CN104410990B - Realize the method and system of access authentication server switching - Google Patents

Realize the method and system of access authentication server switching Download PDF

Info

Publication number
CN104410990B
CN104410990B CN201410648746.3A CN201410648746A CN104410990B CN 104410990 B CN104410990 B CN 104410990B CN 201410648746 A CN201410648746 A CN 201410648746A CN 104410990 B CN104410990 B CN 104410990B
Authority
CN
China
Prior art keywords
portal
simulation
modules
authentication
access authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410648746.3A
Other languages
Chinese (zh)
Other versions
CN104410990A (en
Inventor
黄山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maipu Communication Technology Co Ltd
Original Assignee
Maipu Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maipu Communication Technology Co Ltd filed Critical Maipu Communication Technology Co Ltd
Priority to CN201410648746.3A priority Critical patent/CN104410990B/en
Publication of CN104410990A publication Critical patent/CN104410990A/en
Application granted granted Critical
Publication of CN104410990B publication Critical patent/CN104410990B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/04Arrangements for maintaining operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/40Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to secure accessing technologies.The invention discloses a kind of method and systems for realizing the switching of access authentication server.Its technical solution includes:HA modules send Portal service module of the simulation HTTP authentication request packets to main access authentication server;Portal service modules are sent to simulation NAS device after the simulation HTTP authentication request packets are converted to portal protocol message identifying;After simulation NAS device receives the Portal message identifyings, it is re-packaged into RADIUS authentication message, is sent to the AAA service modules of main access authentication server;The AAA service modules of main access authentication server complete user authentication, and return result to HA modules;HA modules are after the HTTP authentication response authentication response messages for receiving the return of Portal service modules, judge whether certification passes through, in this way, then think that the business of main access authentication server is normal, otherwise HA modules initiate active and standby certificate server switching, backup access authentication server takes over the work of main access authentication server, timely and effectively completes being switched fast for access authentication server.

Description

Realize the method and system of access authentication server switching
Technical field
The present invention relates to secure accessing technologies, more particularly to WLAN (WLAN, Wireless Local Area Networks method and be that the detection of access authentication business realizes that HA (High Availability, high availability) switches) are based on System.
Background technology
In secure accessing field, especially wlan security access field, the delay machine of access authentication server is (dead when operation Machine is also made to work as machine) can bringing on a disaster property consequence, therefore the highly reliable of access authentication server has become access authentication service One of major function of device.
Common highly reliable solution is to do redundancy using two-server, is recognized wherein being accessed based on a server Server is demonstrate,proved, a server is backup access authentication server, main access authentication server is detected by HA modules whether It can use, such as main access authentication server is unavailable, and backup access authentication server will take over main access authentication server at once Work, to not influence the business of user.But current high availability detection technique can only accomplish detection based on network connection, The detection of process, and it is related to the complex business systems of multiple process flows, lack effective testing mechanism at present.
Invention content
The purpose of the present invention is just to provide a kind of method and system for realizing the switching of access authentication server, more comprehensively Detection access authentication server failure, improve HA switching performance.
The present invention realizes its purpose, the technical solution adopted is that, the method for realizing the switching of access authentication server, feature It is, includes the following steps:
A, HA modules send Portal service module of the simulation HTTP authentication request packets to main access authentication server;
B, the Portal service modules receive the simulation HTTP authentication request packets, judge whether sender is HA moulds Block is set if so, being then converted to the simulation HTTP authentication request packets and being sent to simulation NAS after portal protocol message identifying It is standby;Otherwise, simulation HTTP authentication request packets are abandoned;
C, after simulation NAS device receives the Portal message identifyings, the Portal message identifyings are re-packaged into RADIUS authentication message is sent to the AAA service modules of main access authentication server;
D, the AAA service modules of main access authentication server complete user authentication, and send RADIUS authentication result message To the simulation NAS device;
E, the simulation NAS device receives RADIUS authentication result message, and RADIUS authentication result message is encapsulated as Portal authentication response messages, and the Portal authentication response messages are transmitted to the Portal service modules of master server;
F, the Portal service modules of main service receive the Portal authentication response messages that simulation NAS device is sent, simultaneously The Portal authentication response messages are encapsulated as HTTP authentication response messages and are sent to HA modules;
G, HA modules judge certification after the HTTP authentication response authentication response messages for receiving the return of Portal service modules Whether pass through, in this way, then it is assumed that the business of main access authentication server is normal, repeats step A~F;Otherwise HA modules initiate master Standby certificate server switches, and backup access authentication server takes over the work of main access authentication server.
Further, the method further includes following steps:
When A0, main access authentication startup of server, starts Portal and service and add simulation NAS device, addition AAA detections Account.
Further, in the step A, HA module timings send simulation HTTP authentication request packets.
Further, in the step G, step A~F is repeated twice, if authentication result is still not pass through, HA moulds Block initiates active and standby access authentication server switching, and backup access authentication server takes over the work of main access authentication server.
It is a further object of the invention that the system for realizing the switching of access authentication server, including two access authentication clothes Business device, one is main access authentication server, and another is backup access authentication server, the main access authentication server packet It includes:HA modules, Portal service modules, simulation NAS device and AAA service modules,
The HA modules give Portal service modules for sending simulation HTTP authentication request packets;And it is receiving After the HTTP authentication response messages that Portal service modules return, judge whether certification passes through, in this way, then it is assumed that main access authentication The business of server is normal, repeats step A~F;Otherwise active and standby certificate server switching is initiated, backup access authentication server connects For the work of main access authentication server;
The Portal service modules, for receive simulation HTTP authentication request packets after, judge sender whether be HA modules, if so, being sent to simulation after the simulation HTTP authentication request packets are then converted to portal protocol message identifying NAS device;Otherwise, simulation HTTP authentication request packets are abandoned;And it is rung receiving the Portal certifications that simulation NAS device returns After answering message, which is encapsulated as authentication response message and is sent to HA modules;
The simulation NAS device, after receiving the Portal message identifyings that the Portal service modules are sent, by institute It states Portal message identifyings and is re-packaged into RADIUS authentication message, be sent to AAA service modules;And receiving the AAA clothes After the RADIUS authentication result message that module of being engaged in returns, RADIUS authentication result message is encapsulated as Portal authentication response reports Text, and the Portal authentication response messages are transmitted to Portal service modules;
The AAA service modules for completing AAA user authentication, and send RADIUS authentication result message to the mould Quasi- NAS device.
Further, the system also includes Initialize installation modules, when being used for main access authentication startup of server, start Portal services and adds simulation NAS device, addition detection account.
Further, the HA modules timing simulation Authentication Client initiate to send simulation HTTP authentication request packets to Portal service modules.
Further, the backup access authentication server includes:HA modules, Portal service modules, simulation NAS device With AAA service modules.
Further, the main access authentication server is by its HA module, the HA moulds with backup access authentication server Block connects.
The invention has the advantages that realizing the detection of access authentication business, and this detection method is applied to access and is recognized Server failure detection is demonstrate,proved, when access authentication system breaks down, can timely and effectively complete access authentication server It is switched fast, to avoid customer service from being affected.
Description of the drawings
Fig. 1 is the method flow schematic diagram that the embodiment of the present invention realizes the switching of access authentication server;
Fig. 2 is the system structure diagram that the embodiment of the present invention realizes the switching of access authentication server.
Specific implementation mode
Below in conjunction with the accompanying drawings and specific implementation mode, detailed description of the present invention technical solution.
The method software runtime environment packet for realizing the switching of access authentication server is detected the present invention is based on access authentication business It includes:
HA modules:It is responsible for initiating network access authentication fault detect, such as multiple fault detect fails, and is responsible for completing active and standby connect Enter the switching of certificate server.
Main access authentication server:Including Portal service modules, AAA (Authentication, Authorization, Accounting certifications, mandate, charging) service module, simulation NAS (network access server) equipment.Wherein Portal is serviced Module is responsible for HTTP push and Portal certifications, and AAA service modules blame RADIUS (Remote Authentication Dial In User Service) certification, it simulates NAS device and is responsible for the conversion of Portal and RADIUS messages.
Backup access authentication server:As the redundancy machine of main access authentication server, when main access authentication server is different Chang Shi takes over the work of main access authentication server.
The embodiment of the present invention realizes the method flow of access authentication server switching as shown in Figure 1, specifically including following step Suddenly:
Step 1, when the Portal services of main access authentication server start, initialization detection environment, including addition simulation NAS device, addition AAA detect account.
Step 2, HA modules send simulation HTTP authentication request packets and service mould to the Portal of main access authentication server Block.
Step 3, the Portal service modules of main access authentication server receive simulation HTTP authentication request packets, if hair The person of sending is HA modules, then simulation HTTP authentication request packets is converted to portal protocol message identifying, while Portal being assisted View message identifying is sent to simulation NAS device;Otherwise, the message identifying is abandoned.
Step 4, after simulation NAS device receives Portal message identifyings, Portal message identifyings are re-packaged into RADIUS authentication message, and the message identifying is sent to the AAA service modules of main access authentication server.
Step 5, the AAA service modules of main access authentication server complete user authentication, and send RADIUS authentication result Message gives simulation NAS device.
Step 6, simulation NAS device receives RADIUS authentication result message, and RADIUS authentication result message is encapsulated as Portal authentication response messages, and the authentication response message is transmitted to the Portal service modules of main access authentication server.
Step 7, the Portal service modules of main service receive the Portal authentication response messages of NAS device transmission, simultaneously The Portal response messages are encapsulated as HTTP authentication response messages and are sent to HA modules.
Step 8, HA modules receive HTTP authentication response messages, if certification passes through, then it is assumed that main access authentication server WLAN access authentication business it is normal.Otherwise, n times step 1~7, if authentication result is still not pass through, HA modules are repeated Active and standby certificate server switching is initiated, backup server takes over the work of main access authentication server.
The embodiment of the present invention realizes that the system structure of access authentication server switching is as described in Figure 2, including two accesses are recognized Server is demonstrate,proved, one is main access authentication server, and another is backup access authentication server.Two mutually redundant accesses Certificate server is identical.The present embodiment is described in detail by taking main access authentication server as an example.The main access authentication Server includes:HA modules, Portal service modules, simulation NAS device and AAA service modules,
The HA modules give Portal service modules for sending simulation HTTP authentication request packets;And it is receiving After the authentication response message that Portal service modules return, judge whether certification passes through, in this way, then it is assumed that main access authentication service The business of device is normal, repeats step A~F;Otherwise active and standby certificate server switching is initiated, backup access authentication server takes over master The work of access authentication server;
The Portal service modules, for receive simulation HTTP authentication request packets after, judge sender whether be HA modules, if so, being sent to simulation after the simulation HTTP authentication request packets are then converted to portal protocol message identifying NAS device;Otherwise, simulation HTTP authentication request packets are abandoned;And it is rung receiving the Portal certifications that simulation NAS device returns After answering message, which is encapsulated as authentication response message and is sent to HA modules;
The simulation NAS device, after receiving the Portal message identifyings that the Portal service modules are sent, by institute It states Portal message identifyings and is re-packaged into RADIUS authentication message, be sent to AAA service modules;And receiving the AAA clothes After the RADIUS authentication result message that module of being engaged in returns, RADIUS authentication result message is encapsulated as Portal authentication response reports Text, and the Portal authentication response messages are transmitted to Portal service modules;
The AAA service modules for completing AAA user authentication, and send RADIUS authentication result message to the mould Quasi- NAS device.
The main access authentication server is connect by its HA module with the HA modules of backup access authentication server, The Portal server of backup access authentication server does not start under normal circumstances.

Claims (7)

1. the method for realizing the switching of access authentication server, which is characterized in that include the following steps:
A, when main access authentication startup of server, start Portal and service and add simulation NAS device, addition AAA detects account; The HA modules of main access authentication server send simulation HTTP authentication request packets and are taken to the Portal of main access authentication server Business module;
B, the Portal service modules receive the simulation HTTP authentication request packets, judge whether sender is HA modules, If so, being sent to simulation NAS device after the simulation HTTP authentication request packets are then converted to portal protocol message identifying; Otherwise, simulation HTTP authentication request packets are abandoned;
C, after simulation NAS device receives the Portal message identifyings, the Portal message identifyings are re-packaged into RADIUS authentication message is sent to the AAA service modules of main access authentication server;
D, the AAA service modules of main access authentication server complete user authentication, and send RADIUS authentication result message to institute State simulation NAS device;
E, the simulation NAS device receives RADIUS authentication result message, and RADIUS authentication result message is encapsulated as Portal authentication response messages, and by the Portal authentication response messages be transmitted to main access server Portal service mould Block;
F, the Portal service modules of main access server receive the Portal authentication response messages that simulation NAS device is sent, together When the Portal authentication response messages be encapsulated as HTTP authentication response messages be sent to HA modules;
G, HA modules judge whether certification passes through, such as after the HTTP authentication response messages for receiving the return of Portal service modules It is, then it is assumed that the business of main access authentication server is normal, repeats step A~F;Otherwise HA modules initiate active and standby certificate server Switching, backup access authentication server take over the work of main access authentication server.
2. according to the method described in claim 1, it is characterized in that, in the step A, HA module timings send simulation HTTP and recognize Demonstrate,prove request message.
3. according to the method described in claim 1, it is characterized in that, in the step G, step A~F is repeated twice, if recognized It is still not pass through to demonstrate,prove result, then HA modules initiate active and standby access authentication server switching, and backup access authentication server is taken over The work of main access authentication server.
4. the system for realizing the switching of access authentication server, which is characterized in that including two access authentication servers, based on one Access authentication server, another is backup access authentication server, and the main access authentication server includes:Initialize installation Module, HA modules, Portal service modules, simulation NAS device and AAA service modules,
The Initialize installation module when being used for main access authentication startup of server, starts Portal and services and add simulation NAS Equipment, addition detection account;
The HA modules give Portal service modules for sending simulation HTTP authentication request packets;And receiving Portal clothes After the HTTP authentication response messages that module of being engaged in returns, judge whether certification passes through, in this way, then it is assumed that main access authentication server Business is normal, repeats step A~F;Otherwise active and standby certificate server switching is initiated, backup access authentication server takes over main access The work of certificate server;
The Portal service modules judge whether sender is HA moulds after receiving simulation HTTP authentication request packets Block is set if so, being then converted to the simulation HTTP authentication request packets and being sent to simulation NAS after portal protocol message identifying It is standby;Otherwise, simulation HTTP authentication request packets are abandoned;And in the Portal authentication response reports for receiving simulation NAS device return The Portal authentication response messages are encapsulated as HTTP authentication response messages and are sent to HA modules by Wen Hou;
The simulation NAS device will be described after receiving the Portal message identifyings that the Portal service modules are sent Portal message identifyings are re-packaged into RADIUS authentication message, are sent to AAA service modules;And receiving the AAA services After the RADIUS authentication result message that module returns, RADIUS authentication result message is encapsulated as Portal authentication response messages, And the Portal authentication response messages are transmitted to Portal service modules;
The AAA service modules for completing AAA user authentication, and send RADIUS authentication result message to the simulation NAS Equipment.
5. system according to claim 4, which is characterized in that the HA modules timing simulation Authentication Client sends simulation HTTP authentication request packets give Portal service modules.
6. system according to claim 4 or 5, which is characterized in that the backup access authentication server includes:HA moulds Block, Portal service modules, simulation NAS device and AAA service modules.
7. system according to claim 6, which is characterized in that the main access authentication server by its HA module, with The HA modules of backup access authentication server connect.
CN201410648746.3A 2014-11-14 2014-11-14 Realize the method and system of access authentication server switching Active CN104410990B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410648746.3A CN104410990B (en) 2014-11-14 2014-11-14 Realize the method and system of access authentication server switching

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410648746.3A CN104410990B (en) 2014-11-14 2014-11-14 Realize the method and system of access authentication server switching

Publications (2)

Publication Number Publication Date
CN104410990A CN104410990A (en) 2015-03-11
CN104410990B true CN104410990B (en) 2018-10-30

Family

ID=52648572

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410648746.3A Active CN104410990B (en) 2014-11-14 2014-11-14 Realize the method and system of access authentication server switching

Country Status (1)

Country Link
CN (1) CN104410990B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106304071B (en) * 2016-08-15 2019-06-18 迈普通信技术股份有限公司 A kind of network access verifying method, access authentication equipment and system
CN106358188B (en) * 2016-08-26 2019-06-14 迈普通信技术股份有限公司 A kind of link switch-over method, apparatus and system
CN107800715B (en) * 2017-11-13 2019-12-10 迈普通信技术股份有限公司 portal authentication method and access equipment
CN110768844A (en) * 2019-10-31 2020-02-07 杭州迪普科技股份有限公司 Authentication server switching method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1494257A (en) * 2002-10-31 2004-05-05 华为技术有限公司 Method of proceeding real time monitoring against identification authorized charging service apparatus
CN103023727A (en) * 2012-12-28 2013-04-03 迈普通信技术股份有限公司 Portal performance testing system and Portal performance testing method
CN103731310A (en) * 2013-12-31 2014-04-16 华为技术有限公司 Message transmitting method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070157308A1 (en) * 2006-01-03 2007-07-05 Bardsley Jeffrey S Fail-safe network authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1494257A (en) * 2002-10-31 2004-05-05 华为技术有限公司 Method of proceeding real time monitoring against identification authorized charging service apparatus
CN103023727A (en) * 2012-12-28 2013-04-03 迈普通信技术股份有限公司 Portal performance testing system and Portal performance testing method
CN103731310A (en) * 2013-12-31 2014-04-16 华为技术有限公司 Message transmitting method and device

Also Published As

Publication number Publication date
CN104410990A (en) 2015-03-11

Similar Documents

Publication Publication Date Title
US10609550B2 (en) Multi-device monitoring and control using intelligent device channel sharing
CN102377814B (en) Remote assistance service method aiming at embedded operation system
CN102395119B (en) Method for supporting permanent online of application client, system and apparatus thereof
CN104410990B (en) Realize the method and system of access authentication server switching
CN103916490B (en) DNS tamper-proof method and device
CN104378382A (en) Multiple client wireless authentication system and authentication method thereof
CN102739684B (en) Portal authentication method based on virtual IP address, and server thereof
CN104767775A (en) Webpage application information push method and webpage application information push system
CN105897652A (en) Standard protocol based heterogeneous terminal dynamic access method
CN103457740A (en) Portal certification system and method
CN104168339A (en) Method and device for preventing domain name from being intercepted
CN103825777A (en) DMZ server switching method and device
CN102685812B (en) Access point (AP) associated terminal control method, device and system
US10355963B2 (en) Heartbeat period setting method, and terminal
CN105430016A (en) Network access authentication method and system
CN104065508A (en) Application service health examination method, device and system
CN105282258A (en) Method and system for controlling remote desktop
CN105490861A (en) System and method of management of network management device
CN102299859A (en) Mutual information forwarding method and device
CN102938715B (en) Based on off-line checking method and the equipment of MAC address authentication
CN103916226A (en) Redundant backup method based on embedded equipment
CN104536853B (en) A kind of device ensureing dual controller storage device resource continuous availability
CN104618148A (en) Firewall device and backup method thereof
CN106304071B (en) A kind of network access verifying method, access authentication equipment and system
CN106332078B (en) dot1x user authentication system, method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 610041, 17 floor, maple building, 1 building, 288 Tianfu street, Chengdu, Sichuan.

Applicant after: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.

Address before: 610041 Maple tower, 16 Hing Hing Road, nine High-tech Zone, Chengdu, Sichuan

Applicant before: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
CB02 Change of applicant information

Address after: 610041 15-24 floor, 1 1 Tianfu street, Chengdu high tech Zone, Sichuan

Applicant after: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.

Address before: 610041, 17 floor, maple building, 1 building, 288 Tianfu street, Chengdu, Sichuan.

Applicant before: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 610041 nine Xing Xing Road 16, hi tech Zone, Sichuan, Chengdu

Patentee after: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.

Address before: 610041 15-24 floor, 1 1 Tianfu street, Chengdu high tech Zone, Sichuan

Patentee before: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.