CN106302400A - The processing method and processing device of access request - Google Patents

The processing method and processing device of access request Download PDF

Info

Publication number
CN106302400A
CN106302400A CN201610616488.XA CN201610616488A CN106302400A CN 106302400 A CN106302400 A CN 106302400A CN 201610616488 A CN201610616488 A CN 201610616488A CN 106302400 A CN106302400 A CN 106302400A
Authority
CN
China
Prior art keywords
address
class information
mac address
forwarding
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610616488.XA
Other languages
Chinese (zh)
Inventor
陈佳泳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruijie Networks Co Ltd
Original Assignee
Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruijie Networks Co Ltd filed Critical Ruijie Networks Co Ltd
Priority to CN201610616488.XA priority Critical patent/CN106302400A/en
Publication of CN106302400A publication Critical patent/CN106302400A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses the processing method and processing device of a kind of access request, the method includes: receiving the access request that terminal sends, described access request carries IP address, MAC Address and network address;Obtain the class information corresponding with described IP address and described MAC Address;Determine the access rule corresponding with described class information;If described network address meets described access rule, then forward described access request.The program can save configuration amount and the maintenance accessing rule, and then promotes the treatment effeciency of access request.

Description

The processing method and processing device of access request
Technical field
The present invention relates to communication technical field, the processing method and processing device of a kind of access request.
Background technology
Along with developing rapidly of network technology, the website of user-accessible gets more and more, and meanwhile, comes for enterprise Say, protecting information safety also attention.Generally, in enterprise, by arranging different department or the access right of different user Limit, reaches the purpose of protecting information safety.
In prior art, Internet protocol (Internet Protocol, the IP) address and the media that are required for terminal are visited Ask that control (Media Access Control, MAC) address configuration accesses rule, namely different for each user setup Access rule, when number of users is huge, access rule configuration amount and maintenance huge, also can affect the place of access request Reason efficiency.
Summary of the invention
The embodiment of the present invention provides the processing method and processing device of a kind of access request, in order to solve present in prior art The configuration amount and the maintenance that access rule are huge, and the problem affecting the treatment effeciency of access request.
According to embodiments of the present invention, it is provided that the processing method of a kind of access request, apply in the network device, described method Including:
Receiving the access request that terminal sends, described access request carries internet protocol address, media interviews control MAC Address and network address;
Obtain the class information corresponding with described IP address and described MAC Address;
Determine the access rule corresponding with described class information;
If described network address meets described access rule, then forward described access request.
Concrete, obtain the class information corresponding with described IP address and described MAC Address, specifically include:
Obtain the forward table pre-build;
Described forward table is searched and includes described IP address and the forwarding-table item of described MAC Address;
Described IP address and the forwarding-table item of described MAC, the then rank included by described forwarding-table item is included if finding Information is as the class information corresponding with described IP address and described MAC Address;Described IP address and institute is included if not finding State the forwarding-table item of MAC Address, then using default level information as the rank letter corresponding with described IP address and described MAC Address Breath.
Optionally, before receiving the access request that terminal sends, also include:
Receiving the certification request that terminal sends, IP address, MAC Address and authentication information are carried in described certification request;
Described certification request is transmitted to certificate server, so that described certificate server is carried out according to described authentication information Obtain authentication result after certification, distribute class information according to described IP address and described MAC Address, and send out to the described network equipment Send and carry described IP address, described MAC Address, described class information and the authentication response of described authentication result;
Receive the authentication response that described certificate server returns;
Described IP address, described MAC Address and described class information are saved in described forwarding as a forwarding-table item In table;And,
Described authentication result is sent to described terminal.
Optionally, before receiving the access request that terminal sends, also include:
Receiving the IP application IP addresses request that terminal sends, MAC Address is carried in the request of described IP application IP addresses;
The request of described IP application IP addresses is transmitted to dynamic host configuration protocol DHCP server, so that described DHCP service Device is according to described MAC Address distribution IP address and class information, and sends to the described network equipment and carry described IP address, described The IP application IP addresses response of MAC Address and described class information;
Receive the IP application IP addresses response that described Dynamic Host Configuration Protocol server returns;
Described IP address, described MAC Address and described class information are saved in described forwarding as a forwarding-table item In table;And,
Described IP address is sent to described terminal.
Concrete, determine the access rule corresponding with described class information, specifically include:
The corresponding relation obtaining the class information pre-build and access rule;
The list item including described class information is searched from described corresponding relation;
If finding the list item including described class information, then obtain the access rule that described list item includes, obtain with The access rule that described class information is corresponding.
According to embodiments of the present invention, also provide for the processing means of a kind of access request, apply in the network device, described dress Put and include:
First receiver module, for receiving the access request that terminal sends, described access request carries Internet protocol IP Address, MAC address and network address;
Acquisition module, for obtaining the class information corresponding with described IP address and described MAC Address;
Determine module, for determining the access rule corresponding with described class information;
First forwarding module, if meeting described access rule for described network address, then forwards described access request.
Concrete, described acquisition module, for obtaining the class information corresponding with described IP address and described MAC Address, Specifically for:
Obtain the forward table pre-build;
Described forward table is searched and includes described IP address and the forwarding-table item of described MAC Address;
Described IP address and the forwarding-table item of described MAC, the then rank included by described forwarding-table item is included if finding Information is as the class information corresponding with described IP address and described MAC Address;Described IP address and institute is included if not finding State the forwarding-table item of MAC Address, then using default level information as the rank letter corresponding with described IP address and described MAC Address Breath.
Optionally, described device also includes:
Second receiver module, for receiving the certification request that terminal sends, IP address, MAC ground are carried in described certification request Location and authentication information;
Second forwarding module, for described certification request is transmitted to certificate server, so that described certificate server root Obtain authentication result after being authenticated according to described authentication information, distribute class information according to described IP address and described MAC Address, And carry recognizing of described IP address, described MAC Address, described class information and described authentication result to the transmission of the described network equipment Card response;
3rd receiver module, for receiving the authentication response that described certificate server returns;
First preserves module, is used for described IP address, described MAC Address and described class information as a forward table Item is saved in described forward table;And,
First sending module, for being sent to described terminal by described authentication result.
Optionally, described device also includes:
4th receiver module, for receiving the IP application IP addresses request that terminal sends, the request of described IP application IP addresses is carried MAC Address;
3rd forwarding module, for being transmitted to dynamic host configuration protocol DHCP service by the request of described IP application IP addresses Device, so that described Dynamic Host Configuration Protocol server is according to described MAC Address distribution IP address and class information, and sends to the described network equipment Carry the IP application IP addresses response of described IP address, described MAC Address and described class information;
5th receiver module, for receiving the IP application IP addresses response that described Dynamic Host Configuration Protocol server returns;
Second preserves module, is used for described IP address, described MAC Address and described class information as a forward table Item is saved in described forward table;And,
Second sending module, for being sent to described terminal by described IP address.
Concrete, described determine module, for determining the access rule corresponding with described class information, specifically for:
The corresponding relation obtaining the class information pre-build and access rule;
The list item including described class information is searched from described corresponding relation;
If finding the list item including described class information, then obtain the access rule that described list item includes, obtain with The access rule that described class information is corresponding.
The present invention has the beneficial effect that:
The embodiment of the present invention provides the processing method and processing device of a kind of access request, and the network equipment receives the visit that terminal sends Ask that IP address, MAC Address and network address are carried in request, described access request;Obtain corresponding with described IP address and described MAC Address Class information;Determine the access rule corresponding with described class information;If described network address meets described access rule, then forward Described access request.In the program, it is pre-configured with the class information corresponding with IP address and MAC Address, please receiving access After asking, obtain the access rule corresponding with this class information, and determine whether whether the network address carried in access request meets This access rule, the quantity of usual class information to be lacked a lot compared with number of users, therefore, the access corresponding with class information Rule is also few a lot, relative to IP address and the mode of MAC Address configuration access rule for terminal in prior art, permissible Save configuration amount and the maintenance accessing rule, and then promote the treatment effeciency of access request.
Accompanying drawing explanation
Fig. 1 is the flow chart of the processing method of access request in the embodiment of the present invention;
Fig. 2 is the flow chart of the first method setting up forwarding-table item in the embodiment of the present invention;
Fig. 3 is the flow chart of the method that the second sets up forwarding-table item in the embodiment of the present invention;
Fig. 4 is the structural representation of the processing means of access request in the embodiment of the present invention.
Detailed description of the invention
Huge for the configuration amount and maintenance accessing rule present in prior art, and affect the place of access request The problem of reason efficiency, the embodiment of the present invention provides the processing method of a kind of access request, and the method can be applied at the network equipment In, the flow process of the method is as it is shown in figure 1, execution step is as follows:
S11: receive the access request that terminal sends.
When user needs to access some websites, access request, this access request carried terminal can be sent by terminal IP address, the MAC Address of terminal and the network address of website to be visited.The network equipment can be firstly received this access request.
S12: obtain the class information corresponding with IP address and MAC Address.
In enterprise, different users may have different access rights, specifically can believe by arranging different ranks Breath realizes, and first the network equipment, after receiving access request, can obtain the rank letter corresponding with IP address and MAC Address Breath.
Wherein, class information can be set according to actual needs, for example, it is possible to be set as 1 grade, 2 grades, 3 grades etc., A level, B level, C level etc. can also be set as.
S13: determine the access rule corresponding with class information.
The access rule corresponding with each class information can be preset, corresponding with IP address and MAC Address obtaining Class information after, determine corresponding with this class information access rule.
Wherein, access rule can be set according to actual needs, for example, it is possible to be set as whether can accessing outer net Etc..
S14: if network address meets access rule, then forward access request.
Owing to the network equipment is arranged between terminal and the server of website, if the network address carried in access request meets visit Ask rule, then the network equipment forwards this access request to the server of website;If the network address carried in access request does not meets visit Ask rule, then the network equipment sends to terminal and accesses limited information, points out user.
In the program, it is pre-configured with the class information corresponding with IP address and MAC Address, after receiving access request, Obtain the access rule corresponding with this class information, and determine whether whether the network address carried in access request meets this access Rule, the quantity of usual class information to lack much compared with number of users, and therefore, the access rule corresponding with class information is also Few a lot, relative to IP address and the mode of MAC Address configuration access rule for terminal in prior art, visit can be saved Ask configuration amount and the maintenance of rule, and then promote the treatment effeciency of access request.Especially use hardware core when the network equipment When the storage of sheet resource accesses rule, hardware chip resource is the most limited, it is impossible to configures too many access rule, uses the present invention real The method executing example also can be prevented effectively from the restriction that hardware chip resource causes.
Each step being described in detail below in the processing method of above-mentioned access request.
Concrete, in above-mentioned S12 obtain the class information corresponding with IP address and MAC Address realize process, specifically Including: obtain the forward table pre-build;The forwarding-table item including IP address and MAC Address is searched in forward table;If searching To including the forwarding-table item of IP address and MAC, then class information forwarding-table item included as with IP address and MAC Address pair The class information answered;If not finding the forwarding-table item including IP address and MAC Address, then using default level information as with IP The class information that address is corresponding with MAC Address.
Forward table can be pre-build, each forwarding-table item of this forward table preserves IP address, MAC Address and rank Information, after receiving access request, can search, in this forward table, IP address and the MAC Address including carrying in access request Forwarding-table item, if finding, the class information that this forwarding-table item includes is exactly the class information of needs;If not finding, can To pre-set default level information, using this default level information as with the IP address carried in access request and MAC Address Corresponding class information.The class information corresponding with IP address and MAC Address can be obtained by said process.
Concrete, the above-mentioned process setting up forwarding-table item can have multiple implementation, two ways is set forth below and carries out Illustrate, complete before the access request that the process setting up forwarding-table item needs the reception terminal in S11 to send.
First kind of way, realizes by certificate server, as in figure 2 it is shown, specifically include following steps:
S21: receive the certification request that terminal sends.
If user needs to access website by certification, now it is accomplished by certificate server and is authenticated, can pass through Terminal sends certification request, and owing to the network equipment is arranged between terminal and certificate server, the network equipment can be firstly received The certification request that terminal sends.
Wherein, IP address, MAC Address and authentication information are carried in certification request, and authentication information can include user name, password Etc..
S22: certification request is transmitted to certificate server, so that certificate server obtains after being authenticated according to authentication information To authentication result, distribute class information according to IP address and MAC Address, and carry IP address, MAC ground to network equipment transmission The authentication response of location, class information and authentication result.
Certification request is transmitted to certificate server by the network equipment, certificate server be authenticated.
After certificate server receives certification request, can be authenticated according to authentication information, and according to IP address and MAC Address distribution class information, then carries IP address, MAC Address, class information and authentication result and sends in authentication response The authentication response that certificate server returns is received to the network equipment network equipment.
Concrete, class information can be carried and be sent in the privately owned attribute of authentication response by certificate server;Certification takes Business device can be according to the class information distribution class information corresponding with IP address and MAC Address set in advance, it is also possible to according to Authentication result distribution class information.
S23: receive the authentication response that certificate server returns.
S24: IP address, MAC Address and class information are saved in forward table as a forwarding-table item.
S25: authentication result is sent to terminal.
Wherein, S24 and S25 does not has strict priority execution sequence, and execution sequence can be set as required.
The second way, needs by DHCP (Dynamic Host Configuration Protocol, DHCP) server realization, as it is shown on figure 3, specifically include following steps:
S31: receive the IP application IP addresses request that terminal sends.
If terminal does not also have IP address, then need to Dynamic Host Configuration Protocol server application IP address, at this time, it may be necessary to send IP address Application request, and carry MAC Address in the request of IP application IP addresses.
S32: the request of IP application IP addresses is transmitted to Dynamic Host Configuration Protocol server, so that Dynamic Host Configuration Protocol server distributes IP according to MAC Address Address and class information, and the IP application IP addresses response carrying IP address, MAC Address and class information is sent to the network equipment.
The request of IP application IP addresses is transmitted to Dynamic Host Configuration Protocol server by the network equipment, Dynamic Host Configuration Protocol server process.
After Dynamic Host Configuration Protocol server receives the request of IP application IP addresses, IP address and class information can be distributed according to MAC Address, Then IP address, MAC Address and class information being carried and be sent to the network equipment in IP application IP addresses respond, the network equipment connects Receive the IP application IP addresses response that Dynamic Host Configuration Protocol server returns.
Concrete, class information can be carried option (option) information in the response of IP application IP addresses by Dynamic Host Configuration Protocol server Middle transmission;Dynamic Host Configuration Protocol server can be, but not limited to according to the class information distribution rank letter corresponding with MAC Address set in advance Breath.
S33: receive the IP application IP addresses response that Dynamic Host Configuration Protocol server returns.
S34: IP address, MAC Address and class information are saved in forward table as a forwarding-table item.
S35: IP address is sent to terminal.
Wherein, S34 and S35 does not has strict priority execution sequence, and execution sequence can be set as required.
Concrete, what determination in above-mentioned S13 was corresponding with class information access regular realizes process, specifically includes: obtain The corresponding relation taking the class information pre-build and access rule;The list item including class information is searched from corresponding relation; If finding the list item including class information, then obtain the access rule that list item includes, obtain the visit corresponding with class information Ask rule.
The corresponding relation that can pre-build class information and access rule, corresponding preservation in the list item of this corresponding relation The access rule that each class information is corresponding.Receive access request if follow-up, can obtain according to class information and access rule, And then determine whether user has permission this network address of access.
Based on same inventive concept, the embodiment of the present invention provides the processing means of a kind of access request, applies and set at network In Bei, the structure of this device as shown in Figure 4, including:
First receiver module 41, for receiving the access request that terminal sends, access request carries Internet protocol IP ground Location, MAC address and network address;
Acquisition module 42, for obtaining the class information corresponding with IP address and MAC Address;
Determine module 43, for determining the access rule corresponding with class information;
First forwarding module 44, if meeting access rule for network address, then forwards access request.
In the program, it is pre-configured with the class information corresponding with IP address and MAC Address, after receiving access request, Obtain the access rule corresponding with this class information, and determine whether whether the network address carried in access request meets this access Rule, the quantity of usual class information to lack much compared with number of users, and therefore, the access rule corresponding with class information is also Few a lot, relative to IP address and the mode of MAC Address configuration access rule for terminal in prior art, visit can be saved Ask configuration amount and the maintenance of rule, and then promote the treatment effeciency of access request.
Concrete, acquisition module 42, for obtaining the class information corresponding with IP address and MAC Address, specifically for:
Obtain the forward table pre-build;
The forwarding-table item including IP address and MAC Address is searched in forward table;
If finding the forwarding-table item including IP address and MAC, then class information forwarding-table item included as with IP The class information that address is corresponding with MAC Address;If not finding the forwarding-table item including IP address and MAC Address, then will acquiescence Class information is as the class information corresponding with IP address and MAC Address.
Optionally, device also includes:
Second receiver module, for receive terminal send certification request, certification request carry IP address, MAC Address and Authentication information;
Second forwarding module, for being transmitted to certificate server by certification request, so that certificate server is believed according to certification Breath obtains authentication result after being authenticated, and distributes class information according to IP address and MAC Address, and carries to network equipment transmission The authentication response of IP address, MAC Address, class information and authentication result;
3rd receiver module, for receiving the authentication response that certificate server returns;
First preserves module, for IP address, MAC Address and class information are saved in forwarding as a forwarding-table item In table;And,
First sending module, for being sent to terminal by authentication result.
Optionally, device also includes:
4th receiver module, for receiving the IP application IP addresses request that terminal sends, MAC ground is carried in the request of IP application IP addresses Location;
3rd forwarding module, for by IP application IP addresses request be transmitted to Dynamic Host Configuration Protocol server so that Dynamic Host Configuration Protocol server according to MAC Address distribution IP address and class information, and the IP carrying IP address, MAC Address and class information is sent to the network equipment Application IP addresses respond;
5th receiver module, for receiving the IP application IP addresses response that Dynamic Host Configuration Protocol server returns;
Second preserves module, for IP address, MAC Address and class information are saved in forwarding as a forwarding-table item In table;And,
Second sending module, for being sent to terminal by IP address.
Concrete, determine module 43, for determining the access rule corresponding with class information, specifically for:
The corresponding relation obtaining the class information pre-build and access rule;
The list item including class information is searched from corresponding relation;
If finding the list item including class information, then obtain the access rule that list item includes, obtain and class information Corresponding access rule.
The present invention is with reference to method, equipment (system) and the flow process of computer program according to embodiments of the present invention Figure and/or block diagram describe.It should be understood that can the most first-class by computer program instructions flowchart and/or block diagram Flow process in journey and/or square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided Instruction arrives the processor of general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce A raw machine so that the instruction performed by the processor of computer or other programmable data processing device is produced for real The device of the function specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame now.
These computer program instructions may be alternatively stored in and computer or other programmable data processing device can be guided with spy Determine in the computer-readable memory that mode works so that the instruction being stored in this computer-readable memory produces and includes referring to Make the manufacture of device, this command device realize at one flow process of flow chart or multiple flow process and/or one square frame of block diagram or The function specified in multiple square frames.
These computer program instructions also can be loaded in computer or other programmable data processing device so that at meter Perform sequence of operations step on calculation machine or other programmable devices to produce computer implemented process, thus at computer or The instruction performed on other programmable devices provides for realizing at one flow process of flow chart or multiple flow process and/or block diagram one The step of the function specified in individual square frame or multiple square frame.
Although having been described for the alternative embodiment of the present invention, but those skilled in the art once know basic creation Property concept, then can make other change and amendment to these embodiments.So, claims are intended to be construed to include can Select embodiment and fall into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification without deviating from this to the embodiment of the present invention The spirit and scope of bright embodiment.So, if these amendments of the embodiment of the present invention and modification belong to the claims in the present invention And within the scope of equivalent technologies, then the present invention is also intended to comprise these change and modification.

Claims (10)

1. a processing method for access request, application is in the network device, it is characterised in that described method includes:
Receiving the access request that terminal sends, described access request carries internet protocol address, media interviews control MAC ground Location and network address;
Obtain the class information corresponding with described IP address and described MAC Address;
Determine the access rule corresponding with described class information;
If described network address meets described access rule, then forward described access request.
2. the method for claim 1, it is characterised in that obtain the level corresponding with described IP address and described MAC Address Other information, specifically includes:
Obtain the forward table pre-build;
Described forward table is searched and includes described IP address and the forwarding-table item of described MAC Address;
Described IP address and the forwarding-table item of described MAC, the then class information included by described forwarding-table item is included if finding As the class information corresponding with described IP address and described MAC Address;Described IP address and described MAC is included if not finding The forwarding-table item of address, then using default level information as the class information corresponding with described IP address and described MAC Address.
3. method as claimed in claim 2, it is characterised in that before receiving the access request that terminal sends, also include:
Receiving the certification request that terminal sends, IP address, MAC Address and authentication information are carried in described certification request;
Described certification request is transmitted to certificate server, so that described certificate server is authenticated according to described authentication information After obtain authentication result, distribute class information according to described IP address and described MAC Address, and send to the described network equipment and take With described IP address, described MAC Address, described class information and the authentication response of described authentication result;
Receive the authentication response that described certificate server returns;
Described IP address, described MAC Address and described class information are saved in described forward table as a forwarding-table item; And,
Described authentication result is sent to described terminal.
4. method as claimed in claim 2, it is characterised in that before receiving the access request that terminal sends, also include:
Receiving the IP application IP addresses request that terminal sends, MAC Address is carried in the request of described IP application IP addresses;
The request of described IP application IP addresses is transmitted to dynamic host configuration protocol DHCP server, so that described Dynamic Host Configuration Protocol server root According to described MAC Address distribution IP address and class information, and carry described IP address, described MAC to the transmission of the described network equipment The IP application IP addresses response of address and described class information;
Receive the IP application IP addresses response that described Dynamic Host Configuration Protocol server returns;
Described IP address, described MAC Address and described class information are saved in described forward table as a forwarding-table item; And,
Described IP address is sent to described terminal.
5. the method as described in claim 1-4 is arbitrary, it is characterised in that determine the access rule corresponding with described class information Then, specifically include:
The corresponding relation obtaining the class information pre-build and access rule;
The list item including described class information is searched from described corresponding relation;
If finding the list item including described class information, then obtain the access rule that described list item includes, obtain with described The access rule that class information is corresponding.
6. a processing means for access request, application is in the network device, it is characterised in that described device includes:
First receiver module, for receive terminal send access request, described access request carry internet protocol address, MAC address and network address;
Acquisition module, for obtaining the class information corresponding with described IP address and described MAC Address;
Determine module, for determining the access rule corresponding with described class information;
First forwarding module, if meeting described access rule for described network address, then forwards described access request.
7. device as claimed in claim 6, it is characterised in that described acquisition module, for obtaining and described IP address and institute State the class information that MAC Address is corresponding, specifically for:
Obtain the forward table pre-build;
Described forward table is searched and includes described IP address and the forwarding-table item of described MAC Address;
Described IP address and the forwarding-table item of described MAC, the then class information included by described forwarding-table item is included if finding As the class information corresponding with described IP address and described MAC Address;Described IP address and described MAC is included if not finding The forwarding-table item of address, then using default level information as the class information corresponding with described IP address and described MAC Address.
8. device as claimed in claim 7, it is characterised in that described device also includes:
Second receiver module, for receive terminal send certification request, described certification request carry IP address, MAC Address and Authentication information;
Second forwarding module, for being transmitted to certificate server, so that described certificate server is according to institute by described certification request State after authentication information is authenticated and obtain authentication result, according to described IP address and described MAC Address distribution class information, and to The described network equipment sends the certification sound carrying described IP address, described MAC Address, described class information and described authentication result Should;
3rd receiver module, for receiving the authentication response that described certificate server returns;
First preserves module, for described IP address, described MAC Address and described class information being protected as a forwarding-table item Exist in described forward table;And,
First sending module, for being sent to described terminal by described authentication result.
9. device as claimed in claim 7, it is characterised in that described device also includes:
4th receiver module, for receiving the IP application IP addresses request that terminal sends, MAC ground is carried in the request of described IP application IP addresses Location;
3rd forwarding module, for the request of described IP application IP addresses is transmitted to dynamic host configuration protocol DHCP server, with Make described Dynamic Host Configuration Protocol server distribute IP address and class information according to described MAC Address, and carry to the transmission of the described network equipment The IP application IP addresses response of described IP address, described MAC Address and described class information;
5th receiver module, for receiving the IP application IP addresses response that described Dynamic Host Configuration Protocol server returns;
Second preserves module, for described IP address, described MAC Address and described class information being protected as a forwarding-table item Exist in described forward table;And,
Second sending module, for being sent to described terminal by described IP address.
10. the device as described in claim 6-9 is arbitrary, it is characterised in that described determine module, is used for determining and described rank The access rule that information is corresponding, specifically for:
The corresponding relation obtaining the class information pre-build and access rule;
The list item including described class information is searched from described corresponding relation;
If finding the list item including described class information, then obtain the access rule that described list item includes, obtain with described The access rule that class information is corresponding.
CN201610616488.XA 2016-07-29 2016-07-29 The processing method and processing device of access request Pending CN106302400A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610616488.XA CN106302400A (en) 2016-07-29 2016-07-29 The processing method and processing device of access request

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610616488.XA CN106302400A (en) 2016-07-29 2016-07-29 The processing method and processing device of access request

Publications (1)

Publication Number Publication Date
CN106302400A true CN106302400A (en) 2017-01-04

Family

ID=57663515

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610616488.XA Pending CN106302400A (en) 2016-07-29 2016-07-29 The processing method and processing device of access request

Country Status (1)

Country Link
CN (1) CN106302400A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107426182A (en) * 2017-06-21 2017-12-01 郑州云海信息技术有限公司 The access control method and system of a kind of storage management system
CN107920068A (en) * 2017-11-14 2018-04-17 北京思特奇信息技术股份有限公司 A kind of authentication method and system
CN108347333A (en) * 2017-01-22 2018-07-31 深圳市优朋普乐传媒发展有限公司 A kind of identity identifying method of terminal, device
CN109861982A (en) * 2018-12-29 2019-06-07 北京奇安信科技有限公司 A kind of implementation method and device of authentication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101056178A (en) * 2007-05-28 2007-10-17 中兴通讯股份有限公司 A method and system for controlling the user network access right
CN101917398A (en) * 2010-06-28 2010-12-15 北京星网锐捷网络技术有限公司 Method and equipment for controlling client access authority
CN102055645A (en) * 2009-11-11 2011-05-11 上海贝尔股份有限公司 Method and device for automatically classifying IP service data streams in access network
CN102437946A (en) * 2010-09-29 2012-05-02 杭州华三通信技术有限公司 Access control method, network access server (NAS) equipment and authentication server
CN103188231A (en) * 2011-12-30 2013-07-03 北京锐安科技有限公司 Multi-core printed circuit board access control list (ACL) rule matching method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101056178A (en) * 2007-05-28 2007-10-17 中兴通讯股份有限公司 A method and system for controlling the user network access right
CN102055645A (en) * 2009-11-11 2011-05-11 上海贝尔股份有限公司 Method and device for automatically classifying IP service data streams in access network
CN101917398A (en) * 2010-06-28 2010-12-15 北京星网锐捷网络技术有限公司 Method and equipment for controlling client access authority
CN102437946A (en) * 2010-09-29 2012-05-02 杭州华三通信技术有限公司 Access control method, network access server (NAS) equipment and authentication server
CN103188231A (en) * 2011-12-30 2013-07-03 北京锐安科技有限公司 Multi-core printed circuit board access control list (ACL) rule matching method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108347333A (en) * 2017-01-22 2018-07-31 深圳市优朋普乐传媒发展有限公司 A kind of identity identifying method of terminal, device
CN107426182A (en) * 2017-06-21 2017-12-01 郑州云海信息技术有限公司 The access control method and system of a kind of storage management system
CN107426182B (en) * 2017-06-21 2020-05-29 郑州云海信息技术有限公司 Access control method and system for storage management system
CN107920068A (en) * 2017-11-14 2018-04-17 北京思特奇信息技术股份有限公司 A kind of authentication method and system
CN109861982A (en) * 2018-12-29 2019-06-07 北京奇安信科技有限公司 A kind of implementation method and device of authentication

Similar Documents

Publication Publication Date Title
CN104378342B (en) Many accounts verification method, Apparatus and system
WO2017024842A1 (en) Internet access authentication method, client, computer storage medium
CN106851632A (en) A kind of smart machine accesses the method and device of WLAN
CN101764808B (en) Authentication processing method and system for automatic login as well as server
CN103746983A (en) Access authentication method and authentication server
CN103384237A (en) Method for sharing IaaS cloud account, shared platform and network device
CN104809369B (en) Packet sets method, client, server and the system of equipment access rights
CN113347206A (en) Network access method and device
CN106411878B (en) Method, device and system for making access control strategy
CN105516055B (en) Data access method, access device, target device and management server
CN106302400A (en) The processing method and processing device of access request
US20140019957A1 (en) Method, apparatus, and system for sharing software among terminals
CN106453349B (en) Account login method and device
CN109302397B (en) Network security management method, platform and computer readable storage medium
CN106254328B (en) A kind of access control method and device
CN105306485A (en) Network access authentication methods, authentication server and authentication system
CN107682372A (en) User profile for Portal escapes obtains and authentication method, device and access device
CN109726545B (en) Information display method, equipment, computer readable storage medium and device
CN104618388A (en) Quick registration and login method and corresponding reset server and information server
CN104796383A (en) Method and device for preventing terminal information from being tempered
CN106295271A (en) Account automatic logging method, device and related system
CN113489689B (en) Authentication method and device for access request, storage medium and electronic equipment
CN104869142A (en) Link sharing method based on social platform, system and device
CN104639421A (en) Instant communication information processing method and instant communication information processing system based on intelligent television
CN105357239A (en) Method and device for providing service, and method and device for acquiring service

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170104

RJ01 Rejection of invention patent application after publication