In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a user credential from a remote access client within a network and communicating the user credential to an authentication, authorization and accounting (AAA) server within the network. The operations also include receiving a user attribute from the AAA server and generating a contextual label based on the user attribute. The contextual label includes routing instructions associated with traffic behavior within the network. The operations further include advertising a control message, which includes the contextual label, to the remote access client.

Provided are a method and system for distributing service data, wherein the method includes that a user terminal is authenticated and accesses a core network, a service data message sent by the user terminal is received, target address information contained in the service data message is acquired, and the service data message is distributed according to the acquired target address information.

This application provides a communication method, a CP device, and a NAT device; pertains to the field of communication technologies; and relate to a scenario of performing NAT tracing based on a CU-separated BNG. The CP device delivers, to the NAT device, an IP address assigned to a user. Under a trigger condition of receiving the IP address delivered by the CP device, the NAT device assigns a public network IP address to the user, and reports the public network IP address to the CP device. The CP device adds, to an accounting packet, the IP address assigned by the CP device and the public network IP address assigned by the NAT device, and sends the accounting packet to a RADIUS server, to report the public network IP address to the RADIUS server, so that the NAT tracing is performed on the RADIUS server.

This application provides a communication method, a CP device, and a NAT device; pertains to the field of communication technologies; and relate to a scenario of performing NAT tracing based on a CU-separated BNG. The CP device delivers, to the NAT device, an IP address assigned to a user. Under a trigger condition of receiving the IP address delivered by the CP device, the NAT device assigns a public network IP address to the user, and reports the public network IP address to the CP device. The CP device adds, to an accounting packet, the IP address assigned by the CP device and the public network IP address assigned by the NAT device, and sends the accounting packet to a RADIUS server, to report the public network IP address to the RADIUS server, so that the NAT tracing is performed on the RADIUS server.

Embodiments of the present technology provide out-of-band captive portal devices, networks, and methods. An example of a method includes executing a redirection of a client request for network access to a captive portal login, initiating an association between the wireless controller and the client, receiving authentication credentials of client from the captive portal login, negotiating a change of authorization with a wireless controller in accordance with RFC 5176 protocol, wherein the controller includes a mapping to a captive portal Internet Protocol (IP) address, and redirecting the client to a URL specified in the client request for network access.

Systems and methods of providing secondary authentication credentials for an external network are described. The credentials are provided from the UE to the GGSN via the SGSN during establishment of a PDN connection for the UE in a NAS message. The SGSN receives an Activate PDP Context Request from the UE and sends to the GGSN a Create PDP Context Request. The Requests include a PCO IE with the credentials. The GGSN determines a RADIUS and/or DHCP server to be used for IP address allocation, a protocol to be used with the server, and security features to use to dialogue with the server. The GGSN obtains the IP address from the server and provides the IP address to the UE via the SGSN via Create PDP Context Response.

A network communication system includes a computing device, which includes a processor, a memory device, and a component management module. The component management module is configured to receive a message from customer-premises equipment (CPE). The component management module is also configured to determine from the message that the CPE is operating in a captive portal. The captive portal restricts Internet access to the CPE. The component management module is configured to obtain stored connection credential values corresponding to a subscriber in response to determining that an identification parameter of connection credentials associated with the CPE is valid for the subscriber. The component management module is also configured to provide the stored values to the CPE.

Disclosed is a technique for performing flexible service-level access control in real-time while suppressing occurrence of signaling. According to the technique, a network entity (AAA server 10) configured to perform access control sets correspondences between addresses of a communication terminal (UE) 40 and respective service contents of services that the communication terminal 40 receives, and notifies the communication terminal of the correspondences. Thus, the communication terminal is able to know the service contents corresponding to the addresses that the communication terminal uses. In a case where a service content of a service that the communication terminal receives is changed, the address used by the communication terminal is changed to an address corresponding to the changed service content. As a result, from the changed address, the communication terminal is able to know that the service content has been changed and to know the changed service content.

An Internet Protocol (IP) address allocation method and a device to resolve a technical problem that an IP address conflict occurs when a control plane device and a user plane device allocate an IP address for one user equipment (UE) at the same time. When receiving a session establishment request message, a control plane network device may determine whether a first user plane network device is capable of allocating an IP address for a terminal device. If the first user plane network device is capable of allocating the IP address for the terminal device, the control plane network device may send an address allocation indication to the first user plane network device.

A data processing method includes obtaining, by a session management function (SMF) network element from an external network element, a media access control (MAC) address of a terminal device and an Internet Protocol (IP) address corresponding to the MAC address, and sending, by the SMF network element, the MAC address and the IP address to a first user plane function (UPF) network element, where the MAC address and the IP address are used to send an Address Resolution Protocol (ARP) message, and the ARP message includes the MAC address and the IP address.