CN102572005A - IP address allocation method and equipment - Google Patents
IP address allocation method and equipment Download PDFInfo
- Publication number
- CN102572005A CN102572005A CN2011103756869A CN201110375686A CN102572005A CN 102572005 A CN102572005 A CN 102572005A CN 2011103756869 A CN2011103756869 A CN 2011103756869A CN 201110375686 A CN201110375686 A CN 201110375686A CN 102572005 A CN102572005 A CN 102572005A
- Authority
- CN
- China
- Prior art keywords
- address
- terminal equipment
- management server
- public network
- address management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an IP address allocation method and equipment. According to the technical scheme of the invention, an address management server is introduced into a system and used for managing IP address resources; after a corresponding address allocation requirement is received, a public network IP address is allocated to an authenticated user, and a private network IP address is only allocated to an unauthenticated user, thus the IP address resources are allocated according to authentication states of the users, the public network IP address is only allocated to the user which really has a surfing requirement, the private IP address is allocated to a temporary network operation user, and the effective utilization rate of the IP address resources is improved.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of IP address assignment method and apparatus.
Background technology
In mobile metropolitan area network framework, generally adopt the mode of PORTAL (door) to realize the user's security authentication, the authentication control point is at the AC of metropolitan area network (Access controller, access controller).As shown in Figure 1, the sketch map of the Portal authentication basic procedure that relates to for user terminal online in the wireless network of prior art specifically comprises:
(1) user's associated with wireless network at first
(2) user applies IP (Internet Protocol, Internet Protocol) address is initiated WEB (network) visit then.
(3) AC forces to be redirected to the Portal website.
(4) user imports username and password information.
(5) Portal server is initiated authentication request, and interactive information between the AC.
(6) AC is packaged into RADIUS (Remote Authentication Dial In User Service, remote subscriber is dialled in the service for checking credentials) message to username and password information and submits to the RADIUS authentication server.
(7) authentication is passed through during the user, and AC issues ACL, allows customer access network.
To WLAN user, wireless after the user starts shooting from being dynamically connected, immediately initiate DHCP (Dynamic Host Configuration Protocol, DynamicHost is provided with agreement) request, obtain the IP address.
On the other hand; In order to solve IP address problem in short supply; It is that legitimate ip address is distributed to the user's IP address allocative decision with privately owned (reservation) address spaces that existing technical scheme has also proposed employing NAT (Network Address Translation, network address translation) mode.
In realizing process of the present invention, the inventor finds that there is following problem at least in prior art:
To the scheme of directly IP address assignment being given the user, no matter whether authentication of user all can be obtained the IP address, causes the waste of IP address resource.What the mobile especially at present user of being directed against distributed all is public network IP address, and address resource is quite valuable, and often appearance wants that really the user who surfs the Net can't obtain the IP address, and the user of the demand of not surfing the Net has been not intended to take the problem of IP address.
And, have the problem of the corresponding a plurality of private network IP of public network IP address address for the scheme of NAT mode distributing IP address, can't accurately recall the user.
Summary of the invention
The present invention provides a kind of IP address assignment method and apparatus, in order to solve waste IP address resource and the defective that can not fully accurately distribute public network IP address for the Internet user in the existing IP address resource allocative decision.
For achieving the above object, one aspect of the present invention provides a kind of IP address assignment method, is applied to comprise that in the system of Address Management Server, said Address Management Server is managed the IP address resource of current system, and said method may further comprise the steps at least:
The DynamicHost of the terminal equipment that said Address Management Server reception access device is transmitted is provided with the protocol DHCP request message;
Said Address Management Server is judged the authentication state of said terminal equipment;
If the pairing user of said terminal equipment is a unauthenticated user, said Address Management Server is that said terminal equipment distributes private network IP address;
If the pairing user of said terminal equipment is authenticated, said Address Management Server is that said terminal equipment distributes public network IP address.
Preferably,
When said Address Management Server was said terminal equipment distribution private network IP address, be first term of validity effective time that said Address Management Server disposes said private network IP address;
When said Address Management Server is a said terminal equipment when distributing public network IP address, be second term of validity effective time that said Address Management Server disposes said public network IP address;
Wherein, said first term of validity is less than said second term of validity.
Preferably, said Address Management Server is that said terminal equipment distributes after the public network IP address, also comprises:
Said Address Management Server sends the address update notification message to the pairing door Portal server of said terminal equipment, notifies the said Portal server IP address that said terminal equipment is current to be updated to said public network IP address;
Said Address Management Server receives the address renewal acknowledge message that the pairing Portal server of said terminal equipment returns, and confirms that the said Portal server IP address that said terminal equipment is current is updated to said public network IP address.
Preferably, said method also comprises:
Said Address Management Server is preserved the pairing user's of said terminal equipment authentication state according to receiving the message that the pairing Portal server of said terminal equipment sends;
Wherein, When said Address Management Server received the successful notification message of said terminal device authentication that the pairing Portal server of said terminal equipment sends, the authentication state that said Address Management Server writes down the pairing user of said terminal equipment was authenticated;
When said Address Management Server receives the notification message that said terminal equipment that the pairing Portal server of said terminal equipment sends rolls off the production line; The authentication state that said Address Management Server writes down the pairing user of said terminal equipment is a unauthenticated user, and reclaims the public network IP address of distributing to said terminal equipment.
On the other hand, the present invention also provides a kind of Address Management Server, comprises with lower module:
Communication module is used to receive the DHCP request message of the terminal equipment that access device transmits;
Judge module, the authentication state of the pairing terminal equipment of DHCP request message that is used to judge that said communication module receives;
The address administration module; Be used for when said judge module is judged the pairing user of said terminal equipment for unauthenticated user; For said terminal equipment distributes private network IP address; Or when said judge module is judged the pairing user of said terminal equipment for authenticated, be that said terminal equipment distributes public network IP address.
Preferably, said address administration module also is used for:
When being said terminal equipment distribution private network IP address, be first term of validity effective time of disposing said private network IP address;
When being said terminal equipment when distributing public network IP address, be second term of validity effective time of disposing said public network IP address;
Wherein, said first term of validity is less than said second term of validity.
Preferably, said communication module also is used for:
In said address administration module is after said terminal equipment distributes public network IP address; Send the address update notification message to the pairing door Portal server of said terminal equipment, notify the said Portal server IP address that said terminal equipment is current to be updated to said public network IP address;
Receive the address renewal acknowledge message that the pairing Portal server of said terminal equipment returns, confirm that the said Portal server IP address that said terminal equipment is current is updated to said public network IP address.
Preferably, said address administration module also is used for the message according to the pairing Portal server transmission of the received said terminal equipment of said communication module, preserves the pairing user's of said terminal equipment authentication state;
Wherein, When said communication module received the successful notification message of said terminal device authentication that the pairing Portal server of said terminal equipment sends, the pairing user's of the said terminal equipment of said address administration module records authentication state was authenticated;
When said communication module receives the notification message that said terminal equipment that the pairing Portal server of said terminal equipment sends rolls off the production line; The pairing user's of the said terminal equipment of said address administration module records authentication state is a unauthenticated user, and reclaims the public network IP address of distributing to said terminal equipment.
On the other hand, the present invention also provides a kind of IP address assignment method, is applied to comprise that in the system of Address Management Server, said Address Management Server is managed the IP address resource of current system, and said method may further comprise the steps at least:
Terminal equipment sends the DHCP request message through access device to said Address Management Server;
Said terminal equipment receives the private network IP address that said Address Management Server distributes, and carries out authentication according to said private network IP address;
If authentication success, said terminal equipment are waited for said private network IP address failure, and behind said private network IP address failure, send the DHCP request message to said Address Management Server through access device;
Said terminal equipment receives the public network IP address that said Address Management Server distributes, and according to said public network IP address accesses network.
Preferably,
When said terminal equipment received the private network IP address that said Address Management Server distributes, said Address Management Server was that be first term of validity effective time of said private network IP address configuration;
When said terminal equipment received the public network IP address that said Address Management Server distributes, said Address Management Server was that be second term of validity effective time of said public network IP address configuration;
Wherein, said first term of validity is less than said second term of validity.
Preferably, said terminal equipment receives the public network IP address that said Address Management Server distributes, and according to after the said public network IP address accesses network, also comprises:
If said terminal equipment sends the request of rolling off the production line, said Address Management Server reclaims the public network IP address that is distributed, and said access device cuts off the network connection of said terminal equipment.
On the other hand, the present invention also provides a kind of terminal equipment, comprises with lower module:
Communication module is used for sending the DHCP request message through access device to said Address Management Server, and receives private network IP address or the public network IP address that said Address Management Server distributes;
Authentication module; Be used for carrying out authentication according to the received private network IP address of said communication module; When authentication success; Wait for said private network IP address failure, and behind said private network IP address failure, notify said communication module to send the DHCP request message to said Address Management Server through access device;
Processing module is used for according to the received public network IP address accesses network of said communication module.
Compared with prior art, the present invention has the following advantages:
Through using technical scheme of the present invention, call address management server in system is managed intrasystem IP address resource; After receiving corresponding address assignment request; Only be authenticated distribution public network IP address, and unauthenticated user is only distributed private network IP address, thereby; Can carry out the distribution of IP address resource according to user's authentication state; Only public network IP address is distributed to the user who really has the online demand, and, improve the effective rate of utilization of IP address resource the user of private network IP address assignment to the casual network operation.
Description of drawings
Fig. 1 is the sketch map of the Portal authentication basic procedure that the user terminal online relates in the wireless network of prior art;
Fig. 2 is a kind of IP address assignment method that the embodiment of the invention proposed schematic flow sheet in the Address Management Server side;
Fig. 3 is a kind of IP address assignment method that the embodiment of the invention proposed schematic flow sheet in terminal equipment side;
Fig. 4 is the sketch map of a kind of concrete application scenarios that the embodiment of the invention proposed;
Fig. 5 is the schematic flow sheet of the IP address assignment method under a kind of concrete application scenarios that the embodiment of the invention proposed;
Fig. 6 is the structural representation of a kind of Address Management Server that the embodiment of the invention proposed;
Fig. 7 is the structural representation of a kind of terminal equipment that the embodiment of the invention proposed.
Embodiment
Of background technology, there is the defective to the waste of precious public network IP address resources in the existing public network IP address allocative decision of directly carrying out, the scheme that adopts the NAT mode the to distribute difficulty that recall in the path that then can cause surfing the Net.
In order to solve such problem; The present invention proposes a kind of IP address assignment method, call address management server in system is managed intrasystem IP address resource; Carry out the distribution of IP address resource according to user's actual authentication state, improve effective utilization of public network IP address resources.
As shown in Figure 2, the schematic flow sheet of a kind of IP address assignment method that proposes for the present invention, this method specifically may further comprise the steps:
The DynamicHost of the terminal equipment that step S201, said Address Management Server reception access device are transmitted is provided with the protocol DHCP request message.
Step S202, said Address Management Server are judged the authentication state of said terminal equipment.
If the pairing user of said terminal equipment is a unauthenticated user, then execution in step S203;
If the pairing user of said terminal equipment is authenticated, then execution in step S204.
It is pointed out that definite mode of authentication state information of the judgment processing institute foundation of this step, specific as follows:
Said Address Management Server is preserved the pairing user's of said terminal equipment authentication state according to receiving the message that the pairing Portal server of said terminal equipment sends.
Wherein, When said Address Management Server received the successful notification message of said terminal device authentication that the pairing Portal server of said terminal equipment sends, the authentication state that said Address Management Server writes down the pairing user of said terminal equipment was authenticated.
When said Address Management Server receives the notification message that said terminal equipment that the pairing Portal server of said terminal equipment sends rolls off the production line; The authentication state that said Address Management Server writes down the pairing user of said terminal equipment is a unauthenticated user, and reclaims the public network IP address of distributing to said terminal equipment.
Through above-mentioned processing; Address Management Server is only between the notification message of the authentication success that receives the corresponding terminal equipment that Portal server sends and the notification message that rolls off the production line; Just can write down the pairing user of this terminal equipment and be authenticated, thereby, only in the time interval between these two notification messages; When Address Management Server receives the DHCP request message of terminal equipment, just can be the terminal equipment public network IP address resources.
And the notification message of authentication success representes respectively that with the notification message that rolls off the production line the user asks net operation and finishes to go up net operation; Terminal equipment need be visited public network between this; Therefore, such processing can guarantee only when the user really has the online demand, just to carry out the distribution of public network IP address.
On the contrary; In the other times outside the above-mentioned time interval,, also just operate pairing request even Address Management Server receives the DHCP request message that terminal equipment sends temporarily; Do not relate to the public network visit, Address Management Server only need carry out the distribution of private network IP address.
Step S203, said Address Management Server are that said terminal equipment distributes private network IP address.
Step S204, said Address Management Server are that said terminal equipment distributes public network IP address.
In concrete processing scene, after the distribution of carrying out public network IP address, Address Management Server need upgrade the address information of this terminal equipment in the Portal server, and detailed process is following:
Said Address Management Server sends the address update notification message to the pairing door Portal server of said terminal equipment, notifies the said Portal server IP address that said terminal equipment is current to be updated to said public network IP address;
Said Address Management Server receives the address renewal acknowledge message that the pairing Portal server of said terminal equipment returns, and confirms that the said Portal server IP address that said terminal equipment is current is updated to said public network IP address.
Through such processing, this terminal equipment IP address information updating of being managed in the Portal server is the public network IP address that Address Management Server distributed, and this terminal equipment can be used this public network IP address and carry out access to netwoks.
In concrete processing scene; Address Management Server is being managed all IP address resources of current system, and when carrying out address assignment, Address Management Server is set up the lease of corresponding corresponding terminal equipment to corresponding IP address; When reclaiming the address, then directly delete this lease.
Further; In order to realize the timely recovery of IP address resource, in the address allocation procedure of step S203 and step S204, Address Management Server also is provided with the corresponding term of validity for its addresses distributed; Be above-mentioned lease the term of validity is set; After reaching the term of validity, Address Management Server also will be deleted corresponding lease, discharge the corresponding IP address resource.
When said Address Management Server was said terminal equipment distribution private network IP address, be first term of validity effective time that said Address Management Server disposes said private network IP address.
When said Address Management Server is a said terminal equipment when distributing public network IP address, be second term of validity effective time that said Address Management Server disposes said public network IP address.
Wherein, said first term of validity is less than said second term of validity.
Such setting principle mainly is to consider that private network IP address is mainly used in interim network operation, such operation weak point consuming time, so; Terminal equipment need be held the time span of this private network IP address also can be shorter; On the contrary, public network IP address is mainly used in the last net operation of continuation, so last net operation length consuming time; So terminal equipment need be held the time span of this public network IP address also can be long.
Concrete term of validity time span can be provided with according to the needs of reality, is satisfying under the situation of above-mentioned requirements, and the variation of concrete term of validity time span can't influence protection scope of the present invention.
Through above-mentioned processing, Address Management Server has been realized the management of IP address resource, and the notification message that reports through Portal server writes down corresponding user's authentication state; Then; Carry out the distribution of IP address resource according to user's authentication state, and the setting through the term of validity, in time carry out the recovery of IP address resource; Improve the effective rate of utilization of IP address resource, and can as much as possible public network IP address have been given the user that real needs carry out the public network visit.
It is pointed out that above-mentioned processing procedure is technical scheme proposed by the invention processing procedure in the Address Management Server side, corresponding, in terminal equipment side, the sketch map of corresponding processing procedure is as shown in Figure 3, specifically may further comprise the steps:
Step S301, terminal equipment send the DHCP request message through access device to said Address Management Server.
Step S302, said terminal equipment receive the private network IP address that said Address Management Server distributes, and carry out authentication according to said private network IP address.
If authentication success, then execution in step S303.
If authentification failure, then terminal equipment finishes current operation.
Step S303, said terminal equipment are waited for said private network IP address failure, and behind said private network IP address failure, send the DHCP request message through access device to said Address Management Server.
Step S304, said terminal equipment receive the public network IP address that said Address Management Server distributes, and according to said public network IP address accesses network.
Concrete, there is the setting of the corresponding term of validity equally in the received Address Management Server institute IP address allocated resource of terminal equipment, specifies referring to above stated specification, no longer repeats at this.
Need further be pointed out that, because there is the term of validity equally in public network IP address, so; If terminal equipment continues to go up the term of validity that the time of net operation has reached public network IP address; Then this public network IP address can lose efficacy equally, and at this moment, terminal equipment needs to send the DHCP request message through access device to Address Management Server once more; But because the pairing user of terminal equipment this moment is still authenticated; So Address Management Server can directly carry out the distribution of public network IP address or re-rent, and promptly is equivalent to the processing that terminal equipment has directly carried out step S303.
In concrete processing scene, after guaranteeing that terminal equipment finishes to go up net operation, the timely recovery of IP address resource; If said terminal equipment sends the request of rolling off the production line, said Address Management Server reclaims the public network IP address that is distributed, and said access device cuts off the network connection of said terminal equipment; Thereby; Force terminal equipment next time when surfing the Net operational requirements, repeat aforesaid operations again, carry out the application of public network IP address.
Compared with prior art, the present invention has the following advantages:
Through using technical scheme of the present invention, call address management server in system is managed intrasystem IP address resource; After receiving corresponding address assignment request; Only be authenticated distribution public network IP address, and unauthenticated user is only distributed private network IP address, thereby; Can carry out the distribution of IP address resource according to user's authentication state; Only public network IP address is distributed to the user who really has the online demand, and, improve the effective rate of utilization of IP address resource the user of private network IP address assignment to the casual network operation.
In order further to set forth technological thought of the present invention, combine concrete application scenarios at present, technical scheme of the present invention is described.
The embodiment of the invention provides a kind of address assignment implementation of the intelligence based on user authentication status, by centralized external equipment (promptly introducing aforesaid Address Management Server), solves the problem that WLAN user wastes public network IP address.
Concrete, Address Management Server is realized IP address assignment and management function, is responsible for unified management, distribution and the scheduling of IP resource in a plurality of zones; Realize the dynamic assignment of IP address; Be convenient explanation, consider that Address Management Server is equivalent to the IP address pool (pool) formed at the IP address resource of the current system of management for the management of IP address resource, so; For the ease of explanation, in subsequent descriptions, Address Management Server is directly become POOL.
Further; For convenience, specifically with a kind of concrete example of AC, technical scheme proposed by the invention is described in the embodiment of the invention as access device; In practical application; The variation of the variation of concrete access device type, the title of Address Management Server, and under the prerequisite that satisfies above-mentioned IP address assignment and management function, Address Management Server can not influence protection scope of the present invention to the variation of the mode of management of IP address resource.
Concrete, as shown in Figure 4, be the sketch map of a kind of concrete application scenarios that the embodiment of the invention proposed; Further; As shown in Figure 5, the schematic flow sheet for the IP address assignment method under a kind of concrete application scenarios that the embodiment of the invention proposed specifically may further comprise the steps:
Step S501, user (being the pairing terminal equipment of user, down with, no longer repeat specification) associated with wireless network is initiated the DHCP request to AC.
Such operation is based on terminal equipment in the prior art and connects that the rule of initiating the DHCP request behind the wireless network automatically realizes.
Step S502, AC transmit (Relay) with the DHCP request and give POOL.
Step S503, the current authentication state of POOL judges because this user is a unauthenticated user, are directly distributed private network IP address.
Do not store this user's authentication state information this moment among the POOL, thereby, can judge that this user is unauthenticated user.
The lease phase of the private network IP address of being distributed here (being the aforesaid term of validity) is short, in concrete application, can be set to 30 seconds.
Step S504, user initiate authentication request according to this private network IP address to Portal server.
AC is packaged into the RADIUS message with corresponding authentication information and submits to the process that the RADIUS authentication server carries out authentication in the concrete verification process cutting prior art, in this no longer repeat specification.
If authentication success then continues step S505, on the contrary, if authentification failure does not then allow this user access network, current EO.
Step S505, this authentification of user success of AC notice Portal server.
Step S506, Portal server are notified this authentification of user success.
Step S507, this authentification of user success of Portal server notice POOL.
The authentication state that POOL receives this user of notice back record is authenticated.
It is to be noted; Step S506 and step S507 receive the operation of carrying out to different main body respectively after the authentication success notice of AC at Portal server; There is not inevitable sequencing; Sequence number is explanation for ease just, and in concrete the application, the order of two steps changes can't influence protection scope of the present invention.
Step S508, user wait for that the lease of being set up through DHCP request before is overtime, wait for that promptly the lease phase of private network IP address is overtime.
And after overtime, direct execution in step S509.
Step S509, user initiate the DHCP request to AC, obtain the IP address again.
Step S510, AC are transmitted to POOL with the DHCP request.
Step S511, the current authentication state of POOL judges because this user is authenticated, are directly distributed public network IP address.
The lease phase of the public network IP address that is distributed here (being the aforesaid term of validity) is long, in concrete application, can be set to 10 minutes.
It is the public network IP address that is distributed that step S512, POOL notice Portal server upgrade IP address.
Step S513, Portal server return response, confirm to upgrade successfully.
Afterwards, the user can carry out public network visit and last net operation according to this public network IP address.
Above processing procedure is user's a last line process, further specifies this user's following line process below.
Step S514, user initiate the request of rolling off the production line.
Step S515, Portal server are initiated line process down to AC.
Step S516, this user offline success of AC notice Portal server.
Step S517, this user offline success of Portal server notice POOL.
POOL receives this user's of notice back deletion authentication state information.
Step S518, the pairing public network IP address lease of POOL this user of deletion.
Step S519, AC break off this user's wireless connections.
Such operation force users is obtained the IP address again when inserting next time, can not take the corresponding IP address resource for a long time.
Need to prove that step S519 is the operation that AC initiated behind step S516, itself and step S517 and step S518 do not have inevitable precedence relationship.
During user's associated with wireless network next time, restart execution in step S501.
Compared with prior art, the present invention has the following advantages:
Through using technical scheme of the present invention, call address management server in system is managed intrasystem IP address resource; After receiving corresponding address assignment request; Only be authenticated distribution public network IP address, and unauthenticated user is only distributed private network IP address, thereby; Can carry out the distribution of IP address resource according to user's authentication state; Only public network IP address is distributed to the user who really has the online demand, and, improve the effective rate of utilization of IP address resource the user of private network IP address assignment to the casual network operation.
In order to realize technical scheme of the present invention, based on aforesaid explanation, the invention allows for a kind of Address Management Server, its structural representation is as shown in Figure 6, comprises at least with lower module:
Concrete, said address administration module 63 also is used for:
When being said terminal equipment distribution private network IP address, be first term of validity effective time of disposing said private network IP address;
When being said terminal equipment when distributing public network IP address, be second term of validity effective time of disposing said public network IP address;
Wherein, said first term of validity is less than said second term of validity.
On the other hand, said communication module 61 also is used for:
In said address administration module 63 is after said terminal equipment distributes public network IP address; Send the address update notification message to the pairing door Portal server of said terminal equipment, notify the said Portal server IP address that said terminal equipment is current to be updated to said public network IP address;
Receive the address renewal acknowledge message that the pairing Portal server of said terminal equipment returns, confirm that the said Portal server IP address that said terminal equipment is current is updated to said public network IP address.
In the application scenarios of reality, said address administration module 63 also is used for the message according to the pairing Portal server transmission of said communication module 61 received said terminal equipments, preserves the pairing user's of said terminal equipment authentication state;
Wherein, When said communication module 61 received the successful notification message of said terminal device authentication that the pairing Portal server of said terminal equipment sends, the authentication state that said address administration module 63 writes down the pairing users of said terminal equipment was authenticated;
When said communication module 61 receives the notification message that said terminal equipment that the pairing Portal server of said terminal equipment sends rolls off the production line; The said address administration module 63 pairing users' of the said terminal equipment of record authentication state is a unauthenticated user, and reclaims the public network IP address of distributing to said terminal equipment.
On the other hand, the present invention also provides a kind of terminal equipment, and its structural representation is as shown in Figure 7, comprises at least:
Compared with prior art, the present invention has the following advantages:
Through using technical scheme of the present invention, call address management server in system is managed intrasystem IP address resource; After receiving corresponding address assignment request; Only be authenticated distribution public network IP address, and unauthenticated user is only distributed private network IP address, thereby; Can carry out the distribution of IP address resource according to user's authentication state; Only public network IP address is distributed to the user who really has the online demand, and, improve the effective rate of utilization of IP address resource the user of private network IP address assignment to the casual network operation.
Through the description of above execution mode, those skilled in the art can be well understood to the present invention and can realize through hardware, also can realize by the mode that software adds necessary general hardware platform.Based on such understanding; Technical scheme of the present invention can be come out with the embodied of software product, this software product can be stored in a non-volatile memory medium (can be CD-ROM, USB flash disk; Portable hard drive etc.) in; Comprise some instructions with so that computer equipment (can be personal computer, server, perhaps OAM MASTER equipment etc.) each implements the described method of scene to carry out the present invention.
It will be appreciated by those skilled in the art that accompanying drawing is a preferred sketch map of implementing scene, module in the accompanying drawing or flow process might not be that embodiment of the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device of implementing in the scene can be distributed in the device of implementing scene according to implementing scene description, also can carry out respective change and be arranged in the one or more devices that are different from this enforcement scene.The module of above-mentioned enforcement scene can be merged into a module, also can further split into a plurality of submodules.
The invention described above sequence number is not represented the quality of implementing scene just to description.
More than disclosedly be merely several practical implementation scene of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.
Claims (12)
1. an IP address assignment method is characterized in that, is applied to comprise that in the system of Address Management Server, said Address Management Server is managed the IP address resource of current system, and said method may further comprise the steps at least:
The DynamicHost of the terminal equipment that said Address Management Server reception access device is transmitted is provided with the protocol DHCP request message;
Said Address Management Server is judged the authentication state of said terminal equipment;
If the pairing user of said terminal equipment is a unauthenticated user, said Address Management Server is that said terminal equipment distributes private network IP address;
If the pairing user of said terminal equipment is authenticated, said Address Management Server is that said terminal equipment distributes public network IP address.
2. the method for claim 1 is characterized in that,
When said Address Management Server was said terminal equipment distribution private network IP address, be first term of validity effective time that said Address Management Server disposes said private network IP address;
When said Address Management Server is a said terminal equipment when distributing public network IP address, be second term of validity effective time that said Address Management Server disposes said public network IP address;
Wherein, said first term of validity is less than said second term of validity.
3. the method for claim 1 is characterized in that, said Address Management Server is that said terminal equipment distributes after the public network IP address, also comprises:
Said Address Management Server sends the address update notification message to the pairing door Portal server of said terminal equipment, notifies the said Portal server IP address that said terminal equipment is current to be updated to said public network IP address;
Said Address Management Server receives the address renewal acknowledge message that the pairing Portal server of said terminal equipment returns, and confirms that the said Portal server IP address that said terminal equipment is current is updated to said public network IP address.
4. the method for claim 1 is characterized in that, also comprises:
Said Address Management Server is preserved the pairing user's of said terminal equipment authentication state according to receiving the message that the pairing Portal server of said terminal equipment sends;
Wherein, When said Address Management Server received the successful notification message of said terminal device authentication that the pairing Portal server of said terminal equipment sends, the authentication state that said Address Management Server writes down the pairing user of said terminal equipment was authenticated;
When said Address Management Server receives the notification message that said terminal equipment that the pairing Portal server of said terminal equipment sends rolls off the production line; The authentication state that said Address Management Server writes down the pairing user of said terminal equipment is a unauthenticated user, and reclaims the public network IP address of distributing to said terminal equipment.
5. an Address Management Server is characterized in that, comprises with lower module:
Communication module is used to receive the DHCP request message of the terminal equipment that access device transmits;
Judge module, the authentication state of the pairing terminal equipment of DHCP request message that is used to judge that said communication module receives;
The address administration module; Be used for when said judge module is judged the pairing user of said terminal equipment for unauthenticated user; For said terminal equipment distributes private network IP address; Or when said judge module is judged the pairing user of said terminal equipment for authenticated, be that said terminal equipment distributes public network IP address.
6. Address Management Server as claimed in claim 5 is characterized in that, said address administration module also is used for:
When being said terminal equipment distribution private network IP address, be first term of validity effective time of disposing said private network IP address;
When being said terminal equipment when distributing public network IP address, be second term of validity effective time of disposing said public network IP address;
Wherein, said first term of validity is less than said second term of validity.
7. Address Management Server as claimed in claim 6 is characterized in that, said communication module also is used for:
In said address administration module is after said terminal equipment distributes public network IP address; Send the address update notification message to the pairing door Portal server of said terminal equipment, notify the said Portal server IP address that said terminal equipment is current to be updated to said public network IP address;
Receive the address renewal acknowledge message that the pairing Portal server of said terminal equipment returns, confirm that the said Portal server IP address that said terminal equipment is current is updated to said public network IP address.
8. Address Management Server as claimed in claim 7; It is characterized in that; Said address administration module also is used for the message according to the pairing Portal server transmission of the received said terminal equipment of said communication module, preserves the pairing user's of said terminal equipment authentication state;
Wherein, When said communication module received the successful notification message of said terminal device authentication that the pairing Portal server of said terminal equipment sends, the pairing user's of the said terminal equipment of said address administration module records authentication state was authenticated;
When said communication module receives the notification message that said terminal equipment that the pairing Portal server of said terminal equipment sends rolls off the production line; The pairing user's of the said terminal equipment of said address administration module records authentication state is a unauthenticated user, and reclaims the public network IP address of distributing to said terminal equipment.
9. an IP address assignment method is characterized in that, is applied to comprise that in the system of Address Management Server, said Address Management Server is managed the IP address resource of current system, and said method may further comprise the steps at least:
Terminal equipment sends the DHCP request message through access device to said Address Management Server;
Said terminal equipment receives the private network IP address that said Address Management Server distributes, and carries out authentication according to said private network IP address;
If authentication success, said terminal equipment are waited for said private network IP address failure, and behind said private network IP address failure, send the DHCP request message to said Address Management Server through access device;
Said terminal equipment receives the public network IP address that said Address Management Server distributes, and according to said public network IP address accesses network.
10. method as claimed in claim 9 is characterized in that,
When said terminal equipment received the private network IP address that said Address Management Server distributes, said Address Management Server was that be first term of validity effective time of said private network IP address configuration;
When said terminal equipment received the public network IP address that said Address Management Server distributes, said Address Management Server was that be second term of validity effective time of said public network IP address configuration;
Wherein, said first term of validity is less than said second term of validity.
11. method as claimed in claim 9 is characterized in that, said terminal equipment receives the public network IP address that said Address Management Server distributes, and according to after the said public network IP address accesses network, also comprises:
If said terminal equipment sends the request of rolling off the production line, said Address Management Server reclaims the public network IP address that is distributed, and said access device cuts off the network connection of said terminal equipment.
12. a terminal equipment is characterized in that, comprises with lower module:
Communication module is used for sending the DHCP request message through access device to said Address Management Server, and receives private network IP address or the public network IP address that said Address Management Server distributes;
Authentication module; Be used for carrying out authentication according to the received private network IP address of said communication module; When authentication success; Wait for said private network IP address failure, and behind said private network IP address failure, notify said communication module to send the DHCP request message to said Address Management Server through access device;
Processing module is used for according to the received public network IP address accesses network of said communication module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103756869A CN102572005A (en) | 2011-11-23 | 2011-11-23 | IP address allocation method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103756869A CN102572005A (en) | 2011-11-23 | 2011-11-23 | IP address allocation method and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102572005A true CN102572005A (en) | 2012-07-11 |
Family
ID=46416461
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011103756869A Pending CN102572005A (en) | 2011-11-23 | 2011-11-23 | IP address allocation method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102572005A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118064A (en) * | 2012-11-22 | 2013-05-22 | 杭州华三通信技术有限公司 | Method and device of Portal centralized authentication |
| CN103475751A (en) * | 2013-09-18 | 2013-12-25 | 杭州华三通信技术有限公司 | Method and device for IP address switch |
| CN103532717A (en) * | 2013-10-16 | 2014-01-22 | 杭州华三通信技术有限公司 | Portal authentication processing method, Portal authentication assisting method and Portal authentication assisting device |
| CN103581354A (en) * | 2012-08-03 | 2014-02-12 | 中国电信股份有限公司 | Network address allocation method and system |
| CN103841219A (en) * | 2012-11-21 | 2014-06-04 | 华为技术有限公司 | IP address releasing method and device and access device |
| CN103905573A (en) * | 2012-12-26 | 2014-07-02 | 中国移动通信集团广西有限公司 | Method and equipment for managing IP resources |
| CN103957194A (en) * | 2014-04-04 | 2014-07-30 | 杭州华三通信技术有限公司 | IP access method and device |
| CN103986793A (en) * | 2013-02-07 | 2014-08-13 | 杭州华三通信技术有限公司 | Method and system for improving utilization efficiency of Portal authenticated-user IP addresses |
| CN104144225A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Method and system for controlling allocation of IPv4 address and PDSN |
| CN104348928A (en) * | 2013-07-31 | 2015-02-11 | 华为技术有限公司 | Method for assigning address resources, management device, request device, and system |
| CN105357331A (en) * | 2015-10-28 | 2016-02-24 | 烽火通信科技股份有限公司 | Pseudo-static IP implementation method and system based on dynamic IP |
| CN105592180A (en) * | 2015-09-30 | 2016-05-18 | 杭州华三通信技术有限公司 | Portal authentication method and device |
| WO2017120969A1 (en) * | 2016-01-17 | 2017-07-20 | 衣佳鑫 | Internet-of-things address configuration method and system |
| CN107241456A (en) * | 2017-05-12 | 2017-10-10 | 北京星网锐捷网络技术有限公司 | The method and server of a kind of terminal Access Control |
| WO2018045994A1 (en) * | 2016-09-09 | 2018-03-15 | 新华三技术有限公司 | Network access control |
| CN108076164A (en) * | 2016-11-16 | 2018-05-25 | 新华三技术有限公司 | Access control method and device |
| CN112671708A (en) * | 2020-11-25 | 2021-04-16 | 新华三技术有限公司 | Authentication method and system, portal server and security policy server |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1458763A (en) * | 2002-05-15 | 2003-11-26 | 华为技术有限公司 | Broadband network access method |
| KR20040046523A (en) * | 2002-11-27 | 2004-06-05 | 한국전자통신연구원 | Method of Dynamic IP Address allocation/release on Diameter Server |
| CN1708021A (en) * | 2004-06-11 | 2005-12-14 | 华为技术有限公司 | Method of distributing switchin-in address for user terminal |
| CN102148878A (en) * | 2010-02-05 | 2011-08-10 | 中国移动通信集团公司 | IP (internet protocol) address allocation method, system and device |
| CN102244866A (en) * | 2011-08-18 | 2011-11-16 | 杭州华三通信技术有限公司 | Portal verifying method and access controller |
-
2011
- 2011-11-23 CN CN2011103756869A patent/CN102572005A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1458763A (en) * | 2002-05-15 | 2003-11-26 | 华为技术有限公司 | Broadband network access method |
| KR20040046523A (en) * | 2002-11-27 | 2004-06-05 | 한국전자통신연구원 | Method of Dynamic IP Address allocation/release on Diameter Server |
| CN1708021A (en) * | 2004-06-11 | 2005-12-14 | 华为技术有限公司 | Method of distributing switchin-in address for user terminal |
| CN102148878A (en) * | 2010-02-05 | 2011-08-10 | 中国移动通信集团公司 | IP (internet protocol) address allocation method, system and device |
| CN102244866A (en) * | 2011-08-18 | 2011-11-16 | 杭州华三通信技术有限公司 | Portal verifying method and access controller |
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103581354A (en) * | 2012-08-03 | 2014-02-12 | 中国电信股份有限公司 | Network address allocation method and system |
| CN103841219B (en) * | 2012-11-21 | 2017-11-24 | 华为技术有限公司 | Discharge the method, apparatus and access device of IP address |
| CN103841219A (en) * | 2012-11-21 | 2014-06-04 | 华为技术有限公司 | IP address releasing method and device and access device |
| CN103118064A (en) * | 2012-11-22 | 2013-05-22 | 杭州华三通信技术有限公司 | Method and device of Portal centralized authentication |
| CN103905573B (en) * | 2012-12-26 | 2017-11-21 | 中国移动通信集团广西有限公司 | A kind of method and apparatus being managed to IP resources |
| CN103905573A (en) * | 2012-12-26 | 2014-07-02 | 中国移动通信集团广西有限公司 | Method and equipment for managing IP resources |
| CN103986793B (en) * | 2013-02-07 | 2018-05-15 | 新华三技术有限公司 | A kind of method and system of lifting Portal certification IP address service efficiencies |
| CN103986793A (en) * | 2013-02-07 | 2014-08-13 | 杭州华三通信技术有限公司 | Method and system for improving utilization efficiency of Portal authenticated-user IP addresses |
| CN104144225A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Method and system for controlling allocation of IPv4 address and PDSN |
| CN104144225B (en) * | 2013-05-10 | 2017-10-13 | 中国电信股份有限公司 | Control method, system and the PDSN of IPv4 addresses distribution |
| CN104348928A (en) * | 2013-07-31 | 2015-02-11 | 华为技术有限公司 | Method for assigning address resources, management device, request device, and system |
| CN103475751B (en) * | 2013-09-18 | 2016-08-10 | 杭州华三通信技术有限公司 | A kind of method and device of IP address switching |
| CN103475751A (en) * | 2013-09-18 | 2013-12-25 | 杭州华三通信技术有限公司 | Method and device for IP address switch |
| CN103532717A (en) * | 2013-10-16 | 2014-01-22 | 杭州华三通信技术有限公司 | Portal authentication processing method, Portal authentication assisting method and Portal authentication assisting device |
| CN103532717B (en) * | 2013-10-16 | 2016-10-12 | 杭州华三通信技术有限公司 | A kind of Portal authentication method, certification assisted method and device |
| CN103957194B (en) * | 2014-04-04 | 2017-09-15 | 新华三技术有限公司 | A kind of procotol IP cut-in methods and access device |
| CN103957194A (en) * | 2014-04-04 | 2014-07-30 | 杭州华三通信技术有限公司 | IP access method and device |
| CN105592180B (en) * | 2015-09-30 | 2019-09-06 | 新华三技术有限公司 | A kind of method and apparatus of Portal certification |
| CN105592180A (en) * | 2015-09-30 | 2016-05-18 | 杭州华三通信技术有限公司 | Portal authentication method and device |
| CN105357331A (en) * | 2015-10-28 | 2016-02-24 | 烽火通信科技股份有限公司 | Pseudo-static IP implementation method and system based on dynamic IP |
| WO2017120969A1 (en) * | 2016-01-17 | 2017-07-20 | 衣佳鑫 | Internet-of-things address configuration method and system |
| CN107809496A (en) * | 2016-09-09 | 2018-03-16 | 新华三技术有限公司 | Method for network access control and device |
| WO2018045994A1 (en) * | 2016-09-09 | 2018-03-15 | 新华三技术有限公司 | Network access control |
| EP3512181A4 (en) * | 2016-09-09 | 2019-08-21 | New H3C Technologies Co., Ltd. | Network access control |
| CN107809496B (en) * | 2016-09-09 | 2020-05-12 | 新华三技术有限公司 | Network access control method and device |
| US11159524B2 (en) | 2016-09-09 | 2021-10-26 | New H3C Technologies Co., Ltd. | Network access control |
| CN108076164A (en) * | 2016-11-16 | 2018-05-25 | 新华三技术有限公司 | Access control method and device |
| CN108076164B (en) * | 2016-11-16 | 2021-03-23 | 新华三技术有限公司 | Access control method and device |
| CN107241456A (en) * | 2017-05-12 | 2017-10-10 | 北京星网锐捷网络技术有限公司 | The method and server of a kind of terminal Access Control |
| CN112671708A (en) * | 2020-11-25 | 2021-04-16 | 新华三技术有限公司 | Authentication method and system, portal server and security policy server |
| CN112671708B (en) * | 2020-11-25 | 2022-08-30 | 新华三技术有限公司 | Authentication method and system, portal server and security policy server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102572005A (en) | IP address allocation method and equipment | |
| CN102244866B (en) | Gate verification method and access controller | |
| CN100591013C (en) | Implementing authentication method and system | |
| CN101340444B (en) | Fireproof wall and server policy synchronization method, system and apparatus | |
| CN102843682B (en) | Access point authorizing method, device and system | |
| CN101795449B (en) | Wireless network terminal access control method and device thereof | |
| EP3512181B1 (en) | Network access control | |
| WO2015101125A1 (en) | Network access control method and device | |
| WO2016150327A1 (en) | Terminal remote assistance method, device and system | |
| CN102111326B (en) | Method, system and device for realizing mobility in layer 2 tunnel protocol virtual private network | |
| KR20170139582A (en) | Internet access authentication methods and clients, and computer storage media | |
| CN104202308A (en) | Implementation method of safe batch configuration of Wi-Fi Internet of Things system | |
| CN103703698A (en) | Machine-to-machine node erase procedure | |
| CN103442053A (en) | Method and system for having remote access to storage terminal based on cloud service platform | |
| WO2020083288A1 (en) | Safety defense method and apparatus for dns server, and communication device and storage medium | |
| CN104009925A (en) | Method and device for establishing bridge connection with router and router | |
| CN104660405A (en) | Business equipment authentication method and equipment | |
| CN102752752B (en) | base station maintenance method and apparatus | |
| CN102333099B (en) | Security control method and equipment | |
| CN103199990B (en) | A kind of method and apparatus of Routing Protocol certification migration | |
| CN104244373A (en) | Method for wireless terminal to join wireless network | |
| CN107342972B (en) | Method and device for realizing remote access | |
| CN104469772A (en) | Website equipment authentication method and device and authentication system | |
| WO2022068669A1 (en) | Session establishment method and apparatus, access network device and storage medium | |
| CN103138961A (en) | Server control method, controlled server and central control server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120711 |