CN101188614A - A method, system and device for secure control of the user access - Google Patents
A method, system and device for secure control of the user access Download PDFInfo
- Publication number
- CN101188614A CN101188614A CNA2007101951023A CN200710195102A CN101188614A CN 101188614 A CN101188614 A CN 101188614A CN A2007101951023 A CNA2007101951023 A CN A2007101951023A CN 200710195102 A CN200710195102 A CN 200710195102A CN 101188614 A CN101188614 A CN 101188614A
- Authority
- CN
- China
- Prior art keywords
- user
- access
- request message
- llid
- link sign
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a system and a device thereof for security control access of a user, which belongs to the communication field. The method comprises steps that an access request message is received, and the access request message carries a user link mark; the access request message is analyzed to obtain the user link mark; whether the access request message meets the preset access condition is determined according to the user link mark; if the access request message meets the preset access condition, the user corresponding to the user link mark is allowed to be accessed. The system comprises user nodes, access device and controlling device, wherein, the access device comprises a receiving module, a mark inserting module and a sending module; the controlling device comprises a receiving module, an analyzing module and a processing module. Through configuring logical interfaces on BNG device in the invention, the user link can be identified exclusively in a multi-service mode; therefore security control strategies of access control, bandwidth control and multicast control, etc. to a single user can be realized according to the security control strategies of the logical interfaces well configured in advance and through user link mark information.
Description
Technical field
The present invention relates to the communications field, particularly a kind of method, system and equipment of user's access security control.
Background technology
Along with the development of broadband access technology, very big variation has taken place in the access way of network and access technology.Network develops into the network of multiple service supporting also by traditional network that the Internet access service only is provided.Referring to Fig. 1, the networking schematic diagram of the broadband access technology that provides for prior art, wherein, TV set-top box, VoIP (Voice over InternetProtocol, the networking telephone) terminal, the PC that connects Internet, and mobile telephone terminal, users such as hand-hold multimedia terminals are by RG (Residential Gateway, family gateway equipment) finishes access uniformly, RG is by twisted pair telephone or by ADSL (Asymmetric Digital Subscriber Line, asynchronous digital subscriber line)/VDSL (Very-high-data-rate Digital Subscriber Line, HDSL High-Speed Digital Subscriber Line) etc. technology is linked into DSLAM (Digital Subscriber Line Access Multiplexer, the digital subscriber line access device), wherein DSLAM is a two-layer equipment, be used to finish to the converging of user's access link, realize the conversion of xDSL (ADSL/VDSL) and up Ethernet link; DSLAM is linked into BNG (Broadband Network Gateway by Access Network then, wideband network gateway), wherein BNG can be BRAS (Broadband Remote Access Server, broad band remote access service equipment), it also can be the router that provides professional specially, BNG is used to realize the access of PPPoE (PPP over Ethernet is carried on the ppp protocol on the Ethernet) in network, realizes that normally PC inserts the business of Internet; Be used to realize that DHCP (Dynamic Host Configuration Protocol, dynamic host allocation protocol) inserts, normally realize the access-in management of TV set-top box, VoIP terminal etc.; BNG also is used for by ASP (Application Service Provider, the application service provider)/ISP (Internet Service Provider, Internet link service provider) provide different business datum flows to be distributed to corresponding user, wherein the business that provides of ASP/ISP comprises IPTV, Internet access, VoIP etc.Also comprise in the network by each gateway device in network and issue the strategic server of control strategy realization to user/service management, gateway server etc.
This shows that BNG is the core node that is in functions such as process user access-in management, distribution of services, business game enforcement in network.
Referring to Fig. 2, the customer service that provides for prior art inserts the mapping schematic diagram.Different customer services is linked into DSLAM by different VC (Virtual Circuit, virtual circuit) after inserting by RG, and wherein, the TV set-top box business inserts by VC3 by VC2 access, PC business by VC1 access, VoIP business.When DSLAM finished VC to the mapping of VLAN, prior art provided two kinds of mapping models:
1) N: 1 model: identical type of service, be mapped to same S-VLAN, promptly on DSLAM, the flow of all users' identical services type, when arriving BNG, BNG discerns by identical S-VLAN.
2) 1: 1 model: DSLAM is each type of service, the combination that distributes unique S-VLAN+C-VLAN, general S-VLAN comes identification services, C-VLAN discerns the user, promptly on DSLAM, when the data message of every kind of type of service of user arrived BNG, BNG was undertaken well-determined by the combination of S-VLAN+C-VLAN.
The inventor finds that there is following shortcoming and defect at least in prior art in realizing process of the present invention:
The user link that BNG identification inserts is to realize by VLAN/QinQ, security control also is that granularity is carried out with VLAN/QinQ, under multiple services pattern, BNG can't identify user link uniquely by VLAN/QinQ, and then also just can't implement security control to the unique user link.
Summary of the invention
In order to make BNG that the unique user link is implemented security control, the embodiment of the invention provides a kind of method, system and equipment of user's access security control.Described technical scheme is as follows:
The embodiment of the invention provides a kind of method of user's access security control, and described method comprises:
Receive and insert request message, described access request message carries the user link sign;
Resolve described access request message and obtain described user link sign;
Judge according to described user link sign whether described access request message satisfies default access conditions;
If allow the corresponding user of described user link sign to insert.
The embodiment of the invention also provides a kind of system of user's access security control, and described system comprises:
User node is used for sending the access request message;
Access device is used to receive the access request message that described user node sends, and inserts the user link sign in the access request message that described user node sends, and sends the access request message that inserts the user link sign;
Control appliance, be used to receive the access request message of the insertion user link sign that described access device sends after, resolve and obtain described user link sign; Judge according to described user link sign whether described access request message satisfies default access conditions, if allow the corresponding described user node of described user link sign to insert.
The embodiment of the invention also provides a kind of access device, and described equipment comprises:
Receiver module is used to receive the access request message that user node sends;
The sign insert module, the access request message that is used for receiving at described receiver module inserts the user link sign;
Sending module is used to send the access request message after described sign insert module is inserted the user link sign.
The embodiment of the invention also provides a kind of control appliance, and described equipment comprises:
Receiver module is used to receive the access request message that access device sends, and carries the user link sign in the described access request message;
Parsing module is used to resolve the access request message that described receiver module receives and obtains described user link sign;
Processing module is used for resolving the user link sign that obtains according to described parsing module and judges whether described access request message satisfies default access conditions, if allow the corresponding user of described user link sign to insert.
The beneficial effect of the technical scheme that the embodiment of the invention provides is:
By configuration logic interface on BNG equipment, under multiple services pattern, can uniquely identify user link, according to the user link identification information unique user link is implemented security control thereby be implemented on the pre-configured logic interfacing.
Description of drawings
Fig. 1 is the networking schematic diagram of the broadband access technology that provides of prior art;
Fig. 2 is that the customer service that prior art provides inserts the mapping schematic diagram;
Fig. 3 is the method flow diagram of the user's access security control that provides of the embodiment of the invention 1;
Fig. 4 is the method flow diagram of the user's access security control that provides of the embodiment of the invention 2;
Fig. 5 is the method flow diagram of the user's access security control that provides of the embodiment of the invention 3;
Fig. 6 is the system schematic of the user's access security control that provides of the embodiment of the invention 4;
Fig. 7 is the schematic diagram of the access device that provides of the embodiment of the invention 5;
Fig. 8 is the schematic diagram of the control appliance that provides of the embodiment of the invention 6.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
The technical scheme that the embodiment of the invention provides, BNG can identify the user link identification information uniquely under multiple services pattern, and then the unique user link is implemented security control.Wherein, method comprises that reception inserts request message, inserts request message and carries the user link sign; Resolve the access request message and obtain the user link sign; Judge according to the user link sign whether insert request message satisfies default access conditions; If allow the corresponding user of user link sign to insert.
The technical scheme that the embodiment of the invention is provided according to the concrete safety control strategy that disposes is done detailed elaboration below:
Referring to Fig. 3, the embodiment of the invention provides a kind of method of user's access security control, and step is as follows:
Step 101:BNG obtains the user link sign.
Can adopt following dual mode to realize when BNG obtains the user link identification information:
1) utilize the keeper on BNG, to go out the facility information realization of DSLAM by the mode manual configuration of order line.The facility information of DSLAM specifically comprises: the frame of equipment number, groove number and port numbers, wherein, DSLAM can by frame number+groove number+port numbers can unique definite access DSLAM a user link.The reference command row format is as follows:
access-loop-circuit-identifier?dslaml-atm-frame-slot/port:[vpi.vci]。
Wherein, access-loop-circuit-identifier is a command word, needs to dispose a user link sign on the expression BNG, then is respectively to identify the corresponding characters string, wherein, certain DSLAM nodename of dslaml sign expression, atm represents that RG and DSLAM link layer are ATM, frame is the frame number of DSLAM, slot is the groove number among the DSLAM, port is the port numbers of DSLAM, and vpi.vci is optional PVC (Permanent Virtual Circuit, a PVC) information.
2) the link information reporting functions that utilizes the ANCP agreement to provide is realized.The ANCP agreement is as transport layer protocol by TCP, the passage that control information is transmitted between BNG and the DSLAM is provided, when the user starts RG, during the excited users link, DSLAM will report BNG with this user's user link information by the ANCP agreement, wherein, user link information comprises user link state, user link sign and relevant user link parameter etc.The ANCP protocol definition is as follows:
Type (Access-Loop-Circuit-ID=Ox01), length is 64 to the maximum, and the form of agreement acquiescence is:
access-Node-Identifier?atm?slot/port[:vlan-id]
Step 102:BNG is according to the user link sign of obtaining, for the user link sign is created corresponding LLID.
Wherein, this LLID is specifically as follows the user link sign, also can be the logic interfacing of being created according to the user link sign, and the embodiment of the invention is that logic interfacing is that example describes with the LLID.The logic interfacing that BNG creates identifies unique corresponding with user link.Reference command is capable as follows when creating interface:
interface?user-line?dslaml-atm-frame-slot/port:[vpi.vci]
After BNG creates logic interfacing, can be to have implemented safety control strategy just in the logic interfacing of creating.
Step 103: user X initiates to insert request by DHCP, promptly sends DHCP and inserts request message.
Wherein, the user is at the difference of the type of service of self, can initiate to insert request by DHCP agreement or PPPoE agreement usually, for example, if the pc user when asking to insert Internet professional, can initiate to insert request by the PPPoE agreement; If TV set-top box user asks to insert IPTV business or voip phone terminal use and asks to insert VoIP when professional, then can initiate to insert request by the DHCP agreement.It is that example describes that present embodiment initiates to insert request by DHCP with user X, but does not limit the type of the request of access.
Step 104:DSLAM receives the DHCP access request message that user X sends, and insert at the DHCP that receives and insert the user link sign in the request message, and the DHCP access request message that will insert after the user link sign is forwarded to BNG.
Wherein, because DHCP agreement self, in message, there is an Agent-Circuit-ID option, the sign of the circuit that is used for representing that the user inserts.When the DHCP that receives user X transmission inserts request message, DSLAM knows that this access request message is which frame mouth, notch and port by self receives, correspondingly, insert the user link sign of correspondence, the form of its user link sign must be consistent with the form that the default user link of BNG identifies.
Step 105:BNG receives the DHCP that carries the user link sign that is sent by DSLAM and inserts request message, insert the user link sign of carrying in the request message according to DHCP, judge whether to find corresponding logic interfacing, if execution in step 106, otherwise, execution in step 107.
Step 106:BNG creates the user who is bundled in logic interfacing and inserts list item, preserves the information of user X, and execution in step 108.
Wherein, the information of user X and corresponding logic interfacing sign can be kept in user's access table, the information of user X comprises information such as MAC (Media Access Control, the media interviews control) address, IP address, authentication, charging of user X.
Step 107:BNG abandons and receives the access request message, forbids that user X inserts, and finishes.
Step 108:BNG returns the dhcp response message to DSLAM, carries the user link identification information in this dhcp response message.
Step 109:DSLAM receives the dhcp response message that BNG returns, and the user link identification information that carries in the deletion dhcp response message is forwarded to user X with the dhcp response message of having deleted the user link identification information.
After step 110:DCHP consulted to finish, user X successfully inserted BNG, finished.
After the user inserts BNG equipment, can also carry out security control to the user further.For example:
1) when needs were implemented bandwidth control to user X, BNG can also be the logic interfacing configured bandwidth parameter of creating, and wherein bandwidth parameter specifically comprises up direction bandwidth parameter and down direction bandwidth parameter.
After user X successfully inserts BNG, user X sends datagram, carry information such as user's MAC address and IP address in this data message, BNG is according to the user's MAC address and the IP address search user access table table that carry in the data message that receives, find corresponding logic interfacing, according to the up direction bandwidth parameter of this logic interfacing configuration, this data message is carried out bandwidth control; When the equipment that service is provided in the network (as ASP) by BNG when user X sends datagram, according to the user's MAC address of carrying in this data message, search user's access table, find on the corresponding logic interfacing, according to the down direction bandwidth parameter that disposes on this logic interfacing, the data message that subtend user X sends carries out bandwidth control.
2) when needs are implemented access control control to user X, promptly carry out flow control, can also utilize traffic-policy order configuration access control strategy on BNG logic interfacing.
After user X successfully inserts BNG, user X sends datagram, carry information such as user's MAC address and IP address in this data message, BNG is according to the user's MAC address and the IP address search user access table that carry in the data message that receives, find the logic interfacing of user X correspondence, according to the access control policy of this logic interfacing configuration, the data message that this user X is sent carries out flow control; When the equipment that service is provided in the network (as ASP) by BNG when user X sends datagram, search user's access table according to the MAC Address of the user X that carries in this data message, find the logic interfacing of user X correspondence, the next hop address of this data message is the logic interfacing of user X correspondence on the BNG equipment, according to the access control policy of this logic interfacing configuration, to carrying out flow control to the data message that user X sends by BNG.
3) as user X request IGMP (Internet Group Management Protocol, group of networks management agreement) when program request is wished to add multicast group, further, BNG can also dispose the multicast control strategy in logic interfacing, promptly disposes multicast control tabulation.
After user X successfully inserted BNG, user X sent the IGMP message request, carries user's MAC address in this message request; After BNG receives the IGMP message request of user X transmission, search user's access table according to MAC Address, find the logic interfacing of user X correspondence, multicast control tabulation according to this logic interfacing configuration judges whether to allow user X to add multicast group, if, then BNG allows user X to add multicast group, and process user X sends the IGMP message request, issues multicast data traffic; Otherwise, abandon user X and send the IGMP message request.
The method that the embodiment of the invention provides is by configuration logic interface on BNG equipment, under multiple services pattern, can uniquely identify user link, thereby realize safety control strategy, the unique user link is implemented security controls such as access control, bandwidth control, flow control and multicast control according to the user link identification information by on logic interfacing, disposing.
Embodiment 2
Referring to Fig. 4, the embodiment of the invention provides a kind of method of user's access security control, and step is as follows:
Step 201:BNG obtains the user link sign.
Step 202:BNG is according to the user link sign of obtaining, for the user link identification information is created corresponding LLID.
Wherein, the embodiment of the invention is that logic interfacing is that example describes with the LLID.
User's IP Session number on the step 203:BNG circumscription logic interface, the i.e. upper limit of default user's IP Session.
Step 204: user X initiates to insert request by DHCP, promptly sends DHCP and inserts request message.
Step 205:DSLAM receives the DHCP access request message that user X sends, and insert at the DHCP of reception and insert the user link sign in the request message, and the DHCP access request message that will insert after user link identifies is forwarded to BNG.
Step 206:BNG receives the DHCP that carries the user link sign that is sent by DSLAM and inserts request message, according to inserting the user link sign of carrying in the request message, judge whether to find corresponding logic interfacing, if execution in step 207, otherwise, execution in step 208.
Step 207: whether the IP Session number of judging user X less than the upper limit that finds default user's IPSession on the logic interfacing, if then execution in step 209, otherwise execution in step 208.
Step 208:BNG abandons and receives the access request message, forbids that user X inserts, and finishes.
Step 209:BNG creates the user who is bundled in logic interfacing and inserts list item, preserves the information of user X; And return response message to DSLAM, carry the user link sign in this response message.
Step 210:DSLAM receives the dhcp response message that BNG returns, and the user link sign of carrying in the deletion message is forwarded to user X with the dhcp response message of having deleted the user link sign.
After step 211:DHCP consulted to finish, user X successfully inserted BNG; This User IP Session number that BNG equipment will write down adds 1, finishes.
After the user inserts BNG equipment, can also carry out security control to the user who inserts further.For example:
1) when needs were implemented bandwidth control to user X, BNG can also be the logic interfacing configured bandwidth parameter of creating, and wherein bandwidth parameter specifically comprises up direction bandwidth parameter and down direction bandwidth parameter.
After user X successfully inserts BNG, user X sends datagram, carry information such as user's MAC address and IP address in this data message, BNG is according to the user's MAC address and the IP address search user access table table that carry in the data message that receives, find corresponding logic interfacing, according to the up direction bandwidth parameter of this logic interfacing configuration, this data message is carried out bandwidth control; When the equipment that service is provided in the network (as ASP) by BNG when user X sends datagram, according to the user's MAC address of carrying in this data message, search user's access table, find on the corresponding logic interfacing, according to the down direction bandwidth parameter that disposes on this logic interfacing, the data message that subtend user X sends carries out bandwidth control.
2) when needs are implemented access control control to user X, promptly carry out flow control, can also utilize order configuration access control strategies on BNG logic interfacing such as traffic-policy.
After user X successfully inserts BNG, user X sends datagram, carry information such as user's MAC address and IP address in this data message, BNG is according to the user's MAC address and the IP address search user access table that carry in the data message that receives, find the logic interfacing of user X correspondence, according to the access control policy of this logic interfacing configuration, the data message that this user X is sent carries out flow control; When the equipment that service is provided in the network (as ASP) by BNG when user X sends datagram, search user's access table according to the MAC Address of the user X that carries in this data message, find the logic interfacing of user X correspondence, the next hop address of this data message is the logic interfacing of user X correspondence on the BNG equipment, according to the access control policy of this logic interfacing configuration, to carrying out flow control to the data message that user X sends by BNG.
3) as user X request IGMP (Internet Group Management Protocol, group of networks management agreement) when program request is wished to add multicast group, further, BNG can also dispose the multicast control strategy in logic interfacing, promptly disposes multicast control tabulation.
After user X successfully inserted BNG, user X sent the IGMP message request, carries user's MAC address in this message request; After BNG receives the IGMP message request of user X transmission, search user's access table according to MAC Address, find the logic interfacing of user X correspondence, multicast control tabulation according to this logic interfacing configuration judges whether to allow user X to add multicast group, if, then BNG allows user X to add multicast group, and process user X sends the IGMP message request, issues multicast data traffic; Otherwise, abandon user X and send the IGMP message request.
The method that the embodiment of the invention provides is by configuration logic interface on BNG equipment, under multiple services pattern, can uniquely identify user link, thereby realize safety control strategy, the unique user link is implemented security controls such as access control, bandwidth control, flow control and multicast control according to the user link identification information by on logic interfacing, disposing.
Embodiment 3
Referring to Fig. 5, the embodiment of the invention provides a kind of method of user's access security control, and step is as follows:
Step 301:BNG obtains the user link sign.
Step 302:BNG is according to the user link sign of obtaining, for the user link sign is created corresponding LLID.
Wherein, the embodiment of the invention is that logic interfacing is that example describes with the LLID.
Step 303:BNG is by different user type on the different keyword configuration logic interfaces.Reference command is capable as follows:
[BNG]terminal-type?voip?dhcp-option-60?include?VoIP
Step 304: user X initiates to insert request by DHCP, promptly sends DHCP and inserts request message.
Wherein, user X initiates to insert request by DHCP, and for example, this DHCP inserts and carries keyword in the request is VoIP-ISP-1, shows that user X is the VoIP terminal of ISP-1.
Realized that by step 302 and step 303 user and BNG define dissimilar users' keyword simultaneously.
Step 305:DSLAM receives the DHCP access request message that user X sends, and inserts the user link sign in receiving DHCP access request message, and the DHCP access request message that will insert after the user link sign is forwarded to BNG.
Step 306:BNG receives the DHCP that carries the user link identification information that is sent by DSLAM and inserts request message, insert the user link sign of carrying in the request message according to DHCP, judge whether to find corresponding logic interfacing, if execution in step 307, otherwise, execution in step 308.
Step 307:BNG judge the DHCP of user X insert the keyword that carries in the request message whether with this logic interfacing on the keyword coupling that disposes, if, execution in step 309, otherwise execution in step 308.
Step 308:BNG abandons and receives the access request message, forbids that user X inserts, and finishes.
Step 309:BNG creates the user who is bundled in logic interfacing and inserts list item, preserves the information of user X; And return the dhcp response message to DSLAM, carry the user link sign in this dhcp response message.
Step 310:DSLAM receives the dhcp response message that BNG returns, and the user link sign of carrying in the deletion message is forwarded to user X with the response message of having deleted the user link sign.
After step 311:DHCP consulted to finish, user X successfully inserted BNG, finished.
After the user inserts BNG equipment, can also carry out security control to the user who inserts further.For example:
1) when needs were implemented bandwidth control to user X, BNG can also be the logic interfacing configured bandwidth parameter of creating, and wherein bandwidth parameter specifically comprises up direction bandwidth parameter and down direction bandwidth parameter.
After user X successfully inserts BNG, user X sends datagram, carry information such as user's MAC address and IP address in this data message, BNG is according to the user's MAC address and the IP address search user access table table that carry in the data message that receives, find corresponding logic interfacing, according to the up direction bandwidth parameter of this logic interfacing configuration, this data message is carried out bandwidth control; When the equipment that service is provided in the network (as ASP) by BNG when user X sends datagram, according to the user's MAC address of carrying in this data message, search user's access table, find on the corresponding logic interfacing, according to the down direction bandwidth parameter that disposes on this logic interfacing, the data message that subtend user X sends carries out bandwidth control.
2) when needs are implemented access control control to user X, promptly carry out flow control, can also utilize order configuration access control strategies on BNG logic interfacing such as traffic-policy.
After user X successfully inserts BNG, user X sends datagram, carry information such as user's MAC address and IP address in this data message, BNG is according to the user's MAC address and the IP address search user access table that carry in the data message that receives, find the logic interfacing of user X correspondence, according to the access control policy of this logic interfacing configuration, the data message that this user X is sent carries out flow control; When the equipment that service is provided in the network (as ASP) by BNG when user X sends datagram, search user's access table according to the MAC Address of the user X that carries in this data message, find the logic interfacing of user X correspondence, the next hop address of this data message is the logic interfacing of user X correspondence on the BNG equipment, according to the access control policy of this logic interfacing configuration, to carrying out flow control to the data message that user X sends by BNG.
3) as user X request IGMP (Internet Group Management Protocol, group of networks management agreement) when program request is wished to add multicast group, further, BNG can also dispose the multicast control strategy in logic interfacing, promptly disposes multicast control tabulation.
After user X successfully inserted BNG, user X sent the IGMP message request, carries user's MAC address in this message request; After BNG receives the IGMP message request of user X transmission, search user's access table according to MAC Address, find the logic interfacing of user X correspondence, multicast control tabulation according to this logic interfacing configuration judges whether to allow user X to add multicast group, if, then BNG allows user X to add multicast group, and process user X sends the IGMP message request, issues multicast data traffic; Otherwise, abandon user X and send the IGMP message request.
The method that the embodiment of the invention provides is by configuration logic interface on BNG equipment, under multiple services pattern, can uniquely identify user link, thereby realize safety control strategy, the unique user link is implemented security controls such as access control, bandwidth control, flow control and multicast control according to the user link identification information by on logic interfacing, disposing.
Create a kind of mode that logic interfacing just realizes among the invention described above embodiment; security controls such as any access control that logic-based chain line is realized on similar equipment such as BNG, flow control, bandwidth control, multicast control are all within protection scope of the present invention.
Embodiment 4
Referring to Fig. 6, the embodiment of the invention provides a kind of system of user's access security control, and system comprises:
User node is used for sending the access request message;
Access device is used to receive the access request message that user node sends, and inserts the user link sign in the access request message that user node sends, and sends the access request message that inserts the user link sign;
Control appliance, be used to receive the access request message of the insertion user link sign that access device sends after, resolve and obtain the user link sign; Judge according to the user link sign whether insert request message satisfies default access conditions, if allow the corresponding user node of user link sign to insert.
Wherein, control appliance comprises:
Receiver module is used to receive the access request message that access device sends;
Parsing module is used to resolve the access request message that receiver module receives and obtains the user link sign;
Judge module is used for resolving the user link sign that obtains according to parsing module and judges whether to find the corresponding LLID of user link sign;
Processing module, the result who judges when judge module is in the time of can finding the LLID of user link sign correspondence, allows the corresponding user node of user link sign to insert.
Wherein, control appliance comprises:
Receiver module is used to receive the access request message that access device sends;
Parsing module is used to resolve the access request message that receiver module receives and obtains the user link sign;
Search module, be used for resolving and obtain the user link sign and search the corresponding LLID of user link sign according to parsing module;
Judge module, be used to judge search module searches to the number of user sessions that inserted of LLID whether reach default thresholding;
Processing module, be used for when result that judge module is judged be the number of user sessions that inserted when not reaching default thresholding, allow the corresponding user node of user link sign to insert, and the number of user sessions that will insert adds 1.
Wherein, control appliance comprises:
Receiver module is used to receive the access request message that access device sends;
Parsing module is used to resolve the access request message that receiver module receives and obtains the user link sign;
Search module, be used for resolving and obtain the user link sign and search the corresponding LLID of user link sign according to parsing module;
Judge module, be used for judging insert user type that request message carries whether and search module searches to LLID on the user type preset consistent;
Processing module, be used for when result that judge module is judged be insert the user type that request message carries and search module searches to LLID on default user type when consistent, allow the user node access of user link sign correspondence.
The system that the embodiment of the invention provides is by the sign of configuration logical link on control appliance, under multiple services pattern, can uniquely identify user link, thereby realize safety control strategy, the unique user link is implemented safety control strategies such as access control, bandwidth control, flow control and multicast control according to the user link identification information by pre-configured LLID correspondence.
Embodiment 5
Referring to Fig. 7, the embodiment of the invention provides a kind of access device, and equipment comprises:
Receiver module is used to receive the access request message that user node sends;
The sign insert module, the access request message that is used for receiving at receiver module inserts the user link sign;
Sending module is used to send the access request message after the sign insert module is inserted the user link sign.
The access device that the embodiment of the invention provides can receive the access request message that user's contact sends, and inserts the user link sign in the access request message that receives, and sends the access request message that has inserted after the user link sign.Wherein, the access request message received of this equipment interconnection can also insert other information such as user type etc.
Embodiment 6
Referring to Fig. 8, the embodiment of the invention provides a kind of control appliance, and equipment comprises:
Receiver module is used to receive the access request message that access device sends, and inserts and carries the user link sign in the request message;
Parsing module is used to resolve the access request message that receiver module receives and obtains the user link sign;
Processing module is used for resolving the user link sign that obtains according to parsing module and judges whether insert request message satisfies default access conditions, if allow the corresponding user of user link sign to insert.
Wherein, processing module comprises:
Judging unit is used for resolving the user link sign that obtains according to parsing module and judges whether to find the corresponding LLID of user link sign;
Processing unit, the result who is used for when judgment unit judges is in the time of can finding the LLID of user link sign correspondence, allows the corresponding user of user link sign to insert.
Wherein, processing module comprises:
Search the unit, be used for resolving and obtain the user link sign and search the corresponding LLID of user link sign according to parsing module;
Judging unit is used to judge whether search the number of user sessions that LLID that the unit finds inserted reaches default thresholding;
When processing unit, the number of user sessions that is used for result when judgment unit judges and is to have inserted do not reach default thresholding, allow the corresponding user of user link sign to insert, and the number of user sessions that will insert add 1.
Wherein, processing module comprises:
Search the unit, be used for resolving and obtain the user link sign and search the corresponding LLID of user link sign according to parsing module;
Judging unit, be used for judging insert user type that request message carries whether and the user type of presetting of searching on the LLID that the unit finds consistent;
Processing unit is used for result when judgment unit judges and is inserting the user type that request message carries and searches user type default on the LLID that the unit finds when consistent, allows user's access of user link sign correspondence.
Behind user access control equipment, can also carry out security control to the user who inserts further, at this moment, control appliance also comprises:
Logging modle is used for when processing module allows the corresponding user of user link sign to insert, and is recorded in user's access table according to inserting media access control address, IP address, user link sign and the LLID of request message with the user;
Configuration module, being used for according to the LLID that logging modle writes down at user's access table is LLID configuration control strategy.
First control module, be used for when receiving the data message of user's transmission, in user's access table of logging modle, search corresponding LLID according to media access control address that carries in the data message and IP address, according to the control strategy of the LLID correspondence that finds, the data message is controlled;
Second control module, be used for when receiving when mailing to the user's data message, in logging modle, search corresponding LLID according to the media access control address that in mailing to the user's data message, carries, according to the control strategy of the LLID correspondence that finds, control mailing to the user's data message.
The control strategy of above-mentioned configuration module configuration can be for access control policy or/and the bandwidth control strategy, correspondingly, can carry out data message flow control or/bandwidth control.The embodiment of the invention is the control strategy type of limitation arrangement block configuration not.
When user X request IGMP program request was wished to add multicast group, control appliance also comprised:
Logging modle is used for when processing module allows the corresponding user of user link sign to insert, and is recorded in user's access table according to inserting media access control address, IP address, user link sign and the LLID of request message with the user;
Configuration module, the LLID that is used for according to the logging modle record is a LLID configuration multicast control strategy.
The multicast control module, be used for when the request that receives user's transmission adds the group of networks management agreement message of multicast group, in user's access table of logging modle, search corresponding LLID according to the media access control address that carries in the group of networks management agreement message, multicast control strategy according to the LLID correspondence that finds, judge whether to allow the user to add multicast group, if allow the user to add multicast group.
The embodiment of the invention provides passes through configuration logical link sign on control appliance, under multiple services pattern, can uniquely identify user link, thereby realize corresponding safety control strategy, the unique user link is implemented safety control strategies such as access control, bandwidth control, flow control and multicast control according to the user link identification information by pre-configured LLID.
The technical scheme that the invention described above embodiment provides is by the sign of configuration logical link on similar control equipment such as BNG, under multiple services pattern, can uniquely identify user link, thereby realize safety control strategy, the unique user link is implemented safety control strategies such as access control, bandwidth control, flow control and multicast control according to the user link identification information by pre-configured LLID correspondence.
Part steps in the embodiment of the invention can utilize software to realize that corresponding software programs can be stored in the storage medium that can read, as CD or hard disk etc.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (18)
1. the method for user's access security control is characterized in that described method comprises:
Receive and insert request message, described access request message carries the user link sign;
Resolve described access request message and obtain described user link sign;
Judge according to described user link sign whether described access request message satisfies default access conditions;
If allow the corresponding user of described user link sign to insert.
2. the method for user's access security as claimed in claim 1 control is characterized in that, describedly judges according to described user link sign whether described access request message satisfies the step of presetting access conditions and comprise:
Judge whether to find the corresponding LLID of described user link sign;
If satisfy default access conditions.
3. the method for user's access security as claimed in claim 1 control is characterized in that, describedly judges according to described user link sign whether described access request message satisfies the step of presetting access conditions and comprise:
Search the corresponding LLID of described user link sign;
Check whether the number of user sessions that described LLID has inserted reaches default thresholding,, then satisfy default access conditions if do not reach described default thresholding;
Correspondingly, also comprise after the step that the corresponding user of the described user link sign of described permission inserts:
The described number of user sessions that has inserted is added 1.
4. the method for user's access security control as claimed in claim 1 is characterized in that, also carries user type in the described access request message;
Correspondingly, describedly judge according to described user link sign whether described access request message satisfies the step of presetting access conditions and comprise:
Search the corresponding LLID of described user link sign;
Judge that the user type of carrying in the described access request message is whether consistent with the default user type of described LLID, if satisfy default access conditions.
5. the method for user's access security control as claimed in claim 1 is characterized in that, also comprises after the step that the corresponding user of the described user link sign of described permission inserts:
According to described access request message user's media access control address, IP address, user link sign and LLID are recorded in user's access table, for the user of described LLID correspondence disposes control strategy;
When receiving the data message of user's transmission, in described user's access table, search corresponding LLID according to media access control address that carries in the described data message and IP address, according to the control strategy of the LLID correspondence that finds, described data message is controlled;
When receiving to when mailing to described user's data message, in described user's access table, search corresponding LLID according to the described media access control address that carries in the described user's data message that mails to, according to the control strategy of the LLID correspondence that finds, mail to described user's data message and control described.
6. the method for user's access security control as claimed in claim 5 is characterized in that described control strategy is specially:
Access control policy is or/and the bandwidth control strategy.
7. the method for user's access security control as claimed in claim 1 is characterized in that, also comprises after the step that the corresponding user of the described user link sign of described permission inserts:
According to described access request message user's media access control address, IP address, user link sign and LLID are recorded in user's access table, for the user of described LLID correspondence disposes the multicast control strategy;
When the request that receives user's transmission adds the group of networks management agreement message of multicast group, in described user's access table, search corresponding LLID according to the media access control address that carries in the described group of networks management agreement message, multicast control strategy according to the LLID correspondence that finds, judge whether to allow described user to add multicast group, if allow described user to add multicast group.
8. the system of user's access security control is characterized in that described system comprises:
User node is used for sending the access request message;
Access device is used to receive the access request message that described user node sends, and inserts the user link sign in the access request message that described user node sends, and sends the access request message that inserts the user link sign;
Control appliance, be used to receive the access request message of the insertion user link sign that described access device sends after, resolve and obtain described user link sign; Judge according to described user link sign whether described access request message satisfies default access conditions, if allow the corresponding described user node of described user link sign to insert.
9. the system of user's access security control as claimed in claim 8 is characterized in that described control appliance comprises:
Receiver module is used to receive the access request message that described access device sends;
Parsing module is used to resolve the access request message that described receiver module receives and obtains described user link sign;
Judge module is used for resolving the user link sign that obtains according to described parsing module and judges whether to find the corresponding LLID of described user link sign;
Processing module, the result who judges when described judge module is in the time of can finding the LLID of described user link sign correspondence, allows the corresponding user node of described user link sign to insert.
10. the system of user's access security control as claimed in claim 8 is characterized in that described control appliance comprises:
Receiver module is used to receive the access request message that described access device sends;
Parsing module is used to resolve the access request message that described receiver module receives and obtains described user link sign;
Search module, be used for obtaining the user link sign and search the corresponding LLID of described user link sign according to described parsing module parsing;
Judge module, be used to judge described search module searches to the number of user sessions that inserted of LLID whether reach default thresholding;
Processing module, be used for when result that described judge module is judged be that the described number of user sessions that has inserted is not when reaching described default thresholding, allow the corresponding described user node of described user link sign to insert, and the described number of user sessions that has inserted is added 1.
11. the system of user's access security control as claimed in claim 8 is characterized in that described control appliance comprises:
Receiver module is used to receive the access request message that described access device sends;
Parsing module is used to resolve the access request message that described receiver module receives and obtains described user link sign;
Search module, be used for obtaining the user link sign and search the corresponding LLID of described user link sign according to described parsing module parsing;
Judge module, be used for judging user type that described access request message carries whether with described search module searches to LLID on default user type consistent;
Processing module, be used for when result that described judge module is judged be the described access request message user type of carrying with described search module searches to LLID on default user type when consistent, allow the corresponding described user node access of described user link sign.
12. an access device is characterized in that, described equipment comprises:
Receiver module is used to receive the access request message that user node sends;
The sign insert module, the access request message that is used for receiving at described receiver module inserts the user link sign;
Sending module is used to send the access request message after described sign insert module is inserted the user link sign.
13. a control appliance is characterized in that, described equipment comprises:
Receiver module is used to receive the access request message that access device sends, and carries the user link sign in the described access request message;
Parsing module is used to resolve the access request message that described receiver module receives and obtains described user link sign;
Processing module is used for resolving the user link sign that obtains according to described parsing module and judges whether described access request message satisfies default access conditions, if allow the corresponding user of described user link sign to insert.
14. control appliance as claimed in claim 13 is characterized in that, described processing module comprises:
Judging unit is used for resolving the user link sign that obtains according to described parsing module and judges whether to find the corresponding LLID of described user link sign;
Processing unit, the result who is used for when described judgment unit judges is in the time of can finding the LLID of described user link sign correspondence, allows the corresponding user of described user link sign to insert.
15. control appliance as claimed in claim 13 is characterized in that, described processing module comprises:
Search the unit, be used for obtaining the user link sign and search the corresponding LLID of described user link sign according to described parsing module parsing;
Judging unit is used to judge and describedly searches the number of user sessions that LLID that the unit finds inserted and whether reach default thresholding;
Processing unit when being used for result when described judgment unit judges and being the described number of user sessions that has inserted and not reaching described default thresholding, allows the corresponding user of described user link sign to insert, and the described number of user sessions that has inserted is added 1.
16. control appliance as claimed in claim 13 is characterized in that, described processing module comprises:
Search the unit, be used for obtaining the user link sign and search the corresponding LLID of described user link sign according to described parsing module parsing;
Judging unit is used for judging that user type that described access request message carries is whether consistent with described default user type of searching on the LLID that the unit finds;
Processing unit, be used for result when described judgment unit judges and be user type that described access request message carries and search user type default on the LLID that the unit finds when consistent, allow the corresponding user's access of described user link sign with described.
17. control appliance as claimed in claim 13 is characterized in that, described equipment also comprises:
Logging modle, be used for when described processing module allows the corresponding user of described user link sign to insert, be recorded in user's access table according to media access control address, IP address, user link sign and the LLID of described access request message with the user;
Configuration module, being used for according to the LLID that described logging modle writes down at described user's access table is described LLID configuration control strategy.
First control module, be used for when receiving the data message of user's transmission, in user's access table of described logging modle, search corresponding LLID according to media access control address that carries in the described data message and IP address, according to the control strategy of the LLID correspondence that finds, described data message is controlled;
Second control module, be used for when receiving when mailing to described user's data message, according in described logging modle, searching corresponding LLID to the described media access control address that carries in the described user's data message that mails to, according to the control strategy of the LLID correspondence that finds, mail to described user's data message and control described.
18. control appliance as claimed in claim 13 is characterized in that, described equipment also comprises:
Logging modle, be used for when described processing module allows the corresponding user of described user link sign to insert, be recorded in user's access table according to media access control address, IP address, user link sign and the LLID of described access request message with the user;
Configuration module, the LLID that is used for according to described logging modle record is described LLID configuration multicast control strategy.
The multicast control module, be used for when the request that receives user's transmission adds the group of networks management agreement message of multicast group, in user's access table of described logging modle, search corresponding LLID according to the media access control address that carries in the described group of networks management agreement message, multicast control strategy according to the LLID correspondence that finds, judge whether to allow described user to add multicast group, if allow described user to add multicast group.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101951023A CN101188614B (en) | 2007-11-28 | 2007-11-28 | A method, system and device for secure control of the user access |
| PCT/CN2008/072243 WO2009067871A1 (en) | 2007-11-28 | 2008-09-02 | Method, system and device for user access security control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101951023A CN101188614B (en) | 2007-11-28 | 2007-11-28 | A method, system and device for secure control of the user access |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101188614A true CN101188614A (en) | 2008-05-28 |
| CN101188614B CN101188614B (en) | 2011-01-19 |
Family
ID=39480803
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101951023A Active CN101188614B (en) | 2007-11-28 | 2007-11-28 | A method, system and device for secure control of the user access |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101188614B (en) |
| WO (1) | WO2009067871A1 (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009067871A1 (en) * | 2007-11-28 | 2009-06-04 | Huawei Technologies Co., Ltd. | Method, system and device for user access security control |
| CN101902743A (en) * | 2010-08-02 | 2010-12-01 | 中兴通讯股份有限公司 | Terminal safety control method and device |
| CN102164075A (en) * | 2011-03-18 | 2011-08-24 | 杭州华三通信技术有限公司 | Internet protocol video monitoring method and access layer switchboard |
| CN102413009A (en) * | 2011-11-17 | 2012-04-11 | 盛科网络(苏州)有限公司 | Interface expanding method and device for network equipment test |
| WO2012048603A1 (en) * | 2010-10-15 | 2012-04-19 | 华为技术有限公司 | Method and device for use in pcp marking and user identification |
| CN103780513A (en) * | 2012-10-24 | 2014-05-07 | 中兴通讯股份有限公司 | Response method and system based on BNG pool, and related device |
| CN103905236A (en) * | 2012-12-28 | 2014-07-02 | 中国移动通信集团福建有限公司 | Terminal positioning method, system and device |
| CN104202219A (en) * | 2014-09-17 | 2014-12-10 | 上海斐讯数据通信技术有限公司 | Multi-service wan connection binding testing method and system |
| CN104363111A (en) * | 2014-10-29 | 2015-02-18 | 中国建设银行股份有限公司 | Third-party system access control method and device |
| CN104426686A (en) * | 2013-08-22 | 2015-03-18 | 中国电信股份有限公司 | Broadband access gateway user access method and apparatus, and broadband access gateway |
| CN104506349A (en) * | 2014-12-18 | 2015-04-08 | 易联众信息技术股份有限公司 | Service platform and service management method thereof |
| CN105635068A (en) * | 2014-11-04 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Method and apparatus for controlling business security |
| CN106357483A (en) * | 2015-07-17 | 2017-01-25 | 华为技术有限公司 | Message transmission method, access node, access controller and access system |
| WO2017012443A3 (en) * | 2015-07-17 | 2017-03-23 | 华为技术有限公司 | Message transmission method, access node, access controller and access system |
| CN110297211A (en) * | 2019-06-12 | 2019-10-01 | Oppo(重庆)智能科技有限公司 | A kind of localization method and electronic equipment |
| CN112565031A (en) * | 2020-11-30 | 2021-03-26 | 福州汇思博信息技术有限公司 | Parameter configuration method and terminal for PPP connection |
| WO2022083446A1 (en) * | 2020-10-19 | 2022-04-28 | 中兴通讯股份有限公司 | Communication control method, electronic device, and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553674A (en) * | 2003-05-26 | 2004-12-08 | 广东省电信有限公司科学技术研究院 | Method for wideband connection server to obtain port numbers of its uers |
| CN101217359B (en) * | 2003-09-04 | 2010-08-25 | 华为技术有限公司 | Method, device and system of controlling wide band user on assessing the network |
| US7797745B2 (en) * | 2004-12-22 | 2010-09-14 | Electronics And Telecommunications Research Institute | MAC security entity for link security entity and transmitting and receiving method therefor |
| CN101188614B (en) * | 2007-11-28 | 2011-01-19 | 华为技术有限公司 | A method, system and device for secure control of the user access |
-
2007
- 2007-11-28 CN CN2007101951023A patent/CN101188614B/en active Active
-
2008
- 2008-09-02 WO PCT/CN2008/072243 patent/WO2009067871A1/en active Application Filing
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009067871A1 (en) * | 2007-11-28 | 2009-06-04 | Huawei Technologies Co., Ltd. | Method, system and device for user access security control |
| CN101902743A (en) * | 2010-08-02 | 2010-12-01 | 中兴通讯股份有限公司 | Terminal safety control method and device |
| CN101902743B (en) * | 2010-08-02 | 2015-05-13 | 中兴通讯股份有限公司 | Terminal safety control method and device |
| CN102457478B (en) * | 2010-10-15 | 2015-04-29 | 华为技术有限公司 | Method and equipment for marking primary control program (PCP) and identifying user |
| WO2012048603A1 (en) * | 2010-10-15 | 2012-04-19 | 华为技术有限公司 | Method and device for use in pcp marking and user identification |
| CN102457478A (en) * | 2010-10-15 | 2012-05-16 | 华为技术有限公司 | Method and equipment for marking primary control program (PCP) and identifying user |
| CN102164075A (en) * | 2011-03-18 | 2011-08-24 | 杭州华三通信技术有限公司 | Internet protocol video monitoring method and access layer switchboard |
| CN102413009A (en) * | 2011-11-17 | 2012-04-11 | 盛科网络(苏州)有限公司 | Interface expanding method and device for network equipment test |
| CN102413009B (en) * | 2011-11-17 | 2014-04-02 | 盛科网络(苏州)有限公司 | Interface expanding method and device for network equipment test |
| CN103780513A (en) * | 2012-10-24 | 2014-05-07 | 中兴通讯股份有限公司 | Response method and system based on BNG pool, and related device |
| CN103780513B (en) * | 2012-10-24 | 2018-08-10 | 中兴通讯股份有限公司 | A kind of response method, system and relevant device based on the ponds BNG |
| CN103905236A (en) * | 2012-12-28 | 2014-07-02 | 中国移动通信集团福建有限公司 | Terminal positioning method, system and device |
| CN104426686B (en) * | 2013-08-22 | 2018-06-08 | 中国电信股份有限公司 | Broad access network gate user access method, device and broad access network gate |
| CN104426686A (en) * | 2013-08-22 | 2015-03-18 | 中国电信股份有限公司 | Broadband access gateway user access method and apparatus, and broadband access gateway |
| CN104202219A (en) * | 2014-09-17 | 2014-12-10 | 上海斐讯数据通信技术有限公司 | Multi-service wan connection binding testing method and system |
| CN104363111B (en) * | 2014-10-29 | 2019-05-17 | 中国建设银行股份有限公司 | A kind of control method and equipment of third party system access |
| CN104363111A (en) * | 2014-10-29 | 2015-02-18 | 中国建设银行股份有限公司 | Third-party system access control method and device |
| CN105635068A (en) * | 2014-11-04 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Method and apparatus for controlling business security |
| CN105635068B (en) * | 2014-11-04 | 2019-06-04 | 阿里巴巴集团控股有限公司 | A kind of method and device carrying out service security control |
| CN104506349A (en) * | 2014-12-18 | 2015-04-08 | 易联众信息技术股份有限公司 | Service platform and service management method thereof |
| WO2017012443A3 (en) * | 2015-07-17 | 2017-03-23 | 华为技术有限公司 | Message transmission method, access node, access controller and access system |
| CN106357483A (en) * | 2015-07-17 | 2017-01-25 | 华为技术有限公司 | Message transmission method, access node, access controller and access system |
| CN113225238A (en) * | 2015-07-17 | 2021-08-06 | 华为技术有限公司 | Message transmission method, access node, access controller and access system |
| US11178073B2 (en) | 2015-07-17 | 2021-11-16 | Huawei Technologies Co., Ltd. | Message transmission method, access node, access controller, and access system |
| CN113225238B (en) * | 2015-07-17 | 2022-08-26 | 华为技术有限公司 | Message transmission method, access node, access controller and access system |
| US11902183B2 (en) | 2015-07-17 | 2024-02-13 | Huawei Technologies Co., Ltd. | Message transmission method, access node, access controller, and access system |
| CN110297211A (en) * | 2019-06-12 | 2019-10-01 | Oppo(重庆)智能科技有限公司 | A kind of localization method and electronic equipment |
| WO2022083446A1 (en) * | 2020-10-19 | 2022-04-28 | 中兴通讯股份有限公司 | Communication control method, electronic device, and storage medium |
| CN112565031A (en) * | 2020-11-30 | 2021-03-26 | 福州汇思博信息技术有限公司 | Parameter configuration method and terminal for PPP connection |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2009067871A1 (en) | 2009-06-04 |
| CN101188614B (en) | 2011-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101188614B (en) | A method, system and device for secure control of the user access | |
| CN100583773C (en) | Method and device for controlling data link layer elements with network layer elements | |
| CN101047618B (en) | Method and system for acquiring network route information | |
| US7835370B2 (en) | System and method for DSL subscriber identification over ethernet network | |
| US7801123B2 (en) | Method and system configured for facilitating residential broadband service | |
| US8711865B2 (en) | Auto-provisioning of network services over an Ethernet access link | |
| US8028324B2 (en) | Method for transmitting policy information between network equipment | |
| EP3499809B1 (en) | Point-to-multipoint functionality in a network with bridges | |
| AU2010255430B2 (en) | Dynamically configuring attributes of a parent circuit on a network element | |
| JP4489415B2 (en) | Promoting traffic management functions in DSLAM | |
| CN101433051B (en) | Associating method and device with subscriber and service based requirements | |
| CN101616056B (en) | Shunt-stream method and shunt-stream gateway breaking through PPPoE technical limitation and network structure of the shunt-stream gateway | |
| CN101102273A (en) | Broadband access and broadband access method | |
| CN100518138C (en) | Method for realizing virtual special network | |
| CN101312410A (en) | Control apparatus and method for controlling access of multiple kinds of service in same user side interface | |
| CN102098278A (en) | Subscriber access method and system as well as access server and device | |
| CN1874358B (en) | Method and system for managing configuration of internet addresses | |
| CN101098290B (en) | Devices for implementing anti-spurious IP address on AN and methods therefor | |
| CN100579022C (en) | Method for managing bridging connection equipment | |
| US20070140118A1 (en) | Access multiplexer | |
| KR20060059877A (en) | An arrangement and a method relating to ethernet access systems | |
| CN101098289A (en) | Dual-VLAN based method for transmitting user port information | |
| CN101415032B (en) | Three-layer private wire access method, apparatus and system | |
| CN101662456A (en) | Method and system for sending terminal services | |
| CN101378353A (en) | User resource orientation method as well as communication system and relevant equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |