CN101127598B - A method and system for 802.1x authentication in passive optical network - Google Patents
A method and system for 802.1x authentication in passive optical network Download PDFInfo
- Publication number
- CN101127598B CN101127598B CN200610109856.8A CN200610109856A CN101127598B CN 101127598 B CN101127598 B CN 101127598B CN 200610109856 A CN200610109856 A CN 200610109856A CN 101127598 B CN101127598 B CN 101127598B
- Authority
- CN
- China
- Prior art keywords
- onu
- olt
- sent
- certificate server
- subscriber equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Small-Scale Networks (AREA)
Abstract
The utility model discloses a method and a system to realize 802.1x authentication in a passive optical network. An access equipment in the passive optical network receives authentication message from a subscriber equipment and sends the authentication message to an authentication server; the authentication server authorizes the subscriber equipment according to the received authentication message and sends successful authentication message to the access equipment of the passive optical network after the authentication has been passed; a controlled port between the access equipment of the passive optical network and the subscriber equipment is opened. The utility model has the advantages of ensuring the realization of 802.1x authentication in a passive optical network, thus realizing valid authentication to the subscriber equipment in the passive optical network, ensuring network safety, and improving service quality.
Description
Technical field
The present invention relates to optical-fiber network technology, particularly relate to a kind of method and system of realizing 802.1x certification in EPON (PON).
Background technology
EPON (PON) technology is the light access technology that a kind of point-to-multipoint transmits.Fig. 1 is the schematic diagram of PON system.Referring to Fig. 1, PON system mainly comprises: optical line terminal (OLT), light distributed network (ODN) and optical network unit (ONU), and wherein, OLT provides network side interface SNI, connects one or more ODN; ODN is passive optical splitters part, data descending OLT is transferred to each ONU along separate routes by light, and the upstream data of ONU is arrived to OLT by aggregate transmission.
In the time carrying out business transmission, at down direction, the downlink traffic of OLT is broadcast to ONU by time division multiplexing mode, and each ONU receives the flow needing as required; At up direction, multiple ONU share the bandwidth of same link, and the uplink traffic of ONU is by the control of OLT, and the same moment only allows specific ONU transmission data, is transferred to OLT by time division multiple access way.
In PON system, because subscriber equipment can be connected with ONU, by ONU and OLT interaction data message, therefore, unwarranted illegitimate user equipment probably, by ONU access network, is attacked network, therefore, in PON system, must carry out access authentication to the subscriber equipment of access.
At present, one subscriber equipment being authenticated preferably agreement is 802.1x.802.1x is a kind of authentication protocol based on port, and its final purpose determines whether a port can be used exactly.For the port being connected with subscriber equipment, if authentication success, so just " opening " this port, allows all messages of subscriber equipment to pass through; If authenticate unsuccessfully, just make this port keep " closing ", only allow the 802.1x authentication protocol message of subscriber equipment to pass through, other data messages do not allow to pass through.
Fig. 2 is 802.1x architectural schematic.Referring to Fig. 2, in 802.1x architecture, mainly comprise requestor system, Verification System and certificate server system three parts, wherein, requestor system is the entity that is positioned at local area network (LAN) link one end, normally support the subscriber equipment of 802.1x certification, subscriber equipment is initiated 802.1x certification by starting client software; Verification System is generally the network equipment of supporting 802.1x agreement, and it provides serve port for the subscriber equipment as requestor, and Verification System is realized by the access device in network conventionally; Certificate server system, for Verification System provides authentication service, realizes authentication and authorization function.
In 802.1x architecture, between requestor system and Verification System, move the EAPoL agreement of 802.1x definition.In the time that Verification System works in trunking scheme, between Verification System and certificate server, also move EAP agreement, in EAPoL frame, encapsulate verify data, this agreement is carried in other high-level agreement, arrive certificate server to pass through complicated network; In the time that Verification System works in termination mode, Verification System termination EAPoL message, and be converted to other authentication protocol, transmit user authentication information to certificate server system.
The each port of Verification System (can be physical port or logic port) inside includes controlled ports and uncontrolled port.Uncontrolled port, all the time in diconnected state, is mainly used to transmit EAPoL protocol frame, can ensure at any time to receive the EAPoL message identifying that requestor sends; Under the state that controlled ports only passes through in certification, just open, for delivery network resource and service.
Can be found out by above description, 802.1x provides the solution that subscriber equipment is authenticated.Therefore, in PON system, can consider to use 802.1x identifying procedure to realize to the verification process of subscriber equipment.But, at present, but there is not any operation flow that realizes 802.1x certification in PON system, thereby cannot fundamentally ensure the legitimacy certification to subscriber equipment in PON system, cannot ensure the fail safe of PON system communication.
In addition, because PON system is point-to-multipoint system, the entity of realizing access device function comprises ONU and two equipment of OLT, the function of ONU and OLT is inseparable again, the bandwidth of ONU is distributed by OLT, and OLT is by the part or all of function of the control of OAM passage and configuration ONU, therefore, if do not consider ONU and the OLT concrete business function at 802.1x verification process, also cannot ensure to realize 802.1x certification in PON system.
Summary of the invention
In view of this, the first object of the present invention is to provide a kind of method that realizes 802.1x certification in EPON, the second object of the present invention is to provide a kind of system that realizes 802.1x certification in EPON, to ensure the realizing certification to subscriber equipment in EPON, ensure the fail safe of communication;
The 3rd object of the present invention is to provide a kind of method of reporting links information, the 4th object of the present invention is to provide a kind of ONU, in EPON, realizing in 802.1x verification process, the link information of report of user equipment, ensures the location to subscriber equipment.
In order to achieve the above object, technical scheme of the present invention is achieved in that
A method that realizes 802.1x certification in EPON, the method comprises:
Access device in A, EPON receives the message identifying that subscriber equipment is sent, and this message identifying is sent to certificate server; Wherein, described access device is optical network unit ONU;
B, certificate server authenticate subscriber equipment according to the message identifying receiving; After certification is passed through, authentication success message is sent to described access device by described certificate server, with make described access device open and subscriber equipment between controlled ports; Certificate server, by service parameter corresponding subscriber equipment, is directly sent to ONU and optical line terminal OLT, or is sent to ONU and OLT by other equipment of key-course; OLT receives after service parameter, is described ONU allocation of network resources, and distributed Internet resources are sent to ONU;
Wherein, in the time that user activates the service, registered user's mark in other equipment of certificate server and/or key-course, this mark comprise subscriber equipment connected ONU mark, connect the port of ONU, the mark of OLT; After certification is passed through, certificate server is or/and the mark of the ONU obtaining according to user ID is sent to OLT by the miscellaneous equipment of key-course; Certificate server is or/and the miscellaneous equipment of key-course is carried out the process of described transmission according to the mark of registered ONU and OLT; OLT according to certificate server or/and the mark of the ONU that the miscellaneous equipment of key-course is sent is carried out the process of described transmission;
Or described ONU receives the message identifying that subscriber equipment is sent, and inserts link information by ONU and/or OLT in message identifying, described link information comprises the mark of ONU and the mark of OLT, and the message identifying that comprises link information is sent to certificate server; Certificate server is or/and the miscellaneous equipment of key-course, according to the ONU obtaining from message identifying link information and the mark of OLT, is carried out the process of described transmission; OLT carries out the process of described transmission according to the ONU mark of obtaining from send to the message identifying of certificate server.
After step B, further comprise: after certification is passed through, described ONU by the authentication success message of EAPoL agreement to subscriber equipment.
Described access device is operated in repeater mode; The message identifying that described subscriber equipment is sent is the message identifying of EAPoL agreement;
In steps A, the described step that message identifying is sent to certificate server comprises: the access device with the EPON of certificate server direct interaction message, is carried on the EAP frame that has encapsulated verify data in message identifying in other upper-layer protocol and is sent to certificate server;
The described step that authentication success message is sent to the access device in EPON comprises: certificate server is encapsulated in authentication success message in EAP frame, is sent to the access device in the EPON of described and certificate server direct interaction message by upper-layer protocol.
Described access device is operated in termination pattern; The message identifying that described subscriber equipment is sent is the message identifying of EAPoL agreement;
In steps A, the described step that message identifying is sent to certificate server comprises: with the access device in the EPON of certificate server direct interaction message, the message identifying of EAPoL agreement is converted to the message identifying of other agreement, is then sent to certificate server;
The described step that authentication success message is sent to the access device in EPON comprises: certificate server adopts described other agreement authentication success message to be sent to the access device in the EPON of described and certificate server direct interaction message.
A method that realizes 802.1x certification in EPON, the method comprises:
Access device in A, EPON receives the message identifying that subscriber equipment is sent, and this message identifying is sent to certificate server; Wherein, described access device comprises optical network unit ONU and optical line terminal OLT; Message identifying is sent to ONU by subscriber equipment, and message identifying is pass-through to OLT by ONU, and message identifying is sent to certificate server by OLT;
B, certificate server authenticate subscriber equipment according to the message identifying receiving; After certification is passed through, authentication success message is sent to OLT by certificate server, and OLT receives after authentication success message, and connection order is sent to ONU, with described ONU is opened and subscriber equipment between controlled ports; Certificate server, by service parameter corresponding subscriber equipment, is directly sent to OLT or is sent to OLT by other equipment of key-course; OLT is described ONU allocation of network resources, and distributed Internet resources and service parameter corresponding to subscriber equipment are sent to ONU;
Wherein, in the time that user activates the service, registered user's mark in other equipment of certificate server and/or key-course, this mark comprise subscriber equipment connected ONU mark, connect the port of ONU, the mark of OLT; Certificate server or/and the miscellaneous equipment of key-course the mark of registered ONU is carried in authentication success message and is sent to OLT; OLT is sent to distributed Internet resources and service parameter corresponding to subscriber equipment according to the ONU mark execution of carrying in authentication success message the process of ONU;
Or, described ONU receives the message identifying that subscriber equipment is sent, insert in message identifying link information as one or more Option, the message identifying that comprises link information is sent to described OLT, to make described OLT send to described certificate server to authenticate the message identifying that comprises link information, described link information comprises port, the mark of OLT and the mark of described ONU that described subscriber equipment connects; Certificate server is or/and the miscellaneous equipment of key-course, according to the ONU obtaining from message identifying link information and the mark of OLT, is carried out the process of described transmission; OLT is sent to distributed Internet resources and service parameter corresponding to subscriber equipment according to the ONU mark execution of obtaining from send to the message identifying of certificate server the process of ONU;
Or, receive after message identifying at ONU, described ONU is by the link information of the locating information of message identifying and subscriber equipment, send to OLT by the operation management maintenance channel between OLT and ONU, wherein, the mark that this link information comprises ONU and subscriber equipment connected port, locating information comprises session identification;
OLT carries out the described process that distributed Internet resources and service parameter corresponding to subscriber equipment is sent to ONU according to the link information of the locating information that receives and subscriber equipment.
Described access device is operated in repeater mode; The message identifying that described subscriber equipment is sent is the message identifying of EAPoL agreement;
In steps A, the described step that message identifying is sent to certificate server comprises: the access device with the EPON of certificate server direct interaction message, is carried on the EAP frame that has encapsulated verify data in message identifying in other upper-layer protocol and is sent to certificate server;
The described step that authentication success message is sent to the access device in EPON comprises: certificate server is encapsulated in authentication success message in EAP frame, is sent to the access device in the EPON of described and certificate server direct interaction message by upper-layer protocol.
Described access device is operated in termination pattern; The message identifying that described subscriber equipment is sent is the message identifying of EAPoL agreement;
In steps A, the described step that message identifying is sent to certificate server comprises: with the access device in the EPON of certificate server direct interaction message, the message identifying of EAPoL agreement is converted to the message identifying of other agreement, is then sent to certificate server;
The described step that authentication success message is sent to the access device in EPON comprises: certificate server adopts described other agreement authentication success message to be sent to the access device in the EPON of described and certificate server direct interaction message.
After step B, further comprise: after certification is passed through, the authentication success message of EAPoL agreement is sent to subscriber equipment by OLT.
A system that realizes 802.1x certification in EPON, this system comprises: the access device in subscriber equipment, EPON and certificate server, wherein,
Subscriber equipment, for being sent to message identifying the access device of EPON;
Access device in EPON, the message identifying of sending for receiving subscriber equipment, is sent to certificate server by this message identifying; Wherein, described access device is optical network unit ONU;
Certificate server, authenticates subscriber equipment according to the message identifying receiving;
Described certificate server, also, for after passing through in certification, is sent to the access device in EPON by authentication success message; Access device in described EPON, also for receiving after authentication success message, open and subscriber equipment between controlled ports; Described certificate server also, for by service parameter corresponding subscriber equipment, is directly sent to ONU and optical line terminal OLT, or is sent to ONU and OLT by other equipment of key-course; Described OLT, for receiving after service parameter, is described ONU allocation of network resources, and distributed Internet resources is sent to ONU;
Wherein, described certificate server is also in the time that user activates the service, registered user's mark, this mark comprise subscriber equipment connected ONU mark, connect the port of ONU, the mark of OLT; Also, for after passing through in certification, the mark of the ONU obtaining according to user ID is sent to OLT; Described certificate server is carried out the process of described transmission according to the mark of registered ONU and OLT; The mark of the ONU that described OLT sends according to described certificate server is carried out the process of described transmission;
Or, the message identifying that described ONU also sends for receiving subscriber equipment, in message identifying, insert link information by ONU and/or OLT, described link information comprises the mark of ONU and the mark of OLT, and the message identifying that comprises link information is sent to certificate server; Wherein, described certificate server, according to the ONU obtaining from message identifying link information and the mark of OLT, is carried out the process of described transmission; OLT carries out the process of described transmission according to the ONU mark of obtaining from send to the message identifying of certificate server.
Described ONU, is further used for, receiving after the message identifying of subscriber equipment, message identifying being sent to certificate server by OLT.
Described OLT, is further used for, receiving after the message identifying that ONU sends, message identifying being sent to certificate server.
Described OLT and described certificate server are integrated in same physical equipment, or are positioned at different physical equipments.
A system that realizes 802.1x certification in EPON, this system comprises: the access device in subscriber equipment, EPON and certificate server, wherein,
Subscriber equipment, for being sent to message identifying the access device of EPON;
Access device in EPON, the message identifying of sending for receiving subscriber equipment, is sent to certificate server by this message identifying; Wherein, described access device comprises optical network unit ONU and optical line terminal OLT; Message identifying is sent to ONU by described subscriber equipment, and message identifying is pass-through to OLT by ONU, and message identifying is sent to certificate server by OLT;
Certificate server, authenticates subscriber equipment according to the message identifying receiving;
Described certificate server, also, for after passing through in certification, is sent to OLT by authentication success message; Also, for by service parameter corresponding subscriber equipment, be directly sent to OLT or be sent to OLT by other equipment of key-course;
Described OLT, for receiving after authentication success message, is sent to ONU by connection order, with described ONU is opened and subscriber equipment between controlled ports; Also be used to described ONU allocation of network resources, distributed Internet resources and service parameter corresponding to subscriber equipment are sent to ONU;
Wherein, described certificate server is also in the time that user activates the service, registered user's mark, this mark comprise subscriber equipment connected ONU mark, connect the port of ONU, the mark of OLT; Also for being carried to authentication success message, the mark of registered ONU is sent to OLT; Described OLT is sent to distributed Internet resources and service parameter corresponding to subscriber equipment according to the ONU mark execution of carrying in authentication success message the process of ONU;
Or, the message identifying that described ONU also sends for receiving subscriber equipment, insert in message identifying link information as one or more Option, the message identifying that comprises link information is sent to described OLT, to make described OLT send to described certificate server to authenticate the message identifying that comprises link information, described link information comprises port, the mark of OLT and the mark of described ONU that described subscriber equipment connects; Described certificate server also, for according to the ONU obtaining from message identifying link information and the mark of OLT, is carried out the process of described transmission; Described OLT is for according to from sending to ONU mark that the message identifying of certificate server obtains to carry out the process that distributed Internet resources and service parameter corresponding to subscriber equipment is sent to ONU.
Described ONU, is further used for, receiving after the message identifying of subscriber equipment, message identifying being sent to certificate server by OLT.
Described OLT, is further used for, receiving after the message identifying that ONU sends, message identifying being sent to certificate server.
Described OLT and described certificate server are integrated in same physical equipment, or are positioned at different physical equipments.
As can be seen here, the invention provides operation flow complete, realize 802.1x certification in EPON, therefore, can fundamentally ensure the legitimacy certification to subscriber equipment in PON system, ensure the fail safe of PON system communication.
In addition, the invention provides the concrete business function completing respectively as ONU and the OLT of access device in 802.1x verification process.Wherein, when only, by ONU during as Verification System, the present invention has realized in the nearest place of distance users equipment subscriber equipment has been authenticated, and therefore, can improve the fail safe of verification process, prevents that disabled user from tying up the bandwidth resources of PON system; When by ONU and OLT during simultaneously as Verification System, the present invention has realized by OLT and has concentrated and carry out authentication processing, and carries out respectively authentication processing without each ONU, therefore, has reduced the cost of PON system, has improved the bandwidth efficiency of PON system.
In the present invention, further propose by 802.1x verification process, the mark that the link information of subscriber equipment is comprised to ONU and OLT reports, thereby make certificate server obtain the positional information of ONU and OLT, OLT has obtained the positional information of ONU, ensure that various authentication informations can accurately issue, and ensured that OLT can issue the Internet resources that distribute into ONU, thereby ensured that subscriber equipment can pass through PON system access Internet resources.
Brief description of the drawings
Fig. 1 is the schematic diagram of PON system.
Fig. 2 is 802.1x architectural schematic.
Fig. 3 is the basic structure schematic diagram of realizing in the present invention the system of 802.1x certification in EPON.
Fig. 3 A is the system configuration schematic diagram in the time that the access device in EPON is ONU in the present invention.
Fig. 3 B is the system configuration schematic diagram in the time that the access device in EPON comprises ONU and OLT in the present invention.
Fig. 4 is the flow chart of being realized in the present invention 802.1x certification by ONU during as Verification System in EPON.
Fig. 5 is the flow chart of being realized in the present invention 802.1x certification by ONU and OLT during jointly as Verification System in EPON.
Embodiment
The present invention proposes a kind of method that realizes 802.1x certification in EPON, its core concept is: the access device in EPON receives the message identifying that subscriber equipment is sent, and this message identifying is sent to certificate server; Certificate server authenticates subscriber equipment according to the message identifying receiving, and after certification is passed through, authentication success message is sent to the access device in EPON; Access device in EPON open and subscriber equipment between controlled ports.
Wherein, completing access device Verification System function, in described EPON can be ONU; Or, complete access device Verification System function, in described EPON and can comprise ONU and OLT.
Accordingly, the invention allows for a kind of system that realizes 802.1x certification in EPON.Fig. 3 is the basic structure schematic diagram of realizing in the present invention the system of 802.1x certification in EPON.Referring to Fig. 3, the basic structure of system of the present invention comprises: the access device in subscriber equipment, EPON and certificate server, wherein,
Subscriber equipment, for being sent to message identifying the access device of EPON;
Access device in EPON, the message identifying of sending for receiving subscriber equipment, is sent to certificate server by this message identifying, is receiving after authentication success message, open and subscriber equipment between controlled ports; Certificate server authenticates subscriber equipment according to the message identifying receiving, and after certification is passed through, authentication success message is sent to the access device in EPON.
Fig. 3 A is the system configuration schematic diagram in the time that the access device in EPON is ONU in the present invention.Referring to Fig. 3 A, in system of the present invention, completing access device Verification System function, in described EPON can be ONU.
Fig. 3 B is the system configuration schematic diagram in the time that the access device in EPON comprises ONU and OLT in the present invention.Referring to Fig. 3 B, in system of the present invention, complete access device Verification System function, in described EPON and can comprise ONU and OLT, wherein,
ONU, for the message identifying of the subscriber equipment receiving is passed to OLT, after the connection order that receives OLT, open and subscriber equipment between controlled ports;
OLT, for the message identifying receiving is sent to certificate server, receiving after authentication success message, is sent to ONU by connection message.
In order further to ensure after authentication success, user can pass through PON system access Internet resources, and in the present invention, OLT obtains the mark of ONU, according to the mark of obtained ONU, by distributed Internet resources, such as bandwidth and priority etc., is sent to ONU.
Referring to Fig. 3 A and Fig. 3 B, in the present invention, the OLT of PON system and certificate server can be integrated in same physical equipment, also can be positioned at different physical equipments.
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
Fig. 4 is the flow chart of being realized in the present invention 802.1x certification by ONU during as Verification System in EPON.Referring to Fig. 3 A and Fig. 4, in the present invention, because ONU is the access device in PON system, so ONU can complete the Verification System function in 802.1x architectural framework, now, the process that realizes 802.1x certification in PON system comprises the following steps:
Step 401: subscriber equipment is carried at authentication information in the message identifying of EAPoL agreement and is sent to ONU.
Step 402:ONU receives after the message identifying of EAPoL agreement, by OLT, message identifying is sent to certificate server.
Step 403: certificate server receives after message identifying, authenticates subscriber equipment according to the authentication information carrying in this message identifying.
Step 404: certificate server judges whether authentication success, if so, performs step 405, otherwise, finish current flow process.
Step 405: certificate server is sent to ONU by OLT by authentication success message.
In the present invention, ONU can be operated in repeater mode or termination pattern,
In the time that ONU is operated in repeater mode, in above-mentioned steps 402, ONU receives after the message identifying of EAPoL agreement, and the EAP frame that has encapsulated verify data in message identifying is carried on to other upper-layer protocol, in Radius agreement, then send to certificate server by OLT; In above-mentioned steps 405, certificate server is encapsulated in authentication success message in EAP frame, such as Radius agreement, is sent to ONU by OLT by upper-layer protocol.
In the time that ONU is operated in termination pattern, in step 402, ONU receives after the message identifying of EAPoL agreement, and the message identifying of this EAPoL agreement is converted to the message identifying of other agreement such as Radius agreement, is then sent to certificate server by OLT; In above-mentioned steps 405, certificate server adopts this other agreement as Radius agreement, by OLT, authentication success message is sent to ONU.
Step 406:ONU receives after authentication success message, carries out controlled ports and other related service processing of opening between self and subscriber equipment.
Here, ONU opens after the controlled ports between self and subscriber equipment, allows subscriber equipment to pass through PON system access Internet resources or service.
In addition, described other related service processing can for by this controlled ports of opening and customer equipment identification such as MAC (medium access control) address, the processing such as bind.
The authentication success message of EAPoL agreement is sent to subscriber equipment by step 407:ONU.
In order further to ensure, after subscriber equipment is by certification, can to pass through PON system access Internet resources, it must in ONU, be the corresponding ascending resource of user equipment allocation.Therefore,, in flow process shown in above-mentioned Fig. 4, in step 405, other equipment of certificate server and/or key-course can further be carried at service parameter corresponding subscriber equipment in authentication success message or be carried in other message and be sent to ONU; And, in step 404 after authentication success, certificate server can be by service parameter corresponding subscriber equipment, directly be sent to OLT or be sent to OLT by other equipment of key-course, OLT receives after service parameter, for described ONU distributes corresponding Internet resources, such as bandwidth and business-level etc., and distributed Internet resources are sent to ONU.After this, subscriber equipment can be sent to PON network by data message by the controlled ports of opening on ONU, completes the access to respective network resource.
Wherein, because a PON interface of OLT is shared by multiple ONU, an ONU may be shared by physics or logic port by multiple users again, and in the time being embodied as ONU allocation of network resources, other server of certificate server and/or key-course is (as strategic server, resource management server) service parameter corresponding subscriber equipment need to be sent to ONU and OLT, and OLT need to be sent to ONU by the Internet resources of distribution, so other server of certificate server and/or key-course is (as strategic server, resource management server) need to obtain in advance the mark of ONU and OLT, and OLT need to obtain the mark of ONU in advance.
In the present invention, when being realized in EPON as Verification System by ONU 802.1x when certification, make certificate server obtain the mark of ONU and OLT, and the process that OLT obtains the mark of ONU comprises following three kinds of implementations:
Mode one, in the time that user activates the service, in certificate server side registered user's mark, this mark can comprise mark, the connected port of subscriber equipment connected ONU, mark of OLT etc.; After authentication success, certificate server obtains the position of OLT and the mark of user's connected ONU according to the user ID of registration, and according to the mark of obtained ONU, carries out the above-mentioned service parameter by corresponding subscriber equipment and be sent to the process of ONU; And, certificate server can be according to the mark of obtained OLT, the mark of ONU is directly sent to OLT or is sent to OLT by other equipment of key-course, make OLT obtain the mark of corresponding ONU, thereby complete the above-mentioned Internet resources by distributed and be sent to the process of ONU.
In mode one, after activating the service, user can not move, and the ONU that user registers while being only connected to service fulfillment could pass through certification.
Mode two, in verification process, in the time that subscriber equipment, ONU and certificate server are mutual, in issuing the message identifying of certificate server, subscriber equipment inserts link information by ONU and/or OLT, this link information comprises the mark of ONU, the mark of OLT or IP address etc., wherein, can insert whole link informations by ONU; Or OLT inserts whole link informations; For example, or ONU and OLT (respectively insert a part of link information, the link information that ONU inserts comprises ONU mark, request authentication equipment connected port, mark or the address that the link information that OLT inserts comprises OLT, the PON interface identifier of receiving message identifying), certificate server can be known the mark of OLT and ONU according to the link information in the message identifying receiving.
In which two, the specific implementation that ONU inserts link information in message identifying comprises:
In process shown in above-mentioned Fig. 4, when ONU receives after the message identifying of the EAPoL agreement that subscriber equipment sends, one or more option (option) using the link information of the subscriber equipment of request authentication (comprise connected port, ONU mark) in the message identifying of this EAPoL agreement or as one or more Option of upper-layer protocol (as Radius agreement), pass to certificate server
Wherein, in the time that ONU is operated in repeater mode, if when the one or more Option of ONU using link information as the message identifying of EAPoL agreement, ONU first inserts the link information of the subscriber equipment of request authentication in the message identifying of EAPoL agreement, then this message identifying that has inserted the EAPoL agreement of link information is carried on and in upper-layer protocol, passes to certificate server; If when ONU handle identifies as one or more Option of upper-layer protocol (as Radius), ONU is carried on the message identifying of the EAPoL agreement of receiving in upper-layer protocol, directly the link information of the subscriber equipment of request authentication is inserted in the Option of one or more bearing identifications of upper-layer protocol;
In the time that ONU is operated in termination pattern, ONU converts upper-layer protocol message (as Radius) to the message identifying of the EAPoL agreement of receiving, and the link information of the subscriber equipment of request authentication is inserted in the Option of bearing identification of upper-layer protocol.
In which two, the specific implementation that OLT inserts link information in message identifying comprises:
OLT can be used as agency or the relaying (as Radius agency by agreement or relaying) of upper-layer protocol, monitor the upper-layer protocol message (as Radius message) that PON interface is received, insert in upper-layer protocol message (as Radius protocol massages) using link information (mark that comprises OLT or address, PON interface identifier etc.) as Option.
Mode three, verification process, ONU snoops user port and receives after the message identifying of EAPoL agreement, the link information of the locating information of the message identifying of EAPoL agreement (as the mark of the subscriber equipment in the message identifying of session identification or EAPoL agreement, such as MAC Address) and subscriber equipment (mark, the subscriber equipment connected port that comprise ONU) is sent to OLT by the OAM between OLT and ONU (operation management maintenance) passage (as the OMCI passage of GPON agreement).
Fig. 5 is the flow chart of being realized in the present invention 802.1x certification by ONU and OLT during jointly as Verification System in EPON.Referring to Fig. 3 B and Fig. 5, in the present invention, because ONU and OLT are the access devices in PON system, so ONU and OLT can complete the Verification System function in 802.1x architectural framework jointly, now, the process that realizes 802.1x certification in PON system comprises the following steps:
Step 501: subscriber equipment is carried at authentication information in the message identifying of EAPoL agreement and is sent to ONU.
The message identifying of the EAPoL agreement receiving is pass-through to OLT by step 502:ONU.
Step 503:OLT receives after the message identifying of EAPoL agreement, and message identifying is sent to certificate server.
Step 504: certificate server receives after message identifying, authenticates subscriber equipment according to the authentication information carrying in this message identifying.
Step 505: certificate server judges whether authentication success, if so, performs step 506, otherwise, finish current flow process.
Step 506: authentication success message is sent to OLT by certificate server.
In the present invention, OLT can be operated in repeater mode or termination pattern,
In the time that OLT is operated in repeater mode, in above-mentioned steps 503, OLT receives after the message identifying of EAPoL agreement, and the EAP frame that has encapsulated verify data is carried on to other upper-layer protocol, in Radius agreement, then sends to certificate server; In above-mentioned steps 506, certificate server is encapsulated in authentication success message in EAP frame, such as Radius agreement, is sent to OLT by upper-layer protocol.
In the time that OLT is operated in termination pattern, in step 503, OLT receives after the message identifying of EAPoL agreement, and the message identifying of this EAPoL agreement is converted to the message identifying of other agreement such as Radius agreement, is then sent to certificate server; In above-mentioned steps 506, certificate server adopts this other agreement as Radius agreement, and authentication success message is sent to OLT.
Step 507:OLT receives after authentication success message, and connection order is sent to ONU.
Step 508:ONU receives and is communicated with after order, carries out controlled ports and other related service processing of opening between self and subscriber equipment.
Here, OLT opens after the controlled ports that self and subscriber equipment ask, allows subscriber equipment to pass through PON system access Internet resources or service.
In addition, described other related service processing can be for the processing such as binding this controlled ports of opening and subscriber equipment.
The authentication success message of EAPoL agreement is sent to ONU by step 509:OLT.
The authentication success message of EAPoL agreement is sent to subscriber equipment by step 510:ONU.
In order further to ensure, after subscriber equipment is by certification, can to pass through PON system access Internet resources, it must in ONU, be the corresponding ascending resource of user equipment allocation.Therefore,, in flow process shown in above-mentioned Fig. 5, in step 506, other equipment of certificate server and/or key-course can further be carried at service parameter corresponding subscriber equipment in authentication success message and be sent to OLT; OLT receives after the service parameter that subscriber equipment is corresponding, for described ONU distributes corresponding PON Internet resources, such as bandwidth and business-level etc., then distributed Internet resources and service parameter corresponding to subscriber equipment is sent to ONU.After this, subscriber equipment can be sent to PON network by data message by the controlled ports of opening on ONU, completes the access to respective network resource.
Wherein, because a PON interface of OLT is shared by multiple ONU, an ONU may be shared by physics or logic port by multiple users again, and in the time being embodied as ONU allocation of network resources, OLT need to be sent to ONU by the Internet resources of distribution, so OLT need to obtain the mark of ONU in advance, in addition, preferably, also the link information of subscriber equipment can be sent to certificate server, make certificate server also can obtain the link information of subscriber equipment.
In the present invention, when jointly realized 802.1x certification in EPON as Verification System by ONU and OLT, the process that makes OLT obtain the mark of ONU comprises following three kinds of implementations:
When mode A, user activate the service, in certificate server side registered user's mark (comprising mark, the connected port of subscriber equipment connected ONU, mark of connected OLT etc.).When certification, certificate server can obtain the mark of user's connected ONU and OLT according to the user ID of registration, certificate server can be sent to OLT by the mark of obtained user's connected ONU, make OLT obtain the mark of ONU, thereby complete the process that distributed Internet resources is sent to ONU.
In mode A, after activating the service, user can not move, and the ONU that user registers while being only connected to service fulfillment could pass through certification.
Mode B, verification process, ONU snoops user port and receives after the message identifying of EAPoL agreement, the link information of the locating information of the message identifying of EAPoL agreement (as the mark of the subscriber equipment in the message identifying of session identification or EAPoL agreement, such as MAC Address) and subscriber equipment (mark, the subscriber equipment connected port that comprise ONU) is sent to OLT by the OAM between OLT and ONU (operation management maintenance) passage (as the OMCI passage of GPON agreement).
Mode C, in verification process, in the time of subscriber equipment, ONU and OLT, certificate server mutual, ONU or OLT can insert link information and (comprise the mark of ONU in subscriber equipment is issued the message identifying of certificate server, the mark of OLT or IP address etc.), in the link information of certificate server from these messages, can know the position of OLT.
Wherein, ONU inserts the method for link information: ONU tries to find out the message identifying of the EAPoL agreement that the port that is connected with subscriber equipment receives, the link information of the subscriber equipment of request authentication (is comprised to connected port, ONU mark) as one or more option (option) of the message identifying of EAPoL agreement, insert in the message identifying of the EAPoL agreement that port receives that is connected with subscriber equipment, arrive after OLT with the message identifying of the EAPoL agreement of link information, in the Option of bearing link information that OLT can be from the message identifying of EAPoL agreement, obtain the link information of subscriber equipment, determine user's connected ONU, thereby complete the process of follow-up allocation of network resources.As required, OLT can further do the associated this locality that is kept at the session identification of the link information of subscriber equipment and message identifying.OLT can remove or retain the link information that ONU inserts in the message identifying of EAPoL agreement as required, then with trunking scheme or termination mode, message identifying is passed to certificate server.OLT can also insert link information (as the mark of OLT, PON port) in the message identifying that sends certificate server as required.If there is link information in message identifying, certificate server can obtain the link information of the subscriber equipment of request authentication from message identifying, and passes to other server (as the server of policy service or the server of resource management are provided).
After by certification, certificate server need to be carried at link information in authentication success message and be sent to OLT, OLT receives after the authentication success message of certificate server transmission, OLT according to the link information of the user link information acquisition subscriber equipment in authentication success message (as the mark of user's connected ONU, subscriber equipment connected port) determine user's connected ONU, thus complete the process of follow-up allocation of network resources.This kind of processing procedure corresponded manner A, alternatively, also can corresponded manner B and mode C.In aforesaid way B, certificate server also can not be carried at link information in authentication success message, like this, the mark that obtains user the session identification that OLT can preserve from this locality according to the session identification in authentication success message and the related information of user ID is (as the mark of user's connected ONU, subscriber equipment connected port), determine user's connected ONU, thereby complete the process of follow-up allocation of network resources.
In the present invention, described ONU also can be designated as ONT, all refers to optical network unit.
In a word, the foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any amendment of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (16)
1. a method that realizes 802.1x certification in EPON, is characterized in that, the method comprises:
Access device in A, EPON receives the message identifying that subscriber equipment is sent, and this message identifying is sent to certificate server; Wherein, described access device is optical network unit ONU;
B, certificate server authenticate subscriber equipment according to the message identifying receiving; After certification is passed through, authentication success message is sent to described access device by described certificate server, with make described access device open and subscriber equipment between controlled ports; Certificate server, by service parameter corresponding subscriber equipment, is directly sent to ONU and optical line terminal OLT, or is sent to ONU and OLT by other equipment of key-course; OLT receives after service parameter, is described ONU allocation of network resources, and distributed Internet resources are sent to ONU;
Wherein, in the time that user activates the service, registered user's mark in other equipment of certificate server and/or key-course, this mark comprise subscriber equipment connected ONU mark, connect the port of ONU, the mark of OLT; After certification is passed through, certificate server is or/and the mark of the ONU obtaining according to user ID is sent to OLT by the miscellaneous equipment of key-course; Certificate server is or/and the miscellaneous equipment of key-course, according to the mark of registered ONU and OLT, is sent to ONU and OLT by service parameter corresponding subscriber equipment; OLT according to certificate server or/and the mark of the ONU that the miscellaneous equipment of key-course is sent is carried out the process of described transmission;
Or described ONU receives the message identifying that subscriber equipment is sent, and inserts link information by ONU and/or OLT in message identifying, described link information comprises the mark of ONU and the mark of OLT, and the message identifying that comprises link information is sent to certificate server; Certificate server is or/and the miscellaneous equipment of key-course, according to the ONU obtaining from message identifying link information and the mark of OLT, is carried out the process of described transmission; OLT carries out the process of described transmission according to the ONU mark of obtaining from send to the message identifying of certificate server.
2. method according to claim 1, is characterized in that, after step B, further comprises: after certification is passed through, described ONU by the authentication success message of EAPoL agreement to subscriber equipment.
3. method according to claim 1, is characterized in that, described access device is operated in repeater mode; The message identifying that described subscriber equipment is sent is the message identifying of EAPoL agreement;
In steps A, the described step that message identifying is sent to certificate server comprises: the access device with the EPON of certificate server direct interaction message, is carried on the EAP frame that has encapsulated verify data in message identifying in other upper-layer protocol and is sent to certificate server;
The described step that authentication success message is sent to the access device in EPON comprises: certificate server is encapsulated in authentication success message in EAP frame, is sent to the access device in the EPON of described and certificate server direct interaction message by upper-layer protocol.
4. method according to claim 1, is characterized in that, described access device is operated in termination pattern; The message identifying that described subscriber equipment is sent is the message identifying of EAPoL agreement;
In steps A, the described step that message identifying is sent to certificate server comprises: with the access device in the EPON of certificate server direct interaction message, the message identifying of EAPoL agreement is converted to the message identifying of other agreement, is then sent to certificate server;
The described step that authentication success message is sent to the access device in EPON comprises: certificate server adopts described other agreement authentication success message to be sent to the access device in the EPON of described and certificate server direct interaction message.
5. a method that realizes 802.1x certification in EPON, is characterized in that, the method comprises:
Access device in A, EPON receives the message identifying that subscriber equipment is sent, and this message identifying is sent to certificate server; Wherein, described access device comprises optical network unit ONU and optical line terminal OLT; Message identifying is sent to ONU by subscriber equipment, and message identifying is pass-through to OLT by ONU, and message identifying is sent to certificate server by OLT;
B, certificate server authenticate subscriber equipment according to the message identifying receiving; After certification is passed through, authentication success message is sent to OLT by certificate server, and OLT receives after authentication success message, and connection order is sent to ONU, with described ONU is opened and subscriber equipment between controlled ports; Certificate server, by service parameter corresponding subscriber equipment, is directly sent to OLT or is sent to OLT by other equipment of key-course; OLT is described ONU allocation of network resources, and distributed Internet resources and service parameter corresponding to subscriber equipment are sent to ONU;
Wherein, in the time that user activates the service, registered user's mark in other equipment of certificate server and/or key-course, this mark comprise subscriber equipment connected ONU mark, connect the port of ONU, the mark of OLT; Certificate server or/and the miscellaneous equipment of key-course the mark of registered ONU is carried in authentication success message and is sent to OLT; OLT is sent to distributed Internet resources and service parameter corresponding to subscriber equipment according to the ONU mark execution of carrying in authentication success message the process of ONU;
Or, described ONU receives the message identifying that subscriber equipment is sent, insert in message identifying link information as one or more Option, the message identifying that comprises link information is sent to described OLT, to make described OLT send to described certificate server to authenticate the message identifying that comprises link information, described link information comprises port, the mark of OLT and the mark of described ONU that described subscriber equipment connects; Certificate server is or/and the miscellaneous equipment of key-course, according to the ONU obtaining from message identifying link information and the mark of OLT, is sent to ONU and OLT by service parameter corresponding subscriber equipment; OLT is sent to distributed Internet resources and service parameter corresponding to subscriber equipment according to the ONU mark execution of obtaining from send to the message identifying of certificate server the process of ONU;
Or, receive after message identifying at ONU, described ONU is by the link information of the locating information of message identifying and subscriber equipment, send to OLT by the operation management maintenance channel between OLT and ONU, wherein, the mark that this link information comprises ONU and subscriber equipment connected port, locating information comprises session identification;
OLT carries out the described process that distributed Internet resources and service parameter corresponding to subscriber equipment is sent to ONU according to the link information of the locating information that receives and subscriber equipment.
6. method according to claim 5, is characterized in that, described access device is operated in repeater mode; The message identifying that described subscriber equipment is sent is the message identifying of EAPoL agreement;
In steps A, the described step that message identifying is sent to certificate server comprises: the access device with the EPON of certificate server direct interaction message, is carried on the EAP frame that has encapsulated verify data in message identifying in other upper-layer protocol and is sent to certificate server;
The described step that authentication success message is sent to the access device in EPON comprises: certificate server is encapsulated in authentication success message in EAP frame, is sent to the access device in the EPON of described and certificate server direct interaction message by upper-layer protocol.
7. method according to claim 5, is characterized in that, described access device is operated in termination pattern; The message identifying that described subscriber equipment is sent is the message identifying of EAPoL agreement;
In steps A, the described step that message identifying is sent to certificate server comprises: with the access device in the EPON of certificate server direct interaction message, the message identifying of EAPoL agreement is converted to the message identifying of other agreement, is then sent to certificate server;
The described step that authentication success message is sent to the access device in EPON comprises: certificate server adopts described other agreement authentication success message to be sent to the access device in the EPON of described and certificate server direct interaction message.
8. method according to claim 5, is characterized in that, after step B, further comprises: after certification is passed through, the authentication success message of EAPoL agreement is sent to subscriber equipment by OLT.
9. a system that realizes 802.1x certification in EPON, is characterized in that, this system comprises: the access device in subscriber equipment, EPON and certificate server, wherein,
Subscriber equipment, for being sent to message identifying the access device of EPON;
Access device in EPON, the message identifying of sending for receiving subscriber equipment, is sent to certificate server by this message identifying; Wherein, described access device is optical network unit ONU;
Certificate server, authenticates subscriber equipment according to the message identifying receiving;
Described certificate server, also, for after passing through in certification, is sent to the access device in EPON by authentication success message; Access device in described EPON, also for receiving after authentication success message, open and subscriber equipment between controlled ports; Described certificate server also, for by service parameter corresponding subscriber equipment, is directly sent to ONU and optical line terminal OLT, or is sent to ONU and OLT by other equipment of key-course; Described OLT, for receiving after service parameter, is described ONU allocation of network resources, and distributed Internet resources is sent to ONU;
Wherein, described certificate server is also in the time that user activates the service, registered user's mark, this mark comprise subscriber equipment connected ONU mark, connect the port of ONU, the mark of OLT; Also, for after passing through in certification, the mark of the ONU obtaining according to user ID is sent to OLT; Described certificate server, according to the mark of registered ONU and OLT, is sent to ONU and OLT by service parameter corresponding subscriber equipment; The mark of the ONU that described OLT sends according to described certificate server is carried out the process of described transmission;
Or, the message identifying that described ONU also sends for receiving subscriber equipment, in message identifying, insert link information by ONU and/or OLT, described link information comprises the mark of ONU and the mark of OLT, and the message identifying that comprises link information is sent to certificate server; Wherein, described certificate server, according to the ONU obtaining from message identifying link information and the mark of OLT, is carried out the process of described transmission; OLT carries out the process of described transmission according to the ONU mark of obtaining from send to the message identifying of certificate server.
10. system according to claim 9, is characterized in that, described ONU is further used for, receiving after the message identifying of subscriber equipment, message identifying being sent to certificate server by OLT.
11. systems according to claim 9, is characterized in that, described OLT is further used for, receiving after the message identifying that ONU sends, message identifying being sent to certificate server.
12. systems according to claim 9, is characterized in that, described OLT and described certificate server are integrated in same physical equipment, or are positioned at different physical equipments.
In EPON, realize the system of 802.1x certification for 13. 1 kinds, it is characterized in that, this system comprises: the access device in subscriber equipment, EPON and certificate server, wherein,
Subscriber equipment, for being sent to message identifying the access device of EPON;
Access device in EPON, the message identifying of sending for receiving subscriber equipment, is sent to certificate server by this message identifying; Wherein, described access device comprises optical network unit ONU and optical line terminal OLT; Message identifying is sent to ONU by described subscriber equipment, and message identifying is pass-through to OLT by ONU, and message identifying is sent to certificate server by OLT;
Certificate server, authenticates subscriber equipment according to the message identifying receiving;
Described certificate server, also, for after passing through in certification, is sent to OLT by authentication success message; Also, for by service parameter corresponding subscriber equipment, be directly sent to OLT or be sent to OLT by other equipment of key-course;
Described OLT, for receiving after authentication success message, is sent to ONU by connection order, with described ONU is opened and subscriber equipment between controlled ports; Also be used to described ONU allocation of network resources, distributed Internet resources and service parameter corresponding to subscriber equipment are sent to ONU;
Wherein, described certificate server is also in the time that user activates the service, registered user's mark, this mark comprise subscriber equipment connected ONU mark, connect the port of ONU, the mark of OLT; Also for being carried to authentication success message, the mark of registered ONU is sent to OLT; Described OLT is sent to distributed Internet resources and service parameter corresponding to subscriber equipment according to the ONU mark execution of carrying in authentication success message the process of ONU;
Or, the message identifying that described ONU also sends for receiving subscriber equipment, insert in message identifying link information as one or more Option, the message identifying that comprises link information is sent to described OLT, to make described OLT send to described certificate server to authenticate the message identifying that comprises link information, described link information comprises port, the mark of OLT and the mark of described ONU that described subscriber equipment connects; Described certificate server also, for according to the ONU obtaining from message identifying link information and the mark of OLT, is sent to ONU and OLT by service parameter corresponding subscriber equipment; Described OLT is for according to from sending to ONU mark that the message identifying of certificate server obtains to carry out the process that distributed Internet resources and service parameter corresponding to subscriber equipment is sent to ONU.
14. systems according to claim 13, is characterized in that, described ONU is further used for, receiving after the message identifying of subscriber equipment, message identifying being sent to certificate server by OLT.
15. systems according to claim 13, is characterized in that, described OLT is further used for, receiving after the message identifying that ONU sends, message identifying being sent to certificate server.
16. systems according to claim 13, is characterized in that, described OLT and described certificate server are integrated in same physical equipment, or are positioned at different physical equipments.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200610109856.8A CN101127598B (en) | 2006-08-18 | 2006-08-18 | A method and system for 802.1x authentication in passive optical network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200610109856.8A CN101127598B (en) | 2006-08-18 | 2006-08-18 | A method and system for 802.1x authentication in passive optical network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101127598A CN101127598A (en) | 2008-02-20 |
CN101127598B true CN101127598B (en) | 2014-12-10 |
Family
ID=39095535
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200610109856.8A Expired - Fee Related CN101127598B (en) | 2006-08-18 | 2006-08-18 | A method and system for 802.1x authentication in passive optical network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101127598B (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101626273B (en) * | 2008-07-11 | 2013-01-16 | 中兴通讯股份有限公司 | Port positioning method and port positioning device |
CN103634190B (en) * | 2013-10-31 | 2018-09-28 | 上海斐讯数据通信技术有限公司 | A kind of method of the Ethernet interface data packet with VLAN ID |
CN105187261A (en) * | 2015-10-20 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Ethernet passive optical network access authentication method and system |
CN105611436A (en) * | 2016-01-07 | 2016-05-25 | 烽火通信科技股份有限公司 | Method and system for realizing TACACS+ on OLT |
CN105978879B (en) * | 2016-05-11 | 2019-04-26 | 北京交通大学 | Network channel safety management system |
CN107517118A (en) * | 2016-06-17 | 2017-12-26 | 中兴通讯股份有限公司 | A kind of service activating method and system, optical line terminal and optical network unit |
CN107666627A (en) * | 2016-07-28 | 2018-02-06 | 上海诺基亚贝尔股份有限公司 | Data forwarding controlling method and its device in a kind of PON |
CN106131045B (en) * | 2016-08-09 | 2019-11-12 | 无锡雷华网络技术有限公司 | To the authentication method of ONU and GPON OLT system in GPON OLT system |
CN106534117B (en) * | 2016-11-10 | 2020-03-06 | 新华三技术有限公司 | Authentication method and device |
CN113014554B (en) * | 2021-02-07 | 2023-06-13 | 博为科技有限公司 | Automatic switching method and system for internet surfing channels, ONU (optical network Unit) equipment and OLT (optical line terminal) equipment |
CN117353819A (en) * | 2023-10-11 | 2024-01-05 | 武汉西迪特通信技术有限公司 | ONU-based 802.1X access control method |
-
2006
- 2006-08-18 CN CN200610109856.8A patent/CN101127598B/en not_active Expired - Fee Related
Non-Patent Citations (1)
Title |
---|
郭巍,刘冬,孙曙和,陈雪.面向FTTH的EPON系统应用与管理.《电信科学》.2005,(第9期),72-74. * |
Also Published As
Publication number | Publication date |
---|---|
CN101127598A (en) | 2008-02-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101127598B (en) | A method and system for 802.1x authentication in passive optical network | |
CN101159598B (en) | Remote management method of passive optical network terminal equipment | |
CN103039038B (en) | Method and system for efficient use of a telecommunication network and the connection between the telecommunications network and a customer premises equipment | |
CN105307058B (en) | The processing method and processing device of business configuration data | |
US8948401B2 (en) | Method for filtering of abnormal ONT with same serial number in a GPON system | |
CN103378979B (en) | The management method of a kind of EPON, equipment and system | |
CN103039037B (en) | For effectively managing the method and system of the connection between communication network and this communication network and customer rs premise equipment | |
CN104584478B (en) | Terminal authentication method, apparatus and system in passive optical network | |
CN103200161A (en) | Optical network unit (ONU) identity authentication method in gigabit passive optical network (GPON) | |
CN104702607A (en) | Access authentication method, device and system of SDN (Software Defined Network) | |
CN107302544B (en) | Certificate request method, wireless access control equipment and wireless access point device | |
CN102045601B (en) | Optical network unit (ONU) activating method and system in gigabit passive optical network (GPON) system | |
CN111885436B (en) | Distribution network automatic communication system based on EPON technology | |
JP7299541B2 (en) | Service initiation method and communication system | |
CN102571353B (en) | The method of verifying legitimacy of home gateway in passive optical network | |
CN103069750A (en) | Method and system for efficient use of a telecommunications network and the connection between the telecommunications network and a customer premises equipment | |
CN100488120C (en) | Method for managing optical network with no source | |
CN103039040A (en) | Method for efficient initialization of a telecommunications network and telecommunications network | |
EP2439871B1 (en) | Method and device for encrypting multicast service in passive optical network system | |
CN106888408A (en) | The method and system that a kind of ONT is automatically configured | |
CN101600169A (en) | A kind of authentication method and device to the access mail server apparatus | |
WO2017076146A1 (en) | Network access authentication method and system | |
CN106162387A (en) | The certification register method of soft exchange module, Apparatus and system | |
US20090232313A1 (en) | Method and Device for Controlling Security Channel in Epon | |
CN101282177B (en) | Data transmission method and terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141210 Termination date: 20170818 |
|
CF01 | Termination of patent right due to non-payment of annual fee |