As migration of network technology and more and more requirements of user equipment for accessing to Internet, higher requirement for security and operatability is brought up by operators. And specially, it becomes more of an issue about how to establish and execute the network security controlling mechanism on the network device of wireless termination device.
With the technical development tendency of Fixed Mobile Convergence (FMC), Wireless LAN (WLAN) will play an important role, especially in the case of combination 802.11 WLAN with Digital Subscribe Line (DSL), wherein, Centralized WLAN architecture, defined by Control And Provisioning of Wireless Access Points (CAPWAP) working group of Internet Engineering Task Force (IETF), is a preferable deployment solution as of now. Under this architecture, Wireless Termination Point (WTP) and Access Controller (AC) communicate, forward control information and data information between each other by the protocol of CAPWAP.
In the prior art (for example, the current CAPWAP protocol in RFC4118), wireless termination device only applies validity checking to source MAC address of data package from the user equipment in WLAN, thus causing an inability that it can not be prevented that some malicious user equipments send, by utilizing the IP address of other user equipments, numerous malicious data package to the wireless termination device or even the access node equipment so as to attack the network (for example, DoS attack, Denial of Service). Therefore, network termination device plays a limited part in the aspect of the network security control in the prior art, without network security control functionality such as the IP address anti-spoofing and so on. Additionally, in the prior art, access controller does not provide in a real-time mode the configuration of parameters applicable to network security control, such as IP address, to the network device such as wireless termination device and so on, thus further limits that the wireless termination device, which is of a network device more close to user equipment, plays a more important role in network security control, and limits the security of the whole communication network system. In fact, with migration of network and technology development, it has become one of the important feasible approaches of enhancing the security of the whole communication network system to allow those network device more close to user equipments play more part in network security control.