CN106302400A - The processing method and processing device of access request - Google Patents
The processing method and processing device of access request Download PDFInfo
- Publication number
- CN106302400A CN106302400A CN201610616488.XA CN201610616488A CN106302400A CN 106302400 A CN106302400 A CN 106302400A CN 201610616488 A CN201610616488 A CN 201610616488A CN 106302400 A CN106302400 A CN 106302400A
- Authority
- CN
- China
- Prior art keywords
- address
- class information
- mac address
- forwarding
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses the processing method and processing device of a kind of access request, the method includes: receiving the access request that terminal sends, described access request carries IP address, MAC Address and network address;Obtain the class information corresponding with described IP address and described MAC Address;Determine the access rule corresponding with described class information;If described network address meets described access rule, then forward described access request.The program can save configuration amount and the maintenance accessing rule, and then promotes the treatment effeciency of access request.
Description
Technical field
The present invention relates to communication technical field, the processing method and processing device of a kind of access request.
Background technology
Along with developing rapidly of network technology, the website of user-accessible gets more and more, and meanwhile, comes for enterprise
Say, protecting information safety also attention.Generally, in enterprise, by arranging different department or the access right of different user
Limit, reaches the purpose of protecting information safety.
In prior art, Internet protocol (Internet Protocol, the IP) address and the media that are required for terminal are visited
Ask that control (Media Access Control, MAC) address configuration accesses rule, namely different for each user setup
Access rule, when number of users is huge, access rule configuration amount and maintenance huge, also can affect the place of access request
Reason efficiency.
Summary of the invention
The embodiment of the present invention provides the processing method and processing device of a kind of access request, in order to solve present in prior art
The configuration amount and the maintenance that access rule are huge, and the problem affecting the treatment effeciency of access request.
According to embodiments of the present invention, it is provided that the processing method of a kind of access request, apply in the network device, described method
Including:
Receiving the access request that terminal sends, described access request carries internet protocol address, media interviews control
MAC Address and network address;
Obtain the class information corresponding with described IP address and described MAC Address;
Determine the access rule corresponding with described class information;
If described network address meets described access rule, then forward described access request.
Concrete, obtain the class information corresponding with described IP address and described MAC Address, specifically include:
Obtain the forward table pre-build;
Described forward table is searched and includes described IP address and the forwarding-table item of described MAC Address;
Described IP address and the forwarding-table item of described MAC, the then rank included by described forwarding-table item is included if finding
Information is as the class information corresponding with described IP address and described MAC Address;Described IP address and institute is included if not finding
State the forwarding-table item of MAC Address, then using default level information as the rank letter corresponding with described IP address and described MAC Address
Breath.
Optionally, before receiving the access request that terminal sends, also include:
Receiving the certification request that terminal sends, IP address, MAC Address and authentication information are carried in described certification request;
Described certification request is transmitted to certificate server, so that described certificate server is carried out according to described authentication information
Obtain authentication result after certification, distribute class information according to described IP address and described MAC Address, and send out to the described network equipment
Send and carry described IP address, described MAC Address, described class information and the authentication response of described authentication result;
Receive the authentication response that described certificate server returns;
Described IP address, described MAC Address and described class information are saved in described forwarding as a forwarding-table item
In table;And,
Described authentication result is sent to described terminal.
Optionally, before receiving the access request that terminal sends, also include:
Receiving the IP application IP addresses request that terminal sends, MAC Address is carried in the request of described IP application IP addresses;
The request of described IP application IP addresses is transmitted to dynamic host configuration protocol DHCP server, so that described DHCP service
Device is according to described MAC Address distribution IP address and class information, and sends to the described network equipment and carry described IP address, described
The IP application IP addresses response of MAC Address and described class information;
Receive the IP application IP addresses response that described Dynamic Host Configuration Protocol server returns;
Described IP address, described MAC Address and described class information are saved in described forwarding as a forwarding-table item
In table;And,
Described IP address is sent to described terminal.
Concrete, determine the access rule corresponding with described class information, specifically include:
The corresponding relation obtaining the class information pre-build and access rule;
The list item including described class information is searched from described corresponding relation;
If finding the list item including described class information, then obtain the access rule that described list item includes, obtain with
The access rule that described class information is corresponding.
According to embodiments of the present invention, also provide for the processing means of a kind of access request, apply in the network device, described dress
Put and include:
First receiver module, for receiving the access request that terminal sends, described access request carries Internet protocol IP
Address, MAC address and network address;
Acquisition module, for obtaining the class information corresponding with described IP address and described MAC Address;
Determine module, for determining the access rule corresponding with described class information;
First forwarding module, if meeting described access rule for described network address, then forwards described access request.
Concrete, described acquisition module, for obtaining the class information corresponding with described IP address and described MAC Address,
Specifically for:
Obtain the forward table pre-build;
Described forward table is searched and includes described IP address and the forwarding-table item of described MAC Address;
Described IP address and the forwarding-table item of described MAC, the then rank included by described forwarding-table item is included if finding
Information is as the class information corresponding with described IP address and described MAC Address;Described IP address and institute is included if not finding
State the forwarding-table item of MAC Address, then using default level information as the rank letter corresponding with described IP address and described MAC Address
Breath.
Optionally, described device also includes:
Second receiver module, for receiving the certification request that terminal sends, IP address, MAC ground are carried in described certification request
Location and authentication information;
Second forwarding module, for described certification request is transmitted to certificate server, so that described certificate server root
Obtain authentication result after being authenticated according to described authentication information, distribute class information according to described IP address and described MAC Address,
And carry recognizing of described IP address, described MAC Address, described class information and described authentication result to the transmission of the described network equipment
Card response;
3rd receiver module, for receiving the authentication response that described certificate server returns;
First preserves module, is used for described IP address, described MAC Address and described class information as a forward table
Item is saved in described forward table;And,
First sending module, for being sent to described terminal by described authentication result.
Optionally, described device also includes:
4th receiver module, for receiving the IP application IP addresses request that terminal sends, the request of described IP application IP addresses is carried
MAC Address;
3rd forwarding module, for being transmitted to dynamic host configuration protocol DHCP service by the request of described IP application IP addresses
Device, so that described Dynamic Host Configuration Protocol server is according to described MAC Address distribution IP address and class information, and sends to the described network equipment
Carry the IP application IP addresses response of described IP address, described MAC Address and described class information;
5th receiver module, for receiving the IP application IP addresses response that described Dynamic Host Configuration Protocol server returns;
Second preserves module, is used for described IP address, described MAC Address and described class information as a forward table
Item is saved in described forward table;And,
Second sending module, for being sent to described terminal by described IP address.
Concrete, described determine module, for determining the access rule corresponding with described class information, specifically for:
The corresponding relation obtaining the class information pre-build and access rule;
The list item including described class information is searched from described corresponding relation;
If finding the list item including described class information, then obtain the access rule that described list item includes, obtain with
The access rule that described class information is corresponding.
The present invention has the beneficial effect that:
The embodiment of the present invention provides the processing method and processing device of a kind of access request, and the network equipment receives the visit that terminal sends
Ask that IP address, MAC Address and network address are carried in request, described access request;Obtain corresponding with described IP address and described MAC Address
Class information;Determine the access rule corresponding with described class information;If described network address meets described access rule, then forward
Described access request.In the program, it is pre-configured with the class information corresponding with IP address and MAC Address, please receiving access
After asking, obtain the access rule corresponding with this class information, and determine whether whether the network address carried in access request meets
This access rule, the quantity of usual class information to be lacked a lot compared with number of users, therefore, the access corresponding with class information
Rule is also few a lot, relative to IP address and the mode of MAC Address configuration access rule for terminal in prior art, permissible
Save configuration amount and the maintenance accessing rule, and then promote the treatment effeciency of access request.
Accompanying drawing explanation
Fig. 1 is the flow chart of the processing method of access request in the embodiment of the present invention;
Fig. 2 is the flow chart of the first method setting up forwarding-table item in the embodiment of the present invention;
Fig. 3 is the flow chart of the method that the second sets up forwarding-table item in the embodiment of the present invention;
Fig. 4 is the structural representation of the processing means of access request in the embodiment of the present invention.
Detailed description of the invention
Huge for the configuration amount and maintenance accessing rule present in prior art, and affect the place of access request
The problem of reason efficiency, the embodiment of the present invention provides the processing method of a kind of access request, and the method can be applied at the network equipment
In, the flow process of the method is as it is shown in figure 1, execution step is as follows:
S11: receive the access request that terminal sends.
When user needs to access some websites, access request, this access request carried terminal can be sent by terminal
IP address, the MAC Address of terminal and the network address of website to be visited.The network equipment can be firstly received this access request.
S12: obtain the class information corresponding with IP address and MAC Address.
In enterprise, different users may have different access rights, specifically can believe by arranging different ranks
Breath realizes, and first the network equipment, after receiving access request, can obtain the rank letter corresponding with IP address and MAC Address
Breath.
Wherein, class information can be set according to actual needs, for example, it is possible to be set as 1 grade, 2 grades, 3 grades etc.,
A level, B level, C level etc. can also be set as.
S13: determine the access rule corresponding with class information.
The access rule corresponding with each class information can be preset, corresponding with IP address and MAC Address obtaining
Class information after, determine corresponding with this class information access rule.
Wherein, access rule can be set according to actual needs, for example, it is possible to be set as whether can accessing outer net
Etc..
S14: if network address meets access rule, then forward access request.
Owing to the network equipment is arranged between terminal and the server of website, if the network address carried in access request meets visit
Ask rule, then the network equipment forwards this access request to the server of website;If the network address carried in access request does not meets visit
Ask rule, then the network equipment sends to terminal and accesses limited information, points out user.
In the program, it is pre-configured with the class information corresponding with IP address and MAC Address, after receiving access request,
Obtain the access rule corresponding with this class information, and determine whether whether the network address carried in access request meets this access
Rule, the quantity of usual class information to lack much compared with number of users, and therefore, the access rule corresponding with class information is also
Few a lot, relative to IP address and the mode of MAC Address configuration access rule for terminal in prior art, visit can be saved
Ask configuration amount and the maintenance of rule, and then promote the treatment effeciency of access request.Especially use hardware core when the network equipment
When the storage of sheet resource accesses rule, hardware chip resource is the most limited, it is impossible to configures too many access rule, uses the present invention real
The method executing example also can be prevented effectively from the restriction that hardware chip resource causes.
Each step being described in detail below in the processing method of above-mentioned access request.
Concrete, in above-mentioned S12 obtain the class information corresponding with IP address and MAC Address realize process, specifically
Including: obtain the forward table pre-build;The forwarding-table item including IP address and MAC Address is searched in forward table;If searching
To including the forwarding-table item of IP address and MAC, then class information forwarding-table item included as with IP address and MAC Address pair
The class information answered;If not finding the forwarding-table item including IP address and MAC Address, then using default level information as with IP
The class information that address is corresponding with MAC Address.
Forward table can be pre-build, each forwarding-table item of this forward table preserves IP address, MAC Address and rank
Information, after receiving access request, can search, in this forward table, IP address and the MAC Address including carrying in access request
Forwarding-table item, if finding, the class information that this forwarding-table item includes is exactly the class information of needs;If not finding, can
To pre-set default level information, using this default level information as with the IP address carried in access request and MAC Address
Corresponding class information.The class information corresponding with IP address and MAC Address can be obtained by said process.
Concrete, the above-mentioned process setting up forwarding-table item can have multiple implementation, two ways is set forth below and carries out
Illustrate, complete before the access request that the process setting up forwarding-table item needs the reception terminal in S11 to send.
First kind of way, realizes by certificate server, as in figure 2 it is shown, specifically include following steps:
S21: receive the certification request that terminal sends.
If user needs to access website by certification, now it is accomplished by certificate server and is authenticated, can pass through
Terminal sends certification request, and owing to the network equipment is arranged between terminal and certificate server, the network equipment can be firstly received
The certification request that terminal sends.
Wherein, IP address, MAC Address and authentication information are carried in certification request, and authentication information can include user name, password
Etc..
S22: certification request is transmitted to certificate server, so that certificate server obtains after being authenticated according to authentication information
To authentication result, distribute class information according to IP address and MAC Address, and carry IP address, MAC ground to network equipment transmission
The authentication response of location, class information and authentication result.
Certification request is transmitted to certificate server by the network equipment, certificate server be authenticated.
After certificate server receives certification request, can be authenticated according to authentication information, and according to IP address and MAC
Address distribution class information, then carries IP address, MAC Address, class information and authentication result and sends in authentication response
The authentication response that certificate server returns is received to the network equipment network equipment.
Concrete, class information can be carried and be sent in the privately owned attribute of authentication response by certificate server;Certification takes
Business device can be according to the class information distribution class information corresponding with IP address and MAC Address set in advance, it is also possible to according to
Authentication result distribution class information.
S23: receive the authentication response that certificate server returns.
S24: IP address, MAC Address and class information are saved in forward table as a forwarding-table item.
S25: authentication result is sent to terminal.
Wherein, S24 and S25 does not has strict priority execution sequence, and execution sequence can be set as required.
The second way, needs by DHCP (Dynamic Host Configuration
Protocol, DHCP) server realization, as it is shown on figure 3, specifically include following steps:
S31: receive the IP application IP addresses request that terminal sends.
If terminal does not also have IP address, then need to Dynamic Host Configuration Protocol server application IP address, at this time, it may be necessary to send IP address
Application request, and carry MAC Address in the request of IP application IP addresses.
S32: the request of IP application IP addresses is transmitted to Dynamic Host Configuration Protocol server, so that Dynamic Host Configuration Protocol server distributes IP according to MAC Address
Address and class information, and the IP application IP addresses response carrying IP address, MAC Address and class information is sent to the network equipment.
The request of IP application IP addresses is transmitted to Dynamic Host Configuration Protocol server by the network equipment, Dynamic Host Configuration Protocol server process.
After Dynamic Host Configuration Protocol server receives the request of IP application IP addresses, IP address and class information can be distributed according to MAC Address,
Then IP address, MAC Address and class information being carried and be sent to the network equipment in IP application IP addresses respond, the network equipment connects
Receive the IP application IP addresses response that Dynamic Host Configuration Protocol server returns.
Concrete, class information can be carried option (option) information in the response of IP application IP addresses by Dynamic Host Configuration Protocol server
Middle transmission;Dynamic Host Configuration Protocol server can be, but not limited to according to the class information distribution rank letter corresponding with MAC Address set in advance
Breath.
S33: receive the IP application IP addresses response that Dynamic Host Configuration Protocol server returns.
S34: IP address, MAC Address and class information are saved in forward table as a forwarding-table item.
S35: IP address is sent to terminal.
Wherein, S34 and S35 does not has strict priority execution sequence, and execution sequence can be set as required.
Concrete, what determination in above-mentioned S13 was corresponding with class information access regular realizes process, specifically includes: obtain
The corresponding relation taking the class information pre-build and access rule;The list item including class information is searched from corresponding relation;
If finding the list item including class information, then obtain the access rule that list item includes, obtain the visit corresponding with class information
Ask rule.
The corresponding relation that can pre-build class information and access rule, corresponding preservation in the list item of this corresponding relation
The access rule that each class information is corresponding.Receive access request if follow-up, can obtain according to class information and access rule,
And then determine whether user has permission this network address of access.
Based on same inventive concept, the embodiment of the present invention provides the processing means of a kind of access request, applies and set at network
In Bei, the structure of this device as shown in Figure 4, including:
First receiver module 41, for receiving the access request that terminal sends, access request carries Internet protocol IP ground
Location, MAC address and network address;
Acquisition module 42, for obtaining the class information corresponding with IP address and MAC Address;
Determine module 43, for determining the access rule corresponding with class information;
First forwarding module 44, if meeting access rule for network address, then forwards access request.
In the program, it is pre-configured with the class information corresponding with IP address and MAC Address, after receiving access request,
Obtain the access rule corresponding with this class information, and determine whether whether the network address carried in access request meets this access
Rule, the quantity of usual class information to lack much compared with number of users, and therefore, the access rule corresponding with class information is also
Few a lot, relative to IP address and the mode of MAC Address configuration access rule for terminal in prior art, visit can be saved
Ask configuration amount and the maintenance of rule, and then promote the treatment effeciency of access request.
Concrete, acquisition module 42, for obtaining the class information corresponding with IP address and MAC Address, specifically for:
Obtain the forward table pre-build;
The forwarding-table item including IP address and MAC Address is searched in forward table;
If finding the forwarding-table item including IP address and MAC, then class information forwarding-table item included as with IP
The class information that address is corresponding with MAC Address;If not finding the forwarding-table item including IP address and MAC Address, then will acquiescence
Class information is as the class information corresponding with IP address and MAC Address.
Optionally, device also includes:
Second receiver module, for receive terminal send certification request, certification request carry IP address, MAC Address and
Authentication information;
Second forwarding module, for being transmitted to certificate server by certification request, so that certificate server is believed according to certification
Breath obtains authentication result after being authenticated, and distributes class information according to IP address and MAC Address, and carries to network equipment transmission
The authentication response of IP address, MAC Address, class information and authentication result;
3rd receiver module, for receiving the authentication response that certificate server returns;
First preserves module, for IP address, MAC Address and class information are saved in forwarding as a forwarding-table item
In table;And,
First sending module, for being sent to terminal by authentication result.
Optionally, device also includes:
4th receiver module, for receiving the IP application IP addresses request that terminal sends, MAC ground is carried in the request of IP application IP addresses
Location;
3rd forwarding module, for by IP application IP addresses request be transmitted to Dynamic Host Configuration Protocol server so that Dynamic Host Configuration Protocol server according to
MAC Address distribution IP address and class information, and the IP carrying IP address, MAC Address and class information is sent to the network equipment
Application IP addresses respond;
5th receiver module, for receiving the IP application IP addresses response that Dynamic Host Configuration Protocol server returns;
Second preserves module, for IP address, MAC Address and class information are saved in forwarding as a forwarding-table item
In table;And,
Second sending module, for being sent to terminal by IP address.
Concrete, determine module 43, for determining the access rule corresponding with class information, specifically for:
The corresponding relation obtaining the class information pre-build and access rule;
The list item including class information is searched from corresponding relation;
If finding the list item including class information, then obtain the access rule that list item includes, obtain and class information
Corresponding access rule.
The present invention is with reference to method, equipment (system) and the flow process of computer program according to embodiments of the present invention
Figure and/or block diagram describe.It should be understood that can the most first-class by computer program instructions flowchart and/or block diagram
Flow process in journey and/or square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
Instruction arrives the processor of general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce
A raw machine so that the instruction performed by the processor of computer or other programmable data processing device is produced for real
The device of the function specified in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame now.
These computer program instructions may be alternatively stored in and computer or other programmable data processing device can be guided with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in this computer-readable memory produces and includes referring to
Make the manufacture of device, this command device realize at one flow process of flow chart or multiple flow process and/or one square frame of block diagram or
The function specified in multiple square frames.
These computer program instructions also can be loaded in computer or other programmable data processing device so that at meter
Perform sequence of operations step on calculation machine or other programmable devices to produce computer implemented process, thus at computer or
The instruction performed on other programmable devices provides for realizing at one flow process of flow chart or multiple flow process and/or block diagram one
The step of the function specified in individual square frame or multiple square frame.
Although having been described for the alternative embodiment of the present invention, but those skilled in the art once know basic creation
Property concept, then can make other change and amendment to these embodiments.So, claims are intended to be construed to include can
Select embodiment and fall into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification without deviating from this to the embodiment of the present invention
The spirit and scope of bright embodiment.So, if these amendments of the embodiment of the present invention and modification belong to the claims in the present invention
And within the scope of equivalent technologies, then the present invention is also intended to comprise these change and modification.
Claims (10)
1. a processing method for access request, application is in the network device, it is characterised in that described method includes:
Receiving the access request that terminal sends, described access request carries internet protocol address, media interviews control MAC ground
Location and network address;
Obtain the class information corresponding with described IP address and described MAC Address;
Determine the access rule corresponding with described class information;
If described network address meets described access rule, then forward described access request.
2. the method for claim 1, it is characterised in that obtain the level corresponding with described IP address and described MAC Address
Other information, specifically includes:
Obtain the forward table pre-build;
Described forward table is searched and includes described IP address and the forwarding-table item of described MAC Address;
Described IP address and the forwarding-table item of described MAC, the then class information included by described forwarding-table item is included if finding
As the class information corresponding with described IP address and described MAC Address;Described IP address and described MAC is included if not finding
The forwarding-table item of address, then using default level information as the class information corresponding with described IP address and described MAC Address.
3. method as claimed in claim 2, it is characterised in that before receiving the access request that terminal sends, also include:
Receiving the certification request that terminal sends, IP address, MAC Address and authentication information are carried in described certification request;
Described certification request is transmitted to certificate server, so that described certificate server is authenticated according to described authentication information
After obtain authentication result, distribute class information according to described IP address and described MAC Address, and send to the described network equipment and take
With described IP address, described MAC Address, described class information and the authentication response of described authentication result;
Receive the authentication response that described certificate server returns;
Described IP address, described MAC Address and described class information are saved in described forward table as a forwarding-table item;
And,
Described authentication result is sent to described terminal.
4. method as claimed in claim 2, it is characterised in that before receiving the access request that terminal sends, also include:
Receiving the IP application IP addresses request that terminal sends, MAC Address is carried in the request of described IP application IP addresses;
The request of described IP application IP addresses is transmitted to dynamic host configuration protocol DHCP server, so that described Dynamic Host Configuration Protocol server root
According to described MAC Address distribution IP address and class information, and carry described IP address, described MAC to the transmission of the described network equipment
The IP application IP addresses response of address and described class information;
Receive the IP application IP addresses response that described Dynamic Host Configuration Protocol server returns;
Described IP address, described MAC Address and described class information are saved in described forward table as a forwarding-table item;
And,
Described IP address is sent to described terminal.
5. the method as described in claim 1-4 is arbitrary, it is characterised in that determine the access rule corresponding with described class information
Then, specifically include:
The corresponding relation obtaining the class information pre-build and access rule;
The list item including described class information is searched from described corresponding relation;
If finding the list item including described class information, then obtain the access rule that described list item includes, obtain with described
The access rule that class information is corresponding.
6. a processing means for access request, application is in the network device, it is characterised in that described device includes:
First receiver module, for receive terminal send access request, described access request carry internet protocol address,
MAC address and network address;
Acquisition module, for obtaining the class information corresponding with described IP address and described MAC Address;
Determine module, for determining the access rule corresponding with described class information;
First forwarding module, if meeting described access rule for described network address, then forwards described access request.
7. device as claimed in claim 6, it is characterised in that described acquisition module, for obtaining and described IP address and institute
State the class information that MAC Address is corresponding, specifically for:
Obtain the forward table pre-build;
Described forward table is searched and includes described IP address and the forwarding-table item of described MAC Address;
Described IP address and the forwarding-table item of described MAC, the then class information included by described forwarding-table item is included if finding
As the class information corresponding with described IP address and described MAC Address;Described IP address and described MAC is included if not finding
The forwarding-table item of address, then using default level information as the class information corresponding with described IP address and described MAC Address.
8. device as claimed in claim 7, it is characterised in that described device also includes:
Second receiver module, for receive terminal send certification request, described certification request carry IP address, MAC Address and
Authentication information;
Second forwarding module, for being transmitted to certificate server, so that described certificate server is according to institute by described certification request
State after authentication information is authenticated and obtain authentication result, according to described IP address and described MAC Address distribution class information, and to
The described network equipment sends the certification sound carrying described IP address, described MAC Address, described class information and described authentication result
Should;
3rd receiver module, for receiving the authentication response that described certificate server returns;
First preserves module, for described IP address, described MAC Address and described class information being protected as a forwarding-table item
Exist in described forward table;And,
First sending module, for being sent to described terminal by described authentication result.
9. device as claimed in claim 7, it is characterised in that described device also includes:
4th receiver module, for receiving the IP application IP addresses request that terminal sends, MAC ground is carried in the request of described IP application IP addresses
Location;
3rd forwarding module, for the request of described IP application IP addresses is transmitted to dynamic host configuration protocol DHCP server, with
Make described Dynamic Host Configuration Protocol server distribute IP address and class information according to described MAC Address, and carry to the transmission of the described network equipment
The IP application IP addresses response of described IP address, described MAC Address and described class information;
5th receiver module, for receiving the IP application IP addresses response that described Dynamic Host Configuration Protocol server returns;
Second preserves module, for described IP address, described MAC Address and described class information being protected as a forwarding-table item
Exist in described forward table;And,
Second sending module, for being sent to described terminal by described IP address.
10. the device as described in claim 6-9 is arbitrary, it is characterised in that described determine module, is used for determining and described rank
The access rule that information is corresponding, specifically for:
The corresponding relation obtaining the class information pre-build and access rule;
The list item including described class information is searched from described corresponding relation;
If finding the list item including described class information, then obtain the access rule that described list item includes, obtain with described
The access rule that class information is corresponding.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610616488.XA CN106302400A (en) | 2016-07-29 | 2016-07-29 | The processing method and processing device of access request |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610616488.XA CN106302400A (en) | 2016-07-29 | 2016-07-29 | The processing method and processing device of access request |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106302400A true CN106302400A (en) | 2017-01-04 |
Family
ID=57663515
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610616488.XA Pending CN106302400A (en) | 2016-07-29 | 2016-07-29 | The processing method and processing device of access request |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106302400A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107426182A (en) * | 2017-06-21 | 2017-12-01 | 郑州云海信息技术有限公司 | The access control method and system of a kind of storage management system |
CN107920068A (en) * | 2017-11-14 | 2018-04-17 | 北京思特奇信息技术股份有限公司 | A kind of authentication method and system |
CN108347333A (en) * | 2017-01-22 | 2018-07-31 | 深圳市优朋普乐传媒发展有限公司 | A kind of identity identifying method of terminal, device |
CN109861982A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | A kind of implementation method and device of authentication |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101056178A (en) * | 2007-05-28 | 2007-10-17 | 中兴通讯股份有限公司 | A method and system for controlling the user network access right |
CN101917398A (en) * | 2010-06-28 | 2010-12-15 | 北京星网锐捷网络技术有限公司 | Method and equipment for controlling client access authority |
CN102055645A (en) * | 2009-11-11 | 2011-05-11 | 上海贝尔股份有限公司 | Method and device for automatically classifying IP service data streams in access network |
CN102437946A (en) * | 2010-09-29 | 2012-05-02 | 杭州华三通信技术有限公司 | Access control method, network access server (NAS) equipment and authentication server |
CN103188231A (en) * | 2011-12-30 | 2013-07-03 | 北京锐安科技有限公司 | Multi-core printed circuit board access control list (ACL) rule matching method |
-
2016
- 2016-07-29 CN CN201610616488.XA patent/CN106302400A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101056178A (en) * | 2007-05-28 | 2007-10-17 | 中兴通讯股份有限公司 | A method and system for controlling the user network access right |
CN102055645A (en) * | 2009-11-11 | 2011-05-11 | 上海贝尔股份有限公司 | Method and device for automatically classifying IP service data streams in access network |
CN101917398A (en) * | 2010-06-28 | 2010-12-15 | 北京星网锐捷网络技术有限公司 | Method and equipment for controlling client access authority |
CN102437946A (en) * | 2010-09-29 | 2012-05-02 | 杭州华三通信技术有限公司 | Access control method, network access server (NAS) equipment and authentication server |
CN103188231A (en) * | 2011-12-30 | 2013-07-03 | 北京锐安科技有限公司 | Multi-core printed circuit board access control list (ACL) rule matching method |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108347333A (en) * | 2017-01-22 | 2018-07-31 | 深圳市优朋普乐传媒发展有限公司 | A kind of identity identifying method of terminal, device |
CN107426182A (en) * | 2017-06-21 | 2017-12-01 | 郑州云海信息技术有限公司 | The access control method and system of a kind of storage management system |
CN107426182B (en) * | 2017-06-21 | 2020-05-29 | 郑州云海信息技术有限公司 | Access control method and system for storage management system |
CN107920068A (en) * | 2017-11-14 | 2018-04-17 | 北京思特奇信息技术股份有限公司 | A kind of authentication method and system |
CN109861982A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | A kind of implementation method and device of authentication |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104378342B (en) | Many accounts verification method, Apparatus and system | |
WO2017024842A1 (en) | Internet access authentication method, client, computer storage medium | |
CN106851632A (en) | A kind of smart machine accesses the method and device of WLAN | |
CN101764808B (en) | Authentication processing method and system for automatic login as well as server | |
CN103746983A (en) | Access authentication method and authentication server | |
CN103384237A (en) | Method for sharing IaaS cloud account, shared platform and network device | |
CN104809369B (en) | Packet sets method, client, server and the system of equipment access rights | |
CN113347206A (en) | Network access method and device | |
CN106411878B (en) | Method, device and system for making access control strategy | |
CN105516055B (en) | Data access method, access device, target device and management server | |
CN106302400A (en) | The processing method and processing device of access request | |
US20140019957A1 (en) | Method, apparatus, and system for sharing software among terminals | |
CN106453349B (en) | Account login method and device | |
CN109302397B (en) | Network security management method, platform and computer readable storage medium | |
CN106254328B (en) | A kind of access control method and device | |
CN105306485A (en) | Network access authentication methods, authentication server and authentication system | |
CN107682372A (en) | User profile for Portal escapes obtains and authentication method, device and access device | |
CN109726545B (en) | Information display method, equipment, computer readable storage medium and device | |
CN104618388A (en) | Quick registration and login method and corresponding reset server and information server | |
CN104796383A (en) | Method and device for preventing terminal information from being tempered | |
CN106295271A (en) | Account automatic logging method, device and related system | |
CN113489689B (en) | Authentication method and device for access request, storage medium and electronic equipment | |
CN104869142A (en) | Link sharing method based on social platform, system and device | |
CN104639421A (en) | Instant communication information processing method and instant communication information processing system based on intelligent television | |
CN105357239A (en) | Method and device for providing service, and method and device for acquiring service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170104 |
|
RJ01 | Rejection of invention patent application after publication |