Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to improve the detection defense effect on the wireless local area network, the embodiment of the invention provides a method and a device for determining detection equipment, an access controller and a storage medium.
In a first aspect, a method for determining a detection device applied to an AC according to an embodiment of the present invention is described.
A schematic diagram of a system architecture of the WIPS is shown in fig. 1, where the WIPS refers to a system capable of detecting an illegal AP and an unauthorized client within a wireless range and automatically taking countermeasures. A WIPS includes an AC101, a plurality of APs 102, and a plurality of clients 103. The detection device for detecting the network can be at least one of a plurality of APs, the AC is used for determining the detection device in the plurality of APs through the configuration policy, and the client can realize wireless communication through connecting with the APs.
As shown in fig. 2, a method for determining a detection device according to an embodiment of the present invention is applied to an AC, and the method for determining a detection device may include the following steps:
s201, sending a trigger message to a plurality of APs to be selected.
The trigger message is used for triggering a plurality of to-be-selected APs to report parameters for determining the detection equipment, and when the WIPS needs to perform intrusion prevention, the AC issues the trigger message to the plurality of to-be-selected APs according to an intrusion prevention request set by a user or an intrusion prevention starting state configured by a system, wherein the to-be-selected APs may be all APs in the WIPS or may be part of APs in the WIPS. In order to fully utilize the APs, it may be preset that some APs can be used for detection so as not to affect the service function of the APs used for other services, and thus, the trigger message may be sent to the APs capable of being used for detection, and specifically, the APs used for detection may be configured by the user through selection, or the system may be determined according to the historical service message of each AP. After the AC issues the trigger message to the multiple APs to be selected, the AC may trigger the multiple APs to be selected to report and determine parameters of the detection device, where the parameters may include respective neighbor AP information counted by the APs, service information such as a wireless service switch state and a signal strength of the AP itself, and the neighbor AP information may be the number of neighbor APs determined by the AP to be selected by counting the number of channels connected to the AP to be selected, or the strength of the neighbor APs obtained by analyzing the signal strength of the channel connected to the AP to be selected.
S202, receiving respective neighbor AP information reported by a plurality of APs to be selected after receiving the trigger message.
After receiving the trigger message, the plurality of to-be-selected APs send the counted respective neighbor AP information to the AC, and after receiving the respective neighbor AP information reported by the plurality of to-be-selected APs, the AC can store the neighbor AP information in an internal storage unit of the AC, so that the neighbor AP information can be directly read from the internal storage unit of the AC when the determination step of the detection device is performed subsequently; certainly, the AC may also determine the detection device in real time when receiving the respective neighbor AP information reported by the multiple APs to be selected.
S203, based on the neighbor AP information of each AP to be selected, determining the AP with the neighbor AP information meeting the preset requirement as the detection equipment from the APs to be selected, and informing the detection equipment to start the WIPS function.
The AC may obtain the number of neighbor APs of each AP to be selected or the strength of the neighbor AP of each AP to be selected according to the neighbor AP information of each of the plurality of APs to be selected. The greater the number of the neighbor APs or the stronger the strength of the neighbor APs, the greater the possibility that the AP to be selected is determined as the detection device is, and therefore, the AP whose neighbor AP information meets the preset requirement may be determined as the detection device, where the preset requirement may be a limitation on the number of the neighbor APs or the strength of the neighbor APs, for example, the preset requirement may be a preset number threshold or a preset strength threshold, and the like. In general, the detection device is one of a plurality of APs to be selected, and the AC may select one AP from the APs whose neighbor AP information satisfies the preset requirement as the detection device, and may also restrict the preset requirement more strictly, so that only one AP whose neighbor AP information satisfies the preset requirement may be obtained. One AP is selected as the detection equipment from the APs of which the neighbor AP information meets the preset requirement, and the AP can be selected randomly or according to the preset condition. Of course, if the detection device is a plurality of APs to be selected, the detection device also belongs to the protection scope of the embodiment of the present invention, and may be specifically limited in the preset requirement.
By applying the embodiment, the AC issues a trigger message for triggering the plurality of APs to be selected to report and determine the parameters of the detection device, after receiving the trigger message, each AP to be selected reports the counted neighbor AP information to the AC, and the AC determines, according to the neighbor AP information of each AP to be selected, an AP whose neighbor AP information meets the preset requirement from the plurality of APs to be selected as the detection device, and notifies the detection device to start the WIPS function. The determination of the detection equipment is related to neighbor AP information of each AP to be selected, the neighbor AP information reflects the actual structure and the network environment of the wireless local area network, and the AP with the neighbor AP information meeting the preset requirements is determined as the detection equipment aiming at the current network environment, so that the determined detection equipment can detect the channel according to the preset requirements, and the detection defense effect on the wireless local area network is improved.
In addition, the method for determining the detection device provided by the embodiment of the invention can also be applied to the AP.
As shown in fig. 3, a method for determining a detection device according to an embodiment of the present invention is applied to an AP, and the method for determining a detection device may include the following steps:
s301, when receiving the trigger message sent by the AC, counting the neighbor AP information.
When the WIPS needs to perform intrusion prevention, the AC sends a trigger message to a plurality of APs to be selected according to an intrusion prevention request set by a user or an intrusion prevention starting state configured by the system, so as to trigger the APs to report and determine parameters of the detection device, wherein the APs to be selected may be all APs in the WIPS or a part of APs in the WIPS. The AP statistics of the neighbor AP information can be carried out in real time, namely the neighbor AP information is counted once when the trigger message is received; or when receiving the trigger message, starting timing and configuring a preset period, and the AP starts to count the neighbor AP information as soon as receiving the trigger message, and counts all the neighbor AP information in the preset period.
S302, reporting the neighbor AP information to the AC.
If the AP counts the neighbor AP information in real time, counting the neighbor AP information once after receiving the trigger message, and reporting the counted neighbor AP information to the AC; and if the AP statistics of the neighbor AP information is the statistics of all the neighbor AP information in the preset period, reporting all the counted neighbor AP information to the AC when the preset period is reached. The AP reports the neighbor AP information to the AC, so that the AC can determine the AP with the coverage area meeting the preset requirement as the detection equipment from the multiple APs to be selected based on the respective neighbor AP information of the multiple APs to be selected.
By applying the embodiment, the AC issues a trigger message for triggering the plurality of APs to be selected to report and determine the parameters of the detection device, after receiving the trigger message, each AP to be selected reports the counted neighbor AP information to the AC, and the AC determines, according to the neighbor AP information of each AP to be selected, an AP whose neighbor AP information meets the preset requirement from the plurality of APs to be selected as the detection device, and notifies the detection device to start the WIPS function. The determination of the detection equipment is related to neighbor AP information of each AP to be selected, the neighbor AP information reflects the actual structure and the network environment of the wireless local area network, and the AP with the neighbor AP information meeting the preset requirements is determined as the detection equipment aiming at the current network environment, so that the determined detection equipment can detect the channel according to the preset requirements, and the detection defense effect on the wireless local area network is improved.
For convenience of understanding, the following describes a determination method of a detection device from the interaction perspective of an AC and an AP to be selected, and as shown in fig. 4, a timing chart of the determination method of the detection device provided by the embodiment of the present invention is given.
Firstly, the AC determines an AP which can be used as a detection device from a plurality of APs according to a preset configuration strategy, and the AP is used as an AP to be selected.
The AC may divide the plurality of APs into different groups by a preset configuration policy, may divide the APs capable of serving as the detection device into the same group, and may determine, as the detection device, only the AP added to the group, and therefore may determine the AP capable of serving as the detection device as the AP to be selected and determine the detection device from the APs to be selected. Of course, the AP that does not join the above-mentioned packet may be determined as the detection device by means of existing manual settings. The operation of determining the detecting devices of the present embodiment may be performed when the number of the detecting devices is less than or equal to half of the number of the APs added to the packet. Of course, the trigger condition for performing the operation of determining the detection devices may be that the number of preset detection devices is less than or equal to one third, one fourth, and so on of the number of APs added to the packet. In general, the number of the preset detection devices may be configured to be 1. If the number of the detection devices is not configured by default, the detection devices can be determined in the existing manual setting mode, and the operation of determining the detection devices in the embodiment is not executed.
And secondly, the AC sends a trigger message to a plurality of APs to be selected.
And thirdly, when the AP to be selected receives the trigger message, counting the number of the neighbor APs in a preset period.
When receiving the trigger message, the AP to be selected starts counting the number of neighbor APs and starts timing, configures a preset period, starts timing from 0 second, starts counting the number of neighbor APs from 0 second, and stops counting the number of neighbor APs when the recorded time reaches the preset period, for example, the preset period is configured to 30s, that is, the recorded time reaches 30 s. Because the connection condition of the network changes in real time, the number of neighbor APs counted in a short time may not accurately reflect the network connection condition, and therefore, in this embodiment, a preset period is set, and the number of neighbor APs in a period is counted, so that the connection condition of the network is more accurately reflected.
And step four, reporting the counted number of the neighbor APs to the AC by the AP to be selected.
The AP to be selected reports the number of neighbor APs counted in the preset period to the AC, for example, the first AP to be selected reports 30 neighbor APs counted in 30s to the AC, the second AP to be selected reports 15 neighbor APs counted in 30s to the AC, the third AP to be selected reports 18 neighbor APs counted in 30s to the AC, and so on. So that the AC determines the detection device according to the number of neighbor APs of each AP to be selected.
Fifthly, the AC determines the AP with the number larger than the first preset number as the detection equipment from the multiple APs to be selected based on the number of the neighbor APs of the multiple APs to be selected; or determining the AP in the first second preset number of APs with the number of neighbor APs from large to small as the detection equipment; or, determining the AP with the largest number of neighbor APs as the detection device.
Wherein the second preset number is not less than 2. The number of neighbor APs of each to-be-selected AP reflects a network connection situation, and the greater the number of neighbor APs, the greater the probability that the to-be-selected AP is determined to be the detection device is, therefore, the AP whose number is greater than the first preset number can be determined to be the detection device, that is, by setting the first preset number, if the set first preset number is greater, one AP can be determined to be the detection device from the APs whose number is greater than the first preset number, wherein the process of determining one AP from the APs whose number is greater than the first preset number can be randomly selected, or selected according to the service information of the to-be-selected AP itself; or determining an AP in a second preset number of APs before the number of neighbor APs is decreased from high to low as a detection device, that is, sequentially selecting a plurality of APs from the maximum number of neighbor APs, and then determining an AP from the selected APs as the detection device, for example, selecting 5 APs from the maximum number of neighbor APs, and then determining an AP from the selected APs as the detection device; the AP with the largest number of neighbor APs may also be directly determined as the detection device.
Before determining the detection device, the AC may further receive respective service information reported by multiple APs to be selected after receiving the trigger message, where the service information may include: wireless service switch state, signal strength and number of on-line clients. If the AC judges that a plurality of APs meeting the conditions are provided according to the number of the received neighbor APs, the detection equipment can be determined according to service information such as the on-off state of the wireless service, the signal strength, the number of the on-line clients and the like. Specifically, the step of determining the detection device may be:
determining, from the APs to be selected, an AP whose number of neighbor APs is greater than a third preset number, an AP whose number of neighbor APs is from a first fourth preset number of APs whose number is from large to small, or an AP whose number of neighbor APs is the largest, as a candidate detection device, wherein the fourth preset number is not less than 2;
if the candidate detection equipment comprises the AP which does not start the wireless service, determining the AP which does not start the wireless service as the detection equipment, or determining the AP which does not start the wireless service and has signal strength larger than the first preset signal strength as the detection equipment;
if the candidate detection equipment does not have the AP without the wireless service started, determining the AP with the number of the online clients smaller than the first preset number of the clients as the detection equipment, or determining the AP with the number of the online clients smaller than the first preset number of the clients and the signal intensity larger than the second preset signal intensity as the detection equipment.
By the method, the AP can be called to a greater extent, so that the AP serving as the detection equipment can fully play a detection role without being influenced by other services, and certainly, the determination of the detection equipment can also be randomly selected. When there are a plurality of APs with signal strengths greater than the first preset signal strength or a plurality of APs with signal strengths greater than the second preset signal strength, one of the plurality of APs may be randomly selected as the detection device. And if the determined detection device is not opened wireless service before, when the wireless service of the AP is opened, the detection device needs to be determined based on the above steps again.
After the AC determines the detection device, the AC needs to inform the detection device to start the WIPS function, and in order to cope with real-time change of the network, one AP cannot be always used as the detection device, so that when the AC informs the detection device to start the WIPS function, timing is started, and when the recorded time reaches a preset period, the detection device is determined again from the APs to be selected. And ensuring that one AP can only be used as the detection equipment within a preset period, and if the preset period is up, determining the detection equipment again. If the redetermined detection equipment is the same as the previous detection equipment, the AP continues to be used as the detection equipment, and timing is started from 0 second again; and if the redetermined detection equipment is different from the previous detection equipment, informing the previous detection equipment to close the WIPS function, informing the redetermined detection equipment to open the WIPS function, and starting timing.
By applying the embodiment, the AC issues a trigger message for triggering the plurality of APs to be selected to report and determine the parameters of the detection device, after receiving the trigger message, each AP to be selected reports the counted neighbor AP information to the AC, and the AC determines, according to the neighbor AP information of each AP to be selected, an AP whose neighbor AP information meets the preset requirement from the plurality of APs to be selected as the detection device, and notifies the detection device to start the WIPS function. The determination of the detection equipment is related to neighbor AP information of each AP to be selected, the neighbor AP information reflects the actual structure and the network environment of the wireless local area network, and the AP with the neighbor AP information meeting the preset requirements is determined as the detection equipment aiming at the current network environment, so that the determined detection equipment can detect the channel according to the preset requirements, and the detection defense effect on the wireless local area network is improved.
Since the AP serving as the detection device may have started the WIPS function, the online client may change in real time, and in order to cope with the change of the online client, the detection device is dynamically adjusted, as shown in fig. 5, a flowchart of dynamic adjustment of the detection device is provided.
S501, receiving service information of the detection equipment reported by the detection equipment.
Wherein detecting the device service information comprises: the method comprises the steps of detecting the wireless service switch state of the equipment, detecting the number of online clients of the equipment and detecting the wireless service flow of the equipment. After determining the detection device, the AC may notify the detection device to start the WIPS function, and after starting the WIPS function, the detection device reports its own detection device service information to the AC, so that the AC can dynamically adjust the detection device according to the detection device service information.
S502, if the detection equipment starts the wireless service, when the number of the online clients is determined to be larger than the second preset number of the clients, or when the wireless service flow is larger than the preset flow, the detection equipment is set to be in a silent state, and the step of issuing the trigger message to other APs to be selected except the detection equipment is executed, so that the detection equipment is determined again.
The wireless service state of the detection equipment can be an opened state or an unopened state, if the detection equipment does not open the wireless service, the detection equipment does not need to be dynamically adjusted, because the WIPS function is not influenced by the wireless service of the network due to the fact that the wireless client is not arranged under the detection equipment which does not open the wireless service; if the detection device has started the wireless service, it needs to acquire service information of the detection device about the wireless service, such as the number of online clients and the wireless service traffic, and if the number of online clients is larger or the wireless service traffic is larger, it indicates that the wireless service load of the detection device is larger, it needs to stop the WIPS function of the detection device, so that the detection device is used for the wireless service.
Setting a second preset client number and a preset flow, when the AC detects that the number of the online clients of the detection device is greater than the second preset client number or the wireless service flow is greater than the preset flow, according to the detection device determining step, re-determining the detection device from other APs to be selected except the detection devices whose number of the online clients is greater than the second preset client number or whose wireless service flow is greater than the preset flow, and setting the detection devices whose number of the online clients is greater than the second preset client number or whose wireless service flow is greater than the preset flow to a silent state, stopping as the detection devices, and setting a silent time for limiting the time length of the AP as the silent state, when the time length of the silent state reaches the silent time, if the number of the clients of the AP is still greater than the second preset client number or the wireless service flow is greater than the preset flow, the silence state continues to be maintained, otherwise the silence state is exited. Based on the above analysis, it may happen that all the APs to be selected become in a silent state, and for this case, the detection device may be determined by manually configuring the detection device, so as to ensure the detection defense function of the wireless environment.
By applying the embodiment, the AC receives the service information of the detection device reported by the detection device, when the detection device has started the wireless service, acquires the number of online clients and the wireless service flow of the detection device, sets the detection device to be in a silent state when the number of the online clients is greater than the second preset number of clients or when the wireless service flow is greater than the preset flow, and determines an AP whose coverage meets the preset requirement from other APs to be selected except the detection device as the detection device again. Based on the setting of the silent state, the detection device can be dynamically adjusted, so that if the wireless service load of the AP which becomes the detection device is larger, the detection function can be stopped to complete the wireless service, and the influence on the wireless service after becoming the detection device is avoided.
In a second aspect, corresponding to the method embodiment of the first aspect, an embodiment of the present invention provides a determining apparatus for an inspection apparatus, which is applied to an AC, and as shown in fig. 6, the determining apparatus for an inspection apparatus may include:
an issuing module 610, configured to issue, to multiple APs to be selected, a trigger message for triggering the multiple APs to be selected to report parameters of a certain detection device;
a receiving module 620, configured to receive respective neighbor AP information reported by the APs to be selected after receiving the trigger message;
a determining module 630, configured to determine, from the multiple APs to be selected, an AP whose neighbor AP information meets a preset requirement as a detecting device based on the neighbor AP information of each of the multiple APs to be selected, and notify the detecting device to start a WIPS function.
By applying the embodiment, the AC issues a trigger message for triggering the plurality of APs to be selected to report and determine the parameters of the detection device, after receiving the trigger message, each AP to be selected reports the counted neighbor AP information to the AC, and the AC determines, according to the neighbor AP information of each AP to be selected, an AP whose neighbor AP information meets the preset requirement from the plurality of APs to be selected as the detection device, and notifies the detection device to start the WIPS function. The determination of the detection equipment is related to neighbor AP information of each AP to be selected, the neighbor AP information reflects the actual structure and the network environment of the wireless local area network, and the AP with the neighbor AP information meeting the preset requirements is determined as the detection equipment aiming at the current network environment, so that the determined detection equipment can detect the channel according to the preset requirements, and the detection defense effect on the wireless local area network is improved.
Optionally, the neighbor AP information includes the number of neighbor APs;
the determining module 630 may be specifically configured to:
determining the APs with the number of neighbor APs larger than a first preset number as detection equipment from the APs to be selected; or,
determining an AP in a first preset number of APs from the large number of neighbor APs to the small number of the neighbor APs as a detection device, wherein the second preset number is not less than 2; or,
and determining the AP with the maximum number of neighbor APs as the detection equipment from the plurality of APs to be selected.
Optionally, the receiving module 620 may be further configured to:
receiving respective service information reported by the APs to be selected after receiving the trigger message, wherein the service information includes: wireless service switch state, signal strength and number of online clients;
the determining module 630 may be specifically configured to:
determining, from the plurality of APs to be selected, an AP whose number of neighbor APs is greater than a third preset number, an AP whose number of neighbor APs is from a first fourth preset number of APs whose number is from large to small, or an AP whose number of neighbor APs is the largest, as a candidate detection device, wherein the fourth preset number is not less than 2;
if the candidate detection equipment comprises the AP which does not start the wireless service, determining the AP which does not start the wireless service as the detection equipment, or determining the AP which does not start the wireless service and has signal strength larger than a first preset signal strength as the detection equipment;
if the candidate detection equipment does not have the AP without the wireless service started, determining the AP with the number of the online clients smaller than the first preset number of the clients as the detection equipment, or determining the AP with the number of the online clients smaller than the first preset number of the clients and the signal intensity larger than the second preset signal intensity as the detection equipment.
Based on the embodiment shown in fig. 6, as shown in fig. 7, an embodiment of the present invention further provides a determining apparatus for a detecting device, which is applied to an AC, and the determining apparatus for a detecting device may include:
an issuing module 710, configured to issue, to multiple APs to be selected, a trigger message for triggering the multiple APs to be selected to report parameters of a device to be detected;
a receiving module 720, configured to receive respective neighbor AP information reported by the APs to be selected after receiving the trigger message;
a determining module 730, configured to determine, from the multiple APs to be selected, an AP whose neighbor AP information meets a preset requirement as a detection device based on the neighbor AP information of each of the multiple APs to be selected, and notify the detection device to start a WIPS function;
a timing module 740, configured to start timing, and when the recorded time reaches a first preset period, perform a step of issuing, to a plurality of to-be-selected APs, a trigger message for triggering the plurality of to-be-selected APs to report parameters of a certain detection device, so as to re-determine the detection device;
and a judging module 750, configured to judge whether the detection device after re-determination is the same as the detection device before re-determination.
Optionally, the timing module 740 may be further configured to execute a step of starting timing when the determination results of the determining module 750 are the same;
the issuing module 710 may be further configured to notify the detection device before re-determination to turn off the WIPS function and notify the detection device after re-determination to turn on the WIPS function when the determination results of the determining module 750 are different.
By applying the embodiment, the AC issues a trigger message for triggering the plurality of APs to be selected to report and determine the parameters of the detection device, after receiving the trigger message, each AP to be selected reports the counted neighbor AP information to the AC, and the AC determines, according to the neighbor AP information of each AP to be selected, an AP whose neighbor AP information meets the preset requirement from the plurality of APs to be selected as the detection device, and notifies the detection device to start the WIPS function. The determination of the detection equipment is related to neighbor AP information of each AP to be selected, the neighbor AP information reflects the actual structure and the network environment of the wireless local area network, and the AP with the neighbor AP information meeting the preset requirements is determined as the detection equipment aiming at the current network environment, so that the determined detection equipment can detect the channel according to the preset requirements, and the detection defense effect on the wireless local area network is improved. And in order to deal with the real-time change of the network, one AP can not be always used as the detection device, therefore, after the AC informs the detection device to start the WIPS function, the timing is started, and when the recorded time reaches a preset period, the detection device is determined again from the plurality of APs to be selected.
Based on the embodiment shown in fig. 6, as shown in fig. 8, an embodiment of the present invention further provides a determining apparatus for a detecting device, which is applied to an AC, and the determining apparatus for the detecting device may include:
an issuing module 810, configured to issue, to multiple APs to be selected, a trigger message for triggering the multiple APs to be selected to report parameters of a certain detection device;
a receiving module 820, configured to receive respective neighbor AP information reported by the APs to be selected after receiving the trigger message; the receiving module 820 may further be configured to: receiving the service information of the detection device reported by the detection device, wherein the service information of the detection device includes: the wireless service switching state of the detection equipment, the number of online clients of the detection equipment and the wireless service flow of the detection equipment are detected;
a determining module 830, configured to determine, based on neighbor AP information of each of the multiple APs to be selected, an AP whose neighbor AP information meets a preset requirement from the multiple APs to be selected as a detecting device, and notify the detecting device to start a WIPS function.
An obtaining module 840, configured to, if the detection device has started the wireless service, determine that the number of online clients is greater than a second preset number of clients, or when the wireless service traffic is greater than a preset traffic, set the detection device in a silent state, and perform a step of issuing a trigger message to an AP to be selected except the detection device, so as to re-determine the detection device.
By applying the embodiment, the AC issues a trigger message for triggering the plurality of APs to be selected to report and determine the parameters of the detection device, after receiving the trigger message, each AP to be selected reports the counted neighbor AP information to the AC, and the AC determines, according to the neighbor AP information of each AP to be selected, an AP whose neighbor AP information meets the preset requirement from the plurality of APs to be selected as the detection device, and notifies the detection device to start the WIPS function. The determination of the detection equipment is related to neighbor AP information of each AP to be selected, the neighbor AP information reflects the actual structure and the network environment of the wireless local area network, and the AP with the neighbor AP information meeting the preset requirements is determined as the detection equipment aiming at the current network environment, so that the determined detection equipment can detect the channel according to the preset requirements, and the detection defense effect on the wireless local area network is improved. And the AC receives the service information of the detection equipment reported by the detection equipment, acquires the number of online clients and the wireless service flow of the detection equipment after the detection equipment starts the WIPS function, sets the detection equipment to be in a silent state when the number of the online clients is greater than a second preset number of clients or when the wireless service flow is greater than the preset flow, and re-determines the detection equipment from other APs to be selected except the detection equipment. Based on the setting of the silent state, the detection device can be dynamically adjusted, so that if the wireless service load of the AP which becomes the detection device is larger, the WIPS function can be stopped to complete the wireless service, and the influence on the wireless service after becoming the detection device is avoided.
An embodiment of the present invention provides a determining apparatus for a detection device, which is applied to an AP, and as shown in fig. 9, the determining apparatus for the detection device may include:
a counting module 910, configured to count neighbor AP information when receiving a trigger message issued by an AC and used to trigger the AP to report parameters that determine a detection device;
a reporting module 920, configured to report the neighbor AP information to the AC, so that the AC determines that the AP is a detection device when the neighbor AP information meets a preset requirement.
By applying the embodiment, the AC issues a trigger message for triggering the plurality of APs to be selected to report and determine the parameters of the detection device, after receiving the trigger message, each AP to be selected reports the counted neighbor AP information to the AC, and the AC determines, according to the neighbor AP information of each AP to be selected, an AP whose neighbor AP information meets the preset requirement from the plurality of APs to be selected as the detection device, and notifies the detection device to start the WIPS function. The determination of the detection equipment is related to neighbor AP information of each AP to be selected, the neighbor AP information reflects the actual structure and the network environment of the wireless local area network, and the AP with the neighbor AP information meeting the preset requirements is determined as the detection equipment aiming at the current network environment, so that the determined detection equipment can detect the channel according to the preset requirements, and the detection defense effect on the wireless local area network is improved.
Optionally, the reporting module 920 may be further configured to:
reporting service information of the AP to the AC so that the AC determines whether the AP is a detection device or not based on the neighbor AP information and the service information, wherein the service information comprises: wireless service switch state, signal strength and number of on-line clients.
Optionally, the statistical module 910 may be specifically configured to:
and when receiving a trigger message which is issued by the AC and used for triggering the AP to report the parameters for determining the detection equipment, starting to count the neighbor AP information in a second preset period.
In order to solve the problems in the prior art, an embodiment of the present invention further provides an access controller AC, as shown in fig. 10, an access controller AC1000 may include: a processor 1010 and a machine-readable storage medium 1020, the machine-readable storage medium 1020 storing machine-executable instructions executable by the processor 1010, the processor 1010 being caused by the machine-executable instructions to perform the steps of:
issuing a trigger message for triggering the plurality of APs to be selected to report parameters for determining the detection equipment to the plurality of APs to be selected;
receiving respective neighbor AP information reported by the multiple APs to be selected after receiving the trigger message;
and determining the AP with the neighbor AP information meeting the preset requirement as the detection equipment from the plurality of APs to be selected based on the respective neighbor AP information of the plurality of APs to be selected, and informing the detection equipment to start the WIPS function.
Optionally, the neighbor AP information includes the number of neighbor APs;
when the processor 1010 implements the step of determining, from the multiple APs to be selected, an AP whose neighbor AP information satisfies a preset requirement as a detection device based on the respective neighbor AP information of the multiple APs to be selected, the following may be specifically implemented:
determining the APs with the number of neighbor APs larger than a first preset number as detection equipment from the APs to be selected; or,
determining an AP in a first preset number of APs from the large number of neighbor APs to the small number of the neighbor APs as a detection device, wherein the second preset number is not less than 2; or,
and determining the AP with the maximum number of neighbor APs as the detection equipment from the plurality of APs to be selected.
The processor 1010 may further implement:
receiving respective service information reported by the APs to be selected after receiving the trigger message, wherein the service information includes: wireless service switch state, signal strength and number of online clients;
when the processor 1010 implements the step of determining, from the multiple APs to be selected, an AP whose neighbor AP information satisfies a preset requirement as a detection device based on the respective neighbor AP information of the multiple APs to be selected, the following may be specifically implemented:
determining, from the plurality of APs to be selected, an AP whose number of neighbor APs is greater than a third preset number, an AP whose number of neighbor APs is from a first fourth preset number of APs whose number is from large to small, or an AP whose number of neighbor APs is the largest, as a candidate detection device, wherein the fourth preset number is not less than 2;
if the candidate detection equipment comprises the AP which does not start the wireless service, determining the AP which does not start the wireless service as the detection equipment, or determining the AP which does not start the wireless service and has signal strength larger than a first preset signal strength as the detection equipment;
if the candidate detection equipment does not have the AP without the wireless service started, determining the AP with the number of the online clients smaller than the first preset number of the clients as the detection equipment, or determining the AP with the number of the online clients smaller than the first preset number of the clients and the signal intensity larger than the second preset signal intensity as the detection equipment.
The processor 1010 may further implement:
starting timing, and when the recorded time reaches a first preset period, executing a step of sending a trigger message for triggering the plurality of APs to be selected to report parameters for determining the detection equipment to the plurality of APs to be selected so as to re-determine the detection equipment;
judging whether the detection equipment after re-determination is the same as the detection equipment before re-determination;
if the two are the same, executing a step of starting timing;
and if not, informing the detection equipment before re-determination to close the WIPS function, and informing the detection equipment after re-determination to open the WIPS function.
The processor 1010 may further implement:
receiving the service information of the detection device reported by the detection device, wherein the service information of the detection device includes: the wireless service switching state of the detection equipment, the number of online clients of the detection equipment and the wireless service flow of the detection equipment are detected;
when the wireless service is started by the detection equipment and the number of the online clients is greater than a second preset number of clients, setting the detection equipment to be in a silent state, and executing a step of issuing a trigger message to other to-be-selected APs except the detection equipment so as to re-determine the detection equipment;
or,
and when the detection equipment starts wireless service and the wireless service flow is greater than the preset flow, setting the detection equipment to be in a silent state, and executing the step of issuing a trigger message to other APs to be selected except the detection equipment so as to redetermine the detection equipment.
In this embodiment, the AC issues a trigger message for triggering the plurality of APs to be selected to report and determine parameters of the detection device, and after receiving the trigger message, each AP to be selected reports statistical neighbor AP information to the AC. The determination of the detection equipment is related to neighbor AP information of each AP to be selected, the neighbor AP information reflects the actual structure and the network environment of the wireless local area network, and the AP with the neighbor AP information meeting the preset requirements is determined as the detection equipment aiming at the current network environment, so that the determined detection equipment can detect the channel according to the preset requirements, and the detection defense effect on the wireless local area network is improved.
Corresponding to the determination method of the detection device provided in the foregoing embodiment, an embodiment of the present invention provides a machine-readable storage medium, included in an access controller AC, storing machine-executable instructions, and implementing the following steps when being invoked and executed by a processor:
issuing a trigger message for triggering the plurality of APs to be selected to report parameters for determining the detection equipment to the plurality of APs to be selected;
receiving respective neighbor AP information reported by the multiple APs to be selected after receiving the trigger message;
and determining the AP with the neighbor AP information meeting the preset requirement as the detection equipment from the plurality of APs to be selected based on the respective neighbor AP information of the plurality of APs to be selected, and informing the detection equipment to start the WIPS function.
Optionally, the neighbor AP information includes the number of neighbor APs;
when the processor implements the step of determining, from the multiple APs to be selected, an AP whose neighbor AP information satisfies a preset requirement as a detection device based on the respective neighbor AP information of the multiple APs to be selected, the following may be specifically implemented:
determining the APs with the number of neighbor APs larger than a first preset number as detection equipment from the APs to be selected; or,
determining an AP in a first preset number of APs from the large number of neighbor APs to the small number of the neighbor APs as a detection device, wherein the second preset number is not less than 2; or,
and determining the AP with the maximum number of neighbor APs as the detection equipment from the plurality of APs to be selected.
The processor may further implement:
receiving respective service information reported by the APs to be selected after receiving the trigger message, wherein the service information includes: wireless service switch state, signal strength and number of online clients;
when the processor implements the step of determining, from the multiple APs to be selected, an AP whose neighbor AP information satisfies a preset requirement as a detection device based on the respective neighbor AP information of the multiple APs to be selected, the following may be specifically implemented:
determining, from the plurality of APs to be selected, an AP whose number of neighbor APs is greater than a third preset number, an AP whose number of neighbor APs is from a first fourth preset number of APs whose number is from large to small, or an AP whose number of neighbor APs is the largest, as a candidate detection device, wherein the fourth preset number is not less than 2;
if the candidate detection equipment comprises the AP which does not start the wireless service, determining the AP which does not start the wireless service as the detection equipment, or determining the AP which does not start the wireless service and has signal strength larger than a first preset signal strength as the detection equipment;
if the candidate detection equipment does not have the AP without the wireless service started, determining the AP with the number of the online clients smaller than the first preset number of the clients as the detection equipment, or determining the AP with the number of the online clients smaller than the first preset number of the clients and the signal intensity larger than the second preset signal intensity as the detection equipment.
The processor may further implement:
starting timing, and when the recorded time reaches a first preset period, executing a step of sending a trigger message for triggering the plurality of APs to be selected to report parameters for determining the detection equipment to the plurality of APs to be selected so as to re-determine the detection equipment;
judging whether the detection equipment after re-determination is the same as the detection equipment before re-determination;
if the two are the same, executing a step of starting timing;
and if not, informing the detection equipment before re-determination to close the WIPS function, and informing the detection equipment after re-determination to open the WIPS function.
The processor may further implement:
receiving the service information of the detection device reported by the detection device, wherein the service information of the detection device includes: the wireless service switching state of the detection equipment, the number of online clients of the detection equipment and the wireless service flow of the detection equipment are detected;
when the wireless service is started by the detection equipment and the number of the online clients is greater than a second preset number of clients, setting the detection equipment to be in a silent state, and executing a step of issuing a trigger message to other to-be-selected APs except the detection equipment so as to re-determine the detection equipment;
or,
and when the detection equipment starts wireless service and the wireless service flow is greater than the preset flow, setting the detection equipment to be in a silent state, and executing the step of issuing a trigger message to other APs to be selected except the detection equipment so as to redetermine the detection equipment.
In this embodiment, a machine-readable storage medium included in the access controller AC stores an application program that executes the detection device determination method provided in the embodiment of the present application when running, so that it is possible to implement: the method comprises the steps that an AC sends a trigger message for triggering a plurality of APs to be selected to report and determine parameters of detection equipment to the APs to be selected, the APs to be selected report statistical neighbor AP information to the AC after receiving the trigger message, and the AC determines the AP with the neighbor AP information meeting preset requirements from the APs to be selected as the detection equipment according to the neighbor AP information of the APs to be selected and informs the detection equipment of starting a WIPS function. The determination of the detection equipment is related to neighbor AP information of each AP to be selected, the neighbor AP information reflects the actual structure and the network environment of the wireless local area network, and the AP with the neighbor AP information meeting the preset requirements is determined as the detection equipment aiming at the current network environment, so that the determined detection equipment can detect the channel according to the preset requirements, and the detection defense effect on the wireless local area network is improved.
In order to solve the problems in the prior art, an embodiment of the present invention further provides an access point AP, as shown in fig. 11, an access point AP1100 may include: a processor 1110 and a machine-readable storage medium 1120, the machine-readable storage medium 1120 storing machine-executable instructions executable by the processor 1110, the processor 1110 being caused by the machine-executable instructions to perform steps comprising:
when receiving a trigger message which is issued by an AC and used for triggering the AP to report parameters for determining the detection equipment, counting neighbor AP information;
and reporting the neighbor AP information to the AC so that the AC determines the AP as the detection equipment when the neighbor AP information meets the preset requirement.
The processor 1110 may further implement:
reporting service information of the AP to the AC so that the AC determines whether the AP is a detection device or not based on the neighbor AP information and the service information, wherein the service information comprises: wireless service switch state, signal strength and number of on-line clients.
The processor 1110 may specifically implement:
and when receiving a trigger message which is issued by the AC and used for triggering the AP to report the parameters for determining the detection equipment, starting to count the neighbor AP information in a second preset period.
In this embodiment, the processor of the access point AP can realize that: the method comprises the steps that an AC sends a trigger message for triggering a plurality of APs to be selected to report and determine parameters of detection equipment to the APs to be selected, the APs to be selected report statistical neighbor AP information to the AC after receiving the trigger message, and the AC determines the AP with the neighbor AP information meeting preset requirements from the APs to be selected as the detection equipment according to the neighbor AP information of the APs to be selected and informs the detection equipment of starting a WIPS function. The determination of the detection equipment is related to neighbor AP information of each AP to be selected, the neighbor AP information reflects the actual structure and the network environment of the wireless local area network, and the AP with the neighbor AP information meeting the preset requirements is determined as the detection equipment aiming at the current network environment, so that the determined detection equipment can detect the channel according to the preset requirements, and the detection defense effect on the wireless local area network is improved.
The machine-readable storage medium mentioned in the above access controller AC and the access point AP may include a RAM (random access Memory) or an NVM (Non-volatile Memory), such as at least one disk Memory. Alternatively, the machine-readable storage medium may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also a DSP (Digital Signal Processing), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
Corresponding to the detection device determining method provided in the foregoing embodiment, an embodiment of the present invention provides a machine-readable storage medium, included in an access point AP, storing machine-executable instructions, and implementing the following steps when being invoked and executed by a processor:
when receiving a trigger message which is issued by an AC and used for triggering the AP to report parameters for determining the detection equipment, counting neighbor AP information;
and reporting the neighbor AP information to the AC so that the AC determines the AP as the detection equipment when the neighbor AP information meets the preset requirement.
The processor may further implement:
reporting service information of the AP to the AC so that the AC determines whether the AP is a detection device or not based on the neighbor AP information and the service information, wherein the service information comprises: wireless service switch state, signal strength and number of on-line clients.
The processor may specifically implement:
and when receiving a trigger message which is issued by the AC and used for triggering the AP to report the parameters for determining the detection equipment, starting to count the neighbor AP information in a second preset period.
In this embodiment, a machine-readable storage medium included in the access point AP stores an application program that executes the detection device determination method provided in the embodiment of the present application when running, so that it is possible to implement: the method comprises the steps that an AC sends a trigger message for triggering a plurality of APs to be selected to report and determine parameters of detection equipment to the APs to be selected, the APs to be selected report statistical neighbor AP information to the AC after receiving the trigger message, and the AC determines the AP with the neighbor AP information meeting preset requirements from the APs to be selected as the detection equipment according to the neighbor AP information of the APs to be selected and informs the detection equipment of starting a WIPS function. The determination of the detection equipment is related to neighbor AP information of each AP to be selected, the neighbor AP information reflects the actual structure and the network environment of the wireless local area network, and the AP with the neighbor AP information meeting the preset requirements is determined as the detection equipment aiming at the current network environment, so that the determined detection equipment can detect the channel according to the preset requirements, and the detection defense effect on the wireless local area network is improved.
For the embodiments of the access controller AC, the access point AP and the machine-readable storage medium, since the contents of the methods involved are basically similar to the foregoing embodiments of the methods, the description is simple, and the relevant points can be referred to the partial description of the embodiments of the methods.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.