CN101827366B - Method, unit and device for isolating wireless network user - Google Patents
Method, unit and device for isolating wireless network user Download PDFInfo
- Publication number
- CN101827366B CN101827366B CN201010133042.4A CN201010133042A CN101827366B CN 101827366 B CN101827366 B CN 101827366B CN 201010133042 A CN201010133042 A CN 201010133042A CN 101827366 B CN101827366 B CN 101827366B
- Authority
- CN
- China
- Prior art keywords
- interface
- judging
- source
- access point
- forwarding information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a method, a unit and a device for isolating a wireless network user. The method comprises the following steps of: acquiring forward information from a forward result after receiving a wireless data packet; judging whether a source interface and a destination interface carried in the forward information belong to the same access point (AP) or not when judging that the access point user isolation is started; and discarding the wireless data packet when judging that the source interface and the destination interface belong to the same access point. In the method, the AP user isolation is realized by judging whether the destination interface belongs to the same access point or not based on the forward information, such as six-tuple information, without using the virtual local area network (VLAN) isolation function and three-layer authentication; therefore, the method can be used for both two-layer exchange process and three-layer routing process with simple and convenient operation and implementation. In addition, the method has substantially no influence on the conventional data storage structure and data exchange and forwarding performance.
Description
Technical field
The present invention relates to the wireless network secure technical field, relate in particular to a kind of wireless network user partition method, unit and equipment.
Background technology
At existing wireless network, (Wireless Local Area Network is called for short: WLAN), because the wireless user's is mobile and uncertain, need to isolate the exchanging visit between the user such as WLAN (wireless local area network).User isolation comprises that (Access Point, be called for short: (Access Controller is called for short: the user isolation AC) same access point for the user isolation AP) and same access controller.The mode that realizes user isolation in the prior art mainly contains following three kinds:
Mode 1: same AP is inner adopt media interviews control (Media Access Controlling, be called for short: MAC) the exchanging visit control principle of layer is user-isolated, guarantees between the different user under the same AP can not two layers to communicate;
Mode 2: adopt MAC Address access control or two layers of isolation technology of networking convergence device between the different AP, such as VLAN (Virtual Local Area Network, be called for short: VLAN) etc. isolate, can not directly communicate to guarantee the user under the different AP;
(Access Control List, be called for short: three layers of cross complaint access ACL) are only had by just carrying out three layers of controlled intercommunication after the AC authentication all users to mode 3:AC by the user access control tabulation.
But in the existing user isolation technology, what have only limits to MAC Address control, and what have then needs to utilize VLAN isolation features and three layers of authentication, and operation is implemented complicated.
Summary of the invention
The invention provides a kind of wireless network user partition method, unit and equipment, in order to realize easily the wireless network user isolation.
One embodiment of the invention provides a kind of wireless network user partition method, comprising:
After receiving wireless data packet, from transmit the result, obtain forwarding information;
When judging when enabling the access point user isolation, judge whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point;
When judging described source interface and purpose interface and belong to same access point, abandon described wireless data packet.
Another embodiment of the present invention provides a kind of wireless network user isolated controlling unit, comprising:
The acquisition of information module is used for obtaining forwarding information from transmit the result after receiving wireless data packet;
The first judge module is used for judging whether to enable the access point user isolation;
The second judge module is used for judging when enabling the access point user isolation when the first judge module, judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point;
The processing data packets module is used for abandoning described wireless data packet when the second judge module is judged described source interface and purpose interface and belonged to same access point.
Yet another embodiment of the invention provides a kind of access point apparatus, comprising: above-mentioned wireless network user isolated controlling unit.
Further embodiment of this invention provides a kind of access controller device, comprising: above-mentioned wireless network user isolated controlling unit.
The present invention passes through based on forwarding information, such as hexa-atomic group of information, judge whether the purpose interface belongs to same access point and realized the AP user isolation, do not need to utilize VLAN isolation features and three layers of authentication, therefore, both can be used for two layers of exchange process, and also can be used for three layers of routing procedure, operation is easy to implement.And the method does not have impact substantially on original data store organisation, exchanges data and forwarding performance.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, the below will do one to the accompanying drawing of required use in embodiment or the description of the Prior Art and simply introduce, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the flow chart of wireless network user partition method embodiment one of the present invention;
Fig. 2 is the flow chart of wireless network user partition method embodiment two of the present invention;
Fig. 3 is the flow chart of wireless network user partition method embodiment three of the present invention;
Fig. 4 is the flow chart of wireless network user partition method embodiment four of the present invention;
Fig. 5 is the structural representation of wireless network user isolated location embodiment one of the present invention;
Fig. 6 is the structural representation of wireless network user isolated location embodiment two of the present invention;
Fig. 7 is the structural representation of wireless network user isolated location embodiment three of the present invention;
Fig. 8 is the structural representation of wireless network user isolated location embodiment four of the present invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Fig. 1 is the flow chart of wireless network user partition method embodiment one of the present invention, and as shown in the figure, the method comprises the steps:
Wherein, described forwarding result can be two layers in the exchange process the forwarding result or the forwarding result in three layers of routing procedure.Described forwarding information is specifically as follows hexa-atomic group of information, comprising: source WLAN sign, purpose WLAN sign, source MAC, target MAC (Media Access Control) address, source interface and purpose interface; Perhaps also can comprise: source vlan sign, purpose VLAN sign, source MAC, target MAC (Media Access Control) address, source interface and purpose interface.
Wherein, (Service SetIdentifier is called for short: SSID) normally concern one to one, know that namely one of WLAN sign, VLAN sign or SSID just can know other two by inference with the Services Composition identification code for WLAN sign and VLAN sign.
Wherein, the AP user isolation refers to realize at an AP isolation of wireless network user, whether enable the AP user isolation and judge according to user's configuration information, for example (CommandLine Interface is called for short: CLI) and WEB configuration etc. Command Line Interface.Particularly, for fat (Fat) AP framework, this deterministic process can only realize at AP; For thin (Fit) AP framework, this deterministic process both can realize at AP, also can realize at AC.
In addition, if do not enable the AP user isolation, the direct described wireless data packet of transmission process then specifically can be referring to the explanation of following relevant step 320; Perhaps also can continue to judge whether to enable ac user's isolation, specifically can be referring to the explanation of following relevant step 400.
Wherein, because AP is used for the wireless data packet that receives is forwarded to another interface from an interface, therefore, described source interface must belong to the AP that receives this wireless data packet, and whether the purpose interface also belongs to this AP then needs to judge by this step; Described same access point refers to receive the AP of described wireless data packet.Particularly, can judge by interface attributes that fat AP framework and thin AP architecture are all applicable.
Described hereinly judge whether source interface and purpose interface belong to same AP and prior art and judge by mac address table whether source interface and purpose interface is identical different, prior art is based on two layers of retransmission technique and searches interface, and the described method of present embodiment is based on forwarding information, such as hexa-atomic group of information, therefore both two layers of exchange process can be used for, also three layers of routing procedure can be used for.
Belong to same access point if judge the source interface and the purpose interface that carry in the described forwarding information, then need to carry out the AP user isolation, therefore abandon this wireless data packet.
Do not belong to same access point if judge the source interface and the purpose interface that carry in the described forwarding information, then need not to carry out the AP user isolation, and normal transmission and processing process is carried out in continuation, for example, with the configuration according to practical application, this wireless data packet is passed to other AP, perhaps pass to AC or directly pass to wireless user under the current AP etc.
The described method of present embodiment does not need to utilize VLAN isolation features and three layers of authentication by judging whether the purpose interface belongs to same access point and realized the AP user isolation, and therefore, operation is easy to implement.And the method does not have impact substantially on original data store organisation, exchanges data and forwarding performance.
In addition, the method both can be applied to fat AP framework, can be applied to thin AP architecture again, and for thin AP architecture, the method can share a cover software code, both can implement at the AP end, also can implement at the AC end, even can hold and the enforcement of AC two ends by AP, therefore have higher flexibility.
Fig. 2 is the flow chart of wireless network user partition method embodiment two of the present invention, and present embodiment comprises the steps: after the step 200 of said method embodiment one
Wherein, described source network sign and described purpose network identity are respectively source WLAN sign and purpose WLAN sign, perhaps are respectively source vlan sign and purpose VLAN sign.The identical same wlan network of WLAN sign expression, the different different wlan networks of WLAN sign expression; Similarly, the identical same vlan network of VLAN sign expression, the different different vlan networks of VLAN sign expression.
When judging source network sign when identical with the purpose network identity, still can not determine fully to carry out the AP user isolation, therefore, the judgement in also need carry out this step.
Belong to same access point if judge the source interface and the purpose interface that carry in the described forwarding information, then need to carry out the AP user isolation, therefore abandon this wireless data packet.
When judging source network sign when not identical with the purpose network identity, show that then this wireless data packet that AP receives will be transmitted to AP or the AC that is in heterogeneous networks, and certainly not be transmitted to this AP, and therefore need not to carry out the AP user isolation, only need to continue to carry out normal transmission and processing process.Present embodiment is described judged first before judging source interface and whether the purpose interface belongs to same access point whether the source network sign is identical with the purpose network identity, when judging source network sign when not identical with the purpose network identity, then show to need not to carry out the AP user isolation, therefore can no longer continue to carry out and judge whether source interface and purpose interface belong to the step of same access point.Identical process is more complicated because the process of judging interface ownership is than judging sign, therefore, for the decision operation that interface belongs to, is conducive to further improve the convenience of AP user isolation process by minimizing.
Fig. 3 is the flow chart of wireless network user partition method embodiment three of the present invention, as shown in the figure, comprises the steps:
Need to prove that herein step 300 and each step is all identical with content among said method embodiment one or two thereafter repeats no more, and in addition, limits owing to length, also no longer repeats plot step 300 among Fig. 3 and reaches thereafter each step herein.
Step 400 judges whether to enable ac user's isolation, if enable, then execution in step 410, otherwise execution in step 320.
Wherein, ac user's isolation refers to realize at an AC isolation of wireless network user, owing to do not have independently AC equipment in the fat AP framework, therefore, in fact present embodiment is only applicable to the situation of thin AP architecture.For thin AP architecture, this deterministic process both can realize at AP, also can realize at AC.In addition, whether enable the ac user and isolate and to judge according to user's configuration information, such as CLI and WEB configuration etc.
Step 410 judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same AC, if belong to, then execution in step 411, otherwise execution in step 320.
Wherein, because AC is used for from AP receiving radio data bag, and this wireless data packet that will receive is forwarded to another interface from an interface, therefore, described source interface must belong to the AC that receives this wireless data packet, and whether the purpose interface also belongs to this AC then needs to judge by this step; Described same AC refers to receive the AC of described wireless data packet.Particularly, can judge by interface attributes, and be only applicable to thin AP architecture.
Step 411 abandons described wireless data packet.
Belong to same AC if judge the source interface and the purpose interface that carry in the described forwarding information, then need to carry out ac user's isolation, therefore abandon this wireless data packet.
Do not belong to same AC if judge the source interface and the purpose interface that carry in the described forwarding information, then need not to carry out ac user's isolation, and continue to carry out normal transmission and processing process.
The described method of present embodiment by judging whether the purpose interface belongs to same AC and realized ac user's isolation, does not need to utilize VLAN isolation features and three layers of authentication for thin AP architecture, and therefore, operation is easy to implement.And the method does not have impact substantially on original data store organisation, exchanges data and forwarding performance.
Fig. 4 is the flow chart of wireless network user partition method embodiment four of the present invention, and present embodiment comprises the steps: after the step 400 of said method embodiment three
Step 405 judges whether the source network sign of carrying in the described forwarding information is identical with the purpose network identity, if identical, then execution in step 410, otherwise execution in step 320.
Wherein, described source network sign and described purpose network identity are respectively source WLAN sign and purpose WLAN sign, perhaps are respectively source vlan sign and purpose VLAN sign.The identical same wlan network of WLAN sign expression, the different different wlan networks of WLAN sign expression; Similarly, the identical same vlan network of VLAN sign expression, the different different vlan networks of VLAN sign expression.
Step 410 judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same AC, if belong to, then execution in step 411, otherwise execution in step 320.
When judging source network sign when identical with the purpose network identity, still can not determine fully to carry out the AP user isolation, therefore, the judgement in also need carry out this step.
Step 411 abandons described wireless data packet.
Belong to same AC if judge the source interface and the purpose interface that carry in the described forwarding information, then need to carry out ac user's isolation, therefore abandon this wireless data packet.
Do not belong to same AC if judge the source interface and the purpose interface that carry in the described forwarding information, then need not to carry out ac user's isolation, and continue to carry out normal transmission and processing process.
The described method of present embodiment judged first before judging source interface and whether the purpose interface belongs to same AC whether the source network sign is identical with the purpose network identity, when judging source network sign when not identical with the purpose network identity, then show to need not to carry out ac user's isolation, therefore can no longer continue to carry out and judge whether source interface and purpose interface belong to the step of same AC.Identical process is more complicated because the process of judging interface ownership is than judging sign, therefore, for the decision operation that interface belongs to, is conducive to further improve the convenience of ac user's isolation processes by minimizing.
Fig. 5 is the structural representation of wireless network user isolated controlling unit embodiment one of the present invention, as shown in the figure, this wireless network user isolated controlling unit 10 comprises: acquisition of information module 11, the first judge module 12, the second judge module 13 and processing data packets module 14, and its operation principle is as follows:
After wireless network user isolated controlling unit 10 receives wireless data packet, from transmit the result, obtain forwarding information by acquisition of information module 11, wherein, described forwarding result can be two layers in the exchange process the forwarding result or the forwarding result in three layers of routing procedure, described forwarding information is specifically as follows hexa-atomic group of information etc.;
The first judge module 12 judges whether to enable the access point user isolation, particularly, can judge according to user's configuration information; The first judge module 12 is judged when enabling the AP user isolation, judges by the second judge module 13 whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point; When the second judge module 13 is judged described source interface and purpose interface and belonged to same access point, abandon described wireless data packet by processing data packets module 14.
The described unit of present embodiment does not need to utilize VLAN isolation features and three layers of authentication by judging whether the purpose interface belongs to same access point and realized the AP user isolation, and therefore, operation is easy to implement.And, original data store organisation, exchanges data and forwarding performance are not had impact substantially.
Fig. 6 is the structural representation of wireless network user isolated controlling unit embodiment two of the present invention, and as shown in the figure, this wireless network user isolated controlling unit 10 further comprises the 3rd judge module 15, and its operation principle is as follows:
Above-mentioned acquisition of information module 11 is obtained after the forwarding information from transmit the result, first judge by the 3rd judge module 15 source network that carries in the described forwarding information that acquisition of information module 11 obtains identifies whether identical with the purpose network identity, wherein, described source network sign and described purpose network identity are respectively source WLAN sign and purpose WLAN sign, perhaps are respectively source vlan sign and purpose VLAN sign;
After this, judge described source network sign when identical with the purpose network identity when the 3rd judge module 15, judge by described the second judge module 13 whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point.
The described unit of present embodiment is by increasing by the 3rd judge module 15, before judging source interface and whether the purpose interface belongs to same access point, the second judge module 13 judges first whether the source network sign is identical with the purpose network identity, when judging source network sign when not identical with the purpose network identity, then show to need not to carry out the AP user isolation, therefore can no longer continue to carry out and judge whether source interface and purpose interface belong to the step of same access point.Identical process is more complicated because the process of judging interface ownership is than judging sign, therefore, for the decision operation that interface belongs to, is conducive to further improve the convenience of AP user isolation process by minimizing.
Need in addition to illustrate, wireless network user isolated controlling unit 10 described in above-described embodiment one and the embodiment two both can be arranged in the AP equipment of fat AP framework, perhaps also can be arranged in the AP equipment and/or AC equipment in the thin AP architecture, and AP equipment and AC equipment can share a cover software code, therefore have higher flexibility.
Fig. 7 is the structural representation of wireless network user isolated controlling unit embodiment three of the present invention, as shown in the figure, this wireless network user isolated controlling unit 10 further comprises the 4th judge module 16 and the 5th judge module 17 on the basis of above-described embodiment one or embodiment two, its operation principle is as follows:
Judge when not enabling the access point user isolation when the first judge module 12, the 4th judge module 16 further judges whether to enable the access controller user isolation, particularly, can judge according to user's configuration information such as CLI and WEB configuration etc.; Judge when enabling the access controller user isolation when the 4th judge module 16, judge by the 5th judge module 17 whether the source interface and the purpose interface that carry in the described forwarding information belong to same access controller; When the 5th judge module 17 is judged described source interface and purpose interface and belonged to same access controller, abandon described wireless data packet by processing data packets module 14.
The described unit of present embodiment by judging whether the purpose interface belongs to same AC and realized ac user's isolation, does not need to utilize VLAN isolation features and three layers of authentication for thin AP architecture, and therefore, operation is easy to implement.And, original data store organisation, exchanges data and forwarding performance are not had impact substantially.
Fig. 8 is the structural representation of wireless network user isolated controlling unit embodiment four of the present invention, as shown in the figure, this wireless network user isolated controlling unit 10 further comprises the 6th judge module 18 and the 5th judge module 17 on the basis of above-described embodiment three, its operation principle is as follows:
When the 4th judge module 16 is judged when enabling the access controller user isolation, judge by the 6th judge module 18 source network that carries in the described forwarding information identifies whether identical with the purpose network identity first; After this, judge described source network sign when identical with the purpose network identity when the 6th judge module 18, judge by described the 5th judge module 17 whether the source interface and the purpose interface that carry in the described forwarding information belong to same access controller again.
The described unit of present embodiment is by further arranging the 6th judge module 18, judged first before judging source interface and whether the purpose interface belongs to same AC by the 5th judge module 17 whether the source network sign is identical with the purpose network identity, when judging source network sign when not identical with the purpose network identity, then show to need not to carry out ac user's isolation, therefore can no longer continue to carry out and judge whether source interface and purpose interface belong to the step of same AC.Identical process is more complicated because the process of judging interface ownership is than judging sign, therefore, for the decision operation that interface belongs to, is conducive to further improve the convenience of ac user's isolation processes by minimizing.
Wherein, ac user's isolation refers to realize at an AC isolation of wireless network user, owing to do not have independently AC equipment in the fat AP framework, therefore, the described wireless network user isolated controlling of present embodiment unit 10 only is suitable for being arranged in the AP equipment and/or AC equipment in the thin AP architecture.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: the various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (11)
1. a wireless network user partition method is characterized in that, comprising:
After receiving wireless data packet, from transmit the result, obtain forwarding information;
When judging when enabling the access point user isolation, judge whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point;
When judging described source interface and purpose interface and belong to same access point, abandon described wireless data packet.
2. method according to claim 1 is characterized in that, judges the source interface that carries in the described forwarding information and purpose interface also comprise before whether belonging to same access point:
Judge whether the source network sign of carrying in the described forwarding information is identical with the purpose network identity;
When judging described source network sign when identical with the purpose network identity, carry out the described step of judging whether the source interface that carries in the described forwarding information and purpose interface belong to same access point.
3. method according to claim 2 is characterized in that, also comprises:
When judging when not enabling the access point user isolation, judge whether to enable the access controller user isolation;
When judging when enabling the access controller user isolation, judge whether the source interface and the purpose interface that carry in the described forwarding information belong to same access controller;
When judging described source interface and purpose interface and belong to same access controller, abandon described wireless data packet.
4. method according to claim 3 is characterized in that, judges the source interface that carries in the described forwarding information and purpose interface also comprise before whether belonging to same access controller:
Judge whether the source network sign of carrying in the described forwarding information is identical with the purpose network identity;
When judging described source network sign when identical with the purpose network identity, carry out the described step of judging whether the source interface that carries in the described forwarding information and purpose interface belong to same access controller.
5. arbitrary described method according to claim 2~4 is characterized in that: described source network sign and described purpose network identity are respectively source WLAN sign and purpose WLAN sign, perhaps are respectively source vlan sign and purpose VLAN sign.
6. a wireless network user isolated controlling unit is characterized in that, comprising:
The acquisition of information module is used for obtaining forwarding information from transmit the result after receiving wireless data packet;
The first judge module is used for judging whether to enable the access point user isolation;
The second judge module is used for judging when enabling the access point user isolation when the first judge module, judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point;
The processing data packets module is used for abandoning described wireless data packet when the second judge module is judged described source interface and purpose interface and belonged to same access point.
7. wireless network user isolated controlling according to claim 6 unit is characterized in that, also comprises:
The 3rd judge module is used for judging the source network that described forwarding information that the acquisition of information module is obtained carries identifies whether identical with the purpose network identity;
Described the second judge module also is used for judging described source network when the 3rd judge module and identifies when identical with the purpose network identity, judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same access point.
8. according to claim 6 or 7 described wireless network user isolated controlling unit, it is characterized in that, also comprise:
The 4th judge module is used for judging when not enabling the access point user isolation when the first judge module, judges whether to enable the access controller user isolation;
The 5th judge module is used for judging when enabling the access controller user isolation when the 4th judge module, judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same access controller;
Described processing data packets module also is used for abandoning described wireless data packet when the 5th judge module is judged described source interface and purpose interface and belonged to same access controller.
9. wireless network user isolated controlling according to claim 8 unit is characterized in that, also comprises:
The 6th judge module is used for judging the source network that described forwarding information carries identifies whether identical with the purpose network identity;
Described the 5th judge module also is used for judging described source network when the 6th judge module and identifies when identical with the purpose network identity, judges whether the source interface and the purpose interface that carry in the described forwarding information belong to same access controller.
10. an access point apparatus is characterized in that, comprising: arbitrary described wireless network user isolated controlling unit in the claim 6~9.
11. an access controller device is characterized in that comprising: arbitrary described wireless network user isolated controlling unit in the claim 6~9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010133042.4A CN101827366B (en) | 2010-03-24 | 2010-03-24 | Method, unit and device for isolating wireless network user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010133042.4A CN101827366B (en) | 2010-03-24 | 2010-03-24 | Method, unit and device for isolating wireless network user |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101827366A CN101827366A (en) | 2010-09-08 |
| CN101827366B true CN101827366B (en) | 2013-03-13 |
Family
ID=42691016
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010133042.4A Active CN101827366B (en) | 2010-03-24 | 2010-03-24 | Method, unit and device for isolating wireless network user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101827366B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103533536B (en) * | 2012-07-06 | 2019-05-10 | 深圳市共进电子股份有限公司 | Wireless aps partition method and wireless aps |
| WO2014172869A1 (en) * | 2013-04-25 | 2014-10-30 | 华为技术有限公司 | Method, device and system for communication in virtual local area network |
| CN105897712A (en) * | 2016-04-11 | 2016-08-24 | 深圳市信锐网科技术有限公司 | Packet forwarding method and device based on wireless hotspot |
| CN106878986B (en) * | 2017-01-05 | 2021-03-26 | 新华三技术有限公司 | User isolation method and device |
| CN109302466B (en) * | 2018-09-18 | 2021-10-26 | 华为技术有限公司 | Data processing method, related device and computer storage medium |
| CN109981462B (en) * | 2019-03-28 | 2021-06-22 | 新华三技术有限公司 | Message processing method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1414742A (en) * | 2002-12-03 | 2003-04-30 | 北京朗通环球科技有限公司 | Method of isolating user in radio local network |
| CN1464693A (en) * | 2002-06-06 | 2003-12-31 | 华为技术有限公司 | Method for controlling port interactive access of Ethernet switch chip |
| CN1561042A (en) * | 2004-02-17 | 2005-01-05 | 中兴通讯股份有限公司 | Method of managing mobile terminal by radio local network insertion point equipment |
| EP1853021A1 (en) * | 2006-05-05 | 2007-11-07 | Broadcom Corporation | Switching network supporting media rights management |
-
2010
- 2010-03-24 CN CN201010133042.4A patent/CN101827366B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1464693A (en) * | 2002-06-06 | 2003-12-31 | 华为技术有限公司 | Method for controlling port interactive access of Ethernet switch chip |
| CN1414742A (en) * | 2002-12-03 | 2003-04-30 | 北京朗通环球科技有限公司 | Method of isolating user in radio local network |
| CN1561042A (en) * | 2004-02-17 | 2005-01-05 | 中兴通讯股份有限公司 | Method of managing mobile terminal by radio local network insertion point equipment |
| EP1853021A1 (en) * | 2006-05-05 | 2007-11-07 | Broadcom Corporation | Switching network supporting media rights management |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101827366A (en) | 2010-09-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101596541B1 (en) | An address resolution optimization procedure to effect a gradual cutover from a provider bridge network to a vpls or provider backbone bridging network | |
| EP2901630B1 (en) | Method operating in a fixed access network and user equipments | |
| CN103795602B (en) | Network strategy configuration method and device of virtual network | |
| CN101827366B (en) | Method, unit and device for isolating wireless network user | |
| CN101022394B (en) | Method for realizing virtual local network aggregating and converging exchanger | |
| JP4587446B2 (en) | NETWORK SYSTEM, SWITCH DEVICE, ROUTE MANAGEMENT SERVER, ITS CONTROL METHOD, COMPUTER PROGRAM, AND COMPUTER-READABLE STORAGE MEDIUM | |
| CN101741742B (en) | Message processing method, access equipment and communication system | |
| US20140230044A1 (en) | Method and Related Apparatus for Authenticating Access of Virtual Private Cloud | |
| CN103841024B (en) | A kind of home gateway realizes the method and home gateway of data distribution | |
| US20100290391A1 (en) | Apparatus and method for accessing multiple wireless networks | |
| JP6893583B2 (en) | Select designated forwarder | |
| JP4279300B2 (en) | Network virtualization apparatus and network virtualization program | |
| CN101635702B (en) | Method for forwarding data packet using security strategy | |
| CN100586088C (en) | Method for realizing virtual LAN aggregation and aggregation exchanger | |
| CN107154898A (en) | A kind of connection control method and device | |
| EP2218214B1 (en) | Network location service | |
| CN101132330A (en) | User access system and method for mobile virtual special network | |
| CN112333713A (en) | 5G ad hoc network system, ad hoc network method, computer device and storage medium | |
| CN102098278A (en) | Subscriber access method and system as well as access server and device | |
| CN101908996A (en) | Method for accessing private network and data transmission method, device and system | |
| CN103368847A (en) | Broadband convergence communication method and router | |
| CN103684838B (en) | A method, an apparatus, a system for configuring a network strategy of a virtual machine | |
| EP1504322B1 (en) | System and method for a routing device to securely share network data with a host utilizing a hardware firewall | |
| CN101442491B (en) | Route transmission method and routing device for nesting VPN | |
| CN101447927B (en) | Method and routing device for three-layer isolation of user terminals |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |