Described Transmit-Receive Unit also is used for:
The message that described BRAS is sent carries out the legitimacy detection;
If it is qualified to detect, resolve described message, obtain the user profile that described message carries.
The invention provides the system that a kind of wireless user of control inserts, comprise Wireless Communication Equipment, BRAS and certificate server,
Described Wireless Communication Equipment is used to detect when having new wireless terminal to reach the standard grade on the subordinate AP, sends notice to described BRAS; The user profile that receives the described wireless terminal of described BRAS transmission knows that according to the user profile of described BRAS transmission described AP goes up the number of users that passes through authentication that inserts, and the maximum permission upward pre-configured according to described AP inserts the access of controlling subsequent user by the number of users of authentication;
Described BRAS is used to receive the notice that described Wireless Communication Equipment sends, and obtains the authentication state of described wireless terminal, and after described wireless terminal is by authentication, and the user profile of described wireless terminal is sent to described Wireless Communication Equipment.
Described BRAS also is used for:
User's list item according to described notice inquiry storage;
If store user's list item of described wireless terminal correspondence, and the authentication state of described wireless terminal passes through for authentication, according to the described user's list item of described update notifications, and the user profile of described wireless terminal sent to corresponding wireless network equipment;
If do not store user's list item of described wireless terminal correspondence, generate user's list item of described wireless terminal according to described notice, comprise MAC, the VLAN of described wireless terminal, affiliated AC, affiliated AP and authentication state in described user's list item;
Receive the authentication request of described wireless terminal, initiate authentication, and upgrade described user's list item according to the authentication result that described certificate server returns to described certificate server; If described wireless terminal by authentication, sends the user profile of described wireless terminal to described Wireless Communication Equipment.
Described BRAS also is used for:
Packing sends the user profile of passing through the wireless terminal of authentication in the time period; Perhaps
After knowing that described wireless terminal is by authentication, the user profile with described wireless terminal sends to described Wireless Communication Equipment in real time.
Compared with prior art, the present invention has the following advantages:
Among the present invention, guarantee really to want to use the wireless user of network can be linked in the wireless network by number of users by the control actual authentication; Wireless terminal user by authentication can be assigned to designated bandwidth, thereby guarantees that network application is unobstructed.
Description of drawings
Fig. 1 is a kind of typical wireless communications application scene schematic diagram in the prior art;
Fig. 2 is the method flow diagram that a kind of wireless user of control inserts among the present invention;
Fig. 3 is the mutual message format schematic diagram that uses between Wireless Communication Equipment and the BRAS among the present invention;
Fig. 4 is a kind of Wireless Communication Equipment structure chart among the present invention.
Embodiment
Core concept of the present invention is: Wireless Communication Equipment (for example FatAP or AC), and according to the user demand of wireless terminal bandwidth, the wireless terminal quantity after pass through of being provided with that corresponding A P goes up that maximum can insert authenticates; Wireless Communication Equipment inserts user's authentication state by the BRAS monitoring, and adds up the quantity of each AP by the wireless terminal of authentication; Go up the access that pre-configured maximum allows to insert the number of users control subsequent user of passing through authentication according to described AP.
The invention provides the method that a kind of wireless user of control inserts, be applied to comprise in the system of Wireless Communication Equipment, Broadband Remote Access Server BRAS and certificate server, certificate server wherein is that example is introduced with checking, authorization and accounting aaa server, described method may further comprise the steps as shown in Figure 2:
Specifically comprise: when the wireless terminal of new network access by wireless terminal or accessed network when an AP roams to other AP, Wireless Communication Equipment (for example Fat AP or AC) sends a notification message to BRAS, carries MAC, the VLAN, affiliated AC and the affiliated AP that insert wireless terminal in the described message.
BRAS receives the notification message that Wireless Communication Equipment sends, if do not store the user list item corresponding among the BRAS in advance with this wireless terminal, for example this wireless terminal is the wireless terminal of new access network, then BRAS generates according to this notification message and inserts the corresponding user's list item of wireless terminal, and is as shown in table 1:
Table 1:
| User MAC | User vlan | Affiliated AC | Affiliated AP | User AAA state |
| ??0-0-1 | ??10 | ??10.1.1.1 | ??AP1 | By |
| ??0-0-2 | ??20 | ??10.1.1.1 | ??AP2 | Do not pass through |
Comprise MAC, the VLAN that inserts wireless terminal, affiliated AC, affiliated AP and authentication state in the described list item; After described BRAS receives the authentication request of described access wireless terminal by described Wireless Communication Equipment initiation, initiate authentication to described aaa server, and upgrade described user's list item according to the authentication result that described aaa server returns, obtain the authentication state of wireless terminal.
BRAS receives the notification message that Wireless Communication Equipment sends, if find to store in advance the user list item corresponding with this wireless terminal, for example the AP of this wireless terminal association or AC change and wireless terminal does not authenticate when not rolling off the production line, stored user's list item of this wireless terminal correspondence among the BRAS, this moment, BRAS inquired about this user's list item according to this notification message, knew the authentication state of wireless terminal.BRAS also needs to upgrade corresponding user's list item according to notification message, for example, when the AP or the AC of user's association change, do not cause authenticating under the situation about rolling off the production line, the user switches to the AP2 of AC1 from the AP1 of AC1, because there is new wireless terminal to insert on the AP2, AC1 can notify BRAS, and BRAS judges that this wireless terminal has had list item, but corresponding AP changes, if user AAA state be " by ", BRAS upgrades user's list item, and sends the user information notice AC1 that reaches the standard grade.If the authentication state of the wireless terminal of storing in user's list item is " not passing through ", perhaps " still unverified ", after then BRAS receives the authentication request of wireless terminal by the Wireless Communication Equipment initiation, initiate authentication to aaa server, and obtain the authentication state of wireless terminal, and upgrade user's list item accordingly according to the authentication result that aaa server returns.
A BRAS can connect a plurality of Wireless Communication Equipment, and BRAS can know that according to the user's list item in the table 1 authenticated user is which AP from which AC comes.After determining opposite end AC, BRAS sends message by the interconnecting channel of setting up in advance with this AC to AC, carry the user profile of the wireless terminal under the AC in this message.
Wherein, the mutual message that uses between Wireless Communication Equipment and the BRAS as shown in Figure 3.When the type of mutual message is 1, for BRAS issues the mutual message of Wireless Communication Equipment, in order to notify the authentication state of certain wireless terminal, the IP address of BRAS is filled at BRAS IP/AC IP place, under AP fill complete 0, the authentication state that authentication state/wireless terminal is filled at filling field place; When the type of mutual message is 2, issue the affirmation information of BRAS for Wireless Communication Equipment.The IP address of Wireless Communication Equipment is filled at BRAS IP/AC IP place, and affiliated AP is the AP information under this user, and authentication state/filling field place fills in complete 0.
Wherein, user profile is VLAN (Virtual Local Area Network for example, VLAN), user MAC (Media Access Control, the medium access control) address, this interconnecting channel can use between the AC that realized at present and the BRAS roaming group passage to notify, and also can develop a joint-action mechanism again.
Reach the standard grade, authenticate by a Wireless Communication Equipment simultaneously for avoiding a large amount of wireless terminals of same time, frequent mutual and between BRAS and the Wireless Communication Equipment to the consumption of the equipment performance and the network bandwidth, BRAS can whenever just notify this Wireless Communication Equipment by an authenticated user immediately, can add up the authentification of user situation in a period of time, packing sends to Wireless Communication Equipment, can in order to make Wireless Communication Equipment in time control user's access quantity control, this time value is selected can not be oversize; Certainly, described BRAS also can send to described Wireless Communication Equipment in real time by the wireless terminal information of authentication.
Before the last wireless terminal quantity of Wireless Communication Equipment control AP,, the wireless terminal quantity of passing through authentication that the AP maximum can insert is set according to the user demand of user bandwidth by aaa authentication.The user profile that Wireless Communication Equipment sends according to BRAS knows that corresponding A P goes up the wireless terminal quantity by authentication, when Wireless Communication Equipment judge AP go up actual wireless terminal quantity by authentication reach or surpass that the maximum that is provided with can insert pass through the wireless terminal quantity of authentication the time, the new wireless terminal access of Wireless Communication Equipment control corresponding A P refusal.
Among the present invention, for the purpose of the safety of network, avoid the someone to forge the mutual message of BRAS and AC, the mutual message of need encrypt the mutual message of BRAS and AC, certain BRAS only being approved in the last configuration of AC (by the inner BRAS IP information of source IP, message of IP heading) through encryption, AC is last to carry out the message validity detection for the mutual message of receiving, have only the message that detects by legitimacy just further to handle, the message that detects by legitimacy does not directly abandon.Detailed process comprises: send to Wireless Communication Equipment after the user profile of the wireless terminal that BRAS will be by authentication is encrypted; After Wireless Communication Equipment receives the user profile of encryption, the message that carries this user profile is carried out legitimacy detect, if testing result is legal, Wireless Communication Equipment analytic message content is obtained user profile.If this user profile for the user by authentication, the authentication state that Wireless Communication Equipment is provided with this user is OK, simultaneously with under the Wireless Communication Equipment the quantitative value of wireless terminal by authentication add 1; If this user profile is the operation of rolling off the production line, then to refresh the authentication state of wireless terminal be NA to Wireless Communication Equipment, simultaneously with under the described Wireless Communication Equipment the quantitative value of the wireless terminal by authentication subtract 1.
In addition, when the wireless terminal authentication was rolled off the production line, BRAS was by mutual message notifying Wireless Communication Equipment, after Wireless Communication Equipment detects by legitimacy, parse user profile, and the AAA state that refreshes the user is NA, by with under this AP the number of users by AAA subtract 1.
When abnormity of wireless terminal rolls off the production line (for example directly shutdown), Wireless Communication Equipment may detect wireless terminal prior to BRAS and roll off the production line, when Wireless Communication Equipment is deleted the user profile of wireless terminal, with under this Wireless Communication Equipment the quantity of the user terminal by aaa authentication subtract 1, also can select Wireless Communication Equipment to notify this user of BRAS by mutual message rolls off the production line, BRAS handles, and this processing mode can also solve the problem that the user offline authentication mechanism short time can't be discerned in the practical application.
Certificate server in the method provided by the invention is preferably aaa server, and is suitable equally for other similar certificate servers.
By adopting method provided by the invention, the control actual authentication is guaranteed really to want to use the wireless user of network can be linked in the wireless network by number of users, wireless terminal user by aaa authentication can be assigned to designated bandwidth, thereby guarantees that network application is unobstructed.
The invention provides a kind of Wireless Communication Equipment, be applied to comprise that in the system of Wireless Communication Equipment, Broadband Remote Access Server BRAS and certificate server, as shown in Figure 4, described equipment comprises:
Whether detecting unit 11, being used to detect has new wireless terminal to reach the standard grade on the subordinate AP.Concrete, whether whether described detecting unit 11 detections have new wireless terminal to reach the standard grade by subordinate AP or have or not the incidence relation of line terminal and subordinate AP to move to another AP by an AP.
Transmit-Receive Unit 12 is connected with described detecting unit 11, and the testing result that is used for described detecting unit 11 notifies the described wireless terminal of described BRAS to reach the standard grade when being; And after described wireless terminal is by authentication, receive the user profile of the described wireless terminal of described BRAS transmission.Concrete, the message that 12 couples of described BRAS of described Transmit-Receive Unit send carries out legitimacy and detects; If it is qualified to detect, resolve described message, obtain the user profile that described message carries.
The invention provides the system that a kind of wireless user of control inserts, comprise Wireless Communication Equipment, BRAS and certificate server, wherein
Described Wireless Communication Equipment is used to detect when having new wireless terminal to reach the standard grade on the subordinate AP, sends notice to described BRAS; The user profile that receives the described wireless terminal of described BRAS transmission knows that according to the user profile of described BRAS transmission described AP goes up the number of users that passes through authentication that inserts, and the maximum permission upward pre-configured according to described AP inserts the access of controlling subsequent user by the number of users of authentication;
Described BRAS is used to receive the notice that described Wireless Communication Equipment sends, and obtains the authentication state of described wireless terminal, and after described wireless terminal is by authentication, and the user profile of described wireless terminal is sent to described Wireless Communication Equipment.
Concrete, described BRAS is according to user's list item of described notice inquiry storage; If store user's list item of described wireless terminal correspondence, and the authentication state of described wireless terminal passes through for authentication, and described BRAS is according to the described user's list item of described update notifications, and the user profile of described wireless terminal is sent to corresponding wireless network equipment; If do not store user's list item of described wireless terminal correspondence, described BRAS generates user's list item of described wireless terminal according to described notice, comprises MAC, the VLAN of described wireless terminal, affiliated AC, affiliated AP and authentication state in described user's list item.After described BRAS receives the authentication request of described wireless terminal, initiate authentication, and upgrade described user's list item according to the authentication result that described certificate server returns to described certificate server; If described wireless terminal by authentication, sends the user profile of described wireless terminal to described Wireless Communication Equipment.
When described BRAS sent to described Wireless Communication Equipment in the user profile with described wireless terminal, described BRAS packing sent the user profile of passing through the wireless terminal of authentication in the time period; After perhaps described BRAS knew that described wireless terminal is by authentication, the user profile with described wireless terminal sent to described Wireless Communication Equipment in real time.
This certificate server is specifically as follows the aaa authentication server.
By adopting system provided by the invention and equipment, the control actual authentication is guaranteed really to want to use the wireless user of network can be linked in the wireless network by number of users, wireless terminal user by authentication can be assigned to designated bandwidth, thereby guarantees that network application is unobstructed.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by hardware, also can realize by the mode that software adds necessary general hardware platform.Based on such understanding, technical scheme of the present invention can embody with the form of software product, it (can be CD-ROM that this software product can be stored in a non-volatile memory medium, USB flash disk, portable hard drive etc.) in, comprise some instructions with so that computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, module in the accompanying drawing or flow process might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device among the embodiment can be distributed in the device of embodiment according to the embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of the foregoing description can be merged into a module, also can further split into a plurality of submodules.
The invention described above sequence number is not represented the quality of embodiment just to description.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.
Claims (11)
1. control the method that the wireless user inserts for one kind, be applied to comprise in the system of Wireless Communication Equipment, Broadband Remote Access Server BRAS and certificate server, it is characterized in that, said method comprising the steps of:
Described Wireless Communication Equipment detects when having new wireless terminal to reach the standard grade on the subordinate AP, sends notice to described BRAS;
Described BRAS receives described notice, obtains the authentication state of described wireless terminal, and after described wireless terminal is by authentication, the user profile of described wireless terminal is sent to described Wireless Communication Equipment;
The user profile that described Wireless Communication Equipment sends according to described BRAS knows that described AP goes up the number of users that passes through authentication that inserts, and allows to insert the access of controlling subsequent user by the number of users of authentication according to the upward pre-configured maximum of described AP.
2. the method for claim 1, it is characterized in that described BRAS receives described notice, obtain the authentication state of described wireless terminal, and after described wireless terminal is by authentication, the user profile of described wireless terminal is sent to described Wireless Communication Equipment comprises:
Described BRAS is according to user's list item of described notice inquiry storage;
If store user's list item of described wireless terminal correspondence, and the authentication state of described wireless terminal passes through for authentication, and described BRAS is according to the described user's list item of described update notifications, and the user profile of described wireless terminal is sent to corresponding wireless network equipment;
If do not store user's list item of described wireless terminal correspondence, described BRAS generates user's list item of described wireless terminal according to described notice, comprises MAC, the VLAN of described wireless terminal, affiliated AC, affiliated AP and authentication state in described user's list item;
Described BRAS receives the authentication request of described wireless terminal, initiates authentication to described certificate server, and upgrades described user's list item according to the authentication result that described certificate server returns; If described wireless terminal is by authentication, described BRAS sends the user profile of described wireless terminal to described Wireless Communication Equipment.
3. the method for claim 1 is characterized in that, described Wireless Communication Equipment detects to be had new wireless terminal to reach the standard grade to comprise on the subordinate AP:
Described Wireless Communication Equipment detects new wireless terminal and reaches the standard grade by subordinate AP; Perhaps
The incidence relation that described Wireless Communication Equipment detects wireless terminal and subordinate AP moves to another AP by an AP.
4. as each described method among the claim 1-3, it is characterized in that the user profile that described Wireless Communication Equipment sends according to described BRAS knows that described AP goes up before the number of users that passes through authentication that inserts, and also comprises:
The message that described Wireless Communication Equipment sends described BRAS carries out legitimacy and detects;
If it is qualified to detect, described Wireless Communication Equipment is resolved described message, obtains the user profile that described message carries.
5. as each described method among the claim 1-3, it is characterized in that described BRAS sends to described Wireless Communication Equipment with the user profile of described wireless terminal and comprises:
Described BRAS packing sends the user profile of passing through the wireless terminal of authentication in the time period; Perhaps
After described BRAS knew that described wireless terminal is by authentication, the user profile with described wireless terminal sent to described Wireless Communication Equipment in real time.
6. a Wireless Communication Equipment is applied to comprise in the system of Wireless Communication Equipment, Broadband Remote Access Server BRAS and certificate server, and it is characterized in that, described equipment comprises:
Detecting unit, whether be used to detect has new wireless terminal to reach the standard grade on the subordinate AP;
Transmit-Receive Unit is connected with described detecting unit, and the testing result that is used for described detecting unit notifies the described wireless terminal of described BRAS to reach the standard grade when being; And after described wireless terminal is by authentication, receive the user profile of the described wireless terminal of described BRAS transmission;
Control unit, be connected with described Transmit-Receive Unit, be used for knowing that according to the user profile that described Transmit-Receive Unit receives described AP goes up the number of users that passes through authentication that inserts, allow to insert the access of controlling subsequent user by the number of users of authentication according to the upward pre-configured maximum of described AP.
7. equipment as claimed in claim 6 is characterized in that, described detecting unit also is used for:
Whether whether detection have new wireless terminal to reach the standard grade by subordinate AP or have or not the incidence relation of line terminal and subordinate AP to move to another AP by an AP.
8. as claim 6 or 7 described equipment, it is characterized in that described Transmit-Receive Unit also is used for:
The message that described BRAS is sent carries out the legitimacy detection;
If it is qualified to detect, resolve described message, obtain the user profile that described message carries.
9. control the system that the wireless user inserts for one kind, comprise Wireless Communication Equipment, BRAS and certificate server, it is characterized in that,
Described Wireless Communication Equipment is used to detect when having new wireless terminal to reach the standard grade on the subordinate AP, sends notice to described BRAS; The user profile that receives the described wireless terminal of described BRAS transmission knows that according to the user profile of described BRAS transmission described AP goes up the number of users that passes through authentication that inserts, and the maximum permission upward pre-configured according to described AP inserts the access of controlling subsequent user by the number of users of authentication;
Described BRAS is used to receive the notice that described Wireless Communication Equipment sends, and obtains the authentication state of described wireless terminal, and after described wireless terminal is by authentication, and the user profile of described wireless terminal is sent to described Wireless Communication Equipment.
10. system as claimed in claim 9 is characterized in that, described BRAS also is used for:
User's list item according to described notice inquiry storage;
If store user's list item of described wireless terminal correspondence, and the authentication state of described wireless terminal passes through for authentication, according to the described user's list item of described update notifications, and the user profile of described wireless terminal sent to corresponding wireless network equipment;
If do not store user's list item of described wireless terminal correspondence, generate user's list item of described wireless terminal according to described notice, comprise MAC, the VLAN of described wireless terminal, affiliated AC, affiliated AP and authentication state in described user's list item;
Receive the authentication request of described wireless terminal, initiate authentication, and upgrade described user's list item according to the authentication result that described certificate server returns to described certificate server; If described wireless terminal by authentication, sends the user profile of described wireless terminal to described Wireless Communication Equipment.
11., it is characterized in that described BRAS also is used for as claim 9 or 10 described systems:
Packing sends the user profile of passing through the wireless terminal of authentication in the time period; Perhaps
After knowing that described wireless terminal is by authentication, the user profile with described wireless terminal sends to described Wireless Communication Equipment in real time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010100010039A CN101765114B (en) | 2010-01-18 | 2010-01-18 | Method, system and equipment for controlling wireless user access |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010100010039A CN101765114B (en) | 2010-01-18 | 2010-01-18 | Method, system and equipment for controlling wireless user access |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101765114A true CN101765114A (en) | 2010-06-30 |
| CN101765114B CN101765114B (en) | 2012-11-28 |
Family
ID=42496071
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010100010039A Expired - Fee Related CN101765114B (en) | 2010-01-18 | 2010-01-18 | Method, system and equipment for controlling wireless user access |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101765114B (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101925093A (en) * | 2010-09-25 | 2010-12-22 | 杭州华三通信技术有限公司 | Method and equipment for acquiring terminal information |
| CN102281611A (en) * | 2011-07-28 | 2011-12-14 | 中国电信股份有限公司 | WLAN access control method and system thereof |
| CN102843683A (en) * | 2012-08-21 | 2012-12-26 | 北京星网锐捷网络技术有限公司 | Wireless local area network (WLAN) access method, WLAN access device and WLAN access system |
| CN102857886A (en) * | 2012-08-24 | 2013-01-02 | 北京傲天动联技术有限公司 | Information pushing system based on hot point and method thereof |
| CN102970755A (en) * | 2012-11-20 | 2013-03-13 | 无锡乾煜信息技术有限公司 | System for intelligently distributing network bandwidth of wireless local area network (WLAN) user |
| WO2013097427A1 (en) * | 2011-12-27 | 2013-07-04 | 中兴通讯股份有限公司 | Wireless communication device and method for adjusting maximum access quantity |
| CN103249120A (en) * | 2012-02-03 | 2013-08-14 | 华为终端有限公司 | Power-saving method and device for wireless fidelity WiFi access point equipment |
| CN103685285A (en) * | 2013-12-18 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | Method for limiting number of terminals under routing mode |
| WO2015003527A1 (en) * | 2013-07-11 | 2015-01-15 | 成都西加云杉科技有限公司 | Access point (ap) and system based on ap and access point controller (ac) architectures |
| CN104780121A (en) * | 2015-04-30 | 2015-07-15 | 杭州华三通信技术有限公司 | Message transmitting method and device |
| CN104883284A (en) * | 2014-02-28 | 2015-09-02 | 南京宇都通讯科技有限公司 | Hybrid network system and hybrid network access method |
| CN106028326A (en) * | 2016-05-10 | 2016-10-12 | 北京奇虎科技有限公司 | WiFi (Wireless Fidelity) configuration method and apparatus for smart watch |
| CN106506680A (en) * | 2016-11-29 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of information processing method and device |
| CN106534129A (en) * | 2016-11-18 | 2017-03-22 | 杭州华三通信技术有限公司 | Access control method and apparatus |
| CN106792797A (en) * | 2016-11-22 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | Offline processing method and radio reception device on a kind of user terminal |
| CN107370526A (en) * | 2017-09-12 | 2017-11-21 | 中国联合网络通信集团有限公司 | Data transmission method and terminal device |
| CN107911356A (en) * | 2017-11-08 | 2018-04-13 | 绵阳美菱软件技术有限公司 | A kind of smart machine finds method, apparatus, control terminal and system |
| CN108271182A (en) * | 2016-12-30 | 2018-07-10 | 华为技术服务有限公司 | A kind of method, apparatus and system of determining CPE quantity |
| CN108668337A (en) * | 2017-03-31 | 2018-10-16 | 华为技术有限公司 | Association messages processing unit and method |
| CN108966363A (en) * | 2018-08-17 | 2018-12-07 | 新华三技术有限公司 | A kind of connection method for building up and device |
| CN109067788A (en) * | 2018-09-21 | 2018-12-21 | 新华三技术有限公司 | A kind of method and device of access authentication |
| CN109861892A (en) * | 2019-03-28 | 2019-06-07 | 新华三技术有限公司 | A kind of terminal roaming method and device |
| CN111447293A (en) * | 2020-02-29 | 2020-07-24 | 新华三信息安全技术有限公司 | User statistical method, device, equipment and machine readable storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217359B (en) * | 2003-09-04 | 2010-08-25 | 华为技术有限公司 | Method, device and system of controlling wide band user on assessing the network |
| CN101119253A (en) * | 2007-06-12 | 2008-02-06 | 西安西电捷通无线网络通信有限公司 | Method and system for controlling user accessing WLAN using user hierarchy |
| CN101399726B (en) * | 2007-09-29 | 2011-09-07 | 中国电信股份有限公司 | Method for WLAN terminal authentication |
| CN101141259A (en) * | 2007-10-22 | 2008-03-12 | 杭州华三通信技术有限公司 | Method and device of access point equipment for preventing error access |
-
2010
- 2010-01-18 CN CN2010100010039A patent/CN101765114B/en not_active Expired - Fee Related
Cited By (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101925093A (en) * | 2010-09-25 | 2010-12-22 | 杭州华三通信技术有限公司 | Method and equipment for acquiring terminal information |
| CN102281611A (en) * | 2011-07-28 | 2011-12-14 | 中国电信股份有限公司 | WLAN access control method and system thereof |
| US9585050B2 (en) | 2011-12-27 | 2017-02-28 | Zte Corporation | Wireless communication device and method for adjusting maximum number of accesses thereby |
| WO2013097427A1 (en) * | 2011-12-27 | 2013-07-04 | 中兴通讯股份有限公司 | Wireless communication device and method for adjusting maximum access quantity |
| CN103249120A (en) * | 2012-02-03 | 2013-08-14 | 华为终端有限公司 | Power-saving method and device for wireless fidelity WiFi access point equipment |
| CN103249120B (en) * | 2012-02-03 | 2017-08-18 | 华为终端有限公司 | A kind of method and device of Wireless Fidelity WiFi access point apparatus power savings |
| CN102843683B (en) * | 2012-08-21 | 2015-04-22 | 北京星网锐捷网络技术有限公司 | Wireless local area network (WLAN) access method, WLAN access device and WLAN access system |
| CN102843683A (en) * | 2012-08-21 | 2012-12-26 | 北京星网锐捷网络技术有限公司 | Wireless local area network (WLAN) access method, WLAN access device and WLAN access system |
| CN102857886A (en) * | 2012-08-24 | 2013-01-02 | 北京傲天动联技术有限公司 | Information pushing system based on hot point and method thereof |
| CN102970755A (en) * | 2012-11-20 | 2013-03-13 | 无锡乾煜信息技术有限公司 | System for intelligently distributing network bandwidth of wireless local area network (WLAN) user |
| CN102970755B (en) * | 2012-11-20 | 2016-06-15 | 无锡乾煜信息技术有限公司 | The system of the smart allocation WLAN user network bandwidth |
| WO2015003527A1 (en) * | 2013-07-11 | 2015-01-15 | 成都西加云杉科技有限公司 | Access point (ap) and system based on ap and access point controller (ac) architectures |
| CN103685285B (en) * | 2013-12-18 | 2017-12-22 | 上海斐讯数据通信技术有限公司 | A kind of method that terminal quantity is limited under route pattern |
| CN103685285A (en) * | 2013-12-18 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | Method for limiting number of terminals under routing mode |
| CN104883284A (en) * | 2014-02-28 | 2015-09-02 | 南京宇都通讯科技有限公司 | Hybrid network system and hybrid network access method |
| CN104780121B (en) * | 2015-04-30 | 2018-05-08 | 新华三技术有限公司 | A kind of file transmitting method and device |
| CN104780121A (en) * | 2015-04-30 | 2015-07-15 | 杭州华三通信技术有限公司 | Message transmitting method and device |
| CN106028326A (en) * | 2016-05-10 | 2016-10-12 | 北京奇虎科技有限公司 | WiFi (Wireless Fidelity) configuration method and apparatus for smart watch |
| CN106534129A (en) * | 2016-11-18 | 2017-03-22 | 杭州华三通信技术有限公司 | Access control method and apparatus |
| CN106534129B (en) * | 2016-11-18 | 2019-10-11 | 新华三技术有限公司 | Connection control method and device |
| CN106792797B (en) * | 2016-11-22 | 2020-12-22 | 台州市吉吉知识产权运营有限公司 | Processing method for on-line and off-line of user terminal and wireless access equipment |
| CN106792797A (en) * | 2016-11-22 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | Offline processing method and radio reception device on a kind of user terminal |
| CN106506680B (en) * | 2016-11-29 | 2020-11-20 | 新华三技术有限公司 | Information processing method and device |
| CN106506680A (en) * | 2016-11-29 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of information processing method and device |
| CN108271182A (en) * | 2016-12-30 | 2018-07-10 | 华为技术服务有限公司 | A kind of method, apparatus and system of determining CPE quantity |
| CN108271182B (en) * | 2016-12-30 | 2021-05-07 | 华为技术服务有限公司 | Method, device and system for determining number of CPE (customer premises equipment) |
| CN108668337A (en) * | 2017-03-31 | 2018-10-16 | 华为技术有限公司 | Association messages processing unit and method |
| CN108668337B (en) * | 2017-03-31 | 2020-07-28 | 华为技术有限公司 | Associated message processing device and method |
| CN107370526B (en) * | 2017-09-12 | 2020-07-14 | 中国联合网络通信集团有限公司 | Data transmission method and terminal equipment |
| CN107370526A (en) * | 2017-09-12 | 2017-11-21 | 中国联合网络通信集团有限公司 | Data transmission method and terminal device |
| CN107911356B (en) * | 2017-11-08 | 2020-04-17 | 合肥美菱物联科技有限公司 | Intelligent device discovery method, device, control end and system |
| CN107911356A (en) * | 2017-11-08 | 2018-04-13 | 绵阳美菱软件技术有限公司 | A kind of smart machine finds method, apparatus, control terminal and system |
| CN108966363A (en) * | 2018-08-17 | 2018-12-07 | 新华三技术有限公司 | A kind of connection method for building up and device |
| CN109067788B (en) * | 2018-09-21 | 2020-06-09 | 新华三技术有限公司 | Access authentication method and device |
| CN109067788A (en) * | 2018-09-21 | 2018-12-21 | 新华三技术有限公司 | A kind of method and device of access authentication |
| US11743258B2 (en) | 2018-09-21 | 2023-08-29 | New H3C Technologies Co., Ltd. | Access authenticating |
| CN109861892A (en) * | 2019-03-28 | 2019-06-07 | 新华三技术有限公司 | A kind of terminal roaming method and device |
| CN111447293A (en) * | 2020-02-29 | 2020-07-24 | 新华三信息安全技术有限公司 | User statistical method, device, equipment and machine readable storage medium |
| CN111447293B (en) * | 2020-02-29 | 2022-05-27 | 新华三信息安全技术有限公司 | User statistical method, device, equipment and machine readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101765114B (en) | 2012-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101765114B (en) | Method, system and equipment for controlling wireless user access | |
| US11743728B2 (en) | Cross access login controller | |
| CN101217575B (en) | An IP address allocation and device in user end certification process | |
| KR102005408B1 (en) | Method and apparatus for registering and authenticating a device in a wireless communication system | |
| CN100539595C (en) | A kind of IP address assignment method based on the DHCP extended attribute | |
| US9967738B2 (en) | Methods and arrangements for enabling data transmission between a mobile device and a static destination address | |
| US20060117174A1 (en) | Method of auto-configuration and auto-prioritizing for wireless security domain | |
| CN101917398A (en) | Method and equipment for controlling client access authority | |
| CN112383500B (en) | Method and system for controlling access request related to screen projection equipment | |
| CN101267367A (en) | Method, system, authentication server and home device for controlling access to home network | |
| US20110055409A1 (en) | Method For Network Connection | |
| CN101150406A (en) | Network device authentication method and system and relay forward device based on 802.1x protocol | |
| CN102231725B (en) | Method, equipment and system for authenticating dynamic host configuration protocol message | |
| CN101895587A (en) | Method, device and system for preventing users from modifying IP addresses privately | |
| CN101237325B (en) | Ethernet access authentication method, downlink authentication method and Ethernet device | |
| US9258309B2 (en) | Method and system for operating a wireless access point for providing access to a network | |
| CN106954212A (en) | A kind of portal authentication method and system | |
| CN101184100A (en) | User access authentication method based on dynamic host machine configuration protocol | |
| WO2016026448A1 (en) | Method and apparatus for bandwidth on demand | |
| CN106549911A (en) | A kind of terminal access method and device | |
| CN101998405B (en) | WLAN access authentication based method for accessing services | |
| CN102075567B (en) | Authentication method, client, server, feedthrough server and authentication system | |
| CN101742502B (en) | Method, system and device for realizing WAPI authentication | |
| KR102065583B1 (en) | Method and apparatus for registering and authenticating a device in a wireless communication system | |
| KR102140671B1 (en) | Method and apparatus for registering and authenticating a device in a wireless communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121128 Termination date: 20200118 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |