CN102244651B - Method for preventing attack of illegal neighbor discovery protocol message and access equipment - Google Patents
Method for preventing attack of illegal neighbor discovery protocol message and access equipment Download PDFInfo
- Publication number
- CN102244651B CN102244651B CN201010175844.1A CN201010175844A CN102244651B CN 102244651 B CN102244651 B CN 102244651B CN 201010175844 A CN201010175844 A CN 201010175844A CN 102244651 B CN102244651 B CN 102244651B
- Authority
- CN
- China
- Prior art keywords
- message
- address
- main frame
- list item
- mac address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for preventing an attack of an illegal neighbor discovery (ND) protocol message and access equipment. The method comprises the following steps that: access equipment receives a DAD message that is sent by a host and is directed at a local link address or a router solicitation (RS) message of an unspecified source IP address, wherein the RS message is sent by the host, and an MAC address of the host is extracted from the message; the access equipment determines a prefix that is distributed to the host, a global unicast IPv6 address of the host is generated by using the prefix and the MAC address, and safety items including the global unicast IPv6 address and the MAC address of the host are established; the access equipment receives an ND protocol message sent by any host; if the message is discovered as being neither the DAD message nor the RS message of the unspecified source IP address, the message matches the established safety items one by one; if the matching is done, the message is received; if not, the message is refused. According to the invention, an attack of an illegal ND protocol message can be prevented without adding any configuration.
Description
Technical field
The present invention relates to message transmissions technical field, be specifically related to prevent that illegal neighbours from finding method and the access device of (ND, Neighbor Discovery) protocol message aggression.
Background technology
At present, IPv6 is Internet Protocol next generation, has solved the problem of IPv4 address scarcity.Compare with IPv4, IPv6 supports the heading of succinct regular length, built-in fail safe, and better service quality (QoS, Quality of Service) is supported and mobility support.ND agreement, as IPV6 basic agreement, also provides the functions such as address resolution, router discovery, the unreachable detection of neighbours, duplicate address detection.ND protocol massages easily becomes the object that assailant forges, and is used to attack.
Attack pattern mainly contains several as follows:
One, assailant utilizes the counterfeit gateway of NS/NA message, other user of the same network segment under deception gateway, and the message that makes these users mail to gateway is sent to assailant.The flow process that counterfeit gateway is attacked is as shown in Figure 1:
Step 101: assailant A sends multicast neighbor request (NS to other user as: validated user B by access device, Neighbor Solicitation) message, the source media access control (MAC of NS message, Media Access Control) address is the MAC Address of assailant A, the IP address that source IP address is gateway.
Step 102: user B receives NS message, searches the ND list item corresponding with the source IP address of this message, if do not find,, according to the source IP address of message, source MAC etc., sets up new ND list item; If find, but the source MAC of MAC Address in ND list item and NS message is inconsistent, with the source MAC in message, upgrades the MAC Address in this ND list item.
Step 103: user B will send message to gateway, first send a clean culture NS message and carry out the unreachable detection of neighbours, the IP address that the object IP address of this message is gateway, the MAC Address of the assailant A in the ND list item that target MAC (Media Access Control) address is learnt for user B.
Step 104:NS message is sent to assailant A, and assailant A replys neighbor advertisement (NA, Neighbor Advertisement) message to user B.
Step 105: user B receives NA message, and corresponding ND list item is set to reachable state, after this, the message that user B mails to gateway all can be intercepted and captured by victim A.
Two, assailant utilizes the counterfeit validated user of NS/NA message, the MAC Address of other this validated user of user in deception gateway or the same network segment is upgraded, make all information of packed upper mistake of message that gateway or other user mail to this validated user, attack flow process as shown in Figure 2:
Step 201: assailant A sends multicast NS message to other user as: validated user C by access device, and the source MAC of NS message is the MAC Address of assailant A, and source IP address is the IP address of validated user B.
Step 202: validated user C receives NS message, searches the ND list item corresponding with the source IP address of this message, if do not find,, according to the source IP address of message, source MAC etc., sets up new ND list item; If find, but the source MAC of MAC Address in ND list item and message is inconsistent, and the source MAC with message upgrades the MAC Address in this ND list item.
Step 203: validated user C will send message to validated user B, first sends a clean culture NS message and carries out the unreachable detection of neighbours, and the source IP address of message is the IP address of user B, source MAC is the MAC Address of the assailant A in the ND list item of learning.
Step 204:NS message is sent to assailant A, and assailant A replys NA message to validated user C.
Step 205: validated user C receives NA message, and corresponding ND list item is set to reachable state, after this, validated user C mails to victim A intercepting and capturing of message of validated user B.
Three, assailant utilizes RS/RA message, and the MAC Address of a certain validated user in deception gateway phase same network segment is upgraded, and causes gateway that all messages are mail to assailant, attacks flow process as shown in Figure 3:
Step 301: assailant A sends router solicitation (RS, RouterSolicitation) message by access device to gateway, the source IP address of RS message is the IP address of validated user B, source MAC is the MAC Address of assailant A.
Step 302: gateway receives RS message, searches the ND list item corresponding with the source IP address of this message, if do not find,, according to the source IP address of message, source MAC etc., sets up new ND list item; If find, but the source MAC of MAC Address in ND list item and message is inconsistent, and the source MAC with message upgrades the MAC Address in this ND list item.
Step 303: gateway sends message to validated user B, and the object IP address of message is the IP address of validated user B, and target MAC (Media Access Control) address is the MAC Address of the assailant A in ND list item, and message is sent to assailant A.
In addition, assailant A also can forge router advertisement (RA, Router Advertisement) message, the source IP address of message is gateway ip address, source MAC is the MAC Address of assailant A, when validated user B receives RA message, can set up or ND list item corresponding to new gateway more, the message victim A that causes validated user B to mail to gateway intercepts and captures.
For avoiding disabled user's attack, safe ND (SeND) agreement of RFC3971 provides the mode that ND protocol massages is encrypted, and needs to be encrypted and decryption processing between communication node.The shortcoming of the method is: during networking, need to be encrypted relevant configuration, and need all to carry out relevant configuration on the node that will communicate by letter of what is the need in office, increase the complexity that user uses.
Summary of the invention
The invention provides the method and the access device that prevent illegal ND protocol message aggression, with without increasing under the prerequisite of any configuration, prevent the attack of illegal ND protocol massages.
Technical scheme of the present invention is achieved in that
A method that prevents illegal Neighbor Discovery protocol message aggression, the method comprises:
The duplicate address detection DAD message for link-local address that access device Receiving Host is sent or the router solicitation RS message of not specifying source IP address, the media access control MAC address of extracting main frame from message;
Access device is determined the prefix of distributing to this main frame, uses the overall clean culture IPv6 address of the MAC Address generation main frame of this prefix and main frame, and foundation comprises: the overall clean culture IPv6 address of main frame and the safe list item of MAC Address;
Access device receives the ND protocol massages that arbitrary main frame is sent, if find, this message is not DAD message,, not for not specifying the RS message of source IP address, this message is mated one by one with the safe list item of having set up yet, if match, accepts this message; Otherwise, refuse this message.
Described safe list item further comprises: described DAD message or do not specify inbound port sign and/or the virtual LAN VLAN sign of the RS message of source IP address.
Described access device is the dynamic host configuration protocol DHCP v6 client for IPv6.
Described access device determines that the prefix distribute to this main frame comprises: access device by the prefix assignment that is configured in self to main frame;
Or, the router advertisement RA message that access device is sent from upstream plant, obtain the prefix of distributing to main frame.
An access device, comprising:
MAC Address extraction module: the duplicate address detection DAD message for link-local address that Receiving Host is sent or the router solicitation RS message of not specifying source IP address, from message, extract the MAC Address of main frame, send to safe list item to set up module the MAC Address of main frame;
Safe list item is set up module: the MAC Address of Receiving Host, determine the prefix of distributing to main frame, use the MAC Address of this prefix and main frame to generate the overall clean culture IPv6 address of main frame, set up and preserve and comprise: the overall clean culture IPv6 address of main frame and the safe list item of MAC Address;
Filtering module: receive the ND protocol massages that arbitrary main frame is sent, if find, this message is not DAD message, and also, not for not specifying the RS message of source IP address, the safe list item of this message and safe list item being set up to module preservation mates one by one, if match, accept this message; Otherwise, refuse this message.
Described MAC Address extraction module is further used for, and sends to safe list item to set up module the inbound port sign of described DAD message or RS message and VLAN sign,
And described safe list item is set up module and is further used for, inbound port sign and VLAN sign that MAC Address extraction module is sent are put into described safe list item.
Described access device is DHCPv6 client.
Compared with prior art, in the present invention, the DAD message that access device is sent from main frame or the RS message of not specifying source IP address, extract the MAC Address of main frame, by this MAC Address and the prefix of distributing to main frame in conjunction with the IPv6 address that generates main frame, use the IPv6 address of main frame and the MAC Address of main frame to set up safe list item, use this safe list item to filter ND protocol massages, make, without the configuration that increases main frame and access device, can prevent the attack of illegal ND protocol massages.
Accompanying drawing explanation
Fig. 1 is the flow chart that existing assailant utilizes the counterfeit gateway of NS/NA message to attack;
Fig. 2 is the flow chart that existing assailant utilizes the counterfeit validated user of NS/NA message to attack;
Fig. 3 is the flow chart that existing assailant utilizes the counterfeit validated user of RS/RA message to attack;
The method flow diagram that prevents illegal ND protocol message aggression that Fig. 4 provides for the embodiment of the present invention one;
Fig. 5 is the application scenarios schematic diagram of the embodiment of the present invention two;
The method flow diagram that prevents illegal ND protocol message aggression that Fig. 6 provides for the embodiment of the present invention two;
The composition diagram of the access device that Fig. 7 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with drawings and the specific embodiments, the present invention is further described in more detail.
The method flow diagram that prevents illegal ND protocol message aggression that Fig. 4 provides for the embodiment of the present invention one, as shown in Figure 4, its concrete steps are as follows:
Step 401: the duplicate address detection (DAD for link-local address that access device Receiving Host is sent, Duplicate Address Detection) message or do not specify the RS message of source IP address, the source MAC of recorded message, inbound port sign (ID), VLAN (VLAN, VirtualLocal Network) ID.
The unicast address of the link-local scope of interface only has one, and prefix is fixed as FE80::, mask-length is 64.After main frame is reached the standard grade, can automatically generate a link-local address, then to access device, send the DAD message of the MAC Address of carrying this address and main frame, whether this address for confirmation is used by other main frame.
Step 402: access device is determined the prefix of distributing to main frame, and use the MAC Address of this prefix and main frame, generate the overall clean culture IPv6 address of main frame, and set up safe list item, safe list item comprises: the overall clean culture IPv6 address of main frame, the MAC Address of main frame.
Safe list item also can comprise: inbound port ID, VLAN ID, etc.Here, inbound port ID, VLAN ID are the DAD message of record in step 401 or inbound port ID, the VLAN ID of RS message.
If prefix is distributed by the upstream plant of access device, access device is after receiving the RA message that upstream plant sends, from RA message, obtain prefix, use this prefix to generate the overall clean culture IPv6 address of main frame, and by this RA message repeating to main frame, so that main frame uses the MAC Address of this prefix and self to generate the overall clean culture IPv6 address of self; If self disposes prefix access device, access device is directly used this prefix to generate the overall clean culture IPv6 address of main frame, and after receiving the RS message that main frame sends, this prefix is carried in RA message and returns to main frame, so that main frame uses this prefix and the MAC Address of self to generate the overall clean culture IPv6 address of self.Wherein, access device and main frame, when generating the overall clean culture IPv6 address of main frame, first use the MAC Address of main frame to generate the interface ID of EUI-64 form, and then according to following form, generate the main frame overall situation clean culture IPv6 address of 128:
Wherein, N is generally 64.
Prefix may have one also may have a plurality ofly, if having a plurality ofly, respectively by the MAC Address combination of each prefix and main frame, can obtain so a plurality of overall clean culture IPv6 address, for each IPv6 address, sets up a safe list item.
Step 403: access device receives a ND protocol massages that main frame is sent, and judges that whether this message is DAD message or the RS message of not specifying source IP address, if so, goes to step 401; Otherwise, execution step 404.
Step 404: access device mates the source IP address of this message, source MAC one by one with each safe list item of self setting up.
If be incorporated into port id, VLAN ID etc. in safe list item, in this step, access device mates the source IP address of message, source MAC, inbound port ID, VLAN ID etc. one by one with each safe list item of self setting up.
Step 405: access device has judged whether that safe list item matches, and if so, performs step 406; Otherwise, execution step 407.
Step 406: access device is accepted this message, and this flow process finishes.
Access device is accepted after this message, according to actual needs, message is made forward process or directly in this locality, is processed.
Step 407: access device is refused this ND protocol massages.
Embodiment illustrated in fig. 4ly be equally applicable to the application scenarios shown in Fig. 5, under this scene, prevent the flow process of illegal ND protocol message aggression as shown in Figure 6:
Step 601: for the DHCP (DHCPv6 of IPv6, Dynamic HostConfiguration Protocol for IPv6) the DAD message for link-local address that client main frame is sent or the RS message of not specifying source IP address, the source MAC of recorded message, inbound port ID, VLAN ID.
The RA message that step 602:DHCPv6 client DHCPv6 server is sent, from this message, obtain the prefix of distributing to main frame, and use the MAC Address of this prefix and main frame, generate the overall clean culture IPv6 address of main frame, and set up safe list item, safe list item comprises: the overall clean culture IPv6 address of the MAC Address of main frame, main frame.
Safe list item also can comprise: inbound port ID, VLAN ID, etc.Here, inbound port ID, VLAN ID are the DAD message of record in step 601 or inbound port ID, the VLAN ID of RS message.
The ND protocol massages that main frame of step 603:DHCPv6 client is sent, judges that whether this message is DAD message or the RS message of not specifying source IP address, if so, goes to step 601; Otherwise, execution step 604.
Step 604:DHCPv6 client is mated the source IP address of this message, source MAC one by one with each safe list item of self setting up.
If be incorporated into port id, VLAN ID etc. in safe list item, in this step, DHCPv6 client is mated the source IP address of message, source MAC, inbound port ID, VLAN ID etc. one by one with each safe list item of self setting up.
Step 605:DHCPv6 client has judged whether that safe list item matches, and if so, performs step 606; Otherwise, execution step 607.
Step 606:DHCPv6 client forwards this message, and this flow process finishes.
Step 607:DHCPv6 client is refused this ND protocol massages.
The composition diagram of the access device that Fig. 7 provides for the embodiment of the present invention, as shown in Figure 7, it mainly comprises: MAC Address extraction module 71, safe list item are set up module 72 and filtering module 73, wherein:
MAC Address extraction module 71: the DAD message for link-local address that Receiving Host is sent or the RS message of not specifying source IP address, from message, extract the MAC Address of main frame, send to safe list item to set up module 72 MAC Address of main frame.
MAC Address extraction module 71 also can send to safe list item to set up module 72 together with the MAC Address of the inbound port ID of DAD message or RS message, VLAN ID and main frame.
Safe list item is set up module 72: the MAC Address of the main frame that reception MAC Address extraction module 71 is sent, determine the prefix of distributing to main frame, use the MAC Address of this prefix and main frame to generate the overall clean culture IPv6 address of main frame, set up and preserve and comprise: the overall clean culture IPv6 address of main frame and the safe list item of MAC Address.
If configured the prefix of main frame on access device, safe list item is set up the overall clean culture IPv6 address that module 72 is directly used the MAC Address generation main frame of this prefix and main frame; Otherwise safe list item is set up and is extracted the prefix of distributing to main frame the RA message that module 72 can send from upstream plant.
If MAC Address extraction module 71 when sending host MAC address, is also sent inbound port ID and VLAN ID, also inbound port ID and VLAN ID are put into safe list item.
Filtering module 73: receive the ND protocol massages that arbitrary main frame is sent, find that this message is not DAD message, also, not for not specifying the RS message of source IP address, the safe list item of this message and safe list item being set up to module 72 preservations mates one by one, if match, accept this message; If do not match, refuse this message.
Access device shown in Fig. 7 can be DHCPv6 client, and now its upstream plant is DHCPv6 server.
Illustrated embodiment of the present invention is applicable to adopt the MAC Address of main frame to generate the scene of the interface ID of main frame.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, be equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.
Claims (7)
1. a method that prevents illegal Neighbor Discovery protocol message aggression, is characterized in that, the method comprises:
The duplicate address detection DAD message for link-local address that access device Receiving Host is sent or the router solicitation RS message of not specifying source IP address, the media access control MAC address of extracting main frame from message;
Access device is determined the prefix of distributing to this main frame, uses the overall clean culture IPv6 address of the MAC Address generation main frame of this prefix and main frame, and foundation comprises: the overall clean culture IPv6 address of main frame and the safe list item of MAC Address;
Access device receives the ND protocol massages that arbitrary main frame is sent, if find, this message is neither DAD message, also, not for not specifying the RS message of source IP address, this message is mated one by one with the safe list item of having set up, if match, accepts this message; Otherwise, refuse this message.
2. the method for claim 1, is characterized in that, described safe list item further comprises: described DAD message or do not specify inbound port sign and/or the virtual LAN VLAN sign of the RS message of source IP address.
3. method as claimed in claim 1 or 2, is characterized in that, described access device is the dynamic host configuration protocol DHCP v6 client for IPv6.
4. method as claimed in claim 1 or 2, is characterized in that, described access device determines that the prefix distribute to this main frame comprises: access device by the prefix assignment that is configured in self to main frame;
Or, the router advertisement RA message that access device is sent from upstream plant, obtain the prefix of distributing to main frame.
5. an access device, is characterized in that, comprising:
MAC Address extraction module: the duplicate address detection DAD message for link-local address that Receiving Host is sent or the router solicitation RS message of not specifying source IP address, from message, extract the MAC Address of main frame, send to safe list item to set up module the MAC Address of main frame;
Safe list item is set up module: the MAC Address of Receiving Host, determine the prefix of distributing to main frame, use the MAC Address of this prefix and main frame to generate the overall clean culture IPv6 address of main frame, set up and preserve and comprise: the overall clean culture IPv6 address of main frame and the safe list item of MAC Address;
Filtering module: receive the ND protocol massages that arbitrary main frame is sent, if find, this message is neither DAD message, and also, not for not specifying the RS message of source IP address, the safe list item of this message and safe list item being set up to module preservation mates one by one, if match, accept this message; Otherwise, refuse this message.
6. access device as claimed in claim 5, is characterized in that, described MAC Address extraction module is further used for, and sends to safe list item to set up module the inbound port sign of described DAD message or RS message and VLAN sign,
And described safe list item is set up module and is further used for, inbound port sign and VLAN sign that MAC Address extraction module is sent are put into described safe list item.
7. the access device as described in claim 5 or 6, is characterized in that, described access device is DHCPv6 client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010175844.1A CN102244651B (en) | 2010-05-14 | 2010-05-14 | Method for preventing attack of illegal neighbor discovery protocol message and access equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010175844.1A CN102244651B (en) | 2010-05-14 | 2010-05-14 | Method for preventing attack of illegal neighbor discovery protocol message and access equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102244651A CN102244651A (en) | 2011-11-16 |
| CN102244651B true CN102244651B (en) | 2014-04-16 |
Family
ID=44962490
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010175844.1A Active CN102244651B (en) | 2010-05-14 | 2010-05-14 | Method for preventing attack of illegal neighbor discovery protocol message and access equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102244651B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546429B (en) * | 2012-02-03 | 2016-12-14 | 神州数码网络(北京)有限公司 | The authentication method of Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring and system |
| CN102594816B (en) * | 2012-02-15 | 2015-08-19 | 神州数码网络(北京)有限公司 | A kind of method of preventing malicious neighbor learning attack and device |
| CN103347102B (en) * | 2013-06-28 | 2016-08-10 | 华为技术有限公司 | The recognition methods of conflict address detected message and device |
| CN104426839A (en) * | 2013-08-20 | 2015-03-18 | 中兴通讯股份有限公司 | Router advertisement attack prevention method, apparatus and device |
| CN104394241B (en) * | 2014-11-14 | 2018-07-03 | 华为技术有限公司 | A kind of file transmitting method and device |
| CN106470127B (en) * | 2015-08-18 | 2020-12-29 | 中兴通讯股份有限公司 | Method and system for detecting network abnormal flow |
| CN108632400B (en) * | 2017-08-31 | 2021-07-23 | 新华三技术有限公司 | IPv6 address allocation method and Leaf node equipment |
| WO2020132984A1 (en) * | 2018-12-26 | 2020-07-02 | 华为技术有限公司 | Ipv6 address configuration method and router device |
| CN110611678B (en) * | 2019-09-24 | 2022-05-20 | 锐捷网络股份有限公司 | Method for identifying message and access network equipment |
| CN110995883A (en) * | 2019-12-04 | 2020-04-10 | 互联网域名系统北京市工程研究中心有限公司 | Method, system and storage medium for DHCPv6 fixed address configuration based on EUI-64 |
| US11516124B2 (en) | 2021-03-26 | 2022-11-29 | Cisco Technology, Inc. | Leveraging multicast listener discovery for discovering hosts |
| CN114465776B (en) * | 2021-12-31 | 2023-09-12 | 华为技术有限公司 | Flood attack defense method and related device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7360245B1 (en) * | 2001-07-18 | 2008-04-15 | Novell, Inc. | Method and system for filtering spoofed packets in a network |
| CN101582888B (en) * | 2009-06-01 | 2012-04-18 | 杭州华三通信技术有限公司 | Method for creating neighbor discovery table item and server |
-
2010
- 2010-05-14 CN CN201010175844.1A patent/CN102244651B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN102244651A (en) | 2011-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102244651B (en) | Method for preventing attack of illegal neighbor discovery protocol message and access equipment | |
| CN100409217C (en) | Internetwork protocol address distribution equipment and method | |
| US9350815B2 (en) | System and method for supporting multicast domain name system device and service classification | |
| US20100313265A1 (en) | Method and Apparatus for Preventing Spoofed Packet Attacks | |
| CN101997768B (en) | Method and device for uploading address resolution protocol messages | |
| US20190058731A1 (en) | User-side detection and containment of arp spoofing attacks | |
| WO2010072096A1 (en) | Method and broadband access device for improving the security of neighbor discovery in ipv6 environment | |
| CN102244688A (en) | Message forwarding method, apparatus thereof and system threof | |
| JP2013258739A (en) | METHOD OF BLOCKING AND SEARCHING FOR HOST IN IPv6 NETWORK | |
| CN101662423A (en) | Method and device for achieving unicast reverse path forwarding | |
| CN101459653B (en) | Method for preventing DHCP packet attack based on Snooping technique | |
| CN107005430B (en) | Communication method, device and system based on data link layer | |
| CN102946385B (en) | A kind of preventing forges the method and apparatus discharging message and carry out attacking | |
| CN101621525A (en) | Method and equipment for treating legal entries | |
| US8438390B2 (en) | Method and system for using neighbor discovery unspecified solicitation to obtain link local address | |
| CN102377669A (en) | Method for sending message and switch | |
| EP2675117A1 (en) | Routing method and device for host in multi-homing site | |
| CN114422474B (en) | User IPv6 address generating method based on RADIUS server | |
| KR20130005973A (en) | A network security system and network security method | |
| EP2536099A2 (en) | Method and access node for preventing address conflict | |
| CN102437946A (en) | Access control method, network access server (NAS) equipment and authentication server | |
| CN106878481A (en) | A kind of Internet protocol IP address acquisition methods, device and system | |
| US10044672B2 (en) | IPv6 address assignment method and apparatus | |
| CN103079229A (en) | Directional broadcast transmission method for access controller | |
| CN103458060B (en) | The transmission method and device of hostid under a kind of multistage network address conversion |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address |