CN101521598A - SNMP network management system and method thereof for managing access customer - Google Patents

SNMP network management system and method thereof for managing access customer Download PDF

Info

Publication number
CN101521598A
CN101521598A CN200910106490A CN200910106490A CN101521598A CN 101521598 A CN101521598 A CN 101521598A CN 200910106490 A CN200910106490 A CN 200910106490A CN 200910106490 A CN200910106490 A CN 200910106490A CN 101521598 A CN101521598 A CN 101521598A
Authority
CN
China
Prior art keywords
user
meter
module
subscriber
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200910106490A
Other languages
Chinese (zh)
Other versions
CN101521598B (en
Inventor
刘宗颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2009101064902A priority Critical patent/CN101521598B/en
Publication of CN101521598A publication Critical patent/CN101521598A/en
Application granted granted Critical
Publication of CN101521598B publication Critical patent/CN101521598B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an SNMP network management system and a method thereof for managing an access customer. The method of the invention, which is used for managing the access customer, includes the steps: preparing a user meter containing the information of the user state; and realizing the management of the user by setting the restricting information of the user state of the user meter. The invention achieves the purposes that the SNMP network management not only obtains the information of the user, but also favorably controls the user.

Description

SNMP network management system and method that the butt joint access customer manages
Technical field
The present invention relates to network communication field, relate in particular to a kind of Simple Network Management Protocol (Simple Network Management Protocol, SNMP) network management system and method that access customer manages of docking.
Background technology
SNMP is by the Internet process task groups (Internet Engineering Task Force, IETF) one of definition cover NMP, utilize SNMP make a management work station can telemanagement all support the network equipment of this agreement, comprise the monitoring network state, revise network equipments configuration, receive network event warning etc.
The management of present stage mainly is the read functions that has utilized SNMP, and promptly (Management Information Base MIB) reads user profile to SNMP, realizes management to the user by other module again according to this user profile from user's management information bank.So even SNMP has obtained user profile, but SNMP is not enough to user's control.As the restriction of centering virus user access, some is attacked user, multithreading download the user who takies massive band width and play and roll off the production line or control its accessed content etc.
Summary of the invention
Only obtain user profile for solving SNMP, the user is controlled not enough problem, be necessary to provide a kind of realization SNMP both to obtain user profile, again the SNMP network management system that manages of the butt joint access customer that the user is better controlled.
In addition, also be necessary the method that provides a kind of above-mentioned butt joint access customer to manage.
The SNMP network management system that access customer manages is docked in the present invention, and it comprises transmitting-receiving bag module, access module, SNMP proxy module and user management module, wherein,
Described transmitting-receiving bag module is used to receive the packet that the user sends, and according to the type of packet packet is distributed, and the type of described packet comprises request data package and comprises the protocol data bag of snmp message;
Described access module is used to receive and resolve the request data package that transmitting-receiving bag module sends, and obtain user profile, and whether detect user profile correct, if, send user's request that user profile and described request packet comprise to described user management module, otherwise, described user's request refused;
Described user management module is used to receive described user profile and user's request, and asks to dispose the subscriber's meter that comprises the User Status restricted information according to described user profile and user;
Described SNMP proxy module is used to receive and resolve the protocol data bag that comprises snmp message that transmitting-receiving bag module sends, and according to analysis result, by the User Status restricted information of described subscriber's meter is set, realizes the management to the user.
In said system, also comprise forwarding module, described forwarding module is used for carrying out user data according to the described subscriber's meter that described user management module issues and transmits.
In said system, described subscriber's meter comprises the user identity numbering, the protocol address that interconnects between the network, and Media Access Control address, port and state, wherein, state is the User Status restricted information.
In said system, described User Status restricted information comprises four kinds of states, and it is online to be respectively normal users; Force users rolls off the production line; Limited users is online; The user is not online, if the user reaches the standard grade, will become limited users.
The present invention is docked the method that access customer manages and be may further comprise the steps:
Configuration comprises the subscriber's meter of User Status restricted information;
By the User Status restricted information of described subscriber's meter is set, realize management to the user.
In said method, the subscriber's meter that described configuration comprises the User Status restricted information comprises:
The user sends request data package;
Access module receives and resolves the described request packet, obtains user profile, and whether detect user profile correct, if, send user's request that user profile and described request packet comprise to described user management module, otherwise, described user's request refused;
User management module receives described user profile and user's request, and asks to dispose the subscriber's meter that comprises the User Status restricted information according to described user profile and user.
In said method, the described User Status restricted information that described subscriber's meter is set comprises:
The keeper sends and comprises the packet that message is set;
The SNMP proxy module receives also and resolves this packet, obtains the user identity numbering of this packet, sends corresponding setting and instructs user management module;
Described user management module receives this instruction, according to this instruction, searches the corresponding subscriber's meter of user identity numbering, and described subscriber's meter is provided with.
SNMP network management system and the method that access customer manages docked in the present invention, configuration comprises the subscriber's meter of User Status restricted information, and the User Status restricted information of described subscriber's meter is set by snmp message, realize that SNMP had both obtained user profile, again the purpose that the user is better controlled.
After the detailed description of reading embodiment of the present invention in conjunction with the accompanying drawings, it is clearer that characteristics of the present invention and advantage will become.
Description of drawings
Fig. 1 is that the SNMP network management system module diagram that access customer manages is docked in the present invention;
Fig. 2 is that the method flow diagram that access customer manages is docked in the present invention;
Fig. 3 is the particular flow sheet that the method step S1 that access customer manages is docked in the present invention;
Fig. 4 is the particular flow sheet that the method step S2 that access customer manages is docked in the present invention.
Embodiment
Below in conjunction with accompanying drawing SNMP network management system and the method that access customer manages being docked in the present invention describes.
See also Fig. 1, it is that the SNMP network management system module diagram that access customer manages is docked in the present invention.
The present invention is docked the SNMP network management system that access customer manages and is comprised: transmitting-receiving bag module 11, access module 12, SNMP proxy module 13, user management module 14 and forwarding module 15.Wherein, transmitting-receiving bag module 11 is connected with SNMP proxy module 13 with access module 12 respectively, and user management module 14 is connected with access module 12, SNMP proxy module 13 and forwarding module 15 respectively.
Transmitting-receiving bag module 11 is used to receive the packet that the user sends, and according to the type of packet packet is distributed.If the packet that receives is to comprise the request data package that the user inserts or rolls off the production line, then this packet is sent to access module 12; If the packet that receives is the protocol data bag that comprises snmp message, then this packet is sent to SNMP proxy module 13.Snmp message comprises SNMP GET message and SNMP SET message, is called for short GET message and SET message respectively.Wherein, GET message is the instruction of obtaining user profile, and SET message is the instruction that sets user information.
Access module 12 is used to receive and resolve the request data package that transmitting-receiving bag module 11 sends, and obtain user profile, and whether detect user profile correct.If user profile is all correct, then send user's request that user profile and request data package comprise to user management module 14, control user management module 14 is carried out the configuration of subscriber's meter.If user profile is wrong, then refusing user's request sends the refusal request message to transmitting-receiving bag module 11, feeds back to the user by transmitting-receiving bag module 11.Such as, access module 12 receives the access request data package, resolve and obtain access way and access authentication information in this packet, check again whether access way is complementary with link, and whether access authentication passes through, if user profile is all correct, then send the user who increases subscriber's meter and ask user management module 14, control user management module 14 increases subscriber's meter, if user profile is wrong, and the then access request of refusing user's.
User management module 14 is used to receive described user profile and user's request, and asks to dispose the subscriber's meter that comprises the User Status restricted information according to described user profile and user, subscriber's meter is issued to forwarding module 15 again.Subscriber's meter comprise user identity numbering (Identity, ID), the protocol address that interconnects between the network (Internet Protocol, IP), Media Access Control address (MAC MediaAccess Control, MAC), port and state.
SNMP proxy module 13 is used to receive and resolve the protocol data bag that comprises snmp message that transmitting-receiving bag module 11 sends, if this packet comprises GET message, then obtain the user ID of this packet, send to extract and to instruct user management module 14, control user management module 14 is extracted the corresponding information of this user ID from subscriber's meter, and sends to the operation user by transmitting-receiving bag module 11; If this packet comprises SET message, then obtain the user ID of this packet, send to be provided with and instruct user management module 14, control user management module 14 this user ID in subscriber's meter is carried out corresponding setting, and configuration comprises the subscriber's meter of User Status restricted information.Such as the state of revising this subscriber's meter or increase, deletion subscriber's meter with transmit, issue control ACL to transmitting, and send user profile after being provided with to operating the user by transmitting-receiving bag module 11.
Forwarding module 15 is used to receive the subscriber's meter that user management module 14 issues, and generate according to subscriber's meter and to transmit, to transmit the hardware that is issued to this system again, thereby convenient data to user's online are transmitted, and promptly the described subscriber's meter that issues according to described user management module carries out the user data forwarding.
It is as follows that the subscriber's meter of the SNMP network management system that access customer manages is docked in the present invention:
User ID IP MAC Port User Status Other
00000001 1.1.1.1 22:00:00:00:00:01 G_1/1 00 ...
In the above-mentioned subscriber's meter, state options can comprise following four kinds of states:
00, its expression normal users is online;
01, its expression force users rolls off the production line, and does not promptly have this state in the subscriber's meter, and snmp message rolls off the production line for this state force users by the user is set;
10, its expression limited users is online;
11, its expression user is not online, if the user reaches the standard grade, will become limited users.
Wherein, limited users refers to: when this user of status indicator of subscriber's meter is a limited users, user management module 14 will issue control ACL customer access network will be controlled, when customer access network, and will be by limited.As certain station server that the user can only access system be provided with, go forward side by side line scanning and virus killing operation, the website that perhaps can only Access Management Access person provides.
See also Fig. 2, it is that the method flow diagram that access customer manages is docked in the present invention.
Step S1, configuration comprise the subscriber's meter of User Status restricted information;
See also Fig. 3, it is the particular flow sheet that the method step S1 that access customer manages is docked in the present invention.
This step S1 specifically may further comprise the steps:
11) user sends to transmitting-receiving bag module 11 and comprises the access request data package;
12) transmitting-receiving bag module 11 receives this packet, and this packet is sent to access module 12;
13) access module 12 is used to receive and resolve the packet that transmitting-receiving bag module 11 sends, and obtains user profile, and checks whether correct and testing circuit of user profile.If it is normal that user profile all correctly reaches circuit, then send the instruction that subscriber's meter is set and arrive user management module 14, and carry out 14); If user profile is wrong, or the electric circuit inspection failure, the then access request of refusing user's sends refusal to transmitting-receiving bag module 11 and inserts message, feeds back to the user by transmitting-receiving bag module 11;
14) user management module 14 receives the instruction of subscriber's meter is set, and judges the subscriber's meter whether this user's correspondence is arranged in active user's table.
If have, the state in active user's table is 11 so, and user management module 14 is according to the instruction that subscriber's meter is set, and the state of revising in the subscriber's meter is 10, and the state in this subscriber's meter is the User Status restricted information.Simultaneously, user management module 14 issues to be transmitted, and control ACL controls customer access network.
If do not have, then user management module 14 increases the subscriber's meter of this user's correspondence according to the instruction that subscriber's meter is set, and the state in the subscriber's meter is set to 00.
Step S2, by the User Status restricted information of described subscriber's meter is set, realize management to the user.
See also Fig. 4, it is the particular flow sheet that the method step S2 that access customer manages is docked in the present invention.
When the user was limited users, this step S2 specifically comprised the steps:
21) keeper sends the packet that comprises SET message to transmitting-receiving bag module 11;
22) transmitting-receiving bag module 11 receives this packet, and this packet is sent to SNMP proxy module 13;
23) SNMP proxy module 13 receives and resolves this packet, obtains the user ID of this packet, sends corresponding instruction to user management module 14;
24) user management module 14 receives this instruction, according to instruction, searches the subscriber's meter of user ID correspondence.If find corresponding subscriber's meter, then the state information that comprises according to the SET message content is provided with the state of subscriber's meter;
If a) state information that comprises of SET message is 00: then the state of revising subscriber's meter is 00, and remove user's control ACL, thus make user's accesses network normally;
B) if the state information that SET message comprises is 01: then the state of revising subscriber's meter is 11, removing is transmitted, and sends the message that the prompting users have been rolled off the production line to transmitting-receiving bag module 11, gives the keeper by transmitting-receiving bag module 11 with this message feedback again;
C) if the state information that SET message comprises is 11: then the state of revising subscriber's meter is 11, and remove and transmit, and send the message that the prompting users have been rolled off the production line to transmitting-receiving bag module 11, give the keeper by transmitting-receiving bag module 11 with this message feedback again.
If can not find corresponding subscriber's meter, the expression user has been rolled off the production line or the SET message error, returns user rolled off the production line message or SET error message to transmitting-receiving bag module 11, feeds back to the keeper by transmitting-receiving bag module 11 again.
When user applies rolled off the production line, the SNMP network management system that manages to the butt joint access customer sent the request of rolling off the production line, and specifically comprises the steps:
31) when user applies rolls off the production line, comprise the requested packets that rolls off the production line to 11 transmissions of transmitting-receiving bag module;
32) transmitting-receiving bag module 11 receives this packet, and this packet is sent to access module 12;
33) access module 12 is used to receive and resolve the packet that transmitting-receiving bag module 11 sends, obtain user profile,, and check whether user profile is correct as user's access way, access authentication information, whether be complementary with link such as access way, whether access authentication passes through.If user profile is all correct, then sends the instruction of rolling off the production line and arrive user management module 14; If user profile is wrong, the then request of rolling off the production line of refusing user's sends refusal to transmitting-receiving bag module 11 and inserts message, feeds back to the user by transmitting-receiving bag module 11;
34) user management module 14 receives the instruction of rolling off the production line, and checks the state of active user's table.If the state of subscriber's meter is 11, then point out the user to roll off the production line, send the message that the user has been rolled off the production line to transmitting-receiving bag module 11, feed back to the user by transmitting-receiving bag module 11; If the state of subscriber's meter is 00, then remove subscriber's meter and corresponding transmitting, carry out user offline and handle, send the message that the user has been rolled off the production line to transmitting-receiving bag module 11, feed back to the user by transmitting-receiving bag module 11; If the state of subscriber's meter is 10, then remove the user and transmit, and the flag bit of revising subscriber's meter is 11, and to notify the user be limited users, need kill virus or exist behavior, need just can lift restrictions after the processing of visit given server or website network harm.
Compared with prior art, the subscriber's meter that SNMP network management system that access customer manages and method configuration comprise the User Status restricted information is docked in the present invention, and the User Status restricted information that described subscriber's meter is set by snmp message, realize that SNMP had both obtained user profile, again the purpose that the user is better controlled.
Only be preferred case study on implementation of the present invention below, be not limited to the present invention, for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (7)

1, a kind ofly docks the SNMP network management system that access customer manages, it comprises transmitting-receiving bag module, described transmitting-receiving bag module is used to receive the packet that the user sends, and packet is distributed according to the type of packet, the type of described packet comprises request data package and comprises the protocol data bag of snmp message, it is characterized in that described system also comprises access module, SNMP proxy module and user management module, wherein
Described access module is used to receive and resolve the request data package that transmitting-receiving bag module sends, and obtain user profile, and whether detect user profile correct, if, send user's request that user profile and described request packet comprise to described user management module, otherwise, described user's request refused;
Described user management module is used to receive described user profile and user's request, and asks to dispose the subscriber's meter that comprises the User Status restricted information according to described user profile and user;
Described SNMP proxy module is used to receive and resolve the protocol data bag that comprises snmp message that transmitting-receiving bag module sends, and according to analysis result, by the User Status restricted information of described subscriber's meter is set, realizes the management to the user.
2, system according to claim 1 is characterized in that, also comprises forwarding module, and described forwarding module is used for carrying out user data according to the described subscriber's meter that described user management module issues and transmits.
3, system according to claim 1 is characterized in that, described subscriber's meter comprises the user identity numbering, the protocol address that interconnects between the network, and Media Access Control address, port and state, wherein, state is the User Status restricted information.
4, system according to claim 1 is characterized in that, described User Status restricted information comprises four kinds of states, and it is online to be respectively normal users; Force users rolls off the production line; Limited users is online; The user is not online, if the user reaches the standard grade, will become limited users.
5, a kind ofly dock the method that access customer manages, it is characterized in that, may further comprise the steps:
Configuration comprises the subscriber's meter of User Status restricted information;
By the User Status restricted information of described subscriber's meter is set, realize management to the user.
6, method according to claim 5 is characterized in that, the subscriber's meter that described configuration comprises the User Status restricted information comprises:
The user sends request data package;
Access module receives and resolves the described request packet, obtains user profile, and whether detect user profile correct, if, send user's request that user profile and described request packet comprise to described user management module, otherwise, described user's request refused;
User management module receives described user profile and user's request, and asks to dispose the subscriber's meter that comprises the User Status restricted information according to described user profile and user.
7, method according to claim 5 is characterized in that, the described User Status restricted information that described subscriber's meter is set comprises:
The keeper sends and comprises the packet that message is set;
The SNMP proxy module receives also and resolves this packet, obtains the user identity numbering of this packet, sends corresponding setting and instructs user management module;
Described user management module receives this instruction, according to this instruction, searches the corresponding subscriber's meter of user identity numbering, and described subscriber's meter is provided with.
CN2009101064902A 2009-03-30 2009-03-30 SNMP network management system and method thereof for managing access customer Expired - Fee Related CN101521598B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009101064902A CN101521598B (en) 2009-03-30 2009-03-30 SNMP network management system and method thereof for managing access customer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009101064902A CN101521598B (en) 2009-03-30 2009-03-30 SNMP network management system and method thereof for managing access customer

Publications (2)

Publication Number Publication Date
CN101521598A true CN101521598A (en) 2009-09-02
CN101521598B CN101521598B (en) 2011-07-13

Family

ID=41081983

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009101064902A Expired - Fee Related CN101521598B (en) 2009-03-30 2009-03-30 SNMP network management system and method thereof for managing access customer

Country Status (1)

Country Link
CN (1) CN101521598B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098271A (en) * 2009-12-10 2011-06-15 华为技术有限公司 User information acquisition method, device and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5983270A (en) * 1997-03-11 1999-11-09 Sequel Technology Corporation Method and apparatus for managing internetwork and intranetwork activity
CN101282254B (en) * 2007-04-02 2011-06-01 华为技术有限公司 Method, system and apparatus for managing household network equipment
CN101141305B (en) * 2007-10-08 2010-11-24 福建星网锐捷网络有限公司 Network security defensive system, method and security management server

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098271A (en) * 2009-12-10 2011-06-15 华为技术有限公司 User information acquisition method, device and system
WO2011069466A1 (en) * 2009-12-10 2011-06-16 华为技术有限公司 Method, apparatus and system for obtaining user information
US8875225B2 (en) 2009-12-10 2014-10-28 Huawei Technologies Co., Ltd. Method, apparatus and system for obtaining user information
CN102098271B (en) * 2009-12-10 2015-01-07 华为技术有限公司 User information acquisition method, device and system

Also Published As

Publication number Publication date
CN101521598B (en) 2011-07-13

Similar Documents

Publication Publication Date Title
EP2666263B1 (en) Methods, systems, and computer readable media for screening diameter messages within a diameter signaling router (dsr) having a distributed message processor architecture
CN1661988B (en) Method of transporting a multipoint stream in a local area network and device for connection implementing the method
CN101175078B (en) Identification of potential network threats using a distributed threshold random walk
CN109983736B (en) NF component exception processing method, device and system
CN101164286A (en) Electronic message delivery system including a network device
US20110060902A1 (en) Vpn connection system and vpn connection method
CN103906087A (en) Access point upgrading method, device and system
CN103117902B (en) User offline automatic checkout system and method under a kind of IPoE
CN110995873A (en) Gateway service interface discovery method, system, electronic device and storage medium
CN104281422A (en) Printing system, intermediate server, printing device and job system
CN107566292B (en) Message forwarding method and device
CN106254338A (en) Message detecting method and device
CN101188618A (en) Method, system, server and terminal for canceling push message
JP2013070325A (en) Communication system, communication apparatus, server, and communication method
US20080168563A1 (en) Storage medium storing terminal identifying program terminal identifying apparatus, and mail system
CN107911496A (en) A kind of VPN service terminal acts on behalf of the method and device of DNS
CN107707689A (en) A kind of DHCP message processing method, Dynamic Host Configuration Protocol server and gateway device
CN101521598B (en) SNMP network management system and method thereof for managing access customer
CN103986793B (en) A kind of method and system of lifting Portal certification IP address service efficiencies
KR101284584B1 (en) System and method for managing signaling traffic
CN107547621A (en) A kind of message forwarding method and device
CN103634289A (en) Communication block apparatus and communication block method
CN101827037A (en) Multicast data stream sending method, device and two-layer switching equipment
CN1996960B (en) A filtering method for instant communication message and instant communication system
CN101312407B (en) Method and apparatus for measuring quality of network service

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110713

Termination date: 20180330