CN101883027A - Method and device for detecting availability of TACACS server - Google Patents
Method and device for detecting availability of TACACS server Download PDFInfo
- Publication number
- CN101883027A CN101883027A CN2010102207323A CN201010220732A CN101883027A CN 101883027 A CN101883027 A CN 101883027A CN 2010102207323 A CN2010102207323 A CN 2010102207323A CN 201010220732 A CN201010220732 A CN 201010220732A CN 101883027 A CN101883027 A CN 101883027A
- Authority
- CN
- China
- Prior art keywords
- authentication
- charging message
- authorization charging
- tacacs
- tacacs server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method and a device for detecting the availability of a TACACS server, and the method comprises the following steps: using a data communication device to receive a command of detecting whether the TACACS server is available or not, and obtaining user information of a virtual user from the command; generating an authentication authorization accounting packet, wherein the authentication authorization accounting packet carries the user information; sending the authentication authorization accounting packet to the TACACS server; if the response to the authentication authorization accounting packet sent by the TACACS server is received, determining that the TACACS server is available; otherwise, determining that the TACACS server is unavailable. The adoption of the method and the device can achieve the effect of conveniently testing the availability of the TACACS server.
Description
Technical field
The present invention relates to the communications field, in particular to the method and the device of a kind of sense terminals access controller access control system (Terminal Access Controller Access-Control System abbreviates TACACS as) server availability.
Background technology
Data communications equipment needs the butt joint access customer to manage as access device the time, and a critical function of data communications equipment is the authentication and authorization charging client as the user.Authentication and authorization charging generally needs data communications equipment to send relevant user information to tacacs server, and tacacs server is realized final authentication and charging.
In correlation technique, can be implemented on the data communications equipment by ping and trace and detect and the connectedness of tacacs server, but, if detect the availability of tacacs server, just must have real user to insert, this makes that the availability of test tacacs server is very inconvenient in actual field positioning problems, test and remote failure debugging.
Summary of the invention
Main purpose of the present invention is to provide a kind of scheme that detects the tacacs server availability, to solve the problem of the availability inconvenience of test tacacs server in on-the-spot positioning problems, test and the remote failure debugging that exists in the correlation technique.
To achieve these goals, according to an aspect of the present invention, a kind of method of sense terminals access controller access control system tacacs server availability is provided, this method comprises: whether available data communications equipment receive to detect tacacs server order, obtains the user profile of Virtual User from order; Generate the authentication and authorization charging message, wherein, carry user profile in the authentication and authorization charging message; Send the authentication and authorization charging message to tacacs server; If receive the response of the authentication and authorization charging message of tacacs server transmission, then definite tacacs server can be used; Otherwise, determine that tacacs server is unavailable.
Further, after tacacs server sends the authentication and authorization charging message,, then send the authentication and authorization charging message to tacacs server once more if do not receive response in first predetermined time interval; Repeat above-mentioned steps, reach pre-determined number until the number of times that receives response or transmission authentication and authorization charging message.
Further, after tacacs server sends the authentication and authorization charging message,, then print first flag information if in second predetermined time interval, do not receive response; If receive response, then print second flag information; Wherein, first flag information and second flag information are inequality.
Further, when generating the authentication and authorization charging message, for the authentication and authorization charging message adds flag bit; If in first predetermined time interval, do not receive response, then send the authentication and authorization charging message to tacacs server once more and comprise:, then obtain the authentication and authorization charging message by flag bit if in first predetermined time interval, do not receive response; Send the authentication and authorization charging message to tacacs server.
Further, after tacacs server sends the authentication and authorization charging message, receive the order of interrupting detection; Deletion authentication and authorization charging message.
To achieve these goals, according to a further aspect in the invention, provide a kind of device that detects the tacacs server availability, this method comprises: whether available first receiver module be used to receive and detect tacacs server order; Acquisition module is used for from the user profile of order acquisition Virtual User; Generation module is used to generate the authentication and authorization charging message, wherein, carries user profile in the authentication and authorization charging message; Sending module is used for sending the authentication and authorization charging message to tacacs server; Determination module is used under the situation of the response that receives the authentication and authorization charging message that tacacs server sends, and determines that tacacs server can use; Otherwise, determine that tacacs server is unavailable.
Further, sending module comprises: judge submodule, be used for judging whether receive response in first predetermined time interval after tacacs server sends the authentication and authorization charging message; First sends submodule, and the judged result that is used at the interpretation submodule is under the situation not, sends the authentication and authorization charging message to tacacs server once more; The control submodule is used for controlling and judges that submodule and first sends submodule and repeats aforesaid operations, reaches pre-determined number until the number of times that receives response or transmission authentication and authorization charging message.
Further, this device also comprises: first print module is used for if do not receive response in second predetermined time interval, printing first flag information after tacacs server sends the authentication and authorization charging message; Second print module is used for receiving under the situation of response, prints second flag information; Wherein, first flag information and second flag information are inequality.
Further, generation module is used for when generating the authentication and authorization charging message, for the authentication and authorization charging message adds flag bit; Sending module comprises: obtain submodule, be used for not receiving in first predetermined time interval under the situation of response, obtain the authentication and authorization charging message by flag bit; Second sends submodule, is used for sending the authentication and authorization charging message to tacacs server.
Further, this device also comprises: second receiver module is used to receive the order of interrupting detection; Removing module is used to delete the authentication and authorization charging message.
By the present invention, adopt the authentication and authorization charging message that sends corresponding Virtual User, determine the mode of tacacs server availability according to the response that whether receives the authentication and authorization charging message that tacacs server sends, solve the inconvenient problem of test in on-the-spot positioning problems, test and the remote failure debugging that exists in the correlation technique, and then reached the effect of testing the availability of tacacs server easily.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the method flow diagram according to the detection tacacs server availability of the embodiment of the invention;
Fig. 2 is the concrete flow chart according to the method for the detection tacacs server availability of the embodiment of the invention;
Fig. 3 is the structured flowchart according to the device of the detection tacacs server availability of the embodiment of the invention;
Fig. 4 is the structured flowchart according to the sending module of the embodiment of the invention;
Fig. 5 is the concrete structured flowchart according to the device of the detection tacacs server availability of the embodiment of the invention; And
Fig. 6 is the another kind of concrete structured flowchart according to the device of the detection tacacs server availability of the embodiment of the invention.
Embodiment
Hereinafter will describe the present invention with reference to the accompanying drawings and in conjunction with the embodiments in detail.Need to prove that under the situation of not conflicting, embodiment and the feature among the embodiment among the application can make up mutually.
Embodiment one
According to embodiments of the invention, a kind of method that detects the tacacs server availability is provided, Fig. 1 is that as shown in Figure 1, this method comprises according to the method flow diagram of the detection tacacs server availability of the embodiment of the invention:
Step S102, whether available data communications equipment receive to detect tacacs server order, obtains the user profile of Virtual User from this order;
Step S104 generates the authentication and authorization charging message, wherein, carries user profile in the authentication and authorization charging message;
Step S106 sends the authentication and authorization charging message to tacacs server;
Step S108, if receive the response of the authentication and authorization charging message of tacacs server transmission, then definite tacacs server can be used; Otherwise, determine that tacacs server is unavailable.
This embodiment adopts the authentication and authorization charging message that sends corresponding Virtual User, determine the mode of tacacs server availability according to the response that whether receives the authentication and authorization charging message that tacacs server sends, need not when test, to insert actual user, reached the effect of testing the availability of tacacs server easily.
Preferably, after tacacs server sends the authentication and authorization charging message,, then send the authentication and authorization charging message to tacacs server once more if do not receive response in first predetermined time interval; Repeat above-mentioned steps, reach pre-determined number until the number of times that receives response or transmission authentication and authorization charging message.Transmission strategy (for example, overtime duration timeout, maximum number of times of transmission max-retries) that can the configuration detection bag.When this embodiment responds by not receiving in first predetermined time interval, send the authentication and authorization charging message to tacacs server once more, guarantee that tacacs server can receive the authentication and authorization charging message, improved the accuracy that detects the tacacs server availability.
Preferably, after tacacs server sends the authentication and authorization charging message,, then print first flag information if in second predetermined time interval, do not receive response; If receive response, then print second flag information; Wherein, first flag information and second flag information are inequality.If the tacacs server in the group can not arrive the time and the timeout time-out time establish longly, can get ready by timer and realize to the outstanding message of serially printing point (similar ping order), for example,, print a point to control desk every 2 seconds.When receiving that tacacs server is responded bag, can be to the serially printing exclamation mark, the expression tacacs server can be used.This embodiment promptly prints a flag information at set intervals in testing process, make the user can clear and definite detection procedure.
Preferably, when generating the authentication and authorization charging message, for the authentication and authorization charging message adds flag bit; If in first predetermined time interval, do not receive response, then send the authentication and authorization charging message to tacacs server once more and comprise:, then obtain the authentication and authorization charging message by flag bit if in first predetermined time interval, do not receive response; Send the authentication and authorization charging message to tacacs server.This embodiment adds flag bit for the authentication and authorization charging message, thereby according to flag bit the authentication and authorization charging message is operated, and has strengthened practicality.
Preferably, after tacacs server sends the authentication and authorization charging message, receive the order of interrupting detection; Deletion authentication and authorization charging message.The user can detect request by the TACACS that ctrl^c interrupts, and the detection bag in the transmit queue should be deleted when the user is interrupted this detection by ctrl^c.This embodiment provides the operation of interrupting detection, has strengthened the controllability of test operation.
Embodiment two
Fig. 2 is the method flow diagram according to the detection tacacs server availability of the embodiment of the invention, flow process below in conjunction with Fig. 2 and detection tacacs authentication mandate accounting server, the flow process that detects the tacacs server availability is elaborated, and this flow process comprises:
Step S202 detects the order of tacacs server group service availability in the order line input.The user name password that uses during detection can be joined.
Step S204, the information that comprises according to this order generates the authentication and authorization charging message that is used for the TACACS detection, for example, the TACACS detection module is constructed authentication and authorization charging data structure (contain to detect and use call back function) according to given user profile and server group information.After generating the authentication and authorization charging message, call the normal TACACS flow process of giving out a contract for a project.
Step S206 goes out the server authentication group number of detection and user profile and the time of detecting usefulness in end print.
Step S208 adds the authentication and authorization charging formation that awaits a response with the authentication and authorization charging message that detects the tacacs authentication server.Because the TACACS agreement does not provide special detection bag type, therefore, need software to use as detecting bag by making up common request package, and in order to use original handling process as far as possible, and test result is shown as far as possible in detail, respond the flag bit that increases detection bag and common request bag in the bag in the wait authentication and authorization charging request that TACACS makes up, the processing in each step can be done special operation (main exactly when sending and receiving answer) for detecting bag like this.Wherein, this flag bit represents that this bag is the bag of TACACS type of detection.Start timer simultaneously, the timeout call back function that registration tacacs authentication mandate accounting server TACACS detects.
Step S210 sends the TACACS detection messages that detects tacacs authentication mandate accounting server service availability.
Step S212 judges the response of whether receiving tacacs server in the time at Timeout, if judged result then enters step S214 for being, otherwise, enter step S216.
Step S214 if receive response, then deletes the request package that the TACACS in the waiting list detects, and the printing server available information.Flow process finishes.
Step S216, if do not respond, timeout time and maximum number of times of transmission according to the authentication and authorization charging configuration set are retransmitted, await a response in the expression of end print point, judge whether the number of times that sends detection messages surpasses maximum number of times of transmission, if then enter step S218, otherwise, return step S210.
Step S218 reaches maximum number of times of transmission, then deletes the request package that the TACACS in the waiting list detects, and the unavailable information of printing server.
Embodiment three
In the present embodiment, detect the method for the service availability of tacacs authentication server by instantiation explanation, profile instance is as follows:
Data communications equipment receives the order that detects tacacs server group service availability: (config) #tacacs-ping authentication-group 1 user aaa@aaa password123.According to this order as can be known, tacacs server group to be detected is an authentication group 1, and the user is called aaa@aaa, and password is 123.Generate the authentication and authorization charging message that is used for the TACACS detection according to these information.Then, use step S208-step S218 to detect the service availability of authentication group 1.
Corresponding to said method, the present invention also provides a kind of device that detects the tacacs server availability, and this device can be applied to data communications equipment.Fig. 3 is that this device comprises according to the structured flowchart of the device of the detection tacacs server availability of the embodiment of the invention:
Whether available first receiver module 302 be used to receive and detect tacacs server order; Acquisition module 304 is coupled to first receiver module 302, is used for obtaining from this order the user profile of Virtual User; Generation module 306 is coupled to acquisition module 304, is used to generate the authentication and authorization charging message, wherein, carries user profile in this authentication and authorization charging message; Sending module 308 is coupled to generation module 306, is used for sending this authentication and authorization charging message to tacacs server; Determination module 310 is coupled to sending module 308, is used under the situation of the response that receives the authentication and authorization charging message that tacacs server sends, and determines that tacacs server can use; Otherwise, determine that tacacs server is unavailable.
Fig. 4 is the structured flowchart according to the sending module of the embodiment of the invention, preferably, sending module 308 comprises: judge submodule 402, be used for judging whether receive response in first predetermined time interval after tacacs server sends the authentication and authorization charging message; First sends submodule 404, is coupled to and judges submodule 402, and the judged result that is used at the interpretation submodule is under the situation not, sends the authentication and authorization charging message to tacacs server once more; Control submodule 406 is coupled to first and sends submodule 404, is used for controlling judging that submodule 402 and first sends submodule 404 and repeats aforesaid operations, reaches pre-determined number until the number of times that receives response or transmission authentication and authorization charging message.
Fig. 5 is the concrete structured flowchart according to the device of the detection tacacs server availability of the embodiment of the invention, preferably, this device also comprises: first print module 502, be used for after tacacs server sends the authentication and authorization charging message, if in second predetermined time interval, do not receive response, print first flag information; Second print module 504 is used for receiving under the situation of response, prints second flag information; Wherein, first flag information and second flag information are inequality.
Fig. 6 is the another kind of concrete structured flowchart according to the device of the detection tacacs server availability of the embodiment of the invention, and preferably, generation module 306 is used for when generating the authentication and authorization charging message, for the authentication and authorization charging message adds flag bit; Sending module 308 comprises: obtain submodule 602, be used for not receiving in first predetermined time interval under the situation of response, obtain the authentication and authorization charging message by flag bit; Second sends submodule 604, is coupled to and obtains submodule 602, is used for sending the authentication and authorization charging message to tacacs server.
Preferably, this device also comprises: second receiver module 606 is used to receive the order of interrupting detection; Removing module 608 is coupled to second receiver module 606, is used to delete the authentication and authorization charging message.
In sum, the embodiment of the invention adopts the authentication and authorization charging message that sends corresponding Virtual User, determine the mode of tacacs server availability to have reached the effect of testing the availability of tacacs server easily according to the response that whether receives the authentication and authorization charging message that tacacs server sends.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, and in some cases, can carry out step shown or that describe with the order that is different from herein, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the method for a sense terminals access controller access control system tacacs server availability is characterized in that, comprising:
Whether available data communications equipment receive to detect tacacs server order, obtains the user profile of Virtual User from described order;
Generate the authentication and authorization charging message, wherein, carry described user profile in the described authentication and authorization charging message;
Send described authentication and authorization charging message to described tacacs server;
If receive the response of the described authentication and authorization charging message of described tacacs server transmission, then definite described tacacs server can be used; Otherwise, determine that described tacacs server is unavailable.
2. method according to claim 1 is characterized in that, after sending described authentication and authorization charging message to described tacacs server, described method also comprises:
If do not receive described response in first predetermined time interval, then send described authentication and authorization charging message to described tacacs server once more;
Repeat above-mentioned steps, reach pre-determined number until the number of times that receives described response or send described authentication and authorization charging message.
3. method according to claim 2 is characterized in that, after sending described authentication and authorization charging message to described tacacs server, described method also comprises:
If in second predetermined time interval, do not receive described response, then print first flag information;
If receive described response, then print second flag information;
Wherein, described first flag information and described second flag information are inequality.
4. method according to claim 2 is characterized in that,
When generating described authentication and authorization charging message, described method also comprises: be that described authentication and authorization charging message adds flag bit;
If in first predetermined time interval, do not receive described response, then send described authentication and authorization charging message to described tacacs server once more and comprise:
If in first predetermined time interval, do not receive described response, then obtain described authentication and authorization charging message by described flag bit;
Send described authentication and authorization charging message to described tacacs server.
5. according to each described method in the claim 1 to 4, it is characterized in that after sending described authentication and authorization charging message to described tacacs server, described method also comprises:
Receive the order of interrupting detection;
Delete described authentication and authorization charging message.
6. a device that detects the tacacs server availability is characterized in that, comprising:
Whether available first receiver module be used to receive and detect tacacs server order;
Acquisition module is used for from the user profile of described order acquisition Virtual User;
Generation module is used to generate the authentication and authorization charging message, wherein, carries described user profile in the described authentication and authorization charging message;
Sending module is used for sending described authentication and authorization charging message to described tacacs server;
Determination module is used under the situation of the response that receives the described authentication and authorization charging message that described tacacs server sends, and determines that described tacacs server can use; Otherwise, determine that described tacacs server is unavailable.
7. device according to claim 6 is characterized in that, described sending module comprises:
Judge submodule, be used for after sending described authentication and authorization charging message judge in first predetermined time interval, whether to receive described response to described tacacs server;
First sends submodule, and the judged result that is used at described interpretation submodule is under the situation not, sends described authentication and authorization charging message to described tacacs server once more;
The control submodule is used to control described judgement submodule and described first and sends submodule and repeat aforesaid operations, reaches pre-determined number until the number of times that receives described response or send described authentication and authorization charging message.
8. device according to claim 7, it is characterized in that, described device also comprises: first print module, be used for after sending described authentication and authorization charging message to described tacacs server, if in second predetermined time interval, do not receive described response, print first flag information;
Second print module is used for receiving under the situation of described response, prints second flag information;
Wherein, described first flag information and described second flag information are inequality.
9. device according to claim 7 is characterized in that,
Described generation module is used for when generating described authentication and authorization charging message, is that described authentication and authorization charging message adds flag bit;
Described sending module comprises:
Obtain submodule, be used in first predetermined time interval, not receiving under the situation of described response, obtain described authentication and authorization charging message by described flag bit;
Second sends submodule, is used for sending described authentication and authorization charging message to described tacacs server.
10. according to each described device in the claim 6 to 9, it is characterized in that described device also comprises:
Second receiver module is used to receive the order of interrupting detection;
Removing module is used to delete described authentication and authorization charging message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102207323A CN101883027A (en) | 2010-07-01 | 2010-07-01 | Method and device for detecting availability of TACACS server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102207323A CN101883027A (en) | 2010-07-01 | 2010-07-01 | Method and device for detecting availability of TACACS server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101883027A true CN101883027A (en) | 2010-11-10 |
Family
ID=43054925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102207323A Pending CN101883027A (en) | 2010-07-01 | 2010-07-01 | Method and device for detecting availability of TACACS server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101883027A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103312903A (en) * | 2013-05-27 | 2013-09-18 | 华为软件技术有限公司 | Method and device for debugging record |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101174997A (en) * | 2007-11-21 | 2008-05-07 | 中兴通讯股份有限公司 | Device and method for detecting RADIUS server usability on BRAS equipment |
| CN101753370A (en) * | 2008-12-08 | 2010-06-23 | 中兴通讯股份有限公司 | System and method for detecting usability of certification process for broadband access user |
-
2010
- 2010-07-01 CN CN2010102207323A patent/CN101883027A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101174997A (en) * | 2007-11-21 | 2008-05-07 | 中兴通讯股份有限公司 | Device and method for detecting RADIUS server usability on BRAS equipment |
| CN101753370A (en) * | 2008-12-08 | 2010-06-23 | 中兴通讯股份有限公司 | System and method for detecting usability of certification process for broadband access user |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103312903A (en) * | 2013-05-27 | 2013-09-18 | 华为软件技术有限公司 | Method and device for debugging record |
| CN103312903B (en) * | 2013-05-27 | 2016-10-05 | 华为软件技术有限公司 | The debugging way of recording and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101042745B1 (en) | System and method for reestablishing the session between terminal and server | |
| CN108183950B (en) | Method and device for establishing connection of network equipment | |
| US8099510B2 (en) | Relay device and program product, allowing continued communication via an alternative protocol | |
| CN101174997B (en) | Device and method for detecting RADIUS server usability on BRAS equipment | |
| KR20040102095A (en) | Control of access by intermediate network element for connecting data communication networks | |
| CN108901025A (en) | A kind of rogue access point counter method and counter equipment | |
| CN108134713A (en) | A kind of communication means and device | |
| EP1820089A2 (en) | Leveraging real-time communications client | |
| CN110351827A (en) | A kind of wireless self-networking method and system based on Sub-GHz | |
| CN105792015A (en) | Remote network connecting method and remote network connecting system based on intelligent television | |
| CN100372325C (en) | Quick redialing method for user to log on broadband network | |
| CN111356090B (en) | Networking method of network, device thereof, terminal and computer readable storage medium | |
| CN101883027A (en) | Method and device for detecting availability of TACACS server | |
| CN102546633A (en) | Selection method and device for Web authentication server | |
| CN104335671A (en) | Terminal and contact lookup method | |
| CN100409645C (en) | Broadband cut-in user managing method | |
| CN107547563A (en) | A kind of authentication method and device | |
| CN101778055B (en) | Message processing method and network entity | |
| CN105681399B (en) | Business card acquisition methods and device | |
| CN105163335B (en) | A kind of network access management method, server, mobile terminal and system | |
| CN111901227A (en) | Simple and lightweight message real-time pushing system and implementation method thereof | |
| CN111478901A (en) | Account weak password detection method and device, server and storage medium | |
| CN102594800A (en) | Method and device for processing Web authentication server | |
| JP4704729B2 (en) | Packet data processing node equipment | |
| CN110784447A (en) | Method for realizing non-perception authentication across protocols |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101110 |