CN110891035B - Equipment access management method, device and system - Google Patents

Equipment access management method, device and system Download PDF

Info

Publication number
CN110891035B
CN110891035B CN201911154688.8A CN201911154688A CN110891035B CN 110891035 B CN110891035 B CN 110891035B CN 201911154688 A CN201911154688 A CN 201911154688A CN 110891035 B CN110891035 B CN 110891035B
Authority
CN
China
Prior art keywords
state
controller
switch
terminal
configuration information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911154688.8A
Other languages
Chinese (zh)
Other versions
CN110891035A (en
Inventor
张永才
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maipu Communication Technology Co Ltd
Original Assignee
Maipu Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maipu Communication Technology Co Ltd filed Critical Maipu Communication Technology Co Ltd
Priority to CN201911154688.8A priority Critical patent/CN110891035B/en
Publication of CN110891035A publication Critical patent/CN110891035A/en
Application granted granted Critical
Publication of CN110891035B publication Critical patent/CN110891035B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/30Peripheral units, e.g. input or output ports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/45Arrangements for providing or supporting expansion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/14Backbone network devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application provides a device access management method, device and system. The method is applied to the switch, and comprises the following steps: when an AP accesses a physical port of the switch, configuring the attribute of the physical port as a wireless interface, and adjusting the state of the physical port from a Down state to an UP state; reporting the attribute and the UP state to a controller; receiving the configuration which is correspondingly issued by the controller according to the attribute and the UP state; managing the AP with a configuration. The attribute of the physical port is defined, so that the unified management of the wireless terminals added in the wired network can be realized, and the method is simple and easy to realize and has extremely strong expansibility.

Description

Equipment access management method, device and system
Technical Field
The present application relates to the field of communications technologies, and in particular, to a device access management method, apparatus, and system.
Background
To implement integrated traffic management for a certain object, such as a wired network and a wireless network deployed in a company, an enterprise or a campus, two methods are mostly used for implementing the integrated traffic management. One way is to add an additional AC (Wireless Access Point Controller) in the network, and to uniformly manage data traffic in the wired network and the Wireless network in the network through the AC. The other method is to add corresponding traffic management software on the wireless terminal and the wireless access device accessing the network, and bring the wireless terminal and the wireless access device into the management range of the controller in the network through the traffic management software, so that the controller can uniformly manage the data traffic in the wired network and the wireless network in the network.
In the above two ways of implementing unified management of data traffic in a wired network and a wireless network in a network, the common point is that a specific device or software needs to be adopted in the network, but the adoption of the specific device or software causes increased implementation difficulty and poor network scalability.
Disclosure of Invention
An object of the embodiments of the present application is to provide a device access management method, apparatus and system, which are used to implement simple and extensible unified management of data traffic in a wired network and a wireless network in a network.
In a first aspect, an embodiment of the present application provides a device access management method, which is applied to a switch, and the method includes:
when an AP accesses a physical port of the switch, configuring the attribute of the physical port as a wireless interface, and adjusting the state of the physical port from a disconnected Down state to a normal working UP state;
reporting the attribute and the UP state to a controller;
receiving configuration information which is correspondingly issued by the controller according to the attribute and the UP state;
and managing the AP by utilizing the configuration information.
In the embodiment of the present application, the attribute by which the physical port is defined can be configured as the wireless interface. When an AP accesses a physical port of a switch, the attributes of the physical port are automatically configured to be a wireless interface. Therefore, the switch can acquire the configuration information issued by the controller by reporting the attribute and the state of the physical port to the controller, and manage the AP by using the configuration information. The attribute of the physical port is defined, so that the unified management of the wireless terminals added in the wired network can be realized, and the method is simple and easy to realize and has extremely strong expansibility.
With reference to the first aspect, in a first possible implementation manner, the managing the AP by using the configuration information includes:
and configuring the AP by using the configuration information so that the configured AP can interact with a wireless terminal needing to be accessed.
In the embodiment of the application, the AP is configured, so that the configured AP can automatically interact with the wireless terminal needing to be accessed, the initiative of control is given to the AP, and the switch does not participate in the whole control of the AP, so that the load of the switch is reduced.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner, after configuring the AP by using the configuration information, the method further includes:
when the wireless terminal accesses the configured AP, receiving the equipment information of the wireless terminal sent by the configured AP;
reporting the device information to the controller;
receiving a terminal flow management strategy which is correspondingly issued by the controller according to the equipment information;
and managing the data traffic of the wireless terminal by using the terminal traffic management strategy.
In the embodiment of the application, the switch can acquire the terminal traffic management policy for the wireless terminal by reporting the device information, so as to specially manage the data traffic of the wireless terminal, thereby realizing efficient and accurate traffic management.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner, the reporting the device information to the controller includes:
determining whether the device information needs to be verified based on the configuration information;
if the verification is not needed, reporting the equipment information to the controller; and if verification is needed, verifying the equipment information by using the configuration information, and reporting the equipment information to the controller when the equipment information passes verification.
In the embodiment of the application, the equipment information is reported after the verification is passed, so that the information sent to the controller can be ensured to be safe and reliable.
With reference to the first aspect, in a fourth possible implementation manner, after the AP is managed by using the configuration information, the method further includes:
when the connection between the AP and the physical port is interrupted, adjusting the state of the physical port from the UP state to the Down state;
and reporting the Down state to a controller.
In the embodiment of the present application, when the connection of the physical port is interrupted, the switch may report the state of the physical port in the Down state to the controller in time, so that the controller may master the state change of each interface in real time.
With reference to the first aspect, in a fifth possible implementation manner, after receiving configuration information that is delivered by the controller according to the attribute and the UP state, the method further includes:
when a wired terminal accesses to other physical ports of the switch, the state of the other physical ports is adjusted from a Down state to an UP state, wherein the attributes of the other physical ports are configured as wired interfaces in advance;
reporting the attributes of the other physical ports and the state as an UP state to the controller;
and determining that the controller does not correspondingly issue new configuration based on the attributes of the other physical ports and the UP state, and managing the other physical ports by using the configuration information.
In the embodiment of the present application, when the wired terminal is accessed, the wired interface accessed by the wired terminal may also be managed by using the configuration information, so as to implement unified management on the wireless interface and the wired interface corresponding to the AP.
With reference to the fifth possible implementation manner of the first aspect, in a sixth possible implementation manner, the managing the other physical ports by using the configuration information includes:
and configuring the other physical ports by using the configuration information so that the configured physical ports can interact with the wired terminal accessed to the configured physical ports.
In the embodiment of the application, interaction with the wired terminal can be realized conveniently and rapidly by configuring the other physical ports.
With reference to the sixth possible implementation manner of the first aspect, in a seventh possible implementation manner, after configuring the other physical ports by using the configuration information, the method further includes:
receiving the device information of the wired terminal sent by the configured physical port;
reporting the device information to the controller;
receiving a terminal flow management strategy which is correspondingly issued by the controller according to the equipment information;
and managing the data traffic of the wired terminal by using the terminal traffic management strategy.
In the embodiment of the application, the switch can acquire the terminal traffic management policy for the wired terminal by reporting the device information, so as to specially manage the data traffic of the wired terminal, thereby realizing efficient and accurate traffic management.
In a second aspect, an embodiment of the present application provides an apparatus for device access management, which is applied to a switch, and the apparatus includes:
the interface management module is used for configuring the attribute of the physical port into a wireless interface and adjusting the state of the physical port from a Down state to an UP state when the AP accesses the physical port of the switch;
the data receiving and sending module is used for reporting the attribute and the UP state to the controller; and the configuration information is used for receiving the configuration information which is correspondingly issued by the controller according to the attribute and the UP state;
and the interface management module is further configured to manage the AP by using the configuration information.
With reference to the second aspect, in a first possible implementation manner,
and the interface management module is used for configuring the AP by using the configuration information so that the configured AP can interact with a wireless terminal which needs to access the configured AP.
With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner, after the interface management module configures the AP with the configuration information,
the data transceiver module is further configured to receive device information of the wireless terminal sent by the configured AP when the wireless terminal accesses the configured AP; reporting the device information to the controller; receiving a terminal flow management strategy which is correspondingly issued by the controller according to the equipment information;
the interface management module is further configured to manage the data traffic of the wireless terminal by using the terminal traffic management policy.
With reference to the second possible implementation manner of the second aspect, in a third possible implementation manner,
the data transceiver module is used for judging whether the equipment information needs to be verified or not based on the configuration information; if the verification is not needed, reporting the equipment information to the controller; and if verification is needed, verifying the equipment information by using the configuration information, and reporting the equipment information to the controller when the equipment information passes verification.
With reference to the second aspect, in a fourth possible implementation manner, after the interface management module manages the AP by using the configuration information,
the interface management module is further configured to adjust the state of the physical port from the UP state to the Down state when the connection between the AP and the physical port is interrupted;
the data transceiver module is further configured to report the Down status to the controller.
With reference to the second aspect, in a fifth possible implementation manner, after the interface management module receives configuration information that is correspondingly issued by the controller according to the attribute and the UP state,
the interface management module is further configured to adjust the state of the other physical port from a Down state to an UP state when a wired terminal accesses the other physical port of the switch, wherein the attribute of the other physical port is configured as a wired interface in advance;
the data transceiver module is further configured to report the attributes of the other physical ports and the UP state to the controller;
and the interface management module is further configured to determine that the controller issues a new configuration without corresponding based on the attribute of the other physical port and the state being an UP state, and manage the other physical port by using the configuration information.
With reference to the fifth possible implementation manner of the second aspect, in a sixth possible implementation manner,
the interface management module is configured to configure the other physical ports by using the configuration information, so that the configured physical ports can interact with the wired terminal accessing the configured physical ports.
With reference to the sixth possible implementation manner of the second aspect, in a seventh possible implementation manner, after the interface management module configures the other physical ports by using the configuration information,
the data transceiver module is further configured to receive the device information of the wired terminal sent by the configured physical port; reporting the device information to the controller; receiving a terminal flow management strategy which is correspondingly issued by the controller according to the equipment information;
the interface management module is further configured to manage the data traffic of the wired terminal by using the terminal traffic management policy.
In a third aspect, an embodiment of the present application provides a device access management system, where the system includes: a controller, and a switch connected to the controller;
the controller cooperates with the switch to perform the device access management method according to the first aspect or any one of the possible implementation manners of the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium having a computer-executable non-volatile program code, where the program code causes the computer to execute the device access management method according to the first aspect or any one of the possible implementation manners of the first aspect.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a block diagram of a device access management system according to an embodiment of the present disclosure;
fig. 2 is a first flowchart of a device access management method according to an embodiment of the present application;
fig. 3 is a second flowchart of a device access management method according to an embodiment of the present application;
fig. 4 is a third flowchart of a device access management method according to an embodiment of the present application;
fig. 5 is a block diagram of a device access management apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Referring to fig. 1, an embodiment of the present application provides a device access management system 10, where the device access management system 10 may be deployed in a wireless local area network, for example, deployed in an enterprise, an organization, or a campus, so as to manage terminals accessing the local area network through the device access management system 10.
Specifically, the device access management system 10 may include: a controller 11, and a switch 12 connected to the controller 11.
The controller 11 may be an SDN (Software Defined Network) controller, or other type of control center or control system. In other words, the type of the controller 11 may be selected according to the actual application scenario, such as a network type or a type of the controlled device, and the embodiment is not limited thereto.
The number of switches 12 may be selected based on the number of devices that are accessed, which may be one or more. The type of switch 12 may be selected based on the deployment location or role, for example, depending on the deployment location, the switch 12 may be an access switch or a core switch.
In this embodiment, the switch 12 may allow access of the wired terminal and the wireless terminal, and manage the wired terminal and the wireless terminal based on the configuration information sent by the controller 11. Specifically, when an AP (Access Point) accesses a physical port of the switch 12, the switch 12 may report, to the controller 11, an attribute of the physical port accessed by the AP as a wireless interface. Correspondingly, the controller 11 may issue configuration information related to the wireless interface. In this way, the switch 12 can manage the wireless terminals accessing the AP using the configuration information associated with the wireless interface. Alternatively, when the wired terminal directly accesses the physical port of the switch 12, the switch 12 may report the attribute of the physical port accessed by the wired terminal as the wired interface to the controller 11. Correspondingly, the controller 11 may also issue configuration information related to the wired interface. In this way, the switch 12 can also manage the wired terminal to be accessed using the configuration information related to the wired interface.
The following embodiment will describe in detail how the switch 12 and the controller 11 cooperate with wired terminals and wireless terminal management in a manner of description of the method flow.
Referring to fig. 2, an embodiment of the present application provides a device access management method, which may be executed by a switch 12 and a controller 11 in a device access management system 10 in cooperation. Specifically, the device access management method may include:
step S100: when the AP accesses the physical port of the switch, the switch configures the attribute of the physical port as a wireless interface and adjusts the state of the physical port from a Down state to an UP state.
Step S200: the switch reports the attributes and the UP status to the controller.
Step S300: the controller determines the configuration information corresponding to the attribute and the UP state and issues the configuration information to the switch.
Step S400: the switch receives the configuration information correspondingly issued by the controller.
Step S500: the switch manages the AP using the configuration information.
The above-described flow will be described in detail below.
Step S100: when the AP accesses the physical port of the switch, the switch configures the attribute of the physical port as a wireless interface and adjusts the state of the physical port from a Down state to an UP state.
Switch 12 has a plurality of physical ports disposed thereon, which may be ethernet interfaces. If the AP needs to access the network, the AP may access the idle physical port on the switch 12 by using a wired connection. Correspondingly, when there is an AP accessing a physical port of switch 12, switch 12 does not know that the accessing device is an AP. The switch 12 may perform a zero configuration handshake interaction with the accessed AP based on the multicast protocol or broadcast protocol bearer application information to determine that the accessed device is an AP.
In this embodiment, in order to manage access to the wired terminal and the wireless terminal, the switch 12 defines the attribute of the physical port in advance, and the attribute of the physical port may be defined as a wireless interface or a wired interface. It can be understood that in most scenarios, the accessed device is mainly a wired terminal, and the switch 12 may default the attribute of the physical port to a wired interface; otherwise, the accessed device is mainly a wireless terminal, and the switch 12 may default the attribute of the physical port to the wireless interface. On this basis, after determining that the accessed device is an AP, if the attribute of the physical port is configured as a wired interface by default, the switch 12 may reconfigure the attribute of the physical port accessed by the AP to a wireless interface; alternatively, the attribute of the physical port is configured as a wireless interface by default, and the switch 12 may directly acquire the attribute of the physical port accessed by the AP.
In this embodiment, when no device is connected to a physical port, the physical port is not used, and the switch 12 defaults that the state of the physical port is in a down state. When a device is connected to a physical port, the physical port is being used, and the switch 12 defaults that the state of the physical port is in an UP state. On this basis, after determining that the accessed device is an AP, the switch 12 may further adjust the state of the physical port accessed by the AP from the Down state to the UP state.
Step S200: the switch reports the attributes and the UP status to the controller.
In order to enable the controller 11 to know the state change of each physical port on the switch 12 in real time, the switch 12 may report the attribute and the state of the physical port in time.
In this embodiment, under the condition that the bandwidth of the communication between the switch 12 and the controller 11 is limited, after the switch 12 determines that the attribute of the physical port accessed by the AP is the wireless interface and determines that the state of the physical port accessed by the AP is the UP state, the switch 12 may report to the controller 11 only that the attribute of the physical port accessed by the AP is the wireless interface and the state of the physical port accessed by the AP is the UP state at the first time.
Under the condition that the bandwidth of the switch 12 communicating with the controller 11 is not limited, after the switch 12 determines that the attribute of the physical port accessed by the AP is the wireless interface and determines that the state of the physical port accessed by the AP is the UP state, the switch 12 may report all the physical ports (all the physical ports include all the physical ports in the UP state and all the physical ports in the Down state) or the latest attribute and the latest state of all the physical ports in the UP state to the controller 11 in the first time.
Step S300: the controller determines the configuration information corresponding to the attribute and the UP state and issues the configuration information to the switch.
After the controller 11 receives the attributes and the status reported by the switch 12, the controller 11 may determine whether to send the latest configuration information to the switch 12 and determine what kind of configuration information to send to the switch 12 based on the reported attributes and status.
Optionally, if the attributes and states acquired by the controller 11 are only: the attribute of the physical port accessed by the AP is a wireless interface, and the state of the physical port accessed by the AP is an UP state. Then, the controller 11 may determine whether to issue corresponding configuration information for the physical port accessed by the AP according to the attribute and the state of the physical port accessed by the AP. If it is determined that the configuration information does not need to be issued, the controller 11 may inform the switch 12 that the configuration information is not issued this time; if it is determined that the physical port needs to be issued, the controller 11 may determine the attribute of the physical port and the configuration information corresponding to the state from the preset configuration information, and issue the configuration information to the switch 12. For example, when the management modes of the wireless terminal and the wired terminal are completely different, the controller 11 may determine that the corresponding configuration information needs to be issued according to the attribute and the state of the physical port accessed by the AP to manage the AP in a targeted manner, so as to issue the configuration information to the switch 12.
Optionally, if the attributes and states acquired by the controller 11 are: the latest attributes and the latest status of all physical ports or all physical ports in the UP state. Then, the controller 11 may determine whether to issue the corresponding configuration information according to the latest attribute and the latest status of all the physical ports or all the physical ports in the UP state. If it is determined that the configuration information does not need to be issued, the controller 11 may inform the switch 12 that the configuration information is not issued this time; if it is determined that the physical port needs to be issued, the controller 11 may also determine the attribute of the physical port and the configuration information corresponding to the state from the preset configuration information, and issue the configuration information to the switch 12. For example, based on the latest attributes and the latest states of all physical ports or all physical ports in the UP state, the controller 11 determines that the number of physical ports in the UP state is large, and in this case, the cost for performing personalized configuration on each device is too high, so that the devices need to be managed by using the previously issued general configuration information, and therefore the controller 11 may determine that configuration information is not issued this time. For another example, based on the latest attributes and the latest states of all the physical ports or all the physical ports in the UP state, the controller 11 determines that the number of the physical ports in the UP state is small, and in this case, the personalized configuration may be performed on each device, so the controller 11 may determine the attribute of the physical port accessed by the AP device and the configuration information corresponding to the state from the preset configuration information, and send the configuration information to the switch 12.
It can be understood that the manner of issuing the configuration information by the controller 11 is not limited to the manner exemplified in this embodiment, for example, the attribute and the state that the controller 11 receives the report may be used as a trigger condition, and the trigger controller 11 determines whether the configuration information is updated, if so, the latest configuration information is issued to the switch 12, otherwise, the configuration information is not issued.
In addition, it should be noted that the precondition for the controller 11 to determine not to issue the configuration information is that the controller 11 determines that the configuration information has already been issued for the switch 12 in the history, and the configuration information issued in the history can satisfy the requirement of managing the currently accessed AP. If the aforementioned condition is not satisfied, the controller 11 needs to issue configuration information capable of managing the currently accessed AP, regardless of the determination result of the aforementioned condition.
Step S400: the switch receives the configuration information correspondingly issued by the controller.
Accordingly, after the controller 11 issues the configuration information, the switch 12 correspondingly receives the configuration information.
Step S500: the switch manages the AP using the configuration information.
The switch 12 configures the AP by using the configuration information, for example, configures an interaction mode between the AP and the wireless terminal that needs to be accessed, so that the configured AP can correctly interact with the wireless terminal that needs to be accessed to the configured AP.
Referring to fig. 3, after the switch 12 performs step S500, if there is a wireless terminal accessing the AP, the switch 12 and the controller 11 may further continue to perform steps S600 to S900.
Step S600: when the wireless terminal accesses the configured AP, the switch receives the device information of the wireless terminal transmitted by the configured AP.
Step S700: the switch reports the device information to the controller.
Step S800: and the switch receives the terminal flow management strategy which is correspondingly issued by the controller according to the equipment information.
Step S900: the switch manages the data traffic for the wireless terminal using a terminal traffic management policy.
The following will explain step S600 to step S900 in detail.
Step S600: when the wireless terminal accesses the configured AP, the switch receives the device information of the wireless terminal transmitted by the configured AP.
In this embodiment, since the AP is configured by the switch 12 based on the issued configuration information, when the wireless terminal accesses the configured AP, the configured AP can interact with the wireless terminal based on the corresponding configuration information to obtain the device information of the wireless terminal, such as the device type, the device certificate, the device identifier, and the like of the wireless terminal.
Therefore, the configured AP may report the acquired device information to the switch 12 based on the corresponding configuration information.
Accordingly, the switch 12 receives the device information.
Step S700: the switch reports the device information to the controller.
In this embodiment, the switch 12 may directly report the received device information to the controller 11, or the switch 12 may verify the received device information first and report the device information to the controller 11 after the verification is passed, so as to ensure the security of the information.
As an exemplary way of verifying the device information, a device information verification manner is preset in the configuration information issued by the controller 11, and the switch 12 may determine whether to verify the device information based on the configuration information issued by the controller 11, for example, which device types are required to be verified and which device types are trusted and do not need to be verified are preset in the configuration information, so that the switch 12 may determine whether the device types in the device information belong to the types required to be verified or the types which are trusted and do not need to be verified.
If the switch 12 determines that the device information does not require authentication, the switch 12 reports the device information directly to the controller 11.
If the switch 12 determines that the device information needs to be verified, the switch 12 may verify the device information using the policy for device verification in the configuration information, for example, using the policy for device verification in the configuration information, verifying whether the device certificate in the device information is a genuine and trusted certificate, and verifying whether the device identifier in the device information is a counterfeit identifier. If the equipment information is determined to pass the verification, the switch 12 reports the equipment information to the controller 11, otherwise, the equipment information is not reported.
Step S800: and the switch receives the terminal flow management strategy which is correspondingly issued by the controller according to the equipment information.
In this embodiment, terminal traffic management policies corresponding to various terminals are also preset in the controller 11, and these terminal traffic management policies may be general terminal traffic management policies, that is, management policies suitable for managing traffic of various types of terminals, or may also be targeted terminal traffic management policies, that is, management policies suitable for managing traffic of a certain type or a certain type of terminals. After acquiring the device information, the controller 11 may select a corresponding terminal traffic management policy according to the device information, and issue the terminal traffic management policy to the switch 12. For example, a general terminal traffic management policy is selected, or a terminal traffic management policy adapted to the device type corresponding to the device information is selected, and the selection manner may be determined according to an actual situation, and this embodiment is not described in more detail.
Accordingly, the switch 12 may receive the terminal traffic management policy issued by the controller 11, and continue to execute step S900.
Step S900: the switch manages the data traffic for the wireless terminal using a terminal traffic management policy.
Since the data traffic of the wireless terminal needs to pass through the physical port accessed by the AP, the switch 12 may configure the terminal traffic management policy to the physical port accessed by the AP, so as to manage the data traffic of the wireless terminal, for example, monitor the size of the data traffic, control the access of the wireless terminal, analyze whether the data traffic is abnormal, and the like.
In addition, when the connection between the AP and the physical port accessed by the AP is interrupted, the switch 12 may further adjust the state of the physical port from the UP state to the Down state, and report the Down state of the physical port to the controller 11 in time, so that the controller 11 knows the state change of each physical port in real time.
Referring to fig. 4, in addition to the switch 12 managing wireless terminals, the switch 12 may also manage wired terminals that are accessed. In order to understand how the switch 12 manages both the wireless terminal and the wired terminal, the present embodiment takes the example that the wired terminal accesses the switch 12 after step S400 as an example, in other words, the wired terminal accesses the switch 12 after step S400 without limitation, and the wired terminal can actually access the switch 12 at any time. Specifically, after step S400, the method further includes:
step S101: when the wired terminal accesses other physical ports of the switch, the switch adjusts the states of the other physical ports from the Down state to the UP state.
Step S201: the switch reports the attributes of the other physical ports and the state of the other physical ports as an UP state to the controller.
Step S301: the controller issues corresponding new configuration to the switch based on the attribute of the other physical port and the state of the other physical port being UP state; or determining new configuration which does not need to be issued based on the attribute of the other physical port and the state of the other physical port being an UP state.
Step S401: the switch determines that the controller does not correspondingly issue new configuration based on the attribute of the other physical port and the state of the other physical port being an UP state, and configures the other physical port by using the latest issued configuration information in the history; or receiving the new configuration sent by the controller, and configuring other physical ports by using the new configuration.
Step S501: and the switch receives the equipment information of the wired terminal sent by the configured physical port.
Step S601: the switch reports the device information of the wired terminal to the controller.
Step S701: the switch receives a terminal flow management strategy which is correspondingly issued by the controller according to the equipment information of the wired terminal.
Step S801: the switch manages the data traffic of the wired terminal using a terminal traffic management policy.
In this embodiment, the difference between steps S401 to S801 is mainly different from the type of the terminal to which the terminal is directed, compared with steps S100 to S900, so the execution principle of steps S401 to S801 may refer to the principle description of the aforementioned flow, and will not be described again here.
Referring to fig. 5, based on the same inventive concept, an embodiment of the present application further provides a device access management apparatus 100, where the device access management apparatus 100 is applied to a switch 12, and the device access management apparatus 100 may include:
the interface management module 110 is configured to configure the attribute of the physical port as a wireless interface when there is an AP accessing the physical port of the switch 12, and adjust the state of the physical port from a Down state to an UP state.
A data transceiver module 120, configured to report the attribute and the UP state to the controller 11; and is configured to receive configuration information issued by the controller 11 according to the attribute and the UP state.
And the interface management module 110 is further configured to manage the AP by using the configuration information
It should be noted that, as those skilled in the art can clearly understand, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
Some embodiments of the present application further provide a computer-readable storage medium of a computer-executable nonvolatile program code, where the storage medium can be a general-purpose storage medium, such as a removable disk, a hard disk, or the like, and the computer-readable storage medium has a program code stored thereon, where the program code is executed by a computer to perform the steps of the device access management method according to any of the above embodiments.
The program code product of the device access management method provided in the embodiment of the present application includes a computer-readable storage medium storing the program code, and instructions included in the program code may be used to execute the method in the foregoing method embodiment, and specific implementation may refer to the method embodiment, which is not described herein again.
To sum up, the present application provides a device access management method, apparatus, and system. The wireless interface may be configured by defining attributes of the physical port. When an AP accesses a physical port of a switch, the attributes of the physical port are automatically configured to be a wireless interface. Therefore, the switch can acquire the configuration issued by the controller by reporting the attribute and the state of the physical port to the controller, and manage the AP by using the configuration. The attribute of the physical port is defined, so that the unified management of the wireless terminals added in the wired network can be realized, and the method is simple and easy to realize and has extremely strong expansibility.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (7)

1. A device access management method is applied to a switch, and comprises the following steps:
when an AP accesses a physical port of the switch, configuring the attribute of the physical port as a wireless interface, and adjusting the state of the physical port from a disconnected Down state to a normal working UP state;
reporting the attribute and the UP state to a controller;
receiving configuration information which is correspondingly issued by the controller according to the attribute and the UP state;
managing the AP by using the configuration information;
when a wireless terminal accesses the configured AP, receiving equipment information of the wireless terminal sent by the configured AP;
reporting the equipment information of the wireless terminal to the controller;
receiving a terminal flow management strategy which is correspondingly issued by the controller according to the equipment information of the wireless terminal;
managing data traffic of the wireless terminal by using the terminal traffic management policy;
when a wired terminal accesses to other physical ports of the switch, the state of the other physical ports is adjusted from a Down state to a normal working UP state, wherein the attributes of the other physical ports are configured into wired interfaces in advance;
reporting the attributes of the other physical ports and the state as an UP state to the controller;
determining that the controller does not correspondingly issue new configuration based on the attributes of the other physical ports and the state of the other physical ports being an UP state, and configuring the other physical ports by using the previously issued general configuration information; or receiving a new configuration sent by the controller, and configuring the other physical ports by using the new configuration;
receiving the device information of the wired terminal sent by the configured physical port;
reporting the equipment information of the wired terminal to the controller;
receiving a terminal flow management strategy which is correspondingly issued by the controller according to the equipment information of the wired terminal;
and managing the data traffic of the wired terminal by using the terminal traffic management strategy.
2. The device access management method of claim 1, wherein managing the AP using the configuration information comprises:
and configuring the AP by using the configuration information so that the configured AP can interact with an accessed wireless terminal.
3. The device access management method of claim 1, wherein reporting the device information to the controller comprises:
determining whether the device information needs to be verified based on the configuration information;
if the verification is not needed, reporting the equipment information to the controller;
and if verification is needed, verifying the equipment information by using the configuration information, and reporting the equipment information to the controller when the equipment information passes verification.
4. The device access management method of claim 1, wherein after managing the AP with the configuration information, the method further comprises:
when the connection between the AP and the physical port is interrupted, adjusting the state of the physical port from the UP state to the Down state;
and reporting the Down state to a controller.
5. The device access management method according to claim 1, wherein managing the other physical ports using the configuration information comprises:
and configuring the other physical ports by using the configuration information so that the configured physical ports can interact with the wired terminal accessed to the configured physical ports.
6. An apparatus for managing device access, applied to a switch, the apparatus comprising:
the interface management module is used for configuring the attribute of the physical port into a wireless interface and adjusting the state of the physical port from a disconnected Down state to a normal working UP state when the AP is accessed to the physical port of the switch; when a wired terminal accesses to other physical ports of the switch, the state of the other physical ports is adjusted from a Down state to an UP state, wherein the attributes of the other physical ports are configured as wired interfaces in advance;
the data receiving and sending module is used for reporting the attribute and the UP state to the controller; and the configuration information is used for receiving the configuration information which is correspondingly issued by the controller according to the attribute and the UP state; when a wireless terminal accesses the configured AP, receiving equipment information of the wireless terminal sent by the configured AP; reporting the equipment information of the wireless terminal to the controller; receiving a terminal flow management strategy which is correspondingly issued by the controller according to the equipment information of the wireless terminal; reporting the attributes of the other physical ports and the state as an UP state to the controller; receiving the device information of the wired terminal sent by the configured physical port; reporting the equipment information of the wired terminal to the controller; receiving a terminal flow management strategy which is correspondingly issued by the controller according to the equipment information of the wired terminal;
the interface management module is further configured to manage the AP by using the configuration information; managing data traffic of the wireless terminal by using the terminal traffic management policy; determining that the controller does not correspondingly issue new configuration based on the attributes of the other physical ports and the state of the other physical ports being an UP state, and configuring the other physical ports by using the previously issued general configuration information; or receiving a new configuration sent by the controller, and configuring the other physical ports by using the new configuration; and managing the data traffic of the wired terminal by using the terminal traffic management strategy.
7. A device access management system, the system comprising: a controller, and a switch connected to the controller;
the controller performs the device access management method of any of claims 1-5 in cooperation with the switch.
CN201911154688.8A 2019-11-21 2019-11-21 Equipment access management method, device and system Active CN110891035B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911154688.8A CN110891035B (en) 2019-11-21 2019-11-21 Equipment access management method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911154688.8A CN110891035B (en) 2019-11-21 2019-11-21 Equipment access management method, device and system

Publications (2)

Publication Number Publication Date
CN110891035A CN110891035A (en) 2020-03-17
CN110891035B true CN110891035B (en) 2022-04-05

Family

ID=69748325

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911154688.8A Active CN110891035B (en) 2019-11-21 2019-11-21 Equipment access management method, device and system

Country Status (1)

Country Link
CN (1) CN110891035B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647658A (en) * 2013-11-27 2014-03-19 华为技术有限公司 Management method of network equipment in software-defined network system and controller
CN104582004A (en) * 2015-01-13 2015-04-29 成都西加云杉科技有限公司 SDN-based WLAN hierarchical networking system and method
CN105227378A (en) * 2015-10-28 2016-01-06 陈鸣 The software definition system of integrated management WiFi network and cable network and method
CN106790147A (en) * 2016-12-28 2017-05-31 北京神州绿盟信息安全科技股份有限公司 A kind of access control method and its device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101590018B1 (en) * 2014-08-07 2016-01-29 주식회사 이노와이어리스 method for coupling femtocell with WiFi AP in SDN
CN105392149A (en) * 2014-09-05 2016-03-09 中兴通讯股份有限公司 Strategy adjusting trigger and strategy adjusting method and device, and strategy adjusting system
CN105430688B (en) * 2015-11-13 2019-03-08 重庆邮电大学 A kind of wlan system based on software defined network
CN107404442A (en) * 2016-05-19 2017-11-28 中兴通讯股份有限公司 Flow processing method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647658A (en) * 2013-11-27 2014-03-19 华为技术有限公司 Management method of network equipment in software-defined network system and controller
CN104582004A (en) * 2015-01-13 2015-04-29 成都西加云杉科技有限公司 SDN-based WLAN hierarchical networking system and method
CN105227378A (en) * 2015-10-28 2016-01-06 陈鸣 The software definition system of integrated management WiFi network and cable network and method
CN106790147A (en) * 2016-12-28 2017-05-31 北京神州绿盟信息安全科技股份有限公司 A kind of access control method and its device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
高密度环境下wifi解决方案研究与设计;杨慧然;《CNKI硕士学位论文》;20171231;第三章 *

Also Published As

Publication number Publication date
CN110891035A (en) 2020-03-17

Similar Documents

Publication Publication Date Title
US8565726B2 (en) System, method and device for mediating connections between policy source servers, corporate repositories, and mobile devices
EP3651500B1 (en) Managing mobile device applications in a wireless network
CA2849763C (en) Managing mobile device applications
CA2849769C (en) Managing mobile device applications on a mobile device
CA2849757C (en) Managing mobile device applications on a mobile device
CN101730094B (en) Method for accessing terminal equipment to service platform of security system and transmitting information
WO2007027313A1 (en) Apparatus and method for local device management
CN113973275A (en) Data processing method, apparatus and medium
CN110891035B (en) Equipment access management method, device and system
US11853740B2 (en) Method for patching an operating system on a secure element transparently through an SM-SR platform
CN111182536A (en) SIM card state detection method, device, network equipment and storage medium
CN102868703B (en) A kind of safety control system and method
US9094830B2 (en) Managing data transfer across a network interface
CN112637821B (en) Management platform and management method of vehicle communication chip and vehicle communication management system
CN108924828B (en) APN self-adaptation method, server and terminal
CN112514329A (en) Operational constraints of operational functions of field devices
CA2814916C (en) Managing data transfer across a network interface
CN105471594B (en) The method and apparatus for managing resource
CN101924652B (en) Network management and north interface-based network element control method thereof
WO2020176020A1 (en) Methods and apparatuses for managing a port of a network device
KR20100093799A (en) Wireless communication terminal for providing communication service as group unit and method of the same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant