CN102594684A - RADIUS message processing method and network access device - Google Patents
RADIUS message processing method and network access device Download PDFInfo
- Publication number
- CN102594684A CN102594684A CN2012100370866A CN201210037086A CN102594684A CN 102594684 A CN102594684 A CN 102594684A CN 2012100370866 A CN2012100370866 A CN 2012100370866A CN 201210037086 A CN201210037086 A CN 201210037086A CN 102594684 A CN102594684 A CN 102594684A
- Authority
- CN
- China
- Prior art keywords
- access
- response message
- equipment
- port
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides an RADIUS message processing method and a network access device. The method comprises the following steps that: a first device receives an access request of a client side according to a virtual router redundancy protocol; and the first device transmits an access request message to an RADIUS server. The method can realize a hot backup function of the RADIUS message, and the access control on users in an RADIUS mode cannot be influenced even if one of the devices or certain port has fault.
Description
Technical field
The present invention relates to the communications field, specifically, relate to a kind of processing method and network access equipment of RADIUS message.
Background technology
RADIUS (Remote Authentication Dial In User Service; The remote customer dialing authentication system) is a kind of AAA (Authentication, Authorization, Accounting; Checking, authorization and accounting) the network application agreement of type, be used for functions such as authentication.This agreement has realized the Long-distance Control for user's access.
Virtual Router Redundancy Protocol (VRRP) is a kind of selection agreement, and it can be in the VRRP router of the responsibility dynamic assignment of a virtual router to the local area network (LAN).The VRRP router of control virtual router ip address is called active router, and it is responsible for transmitting packet to these virtual ip address.In case active router is unavailable, this selection course just provides dynamic failover mechanisms, and this just allows the IP address of virtual router to can be used as acquiescence first hop router of end host.The benefit of using VRRP is the availability of higher default path is arranged and to need not configuration dynamic routing or route discovery protocols on each end host.VRRP seals to be contained in the IP bag and sends.In commercial environment, need to guarantee that the heat of RADIUS message is equipped with, even a link breaks down, do not influence user's functions such as access authentication and mandate yet.And the heat that does not have the radius client message at present is equipped with technology; Prior art can only realize the cold standby technology of radius client message; This technological deficiency is: when link broke down, new calling can only be initiated in the terminal, had sent the RADIUS request message before and can't return; Can cause user's overtime failure of reaching the standard grade, also can cause the inconsistent problem of radius server User Status.
Summary of the invention
The technical problem that the present invention will solve provides a kind of processing method and network access equipment of RADIUS message, to realize the hot-backup function of RADIUS message.
In order to solve the problems of the technologies described above, the invention provides the processing method of a kind of remote customer dialing authentication system (RADIUS) message, comprising:
First equipment receives the access request of client according to Virtual Router Redundancy Protocol;
First equipment sends to radius server and inserts request message.
Further, said method also has following characteristics: also comprise:
First equipment receives the access response message of said radius server;
Destination interface according to said access response message carries is handled said access response message.
Further, said method also has following characteristics: said destination interface information of carrying according to said access response message is handled said access response message and is comprised:
First equipment judges whether said destination interface is consistent with the port of this locality configuration; If it is consistent; Then said access response message is resolved,, then said access response message is transmitted to second equipment if inconsistent; Wherein, first equipment has identical virtual address and different port informations with second configuration of devices.
Further, said method also has following characteristics: said before radius server sends the access request message, also comprise:
Source address in the said access request message is extended this as said virtual address, the source port in the said access request message is extended this as local pre-configured port information.
In order to address the above problem, the present invention also provides a kind of network access equipment, comprising:
Receiver module is used for receiving according to Virtual Router Redundancy Protocol the access request of client;
Sending module is used for sending the access request message to radius server.
Further, above-mentioned network access equipment also has following characteristics: also comprise processing module,
Said receiver module also is used to receive the access response message of said radius server;
Said processing module, the destination interface that is used for carrying according to said access response message is handled said access response message.
Further, above-mentioned network access equipment also has following characteristics: said processing module comprises:
Judging unit is used to judge whether said destination interface is consistent with the port of this locality configuration;
Resolution unit is used under the situation of said judgment unit judges unanimity, said access response message being resolved;
Retransmission unit is used under the inconsistent situation of said judgment unit judges, said access response message being transmitted to the particular network access device;
Wherein, virtual address that said network access equipment is identical with disposing of said particular network access device and different port informations.
Further, above-mentioned network access equipment also has following characteristics:
Said sending module also was used for before radius server sends the access request message, and the source address in the said access request message is extended this as said virtual address, and the source port in the said access request message is extended this as local pre-configured port information.
Further, above-mentioned network access equipment also has following characteristics: also comprise,
Configuration module, being used for the port arrangement that connects client is to launch the attribute of Virtual Router Redundancy Protocol, and port that connects client and uplink port are bound; Dispose a virtual address and port information.
To sum up, the present invention provides a kind of processing method and network access equipment of RADIUS message, realizing the hot-backup function of RADIUS message, even wherein an equipment or certain port break down, does not also influence with the RADIUS mode user is carried out access control.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of specification, is used to explain the present invention with embodiments of the invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the sketch map of the network access equipment of the embodiment of the invention;
Fig. 2 is the flow chart of processing method of the RADIUS message of the embodiment of the invention;
Fig. 3 is the network diagram of the embodiment of the invention;
Fig. 4 is the flow chart of processing method of the RADIUS message of another embodiment of the present invention.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, hereinafter will combine accompanying drawing that embodiments of the invention are elaborated.Need to prove that under the situation of not conflicting, embodiment among the application and the characteristic among the embodiment be combination in any each other.
Fig. 1 is the sketch map of the network access equipment of the embodiment of the invention, and is as shown in Figure 1, and the network access equipment of present embodiment comprises:
Receiver module is used for receiving according to Virtual Router Redundancy Protocol the access request of client;
Sending module is used for sending the access request message to radius server.
Wherein, the network access equipment of present embodiment can also comprise: processing module,
Said receiver module also is used to receive the access response message of said radius server;
Said processing module, the destination interface that is used for carrying according to said access response message is handled said access response message.
Wherein, said processing module comprises:
Judging unit is used to judge whether said destination interface is consistent with the port of this locality configuration;
Resolution unit is used under the situation of said judgment unit judges unanimity, said access response message being resolved;
Retransmission unit is used under the inconsistent situation of said judgment unit judges, said access response message being transmitted to the particular network access device;
Wherein, virtual address that said network access equipment is identical with disposing of said particular network access device and different port informations.
Wherein, Said sending module also was used for before radius server sends the access request message; Source address in the said access request message is extended this as said virtual address, the source port in the said access request message is extended this as local pre-configured port information.
The network access equipment of present embodiment can also comprise:
Configuration module, being used for the port arrangement that connects client is to launch the attribute of Virtual Router Redundancy Protocol, and port that connects client and uplink port are bound; Dispose a virtual address and port information.
Fig. 2 is the flow chart of processing method of the RADIUS message of the embodiment of the invention, and as shown in Figure 2, the method for present embodiment comprises following step:
S10, first equipment receive the access request of client according to Virtual Router Redundancy Protocol;
S20, first equipment send to radius server and insert request message.
Can also comprise following step:
S30, first equipment receive the access response message of said radius server, according to the destination interface that said access response message carries said access response message are handled.
With a specific embodiment method of the present invention is carried out detailed explanation below.
Fig. 3 is the network diagram of the embodiment of the invention, and is as shown in Figure 3, and two equipment NAS (network access server) A and NAS B are equipped with as heat, to realize that any one is broken down among link A, B and link D, the E, professional unaffected.
At first; The interface enabling VRRP that is connected link D and link E of configuration device NAS A and NAS B; And bind (port that is link D is bound with the uplink port of link B, the uplink port binding of the port of link E and link A) respectively with the uplink port that is connected link A and link B; On equipment NAS A and NAS B, dispose identical RADIUS message virtual source address and different port ranges (source port of two equipment can not be identical) respectively.
NAS A and NAS B dispose same virtual address, and the port that connects link D and link E adopts the VRRP agreement, and VRRP associate device uplink port: when link A was in the state of down (unavailable), then link D master used state; When link B was in the state of down, then link E master used state.
Do routing optimization on the router, mail to preferred route to the virtual address of NAS A and NAS B.Configuration link A is different according to COST (expense) with link B on router, selects wherein one to be preferred route.
The source address of the RADIUS message that NAS A and NAS B are up extends this as this virtual address; Mail to preferred route (for example link A) by the descending RADIUS of router; NAS A inspection RADIUS message does not belong to self to be handled, and then is forwarded to NAS B through link C, and NAS B accomplishes to insert and handles.
Fig. 4 is the flow chart of processing method of the RADIUS message of another embodiment of the present invention, and is as shown in Figure 4, comprises following step:
The RADIUS response message that step 103, radius server return; Router mails to preferred route (for example, link A) with the RADIUS response message, and preferred route is come out through the COST dynamic calculation; The route that COST is little is only preferential route, and the route COST at faulty link place is infinitely great;
One of ordinary skill in the art will appreciate that all or part of step in the said method can instruct related hardware to accomplish through program, said program can be stored in the computer-readable recording medium, like read-only memory, disk or CD etc.Alternatively, all or part of step of the foregoing description also can use one or more integrated circuits to realize.Correspondingly, each the module/unit in the foregoing description can adopt the form of hardware to realize, also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form.
More than be merely the preferred embodiments of the present invention; Certainly; The present invention also can have other various embodiments; Under the situation that does not deviate from spirit of the present invention and essence thereof, those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (9)
1. the processing method of a remote customer dialing authentication system (RADIUS) message comprises:
First equipment receives the access request of client according to Virtual Router Redundancy Protocol;
First equipment sends to radius server and inserts request message.
2. the method for claim 1 is characterized in that: also comprise:
First equipment receives the access response message of said radius server;
Destination interface according to said access response message carries is handled said access response message.
3. method as claimed in claim 2 is characterized in that: said destination interface information of carrying according to said access response message is handled said access response message and is comprised:
First equipment judges whether said destination interface is consistent with the port of this locality configuration; If it is consistent; Then said access response message is resolved,, then said access response message is transmitted to second equipment if inconsistent; Wherein, first equipment has identical virtual address and different port informations with second configuration of devices.
4. like each described method of claim 1-3, it is characterized in that: said before radius server sends the access request message, also comprise:
Source address in the said access request message is extended this as said virtual address, the source port in the said access request message is extended this as local pre-configured port information.
5. network access equipment comprises:
Receiver module is used for receiving according to Virtual Router Redundancy Protocol the access request of client;
Sending module is used for sending the access request message to radius server.
6. network access equipment as claimed in claim 5 is characterized in that: also comprise processing module,
Said receiver module also is used to receive the access response message of said radius server;
Said processing module, the destination interface that is used for carrying according to said access response message is handled said access response message.
7. network access equipment as claimed in claim 6 is characterized in that: said processing module comprises:
Judging unit is used to judge whether said destination interface is consistent with the port of this locality configuration;
Resolution unit is used under the situation of said judgment unit judges unanimity, said access response message being resolved;
Retransmission unit is used under the inconsistent situation of said judgment unit judges, said access response message being transmitted to the particular network access device;
Wherein, virtual address that said network access equipment is identical with disposing of said particular network access device and different port informations.
8. device as claimed in claim 5 is characterized in that:
Said sending module also was used for before radius server sends the access request message, and the source address in the said access request message is extended this as said virtual address, and the source port in the said access request message is extended this as local pre-configured port information.
9. like each described network access equipment of claim 5-8, it is characterized in that: also comprise,
Configuration module, being used for the port arrangement that connects client is to launch the attribute of Virtual Router Redundancy Protocol, and port that connects client and uplink port are bound; Dispose a virtual address and port information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210037086.6A CN102594684B (en) | 2011-11-28 | 2012-02-17 | A kind of processing method and network access equipment of RADIUS messages |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103839217 | 2011-11-28 | ||
| CN201110383921.7 | 2011-11-28 | ||
| CN201110383921 | 2011-11-28 | ||
| CN201210037086.6A CN102594684B (en) | 2011-11-28 | 2012-02-17 | A kind of processing method and network access equipment of RADIUS messages |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102594684A true CN102594684A (en) | 2012-07-18 |
| CN102594684B CN102594684B (en) | 2018-03-20 |
Family
ID=46482900
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210037086.6A Active CN102594684B (en) | 2011-11-28 | 2012-02-17 | A kind of processing method and network access equipment of RADIUS messages |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102594684B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10250581B2 (en) | 2013-04-09 | 2019-04-02 | Zte Corporation | Client, server, radius capability negotiation method and system between client and server |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340339A (en) * | 2008-08-15 | 2009-01-07 | 杭州华三通信技术有限公司 | Wideband access server cluster system and apparatus |
| CN102025476A (en) * | 2009-09-23 | 2011-04-20 | 中兴通讯股份有限公司 | Method for realizing user port positioning in BRAS (Broadband Remote Access Server) multicomputer backup scene and network system |
| CN102137021A (en) * | 2011-03-31 | 2011-07-27 | 北京傲天动联技术有限公司 | Remote redundancy back-up method of access controllers |
-
2012
- 2012-02-17 CN CN201210037086.6A patent/CN102594684B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340339A (en) * | 2008-08-15 | 2009-01-07 | 杭州华三通信技术有限公司 | Wideband access server cluster system and apparatus |
| CN102025476A (en) * | 2009-09-23 | 2011-04-20 | 中兴通讯股份有限公司 | Method for realizing user port positioning in BRAS (Broadband Remote Access Server) multicomputer backup scene and network system |
| CN102137021A (en) * | 2011-03-31 | 2011-07-27 | 北京傲天动联技术有限公司 | Remote redundancy back-up method of access controllers |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10250581B2 (en) | 2013-04-09 | 2019-04-02 | Zte Corporation | Client, server, radius capability negotiation method and system between client and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102594684B (en) | 2018-03-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7693056B2 (en) | Method and system for a communication node with a plurality of network interfaces | |
| US7903543B2 (en) | Method, apparatus and program storage device for providing mutual failover and load-balancing between interfaces in a network | |
| US9659075B2 (en) | Providing high availability in an active/active appliance cluster | |
| EP1379038A1 (en) | Method for implementing router interface backup with virtual router redundancy protocol | |
| EP2151102B1 (en) | Backup network connectivity | |
| CN101060533B (en) | A method, system and device for improving the reliability of VGMP protocol | |
| CN102970160B (en) | The method and apparatus of a kind of auxiliary monitor terminal and standby server high-speed traffic | |
| US10742768B2 (en) | Relaying system and method of transmitting IP address of client to server using encapsulation protocol | |
| WO2021008591A1 (en) | Data transmission method, device, and system | |
| CN101442429B (en) | Method and system for implementing disaster-tolerating of business system | |
| CN102916897A (en) | Method and equipment for realizing VRRP load sharing | |
| CN102651711B (en) | A kind of methods, devices and systems set up and use the floating network segment | |
| US20130223214A1 (en) | Switch device, information processing apparatus, and method of controlling switching device | |
| WO2023125271A1 (en) | 5g user terminal ip address confirmation method, apparatus and system | |
| CN112994946A (en) | Link aggregation method | |
| JP5584104B2 (en) | Session management system, session management device | |
| CN102594684A (en) | RADIUS message processing method and network access device | |
| US11489764B2 (en) | Failover system and method for diverting data traffic over a replacement access network | |
| CN103368841A (en) | Message forwarding method and device thereof | |
| CN112463204A (en) | Pile service program gray level release method without sensing of direct connection charging pile | |
| CN102045259A (en) | Packet switching equipment and method for managing customer service | |
| CN113037622A (en) | System and method for preventing BFD oscillation | |
| CN105991629A (en) | TCP (transmission control protocol) connection establishment method and device | |
| CN114826887B (en) | Private network connection communication method and system | |
| CN117499293B (en) | Routing table maintenance method, path selection method, device, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |