CN108055254A - A kind of method and apparatus of unaware certification - Google Patents

A kind of method and apparatus of unaware certification Download PDF

Info

Publication number
CN108055254A
CN108055254A CN201711284108.8A CN201711284108A CN108055254A CN 108055254 A CN108055254 A CN 108055254A CN 201711284108 A CN201711284108 A CN 201711284108A CN 108055254 A CN108055254 A CN 108055254A
Authority
CN
China
Prior art keywords
address
certification
certified
arp
user list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711284108.8A
Other languages
Chinese (zh)
Other versions
CN108055254B (en
Inventor
吴世奇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruijie Networks Co Ltd
Original Assignee
Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruijie Networks Co Ltd filed Critical Ruijie Networks Co Ltd
Priority to CN201711284108.8A priority Critical patent/CN108055254B/en
Publication of CN108055254A publication Critical patent/CN108055254A/en
Application granted granted Critical
Publication of CN108055254B publication Critical patent/CN108055254B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the present invention provides a kind of method and apparatus of unaware certification, the described method includes:Configure the static ip address network segment, receive the Address Resolution Protocol ARP request message that user terminal is sent, determine the IP address of the ARP request message whether in the static ip address network segment, when the IP address is in the static ip address network segment, the corresponding ARP entry of the ARP request message is saved in user list to be certified, timer is set, and when the timer has lapsed, the corresponding identifiable information of the ARP entry in the user list to be certified initiates certification.The defects of solving in current network if core NAS device has learnt to dynamic MAC address, can not just triggering MAB certifications again.

Description

A kind of method and apparatus of unaware certification
Technical field
The present invention relates to data communication field, especially a kind of method and apparatus of unaware certification.
Background technology
In present colleges Verification System, backstage is supported to add IP address+MAC Address (as account) of user terminal, is added User can directly surf the Internet after addition work(, but be also required to deduct fees, this certain customers is static ip address (including some application services Device and the terminal of some).Student terminal online simultaneously uses WEB+MAB (mac-auth-bypass, MAC address authentication) sides Formula.When these supports, static IP user will trigger MAB certifications, without dynamic address allocation dhcp address application process, Zhi Nengtong Cross dynamic MAC address study or HTTP message triggering MAB certifications.If before backstage addition account, core network access service Device NAS device just has been received by user terminal message before MAB configurations and has learnt dynamic MAC address, can not just trigger again MAB causes application server that can not authenticate online (application server can not necessarily send HTTP message).
The content of the invention
In order to solve the above-mentioned technical problem, the embodiment of the present invention adopts the following technical scheme that:
The one side of the embodiment of the present invention is to provide a kind of method of unaware certification,
The static ip address network segment is configured,
The Address Resolution Protocol ARP request message that user terminal is sent is received,
The IP address of the ARP request message is determined whether in the static ip address network segment,
When the IP address is in the static ip address network segment, the corresponding ARP entry of the ARP request message is protected It is stored in user list to be certified,
Timer is set,
When the timer has lapsed, the corresponding identifiable information of the ARP entry in the user list to be certified Initiate certification.
Optionally, the corresponding identifiable information of the ARP entry in the user list to be certified is initiated It is further included after the step of certification:
After certification success, deleted from the user list to be certified and initiate the corresponding with the ARP entry of certification Identifiable information.
Optionally, the corresponding identifiable information of the ARP entry in the user list to be certified is initiated It is further included after the step of certification:
After authentification failure, the ARP in the user list to be certified again after expiring in the predetermined time The corresponding identifiable information of list item initiates certification.
Optionally, the identifiable information includes:MAC Address, VLAN ID VID and/or IP address.
Optionally, further include:It is when the number of authentification failure reaches predetermined threshold value, the authentification failure is corresponding described The corresponding identifiable information of ARP entry is deleted from the user list to be certified.
The embodiment of the present invention further aspect is that provide a kind of device of unaware certification, including:
Configuration module, for configuring the static ip address network segment,
Receiving module, for receiving the Address Resolution Protocol ARP request message of user terminal transmission,
Determining module, for determining the IP address of the ARP request message whether in the static ip address network segment,
Memory module, for when the IP address is in the static ip address network segment, by the ARP request message pair The ARP entry answered is saved in user list to be certified,
Timing module, for setting timer,
Certification initiation module, for when the timer has lapsed, according to the ARP entry in the user list to be certified Corresponding identifiable information initiates certification.
Optionally, further include:
First removing module, for work as certification success after, from the user list to be certified delete initiate certification with The corresponding identifiable information of the ARP entry.
Optionally, the certification initiation module is additionally operable to:
After authentification failure, the ARP in the user list to be certified again after expiring in the predetermined time The corresponding identifiable information of list item initiates certification.
Optionally, the identifiable information includes:MAC Address, VLAN ID VID and/or IP address.
Optionally, further include:
Second removing module, it is for when the number of authentification failure reaches predetermined threshold value, the authentification failure is corresponding The corresponding identifiable information of the ARP entry is deleted from the user list to be certified.
The advantageous effect of the embodiment of the present invention is:It solves in current network if core NAS device has learnt to arrive Dynamic MAC address, the defects of can not just triggering MAB certifications again.
Description of the drawings
It in order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be in embodiment or description of the prior art Required attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only some realities of the present invention Example is applied, it for those of ordinary skill in the art, without creative efforts, can also be according to these attached drawings Obtain other attached drawings.
Fig. 1 is a kind of method flow diagram of the embodiment of the present invention;
Fig. 2 is a kind of method flow diagram of the embodiment of the present invention;
Fig. 3 is a kind of method flow diagram of the embodiment of the present invention;
Fig. 4 is a kind of method flow diagram of the embodiment of the present invention;
Fig. 5 is a kind of structure drawing of device of the embodiment of the present invention;
Fig. 6 is a kind of structure drawing of device of the embodiment of the present invention;
Fig. 7 is a kind of structure drawing of device of the embodiment of the present invention.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts Embodiment belongs to the scope of protection of the invention.
The one side of the embodiment of the present invention is to provide a kind of method of unaware certification, as shown in Figure 1, including:
S101 configures the static ip address network segment,
S103 receives the Address Resolution Protocol ARP request message that user terminal is sent,
S105 determines the IP address of the ARP request message whether in the static ip address network segment,
S107, when the IP address is in the static ip address network segment, by the corresponding ARP of the ARP request message List item is saved in user list to be certified,
S109 sets timer,
S111, when the timer has lapsed, the ARP entry in the user list to be certified are corresponding identifiable Information initiates certification.
Optionally, as shown in Fig. 2, being further included after step S111:
S113, when certification success after, from the user list to be certified delete initiate certification with the ARP entry pair The identifiable information answered.
Optionally, as shown in figure 3, being further included after step S111:
S115, after authentification failure, the institute in the user list to be certified again after expiring in the predetermined time It states the corresponding identifiable information of ARP entry and initiates certification.
Optionally, the identifiable information includes:MAC Address, VLAN ID VID and/or IP address.
Optionally, as shown in figure 4, the method further includes:
S117, when the number of authentification failure reaches predetermined threshold value, by the corresponding ARP entry pair of the authentification failure The identifiable information answered is deleted from the user list to be certified.
The advantageous effect of the embodiment of the present invention is:It solves in current network if core NAS device has learnt to arrive Dynamic MAC address, the defects of can not just triggering MAB certifications again.
The embodiment of the present invention further aspect is that provide a kind of device of unaware certification, as shown in figure 5, including:
Configuration module 201, for configuring the static ip address network segment,
Receiving module 203, for receiving the Address Resolution Protocol ARP request message of user terminal transmission,
Determining module 205, for determining the IP address of the ARP request message whether in the static ip address network segment In,
Memory module 207, for when the IP address is in the static ip address network segment, by the ARP request report The corresponding ARP entry of text is saved in user list to be certified,
Timing module 209, for setting timer,
Certification initiation module 211, for when the timer has lapsed, according to the ARP in the user list to be certified The corresponding identifiable information of list item initiates certification.
Optionally, as shown in fig. 6, described device further includes:
First removing module 213 after working as certification success, is deleted from the user list to be certified and initiates certification Identifiable information corresponding with the ARP entry.
Optionally, the certification initiation module 211 is additionally operable to:
After authentification failure, the ARP in the user list to be certified again after expiring in the predetermined time The corresponding identifiable information of list item initiates certification.
Optionally, the identifiable information includes:MAC Address, VLAN ID VID and/or IP address.
Optionally, as shown in fig. 7, described device further includes:
Second removing module 215, for when the number of authentification failure reaches predetermined threshold value, the authentification failure to be corresponded to The corresponding identifiable information of the ARP entry deleted from the user list to be certified.
The advantageous effect of the embodiment of the present invention is:It solves in current network if core NAS device has learnt to arrive Dynamic MAC address, the defects of can not just triggering MAB certifications again.
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices is generated for real The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that:It still may be used To modify to the technical solution recorded in foregoing embodiments or carry out equivalent substitution to which part technical characteristic; And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical solution spirit and Scope.

Claims (10)

  1. A kind of 1. method of unaware certification, which is characterized in that including:
    The static ip address network segment is configured,
    The Address Resolution Protocol ARP request message that user terminal is sent is received,
    The IP address of the ARP request message is determined whether in the static ip address network segment,
    When the IP address is in the static ip address network segment, the corresponding ARP entry of the ARP request message is saved in In user list to be certified,
    Timer is set,
    When the timer has lapsed, the corresponding identifiable information of the ARP entry in the user list to be certified is initiated Certification.
  2. 2. the method as described in claim 1, which is characterized in that the ARP in the user list to be certified It is further included after the step of corresponding identifiable information of list item initiates certification:
    After certification success, initiation the corresponding with the ARP entry of certification is deleted from the user list to be certified and is recognized Demonstrate,prove information.
  3. 3. the method as described in claim 1, which is characterized in that the ARP in the user list to be certified It is further included after the step of corresponding identifiable information of list item initiates certification:
    After authentification failure, the ARP entry in the user list to be certified again after expiring in the predetermined time Corresponding identifiable information initiates certification.
  4. 4. the method as described in claim 1-3 is any, which is characterized in that the identifiable information includes:It is MAC Address, virtual LAN ID VID and/or IP address.
  5. 5. method as claimed in claim 3, which is characterized in that the method further includes:When the number of authentification failure reaches pre- If during threshold value, by the corresponding identifiable information of the corresponding ARP entry of the authentification failure from the user list to be certified Middle deletion.
  6. 6. a kind of device of unaware certification, which is characterized in that including:
    Configuration module, for configuring the static ip address network segment,
    Receiving module, for receiving the Address Resolution Protocol ARP request message of user terminal transmission,
    Determining module, for determining the IP address of the ARP request message whether in the static ip address network segment,
    Memory module, it is for when the IP address is in the static ip address network segment, the ARP request message is corresponding ARP entry is saved in user list to be certified,
    Timing module, for setting timer,
    Certification initiation module, for when the timer has lapsed, the ARP entry in the user list to be certified to correspond to Identifiable information initiate certification.
  7. 7. device as claimed in claim 6, which is characterized in that further include:
    First removing module, for work as certification success after, from the user list to be certified delete initiate certification with it is described The corresponding identifiable information of ARP entry.
  8. 8. device as claimed in claim 6, which is characterized in that the certification initiation module is additionally operable to:
    After authentification failure, the ARP entry in the user list to be certified again after expiring in the predetermined time Corresponding identifiable information initiates certification.
  9. 9. the device as described in claim 6-8 is any, which is characterized in that the identifiable information includes:It is MAC Address, virtual LAN ID VID and/or IP address.
  10. 10. device as claimed in claim 8, which is characterized in that further include:
    Second removing module, it is for when the number of authentification failure reaches predetermined threshold value, the authentification failure is corresponding described The corresponding identifiable information of ARP entry is deleted from the user list to be certified.
CN201711284108.8A 2017-12-07 2017-12-07 Method and device for non-perception authentication Active CN108055254B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711284108.8A CN108055254B (en) 2017-12-07 2017-12-07 Method and device for non-perception authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711284108.8A CN108055254B (en) 2017-12-07 2017-12-07 Method and device for non-perception authentication

Publications (2)

Publication Number Publication Date
CN108055254A true CN108055254A (en) 2018-05-18
CN108055254B CN108055254B (en) 2021-01-15

Family

ID=62122524

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711284108.8A Active CN108055254B (en) 2017-12-07 2017-12-07 Method and device for non-perception authentication

Country Status (1)

Country Link
CN (1) CN108055254B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109413226A (en) * 2018-11-30 2019-03-01 南京邮电大学 A kind of system and method for realizing zero Agent IP fast roaming

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1476207A (en) * 2003-07-04 2004-02-18 IP special line charging method and system
CN101267339A (en) * 2008-02-28 2008-09-17 华为技术有限公司 User management method and device
US20130133043A1 (en) * 2011-04-27 2013-05-23 International Business Machines Corporation Authentication in virtual private networks
CN105162608A (en) * 2015-10-13 2015-12-16 上海斐讯数据通信技术有限公司 Physical address bypass authentication method and device based on software-defined network
US20150365414A1 (en) * 2013-02-04 2015-12-17 Zte Corporation Method and Device for Authenticating Static User Terminal
CN105592458A (en) * 2014-10-22 2016-05-18 中国电信股份有限公司 Authentication method and system for service of wireless local area network, and server
CN106060006A (en) * 2016-05-09 2016-10-26 杭州华三通信技术有限公司 Access method and device
CN107294952A (en) * 2017-05-18 2017-10-24 四川新网银行股份有限公司 A kind of method and system for realizing zero terminal network access

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1476207A (en) * 2003-07-04 2004-02-18 IP special line charging method and system
CN101267339A (en) * 2008-02-28 2008-09-17 华为技术有限公司 User management method and device
US20130133043A1 (en) * 2011-04-27 2013-05-23 International Business Machines Corporation Authentication in virtual private networks
US20150365414A1 (en) * 2013-02-04 2015-12-17 Zte Corporation Method and Device for Authenticating Static User Terminal
CN105592458A (en) * 2014-10-22 2016-05-18 中国电信股份有限公司 Authentication method and system for service of wireless local area network, and server
CN105162608A (en) * 2015-10-13 2015-12-16 上海斐讯数据通信技术有限公司 Physical address bypass authentication method and device based on software-defined network
CN106060006A (en) * 2016-05-09 2016-10-26 杭州华三通信技术有限公司 Access method and device
CN107294952A (en) * 2017-05-18 2017-10-24 四川新网银行股份有限公司 A kind of method and system for realizing zero terminal network access

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109413226A (en) * 2018-11-30 2019-03-01 南京邮电大学 A kind of system and method for realizing zero Agent IP fast roaming

Also Published As

Publication number Publication date
CN108055254B (en) 2021-01-15

Similar Documents

Publication Publication Date Title
CN101217575B (en) An IP address allocation and device in user end certification process
CN103457740B (en) A kind of portal certification system and its method
CN102739684B (en) Portal authentication method based on virtual IP address, and server thereof
CN104468368B (en) Configure the method and device of bgp neighbor
CN102571729A (en) Internet protocol version (IPV)6 network access authentication method, device and system
CN109413649A (en) A kind of access authentication method and device
CN103428211A (en) Network authentication system on basis of switchboards and authentication method for network authentication system
CN103957566A (en) Bandwidth control method and bandwidth control equipment
CN103476143A (en) Method, device and system for IP resource releasing of WLAN
CN109768906B (en) Private subnet line configuration method and device
CN108737585A (en) The distribution method and device of IP address
CN104601743A (en) IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet
CN108650142A (en) The control method and device of multiple gateway equipment in intelligent domestic system
CN110198317A (en) A kind of portal authentication method and system based on port
CN103841218B (en) Method for determining duration of public network access by user terminal and net access server
CN104301449A (en) Method and device for modifying IP address
CN103957194B (en) A kind of procotol IP cut-in methods and access device
CN103595712A (en) Method, device and system for Web authentication
CN108055254A (en) A kind of method and apparatus of unaware certification
CN107995125B (en) Traffic scheduling method and device
CN106879045A (en) Wireless network access user screening plant and method
CN109327375B (en) Method, device and system for establishing VXLAN tunnel
CN103873585A (en) Radius authentication device and method
CN103532850B (en) Uplink message forwarding method, device and AP (access point) equipment
CN105282270B (en) A kind of method, apparatus and system for preventing IP address from falsely using

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20180518

Assignee: Shanghai Ruishan Network Co.,Ltd.

Assignor: RUIJIE NETWORKS Co.,Ltd.

Contract record no.: X2022350000024

Denomination of invention: A method and device for non-perceptual authentication

Granted publication date: 20210115

License type: Common License

Record date: 20220808

EE01 Entry into force of recordation of patent licensing contract