JP2005184719A - Monitoring apparatus, base station, and wireless lan system - Google Patents

Monitoring apparatus, base station, and wireless lan system Download PDF

Info

Publication number
JP2005184719A
JP2005184719A JP2003426170A JP2003426170A JP2005184719A JP 2005184719 A JP2005184719 A JP 2005184719A JP 2003426170 A JP2003426170 A JP 2003426170A JP 2003426170 A JP2003426170 A JP 2003426170A JP 2005184719 A JP2005184719 A JP 2005184719A
Authority
JP
Japan
Prior art keywords
base station
wireless lan
information
base stations
monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2003426170A
Other languages
Japanese (ja)
Inventor
Yoshiaki Kimura
嘉秋 木村
Toshio Akiba
俊夫 秋葉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Hitachi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd filed Critical Hitachi Ltd
Priority to JP2003426170A priority Critical patent/JP2005184719A/en
Publication of JP2005184719A publication Critical patent/JP2005184719A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Small-Scale Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

<P>PROBLEM TO BE SOLVED: To perform a unified management for a status of a plurality of base stations in a wireless LAN, along with detecting an unauthorized base station in the wireless LAN. <P>SOLUTION: The wireless LAN is provided with: a monitoring device 11, which comprises a receiving means 23 for receiving information transmitted from a plurality of base stations; a detecting means 20 for detecting an unauthorized base station or a base station changed in its status from the information received by the receiving means and information 220 registered beforehand on a monitored base station; and an outputting means 24 for outputting the information on the base station detected by the detecting means. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

本発明は、無線LAN(Local Area Network)内の無線基地局を監視(管理)する監視装置、基地局およびこれらから成る無線LANシステムに関する。   The present invention relates to a monitoring device that monitors (manages) wireless base stations in a wireless local area network (LAN), a base station, and a wireless LAN system including these.

近年、いつでも・どこでも・簡単にネットワークに接続できる利便性から無線LANが普及しつつある。無線LANでは、例えば、無線LAN対応の無線端末が、社内に設置されたアクセス・ポイントと呼ばれる基地局を介してネットワークに接続される。一方で無線LANは、不正に設置された基地局により外部から侵入される可能性がある。従って、無線LANを監視・管理して、不正な基地局を検出する装置やシステムの提供が望まれる。例えば特許文献1には、常時基地局から送信される通常のサービス用の電波を互いに受信し、相互監視する基地局間の相互監視方式について記載されている。   In recent years, wireless LANs are becoming popular due to the convenience of being able to connect to a network easily anytime, anywhere. In a wireless LAN, for example, a wireless terminal compatible with the wireless LAN is connected to a network via a base station called an access point installed in the company. On the other hand, a wireless LAN may be invaded from the outside by an illegally installed base station. Therefore, it is desirable to provide an apparatus or system that monitors and manages a wireless LAN and detects an unauthorized base station. For example, Patent Document 1 describes a mutual monitoring method between base stations that mutually receive normal service radio waves that are constantly transmitted from base stations and perform mutual monitoring.

特開平6−276164号公報JP-A-6-276164

上述の従来方式では、基地局間で通常のサービス用の電波を監視するのみなので、無線LAN内に設置された不正な基地局を検出することはできない。又、無線LAN器機には独自のセキュリティ機能があるが、この機能が設定されていないと、不正に設置された基地局により外部から容易に侵入されてしまう。更に上述の従来方式では、無線LAN内の複数の基地局の状態を一元管理できない。   In the above-described conventional method, since only normal service radio waves are monitored between base stations, an unauthorized base station installed in a wireless LAN cannot be detected. The wireless LAN device has a unique security function, but if this function is not set, the wireless LAN device can be easily invaded from the outside by an illegally installed base station. Furthermore, in the above-described conventional method, it is not possible to centrally manage the states of a plurality of base stations in the wireless LAN.

本発明の目的は、無線LAN内の不正な基地局を検出することにある。   An object of the present invention is to detect an unauthorized base station in a wireless LAN.

又、本発明の目的は、無線LAN内の複数の基地局の状態を一元管理可能することにある。   Another object of the present invention is to be able to centrally manage the states of a plurality of base stations in a wireless LAN.

上記目的を達成するために本願発明は、無線LAN内に複数の基地局を監視する監視装置を設け、上記複数の基地局と上記監視装置との連携により不正な基地局を検出すると共に、上記複数の基地局を一元管理可能とした点に特徴がある。   In order to achieve the above object, the present invention provides a monitoring device for monitoring a plurality of base stations in a wireless LAN, detects an unauthorized base station through cooperation between the plurality of base stations and the monitoring device, and It is characterized in that a plurality of base stations can be centrally managed.

具体的には、無線LAN内の複数の基地局の各々は、他基地局の電波を受信し、上記受信した電波がはじめてであったり、前回と状態が変わっていたらその基地局に関する情報を監視装置に送信する。   Specifically, each of a plurality of base stations in a wireless LAN receives radio waves of other base stations, and monitors information related to the base stations if the received radio waves are the first or the state has changed from the previous time. Send to device.

監視装置は、上記基地局から送信される情報を受信する受信手段と、上記受信手段で受信した上記情報と予め登録された監視対象の基地局に関する情報から、不正な基地局もしくは状態に変化のあった基地局を検出する検出手段と、上記検出手段により検出された上記基地局に関する情報を出力する出力手段とを備える。   The monitoring device is configured to receive information transmitted from the base station, and the information received by the receiving means and information on the pre-registered base station to be monitored are changed to an unauthorized base station or state. Detection means for detecting a base station, and output means for outputting information on the base station detected by the detection means.

本発明によれば、無線LAN内の不正な基地局を検出すると共に、無線LAN内の複数の基地局を一元管理することができる。   According to the present invention, an unauthorized base station in a wireless LAN can be detected and a plurality of base stations in the wireless LAN can be centrally managed.

以下、本発明の実施の形態について、図面を参照して詳細に説明する。図1は、本発明を適用した無線LANシステム全体を示す図である。図1において、11は無線LAN監視装置であり、12、13といった無線LAN基地局(無線通信装置)と有線(太線)によるネットワークで接続されている。12、13の無線LAN基地局は、それぞれ配下にある無線LAN端末(例えば12の無線LAN基地局でいえば14の無線端末)と無線電波到達範囲(点線)内で無線通信し、無線LAN端末のデータを有線のネットワークに中継する。   Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a diagram showing an entire wireless LAN system to which the present invention is applied. In FIG. 1, reference numeral 11 denotes a wireless LAN monitoring device, which is connected to wireless LAN base stations (wireless communication devices) such as 12 and 13 via a wired (thick line) network. The wireless LAN base stations 12 and 13 wirelessly communicate with wireless LAN terminals under their control (for example, 14 wireless terminals in the case of 12 wireless LAN base stations) within a wireless radio wave reachable range (dotted line). Relay data to a wired network.

通常、無線LAN基地局の機能として無線LAN基地局同士で無線接続は行われないが、今回、届いている無線電波を管理・監視に利用する。仮に無線LAN基地局B13が管理者に許可されていない(不正の)無線LAN基地局であったとしても、無線LAN監視装置11からは有線のネットワークに接続している1つ端末としてしか認識出来ない。(この無線LAN基地局Bのセキュリティ設定が適切になされてないと、不正の無線LAN端末がこれを踏み台に内部のネットワークに侵入出来てしまう)。これが本発明によると、無線LAN基地局A12で無線LAN基地局B13の無線電波を受信して無線LAN監視装置11と連携することにより、不正な無線LAN基地局13を検出することが可能となる。   Normally, as a function of the wireless LAN base station, wireless connection between wireless LAN base stations is not performed, but the radio wave that has arrived this time is used for management and monitoring. Even if the wireless LAN base station B13 is an unauthorized wireless LAN base station not authorized by the administrator, the wireless LAN monitoring device 11 can recognize only one terminal connected to the wired network. Absent. (If the security settings of the wireless LAN base station B are not properly set, an unauthorized wireless LAN terminal can enter the internal network using this as a stepping stone). According to the present invention, the wireless LAN base station A12 can detect the unauthorized wireless LAN base station 13 by receiving the wireless radio wave of the wireless LAN base station B13 and cooperating with the wireless LAN monitoring device 11. .

図2は、図1における無線LAN監視装置11の構成を示すブロック図である。無線LAN監視装置11は、プロセッサ20と、プロセッサ20が実行する管理・監視プログラム21と、記憶部22と、受信部23と、入出力部24とを備えている。   FIG. 2 is a block diagram showing a configuration of the wireless LAN monitoring device 11 in FIG. The wireless LAN monitoring device 11 includes a processor 20, a management / monitoring program 21 executed by the processor 20, a storage unit 22, a receiving unit 23, and an input / output unit 24.

ここで、管理・監視プログラム21は、無線LAN基地局の各々から送られてきた情報を元に、管理者への連絡などの処理を行うためのものである。記憶部22には、管理している無線LAN基地局の一覧および各無線LAN基地局の設定や必要情報が登録された管理対象無線LAN基地局一覧表(テーブル)220と、各無線LAN基地局で検出された稼動中の無線LAN基地局を1つにまとめた集計表(テーブル)221が記憶されている。受信部23は、無線LAN基地局から送信される情報(管理情報)を受信する。入出力部24は、入力部と出力部からなり、入力部としてキーボード、出力部として表示画面(ディスプレイ)やスピーカ等である。上記出力部により、検出された不正な基地局を管理者に通知可能となる。   Here, the management / monitoring program 21 is for performing processing such as contacting an administrator based on information transmitted from each wireless LAN base station. The storage unit 22 includes a list of managed wireless LAN base stations, a management target wireless LAN base station list (table) 220 in which settings and necessary information of each wireless LAN base station are registered, and each wireless LAN base station. The tabulation table (table) 221 that stores the active wireless LAN base stations detected in step 1 is stored. The receiving unit 23 receives information (management information) transmitted from the wireless LAN base station. The input / output unit 24 includes an input unit and an output unit, and includes a keyboard as an input unit, a display screen (display), a speaker, and the like as an output unit. The output unit can notify the administrator of the detected unauthorized base station.

図3は、図1における無線LAN基地局(無線通信装置)12、13の構成を示すブロック図である。無線LAN基地局11は、プロセッサ30と、管理・監視プログラム31と、記憶部32と、無線インタフェース部33と、送信部34とを備えている。   FIG. 3 is a block diagram showing the configuration of the wireless LAN base stations (wireless communication apparatuses) 12 and 13 in FIG. The wireless LAN base station 11 includes a processor 30, a management / monitoring program 31, a storage unit 32, a wireless interface unit 33, and a transmission unit 34.

管理・監視プログラム31は、他無線LAN基地局の情報を収集し、状態に変化のあった無線LAN基地局に関する情報を無線LAN監視装置に送るためのものである。記憶部32には、本無線LAN基地局が監視する無線LAN基地局の一覧とその基地局に無線接続するのに必要な情報の一覧等が登録された監視対象無線LAN基地局一覧表(テーブル)320と、本無線LAN基地局で検出された他無線LAN基地局の一覧表(テーブル)321と、本無線LAN基地局で検出された前回までの結果をまとめた無線LAN基地局一覧表(テーブル)(テンポラリ検出一覧表)322とが記憶されている。無線インタフェース部33は、他無線LAN基地局からの無線電波を受信し、プロセッサ30が処理できる形の情報に変換する。送信部34は、無線LAN監視装置に必要な情報を送信する。   The management / monitoring program 31 is for collecting information on other wireless LAN base stations and sending information on wireless LAN base stations whose state has changed to the wireless LAN monitoring device. In the storage unit 32, a list of wireless LAN base stations to be monitored (table) in which a list of wireless LAN base stations monitored by the wireless LAN base station and a list of information necessary for wireless connection to the base station are registered. ) 320, a list (table) 321 of other wireless LAN base stations detected by this wireless LAN base station, and a wireless LAN base station list (summary) that summarizes the previous results detected by this wireless LAN base station ( Table) (temporary detection list) 322 is stored. The wireless interface unit 33 receives radio waves from other wireless LAN base stations and converts them into information that can be processed by the processor 30. The transmission unit 34 transmits information necessary for the wireless LAN monitoring device.

図4は、図3の無線LAN基地局における他無線LAN基地局の監視処理を示すフローチャートである。無線インタフェース部33により、他の無線基地局からの無線電波を受信すると(ステップ41)、プロセッサ30は、図8に示す監視対象基地局の管理データより、自身が監視する無線LAN基地局として登録されているかを確認する(ステップ42)。監視対象でなければ、プロセッサ30は、取得した無線情報を図10に示すテンポラリ用の検出一覧表に記録する(ステップ44)。又、監視対象の無線LAN基地局であれば、プロセッサ30は、図8に示す設定情報で該当する監視対象の無線LAN基地局に無線接続を試みる(ステップ43)。試みた結果(無線接続が出来る、あるいは出来ない)を無線情報として図10に示すテンポラリ検出一覧表に記録する(ステップ44)。次にプロセッサ30は、ステップ44で記録・作成されたテンポラリ検出一覧と、前回までの検出結果をまとめた図9の検出基地局一覧を基地局ごとに比較する(ステップ45)。ここで検出情報や接続結果が1つでも異なる無線LAN基地局は無線LAN監視装置に管理情報を送信し(ステップ46)、最後に図9の検出基地局一覧に差を反映させ(ステップ47)、次回はこの検出基地局一覧表を使用して状態を比較する。   FIG. 4 is a flowchart showing a monitoring process of another wireless LAN base station in the wireless LAN base station of FIG. When the radio interface unit 33 receives radio waves from other radio base stations (step 41), the processor 30 registers as a radio LAN base station to be monitored by itself based on the management data of the monitored base station shown in FIG. It is confirmed whether it is done (step 42). If not, the processor 30 records the acquired wireless information in the temporary detection list shown in FIG. 10 (step 44). If it is a wireless LAN base station to be monitored, the processor 30 tries to establish a wireless connection to the wireless LAN base station to be monitored with the setting information shown in FIG. 8 (step 43). The result of the attempt (whether or not wireless connection is possible) is recorded as wireless information in the temporary detection list shown in FIG. 10 (step 44). Next, the processor 30 compares the temporary detection list recorded and created in step 44 with the detection base station list of FIG. 9 that summarizes the detection results up to the previous time for each base station (step 45). Here, wireless LAN base stations having different detection information or connection results transmit management information to the wireless LAN monitoring device (step 46), and finally reflect the difference in the list of detected base stations in FIG. 9 (step 47). The next time, the status is compared using this list of detected base stations.

ここで、ステップ45でテンポラリ検出一覧と検出基地局一覧を比較するが、図9、図10を具体的に例としてみると、まず基地局Aの暗号が、“あり” から “なし” に変わり、接続結果も○(接続可能)から×(接続不可)に変わっている。これは基地局Aの設定が変更されてしまい、データが暗号化されなくなった可能性が高いといえる。また、次に基地局Bは逆に接続結果が×(接続不可)から○(接続可能)に変化している。これは基地局Bの設定が変更されてしまい、アクセス制限等が変わった可能性がある。次に基地局Cがテンポラリ検出一覧には存在していない。これは基地局Cが停止している、あるいは著しく電波状態が悪くなった可能性がある。次に検出基地局一覧に存在していない基地局Zがテンポラリ検出一覧にある。これは前回監視した後に新たに設置された可能性がある。基地局Zは図8の監視対象基地局一覧に登録されていないので、無線接続の試験はしていない。この図9、図10の比較結果から、無線LAN監視装置に送るデータ(ステップ46)は基地局A、基地局B、基地局C、基地局Zの情報になり、47でこれら4拠点分のデータを検出基地局一覧に反映させる。   Here, in step 45, the temporary detection list and the detected base station list are compared, and taking FIG. 9 and FIG. 10 as a specific example, the encryption of the base station A first changes from “present” to “none”. The connection result has also changed from ○ (connectable) to × (not connectable). It can be said that there is a high possibility that the setting of the base station A is changed and the data is not encrypted. On the other hand, the connection result of the base station B is changed from x (not connectable) to ○ (connectable). This may be because the setting of the base station B is changed and the access restriction or the like is changed. Next, the base station C does not exist in the temporary detection list. This may be because the base station C has stopped, or the radio wave condition has remarkably deteriorated. Next, a base station Z that does not exist in the detected base station list is in the temporary detection list. This may have been newly installed after the previous monitoring. Since the base station Z is not registered in the monitored base station list of FIG. 8, the wireless connection test is not performed. From the comparison results of FIG. 9 and FIG. 10, the data (step 46) to be sent to the wireless LAN monitoring device is information on the base station A, base station B, base station C, and base station Z. The data is reflected in the detected base station list.

図5は、図2の無線LAN監視装置における管理情報の確認処理を示すフローチャートである。まず、図4に示すステップ46のように、受信部23により、無線LAN基地局から送られてきた管理情報を受信すると(ステップ51)、プロセッサ20は、上記管理情報の送信元のLAN基地局が図11に示す管理対象無線LAN基地局一覧表の “監視基地局” に登録されているか否かを確認する(ステップ52)。もし図11の “監視基地局” に登録されていない基地局であれば、プロセッサ20は、管理対象外と判断し、上記受信した管理情報を破棄する(ステップ53)。逆に、図11に示す一覧表に登録されている基地局からの管理情報であれば、プロセッサ20は、その管理情報を受信する。次にプロセッサ20は、受信した管理情報が図11に示す管理対象無線LAN基地局の一覧表にある無線LAN基地局か否かを判断し(ステップ54)、表に登録されていなければ、無許可の無線LAN基地局として管理者に通知(入出力部24の内の出力部)する(ステップ55)。図11に示す一覧表に登録されていれば、管理対象の無線LAN基地局とし、管理者に報告する管理情報であれば管理者に通知(入出力部24の内の出力部)しそうでなければそのまま図12に示す無線LAN基地局集計表の該当項目を更新して終了する。   FIG. 5 is a flowchart showing management information confirmation processing in the wireless LAN monitoring apparatus of FIG. First, when the management information sent from the wireless LAN base station is received by the receiving unit 23 (step 51) as in step 46 shown in FIG. 4, the processor 20 sends the management base LAN base station to the management information. Is registered in the “monitoring base station” in the management target wireless LAN base station list shown in FIG. 11 (step 52). If the base station is not registered in the “monitoring base station” in FIG. 11, the processor 20 determines that it is not a management target, and discards the received management information (step 53). On the contrary, if it is the management information from the base station registered in the list shown in FIG. 11, the processor 20 receives the management information. Next, the processor 20 determines whether or not the received management information is a wireless LAN base station in the management target wireless LAN base station list shown in FIG. 11 (step 54). The administrator is notified as a permitted wireless LAN base station (output unit in the input / output unit 24) (step 55). If it is registered in the list shown in FIG. 11, the wireless LAN base station to be managed should be notified, and if it is management information to be reported to the administrator, the administrator should be notified (output unit in the input / output unit 24). If it is, the corresponding item in the wireless LAN base station summary table shown in FIG.

図6は、無線LAN監視装置11における稼動状況の確認処理を示すフローチャートである。無線LAN監視装置11に備えるプロセッサ30は、定期的に図11に示す管理対象無線LAN基地局一覧表と図12に示す線LAN監視基地局集計表を比較する(ステップ61)。図11に示す一覧表に存在し、図12の集計表に存在しない基地局があり、それが計画停止ではなく且つ監視対象であれば、プロセッサ30は、無線LAN基地局が障害として管理者に通知する(ステップ64)。逆に図11の一覧表に存在しなく、図12に示す集計表に存在する基地局は、プロセッサ30は、不許可の不正無線LAN基地局として管理者に通知する(ステップ66)。   FIG. 6 is a flowchart showing an operation status confirmation process in the wireless LAN monitoring device 11. The processor 30 included in the wireless LAN monitoring device 11 periodically compares the management target wireless LAN base station list shown in FIG. 11 with the line LAN monitoring base station summary table shown in FIG. 12 (step 61). If there is a base station that exists in the list shown in FIG. 11 and does not exist in the tabulation table of FIG. 12 and that is not a planned stop and is a monitoring target, the processor 30 notifies the administrator that the wireless LAN base station has failed. Notification is made (step 64). Conversely, the base station that does not exist in the list of FIG. 11 but exists in the tabulation table shown in FIG. 12 notifies the administrator as an unauthorized wireless LAN base station that is not permitted (step 66).

ここで、図11と図12を具体的に比較すると、基地局Cが図11の一覧表にあって図12の集計表に無い。基地局Cは監視対象となっているので管理者に通知する。基地局Eは基地局Cと同様に図11にあり図12にはないが、監視対象外なので管理者には報告しない。基地局Zは図11には無く、図12にある。このため、不許可な基地局と判断して管理者に報告する。   Here, when FIG. 11 and FIG. 12 are specifically compared, the base station C is in the list of FIG. 11 but not in the tabulation table of FIG. Since the base station C is a monitoring target, it notifies the administrator. Although the base station E is in FIG. 11 and not in FIG. 12 like the base station C, it is not monitored and is not reported to the administrator. Base station Z is not in FIG. 11 but in FIG. Therefore, it is determined that the base station is not permitted and is reported to the administrator.

図7は、無線LAN監視装置11における無線LAN基地局の設定ファイル管理処理を示すフローチャートである。管理対象である各無線LAN基地局の設定変更や、ファームウェアのバージョンアップを行う場合、無線LAN監視装置11側で図11に示す管理対象無線LAN基地局一覧表で、該当する部分を更新した一覧表や新しい設定ファイル、ファームウェアを用意する(ステップ71)。この一覧表を現在の一覧表と比較し(ステップ72)、差分があると、設定変更する基地局とその基地局を監視する基地局に管理情報を転送し無線LAN基地局側で設定をアップデートする(ステップ73、ステップ74)。最後に図11に示す表の該当する設定部分を更新し処理を完了する(ステップ75)。   FIG. 7 is a flowchart showing the setting file management process of the wireless LAN base station in the wireless LAN monitoring device 11. When changing the setting of each wireless LAN base station to be managed or upgrading the version of firmware, the wireless LAN monitoring apparatus 11 side updates the corresponding part in the management target wireless LAN base station list shown in FIG. A table, a new setting file, and firmware are prepared (step 71). This list is compared with the current list (step 72). If there is a difference, the management information is transferred to the base station whose settings are to be changed and the base station that monitors the base stations, and the settings are updated on the wireless LAN base station side. (Step 73, Step 74). Finally, the corresponding setting portion of the table shown in FIG. 11 is updated to complete the processing (step 75).

例えば基地局Fの暗号鍵を更新する場合、基地局Fの暗号鍵の部分を更新した一覧を用意し、現在の一覧と比較して基地局Fの暗号鍵が更新されたことを確認し、基地局Fと基地局Fを監視する基地局A、基地局Cに基地局Fの設定情報を転送し、基地局F、A、Cで該当する部分のアップデートを行い、無線LAN監視装置では図11に示す表を更新する。   For example, when updating the encryption key of the base station F, prepare a list in which the encryption key part of the base station F is updated, confirm that the encryption key of the base station F has been updated compared to the current list, The base station F and the base station A that monitors the base station F are transferred the setting information of the base station F to the base station C, and the base station F, A, C updates the corresponding part. 11 is updated.

以上説明した実施の形態によれば、無線LAN内に不正に設置された無線LAN基地局を検出することができる。又、無線LAN内の複数の無線LAN基地局の状態を一元管理可能となり、管理者の工数軽減とネットワークシステムとしてのセキュリティレベルの低下を免れることができる。   According to the embodiment described above, it is possible to detect a wireless LAN base station that is illegally installed in the wireless LAN. In addition, the state of a plurality of wireless LAN base stations in the wireless LAN can be centrally managed, and the man-hours for the administrator can be reduced and the security level of the network system can be avoided.

本発明を適用した無線LANシステム全体を示す図である。1 is a diagram illustrating an entire wireless LAN system to which the present invention is applied. 無線LAN監視装置11の構成を示すブロック図である。2 is a block diagram showing a configuration of a wireless LAN monitoring device 11. FIG. 無線LAN基地局12、13の構成を示すブロック図である。2 is a block diagram showing a configuration of wireless LAN base stations 12, 13. FIG. 無線LAN基地局の監視処理を示すフローチャートである。It is a flowchart which shows the monitoring process of a wireless LAN base station. 無線LAN監視装置11の管理情報の確認処理を示すフローチャートである。5 is a flowchart showing management information confirmation processing of the wireless LAN monitoring device 11; 無線LAN監視装置11の稼動状況の確認処理を示すフローチャートである。5 is a flowchart showing an operation status confirmation process of the wireless LAN monitoring device 11. 無線LAN監視装置11の設定ファイルの管理処理を示すフローチャートである。6 is a flowchart showing a setting file management process of the wireless LAN monitoring device 11; 無線LAN監視装置11の記憶部22に記憶されている管理対象の無線LAN基地局一覧を示す図である。FIG. 3 is a diagram showing a list of managed wireless LAN base stations stored in a storage unit 22 of the wireless LAN monitoring device 11. 無線LAN監視装置11の記憶部22に記憶されている無線LAN基地局の集計表を示す図である。FIG. 3 is a diagram showing a summary table of wireless LAN base stations stored in a storage unit 22 of the wireless LAN monitoring device 11. 無線LAN基地局12、13の記憶部32に記憶されている監視対象の無線LAN基地局一覧を示す図である。FIG. 3 is a diagram showing a list of monitored wireless LAN base stations stored in a storage unit 32 of wireless LAN base stations 12 and 13. 無線LAN基地局12、13の記憶部32に記憶されている検出無線LAN基地局一覧を示す図である。3 is a diagram showing a list of detected wireless LAN base stations stored in a storage unit 32 of wireless LAN base stations 12 and 13. FIG. 無線LAN基地局12、13の記憶部32に記憶されているテンポラリ検出一覧を示す図である。3 is a diagram showing a temporary detection list stored in a storage unit 32 of wireless LAN base stations 12 and 13. FIG.

符号の説明Explanation of symbols

11・・・無線LAN監視装置、12、13・・・無線LAN基地局14・・・無線端末、20、31・・・プロセッサ、21、31・・・監視・管理プログラム記憶部、22、32・・・テーブル(表)記憶部、23・・・受信部、34・・・送信部、24・・・入出力部、33・・・無線インタフェース部
DESCRIPTION OF SYMBOLS 11 ... Wireless LAN monitoring apparatus, 12, 13 ... Wireless LAN base station 14 ... Wireless terminal, 20, 31 ... Processor, 21, 31 ... Monitoring / management program storage part, 22, 32 ... Table storage unit, 23 ... Receiving unit, 34 ... Transmitting unit, 24 ... Input / output unit, 33 ... Wireless interface unit

Claims (5)

複数の基地局を監視する監視装置であって、
前記複数の基地局から送信される情報を受信する受信手段と、
前記受信手段により受信した前記情報と予め登録された監視対象の基地局に関する情報から、不正な基地局もしくは状態に変化のあった基地局を検出する検出手段と、
前記検出手段により検出された前記基地局に関する情報を出力する出力手段と、
を備えたことを特徴とする監視装置。 A monitoring device for monitoring a plurality of base stations,
Receiving means for receiving information transmitted from the plurality of base stations;
Detecting means for detecting an unauthorized base station or a base station whose state has changed, from the information received by the receiving means and information on a pre-registered base station to be monitored;
Output means for outputting information on the base station detected by the detection means;
A monitoring device comprising: 前記情報は、前記複数の基地局の各々が、他の基地局を監視することにより取得した前記他の基地局の状態情報であることを特徴とする請求項1記載の監視装置。   The monitoring apparatus according to claim 1, wherein each of the plurality of base stations is status information of the other base station acquired by monitoring the other base station. 複数の基地局からの電波を受信する受信手段と、
前記受信手段により受信した前記電波情報と予め登録された監視対象の基地局に関する情報から、不正な基地局もしくは状態に変化のあった基地局を検出する検出手段と、
前記検出手段により検出された前記基地局に関する情報を出力する出力手段と、
を備えたことを特徴とする無線通信装置。 Receiving means for receiving radio waves from a plurality of base stations;
Detecting means for detecting an unauthorized base station or a base station whose state has changed, from the radio wave information received by the receiving means and information on a pre-registered base station to be monitored;
Output means for outputting information on the base station detected by the detection means;
A wireless communication apparatus comprising: 複数の基地局と該複数の基地局の状態を管理する管理装置を有する無線LANシステムであって、
前記複数の基地局の各々は、他の基地局の状態情報を受信する受信手段と、該受信手段により受信した前記状態情報を前記管理装置に送信する送信手段とを備え、
前記管理装置は、前記基地局からの前記状態情報を受信する受信手段と、前記受信手段で受信した前記状態情報と予め登録された管理対象の基地局に関する情報から、不正な基地局もしくは状態に変化のあった基地局を検出する検出手段と、前記検出手段により検出された前記基地局に関する情報を出力する手段と、
を備えたことを特徴とする無線LANシステム。 A wireless LAN system having a plurality of base stations and a management device for managing the states of the plurality of base stations,
Each of the plurality of base stations includes receiving means for receiving status information of other base stations, and transmitting means for transmitting the status information received by the receiving means to the management device,
The management apparatus is configured to change the status information received from the base station, the status information received by the reception means, and information on the management target base station registered in advance to an unauthorized base station or status. Detecting means for detecting a base station having changed; means for outputting information on the base station detected by the detecting means;
A wireless LAN system comprising: 前記送信手段は、新たに検出された前記基地局に関する状態情報もしくは前記状態に変化のあった基地局に関する状態情報を前記監視装置に送信することを特徴とする請求項4記載の無線LANシステム。
5. The wireless LAN system according to claim 4, wherein the transmission unit transmits state information relating to the newly detected base station or state information relating to the base station whose state has changed to the monitoring device.
JP2003426170A 2003-12-24 2003-12-24 Monitoring apparatus, base station, and wireless lan system Pending JP2005184719A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2003426170A JP2005184719A (en) 2003-12-24 2003-12-24 Monitoring apparatus, base station, and wireless lan system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2003426170A JP2005184719A (en) 2003-12-24 2003-12-24 Monitoring apparatus, base station, and wireless lan system

Publications (1)

Publication Number Publication Date
JP2005184719A true JP2005184719A (en) 2005-07-07

Family

ID=34785781

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2003426170A Pending JP2005184719A (en) 2003-12-24 2003-12-24 Monitoring apparatus, base station, and wireless lan system

Country Status (1)

Country Link
JP (1) JP2005184719A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100695103B1 (en) 2006-01-20 2007-03-14 에스케이 텔레콤주식회사 System and method for unified managing of pan information
JP2007174287A (en) * 2005-12-22 2007-07-05 Nec Corp Radio packet communication system, radio packet base station, radio packet terminal and illegal communication canceling method
WO2010013812A1 (en) * 2008-08-01 2010-02-04 株式会社エヌ・ティ・ティ・ドコモ Mobile communication method and operation device
JP2010050743A (en) * 2008-08-21 2010-03-04 Canon Inc Wireless communication device and control method thereof
JP2010141405A (en) * 2008-12-09 2010-06-24 Sumitomo Electric Ind Ltd System and method for detecting unauthorized device
JP2011155521A (en) * 2010-01-27 2011-08-11 Kyocera Corp Method for authentication of mobile station device and base station apparatus
US8805422B2 (en) 2008-05-27 2014-08-12 Ntt Docomo, Inc. Network device to monitor radio base station and a method thereof
JP2017168909A (en) * 2016-03-14 2017-09-21 富士通株式会社 Radio communication program, method, and device
JP2018029255A (en) * 2016-08-17 2018-02-22 日本電信電話株式会社 Detection device, detection method and detection program for unmanaged radio transmission station

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007174287A (en) * 2005-12-22 2007-07-05 Nec Corp Radio packet communication system, radio packet base station, radio packet terminal and illegal communication canceling method
KR100695103B1 (en) 2006-01-20 2007-03-14 에스케이 텔레콤주식회사 System and method for unified managing of pan information
US8805422B2 (en) 2008-05-27 2014-08-12 Ntt Docomo, Inc. Network device to monitor radio base station and a method thereof
WO2010013812A1 (en) * 2008-08-01 2010-02-04 株式会社エヌ・ティ・ティ・ドコモ Mobile communication method and operation device
JP2010041260A (en) * 2008-08-01 2010-02-18 Ntt Docomo Inc Mobile communication method and operation device
JP2010050743A (en) * 2008-08-21 2010-03-04 Canon Inc Wireless communication device and control method thereof
JP2010141405A (en) * 2008-12-09 2010-06-24 Sumitomo Electric Ind Ltd System and method for detecting unauthorized device
JP2011155521A (en) * 2010-01-27 2011-08-11 Kyocera Corp Method for authentication of mobile station device and base station apparatus
JP2017168909A (en) * 2016-03-14 2017-09-21 富士通株式会社 Radio communication program, method, and device
JP2018029255A (en) * 2016-08-17 2018-02-22 日本電信電話株式会社 Detection device, detection method and detection program for unmanaged radio transmission station

Similar Documents

Publication Publication Date Title
US10373460B2 (en) Integrated security network
EP1511225B1 (en) Change of access point in a wireless local area network with test of connection before changeover
US7657248B2 (en) Wireless LAN system, wireless LAN access point, wireless LAN terminal and activation control method for use therewith
JP4268044B2 (en) System and method for monitoring the status of network devices
US7903646B2 (en) Wireless communication system allowing group identification information to be publicly available and to be hidden, wireless access point device, and communication method and program for wireless access point device
US7680085B2 (en) Out-of-band management and traffic monitoring for wireless access points
US20140204727A1 (en) Redundant control of self-configuring wireless network
JP5163337B2 (en) Relay device, data processing method thereof, monitoring method, wireless communication system, and management device
US11531744B1 (en) Secure unlock of a device
CN101427538A (en) Supervision of high value assets
WO2005072075A2 (en) Arrangement of units to form a monitoring system
JP2005184719A (en) Monitoring apparatus, base station, and wireless lan system
JP2008028892A (en) Wireless communication system
US20060058053A1 (en) Method for logging in a mobile terminal at an access point of a local communication network, and access point and terminal for carrying out the method
JP2008258755A (en) Transceiving method of file and system
WO2018190223A1 (en) Wireless communication system, master device, master device control method, and program
WO2022045332A1 (en) Relay device, terminal, and relay method
CA2599919C (en) A method of relaying an electronic message to a handheld electronic device beyond the coverage area of a wireless network
WO2009148126A1 (en) Mobile communication method, mobile communication system, and information transmission device
JP2007243345A (en) Unauthorized access point detection method, access point apparatus, and wireless lan system
JP2002182923A (en) Device control system
JP2006318383A (en) Program downloading method and communication system
EP4404051A1 (en) Method to securely update over-the-air firmware
JP2016099805A (en) Gateway device, monitoring system, monitoring method and monitoring program
JP4307409B2 (en) Recovery method and base station apparatus and base station system using the same

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20051006

RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20060424

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20070921

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20071002

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20071121

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20080527