This application claims priority to and the benefit of Korean Patent Application No. 10-2010-0036513 filed in the Korean Intellectual Property Office on Apr. 20, 2010, the entire contents of which are incorporated herein by reference.
(a) Field of the Invention
The present invention relates to a system for controlling a virtual local area network (LAN) through a network.
(b) Description of the Related Art
Under the conventional virtual LAN circumstance, a manager controls access of a terminal to a device or a switch by controlling configuration of a device or a switch with a virtual LAN function.
However, it is not easy to control the terminal having accessed the device with the virtual LAN function by controlling the configuration, and the access authority given to the terminal is removed.
Also, when the terminal accesses a device with the virtual LAN function to be included in a specific virtual LAN and use a communication service and is then included in another virtual LAN to use another communication network service, the configuration can only be changed with the help of the manager.
The above information disclosed in this Background section is only for enhancement of understanding of the background of the invention and therefore it may contain information that does not form the prior art that is already known in this country to a person of ordinary skill in the art.
The present invention has been made in an effort to provide a system for actively controlling a virtual local area network (LAN) by controlling a switch having a virtual LAN function through a network.
An exemplary embodiment of the present invention provides a virtual LAN control system including: a virtual LAN switch for setting and providing at least one virtual LAN through a network; a terminal having a proper identifier address for accessing the network or receiving a proper identifier address through an external device connected to the virtual LAN switch; and a virtual LAN controller for, when the terminal accesses to request to change the virtual LAN, providing authority to change virtual LANs to the terminal in order for the terminal to change a setting from the current virtual LAN to another virtual LAN.
Another embodiment of the present invention provides a system for controlling at least one virtual LAN through a network to which a plurality of terminals are accessed including: a virtual LAN switch for setting and providing the at least one virtual LAN through the network according to the access of the plurality of terminals; and a virtual LAN controller connected to the virtual LAN switch and when a first terminal of the plurality of terminals accesses to request to change a virtual LAN, providing authority to change the virtual LAN to the first terminal so as to change the first virtual LAN to which the first terminal belongs to a second virtual LAN.
Yet another embodiment of the present invention provides a system for controlling at least one virtual LAN through a network to which a plurality of terminals are accessed, including: a virtual LAN switch for setting and providing the at least one virtual LAN through the network according to the access of the plurality of terminals; and a virtual LAN controller connected to the virtual LAN switch, and when a first terminal of the plurality of terminals accesses to request to change a virtual LAN, providing authority to change the virtual LAN to the first terminal so as to change the first virtual LAN to which the first terminal belongs to a second virtual LAN.
In the following detailed description, only certain exemplary embodiments of the present invention have been shown and described, simply by way of illustration. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. Accordingly, the drawings and description are to be regarded as illustrative in nature and not restrictive. Like reference numerals designate like elements throughout the specification.
Throughout the specification, unless explicitly described to the contrary, the word “comprise” and variations such as “comprises” or “comprising” will be understood to imply the inclusion of stated elements but not the exclusion of any other elements.
As shown in
The switch 10 includes communication ports (P1-P16) and a control end 11, and the terminals (201-207) access the switch 10 through the communication ports (P1-P16) when the virtual LAN function is activated. Here, the control end 11 can be a serial port, a telnet port and so forth. In this instance, the virtual LAN controller 30 for controlling the switch 10 accesses the switch through the communication ports (201-207) and the control end 11.
The virtual LAN VL11 is set by the terminals (201, 202, 204, 205) having accessed the communication ports (P1-P8) of the switch 10, and the virtual LAN VL12 is set by the terminals (203, 206, and 207) having accessed the communication ports (P9-P16).
Since the one switch 10 is operable in a like manner of a plurality of independent switches when a virtual LAN function is activated, the terminals (201, 202, 204, and 205) having accessed the virtual LAN VL11 can communicate with the terminals (201, 202, 204, and 205) having accessed the virtual LAN VL11, and cannot communicate with the terminals (203, 206, and 207) having accessed the virtual LAN VL12.
When the terminal attempts to access a virtual LAN other than the currently accessed virtual LAN, the manager can change the setting of the virtual LAN of the switch 10 by controlling the virtual LAN controller 30. However, differing from the manager, the terminals (201-207) cannot directly change the virtual LAN to which they belong. Also, when the virtual LAN controller 30 has accessed the control end 11 of the switch 10, it cannot access the virtual LAN controller 30 as well as the manager.
In order for the terminal to change the setting of the virtual LAN when the virtual LAN controller 30 is connected to the communication ports (P1-P16), the following two conditions must be satisfied. First, the terminal and the virtual LAN controller 30 must be connected to the same virtual LAN, and second, the terminal must have the manager's authority.
The terminal accessed to the virtual LAN switch with the conventional virtual LAN function that is activated cannot directly change the virtual LAN to which the same terminal is accessed, and it must satisfy the limited condition in the case of changing the setting of the virtual LAN by using the virtual LAN controller 30.
Referring to
The virtual LAN will be used not as a network that is only applicable to the L2 layer of the open systems interconnection (OSI) hierarchical structure but will be used to include any kinds of networks for logically configuring a virtual network. The virtual LAN switch includes the case of being configured with a single physical switch and the case in which at least one switch configures at least one virtual network. The virtual LAN controller can be configured as a physical device separate from the virtual LAN switch or can be included in the virtual LAN switch, and both cases provide substantially the same function and operation.
As shown in
The virtual LAN switch 200 is a device or a switch with the activated virtual LAN function, and includes communication ports (P1-P16) and a control end 210. The virtual LAN switch 200 sets and provides a virtual LAN VL1 when the terminals (3001-3006) and the virtual LAN controller 400 access the virtual LAN switch 200 through the communication ports (P1-P16) and the control end 210 in the initial circumstance.
The terminals (3001-3006) access the virtual LAN controller 400 through the communication ports (P1-P16), and change the virtual LAN VL1 when it has a proper Internet protocol (IP) address. That is, when a proper IP is assigned, the terminals (3001-3006) use a communication protocol such as the hypertext transfer protocol (HTTP), secure sockets layer (SSL), or teletype network (Telnet) to access the virtual LAN controller 400 directly or through a management interface 410 of the virtual LAN controller 400, and changes the virtual LAN VL1. In addition, the terminals (3001-3006) can change the virtual LAN VL1 by using an IP address provided by another device (not shown) connected to the virtual LAN switch 200, the virtual LAN controller 400, and the virtual LAN switch 200.
The virtual LAN controller 400 includes a management interface 410 in order for the terminals (3001-3006) to conveniently access the virtual LAN switch 200, and it is connected to the outside through the network 500. The virtual LAN controller 400 has its own IP address, and can be directly connected to the network 500. The virtual LAN controller 400 is described to have a proper IP address in the embodiment of the present invention, and without being restricted to this embodiment, it can be connected to the network 500 by receiving an IP address from a network service provider or another service provider that performs the equivalent function.
When the terminals (3001-3006) access the virtual LAN controller 400 directly or through the management interface 410, the virtual LAN controller 400 provides authority to change the virtual LAN or an additional user account/authority to the terminals (3001-3006) to perform a limited control function. For example, the virtual LAN controller 400 provides authority to change the virtual LAN to the accessed terminal from among the terminals (3001-3006) so as to change setting of the virtual LAN, and controls the same for other terminals so that the other terminals may not change setting of the virtual LAN.
As shown in
The terminal 3001 accesses the communication port P1 of the virtual LAN switch 200, and the terminal 3005 accesses the communication port P4 to set a virtual LAN VL21 to the virtual LAN switch 200. The virtual LAN VL21 is not connected to the virtual LAN controller 400, and performs communication between the connected terminals 3001 and 3005. That is, since the terminals 3001 and 3005 cannot access the virtual LAN controller 400 to change the setting of the virtual LAN, the manager changes the setting of the virtual LAN switch 200 and the virtual LAN through the virtual LAN controller 400.
The terminal 3002 accesses the communication port P7 of the virtual LAN switch 200 and the terminal 3006 accesses the communication port P6 to set a virtual LAN VL22 to the virtual LAN switch 200. In this instance, the terminals 3002 and 3006 have proper IP addresses for connecting to the network 500, and are directly connected to the network 500 through the virtual LAN VL22. The terminals 3002 and 3006 access the virtual LAN controller 400 directly or through the management interface 410 passing through the network 500 to change the setting of the virtual LAN.
The terminal 3007 accesses the communication port P12 of the virtual LAN switch 200 to set the virtual LAN VL23 to the virtual LAN switch 200. In this instance, the terminal 3007 does not have a proper IP address since it is not connected to the network 500, but it receives an IP address controlled by a network service provider connected to the communication port P11 of the virtual LAN VL23 or another service provider 600 that performs the equivalent function. The terminal 3007 accesses the network 500 by passing through the network service provider or the other service provider 600, and accesses the virtual LAN controller 400 directly or through the management interface 410 via the network 500 to change the setting of the virtual LAN.
The virtual LAN VL24 that is set when the terminal 3003 accesses the communication port P11 of the virtual LAN switch 200 and the terminal 3004 accesses the communication port P15 forms the same configuration as the virtual LAN VL1 in the initial circumstance shown in
An external terminal 700 that is connected not directly to the communication port of the virtual LAN switch 200 but to the network 500 accesses the virtual LAN controller 400 directly or through the management interface 410 via the network 500 to change the setting of the virtual LAN.
The management interface 410 according to an exemplary embodiment of the present invention authenticates the terminals (3001-3007, 700) having accessed from the inside/outside, and controls their access to control the access authority of part or all of the terminals (3001-3007, 700) to the virtual LAN switch 200.
As shown in
In a like manner, the terminals 3002 and 3006 having accessed the virtual LAN VL22 receive IP addresses controlled by a network service provider connected to the communication port P8 of the virtual LAN VL22 or an equivalent service provider 6002, and access the virtual LAN controller 400 directly or through the management interface 410 by passing through the network 500 to change the setting of the virtual LAN. Further, the terminal 3007 having accessed the virtual LAN VL23 receives an IP address controlled by a network service provider connected to the communication port Pg of the virtual LAN VL23 or an equivalent service provider 6009, and accesses the virtual LAN controller 400 directly or through the management interface 410 by passing through the network 500 to change the setting of the virtual LAN.
The virtual LAN VL24 that is set when the terminal 3003 accesses the communication port P11 of the virtual LAN switch 200 and the terminal 3004 accesses the communication port P15 forms the same configuration as the virtual LAN VL1 in the initial circumstance shown in
In addition, the external terminal 700 that is not directly connected to the communication port of the virtual LAN switch 200 but is connected to the network 500 can access the virtual LAN controller 400 directly or through the management interface 410 by passing through the network 500 to change the setting of the virtual LAN.
When the terminal 3006 having accessed the virtual LAN VL22 is not satisfied with the service provided by the current network service provider or the equivalent service provider 6002 and desires to receives the service from another network service provider, the terminal 3006 accesses the virtual LAN controller 400 by passing through the network service provider or the equivalent service provider 6002 and the network 500 and sets to include the terminal 3006 to the other virtual LAN differing from the virtual LAN VL22. Therefore, the subscriber or the terminal can actively choose the network service provider as he wishes and can receive the service.
Accordingly, instead of changing the virtual LAN through the manager that has the authority, since the virtual LAN switch 200 of the virtual LAN control system 100 according to an exemplary embodiment of the present invention changes the setting of the virtual LAN through the network accessed through the communication port, it can actively select and set the desired virtual LAN and can further remotely change the setting of the virtual LAN through the terminal that is not connected to the virtual LAN switch 200.
According to an embodiment of the present invention, a virtual LAN can be actively selected and controlled by controlling the virtual LAN through the network instead of passively being configured by the manager.
Also, according to an exemplary embodiment of the present invention, it is possible to remotely control the setting of a virtual LAN through a terminal that is not connected to a virtual LAN switch by controlling the virtual LAN through the network.
The above-described embodiments can be realized through a program for realizing functions corresponding to the configuration of the embodiments or a recording medium for recording the program in addition to through the above-described device and/or method, which is easily realized by a person skilled in the art.
While this invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Number | Date | Country | Kind |
---|---|---|---|
10-2010-0036513 | Apr 2010 | KR | national |