CN102006684B - Wireless router with guest network function and implementation method thereof - Google Patents
Wireless router with guest network function and implementation method thereofDownload PDFInfo
- Publication number
- CN102006684B CN102006684BCN201010572284.3ACN201010572284ACN102006684BCN 102006684 BCN102006684 BCN 102006684BCN 201010572284 ACN201010572284 ACN 201010572284ACN 102006684 BCN102006684 BCN 102006684B
- Authority
- CN
- China
- Prior art keywords
- module
- user
- wireless
- processing module
- wireless user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription12
- 238000012545processingMethods0.000claimsabstractdescription79
- 238000000060site-specific infrared dichroism spectroscopyMethods0.000claimsdescription26
- 230000006870functionEffects0.000claimsdescription18
- 238000012546transferMethods0.000claimsdescription12
- 230000005540biological transmissionEffects0.000claimsdescription6
- 238000005516engineering processMethods0.000description2
- 238000002955isolationMethods0.000description2
- 238000013459approachMethods0.000description1
- 230000009286beneficial effectEffects0.000description1
- 238000004891communicationMethods0.000description1
- 238000013500data storageMethods0.000description1
- 238000013461designMethods0.000description1
- 238000011161developmentMethods0.000description1
- 238000010586diagramMethods0.000description1
- 238000007726management methodMethods0.000description1
- 238000007639printingMethods0.000description1
- 230000000717retained effectEffects0.000description1
Images
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Technical field
The present invention relates to a kind of router and its implementation, specifically, relate to a kind of wireless router with client network function and its implementation.
Background technology
Along with interfirm cooperation exchange frequent, many businesspersons all can be visited to enterprise by carrying notebook computer so that better cooperation communication and work exchange, this just relates to the needs that client uses enterprise network.For meeting business demand and this enterprise information security between enterprise, at this moment enterprise network management just need to reach two requirements, and the one, client can access the Internet and the company of use printing device easily; The 2nd, for guaranteeing the information security of enterprise, client can not visited company Intranet.
But, traditional wireless or wiring logging-on function mode if reach does not allow the object of guest access corporate intranet, need to each client IP be realized by complicated firewall rule by each visiting guest is arranged separately to IP, i.e. the time-consuming operating efficiency that affects again.Also there is at present wireless routing utensil to have many SSID function, allow wireless terminal network with different safety certifications and cipher mode, but do not make the router product of wireless client and corporate intranet isolation at present.
Summary of the invention
The object of the present invention is to provide a kind of wireless router with client network function, utilize router interior structure control user's access path, solve the safety problem that is difficult to guarantee local area network (LAN) when guest utilizes Intranet access the Internet, when guaranteeing that guest normally accesses the Internet, avoid guest access enterprises lan, thereby guarantee being perfectly safe of internal lan.
To achieve these goals, the technical solution used in the present invention is as follows;
Wireless router with client network function, comprise central processing module, the memory module being connected with central processing module respectively, RF module, wire user access interface and the Internet access interface, the DC-DC module being connected with central processing module, memory module respectively, described central processing module inside is also provided with the data processing unit for isolating exterior user side and internal user end access path, and this data processing unit is connected with RF module, wire user access interface and the Internet access interface respectively.
Specifically, described data processing unit comprises accessing wirelessly control module, internal wireless user processing module, external wireless user's processing module, inner wire user processing module, default guest's network SSID and owner's network SSID in accessing wirelessly control module, and enter opening, this accessing wirelessly control module is connected on RF module by being arranged at the wireless modular converter of data processing unit outside, respectively by internal wireless user processing module, external wireless user's processing module is connected on the Internet access interface, respectively by internal wireless user processing module, inner wire user processing module is connected on wire user access interface.
Say further, described memory module comprises RAM memory module and ROM storage module.
Furthermore, described wire user access interface is LAN ethernet port, and the Internet access interface is WAN ethernet port.Wherein, between LAN ethernet port and inner wire user processing module, be provided with lan switch module, between WAN ethernet port and inner wire user processing module, internal wireless user processing module, external wireless user's processing module, be provided with WAN module.
The type of wireless user's end of request is sent in the judgement of accessing wirelessly control module; If the wireless user's type sending request is internal user, accessing wirelessly control module transfers to internal wireless user processing module by the request from wireless user's end, and access internal lan, or/and access the Internet by WAN module; If the wireless user's type sending request is external user, accessing wirelessly control module transfers to external wireless user processing module by the connection request from wireless user's end, and then accesses the Internet by WAN module.
Say further again, for the ease of guest, use the associated external USB device irrelevant with corporate secret, in described central processing module, be also provided with for connecting the USB module of external USB equipment, this USB module is connected with inner wire user processing module, internal wireless user processing module, external wireless user's processing module respectively.Described external USB equipment is as printer, scanning machine etc.
On the basis of above-mentioned hardware device, the present invention also provides the implementation method of a profit with the wireless router of client network function, comprises the following steps:
(1) default guest's network SSID and owner's network SSID in accessing wirelessly control module, and enter opening;
(2) user side sends connection request to router, and router judges the transmission means of this connection request;
(3) network connection transmission if, connects according to the normal operation mode of router; Otherwise, connection request being sent to wireless modular converter by RF module, wireless modular converter sends to accessing wirelessly control module by it;
(4) type of wireless user's end of request is sent in the judgement of accessing wirelessly control module;
(5) if the wireless user's type sending request is internal user, accessing wirelessly control module transfers to internal wireless user processing module by the request from wireless user's end, and access internal lan, or/and access the Internet by WAN module; If the wireless user's type sending request is external user, accessing wirelessly control module transfers to external wireless user processing module by the connection request from wireless user's end, and then accesses the Internet by WAN module.
For improving security performance, in described step (1), owner's network SSID is encrypted by WPA2-PSK.By adopting current state-of-the-art WPA2-PSK encryption method to be encrypted owner's network SSID, to improve the fail safe of owner's network SSID, reduce to greatest extent guest by the possibility of owner's network SSID access internal lan.
In above-mentioned each step, in step (3), the normal operation mode of router refers to: inner wire user couple in router, by lan switch module, send the request to inner wire user processing module again, and connect with internal lan, or/and connect by WAN module and the Internet.In step (4), accessing wirelessly control module judgement wireless user holds the method for type to comprise: accessing wirelessly control module records the MAC Address of guest's network SSID; Accessing wirelessly control module is confirmed the target MAC (Media Access Control) address of the connection request that wireless user's end sends, and it and the MAC Address of guest's network SSID are contrasted; If the target MAC (Media Access Control) address of described connection request is identical with the MAC Address of guest's network SSID, judge that this wireless user's end is external user, otherwise, determine that it is internal user.
Design principle of the present invention: by the improvement to router and its implementation, the access path of the access path of external user and internal user is kept apart completely, after judgement user's type, controlling external user can only be by its corresponding access path access the Internet, or use the external USB equipment such as printer, and can not access enterprises lan, thereby avoid causing because of guest access enterprises lan the network security problem of enterprise's secret leakage.
The present invention has not only isolated the path that external wireless user accesses the Internet, guaranteed internet security, meanwhile, also the basic function that has retained router, be the regular situation that enterprises staff surfs the Net by router: when enterprises wire user termination enters wireless router, by lan switch module, connection request is sent to inner wire user processing module, access internal lan and external USB equipment, even access the Internet by WAN module.
In the present invention, so-called outside is divided with inside, for user side, refers to dividing of internal staff and visiting guest; For network, refer to the local area network (LAN) of enterprises and dividing of the Internet.The non-personnel of our company that so-called guest's network SSID refers to accessed enterprise, interchange SSID used when utilizing our company's access to netwoks the Internet, and owner's network SSID refers to SSID used when the internal staff of our company utilizes our company's access to netwoks internal lan or the Internet.
Compared with prior art, the present invention has following beneficial effect:
1. the present invention has controlled the path of guest when enterprises accesses network effectively, the approach of having broken off guest access enterprises lan, having improved the security performance of enterprises lan, is the large technological innovation of one on network security technology, for a new way has been opened up in the development of industry.
2. the present invention, when guaranteeing enterprises lan safety, has realized the normal access of guest to the Internet, and the normal use to outside USB device, thus carrying out smoothly of having guaranteed that guest exchanges with enterprise.
3. the present invention adopts a router to realize the function of two routers, the perfection that is a tractor serves several purposes embodies, and not only for enterprise has saved cost, has also avoided, for guest, IP, gateway supervisor are set specially, the flow process of greatly having simplified accesses network, has improved operating efficiency.
The present invention is mainly used in the local area network (LAN) of enterprises, has very high practical and popularizing value.
Accompanying drawing explanation
Fig. 1 is the system block diagram of the present invention-embodiment.
Fig. 2 is the schematic flow sheet of the present invention-embodiment.
Embodiment
Below in conjunction with accompanying drawing and embodiment, the invention will be further described.
Embodiment
As shown in Figure 1 and Figure 2, with the wireless router of client network function, mainly three access path, consist of, concrete condition is as follows:
One. inner wire user is accessed local area network (LAN), external USB equipment or the Internet
The main hardware equipment of access path comprises: lan switch module, inner wire user processing module, USB module and WAN module.User access path: inner wire user end sends connection request by LAN ethernet port to lan switch module, lan switch module transfers to inner wire user processing module by connection request, according to request target MAC (Media Access Control) address, connect with external USB equipment, or connect with internal lan, or go to WAN module, by WAN ethernet port and the Internet, connect.
Two. internal wireless user accesses local area network (LAN), external USB equipment or the Internet
The main hardware equipment of access path comprises: RF module, wireless modular converter, accessing wirelessly control module, internal wireless user processing module, USB module and WAN module.User access path: internal wireless user side sends to wireless modular converter by RF module by connection request, wireless modular converter converts wireless signal to network signal, then transfer to accessing wirelessly control module, accessing wirelessly control module transfers to internal wireless user processing module by request, according to request target MAC (Media Access Control) address, connect with external USB equipment, or go to WAN module, then by WAN ethernet port and the Internet, connect, or go to inner wire user processing module and internal lan connects.
Above-mentioned two situations are the owner's network access path described in the present invention.
Three. external wireless user accesses the Internet or external USB equipment
The main hardware equipment of access path comprises: RF module, wireless modular converter, accessing wirelessly control module, external wireless user's processing module, USB module and WAN module.User access path: external wireless user side sends to wireless modular converter by RF module by connection request, wireless modular converter converts wireless signal to network signal, then transfer to accessing wirelessly control module, accessing wirelessly control module is sent to WAN module by request by external wireless user processing module, again according to request target MAC (Media Access Control) address, connect with the Internet, or connect with external USB equipment.
This kind of situation is the guest's network access path described in the present invention.
In above-mentioned three kinds of situations, except the hardware device of access path, also need to guarantee other equipment of router normal operation, main promising system provides the DC-DC module of power supply, and RAM memory module and ROM storage module that data storage function is provided.Wherein, DC-DC module connects respectively RF module, RAM memory module, ROM storage module, and the central processing module being comprised of data processing unit, wireless modular converter, USB module, lan switch module and WAN module; Described data processing unit is comprised of accessing wirelessly control module, internal wireless user processing module, inner wire user processing module and external wireless user processing module, its function is: in the situation that guaranteeing the normal access of network, realize the isolation of different user end access path in the present invention, reach the object of restriction guest access internal lan.
Specific works process of the present invention is as follows:
First start DC-DC module, make whole router in running order.User side sends after connection request, router first judge this request be by network connection, transmit or by wireless network transmissions, if transmit by network connection, connection request is sent to lan switch module by LAN ethernet port, and then is transferred to inner wire user processing module.If the target MAC (Media Access Control) address of this connection request is the Internet, connection request is sent to WAN module, by WAN ethernet port and the Internet, connect, realize the access to the Internet; Otherwise, directly and internal lan or external USB equipment connect.
If connection request, by wireless network transmissions, is sent to wireless modular converter by RF module by connection request, wireless modular converter converts wireless signal to network signal, sends to accessing wirelessly control module.Accessing wirelessly control module compares the MAC Address of user side and the MAC Address of guest's network SSID of sending connection request, if identical, judge that the user side that sends connection request is external wireless user side, now, accessing wirelessly control module is sent to WAN module by external wireless user processing module by connection request, WAN module judges whether the target MAC (Media Access Control) address of this connection is internal lan, if, abandon data, otherwise, connect with the Internet or external USB equipment.If it is not identical with the MAC Address of guest's network SSID to send the MAC Address of user side of connection request, judge that the user side that sends connection request is internal wireless user side, now, accessing wirelessly control module is sent to internal wireless user processing module by connection request, and according to the target MAC (Media Access Control) address of connection request, connect with internal lan, external USB equipment or the Internet.
According to above-described embodiment, just can realize well the present invention.Above-described embodiment is only optimum embodiment of the present invention, and protection scope of the present invention includes but not limited to above-described embodiment.
Claims (6)
1. with the wireless router of client network function, comprise central processing module, the memory module being connected with central processing module respectively, RF module, wire user access interface and the Internet access interface, the DC-DC module being connected with central processing module, memory module respectively, it is characterized in that, described central processing module inside is provided with the data processing unit for isolating exterior user side and internal user end access path, and this data processing unit is connected with RF module, wire user access interface and the Internet access interface respectively, wherein, described data processing unit comprises accessing wirelessly control module, internal wireless user processing module, external wireless user's processing module, inner wire user processing module, default guest's network SSID and owner's network SSID in accessing wirelessly control module, and enter opening, this accessing wirelessly control module is connected on RF module by being arranged at the wireless modular converter of data processing unit outside, respectively by internal wireless user processing module, external wireless user's processing module is connected on the Internet access interface, respectively by internal wireless user processing module, inner wire user processing module is connected on wire user access interface, described wire user access interface is LAN ethernet port, and the Internet access interface is WAN ethernet port, between described LAN ethernet port and inner wire user processing module, be provided with lan switch module, between WAN ethernet port and inner wire user processing module, internal wireless user processing module, external wireless user's processing module, be provided with WAN module, in described central processing module, be also provided with for connecting the USB module of external USB equipment, this USB module is connected with inner wire user processing module, internal wireless user processing module, external wireless user's processing module respectively, the type of wireless user's end of request is sent in the judgement of accessing wirelessly control module, if the wireless user's type sending request is internal user, accessing wirelessly control module transfers to internal wireless user processing module by the request from wireless user's end, and access internal lan, or/and access the Internet by WAN module, if the wireless user's type sending request is external user, accessing wirelessly control module transfers to external wireless user processing module by the connection request from wireless user's end, and then accesses the Internet by WAN module.
2. the wireless router with client network function according to claim 1, is characterized in that, described memory module comprises RAM memory module and ROM storage module.
3. the implementation method of the wireless router with client network function as claimed in claim 1 or 2, is characterized in that, comprises the following steps:
(1) default guest's network SSID and owner's network SSID in accessing wirelessly control module, and enter opening;
(2) user side sends connection request to router, and router judges the transmission means of this connection request;
(3) network connection transmission if, connects according to the normal operation mode of router; Otherwise, connection request being sent to wireless modular converter by RF module, wireless modular converter sends to accessing wirelessly control module by it;
(4) type of wireless user's end of request is sent in the judgement of accessing wirelessly control module;
(5) if the wireless user's type sending request is internal user, accessing wirelessly control module transfers to internal wireless user processing module by the request from wireless user's end, and access internal lan, or/and access the Internet by WAN module; If the wireless user's type sending request is external user, accessing wirelessly control module transfers to external wireless user processing module by the connection request from wireless user's end, and then accesses the Internet by WAN module.
4. the implementation method of the wireless router with client network function according to claim 3, is characterized in that, in described step (1), owner's network SSID is encrypted by WPA2-PSK.
5. the implementation method of the wireless router with client network function according to claim 4, it is characterized in that, in described step (3), the normal operation mode of router refers to: inner wire user couple in router, by lan switch module, send the request to inner wire user processing module again, and connect with internal lan, or/and connect by WAN module and the Internet.
6. the implementation method of the wireless router with client network function according to claim 5, is characterized in that, in described step (4), accessing wirelessly control module judgement wireless user holds the method for type to comprise:
Accessing wirelessly control module records the MAC Address of guest's network SSID;
Accessing wirelessly control module is confirmed the target MAC (Media Access Control) address of the connection request that wireless user's end sends, and it and the MAC Address of guest's network SSID are contrasted;
If the target MAC (Media Access Control) address of described connection request is identical with the MAC Address of guest's network SSID, judge that this wireless user's end is external user, otherwise, determine that it is internal user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010572284.3ACN102006684B (en) | 2010-12-03 | 2010-12-03 | Wireless router with guest network function and implementation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010572284.3ACN102006684B (en) | 2010-12-03 | 2010-12-03 | Wireless router with guest network function and implementation method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102006684A CN102006684A (en) | 2011-04-06 |
| CN102006684Btrue CN102006684B (en) | 2014-01-29 |
Family
ID=43813643
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010572284.3AActiveCN102006684B (en) | 2010-12-03 | 2010-12-03 | Wireless router with guest network function and implementation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102006684B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103152360A (en)* | 2013-03-25 | 2013-06-12 | 上海斐讯数据通信技术有限公司 | Method for visitors to access network based on wireless router |
| CN103607372B (en)* | 2013-08-19 | 2016-12-28 | 深信服网络科技(深圳)有限公司 | The authentication method of network insertion and device |
| CN103731820A (en)* | 2014-01-12 | 2014-04-16 | 绵阳师范学院 | Method for access control based on MAC address conversion in IPv6 wireless router |
| CN104038402A (en)* | 2014-06-11 | 2014-09-10 | 普联技术有限公司 | Method for realizing visitor network, and wireless router |
| CN104936179A (en)* | 2015-06-08 | 2015-09-23 | 广东美的暖通设备有限公司 | Method and system for controlling electric appliance to access router |
| CN106899576A (en)* | 2017-01-20 | 2017-06-27 | 烽火通信科技股份有限公司 | Guest network function realizing method based on home gateway |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7676675B2 (en)* | 2003-06-06 | 2010-03-09 | Microsoft Corporation | Architecture for connecting a remote client to a local client desktop |
| CN101299694B (en)* | 2007-04-30 | 2012-04-25 | 华为技术有限公司 | Method and system for visitor management in home network, and home gateway |
| CN101610215B (en)* | 2009-07-21 | 2011-08-17 | 杭州华三通信技术有限公司 | Route forwarding method and gateway equipment |
| CN201854437U (en)* | 2010-12-03 | 2011-06-01 | 成都飞鱼星科技开发有限公司 | Wireless router with client network function |
- 2010
- 2010-12-03CNCN201010572284.3Apatent/CN102006684B/enactiveActive
Also Published As
| Publication number | Publication date |
|---|---|
| CN102006684A (en) | 2011-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102006684B (en) | Wireless router with guest network function and implementation method thereof | |
| CN103139872B (en) | The cut-in method to wireless network based on shared communication and wireless terminal device | |
| CN101039310B (en) | Link sharing service apparatus and communication method thereof | |
| CN103152183A (en) | Electric modem switching device and method for mutual switching of electric signals and network signals | |
| CN201700013U (en) | 3g router | |
| CN101854732A (en) | Method for accessing wired Ethernet through WiFi wireless network | |
| TW201036355A (en) | Power saving method for wireless access point | |
| CN108681287A (en) | Intelligent lifter system and its control method | |
| CN202285423U (en) | Intelligent set top box | |
| CN102612033B (en) | Mobile phone with thin wireless access point and communication method for mobile phone | |
| CN102035703A (en) | Family wireless network and implementation method thereof | |
| HK1205328A1 (en) | Access control system, method and apparatus | |
| CN201854437U (en) | Wireless router with client network function | |
| CN104065689A (en) | Broadband wireless access sharing and advertising method | |
| CN101197708B (en) | Net element automatic discovering and configuring method | |
| CN202261807U (en) | Network security wireless router | |
| CN101516091A (en) | Wireless local area network access control system and method based on ports | |
| CN102394758A (en) | MESH network system | |
| EP2770672A2 (en) | System of wireless communication, and method of management | |
| CN205681443U (en) | Data integrated system based on multiple Virtual network operators | |
| CN101909291A (en) | Method for controlling wireless network switch | |
| CN108366368A (en) | A kind of electric power cloud platform system and its radio switch-in method based on Wi-Fi | |
| CN115361152A (en) | Encryption system and encryption method for seamless access to existing network | |
| CN103001890A (en) | Network access control method | |
| CN102421205A (en) | Zigbee network coordinator |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | Owner name:CHENGDU FEIYUXING TECHNOLOGY CO., LTD. Free format text:FORMER NAME: CHENGDU VOLANS TECHNOLOGY DEVELOPMENT CORPORATION. | |
| CP03 | Change of name, title or address | Address after:The middle high tech Zone Yizhou road in Chengdu city of Sichuan province 610000 No. 1800 Tianfu Software Park G District 4 Building 7-8F Patentee after:VOLANS TECHNOLOGY DEVELOPMENT CORPORATION Address before:610000, No. 12-13, building 6, D zone, Tianfu Software Park, 216 century South Road, Tianfu District, Chengdu, Sichuan Patentee before:Chengdu VOLANS Technology Development Corporation. |