CN102594938A - Portal secondary address authentication method and device - Google Patents
Portal secondary address authentication method and device Download PDFInfo
- Publication number
- CN102594938A CN102594938A CN2012100326670A CN201210032667A CN102594938A CN 102594938 A CN102594938 A CN 102594938A CN 2012100326670 A CN2012100326670 A CN 2012100326670A CN 201210032667 A CN201210032667 A CN 201210032667A CN 102594938 A CN102594938 A CN 102594938A
- Authority
- CN
- China
- Prior art keywords
- dhcp
- address
- client
- message
- host configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a Portal secondary address authentication method and a Portal secondary address authentication device. The method is applied to network access equipment with a dynamic host configuration protocol (DHCP) relay function, and comprises the following steps that: the network access equipment intercepts a DHCP renewal message transmitted by a client; the network access equipment modifies the DHCP renewal message when the authentication state of a client user indicates that the client user passes authentication to carry a public network gateway address in the DHCP renewal message, and transmits the DHCP renewal message to a DHCP server to trigger the DHCP server to transmit a DHCP negative acknowledgement (NAK) message to the client; and after receiving the DHCP NAK message, the client releases a currently used Internet protocol (IP) address, and reapplies for an IP address.
Description
Technical field
The present invention relates to the network communications technology, particularly Portal second level address authentication method and device.
Background technology
Portal is the meaning of inlet in English.The Portal authentication is also referred to as web authentication usually, generally the Portal authentication website is called portal website.As for the authentication of portal second level address; It is meant that the user obtains a private network IP address through DHCP (DHCP) before authentication; This private network IP address only allows the user capture Portal server, and the free access address of setting, after authentification of user passes through; The user can apply for a public network IP address, utilizes this public network IP address to get final product accessing network resources.This portal second level address authentication has solved IP address planning and assignment problem, and the unverified user who passes through is not distributed public network IP address, and for example operator only just distributes public network IP when the visited cell external resource for the sub-district broadband user.
Referring to Fig. 1, Fig. 1 shows Portal second level address identifying procedure figure.As shown in Figure 1, this flow process can may further comprise the steps:
Step 101, the client start is through private network IP address of DHCP application.
DHCP, it is used for being network configuration parameters such as network equipment dynamic assignment IP address.DHCP adopts the client/server communication pattern, is filed an application to Dynamic Host Configuration Protocol server by client, and Dynamic Host Configuration Protocol server is returned as the client IP address allocated, to realize the dynamic assignment of IP address.
Step 102, client are sent the HTTP message that is used for the user is carried out authentication through http protocol.
When access device received the HTTP message, for the HTTP message of the free access address of visiting Portal server or setting, access device allowed it to pass through; For the HTTP message of other network address of visit, access device is redirected to Portal server with it.
Step 103, it is mutual to carry out authentication between Portal server and the access device.
Portal server provides the Web page to the user through access device, so that the user imports username and password at this Web page, access device sends to Portal server with the username and password of user's input.
Step 104, the username and password that Portal server is imported the user is assembled into authentication request packet and mails to access device, and the opening timing device is waited for the authentication response message simultaneously.
Step 105, when access device received authentication request packet, the opening entry state of user was for through authentication state, and and radius server between carry out the mutual of radius protocol message.
The radius protocol message of access device through standard sends to radius server with the username and password in the authentication request packet and carries out authentication, and radius server return authentication result gives access device.
Step 106, the authentication result that access device returns at radius server are authentication when passing through, and send the authentication response message to Portal server, and upgrade User Status for passing through authentication state.
Step 107, Portal server sends authentication through message to client, the success of notice client certificate.
Step 108, after client received that message is passed through in authentication, client software notice Dynamic Host Configuration Protocol server discharged the private network IP address that this client has been applied for.
This client software is the terminal institute installed software of the said client of operation, is used to trigger client and discharges private network IP address, and trigger client and after discharging private network IP address, apply for public network IP address again.
Step 109, client software trigger client and apply for public network IP address again through DHCP after the private network IP address that client has been applied for is released.
Client is similar with the mode of applying for private network IP address through DHCP through the mode of DHCP application public network IP address.
Step 110, client software are after client obtains public network IP address, and notice is given Portal server.
Step 111, Portal server notice access device client obtains public network IP address, and the notice client is reached the standard grade successfully.
So far, accomplish Portal second level address identifying procedure shown in Figure 1.
Can find out from flow process shown in Figure 1; The authentication of existing P ortal second level address relies on the client software that is installed in the terminal; Need client software after the user is through authentication; The notice Dynamic Host Configuration Protocol server discharges the private network IP address that client has been applied for, and triggers client and apply for public network IP address again.But; For client software not being installed or because the system configuration problem can't be installed the equipment of client software; Like the cell phone apparatus among the mobile network, after the user is through authentication, does not just have mechanism trigger to discharge the private network IP address that client obtained and trigger the operation that client is applied for public network IP address again; Even this can cause client can not apply for public network IP address through authentication, can't visit more Internet resources.
Summary of the invention
The invention provides a kind of Portal second level address authentication method, be used under the situation of no Portal client software, still realizing the authentication of Portal second level address.
Technical scheme provided by the invention comprises:
A kind of Portal second level address authentication method, this method is applied to have the network access equipment of DHCP relay relay function, and this method comprises:
A, the DHCP renewed treaty message that being used for of intercepting and capturing that client sends renews a contract to the IP address of having applied for, if self record this client user's authentication state for through authentication, execution in step B then;
B revises said DHCP renewed treaty message, makes to carry the public network gateway address in the DHCP renewed treaty message, and is sent to Dynamic Host Configuration Protocol server and sends the DHCP unsuccessful NAK message of renewing a contract to trigger Dynamic Host Configuration Protocol server;
C receives the DHCP NAK message that sends from Dynamic Host Configuration Protocol server, and is forwarded to client to trigger the client current IP address of using of release and to apply for the IP address again.
A kind of network access equipment that is applied to the authentication of Portal second level address, this network access equipment have DHCP relay relay function, comprising:
Record cell is used to write down each client user's that said network access equipment inserts authentication state;
Intercept and capture the unit, be used to intercept and capture the DHCP renewed treaty message of being renewed a contract in the IP address of having applied for from client being used for of sending, if said recording unit records this client user's authentication state for through authentication, then the transmission processing is notified to processing unit;
Processing unit is used to receive said processing notice, revises said DHCP renewed treaty message, makes to carry the public network gateway address in the said DHCP renewed treaty message, and is sent to Dynamic Host Configuration Protocol server and sends the DHCP unsuccessful NAK message of renewing a contract to trigger Dynamic Host Configuration Protocol server;
Receiving element is used to receive the DHCPNAK message that sends from Dynamic Host Configuration Protocol server, and is forwarded to client, discharges current IP address of using and applies for the IP address again to trigger client.
A kind of Dynamic Host Configuration Protocol server that is applied to the authentication of Portal second level address, this Dynamic Host Configuration Protocol server comprises:
Receiving element; Reception is from the DHCP renewed treaty message of network access equipment; Said network access equipment has DHCP relay realy function; It sends DHCP renewed treaty message through following steps: intercept and capture the DHCP renewed treaty message of being renewed a contract in the IP address of having applied for from client being used for of sending, in self record this client user's authentication state for through authentication the time, revise said DHCP renewed treaty message; Make and carry the public network gateway address in the DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server;
Comparing unit; Whether be used for the public network gateway address that IP address that the comparison client using and said DHCP renewed treaty message carry matees; If not; Then send the unsuccessful NAK message of DHCP renewed treaty,, discharge current IP address of using and apply for the IP address again to trigger said client so that said network access equipment is forwarded to client with said DHCP NAK message to said network access equipment.
Can find out by above technical scheme; Among the present invention; Network access equipment is intercepted and captured DHCP renewed treaty message, and in client user's authentication state for through authentication the time, in DHCP renewed treaty message, carry the public network gateway address and be sent to Dynamic Host Configuration Protocol server with triggering Dynamic Host Configuration Protocol server transmission DHCP NAK message; And after client receives DHCP NAK message, discharge current IP address of using and apply for the IP address again.That is to say that the present invention promptly through DHCP and Portal interlock, has realized under the situation of no Portal client software not by means of the Portal client software, still can carry out the authentication of Portal second level address.
Description of drawings
Fig. 1 shows Portal second level address identifying procedure figure;
The method flow diagram that Fig. 2 provides for the embodiment of the invention;
The detail flowchart that Fig. 3 provides for the embodiment of the invention;
Another detail flowchart that Fig. 4 provides for the embodiment of the invention;
The network access equipment structure chart that Fig. 5 provides for the embodiment of the invention;
Fig. 6 is a Dynamic Host Configuration Protocol server structure chart provided by the invention.
Embodiment
In order to make the object of the invention, technical scheme and advantage clearer, describe the present invention below in conjunction with accompanying drawing and specific embodiment.
Portal provided by the invention second level address authentication method; The Portal client software that need on the terminal, not describe in the extra loading background technology; Promptly under the situation of no Portal client software, realize Portal second level address authentication through DHCP and Portal interlock.Describe in the face of method provided by the invention down:
Referring to Fig. 2, the method flow diagram that Fig. 2 provides for the embodiment of the invention.The network access equipment of (relay) function that this method is applied to have DHCP relay, that is, this network access equipment has dhcp relay feature on the one hand, on the other hand, inserts client, has the function of three layers of access device.As shown in Figure 2, operation below this network access equipment is carried out:
Step 201, the DHCP renewed treaty message that being used for of intercepting and capturing that client sends renews a contract to the IP address of having applied for, if self record this client user's authentication state for through authentication, then execution in step 202.
Preferably; In this step 201,, then further comprise: revise DHCP renewed treaty message if said network access equipment has write down this client user's authentication state for not through authentication; Make and carry the private network gateway address in the DHCP renewed treaty message; And be sent to Dynamic Host Configuration Protocol server, whether the private network gateway address that IP address of being used by Dynamic Host Configuration Protocol server comparison client and said DHCP renewed treaty message carry matees, if not; Send unsuccessful (NAK) message of DHCP renewed treaty by Dynamic Host Configuration Protocol server to said network access equipment, return execution in step 203 afterwards.
Step 202 is revised said DHCP renewed treaty message, makes to carry the public network gateway address in the DHCP renewed treaty message, and is sent to Dynamic Host Configuration Protocol server and sends the DHCPNAK message to trigger Dynamic Host Configuration Protocol server.
Preferably; In this step 202, after Dynamic Host Configuration Protocol server received DHCP renewed treaty message, whether the public network gateway address that IP address that the comparison client is being used and said DHCP renewed treaty message carry mated; If, do not send the DHCPNAK message to said network access equipment by Dynamic Host Configuration Protocol server.
In this step 202; Whether the public network gateway address that IP address that the comparison client is being used and said DHCP message carry matees can be: whether the public network gateway address that IP address that the comparison client is being used and said DHCP message carry is in the same network segment; If; The public network gateway address coupling that IP address that then definite client is being used and said DHCP message carry; Otherwise, confirm that the public network gateway address that IP address that client is being used and said DHCP message carry does not match.
Step 203 receives the DHCP NAK message that sends from Dynamic Host Configuration Protocol server, and is forwarded to client, discharges current IP address of using and applies for the IP address again to trigger client.
So far, accomplish flow process shown in Figure 2.In flow process shown in Figure 2; Revise DHCP renewed treaty message and specifically can be the giaddr field of revising in the DHCP renewed treaty message; Wherein, This giaddr field be used to fill client send behind the message through first have the IP address of the equipment of dhcp relay feature, this first have a dhcp relay feature equipment also be above-mentioned public network gateway or private network gateway.In addition, flow process shown in Figure 2 is that example is described to DHCP renewed treaty message just, and to the DHCP request message, the present invention also has similar handling process, and reaching the standard grade from the user below begins to describe the present invention on the whole:
Referring to Fig. 3, the detail flowchart that Fig. 3 provides for the embodiment of the invention.This detailed process specifically may further comprise the steps:
Step 301, the client start is sent the DHCP message (being called for short the DHCP request message) that is used to apply for the IP address through DHCP afterwards.
When step 302, network access equipment are intercepted and captured the DHCP request message, filling the giaddr field in the said DHCP request message with the private network gateway address, and be sent to Dynamic Host Configuration Protocol server, is that said client is distributed private network IP address by said Dynamic Host Configuration Protocol server.
Because this moment, the user of client was also unverified, therefore, was the authentication state record that can not find this user on network access equipment; So; Preferably, among the present invention, network access equipment is filled the giaddr field in the said DHCP request message with the private network gateway address.
This step 301 to step 302 is than prior art, and difference is: among the present invention, it is the operation of client distributing IP address that network access equipment has been got involved Dynamic Host Configuration Protocol server, is Dynamic Host Configuration Protocol server and foundation is provided for client distributing IP address; And in the prior art, network access equipment just is used for transmitting effect, and promptly only the transmission of dhcp message is not participated in the concrete operations that Dynamic Host Configuration Protocol server is client distributing IP address to Dynamic Host Configuration Protocol server.
When step 304, network access equipment received the HTTP message, the HTTP message for the free access address of visiting Portal server or setting allowed it to pass through, and the HTTP message for other network address of visit is redirected to Portal server with it.
Portal server provides the Web page to the user through access device, so that the user imports username and password at this Web page, network access equipment sends to Portal server with the username and password of user's input.
The radius protocol message of network access equipment through standard sends to radius server with the username and password in the authentication request packet and carries out authentication, and radius server return authentication result gives access device.
Step 308, the authentication result that network access equipment returns at radius server are authentication when passing through, and send the authentication response message to Portal server, and upgrade User Status for passing through authentication state.
After step 310, client receive that message is passed through in authentication, continue to use private network IP address, reach the rental period renewed treaty during time, the DHCP message of the private network IP address that sending is used to renew a contract has applied for (being called for short DHCP renewed treaty message) when the rental period of private network IP address.
The so-called rental period renews a contract the time, it typically is the IP address of having applied for and reaches the half the time such as lease time limit of private network IP address.
Step 311; Network access equipment is intercepted and captured DHCP renewed treaty message; Since self record the authentication state of this client for through authentication, then make the giaddr field in the DHCP renewed treaty message into the public network gateway address, revised continued to Dynamic Host Configuration Protocol server forwarding DHCP renewed treaty message.
Description based on top each step can be known; When implementing this step 312; The current IP address of using of client is private network IP address, and the address in the giaddr field is the public network gateway address, and both obviously do not match; So, Dynamic Host Configuration Protocol server is sent to client through network access equipment with DHCP NAK message.
After step 313, client are received DHCP NAK message, discharge current private network IP address of using, and resend a DHCP request message that is used to apply for the IP address.
Step 314; After network access equipment is intercepted and captured the DHCP request message of client transmission; Since self record the authentication state of this client for through authentication, then make the giaddr field in the DHCP request message into the public network gateway address, and to Dynamic Host Configuration Protocol server transmission DHCP request message.
So far, client obtains new public network IP address, and the realization client is carried out the switching of private network IP address to public network IP address.Because all DHCP messages that client is sent all will pass through access device,, and the user is authorized according to user right so access device can perceive the public network IP address that client obtains.
So far, accomplish flow process shown in Figure 3.Flow process shown in Figure 3 is reached the standard grade with the user and is described into example, and it is the corresponding flow process of example with the user offline that the present invention also provides:
Referring to Fig. 4, another detail flowchart that Fig. 4 provides for the embodiment of the invention.This flow process with the user offline is example, and is as shown in Figure 4, and this flow process can may further comprise the steps:
Step 401, network access equipment are when knowing user offline, and this user's the authentication state of upgrading self record is for through authentication.
Here, client rolls off the production line and can be the user and initiatively roll off the production line or be forced through webpage and roll off the production line, and the present invention does not specifically limit.
In addition, can know that before user offline, client has been applied for and the IP address of using is public network IP address based on the user shown in Figure 3 description (such as the description of step 315) of reaching the standard grade.
Step 402, client reaches the rental period when renewing a contract the time in the rental period of the public network IP address of having applied for, sends the DHCP renewed treaty message of this public network IP address of having applied for that is used to renew a contract.
Step 403; Network access equipment is intercepted and captured DHCP renewed treaty message; Since self record the authentication state of this client respective user for not through authentication, then make the giaddr field in the DHCP renewed treaty message into the private network gateway address, revised continued to Dynamic Host Configuration Protocol server forwarding DHCP renewed treaty message.
After step 404, Dynamic Host Configuration Protocol server were received DHCP renewed treaty message, whether mated the IP address of the current use of inspection client and the address in the giaddr field; If coupling; Then send the successful message of renewing a contract to client, otherwise, through network access equipment DHCP NAK message is sent to client.
Because before user offline, client has been applied for and the IP address of using is public network IP address, so; When implementing this step 404; The current IP address of using of client is public network IP address, and the address in the giaddr field is the private network gateway address, and both obviously do not match; So, Dynamic Host Configuration Protocol server is sent to client through network access equipment with DHCP NAK message.
After step 405, client are received DHCP NAK message, discharge the current public network IP address that is using, and resend a DHCP request message that is used to apply for the IP address.
Step 406; After network access equipment is intercepted and captured the DHCP request message of client transmission; Since self record the authentication state of this client for not through authentication, then make the giaddr field in the DHCP request message into the private network gateway address, and to Dynamic Host Configuration Protocol server transmission DHCP request message.
So far, accomplish flow process shown in Figure 4.Through flow process shown in Figure 4, can the IP address of client application be switched to the private network network segment from public network IP address.
Need to prove; To method flow shown in Figure 4, network access equipment intercepting and capturing DHCP method of message can have multiple when specifically realizing at above-mentioned Fig. 2, such as being the redirected rule of ACL; Or the message of multinuclear datum plane identification; Or device hardware identification etc., because this is not an emphasis of the present invention, so do not introduce one by one at this.
So far, accomplishing method provided by the invention describes.Describe in the face of device provided by the invention down:
Referring to Fig. 5, the network access equipment structure chart that Fig. 5 provides for the embodiment of the invention.This network access equipment has DHCP relay relay function, and is as shown in Figure 5, can comprise:
Record cell is used to write down each client user's that said network access equipment inserts authentication state;
Intercept and capture the unit, be used to intercept and capture the DHCP renewed treaty message of being renewed a contract in the IP address of having applied for from client being used for of sending, if said recording unit records this client user's authentication state for through authentication, then the transmission processing is notified to processing unit;
Processing unit is used to receive said processing notice, revises said DHCP renewed treaty message, makes to carry the public network gateway address in the said DHCP renewed treaty message, and is sent to Dynamic Host Configuration Protocol server and sends the DHCP unsuccessful NAK message of renewing a contract to trigger Dynamic Host Configuration Protocol server;
Receiving element is used to receive the DHCPNAK message that sends from Dynamic Host Configuration Protocol server, and is forwarded to client, discharges current IP address of using and applies for the IP address again to trigger client.
Preferably; Among the present invention; Said processing unit further in said recording unit records this client user's authentication state for not through authentication the time; Revise DHCP renewed treaty message, make and carry the private network gateway address in the DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server; Send DHCP NAK message when private network gateway address that IP address that client using and said DHCP renewed treaty message carry does not match to trigger Dynamic Host Configuration Protocol server comparing, trigger said receiving element afterwards and carry out corresponding operating.
Preferably, among the present invention, the DHCP request message that is used to apply for the IP address that sends from client is is further intercepted and captured in said intercepting and capturing unit; Based on this; Said processing unit further in said recording unit records this client user's authentication state for through authentication the time; Revise said DHCP request message, make and carry the public network gateway address in the DHCP request message, and to be sent to Dynamic Host Configuration Protocol server be that said client is distributed public network IP address to trigger Dynamic Host Configuration Protocol server; Otherwise
Revise said DHCP request message, make and carry the private network gateway address in the said DHCP request message, and to be sent to Dynamic Host Configuration Protocol server be that said client is distributed private network IP address to trigger said Dynamic Host Configuration Protocol server.
In addition, the present invention also provides the Dynamic Host Configuration Protocol server structure of a kind of Portal of being applied to second level address authentication.Referring to Fig. 6, Fig. 6 is a Dynamic Host Configuration Protocol server structure chart provided by the invention.As shown in Figure 6, this Dynamic Host Configuration Protocol server comprises:
Receiving element; Reception is from the DHCP renewed treaty message of network access equipment; Said network access equipment has DHCP relay realy function; It sends DHCP renewed treaty message through following steps: intercept and capture the DHCP renewed treaty message of being renewed a contract in the IP address of having applied for from client being used for of sending, in self record this client user's authentication state for through authentication the time, revise said DHCP renewed treaty message; Make and carry the public network gateway address in the DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server;
Comparing unit; Whether be used for the public network gateway address that IP address that the comparison client using and said DHCP renewed treaty message carry matees; If not; Then send the unsuccessful NAK message of DHCP renewed treaty,, discharge current IP address of using and apply for the IP address again to trigger said client so that said network access equipment is forwarded to client with said DHCP NAK message to said network access equipment.
Wherein, if the authentication state that said network access equipment has write down this client user for not through authentication, then said network access equipment is revised DHCP renewed treaty message, makes to carry the private network gateway address and be sent to said receiving element in the DHCP renewed treaty message;
Based on this; Said comparing unit further relatively the private network gateway address that carries of the DHCP renewed treaty message that receives of client IP address of using and said receiving element whether mate; If not; Send DHCP NAK message by Dynamic Host Configuration Protocol server to said network access equipment, so that said network access equipment is forwarded to client with said DHCPNAK message.
Preferably, among the present invention, the said client that said receiving element further receives said network access equipment transmission is used to apply for the DHCP request message of IP address; Wherein, if the authentication state that said network access equipment has write down this client user for through authentication, carry the public network gateway address in the then said DHCP request message, otherwise, carry the private network gateway address in the said DHCP request message; Based on this, said Dynamic Host Configuration Protocol server further comprises:
Allocation units are used for when said DHCP request message has carried the public network gateway address, for said client is distributed public network IP address, when said DHCP request message has carried the private network gateway address, for said client is distributed private network IP address.
So far, accomplish unit describe provided by the invention.
Can find out by above technical scheme; Among the present invention; Network access equipment is intercepted and captured DHCP renewed treaty message, and in client user's authentication state for through authentication the time, in DHCP renewed treaty message, carry the public network gateway address and be sent to Dynamic Host Configuration Protocol server with triggering Dynamic Host Configuration Protocol server transmission DHCP NAK message; And after client receives DHCP NAK message, discharge current IP address of using and apply for the IP address again.That is to say that the present invention promptly through DHCP and Portal interlock, has realized under the situation of no Portal client software not by means of the Portal client software, still can carry out the authentication of Portal second level address.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope that the present invention protects.
Claims (9)
1. a Portal second level address authentication method is characterized in that this method is applied to have the network access equipment of DHCP relay relay function, and this method comprises:
A, the DHCP renewed treaty message that being used for of intercepting and capturing that client sends renews a contract to the IP address of having applied for, if self record this client user's authentication state for through authentication, execution in step B then;
B revises said DHCP renewed treaty message, makes to carry the public network gateway address in the DHCP renewed treaty message, and is sent to Dynamic Host Configuration Protocol server and sends the DHCP unsuccessful NAK message of renewing a contract to trigger Dynamic Host Configuration Protocol server;
C receives the DHCP NAK message that sends from Dynamic Host Configuration Protocol server, and is forwarded to client to trigger the client current IP address of using of release and to apply for the IP address again.
2. method according to claim 1 is characterized in that, in the steps A, if this client user's authentication state for not through authentication, then this method further comprises:
Revise DHCP renewed treaty message; Make and carry the private network gateway address in the DHCP renewed treaty message; And be sent to Dynamic Host Configuration Protocol server; Send DHCPNAK message when private network gateway address that IP address that client using and said DHCP renewed treaty message carry does not match to trigger Dynamic Host Configuration Protocol server comparing, return execution in step C.
3. method according to claim 1 is characterized in that, this method further comprises:
The DHCP request message that is used to apply for the IP address that intercepting and capturing are sent from client,
If self record this client user's authentication state for through authentication; Then revise said DHCP request message, make and carry the public network gateway address in the DHCP request message, and to be sent to Dynamic Host Configuration Protocol server be that said client is distributed public network IP address to trigger Dynamic Host Configuration Protocol server; Otherwise
Revise said DHCP request message, make and carry the private network gateway address in the said DHCP request message, and to be sent to Dynamic Host Configuration Protocol server be that said client is distributed private network IP address to trigger said Dynamic Host Configuration Protocol server.
4. a network access equipment that is applied to the authentication of Portal second level address is characterized in that, this network access equipment has DHCP relay relay function, comprising:
Record cell is used to write down each client user's that said network access equipment inserts authentication state;
Intercept and capture the unit, be used to intercept and capture the DHCP renewed treaty message of being renewed a contract in the IP address of having applied for from client being used for of sending, if said recording unit records this client user's authentication state for through authentication, then the transmission processing is notified to processing unit;
Processing unit is used to receive said processing notice, revises said DHCP renewed treaty message, makes to carry the public network gateway address in the said DHCP renewed treaty message, and is sent to Dynamic Host Configuration Protocol server and sends the DHCP unsuccessful NAK message of renewing a contract to trigger Dynamic Host Configuration Protocol server;
Receiving element is used to receive the DHCPNAK message that sends from Dynamic Host Configuration Protocol server, and is forwarded to client, discharges current IP address of using and applies for the IP address again to trigger client.
5. network access equipment according to claim 4; It is characterized in that; Said processing unit further in said recording unit records this client user's authentication state for not through authentication the time; Revise DHCP renewed treaty message, make and carry the private network gateway address in the DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server; Send DHCP NAK message when private network gateway address that IP address that client using and said DHCP renewed treaty message carry does not match to trigger Dynamic Host Configuration Protocol server comparing, trigger said receiving element afterwards and carry out corresponding operating.
6. network access equipment according to claim 4 is characterized in that, the DHCP request message that is used to apply for the IP address that sends from client is is further intercepted and captured in said intercepting and capturing unit;
Said processing unit further in said recording unit records this client user's authentication state for through authentication the time; Revise said DHCP request message; Make and carry the public network gateway address in the DHCP request message; And to be sent to Dynamic Host Configuration Protocol server be that said client is distributed public network IP address to trigger Dynamic Host Configuration Protocol server, otherwise
Revise said DHCP request message, make and carry the private network gateway address in the said DHCP request message, and to be sent to Dynamic Host Configuration Protocol server be that said client is distributed private network IP address to trigger said Dynamic Host Configuration Protocol server.
7. a Dynamic Host Configuration Protocol server that is applied to the authentication of Portal second level address is characterized in that, this Dynamic Host Configuration Protocol server comprises:
Receiving element; Reception is from the DHCP renewed treaty message of network access equipment; Said network access equipment has DHCP relay realy function; It sends DHCP renewed treaty message through following steps: intercept and capture the DHCP renewed treaty message of being renewed a contract in the IP address of having applied for from client being used for of sending, in self record this client user's authentication state for through authentication the time, revise said DHCP renewed treaty message; Make and carry the public network gateway address in the DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server;
Comparing unit; Whether be used for the public network gateway address that IP address that the comparison client using and said DHCP renewed treaty message carry matees; If not; Then send the unsuccessful NAK message of DHCP renewed treaty,, discharge current IP address of using and apply for the IP address again to trigger said client so that said network access equipment is forwarded to client with said DHCP NAK message to said network access equipment.
8. Dynamic Host Configuration Protocol server according to claim 7; It is characterized in that; If the authentication state that said network access equipment has write down this client user is for through authentication; Then said network access equipment is revised DHCP renewed treaty message, makes to carry the private network gateway address and be sent to said receiving element in the DHCP renewed treaty message;
Said comparing unit further relatively the private network gateway address that carries of the DHCP renewed treaty message that receives of client IP address of using and said receiving element whether mate; If not; Send DHCP NAK message by Dynamic Host Configuration Protocol server to said network access equipment, so that said network access equipment is forwarded to client with said DHCPNAK message.
9. Dynamic Host Configuration Protocol server according to claim 7 is characterized in that, the said client that said receiving element further receives said network access equipment transmission is used to apply for the DHCP request message of IP address; Wherein, if the authentication state that said network access equipment has write down this client user for through authentication, carry the public network gateway address in the then said DHCP request message, otherwise, carry the private network gateway address in the said DHCP request message;
Said Dynamic Host Configuration Protocol server further comprises:
Allocation units are used for when said DHCP request message has carried the public network gateway address, for said client is distributed public network IP address, when said DHCP request message has carried the private network gateway address, for said client is distributed private network IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210032667.0A CN102594938B (en) | 2012-02-14 | 2012-02-14 | Portal secondary address authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210032667.0A CN102594938B (en) | 2012-02-14 | 2012-02-14 | Portal secondary address authentication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102594938A true CN102594938A (en) | 2012-07-18 |
| CN102594938B CN102594938B (en) | 2015-09-16 |
Family
ID=46483131
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210032667.0A Active CN102594938B (en) | 2012-02-14 | 2012-02-14 | Portal secondary address authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102594938B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104955025A (en) * | 2014-03-29 | 2015-09-30 | 华为技术有限公司 | Address resource release method, device and system |
| CN106412146A (en) * | 2016-11-01 | 2017-02-15 | 杭州迪普科技有限公司 | Method and device for updating IP through DHCP client |
| CN111478879A (en) * | 2020-02-29 | 2020-07-31 | 新华三信息安全技术有限公司 | DHCP (dynamic host configuration protocol) continuation method and device, electronic equipment and machine-readable storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6768743B1 (en) * | 1999-10-26 | 2004-07-27 | 3Com Corporation | Method and system for address server redirection for multiple address networks |
| CN1708021A (en) * | 2004-06-11 | 2005-12-14 | 华为技术有限公司 | Method of distributing switchin-in address for user terminal |
| CN1845554A (en) * | 2005-12-06 | 2006-10-11 | 华为技术有限公司 | Control method for dynamically distributing IP address in 3G network |
| CN101184099A (en) * | 2007-12-14 | 2008-05-21 | 中兴通讯股份有限公司 | Second IP address assignment method based on dynamic host machine configuration protocol access authentication |
| US20090279454A1 (en) * | 2007-08-04 | 2009-11-12 | Michael Wacker | Method for configuring a dhcp server using dhcp option 82 |
| CN101626406A (en) * | 2009-08-20 | 2010-01-13 | 杭州华三通信技术有限公司 | DHCP address pool configuration method, DHCP address assignment method, DHCP address assignment system and DHCP server |
| CN102244866A (en) * | 2011-08-18 | 2011-11-16 | 杭州华三通信技术有限公司 | Portal verifying method and access controller |
-
2012
- 2012-02-14 CN CN201210032667.0A patent/CN102594938B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6768743B1 (en) * | 1999-10-26 | 2004-07-27 | 3Com Corporation | Method and system for address server redirection for multiple address networks |
| CN1708021A (en) * | 2004-06-11 | 2005-12-14 | 华为技术有限公司 | Method of distributing switchin-in address for user terminal |
| CN1845554A (en) * | 2005-12-06 | 2006-10-11 | 华为技术有限公司 | Control method for dynamically distributing IP address in 3G network |
| US20090279454A1 (en) * | 2007-08-04 | 2009-11-12 | Michael Wacker | Method for configuring a dhcp server using dhcp option 82 |
| CN101184099A (en) * | 2007-12-14 | 2008-05-21 | 中兴通讯股份有限公司 | Second IP address assignment method based on dynamic host machine configuration protocol access authentication |
| CN101626406A (en) * | 2009-08-20 | 2010-01-13 | 杭州华三通信技术有限公司 | DHCP address pool configuration method, DHCP address assignment method, DHCP address assignment system and DHCP server |
| CN102244866A (en) * | 2011-08-18 | 2011-11-16 | 杭州华三通信技术有限公司 | Portal verifying method and access controller |
Non-Patent Citations (1)
| Title |
|---|
| 马燕,等: "Web/Portal认证技术研究", 《微电子学与计算机》, vol. 21, no. 8, 31 August 2004 (2004-08-31) * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104955025A (en) * | 2014-03-29 | 2015-09-30 | 华为技术有限公司 | Address resource release method, device and system |
| CN104955025B (en) * | 2014-03-29 | 2018-11-30 | 华为技术有限公司 | A kind of address resource method for releasing and device, system |
| CN106412146A (en) * | 2016-11-01 | 2017-02-15 | 杭州迪普科技有限公司 | Method and device for updating IP through DHCP client |
| CN106412146B (en) * | 2016-11-01 | 2019-09-06 | 杭州迪普科技股份有限公司 | The method and apparatus that a kind of dhcp client updates IP |
| CN111478879A (en) * | 2020-02-29 | 2020-07-31 | 新华三信息安全技术有限公司 | DHCP (dynamic host configuration protocol) continuation method and device, electronic equipment and machine-readable storage medium |
| CN111478879B (en) * | 2020-02-29 | 2022-05-24 | 新华三信息安全技术有限公司 | DHCP (dynamic host configuration protocol) continuation method and device, electronic equipment and machine-readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102594938B (en) | 2015-09-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2556468C2 (en) | Terminal access authentication method and customer premise equipment | |
| CN100591013C (en) | Implementing authentication method and system | |
| CN107426339B (en) | Access method, device and system of data connection channel | |
| CN101217482B (en) | A method traversing NAT sending down strategy and a communication device | |
| CN101291205B (en) | Backup data transmitting method, system, mirror-image server | |
| CN102572005A (en) | IP address allocation method and equipment | |
| CN102480729A (en) | Method for preventing faked users and access point in radio access network | |
| CN103458061A (en) | Method and system for restricting a node from communicating with other nodes in a broadcast domain of an ip (internet protocol) network | |
| CN102421097B (en) | A kind of user authen method, Apparatus and system | |
| EP3301875B1 (en) | Internet protocol address allocation method and relay device | |
| CN101795449A (en) | Wireless network terminal access control method and device thereof | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| KR101426721B1 (en) | Method and equipment for authenticating subscriber terminal | |
| JP2008158903A (en) | Authentication system and main terminal | |
| WO2022068669A1 (en) | Session establishment method and apparatus, access network device and storage medium | |
| CN103067407A (en) | Authentication method and authentication device of user terminal access network | |
| CN103533091B (en) | Method and apparatus for performing dynamic host configuration protocol (DHCP) relay processing on unicast message | |
| CN109936515B (en) | Access configuration method, information providing method and device | |
| CN104601743A (en) | IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet | |
| CN102594938A (en) | Portal secondary address authentication method and device | |
| CN104219337A (en) | IP address allocation method and device applied to SDN | |
| CN103957194A (en) | IP access method and device | |
| CN107342972A (en) | A kind of method and device for realizing remote access | |
| WO2018054272A1 (en) | Data transmission method and device, and computer storage medium | |
| CN102075567B (en) | Authentication method, client, server, feedthrough server and authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address |