CN102316101A - Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING - Google Patents
Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING Download PDFInfo
- Publication number
- CN102316101A CN102316101A CN201110227524A CN201110227524A CN102316101A CN 102316101 A CN102316101 A CN 102316101A CN 201110227524 A CN201110227524 A CN 201110227524A CN 201110227524 A CN201110227524 A CN 201110227524A CN 102316101 A CN102316101 A CN 102316101A
- Authority
- CN
- China
- Prior art keywords
- dhcp
- binding
- binding information
- user
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a safe access method based on a dynamic host configuration protocol (DHCP) SNOOPING. The method is characterized by: adding a definition or default-arranged OPTION 82 to a user DHCP request message received by a switchboard; configuring a binding quantity on a port; issuing binding information (IP, MAC, VLAN, PORT) of the user to hardware by using the switchboard; uploading the binding information which is encrypted to a background server. Once the switchboard restarts, the binding information is acquired from the background server and the downloaded binding information needs to send an ARP request so as to confirm the binding. And the binding information can be determined whether to be effective or not. By using a technical scheme of the invention, safety and reliability brought by distributing addresses through the DHCP can be guaranteed; a security problem of accessing network through the DHCP mode can be effectively controlled and managed.
Description
Technical field
The present invention relates to the access security technology of computer network, relate in particular to a kind of safety access method based on DHCPSNOOPING.
Background technology
DynamicHost is provided with agreement (Dynamic Host Configuration Protocol; DHCP) be the procotol of a local area network (LAN); The work of use udp protocol mainly contains two purposes: give the internal network keeper as the means of all computers being made central management to the user for internal network or Internet service provider's automatic IP address allocation.
DHCP SNOOPING function refers to that switch monitoring DHCP CLIENT obtains the process of IP through the DHCP agreement.It prevents that through trusted port and untrusted port are set DHCP from attacking and setting up illegally DHCPSERVER.The DHCP message that receives from trusted port need not verification and can transmit.The typical setting is that trusted port is connected DHCP SERVE or DHCP RELAY agency.The untrusted port connects DHCP CLIENT, and switch will be transmitted the DHCP request message that receives from the untrusted port, does not transmit the DHCP back message using that receives from the untrusted port.If receive the DHCP back message using from the untrusted port, except sending warning information, and can carry out corresponding action to this port according to being provided with, such as SHUTDOWN, issue BLACKHOLE.If launched DHCP SNOOPING binding function; Then switch will be preserved the binding information of the DHCPCLIENT under the untrusted port; Each bar binding information comprises MAC Address, IP address, rental period, vlan number and the port numbers of this DHCP CLIENT, and these binding informations are deposited in the binding table of DHCP SNOOPING.
DHCP OPTION 82 is the relay agent information options (Relay Agent Information Option) in the DHCP message, and its option number is 82.DHCP OPTION 82 is in order to strengthen the fail safe of Dynamic Host Configuration Protocol server, improves IP address configuration strategy and a kind of mechanism of proposing.Through configuration DHCP relay agent feature on network access equipment; Relay agent adds OPTION 82 options into (information such as access physical port and access device sign that wherein comprised client) to the DHCP request message that receives from client; And then be transmitted to Dynamic Host Configuration Protocol server to this message; After the Dynamic Host Configuration Protocol server of support OPTION 82 functions receives message; Give client according to the 82 information distribution IP addresses of OPTION in pre-configured strategy and the message and other configuration information, simultaneously also can the be possible DHCP attack message of Dynamic Host Configuration Protocol server and make strick precaution according to the information Recognition among the OPTION 82.
DHCP OPTION 82 utilizes in dhcp relay agent (DHCP RELAY), if in inserting environment configuration DHCP RELAY not, then can't utilize the function of DHCP OPTION 82, plan and manage the distribution of incoming end User IP.
If the DHCP binding number to each switch ports themselves does not limit, then have malicious user and forge a large amount of DHCP requests, thereby exhaust the resource of switch and the address space of DHCP SERVER.
Because general access switch itself does not have the non-volatile memory medium (like flash) of large space, after in a single day switch abnormal restarting occurs, perhaps behind the cycle power; The DHCPSNOOPING binding table that leaves in the switch memory will disappear, and because the user possibly pass through other network equipments (such as hub HUB etc.) access switch, user's perception has been restarted less than switch; User's DHCP CLIENT can not remove applied address again; Perhaps re-rent, in this case, owing to there is not user's binding information; This can cause the user can't access network, and this will cause the user to cause great inconvenience.
Summary of the invention
The object of the present invention is to provide a kind of safety access method, effectively solved the safety and the reliability of distributing the address to bring, can effectively control and manage safety issue through DHCP mode access network through DHCP based on DHCP SNOOPING.
For reaching above-mentioned purpose, the present invention adopts technical scheme following:
A kind of safety access method based on DHCP SNOOPING may further comprise the steps:
Step 1, the user DHCP request message of receiving for switch add the OPTION82 of definition or default setting;
Step 2, the DHCP binding number upper limit of switch ports themselves is set;
Step 3, bind, and the DHCP request message is forwarded to trusted port for the user creates an interim REQUEST;
Step 4, receive DHCP ACK from trusted port after, inquire about interim REQUEST and bind, if there is same subscriber MAC, then create DHCP user's binding information, and binding information be issued to hardware;
Step 5, binding information is joined DHCP SNOOPING bind in the message, and message is encrypted and hash is handled to binding, and is transmitted to the background server backup again;
In a single day step 6, switch restart, and obtain binding information from background server, and binding information are carried out ARP confirm, confirm whether binding information is effective.
DHCP user binding information comprises: the MAC Address of DHCP CLIENT, IP address, rental period, vlan number and port numbers.
Encrypt and adopt the DES mode of sharing key, hash to handle the MD5 mode that adopts.
If do not receive the corresponding binding information of User IP in the binding of answer, the MAC during perhaps ARP responds is inconsistent with the MAC of binding, thinks that then this bindings is invalid, and binding is somebody's turn to do in deletion; Otherwise think that this binding is effective, binding will be retained.
Beneficial effect of the present invention: the user DHCP request message of receiving for switch adds the OPTION 82 of definition or default setting; These options can distribute the IP of the specific network segment for this user; The keeper can dispose ACL on first line of a couplet switch, router or fire compartment wall, come the access rights of these IP are managed.To on port, dispose and bind quantity, above after this quantity, new request will be abandoned by switch, avoid people's malice to send the DHCP request and exhaust dhcp address pool and switch software and hardware resources.(VLAN PORT) is issued to hardware to exchange opportunity for IP, MAC, stops illegal IP to transmit through switch with user's binding information.The binding information of switch will upload to a background server, avoids switch to restart back user binding table and disappears, and causes the user to surf the Net.In case after switch is restarted, will obtain binding information from background server, for the sake of security, background server and switch are uploaded when downloading binding information and all need be encrypted these information; The binding information of downloading need send the ARP request to be confirmed binding, confirms whether binding information is effective.Adopt technical scheme of the present invention effectively to solve the safety and the reliability of distributing the address to bring, can effectively control and manage safety issue through DHCP mode access network through DHCP.
Description of drawings
Fig. 1 is for adopting network application figure of the present invention;
Fig. 2 is the flow chart of the inventive method;
Fig. 3 binds message format for the DHCP SNOOPING that the present invention uses
Embodiment
Further specify the present invention below in conjunction with description of drawings and embodiment.
The network environment of the inventive method is as shown in Figure 1.
According to the technical scheme of foregoing invention content, the detailed step of its realization is following, and is as shown in Figure 2:
(1) switch starts after the DHCP SNOOPING, and port is provided with DHCP SNOOPING user control mode, and hardware table item is set, and all messages all can not be transmitted, and the DHCP message redirecting is to CPU.DHCP user is before dynamically obtaining IP, except to Dynamic Host Configuration Protocol server request IP, not visiting other resources.The interpolation content of configuration DHCP OPTION 82 can be specified a specific character string and hexadecimal string, and default content down is switch CPU MAC, user vlan and port numbers.
(2) switch configuration background server address and port numbers are provided with the port binding number upper limit, and casually (DHCP SERVER is used to communicate by letter).
(3) after the DHCP SNOOPING module of access switch is intercepted and captured user's DHCP request; According to source MAC inquiry binding table; If this MAC exists in binding table; Perhaps the upper limit is counted in the binding that do not reach configuration of the binding number under this port, the switch additional identification PTION 82 options (its neutron option one is user definition or default setting, and sub-option 2 is deposited the CPU MAC Address of access switch) through authentication to DHCP request message afterbody; Other part of DHCP request message is not made an amendment, from can casually forwarding.Simultaneously, exchange opportunity is created an interim REQUEST and is bound the MAC of recording user, port and vlan information.
(4) after DHCP SNOOPING module is intercepted and captured user's DHCP response packet, if wherein comprise OPTION 82 options, taking out two sub-options wherein, is not this machine MAC Address like the MAC Address of fruit option 2, abandons this response packet.According to the inquiry of the chaddr field in message REQUEST binding table,, then create a binding information simultaneously, MAC Address, IP address, rental period, vlan number and the port numbers of record DHCP CLIENT if there is same subscriber MAC.From response message, peel off OPTION 82, according to the port numbers in binding message is transmitted to client from this port then.(VLAN PORT) is issued to hardware for IP, MAC, stops illegal IP to transmit through switch with user's binding information.
(5) DHCP SNOOPING binding information is joined DHCP SNOOPING and bind in the message, be transmitted to the background server backup again.DHCP SNOOPING binding message between switch and the background server uses UDP to be connected on the network and propagates; In order to guarantee fail safe and anti-tamper; Can encrypt with hash DHCP SNOOPING binding message and handle; The present invention encrypts the DES mode of sharing key that adopts, and hash adopts the MD5 mode.
DHCP SNOOPING binds message and is carried among the UDP, and its message format is as shown in Figure 3, and each field is explained as follows:
Version: version number is 1 at present
Type: type is 1 at present, and expression comprises binding information
SeqNo: sequence number, message of every transmission adds 1
SecretLen: the length of encrypted message
Signature:DHCP SNOOPING binds the MD5 hash result of all fields of message
SwitchIPAddr: the IP address of switch
SwitchID: switch ID, get switch CPU MAC
Count: bind quantity
ClientMAC: the PC terminal MAC Address of renting the address
Reserved: keep, fill out 0
The Vlan ID of ClientVlanId:DHCP user's access switch
The switch ports themselves at PortNum:DHCP user place number
ClientIP: IP address
ClientMask: address mask
ClientGateway: gateway parameter
The ClientLease:DHCP address rental period
BindingTimeStamp: the timestamp that distributes the address
In order to prevent to be maliciously tampered in user profile leakage and the transmission course, need carry out des encryption and the processing of MD5 hash to message, the DES key is disposed by the user, and switch must be guaranteed consistent with the key of background server.
Before sending message, encrypt earlier, after carry out hash and handle, detailed process is following:
Begin from the SwitchIPAddr field; Until the message content of ending carries out des encryption; Ciphertext is isometric with expressly; Ciphertext is put into DHCP SNOOPING and is bound the message zone that message SwitchIPAddr field begins, and ciphertext length places DHCP SNOOPING to bind the SecretLen field of message, gives the hash processing module then.Bind message for the DHCP SNOOPING behind the switch des encryption; Signature field elder generation zero clearing when calculating the MD5 hash; Then whole message is made hash operations, hashed value was inserted the Signature field after hash operation was accomplished, and at this moment message can send switch.
After receiving message, carry out hash computations earlier, deciphering again, detailed process is following:
Back up the value of signature field during calculating earlier; Signature field zero clearing is then calculated the MD5 hashed value of whole message, again if hashed value is the same with the value of the signature field of backup; Then hash verification success continues that DHCP SNOOPING is bound message and makes the DES decryption processing.If the hash verification failure abandons this DHCP SNOOPING and binds message.For the successful message of MD5 hash verification that receives; Switch begins position after the Signature field; Length is carried out the DES decryption processing by the message content of SecretLen field appointment, restores the DHCP SNOOPING that begins from the SwitchIPAddr field and binds message content.
(6) in case after switch is restarted, will obtain binding information from background server according to the background server IP address and the port numbers of configuration; After having downloaded these and bind from background server, still effective in order to ensure binding information needs to send the ARP request these information confirmed; Request IP is the User IP in binding, and does not receive the corresponding binding information of IP of answer, if the MAC of MAC during perhaps ARP responds and binding is inconsistent; Binding will be deleted, and will be retained otherwise bind.
It is the OPTION 82 that the user DHCP request message received of switch adds definition or default setting that the present invention adopts technical scheme; These options can distribute the IP of the specific network segment for this user; The keeper can dispose ACL on first line of a couplet switch, router or fire compartment wall, come the access rights of these IP are managed.To on port, dispose and bind quantity, above after this quantity, new request will be abandoned by switch, avoid people's malice to send the DHCP request and exhaust dhcp address pool and switch software and hardware resources.(VLAN PORT) is issued to hardware to exchange opportunity for IP, MAC, stops illegal IP to transmit through switch with user's binding information.The binding information of switch will upload to a background server, avoids switch to restart back user binding table and disappears, and causes the user to surf the Net.In case after switch is restarted, will obtain binding information from background server, for the sake of security, background server and switch are uploaded when downloading binding information and all need be encrypted these information; The binding information of downloading need send the ARP request to be confirmed binding, does not receive that the corresponding binding information of IP of answer will be deleted.Through safety and the reliability that DHCP distributes the address to bring, can effectively control and manage safety issue through DHCP mode access network.
Claims (4)
1. the safety access method based on DHCP SNOOPING is characterized in that, may further comprise the steps:
Step 1, the user DHCP request message of receiving for switch add the OPTION82 of definition or default setting;
Step 2, the DHCP binding number upper limit of switch ports themselves is set;
Step 3, bind, and the DHCP request message is forwarded to trusted port for the user creates an interim REQUEST;
Step 4, receive DHCP ACK from trusted port after, inquire about interim REQUEST and bind, if there is same subscriber MAC, then create DHCP user's binding information, and binding information be issued to hardware;
Step 5, binding information is joined DHCP SNOOPING bind in the message, and message is encrypted and hash is handled to binding, and is transmitted to the background server backup again;
In a single day step 6, switch restart, and obtain binding information from background server, and binding information are carried out ARP confirm, confirm whether binding information is effective.
2. a kind of safety access method based on DHCP SNOOPING according to claim 1 is characterized in that, DHCP user binding information comprises: the MAC Address of DHCP CLIENT, IP address, rental period, vlan number and port numbers.
3. a kind of safety access method based on DHCP SNOOPING according to claim 1 is characterized in that, in step 5, encrypts and adopts the DES mode of sharing key, hash to handle the MD5 mode that adopts.
4. a kind of safety access method according to claim 1 based on DHCP SNOOPING; It is characterized in that; In the step 6, if do not receive the corresponding binding information of User IP in the binding of answer, the MAC during perhaps ARP responds and the MAC of binding are inconsistent; Think that then this binding is invalid, deletion should be bound; Otherwise think that this binding is effective, binding will be retained.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110227524.0A CN102316101B (en) | 2011-08-09 | 2011-08-09 | Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110227524.0A CN102316101B (en) | 2011-08-09 | 2011-08-09 | Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102316101A true CN102316101A (en) | 2012-01-11 |
| CN102316101B CN102316101B (en) | 2015-04-08 |
Family
ID=45428918
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110227524.0A Active CN102316101B (en) | 2011-08-09 | 2011-08-09 | Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102316101B (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102413204A (en) * | 2011-12-23 | 2012-04-11 | 神州数码网络(北京)有限公司 | Secure access method based on DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SNOOPING |
| CN102437966A (en) * | 2012-01-18 | 2012-05-02 | 神州数码网络(北京)有限公司 | Layer-3 switching system and method based on layer-2 DHCP (Dynamic Host Configuration Protocol) SNOOPING |
| CN102438028A (en) * | 2012-01-19 | 2012-05-02 | 神州数码网络(北京)有限公司 | Method, device and system for preventing fraud of dynamic host configuration protocol (DHCP) server |
| CN102438051A (en) * | 2012-01-14 | 2012-05-02 | 神州数码网络(北京)有限公司 | Method and system for realizing dynamic host configuration protocol (DHCP) relay of two-layer network switch equipment |
| CN102546658A (en) * | 2012-02-20 | 2012-07-04 | 神州数码网络(北京)有限公司 | Method and system for preventing address resolution protocol (ARP) gateway spoofing |
| CN102546429A (en) * | 2012-02-03 | 2012-07-04 | 神州数码网络(北京)有限公司 | Method and system for authenticating intra-site automatic tunnel addressing protocol (ISATAP) tunnels based on dynamic host configuration protocol (DHCP) monitoring |
| CN102546307A (en) * | 2012-02-08 | 2012-07-04 | 神州数码网络(北京)有限公司 | Method and system for realizing proxy ARP (Address Resolution Protocol) function based on DHCP (Dynamic Host Configuration Protocol) interception |
| CN102546663A (en) * | 2012-02-23 | 2012-07-04 | 神州数码网络(北京)有限公司 | Method and device for preventing duplication address detection attack |
| CN102546428A (en) * | 2012-02-03 | 2012-07-04 | 神州数码网络(北京)有限公司 | System and method for internet protocol version 6 (IPv6) message switching based on dynamic host configuration protocol for IPv6 (DHCPv6) interception |
| CN102571592A (en) * | 2012-01-18 | 2012-07-11 | 神州数码网络(北京)有限公司 | Three-layer switch equipment with port binding function and data message forwarding method |
| CN102571807A (en) * | 2012-02-08 | 2012-07-11 | 神州数码网络(北京)有限公司 | Method and system for ensuring security of Internet protocol version 6 (IPv6) redirect message |
| CN102594882A (en) * | 2012-02-08 | 2012-07-18 | 神州数码网络(北京)有限公司 | Neighbor discovery proxy method and system based on Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) monitoring |
| CN102594937A (en) * | 2012-02-06 | 2012-07-18 | 神州数码网络(北京)有限公司 | Method and system for realizing DHCP (Dynamic Host Configuration Protocol) v6 relay agent through two-layer network exchange equipment |
| CN102594936A (en) * | 2012-02-06 | 2012-07-18 | 神州数码网络(北京)有限公司 | Method and system for realizing dynamic host configuration protocol for internet protocol version 6 (DHCPv6) relay through two-layer network switching equipment |
| CN102638390A (en) * | 2012-01-18 | 2012-08-15 | 神州数码网络(北京)有限公司 | DHCP (dynamic host configuration protocol) SNOOPING based three-layer switching device and DHCP SNOOPING based three-layer switching method |
| CN102970301A (en) * | 2012-11-29 | 2013-03-13 | 无锡华御信息技术有限公司 | Server and terminal admission control method and system based on dynamic host configuration protocol (DHCP) |
| CN103428211A (en) * | 2013-08-07 | 2013-12-04 | 华南理工大学 | Network authentication system on basis of switchboards and authentication method for network authentication system |
| CN103957288A (en) * | 2014-04-28 | 2014-07-30 | 福建星网锐捷网络有限公司 | Method, device and equipment for IP address dynamic allocation |
| CN104618522A (en) * | 2014-12-22 | 2015-05-13 | 迈普通信技术股份有限公司 | Automatic updating method for IP address of terminal and Ethernet access device |
| CN105245473A (en) * | 2015-09-02 | 2016-01-13 | 国家电网公司 | Local area network terminal admission control method based on switch double binding |
| CN107528930A (en) * | 2016-06-21 | 2017-12-29 | 北京北信源软件股份有限公司 | Towards the network admittance state fast switch over method and system of DHCP terminals |
| CN112383646A (en) * | 2020-11-13 | 2021-02-19 | 新华三大数据技术有限公司 | Security entry configuration method and device, SDN controller and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101321118A (en) * | 2007-06-07 | 2008-12-10 | 杭州华三通信技术有限公司 | Method and apparatus for implementing wireless router proxy |
| CN101431428A (en) * | 2007-11-09 | 2009-05-13 | 中国电信股份有限公司 | Security monitoring service recovery method and system |
| CN102082835A (en) * | 2009-11-27 | 2011-06-01 | 华为技术有限公司 | Method and device for distributing IP (internet protocol) addresses |
-
2011
- 2011-08-09 CN CN201110227524.0A patent/CN102316101B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101321118A (en) * | 2007-06-07 | 2008-12-10 | 杭州华三通信技术有限公司 | Method and apparatus for implementing wireless router proxy |
| CN101431428A (en) * | 2007-11-09 | 2009-05-13 | 中国电信股份有限公司 | Security monitoring service recovery method and system |
| CN102082835A (en) * | 2009-11-27 | 2011-06-01 | 华为技术有限公司 | Method and device for distributing IP (internet protocol) addresses |
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102413204A (en) * | 2011-12-23 | 2012-04-11 | 神州数码网络(北京)有限公司 | Secure access method based on DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SNOOPING |
| CN102438051A (en) * | 2012-01-14 | 2012-05-02 | 神州数码网络(北京)有限公司 | Method and system for realizing dynamic host configuration protocol (DHCP) relay of two-layer network switch equipment |
| CN102638390A (en) * | 2012-01-18 | 2012-08-15 | 神州数码网络(北京)有限公司 | DHCP (dynamic host configuration protocol) SNOOPING based three-layer switching device and DHCP SNOOPING based three-layer switching method |
| CN102437966A (en) * | 2012-01-18 | 2012-05-02 | 神州数码网络(北京)有限公司 | Layer-3 switching system and method based on layer-2 DHCP (Dynamic Host Configuration Protocol) SNOOPING |
| CN102437966B (en) * | 2012-01-18 | 2016-08-10 | 神州数码网络(北京)有限公司 | Based on two layers of DHCP SNOOPING L3 Switching system and method |
| CN102571592A (en) * | 2012-01-18 | 2012-07-11 | 神州数码网络(北京)有限公司 | Three-layer switch equipment with port binding function and data message forwarding method |
| CN102438028A (en) * | 2012-01-19 | 2012-05-02 | 神州数码网络(北京)有限公司 | Method, device and system for preventing fraud of dynamic host configuration protocol (DHCP) server |
| CN102546429A (en) * | 2012-02-03 | 2012-07-04 | 神州数码网络(北京)有限公司 | Method and system for authenticating intra-site automatic tunnel addressing protocol (ISATAP) tunnels based on dynamic host configuration protocol (DHCP) monitoring |
| CN102546429B (en) * | 2012-02-03 | 2016-12-14 | 神州数码网络(北京)有限公司 | The authentication method of Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring and system |
| CN102546428A (en) * | 2012-02-03 | 2012-07-04 | 神州数码网络(北京)有限公司 | System and method for internet protocol version 6 (IPv6) message switching based on dynamic host configuration protocol for IPv6 (DHCPv6) interception |
| CN102594937A (en) * | 2012-02-06 | 2012-07-18 | 神州数码网络(北京)有限公司 | Method and system for realizing DHCP (Dynamic Host Configuration Protocol) v6 relay agent through two-layer network exchange equipment |
| CN102594936A (en) * | 2012-02-06 | 2012-07-18 | 神州数码网络(北京)有限公司 | Method and system for realizing dynamic host configuration protocol for internet protocol version 6 (DHCPv6) relay through two-layer network switching equipment |
| CN102594882A (en) * | 2012-02-08 | 2012-07-18 | 神州数码网络(北京)有限公司 | Neighbor discovery proxy method and system based on Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) monitoring |
| CN102546307B (en) * | 2012-02-08 | 2015-08-19 | 神州数码网络(北京)有限公司 | The method and system realizing proxy arp function is intercepted based on DHCP |
| CN102571807A (en) * | 2012-02-08 | 2012-07-11 | 神州数码网络(北京)有限公司 | Method and system for ensuring security of Internet protocol version 6 (IPv6) redirect message |
| CN102546307A (en) * | 2012-02-08 | 2012-07-04 | 神州数码网络(北京)有限公司 | Method and system for realizing proxy ARP (Address Resolution Protocol) function based on DHCP (Dynamic Host Configuration Protocol) interception |
| CN102546658A (en) * | 2012-02-20 | 2012-07-04 | 神州数码网络(北京)有限公司 | Method and system for preventing address resolution protocol (ARP) gateway spoofing |
| CN102546663A (en) * | 2012-02-23 | 2012-07-04 | 神州数码网络(北京)有限公司 | Method and device for preventing duplication address detection attack |
| CN102970301A (en) * | 2012-11-29 | 2013-03-13 | 无锡华御信息技术有限公司 | Server and terminal admission control method and system based on dynamic host configuration protocol (DHCP) |
| CN102970301B (en) * | 2012-11-29 | 2015-04-29 | 无锡华御信息技术有限公司 | Server and terminal admission control method and system based on dynamic host configuration protocol (DHCP) |
| CN103428211B (en) * | 2013-08-07 | 2016-12-28 | 华南理工大学 | Network authentication system based on switch and authentication method thereof |
| CN103428211A (en) * | 2013-08-07 | 2013-12-04 | 华南理工大学 | Network authentication system on basis of switchboards and authentication method for network authentication system |
| CN103957288A (en) * | 2014-04-28 | 2014-07-30 | 福建星网锐捷网络有限公司 | Method, device and equipment for IP address dynamic allocation |
| CN104618522B (en) * | 2014-12-22 | 2018-09-25 | 迈普通信技术股份有限公司 | The method and Ethernet access equipment that IP address of terminal automatically updates |
| CN104618522A (en) * | 2014-12-22 | 2015-05-13 | 迈普通信技术股份有限公司 | Automatic updating method for IP address of terminal and Ethernet access device |
| CN105245473A (en) * | 2015-09-02 | 2016-01-13 | 国家电网公司 | Local area network terminal admission control method based on switch double binding |
| CN105245473B (en) * | 2015-09-02 | 2018-09-07 | 国家电网公司 | Local area network terminal admittance control method based on exchanger dual binding |
| CN107528930A (en) * | 2016-06-21 | 2017-12-29 | 北京北信源软件股份有限公司 | Towards the network admittance state fast switch over method and system of DHCP terminals |
| CN107528930B (en) * | 2016-06-21 | 2020-12-08 | 北京北信源软件股份有限公司 | Network access state fast switching method and system facing DHCP terminal |
| CN112383646A (en) * | 2020-11-13 | 2021-02-19 | 新华三大数据技术有限公司 | Security entry configuration method and device, SDN controller and medium |
| CN112383646B (en) * | 2020-11-13 | 2022-04-22 | 新华三大数据技术有限公司 | Security entry configuration method and device, SDN controller and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102316101B (en) | 2015-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102316101B (en) | Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING | |
| US8886934B2 (en) | Authorizing physical access-links for secure network connections | |
| US8214482B2 (en) | Remote log repository with access policy | |
| US7668954B1 (en) | Unique identifier validation | |
| US8301753B1 (en) | Endpoint activity logging | |
| US8321538B2 (en) | Autonomous network device configuration method | |
| CN103248479A (en) | Cloud storage safety system, data protection method and data sharing method | |
| KR20050120875A (en) | Method for securing system using server security solution and network security solution, and security system implementing the same | |
| US20110107410A1 (en) | Methods, systems, and computer program products for controlling server access using an authentication server | |
| WO2007048335A1 (en) | An encrypted transmission method and equipment system for preventing copying the data resource | |
| CN102231725B (en) | Method, equipment and system for authenticating dynamic host configuration protocol message | |
| WO2010124446A1 (en) | Method, device and system for issuing license | |
| US10440038B2 (en) | Configuration management for network activity detectors | |
| CN101188557A (en) | Method, client, server and system for managing user network access behavior | |
| EP3442195B1 (en) | Reliable and secure parsing of packets | |
| EP2706717A1 (en) | Method and devices for registering a client to a server | |
| US20060230443A1 (en) | Private key protection for secure servers | |
| CN108289074A (en) | User account login method and device | |
| CN114422194A (en) | Single package authentication method, device, server and storage medium | |
| CN102546429B (en) | The authentication method of Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring and system | |
| CN102333068A (en) | SSH and SFTP (Secure Shell and Ssh File Transfer Protocol)-based tunnel intelligent management and control system and method | |
| CN102333098A (en) | Implementation method for security private cloud system | |
| JP6289656B2 (en) | Method and computer network infrastructure for communication between secure computer systems | |
| CN102185867A (en) | Method for realizing network security and star network | |
| JP4183664B2 (en) | Authentication method, server computer, client computer, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100085 Beijing Haidian District, No. 9 Shangdi Jiujie Digital Science and Technology Plaza Patentee after: Beijing Shenzhou Digital Cloud Information Technology Co., Ltd. Address before: 100085 Beijing Haidian District, No. 9 Shangdi Jiujie Digital Science and Technology Plaza Patentee before: Digital China Networks (Beijing) Limited |
|
| CP01 | Change in the name or title of a patent holder | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190619 Address after: 430000 Six Floors of 777B Office Building, Guanggu Third Road, Donghu New Technology Development Zone, Wuhan City, Hubei Province Patentee after: Wuhan Shenzhou Digital Cloud Technology Co., Ltd. Address before: 100085 Beijing Haidian District, No. 9 Shangdi Jiujie Digital Science and Technology Plaza Patentee before: Beijing Shenzhou Digital Cloud Information Technology Co., Ltd. |
|
| TR01 | Transfer of patent right |