Authentication VLAN management apparatus

Abstract

An authentication VLAN management apparatus acquires from the standard LAN switch a MAC address or an IP address of a terminal connected to a standard LAN switch, and authenticates the terminal based on the acquired MAC address or IP address. Based on the above authentication result, the authentication VLAN management apparatus assigns a predetermined VLAN to the terminal, and sets the standard LAN switch so that the terminal can access to the assigned VLAN.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a diagram illustrating a configuration example of the conventional authentication VLAN system.

FIG. 2 shows a diagram illustrating a configuration example of an authentication VLAN system according to an embodiment of the present invention.

FIG. 3 shows a diagram illustrating a block configuration example of an authentication VLAN management apparatus 100.

FIG. 4A shows an exemplary data structure of vendor information.

FIG. 4B shows an exemplary data structure of authentication information 106.

FIG. 4C shows an exemplary data structure of VLAN set information 108.

FIG. 4D shows an exemplary data structure of use time information 110.

FIG. 4E shows an exemplary data structure of schedule information 112.

FIG. 4F shows an exemplary data structure of network state information 114.

FIG. 4G shows an exemplary data structure of application information 119.

FIG. 5 shows an operation sequence of VLAN assignment decision processing in the authentication VLAN management apparatus according to an embodiment of the present invention.

FIG. 6 shows a diagram illustrating a first operation sequence of VLAN assignment change processing in the authentication VLAN management apparatus according to an embodiment of the present invention.

FIG. 7 shows a diagram illustrating a second operation sequence of VLAN assignment change processing in the authentication VLAN management apparatus according to an embodiment of the present invention.

FIG. 8 shows a diagram illustrating a third operation sequence of VLAN assignment change processing in the authentication VLAN management apparatus according to an embodiment of the present invention.

FIG. 9 shows a diagram illustrating a fourth operation sequence of VLAN assignment change processing in the authentication VLAN management apparatus according to an embodiment of the present invention.

FIG. 10 shows a diagram illustrating a fifth operation sequence of VLAN assignment change processing in the authentication VLAN management apparatus according to an embodiment of the present invention.

Claims

1. An authentication VLAN management apparatus comprising: an address acquisition unit acquiring a MAC address or an IP address of a terminal connected to a LAN switch from the LAN switch;an authentication unit authenticating the terminal based on the MAC address or the IP address acquired by the address acquisition unit;an assignment unit assigning a first VLAN to the terminal based on the authentication result by the authentication unit; anda set unit setting the LAN switch so as to enable the terminal to access the first VLAN.

2. An authentication VLAN management apparatus comprising: an address acquisition unit acquiring a MAC address or an IP address of a terminal connected to a LAN switch from the LAN switch;an authentication unit authenticating the terminal based on the MAC address or the IP address acquired by the address acquisition unit;an assignment unit assigning a first VLAN to the terminal based on the authentication result by the authentication unit and information related to the terminal; anda set unit setting the LAN switch so as to enable the terminal to access the first VLAN.

3. The authentication VLAN management apparatus according to claim 2, wherein the assignment unit changes the VLAN to be assigned to the terminal from the first VLAN to a second VLAN, based on the change of the information related to the terminal after the terminal became able to access the first VLAN, andwherein the set unit sets the LAN switch so as to enable the terminal to access the second VLAN.

4. The authentication VLAN management apparatus according to claim 2, wherein the information related to the terminal is at least one set of information among the sets of information related to a VLAN use time of the terminal, information related to a result for participation to a lecture of a user using the terminal, information related to a network state, and information related to a connection schedule of the terminal.

5. The authentication VLAN management apparatus according to claim 4, wherein the assignment unit decides a terminal rank based on the information related to the VLAN use time of the terminal and the information related to a result for participation to a lecture of a user using the terminal, and assigns the first VLAN corresponding to the decided rank from among a plurality of VLANs.

6. The authentication VLAN management apparatus according to claim 4, wherein, based on the information related to the network state, the assignment unit assigns the first VLAN having the best communication environment from among a plurality of VLANs.

7. The authentication VLAN management apparatus according to claim 4, wherein, based on the information related to the connection schedule of the terminal, the assignment unit assigns the first VLAN having been registered in advance corresponding to the present time.

8. The authentication VLAN management apparatus according to claim 3, wherein the information related to the terminal is at least one set of information among the sets of information related to a VLAN use time of the terminal, information related to a result for participation to a lecture of a user using the terminal participated, information related to a network state, and information related to a connection schedule of the terminal.

9. The authentication VLAN management apparatus according to claim 8, wherein, when either the information related to the VLAN use time of the terminal or the information related to a result for participation to a lecture of a user using the terminal is changed, the assignment unit changes the decided rank based on the change, so as to assign the second VLAN corresponding to the changed rank, in place of the first VLAN.

10. The authentication VLAN management apparatus according to claim 8, wherein, when the information related to the network state is changed, based on the change, the assignment unit assigns the second VLAN having the best communication environment at the time of change, in place of the first VLAN.

11. The authentication VLAN management apparatus according to claim 8, wherein, at a predetermined time, the assignment unit changes from the first VLAN to the second VLAN, based on a VLAN change time being set in the information related to the connection schedule of the terminal.

12. A computer program making a computer apparatus execute the processing of: acquiring a MAC address or an IP address of a terminal connected to a LAN switch from the LAN switch;authenticating the terminal based on the MAC address or the IP address acquired by the address acquisition unit;assigning a first VLAN to the terminal based on the authentication result by the authentication unit; andsetting the LAN switch so as to enable the terminal to access the first VLAN.

13. A computer program making a computer apparatus execute the processing of: acquiring a MAC address or an IP address of a terminal connected to a LAN switch from the LAN switch;authenticating the terminal based on the MAC address or the IP address acquired by the address acquisition unit;assigning a first VLAN to the terminal based on the authentication result by the authentication unit and information related to the terminal; andsetting the LAN switch so as to enable the terminal to access the first VLAN.

14. The computer program according to claim 13, further making the computer apparatus execute the processing of: changing the VLAN to be assigned to the terminal from the first VLAN to a second VLAN, based on the change of the information related to the terminal after the terminal became able to access the first VLAN; andsetting the LAN switch so as to enable the terminal to access the second VLAN.