CN102447709A - Access authority control method and system based on DHCP (Dynamic host configuration protocol) and 802.1x - Google Patents
Access authority control method and system based on DHCP (Dynamic host configuration protocol) and 802.1x Download PDFInfo
- Publication number
- CN102447709A CN102447709A CN2012100153309A CN201210015330A CN102447709A CN 102447709 A CN102447709 A CN 102447709A CN 2012100153309 A CN2012100153309 A CN 2012100153309A CN 201210015330 A CN201210015330 A CN 201210015330A CN 102447709 A CN102447709 A CN 102447709A
- Authority
- CN
- China
- Prior art keywords
- dhcp
- user terminal
- option
- access
- switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention discloses an access authority control method based on a DHCP (Dynamic host configuration protocol) and 802.1x. The access authority control method comprises the following steps: a user terminal sends a DHCP request to a DHCP server through an access switch and a convergence switch; a DHCP Snooping unit of the access switch attaches Option 82 information while monitoring a DHCP request of the user terminal; after obtaining DHCP response returned by the DHCP server, the user terminal obtains an IP (Internet Protocol) and then initiates 802.1x authentication; after successful authentication, a Radius server issues accessible resource information of the user terminal to the access switch; and the access switch issues a hardware ACL (Access Control List) item of the accessible resource of the user terminal according to the introduced accessible resource information of the user terminal, and realizes fine control of access authority of the user terminal by means of a network segment limited by an IP address in the hardware ACL item corresponding to the IP address.
Description
Technical field
The present invention relates to the Computer Data Communication field, relate in particular to a kind of based on DHCP and 802.1x access authority control method and system.
Background technology
Dynamic host allocation protocol (Dynamic Host Configuration Protocol; Be called for short DHCP) as the agreement of a kind of dynamic assignment IP address; Be widely used in the various IP networks; For solve under unsafe network environment, occur because of problems such as the deception of IP address spoofing, hardware address (MAC Address), malice distributing IP address so that IP scarcity of resources, stipulated in the prior art that relay agent information option is Option 82, the dhcp address request message that user terminal sends is through access switch the time; Access switch can add VLAN (Virtual Local Area Network in DHCP option; Be called for short VLAN) information such as ID, switch ports themselves number, and issue Dynamic Host Configuration Protocol server, Dynamic Host Configuration Protocol server such as just can pass through VLAN ID, switch ports themselves number at information and user information correlation like this.Generally speaking, the keeper disposes the address allocation policy based on Option 82 on Dynamic Host Configuration Protocol server, and Dynamic Host Configuration Protocol server judges according to Option 82 information in the DHCP request whether current request is mated corresponding strategy and distributed different address; At present; Option 82 does not have a definite content and form; Conventional literary style is " inserting VLAN ID+ access interface ID+ switch identification "; Content is compared in the physical location that the character string of forming through these several information can unique definite user inserts, the Option 82 that will from user's DHCP message, obtain then and preset database, if there is the characters matched string to think that then the user inserts legal and the distributing IP address.But DHCP itself does not have strict security authentication mechanism, therefore, can not rely on the basis that DHCP inserts as safety.In order to prevent user's un-authorised access to network; Generally in access network, adopt the 802.1x authentication; Wherein, 802.1x be the IEEE LAN/WAN committee in order to solve and a standard of definition is widely used in WLAN and Ethernet before this standard mesh based on the network insertion control (Port-BasedNetwork Aecess Control) of port.802.1x authenticated terminal is installed at the pc user terminal, and the access network that the client promptly can be legal after through authentication is visited various resources.
But there is such defective after the present 802.1x authentication; Be that the user can't visit any resource before authentication; Through visiting all resources again after the authentication, that is to say the control of access privilege to be had only to visit fully and all can visit this two states; And this access rights dynamics is too thick, can't realize the control that becomes more meticulous of user right.
Summary of the invention
To above-mentioned technical problem, the object of the present invention is to provide and a kind ofly insert authority control method and system based on DHCP and 802.1x, when it has solved in the prior art user access network, problem that can't meticulous control access privilege after the 802.1x authentication.
For achieving the above object, the present invention realizes through following technical scheme:
Insert authority control method based on DHCP and 802.1x, comprise the steps:
A, user terminal send to Dynamic Host Configuration Protocol server through access switch and convergence switch with the DHCP request; Wherein, said user terminal all is connected with access switch with convergence switch, and said Dynamic Host Configuration Protocol server is connected with convergence switch;
B, Dynamic Host Configuration Protocol server analyze the DHCP request, according to analysis result, reject the DHCP request, or will the IP corresponding add with the DHCP request DHCP respond in after through compiling switch and access switch is handed down to user terminal;
C, the DHCP that issues as if user terminal acquisition Dynamic Host Configuration Protocol server respond, and then user terminal obtains the IP address, initiates the 802.1x authentication then;
Behind D, the user terminal 802.1x authentication success, the Radius server issues the accessible resource information of user terminal to access switch through convergence switch;
The accessible resource information of the user terminal that E, access switch basis are imported into, the authority of configure user accessing terminal to network.
Special, said steps A specifically comprises:
The DHCP unit of A1, user terminal sends the DHCP request to access switch;
The DHCP Snooping unit of A2, access switch is additional default value in the Option 82 of DHCP request, through convergence switch the DHCP request is transferred to Dynamic Host Configuration Protocol server then.
Special, in the Option 82 of DHCP request, add default value in the said steps A 2 and specifically comprise: the sub-option one of Option 82 is made as user vlan and port information, and sub-option 2 is made as the CPU MAC Address of access switch.
Special, said step B specifically comprises:
B1, Dynamic Host Configuration Protocol server compare Option 82 information that prestore in Option 82 information of DHCP request and the Dynamic Host Configuration Protocol server; If in Dynamic Host Configuration Protocol server, there is the Option 82 of Option 82 information matches of asking with DHCP, then the IP in these Option 82 corresponding address pool is distributed to the DHCP request, otherwise, reject said DHCP request;
The DHCP that B2, Dynamic Host Configuration Protocol server will add said IP responds, and is handed down to access switch through convergence switch;
B3, access switch are peeled off Option 82 information in the DHCP response, DHCP is responded be handed down to user terminal then.
Special, among the said step D, 26 attributes of Radius server by utilizing Access-Accept message (Vendor-Specific Attribute, manufacturer's attribute) are handed down to the access switch preservation with the accessible resource information of user terminal.
Special; In the said step e; Access switch is according to the accessible resource information of the user terminal that imports into; Issue the hardware ACL list item of user terminal accessible resource, and, control the authority of accessing user terminal to network through the network segment that this IP address in the IP address corresponding hardware ACL list item of user terminal is limited.
The invention also discloses and a kind ofly insert authority control system, comprising based on DHCP and 802.1x:
User terminal utilizes the DHCP unit through access switch and convergence switch the DHCP request to be sent to Dynamic Host Configuration Protocol server; And, obtain the IP address receiving after DHCP that Dynamic Host Configuration Protocol server issues responds, initiate the 802.1x authentication then;
The Radius server is connected with convergence switch, behind the 802.1x authentication success, issues the accessible resource information of user terminal to access switch through convergence switch;
Access switch is connected with user terminal, utilizes DHCP Snooping unit additional default value in the Option 82 of DHCP request, through convergence switch the DHCP request is transferred to Dynamic Host Configuration Protocol server then; And the accessible resource information of the user terminal that issues according to the Radius server; Issue the hardware ACL list item of user terminal accessible resource; Thereby through the network segment that this IP address in the IP address corresponding hardware ACL list item of user terminal is limited, the authority of control accessing user terminal to network.
Convergence switch is connected with access switch, utilizes TU Trunk Unit to give Dynamic Host Configuration Protocol server with the DHCP request relaying that access switch imports into;
Dynamic Host Configuration Protocol server is connected with convergence switch, and Option 82 information that prestore in Option 82 information of DHCP request and the Dynamic Host Configuration Protocol server are compared; If in Dynamic Host Configuration Protocol server, there is the Option 82 of Option 82 information matches of asking with DHCP, then the IP in these Option 82 corresponding address pool is distributed to the DHCP request, otherwise, reject said DHCP request.
Special, the said default value that in the Option 82 of DHCP request, adds specifically comprises: the sub-option one of Option82 is made as user vlan and port information, and sub-option 2 is made as the CPU MAC Address of access switch.
Special, said access switch is peeled off DHCP that Dynamic Host Configuration Protocol server issues Option 82 information in responding, and DHCP is responded be handed down to user terminal then.
Special, 26 attributes of said Radius server by utilizing Access-Accept message (Vendor-Specific Attribute, manufacturer's attribute) are handed down to the access switch preservation with the accessible resource information of user terminal.
Beneficial effect of the present invention is that the present invention is applied to user terminal usually and uses the DHCP mode to obtain in the environment of IP address, needs to support to carry out based on Option 82 Dynamic Host Configuration Protocol server of address allocation policy.Option 82 options in the prior art in the DHCP request are generally additional when relaying DHCP asks by dhcp relay agent.The present invention has expanded this function, allows DHCP Snooping unit additional Option 82 information when monitoring the DHCP request of access switch; User terminal was in slave mode before obtaining the IP address; Can only visit Dynamic Host Configuration Protocol server; Obtain accessible resource information behind the user terminal 802.1x authentication success; This moment, access switch was transmitted IP and the ARP message of this user terminal, because user terminal can accessed resources through configure hardware ACL list item limited subscriber terminal on access switch before and after the 802.1x authentication, thereby realization 802.1x authentication front and back customer's terminating is gone into the control of authority of network.The present invention had both utilized the characteristic easily of DHCP, had utilized the security authentication mechanism of 802.1x again, and a kind of method of access network of user terminal safe ready is provided, and realized that simultaneously the control user terminal inserts the purpose of authority.
Description of drawings
According to accompanying drawing and embodiment the present invention is done further explain below.
Fig. 1 inserts the authority control method flow chart for the present invention is based on DHCP and 802.1x;
Fig. 2 inserts the authority control system block diagram for the present invention is based on DHCP and 802.1x.
Embodiment
Below in conjunction with accompanying drawing and embodiment the present invention is described further.Please with reference to shown in Figure 1, Fig. 1 inserts the authority control method flow chart for the present invention is based on DHCP and 802.1x.
The configuring condition in early stage of user terminal, access switch and Radius server is following:
One, access switch
1, the overall situation starts 802.1x;
2, port enables 802.1x, configuration radius server address;
3, start DHCP Snooping;
4, start DHCP Snooping binding function;
5, launch DHCP Snooping and add the Option82 function.
Two, Radius server (Radius Server)
For the content of 26 attributes (Vendor-SpecificAttribute, manufacturer's attribute) of each authenticated terminal configuration Radius is the accessible resource (like user jim, addressable network segment 10.0.0.0/8 or the whole network 0.0.0.0/0) of user terminal.
Three, user terminal (DHCP Client)
DCN (Digital China's network) 802.1x client is installed.
Comprise the steps: based on DHCP and 802.1x access authority control method in the present embodiment
The DHCP unit of step 101, user terminal sends the DHCP request to access switch, and the DHCP Snooping unit of access switch is additional default value in the Option 82 of DHCP request, passes on the DHCP request through convergence switch to Dynamic Host Configuration Protocol server then.
The port of access switch enables 802.1x, and access switch is provided with the hardware ACL list item based on the access control mode of DHCP Option 82; Wherein, said ACL is an ACL, and it is the instruction list of router and exchange interface, is used for the packet of control port turnover.All can not transmit through all messages of access switch this moment, only can pass on the DHCP request to convergence switch; Behind the DHCPSnooping unit that starts access switch; The DHCP message redirecting of user terminal is to the CPU of access switch; Like this before the IP address of user terminal after obtaining authentication, except to Dynamic Host Configuration Protocol server sends the DHCP request, not visiting other resources.
After the TU Trunk Unit of convergence switch is received the DHCP request from access switch, only be responsible for giving Dynamic Host Configuration Protocol server the DHCP relaying data packets, convergence switch can not be launched the function of DHCP relay Option 82.
Additional default value specifically comprises in the Option 82 of DHCP request: the sub-option one of Option 82 is made as user Vlan and port; Sub-option 2 is made as the CPU MAC Address of depositing access switch, and for example: character string " Vlan1+Ethernert1/1 " is inserted in DHCP Snooping unit in the sub-option one of Option 82, inserts the CPU MAC Address of access switch in the sub-option 2.
Wherein, The method of in Dynamic Host Configuration Protocol server, searching corresponding information is: owing in Dynamic Host Configuration Protocol server, dispose a lot of Option 82; The corresponding address pool of configuration under each different Option 82 information, if one of them Option 82 on the Option 82 information matches Dynamic Host Configuration Protocol server in the DHCP of the user terminal request, then distributing IP is asked to DHCP from corresponding address pool; If do not mate any address pool, then can reject request.
Access switch is receiving after DHCP that Dynamic Host Configuration Protocol server issues responds, and with peeling off DHCP that Dynamic Host Configuration Protocol server issues Option 82 information in responding, just DHCP is responded then and is handed down to user terminal.
The access rights accesses network that step 104, user terminal utilize the IP address to issue through access switch.
This moment, access switch utilized the access rights of hardware ACL list item limited subscriber IP address; When the IP accessed that the user terminal utilization is obtained, the network segment that access switch is limited according to this IP address in the corresponding hardware ACL list item of this IP address is controlled the access rights of user terminal.
Please with reference to shown in Figure 2, Fig. 2 be the present invention is based on DHCP and 802.1x insert the authority control system block diagram based on DHCP and 802.1x.
Comprise based on DHCP and 802.1x access authority control system in the present embodiment: user terminal, access switch, convergence switch, Dynamic Host Configuration Protocol server and Radius server; Said user terminal comprises: the CHCP unit, and said access switch comprises: DHCP Snooping unit and 802.1x unit, said convergence switch comprises: TU Trunk Unit;
Said user terminal utilizes the DHCP unit through access switch and convergence switch the DHCP request to be sent to Dynamic Host Configuration Protocol server; And, obtain the IP address receiving after DHCP that Dynamic Host Configuration Protocol server issues responds, initiate the 802.1x authentication then.
Said access switch is connected with user terminal, utilizes DHCP Snooping unit additional default value in the Option 82 of DHCP request, through convergence switch the DHCP request is transferred to Dynamic Host Configuration Protocol server then; And the accessible resource information of the user terminal that issues according to the Radius server; Issue the hardware ACL list item of user terminal accessible resource; Thereby through the network segment that this IP address in the IP address corresponding hardware ACL list item of user terminal is limited, the authority of control accessing user terminal to network.
Wherein, additional default value specifically comprises in the Option 82 of DHCP request: the sub-option one of Option 82 is made as user Vlan and port; Sub-option 2 is made as the CPU MAC Address of depositing access switch, and for example: character string " Vlan1+Ethernert1/1 " is inserted in DHCP Snooping unit in the sub-option one of Option 82, inserts the CPU MAC Address of access switch in the sub-option 2.
The DHCP Snooping unit of access switch sends to the 802.1x unit with the IP, MAC and the port information that extract wherein after receiving the DHCP response of answer, and this DHCP of DHCP Snooping unit forwards respond to user terminal.802.1x behind the authentication success; Access switch can be preserved the user-accessible resource information that 26 attributes of Radius server through the RadiusAccess-Accept message issue; 802.1x the unit issues the hardware ACL list item of the accessible resource of user terminal; Its IP address will receive the restriction of hardware ACL list item when the flow of this user terminal was through access switch at this moment, can only visit the network segment of permission.
Said convergence switch is connected with access switch, utilizes TU Trunk Unit to give Dynamic Host Configuration Protocol server with the DHCP request relaying that access switch imports into.
After the TU Trunk Unit of convergence switch is received the DHCP request from access switch, only be responsible for giving Dynamic Host Configuration Protocol server the DHCP relaying data packets, convergence switch can not be launched the function of DHCP relay Option 82.
Said Dynamic Host Configuration Protocol server is connected with convergence switch, and Option 82 information that prestore in Option 82 information of DHCP request and the Dynamic Host Configuration Protocol server are compared; If in Dynamic Host Configuration Protocol server, there is the Option 82 of Option 82 information matches of asking with DHCP, then the IP in these Option 82 corresponding address pool is distributed to the DHCP request, otherwise, reject said DHCP request.
The method of in Dynamic Host Configuration Protocol server, searching corresponding information is: owing in Dynamic Host Configuration Protocol server, dispose a lot of Option 82; The corresponding address pool of configuration under each different Option 82 information; If one of them Option 82 on the Option 82 information matches Dynamic Host Configuration Protocol server in the DHCP of the user terminal request; Then distributing IP is asked to DHCP from corresponding address pool, if do not mate any address pool, then can reject request.
Said Radius server is connected with convergence switch, and user terminal is verified through the dot1x request that access switch transmits; And behind the 802.1x authentication success, issue the accessible resource information of user terminal to access switch through convergence switch.
The workflow of native system is following: user terminal sends the DHCP request to Dynamic Host Configuration Protocol server; After user's DHCP request is intercepted and captured in the DHCP Snooping unit of access switch; Additional default value in the Option 82 of DHCP request (its neutron option one indication user vlan and port; Sub-option 2 is deposited the MAC Address of access switch) to DHCP request message afterbody; Other part of DHCP request message is not made an amendment, send to convergence switch then, the TU Trunk Unit of convergence switch asks relaying to give Dynamic Host Configuration Protocol server DHCP.
After Dynamic Host Configuration Protocol server is received the DHCP request; According to pre-configured Option 82 contents distributing IP from the corresponding address pond; For example Option 82 sub-option ones are " Vlan1+Ethernert1/1 "; Preset address pool is IP1/MASK1, and the DHCP that will add IP then responds and sends to access switch through convergence switch; After the DHCP response of answer was received in the DHCP Snooping unit of access switch, the IP, MAC and the port information that extract wherein sent to the 802.1x unit, and this DHCP of DHCP Snooping unit forwards respond to user terminal.
802.1x behind the authentication success; Access switch can be preserved the user-accessible resource information that 26 attributes of Radius server through the RadiusAccess-Accept message issue; 802.1x the unit issues the hardware ACL list item of the accessible resource of user terminal; Its IP address will receive the restriction of hardware ACL list item when the flow of this user terminal was through access switch at this moment, can only visit the network segment of permission.
The present invention had both utilized DHCP characteristic easily, had utilized the security authentication mechanism of 802.1x again, and a kind of method of access network of user terminal safe ready is provided, and realized that simultaneously the control user terminal inserts the purpose of authority.
Above-mentioned preferred embodiment of the present invention and the institute's application technology principle of being merely, any technical staff who is familiar with the present technique field is in the technical scope that the present invention discloses, and the variation that can expect easily or replacement all should be encompassed in protection scope of the present invention.
Claims (10)
1. insert authority control method based on DHCP and 802.1x, it is characterized in that, comprise the steps:
A, user terminal send to Dynamic Host Configuration Protocol server through access switch and convergence switch with the DHCP request; Wherein, said user terminal all is connected with access switch with convergence switch, and said Dynamic Host Configuration Protocol server is connected with convergence switch;
B, Dynamic Host Configuration Protocol server analyze the DHCP request, according to analysis result, reject the DHCP request, or will the IP corresponding add with the DHCP request DHCP respond in after through compiling switch and access switch is handed down to user terminal;
C, the DHCP that issues as if user terminal acquisition Dynamic Host Configuration Protocol server respond, and then user terminal obtains the IP address, initiates the 802.1x authentication then;
Behind D, the user terminal 802.1x authentication success, the Radius server issues the accessible resource information of user terminal to access switch through convergence switch;
The accessible resource information of the user terminal that E, access switch basis are imported into, the authority of configure user accessing terminal to network.
2. according to claim 1 based on DHCP and 802.1x access authority control method, it is characterized in that said steps A specifically comprises:
The DHCP unit of A1, user terminal sends the DHCP request to access switch;
The DHCP Snooping unit of A2, access switch is additional default value in the Option 82 of DHCP request, through convergence switch the DHCP request is transferred to Dynamic Host Configuration Protocol server then.
3. according to claim 2 based on DHCP and 802.1x access authority control method; It is characterized in that; In the Option 82 of DHCP request, adding default value in the said steps A 2 specifically comprises: the sub-option one of Option82 is made as user vlan and port information, and sub-option 2 is made as the CPU MAC Address of access switch.
4. according to claim 3 based on DHCP and 802.1x access authority control method, it is characterized in that said step B specifically comprises:
B1, Dynamic Host Configuration Protocol server compare Option 82 information that prestore in Option 82 information of DHCP request and the Dynamic Host Configuration Protocol server; If in Dynamic Host Configuration Protocol server, there is the Option 82 of Option 82 information matches of asking with DHCP, then the IP in these Option 82 corresponding address pool is distributed to the DHCP request, otherwise, reject said DHCP request;
The DHCP that B2, Dynamic Host Configuration Protocol server will add said IP responds, and is handed down to access switch through convergence switch;
B3, access switch are peeled off Option 82 information in the DHCP response, DHCP is responded be handed down to user terminal then.
5. according to claim 4 based on DHCP and 802.1x access authority control method; It is characterized in that; Among the said step D; 26 attributes (Vendor-Specific Attribute, manufacturer's attribute) of Radius server by utilizing Access-Accept (receiving visit) message are handed down to the access switch preservation with the accessible resource information of user terminal.
6. according to claim 5 based on DHCP and 802.1x access authority control method; It is characterized in that; In the said step e, access switch issues the hardware ACL list item of user terminal accessible resource according to the accessible resource information of the user terminal that imports into; And, control the authority of accessing user terminal to network through the network segment that this IP address in the IP address corresponding hardware ACL list item of user terminal is limited.
7. insert authority control system based on DHCP and 802.1x, it is characterized in that, comprising:
User terminal utilizes the DHCP unit through access switch and convergence switch the DHCP request to be sent to Dynamic Host Configuration Protocol server; And, obtain the IP address receiving after DHCP that Dynamic Host Configuration Protocol server issues responds, initiate the 802.1x authentication then;
The Radius server is connected with convergence switch, behind the 802.1x authentication success, issues the accessible resource information of user terminal to access switch through convergence switch;
Access switch is connected with user terminal, utilizes DHCP Snooping unit additional default value in the Option 82 of DHCP request, through convergence switch the DHCP request is transferred to Dynamic Host Configuration Protocol server then; And the accessible resource information of the user terminal that issues according to the Radius server; Issue the hardware ACL list item of user terminal accessible resource; Thereby through the network segment that this IP address in the IP address corresponding hardware ACL list item of user terminal is limited, the authority of control accessing user terminal to network.
Convergence switch is connected with access switch, utilizes TU Trunk Unit to give Dynamic Host Configuration Protocol server with the DHCP request relaying that access switch imports into;
Dynamic Host Configuration Protocol server is connected with convergence switch, and Option 82 information that prestore in Option 82 information of DHCP request and the Dynamic Host Configuration Protocol server are compared; If in Dynamic Host Configuration Protocol server, there is the Option 82 of Option 82 information matches of asking with DHCP, then the IP in these Option 82 corresponding address pool is distributed to the DHCP request, otherwise, reject said DHCP request.
8. according to claim 7 based on DHCP and 802.1x access authority control system; It is characterized in that; The said default value that in the Option 82 of DHCP request, adds specifically comprises: the sub-option one of Option 82 is made as user vlan and port information, and sub-option 2 is made as the CPU MAC Address of access switch.
9. according to claim 8ly insert authority control system based on DHCP and 802.1x, it is characterized in that, said access switch is peeled off DHCP that Dynamic Host Configuration Protocol server issues Option 82 information in responding, and DHCP is responded be handed down to user terminal then.
10. according to claim 9 based on DHCP and 802.1x access authority control system; It is characterized in that; 26 attributes of said Radius server by utilizing Access-Accept message (Vendor-Specific Attribute, manufacturer's attribute) are handed down to the access switch preservation with the accessible resource information of user terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100153309A CN102447709A (en) | 2012-01-17 | 2012-01-17 | Access authority control method and system based on DHCP (Dynamic host configuration protocol) and 802.1x |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100153309A CN102447709A (en) | 2012-01-17 | 2012-01-17 | Access authority control method and system based on DHCP (Dynamic host configuration protocol) and 802.1x |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102447709A true CN102447709A (en) | 2012-05-09 |
Family
ID=46009798
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100153309A Pending CN102447709A (en) | 2012-01-17 | 2012-01-17 | Access authority control method and system based on DHCP (Dynamic host configuration protocol) and 802.1x |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102447709A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103209107A (en) * | 2013-04-08 | 2013-07-17 | 汉柏科技有限公司 | Method for realizing user access control |
| CN103561129A (en) * | 2013-11-04 | 2014-02-05 | 神州数码网络(北京)有限公司 | Secure access and real-time updating method and interchanger |
| CN104144491A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Method and system used for positioning WiFi terminal in real time |
| CN107528930A (en) * | 2016-06-21 | 2017-12-29 | 北京北信源软件股份有限公司 | Towards the network admittance state fast switch over method and system of DHCP terminals |
| CN107534664A (en) * | 2015-04-29 | 2018-01-02 | 安移通网络公司 | For the multifactor mandate for the network for enabling IEEE 802.1X |
| WO2022052496A1 (en) * | 2020-09-10 | 2022-03-17 | 华为技术有限公司 | Address reservation method, network device, and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070234419A1 (en) * | 2006-03-28 | 2007-10-04 | Canon Kabushiki Kaisha | Image forming apparatus, control method thereof, system, program, and storage medium |
| CN101414998A (en) * | 2007-10-15 | 2009-04-22 | 华为技术有限公司 | Communication method, system and equipment based on authentication mechanism conversion |
| CN101599967A (en) * | 2009-06-29 | 2009-12-09 | 杭州华三通信技术有限公司 | Authority control method and system based on the 802.1x Verification System |
| CN102255918A (en) * | 2011-08-22 | 2011-11-23 | 神州数码网络(北京)有限公司 | DHCP (Dynamic Host Configuration Protocol) Option 82 based user accessing authority control method |
-
2012
- 2012-01-17 CN CN2012100153309A patent/CN102447709A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070234419A1 (en) * | 2006-03-28 | 2007-10-04 | Canon Kabushiki Kaisha | Image forming apparatus, control method thereof, system, program, and storage medium |
| CN101414998A (en) * | 2007-10-15 | 2009-04-22 | 华为技术有限公司 | Communication method, system and equipment based on authentication mechanism conversion |
| CN101599967A (en) * | 2009-06-29 | 2009-12-09 | 杭州华三通信技术有限公司 | Authority control method and system based on the 802.1x Verification System |
| CN102255918A (en) * | 2011-08-22 | 2011-11-23 | 神州数码网络(北京)有限公司 | DHCP (Dynamic Host Configuration Protocol) Option 82 based user accessing authority control method |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103209107A (en) * | 2013-04-08 | 2013-07-17 | 汉柏科技有限公司 | Method for realizing user access control |
| CN103209107B (en) * | 2013-04-08 | 2016-08-17 | 汉柏科技有限公司 | A kind of method realizing user access control |
| CN104144491A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Method and system used for positioning WiFi terminal in real time |
| CN104144491B (en) * | 2013-05-10 | 2017-12-29 | 中国电信股份有限公司 | A kind of method and system to the real-time positioning of WiFi terminal |
| CN103561129A (en) * | 2013-11-04 | 2014-02-05 | 神州数码网络(北京)有限公司 | Secure access and real-time updating method and interchanger |
| CN107534664A (en) * | 2015-04-29 | 2018-01-02 | 安移通网络公司 | For the multifactor mandate for the network for enabling IEEE 802.1X |
| US10742637B2 (en) | 2015-04-29 | 2020-08-11 | Hewlett Packard Enterprise Development Lp | Multi-factor authorization for IEEE 802.1x-enabled networks |
| US11489826B2 (en) | 2015-04-29 | 2022-11-01 | Hewlett Packard Enterprise Development Lp | Multi-factor authorization for IEEE 802.1x-enabled networks |
| CN107528930A (en) * | 2016-06-21 | 2017-12-29 | 北京北信源软件股份有限公司 | Towards the network admittance state fast switch over method and system of DHCP terminals |
| CN107528930B (en) * | 2016-06-21 | 2020-12-08 | 北京北信源软件股份有限公司 | Network access state fast switching method and system facing DHCP terminal |
| WO2022052496A1 (en) * | 2020-09-10 | 2022-03-17 | 华为技术有限公司 | Address reservation method, network device, and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102255918A (en) | DHCP (Dynamic Host Configuration Protocol) Option 82 based user accessing authority control method | |
| CN107819732B (en) | Method and device for user terminal to access local network | |
| CN100437550C (en) | Ethernet confirming access method | |
| US20150200954A1 (en) | Method and system for using virtual tunnel end-point registration and virtual network identifiers to manage virtual extensible local area network access | |
| US8201221B2 (en) | Data transmission control on network | |
| US20080209071A1 (en) | Network relay method, network relay apparatus, and network relay program | |
| CN100574237C (en) | Act on behalf of cut-in method, control network devices and act on behalf of connecting system | |
| WO2015096737A1 (en) | Method, apparatus and system for controlling auto-provisioning of network device | |
| US20140230044A1 (en) | Method and Related Apparatus for Authenticating Access of Virtual Private Cloud | |
| CN102447709A (en) | Access authority control method and system based on DHCP (Dynamic host configuration protocol) and 802.1x | |
| CN102438028B (en) | A kind of prevent Dynamic Host Configuration Protocol server from cheating method, Apparatus and system | |
| CN102404346A (en) | Method and system for controlling access right of internet users | |
| CN102571811A (en) | User access authority control system and method thereof | |
| US11265244B2 (en) | Data transmission method, PNF SDN controller, VNF SDN controller, and data transmission system | |
| CN101197785A (en) | MAC authentication method and apparatus | |
| US10917406B2 (en) | Access control method and system, and switch | |
| WO2017107871A1 (en) | Access control method and network device | |
| US20210234835A1 (en) | Private cloud routing server connection mechanism for use in a private communication architecture | |
| EP3932044B1 (en) | Automatic distribution of dynamic host configuration protocol (dhcp) keys via link layer discovery protocol (lldp) | |
| CN117119463A (en) | CPE security authentication method and system for 5G private network | |
| US20130263213A1 (en) | Techniques for identity and policy based routing | |
| CN115134175B (en) | Security communication method and device based on authorization strategy | |
| CN110933018B (en) | Network authentication method, device and computer storage medium | |
| CN102447710B (en) | A kind of access privilege control method and system | |
| CN114884771B (en) | Identity network construction method, device and system based on zero trust concept |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120509 |
|
| RJ01 | Rejection of invention patent application after publication |