CN101383746A - Access control method and system for wireless network - Google Patents
Access control method and system for wireless network Download PDFInfo
- Publication number
- CN101383746A CN101383746A CNA2008102244679A CN200810224467A CN101383746A CN 101383746 A CN101383746 A CN 101383746A CN A2008102244679 A CNA2008102244679 A CN A2008102244679A CN 200810224467 A CN200810224467 A CN 200810224467A CN 101383746 A CN101383746 A CN 101383746A
- Authority
- CN
- China
- Prior art keywords
- user information
- wireless network
- mac address
- user
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000001360 synchronised effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a method and a system for controlling the access of a wireless network, wherein the method comprises: a certificate server obtains user information and the MAC address which is provided when the user logs in the wireless network accessing, creates the corresponding relation between the user information and the MAC address or updates the established corresponding relation containing the user information, and sends the MAC address corresponding to the user information to a wireless network controller; the wireless network controller uses the received MAC address to update an access-permitting list stored in the wireless network controller, and allows the MAC address to permit a user terminal in the access-permitting list to access the wireless network. By the invention, the MAC address of the user who logs in the wireless network accessing can be more conveniently managed.
Description
Technical Field
The present invention relates to wireless network technologies, and in particular, to a method and a system for controlling access to a wireless network.
Background
Generally, an access control method of a wireless network is performed by filtering a MAC address of a user terminal, an allowed access list, which is called a white list, is configured on a wireless network controller, and if the MAC address of the user terminal requesting to access the wireless network is in the allowed access list, the user terminal is allowed to access the wireless network, otherwise, the user terminal is denied to access the wireless network.
However, in the prior art, the allowed access list is manually configured on the radio network controller by the network manager according to the MAC address provided by the user when registering the radio network access, and once the number of users registering the radio network access is large, it is very tedious and complicated to manually configure the allowed access list on the radio network controller. For example, if a MAC address provided by a user for registering wireless network access changes, the network manager needs to manually search for the MAC address originally used by the user, and replace the MAC address originally used with the changed MAC address. Since no user information exists on the radio network controller, it is obviously very difficult to find the MAC address originally used by the user among the large number of MAC addresses in the allowed access list.
Disclosure of Invention
In view of this, the present invention provides a method and a system for controlling access to a wireless network, so as to conveniently manage a MAC address used by a user registering access to the wireless network.
A method of access control for a wireless network, the method comprising:
the authentication server acquires user information and an MAC address provided by a user when the user registers wireless network access, establishes a corresponding relation between the user information and the MAC address or updates the established corresponding relation containing the user information, and sends the MAC addresses corresponding to all the user information to a wireless network controller;
and the wireless network controller updates the access allowing list stored by the wireless network controller by using the received MAC address, and allows the user terminal in the access allowing list to access the wireless network after the MAC address is updated.
An access control system for a wireless network, the system comprising: an authentication server and a radio network controller;
the authentication server is used for acquiring user information and an MAC address provided by the user when the user registers wireless network access, establishing a corresponding relation between the user information and the MAC address or updating the established corresponding relation containing the user information, and sending the MAC addresses corresponding to all the user information to the wireless network controller;
and the wireless network controller is used for updating the allowed access list stored by the wireless network controller by using the received MAC address and allowing the user terminal with the MAC address in the allowed access list to access the wireless network.
It can be seen from the above technical solutions that, in the method and system provided in the embodiments of the present invention, by using the characteristic that the authentication server can manage in combination with the user information, the access control to the wireless network on the wireless network controller is transferred to the authentication server, and the MAC address in the allowed access list on the wireless network controller is configured by the authentication server, so that when the MAC address provided when the user registers the wireless network access is changed, the MAC address corresponding to the user information on the authentication server can be conveniently updated by using the user information, and the allowed access list of the wireless network controller is updated by sending the MAC addresses corresponding to all the user information to the wireless network controller, without modifying the changed MAC address on the wireless network controller manually as in the prior art without user information on the wireless network controller, the invention can more conveniently manage the MAC address used by the registered wireless network access user.
Drawings
FIG. 1 is a flow chart of a method provided by an embodiment of the present invention;
fig. 2 is a system structure diagram provided in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
The method provided by the invention mainly comprises the following steps: the authentication server acquires user information and an MAC address provided by the user when the user registers wireless network access, establishes a corresponding relation between the user information and the MAC address or updates the established corresponding relation containing the user information, and sends the MAC addresses corresponding to all the user information to the wireless network controller; the wireless network controller updates the allowed access list stored by the wireless network controller by using the received MAC address, and allows the user terminal in the access list to access the wireless network after the MAC address is updated.
The above method is described in detail with reference to specific examples. Fig. 1 is a flowchart of a method provided in an embodiment of the present invention, and as shown in fig. 1, the method may include the following steps:
step 101: the automatic proxy server provides a registration page for the user terminal used by the user to register the wireless network access of the user, and acquires the user information input by the user on the registration page and the MAC address of the used user terminal.
In this step, the user may register wireless network access through a registration page provided by the automatic proxy server, on which the user inputs user information and the MAC address of the user terminal used.
Step 102: and the automatic proxy server synchronizes the acquired user information and the MAC address to the authentication server.
Step 103: the authentication server establishes a corresponding relationship between the user information and the MAC address by using the synchronized user information and MAC address.
The authentication server can directly obtain the user information and the MAC address configured in the authentication server by the network manager, besides obtaining the user information and the MAC address information of the user terminal through the manners of step 101 and step 102, which requires the network manager to configure the user information and the MAC address registered for the wireless network access in the authentication server in advance.
In addition, before the establishing the corresponding relationship between the user information and the MAC address, the method may further include: the authentication server judges whether the corresponding relation containing the user information is established by the authentication server, if not, the step of establishing the corresponding relation between the user information and the MAC address is executed; and if so, updating the established corresponding relation containing the user information.
If the authentication server judges that the corresponding relation containing the user information is established, whether the MAC address corresponding to the user information is consistent with the obtained MAC address in the established corresponding relation containing the user information can be firstly established, and if so, the established corresponding relation is not required to be updated; and if not, updating the MAC address corresponding to the user information in the established corresponding relation into the obtained MAC address.
Step 104: the authentication server provides the MAC address corresponding to the stored used user information to the network management server through the internal interface.
Step 105: the network management server forwards the received MAC address to the wireless network controller through a Simple Network Management Protocol (SNMP) message.
The network management server may also forward the received MAC address to the radio network controller via a TELNET (TELNET) message.
In addition, except for the manner of sending the MAC addresses corresponding to all the user information to the radio network controller through the network management server in step 104 and step 105, if an available interface exists between the authentication server and the radio network controller, the authentication server may also directly send the MAC addresses corresponding to all the user information to the radio network controller.
Step 106: the radio network controller updates its stored allowed access list with the received MAC address.
Once receiving the MAC address sent by the network management server or the authentication server, the wireless network controller updates the access permission list stored by the wireless network controller by using the received MAC address, so that the latest user terminal MAC address used by the registered wireless network access user is kept stored in the access permission list stored by the wireless network controller.
Step 107: and when a wireless access request sent by the user terminal is received, if the MAC address of the user terminal is in the access allowing list, allowing the user terminal to access the wireless network, otherwise, refusing the user terminal to access the wireless network.
The operation of step 107 is the same as the processing of the rnc in the prior art, and is not described herein.
The above is a description of the method provided by the present invention, and the following is a description of the system provided by the present invention. Fig. 2 is a system structure diagram provided in the embodiment of the present invention, and as shown in fig. 2, the system mainly includes: an authentication server 201 and a radio network controller 202.
The authentication server 201 is configured to obtain user information and a MAC address provided by the user when registering wireless network access, establish a corresponding relationship between the user information and the MAC address or update the established corresponding relationship containing the user information, and send the MAC addresses corresponding to all the user information to the wireless network controller 202.
And a radio network controller 202, configured to update the allowed access list stored in the radio network controller 202 with the received MAC address, and allow the user terminal with the MAC address in the allowed access list to access the radio network.
The authentication server 201 may obtain user information configured in the authentication server 201 by the network manager and an MAC address provided by the user when registering wireless network access, and may also obtain the user information and the MAC address through the automatic proxy server, at this time, the system may further include: the automatic proxy server 203 is used for providing a registration page for the user, acquiring the user information input by the user on the registration page and the MAC address provided when the wireless network access is registered, and synchronizing the acquired user information and the MAC address to the authentication server 201.
The authentication server 201 is further configured to obtain the user information and the MAC address synchronized by the automatic proxy server 203.
Further, the authentication server 201 may be further configured to determine whether the corresponding relationship including the user information has been established after acquiring the user information and the MAC address provided by the user when registering the wireless network access, and if not, perform an operation of establishing the corresponding relationship between the user information and the MAC address, and if so, perform an operation of updating the established corresponding relationship including the user information.
When sending the MAC addresses corresponding to all the user information to the rnc, the authentication server 201 may directly send the MAC addresses to the rnc, or may forward the MAC addresses to the rnc through the network management server, and at this time, the system may further include: and the network management server 204 is configured to receive the MAC addresses corresponding to all the user information sent by the authentication server 201 and forward the MAC addresses to the radio network controller 202.
The network management server 204 can obtain the MAC addresses corresponding to all the user information through the internal interface between the network management server and the authentication server, and forward the MAC addresses corresponding to all the user information to the radio network controller 202 through the SNMP message or the TELNET message.
It can be seen from the above description that, the method and system provided in the embodiments of the present invention transfer access control to a wireless network on a wireless network controller to an authentication server by using the characteristic that the authentication server can manage in combination with user information, configure MAC addresses in an allowed access list on the wireless network controller through the authentication server, so that when a MAC address provided by a user registering for wireless network access changes, the MAC address corresponding to the user information on the authentication server can be conveniently updated by using the user information, and the allowed access list of the wireless network controller is updated by sending the MAC addresses corresponding to all user information to the wireless network controller, without manually modifying the changed MAC address on the wireless network controller without user information as in the prior art, the invention can more conveniently manage the MAC address of the registered wireless network access user.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. An access control method for a wireless network, the method comprising:
the authentication server acquires user information and an MAC address provided by a user when the user registers wireless network access, establishes a corresponding relation between the user information and the MAC address or updates the established corresponding relation containing the user information, and sends the MAC addresses corresponding to all the user information to a wireless network controller;
and the wireless network controller updates the access allowing list stored by the wireless network controller by using the received MAC address, and allows the user terminal in the access allowing list to access the wireless network after the MAC address is updated.
2. The method of claim 1, wherein the obtaining the user information and the MAC address provided by the user when registering the wireless network access specifically comprises the steps that the authentication server obtains the user information configured in the authentication server by a network manager and the MAC address provided by the user when registering the wireless network access; or,
the automatic proxy server provides a registration page for the user, acquires user information input by the user on the registration page and an MAC address provided when the user registers wireless network access, and synchronizes the acquired user information and the MAC address to the authentication server.
3. The method according to claim 1, wherein after the step of performing the acquisition, further comprising the steps of determining whether a correspondence containing the user information has been established, and if not, performing the step of establishing a correspondence between the user information and the MAC address; and if so, updating the established corresponding relation containing the user information.
4. The method according to claim 3, before updating the established correspondence relationship containing the user information, further comprising judging whether the MAC address corresponding to the user information is consistent with the obtained MAC address in the established correspondence relationship containing the user information, if so, not executing the updating of the established correspondence relationship containing the user information; and if the user information is inconsistent with the user information, executing the corresponding relation which is established by updating and contains the user information.
5. The method according to claim 1, wherein the sending the MAC addresses corresponding to all the user information to the RNC specifically comprises the authentication server directly sending the MAC addresses corresponding to all the user information to the RNC; or,
and the authentication server forwards the MAC addresses corresponding to all the user information to the wireless network controller through the network management server.
6. The method of claim 5, wherein forwarding the MAC addresses corresponding to all user information to the RNC through a network management server is that the authentication server sends the MAC addresses corresponding to all user information to the network management server through an internal interface between the authentication server and the network management server, and the network management server sends the MAC addresses corresponding to all user information to the RNC through a Simple Network Management Protocol (SNMP) message or a TELNET (Telnet) message.
7. An access control system of a wireless network is characterized by comprising an authentication server and a wireless network controller;
the authentication server is used for acquiring user information and an MAC address provided by the user when the user registers wireless network access, establishing a corresponding relation between the user information and the MAC address or updating the established corresponding relation containing the user information, and sending the MAC addresses corresponding to all the user information to the wireless network controller;
and the wireless network controller is used for updating the allowed access list stored by the wireless network controller by using the received MAC address and allowing the user terminal with the MAC address in the allowed access list to access the wireless network.
8. The system of claim 7, further comprising an automatic proxy server for providing a registration page to the user, acquiring user information input by the user on the registration page and a MAC address provided when registering wireless network access, and synchronizing the acquired user information and MAC address to the authentication server;
the authentication server is further configured to acquire the user information and the MAC address synchronized by the automatic proxy server.
9. The system according to claim 7, wherein the authentication server is further configured to determine whether a corresponding relationship including the user information has been established after acquiring the user information and a MAC address provided by the user at the time of registering the wireless network access, and if not, perform an operation of establishing the corresponding relationship between the user information and the MAC address, and if so, perform an operation of updating the established corresponding relationship including the user information.
10. The system according to claim 7, 8 or 9, further comprising a network management server for receiving MAC addresses corresponding to all user information sent by the authentication server and forwarding the MAC addresses to the RNC.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102244679A CN101383746A (en) | 2008-10-15 | 2008-10-15 | Access control method and system for wireless network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102244679A CN101383746A (en) | 2008-10-15 | 2008-10-15 | Access control method and system for wireless network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101383746A true CN101383746A (en) | 2009-03-11 |
Family
ID=40463379
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008102244679A Pending CN101383746A (en) | 2008-10-15 | 2008-10-15 | Access control method and system for wireless network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101383746A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102014459A (en) * | 2010-11-25 | 2011-04-13 | 中国联合网络通信集团有限公司 | Wireless access control method and device |
| CN102420801A (en) * | 2010-09-28 | 2012-04-18 | 中国电信股份有限公司 | Method, device and system for realizing automatic user identity authentication |
| CN102821439A (en) * | 2012-07-18 | 2012-12-12 | 中兴通讯股份有限公司 | Access method and access device of wireless network |
| CN102970192A (en) * | 2011-09-01 | 2013-03-13 | 中兴通讯股份有限公司 | Machine-to-machine (M2M) wired terminal access control method and system |
| CN101848430B (en) * | 2009-03-24 | 2014-01-22 | 阿尔卡特朗讯 | Device and method for service request authentication, service request authentication system and method of service request authentication system |
| CN104821925A (en) * | 2015-04-28 | 2015-08-05 | 福建星网锐捷网络有限公司 | Data interaction method, system and device |
| CN104871503A (en) * | 2014-04-18 | 2015-08-26 | 华为终端有限公司 | Accessing method and apparatus of router and portable wireless router |
| CN105208560A (en) * | 2015-09-15 | 2015-12-30 | 新浪网技术(中国)有限公司 | WiFi certification-free log-in method, device and system |
| CN106879045A (en) * | 2017-01-25 | 2017-06-20 | 成都众网行科技有限公司 | Wireless network access user screening plant and method |
| CN110401948A (en) * | 2018-04-24 | 2019-11-01 | 北京码牛科技有限公司 | Wireless network authentication method and device |
| CN110446214A (en) * | 2018-05-03 | 2019-11-12 | 中兴通讯股份有限公司 | Manage method, device and equipment, the storage medium of network access process |
| CN114598519A (en) * | 2022-03-02 | 2022-06-07 | 深圳市吉祥腾达科技有限公司 | Method and system for supporting terminal to set black and white list without disconnection |
-
2008
- 2008-10-15 CN CNA2008102244679A patent/CN101383746A/en active Pending
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101848430B (en) * | 2009-03-24 | 2014-01-22 | 阿尔卡特朗讯 | Device and method for service request authentication, service request authentication system and method of service request authentication system |
| CN102420801A (en) * | 2010-09-28 | 2012-04-18 | 中国电信股份有限公司 | Method, device and system for realizing automatic user identity authentication |
| CN102420801B (en) * | 2010-09-28 | 2015-01-14 | 中国电信股份有限公司 | Method, device and system for realizing automatic user identity authentication |
| CN102014459A (en) * | 2010-11-25 | 2011-04-13 | 中国联合网络通信集团有限公司 | Wireless access control method and device |
| CN102014459B (en) * | 2010-11-25 | 2013-11-06 | 中国联合网络通信集团有限公司 | Wireless access control method and device |
| CN102970192A (en) * | 2011-09-01 | 2013-03-13 | 中兴通讯股份有限公司 | Machine-to-machine (M2M) wired terminal access control method and system |
| CN102821439A (en) * | 2012-07-18 | 2012-12-12 | 中兴通讯股份有限公司 | Access method and access device of wireless network |
| CN104871503A (en) * | 2014-04-18 | 2015-08-26 | 华为终端有限公司 | Accessing method and apparatus of router and portable wireless router |
| WO2015158001A1 (en) * | 2014-04-18 | 2015-10-22 | 华为终端有限公司 | Method and apparatus for accessing router, and portable wireless router |
| CN104821925A (en) * | 2015-04-28 | 2015-08-05 | 福建星网锐捷网络有限公司 | Data interaction method, system and device |
| CN104821925B (en) * | 2015-04-28 | 2018-08-07 | 福建星网锐捷网络有限公司 | A kind of data interactive method, system and equipment |
| CN105208560A (en) * | 2015-09-15 | 2015-12-30 | 新浪网技术(中国)有限公司 | WiFi certification-free log-in method, device and system |
| CN106879045A (en) * | 2017-01-25 | 2017-06-20 | 成都众网行科技有限公司 | Wireless network access user screening plant and method |
| CN110401948A (en) * | 2018-04-24 | 2019-11-01 | 北京码牛科技有限公司 | Wireless network authentication method and device |
| CN110446214A (en) * | 2018-05-03 | 2019-11-12 | 中兴通讯股份有限公司 | Manage method, device and equipment, the storage medium of network access process |
| CN114598519A (en) * | 2022-03-02 | 2022-06-07 | 深圳市吉祥腾达科技有限公司 | Method and system for supporting terminal to set black and white list without disconnection |
| CN114598519B (en) * | 2022-03-02 | 2024-04-12 | 深圳市和为顺网络技术有限公司 | Method and system for supporting terminal to set black-and-white list without disconnection |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101383746A (en) | Access control method and system for wireless network | |
| CN109842906B (en) | Communication method, device and system | |
| US10924558B2 (en) | Network function information interaction method and device, and computer storage medium | |
| CN110800331B (en) | Network verification method, related equipment and system | |
| JP5654653B2 (en) | How to locate a target operation object | |
| JP5296221B2 (en) | Method for installing application in NFC-compatible device, NFC-compatible device, server node, computer-readable medium, and computer program | |
| KR102515634B1 (en) | Managing VPLMN configuration updates on the UE due to home PLMN configuration changes | |
| US11350267B2 (en) | Method of obtaining user subscription data pertaining to a subscriber in a telecommunication network | |
| CN110999346B (en) | Method for executing a service for a service consumer and corresponding network node | |
| WO2010054258A1 (en) | System and method for mediating connections between policy source servers, corporate repositories, and mobile devices | |
| EP2421197A1 (en) | Method and apparatus for performing device management via gateway device and device management server thereof | |
| KR20130076808A (en) | Techniques for managing devices not directly accessible to device management server | |
| JP5730310B2 (en) | How secure device resolves IP address of target server | |
| EP2693691B1 (en) | Method and apparatus for initializing gateway in device management system | |
| JP2019008645A (en) | SERVER DEVICE, METHOD FOR ALLOWING SERVER DEVICE TO COMMUNICATE WITH IoT DEVICE, COMPUTER PROGRAM, COMMUNICATION SYSTEM AND IoT DEVICE | |
| US20100128714A1 (en) | Method and system for synchronizing data between mobile terminal and internet phone | |
| WO2014135102A1 (en) | Wlan user management method, device and system | |
| CN116601917A (en) | Method and apparatus for secure communication | |
| CN112514459B (en) | Managing UE configuration in a serving PLMN with UE default configuration for all PLMNs | |
| US9078081B2 (en) | Mobile terminal and method for service processing thereof | |
| CN109862135B (en) | Group communication method based on domain name block chain, block chain link point and medium | |
| CN102761625A (en) | Method and system for registering domain name for video monitoring terminal | |
| KR20070014719A (en) | System and method for providing service automatic activation | |
| US20230421527A1 (en) | Method and apparatus for supporting remote access to internet of things device connected to private networks | |
| CN115776665B (en) | VN group configuration method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090311 |