CN102638371A - User allocation method and device, communication method and device, and network management station - Google Patents
User allocation method and device, communication method and device, and network management station Download PDFInfo
- Publication number
- CN102638371A CN102638371A CN2012101036285A CN201210103628A CN102638371A CN 102638371 A CN102638371 A CN 102638371A CN 2012101036285 A CN2012101036285 A CN 2012101036285A CN 201210103628 A CN201210103628 A CN 201210103628A CN 102638371 A CN102638371 A CN 102638371A
- Authority
- CN
- China
- Prior art keywords
- user
- snmp
- agency
- message
- list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a user allocation method and device of an SNMP (simple network management protocol) v3, a communication method and device based on the SNMP v3, and a network management station, wherein the user allocation method of the SNMP v3 comprises the following steps of: obtaining a predetermined identifier of an SNMP v3 agent corresponding to the user by the network management station according to the user information containing user names and enciphered information, and establishing a user table for the user. The user table comprises the user name and the enciphered information of the user as well as the IP (internet protocol) address and identifier of the SNMP v3 agent corresponding to the user. The network management station can automatically allocate the user according to the user information of the user so as to enhance the management efficiency of the SNMP v3 user and simplify the management work of the SNMP v3 user, thus the problems of the complexity and low efficiency of the management work in the artificial management on the SNMP v3 user in the prior art can be solved.
Description
Technical field
The present invention relates to network communicating system, particularly, relate to the method and apparatus of a kind of SNMP v3 user's configuration, based on the communication means of SNMP v3 and device, NMS.
Background technology
The development of Simple Network Management Protocol (SNMP, Simple Network Management Protocol) mainly comprises three versions: SNMP v1, SNMP v2 and up-to-date SNMP v3.From the safety authentication scheme, the performance of SNMP v1, SNMP v2 is relatively poor, and SNMP v3 has adopted new SNMP extension framework, under this framework, improves a lot on the fail safe of SNMP v3 and the managerial ability.
In SNMP v1, SNMP v2, adopt and carry out user management based on group's word (community) templating Managed Solution; Defined the set of a SNMPAgent and one group of SNMP Manager in group's word; Be defined in Agent and a Manager in group's word each other authentication legal, can conduct interviews; In concrete communication process, can whether Manager mate and confirm and operate Agent through checking group's word.
But group's word can't be suitable in SNMP v3.Owing to SNMP v3 adopts based on the user's security authentication mechanism, when sending, all need use the central PKI of user profile that message is carried out enciphering/deciphering with the reception message, obviously, can't manage SNMP v3 user through the mode of group's word.It is thus clear that how more effectively managing user information is a unavoidable problem among the SNMP v3.
Fig. 1 shows in the prior art structural representation based on the communication system of SNMP v3, and the communication means between NMS 1 and the SNMP v3 agency 2 is following:
Step 1, NMS 1 are set up the corresponding relation between sign snmp Engine ID+ user name userName+ user encryption information (comprising information such as AES, PKI) this three of User of SNMP v3 agency;
Step 2; When NMS 1 is sent SNMP v3 request to SNMP v3 agency 2; Obtain SNMP v3 agency 2 sign (being snmp Engine ID) earlier; According to determined SNMP v3 agency's 2 snmp Engine ID and user's userName; In the corresponding relation of the snmpEngineID+userName that sets up, search the enciphered message User to the user, NMS 1 uses AES, PKI among the User that finds that SNMP v3 message is encrypted, and the message after will encrypting then sends to SNMP v3 agency 2 together with userName;
Step 3; After SNMP v3 agency 2 receives message; Find out AES, PKI corresponding among this user's the User deciphers message according to userName; SNMP v3 agency 2 equally can be with the message of response with this AES, public key encryption, and the message after will encrypting and userName send to NMS 1 together;
When step 4, the webserver 1 receive from SNMP v3 agency 2 message, find corresponding User, message is deciphered according to AES, PKI according to the snmpEngineID+userName that carries in the message.
Can find out from above-mentioned communication process, realize needing the corresponding relation one to one of a large amount of snmpEngineID+username+User of use in NMS and SNMP v3 agency's the process of communicating by letter.In the network operation process of reality; User management to SNMP v3 is based on SNMP v3 agency's; And the configuration to the corresponding relation of snmpEngineID+username+User is operated through manual work; The process of configuration process comprises: the at first artificial sign (snmpEngineID) of confirming SNMP v3 agency, confirm to act on behalf of corresponding user corresponding relation one to one between the last human configuration snmpEngineID+username+User again with SNMP v3.At present, in above-mentioned layoutprocedure based on SNMP v3 agency, SNMP v3 agency's the work of sign is obtained in manual work, and very difficulty and workload are very big, easy error.
Thus it is clear that, at present artificially carry out that SNMP v3 user management work is loaded down with trivial details, the problem of inefficiency to existing in SNMP v3 user's the management.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of SNMP v3 user's collocation method, and the management work that exists in the management to SNMP v3 user in the prior art is loaded down with trivial details in order to solve, the problem of inefficiency.
Correspondingly, the embodiment of the invention a kind of SNMP v3 user's inking device also is provided, based on the communication means of SNMP v3 and device, NMS.
Embodiment of the invention technical scheme is following:
A kind of SNMP v3 user's collocation method comprises: NMS is according to user's user profile, obtains the SNMP v3 agency's that predetermined user can visit sign; Wherein, user profile comprises user's user name and user's enciphered message; NMS is set up the user or is upgraded user's list, comprises user profile in user's list and the SNMP v3 agency's that the user that gets access to can visit sign and IP address.
A kind of SNMP v3 user's inking device comprises: acquisition module is used for obtaining according to user profile the SNMP v3 agency's that predetermined user can visit sign; Wherein, user profile comprises user's user name and user's enciphered message; Maintenance module is used for the user is set up or upgrades user's list, comprises user profile in uncle user's list and the SNMP v3 agency's that the user that gets access to can visit sign and IP address.
A kind of communication means based on SNMP v3; Comprise: NMS is for user's SNMP v3 message to be sent; According to user name in this SNMP v3 message and SNMP v3 agency's IP address, in user's list of setting up for the user in advance, find user's enciphered message; Wherein, comprise user's user name, user's enciphered message and the SNMP v3 agency's that the user can visit IP address and sign in user's list; The enciphered message that use finds is encrypted to sent SNMP v3 message, and sends the SNMP v3 message after encrypting.
A kind of communicator based on SNMP v3 comprises: configuration module is used for setting up in advance user's list of user; Wherein, comprise user's user name, user's enciphered message and the SNMPv3 agency's that the user can visit IP address and sign in user's list; Search module, be used for SNMP v3 message to be sent,, in user's list that configuration module is set up for the user in advance, find user's enciphered message according to user name in this SNMP v3 message and SNMP v3 agency's IP address for the user; Encrypting module, be used to use search module searches to enciphered message encrypt to sent SNMP v3 message; Sending module is used to send the SNMP v3 message after encrypting module is encrypted.
A kind of NMS comprises: aforesaid SNMP v3 user's inking device, or aforesaid communicator based on SNMP v3.
The technical scheme that provides according to the embodiment of the invention; Comprise user's the user name and the user profile of enciphered message through the NMS basis; Obtain sign predetermined and the corresponding SNMP v3 agency of this user; This user is set up user's list; Comprise in this user's list the user user name, enciphered message, with the corresponding SNMP v3 agency's of this user IP address and sign; NMS can be configured the user according to user's user profile automatically, thereby can improve the efficiency of management to SNMP v3 user, simplify the management work to SNMPv3 user, can solve to have in the artificial management to SNMP v3 user in the prior art that management work is loaded down with trivial details, the problem of inefficiency.
Other features and advantages of the present invention will be set forth in specification subsequently, and, partly from specification, become obvious, perhaps understand through embodiment of the present invention.The object of the invention can be realized through the structure that in the specification of being write, claims and accompanying drawing, is particularly pointed out and obtained with other advantages.
Description of drawings
Fig. 1 is based on the structural representation of the communication system of SNMP v3 in the prior art;
The workflow diagram of the SNMP v3 user's that Fig. 2 provides for the embodiment of the invention collocation method;
The structured flowchart of the SNMP v3 user's that Fig. 3 provides for the embodiment of the invention inking device;
Fig. 4 is the preferred enforcement structured flowchart of device shown in Figure 3;
The workflow diagram that Fig. 5 provides for the embodiment of the invention based on the communication means of SNMP v3;
The structured flowchart that Fig. 6 provides for the embodiment of the invention based on the communicator of SNMP v3.
Embodiment
Below in conjunction with accompanying drawing embodiments of the invention are described, should be appreciated that embodiment described herein only is used for explanation and explains the present invention, and be not used in qualification the present invention.
The embodiment of the invention is loaded down with trivial details to the management work to SNMP v3 user that exists in the prior art, the problem of inefficiency, has proposed a kind of SNMP v3 user's allocation plan, is used to address this problem.
In the technical scheme that the embodiment of the invention provides; NMS is according to comprising user's the user name and the user profile of enciphered message; Obtain the corresponding SNMP v3 agency's of predetermined and this user sign, this user set up user's list, comprise in this user's list the user user name, enciphered message, with the corresponding SNMP v3 agency's of this user IP address and sign; NMS can be configured the user according to user's user profile automatically; In prior art, SNMP v3 agency's sign is obtained in manual work, and based on SNMP v3 agency's sign; Corresponding relation between user's user name, the enciphered message that is directed against the user, SNMP v3 agency's the sign is configured; Can simplify configuration, management work, improve the efficiency of management, can solve and have in the management to SNMPv3 user in the prior art that management work is loaded down with trivial details, the problem of inefficiency SNMP v3 user to SNMP v3 user.
The embodiment of the invention also provides a kind of communication plan based on SNMP v3 based on above-mentioned SNMP v3 user's allocation plan.In this communication plan; Based on to the pre-configured user's list of user; In the process of SNMP v3 agency initiation communication, the enciphered message that only need just can find the user according to SNMP v3 agency's IP address and user name finds the sign that SNMPv3 acts on behalf of earlier in prior art in NMS; And then find enciphered message to the user according to SNMP v3 agency's sign and user name, can improve the processing speed and the efficient of communication.
Be elaborated in the face of the embodiment of the invention down.
Fig. 2 shows the workflow diagram of the SNMP v3 user's that the embodiment of the invention provides collocation method, and as shown in Figure 2, this method comprises following processing procedure:
Particularly, in above-mentioned steps 21, confirm that in advance the SNMP v3 agency's that the user can visit processing comprises: NMS judges whether wait to dispose SNMP v3 agency identifies corresponding with the user in advance; SNMP v3 to be disposed agency in advance under sign and the corresponding situation of user; NMS uses user's user profile to carry out the operation of fetching data to SNMP v3 agency to be disposed; SNMP v3 agency to be disposed returns under the situation of response message to the operation of fetching data, and confirms the SNMP v3 agency that SNMP v3 agency to be disposed can visit for the user; In advance under sign and the corresponding situation of user, confirm that SNMP v3 agency to be disposed acts on behalf of for the SNMP v3 that the user can visit SNMP v3 to be disposed agency.
Particularly; In above-mentioned steps 21; The processing of obtaining the SNMP v3 agency's that predetermined user can visit sign according to user profile comprises: NMS uses user profile to send do-nothing instruction to the SNMP v3 agency that the user can visit, the response message that the SNMP v3 agency that can visit from the user returns, obtain the SNMP v3 agency's that the user can visit sign.
According to above-mentioned processing procedure; Comprise user's the user name and the user profile of enciphered message through the NMS basis; Obtain sign predetermined and the corresponding SNMP v3 agency of this user; This user is set up user's list; Comprise in this user's list the user user name, enciphered message, with the corresponding SNMP v3 agency's of this user IP address and sign; NMS can be configured the user according to user's user profile automatically, thereby can improve the efficiency of management to SNMP v3 user, simplify the management work to SNMP v3 user, can solve to have in the artificial management to SNMP v3 user in the prior art that management work is loaded down with trivial details, the problem of inefficiency.
The SNMP v3 agency (promptly with the corresponding SNMP v3 agency of user) that the method that the embodiment of the invention provides can be visited through confirming the user earlier; Obtain sign again with the corresponding SNMP v3 agency of user; Than the sign of directly obtaining the SNMP v3 agency that the user can visit, the method that the embodiment of the invention provides is with good expansibility and the wider scope of application; The method of using the embodiment of the invention to provide; Known or condition of unknown all can be handled for the corresponding relation between user and the SNMP v3 agency; And the processing of directly obtaining the SNMP v3 agency's that the user can visit sign; Only be applicable to the explicitly known situation of corresponding relation between user and the SNMP v3 agency, the visible embodiment of the invention provides a kind of management method that has more universality, more general SNMP v3 user.
Below show the preferred implementation process of method shown in Figure 2.
Step 1, NMS are obtained several SNMP v3 agencies' to be disposed IP address;
Step 2, NMS are chosen an IP address as current IP address from several SNMP v3 agencies' to be disposed IP address;
Step 3, NMS judge whether current IP address identifies corresponding user, have in sign under corresponding user's the situation, handle proceeding to step 9, otherwise, do not identifying under the situation that corresponding user is arranged, handle proceeding to step 4;
Step 4, NMS are chosen a user as the active user from several users to be disposed, extract this current user's user profile, comprise user's user name and enciphered message in the user profile;
The SNMP v3 agency that the user profile that step 5, use are extracted is pointed to current IP address carries out the operation of fetching data, and this carries user name and the enciphered message in the user profile of extracting to some extent in fetching data and operating;
Step 6, return under the situation of response message to the operation of fetching data receiving the SNMP v3 agency that current IP address points to, handle proceeding to step 7, otherwise, handle proceeding to step 8;
Step 7, the active user is generated or upgrades user's list, current IP address is write down in user's list of active user, also record active user's user profile in user's list;
Whether step 8, judgement user to be disposed choose and finish, and are not choosing under the situation about finishing, and handle and return step 4, otherwise, handle proceeding to step 10;
Step 9, current IP address is recorded in user's list of corresponding user;
Whether the IP address that step 10, judgement SNMP v3 to be disposed act on behalf of disposes and finishes, and under the situation that configuration does not finish, handle and return step 2, otherwise, handle proceeding to step 11;
Step 11, a user's of extraction subscriber's meter nonoculture is active user's list;
Step 12, judge whether there is the IP address that records SNMP v3 agency in active user's list but the situation of the sign (ID) that the SNMP v3 that record is not corresponding with this IP address acted on behalf of; When judging this kind of existence situation; Processing proceeds to step 13, proceeds to step 10 seven otherwise handle;
Step 13, will not have SNMP v3 agency the IP address of ID as current IP address, use user name and enciphered message in this user's list to the SNMP of current IP address indication v3 agency transmission do-nothing instruction;
The response message that the SNMP v3 agency of step 14, reception current IP address indication returns to this do-nothing instruction;
Step 15, resolve the response message receive, obtain the sign with the corresponding SNMP v3 agency of current IP address;
Step 10 six, that parsing is obtained and the identification record corresponding SNMP v3 of current IP address agency are in user's list of this user;
Whether step 10 seven, user's list of judging whole users extract and finish, and under the situation that extraction finishes, processing finishes, otherwise, handle turning back to step 11.
According to above-mentioned processing procedure; For the corresponding relation condition of unknown between user and the SNMP v3 agency; NMS is according to comprising user's the user name and the user profile of enciphered message; Confirm the SNMP v3 agency that this user can visit, and further obtain the sign of acting on behalf of with the corresponding SNMP v3 of user, the user is set up or renewal user list; For the known situation of corresponding relation between user and the SNMP v3 agency, NMS is obtained the sign of acting on behalf of with the corresponding SNMP v3 of user according to comprising user's the user name and the user profile of enciphered message, and the user is set up or renewal user list; Thereby NMS can be configured user and SNMP v3 agency according to user's user profile automatically; Can improve the efficiency of management, simplify management work, can solve and have in the artificial management in the prior art that management work is loaded down with trivial details, the problem of inefficiency SNMP v3 user to SNMP v3 user to SNMP v3 user.
The situation of facing the practical implementation of method shown in Figure 2 down describes.
Scene one
In this scene; Network management stands in the initialized process user is configured; User and SNMPv3 agency's corresponding relation is unknown; NMS realizes automatically confirming that (promptly corresponding with the user) SNMP v3 that the user can visit acts on behalf of, and obtains the sign of acting on behalf of with the corresponding SNMP v3 of user, and the process of configuration comprises the steps:
Step 1, NMS are obtained IP address list, have write down each SNMP v3 agency's who is connected with NMS IP address in the IP address list;
Choose an IP address as current IP address in step 2, the tabulation of NMS secondary IP address;
Step 3, NMS judge that current IP address does not identify corresponding user;
Step 4, NMS are chosen a user as the active user from several users to be disposed, extract this current user's user profile, comprise user's user name and enciphered message in the user profile;
The SNMP v3 agency that the user profile that step 5, use are extracted is pointed to current IP address carries out the operation of fetching data, and this carries user name and the enciphered message in the user profile of extracting to some extent in fetching data and operating;
Step 6, return under the situation of response message to the operation of fetching data receiving the SNMP v3 agency that current IP address points to, handle proceeding to step 7, otherwise, handle proceeding to step 8;
Step 7, the active user is generated user's list, current IP address is recorded in user's list of active user, also record active user's user profile in user's list;
Whether step 8, judgement user to be disposed choose and finish, and are not choosing under the situation about finishing, and handle and return step 4, otherwise, handle proceeding to step 9;
Step 9, judge whether IP address in the IP address list is all chosen and finish, do not choosing under the situation about finishing, handle and return step 2, otherwise, handle proceeding to step 10;
Step 10, a user's of extraction subscriber's meter nonoculture is active user's list;
Step 11, judge whether there is the IP address that records SNMP v3 agency in active user's list but the situation of the sign (ID) that the SNMP v3 that record is not corresponding with this IP address acted on behalf of; When judging this kind of existence situation; Processing proceeds to step 12, proceeds to step 10 six otherwise handle;
Step 12, will not have SNMP v3 agency the IP address of ID as current IP address, use user name and enciphered message in this user's list to the SNMP of current IP address indication v3 agency transmission do-nothing instruction;
The response message that the SNMP v3 agency of step 13, reception current IP address indication returns to this do-nothing instruction;
Step 14, resolve the response message receive, obtain the sign with the corresponding SNMP v3 agency of current IP address;
Step 15, that parsing is obtained and the identification record corresponding SNMP v3 of current IP address agency are in user's list of this user;
Whether step 10 six, user's list of judging whole users extract and finish, and under the situation that extraction finishes, processing finishes, otherwise, handle turning back to step 10.
According to above-mentioned processing procedure; Can be in the process of system initialization; NMS is according to user's user profile; Automatically confirm corresponding SNMP v3 agency, obtain the sign with the corresponding SNMP v3 agency of user with the user, set up the user user name and enciphered message and and the corresponding SNMP v3 agency's of this user IP address and the corresponding relation between the sign; Thereby NMS can be configured SNMP v3 user automatically, can improve the allocative efficiency and the efficiency of management to SNMP v3 user.
Scene two
In this scene; NMS is through as above stating the processing procedure in the scene one; In initialization procedure, the user who is managed has been disposed user's list; NMS is used Topology Discovery to use and is searched out new SNMP v3 agency, and uncertain which user who manages is corresponding with the new SNMP v3 agency that this searches out, and NMS is following to the process that the new SNMP v3 agency who searches out is configured:
Step 1, NMS are obtained several new SNMP v3 agencies' IP address;
Step 2, NMS will be chosen an IP address as current IP address from several new SNMP v3 agencies' IP address;
Step 3, NMS judge that current IP address does not identify corresponding user;
Step 4, NMS are chosen a user as the active user from several users to be disposed, from user's list of this user, extract user profile, comprise user's user name and enciphered message in the user profile;
The SNMP v3 agency that the user profile that step 5, use are extracted is pointed to current IP address carries out the operation of fetching data, and this carries user name and the enciphered message in the user profile of extracting to some extent in fetching data and operating;
Step 6, return under the situation of response message to the operation of fetching data receiving the SNMP v3 agency that current IP address points to, handle proceeding to step 7, otherwise, handle proceeding to step 8;
User's list of step 7, renewal active user records current IP address in user's list of active user, also records active user's user profile in user's list;
Whether step 8, judgement user to be disposed choose and finish, and are not choosing under the situation about finishing, and handle and return step 4, otherwise, handle proceeding to step 9;
Whether the new SNMP v3 agency's that step 9, judgement get access to IP address is all chosen and is finished, and is not choosing under the situation about finishing, and handle and return step 2, otherwise, handle proceeding to step 10;
Step 10, a user's of extraction subscriber's meter nonoculture is active user's list;
Step 11, judge whether there is the IP address that records SNMP v3 agency in active user's list but the situation of the sign (ID) that the SNMP v3 that record is not corresponding with this IP address acted on behalf of; When judging this kind of existence situation; Processing proceeds to step 12, proceeds to step 10 six otherwise handle;
Step 12, will not have SNMP v3 agency the IP address of ID as current IP address, use user name and enciphered message in this user's list to the SNMP of current IP address indication v3 agency transmission do-nothing instruction;
The response message that the SNMP v3 agency of step 13, reception current IP address indication returns to this do-nothing instruction;
Step 14, resolve the response message receive, obtain the sign with the corresponding SNMP v3 agency of current IP address;
Step 15, that parsing is obtained and the identification record corresponding SNMP v3 of current IP address agency are in user's list of this user;
Whether step 10 six, user's list of judging whole users extract and finish, and under the situation that extraction finishes, processing finishes, otherwise, handle turning back to step 10.
According to above-mentioned processing procedure; Find to search out under new SNMP v3 agency's the situation at applied topology; This new SNMP v3 agency is indeterminate with user's corresponding relation; NMS can be confirmed to act on behalf of corresponding user with newfound SNMP v3 based on user's list automatically, and obtains this newfound SNMP v3 agency's sign; And then set up newfound SNMP v3 agency's IP address and sign and corresponding user's the user name and the corresponding relation of enciphered message, can be configured newfound SNMP v3 agency automatically based on user's list.
Scene three
In this scene; NMS has been passed through like the processing procedure in the above-mentioned scene one; The user who is managed has been disposed user's list, increased new SNMP v3 agency in the system, the SNMP v3 that increases newly agency is clear and definite known with user's corresponding relation; In advance to corresponding user on this new SNMP v3 agency's the IP address designation, NMS is following to the processing procedure that the SNMP v3 agency of new configuration is configured:
Step 1, NMS are obtained several SNMP v3 agencies' that increase newly IP address;
Step 2, NMS are chosen an IP address as current IP address from the IP address that several SNMP v3 that increase newly act on behalf of;
Step 3, NMS judge that the current IP address sign has corresponding user;
Step 4, be to record in user's list of corresponding user with current IP address;
Whether the SNMP v3 agency's that step 5, judgement increase newly IP address disposes and finishes, and under the situation that configuration does not finish, handle and return step 2, otherwise, handle proceeding to step 6;
Step 6, a user's of extraction subscriber's meter nonoculture is active user's list;
Step 7, judge whether there is the IP address that records SNMP v3 agency in active user's list but the situation of the sign (ID) that the SNMP v3 that record is not corresponding with this IP address acted on behalf of; When judging this kind of existence situation; Processing proceeds to step 8, proceeds to step 12 otherwise handle;
Step 8, will not have SNMP v3 agency the IP address of ID as current IP address, use user name and enciphered message in this user's list to the SNMP of current IP address indication v3 agency transmission do-nothing instruction;
The response message that the SNMP v3 agency of step 9, reception current IP address indication returns to this do-nothing instruction;
Step 10, resolve the response message receive, obtain the sign with the corresponding SNMP v3 agency of current IP address;
Step 11, that parsing is obtained and the identification record corresponding SNMP v3 of current IP address agency are in user's list of this user;
Whether step 12, user's list of judging whole users extract and finish, and under the situation that extraction finishes, processing finishes, otherwise, handle turning back to step 6.
According to above-mentioned processing procedure; Under the situation that system increases new SNMP v3 agency and the SNMP v3 agency that increases newly and user's corresponding relation are known; NMS can be based on user's list; Automatically the IP address with the SNMP v3 agency who increases newly is written in user's list of corresponding user; And obtain the sign that this SNMP v3 that increases newly acts on behalf of, and then set up newfound SNMP v3 agency's IP address and sign and corresponding user's the user name and the corresponding relation of enciphered message, can be configured the SNMP v3 agency who increases newly automatically based on user's list.
The SNMP v3 user's that the embodiment of the invention provides collocation method not only can be realized through hardware, can also realize through software, promptly realizes through following SNMP v3 user's inking device.
Fig. 3 shows the structured flowchart of the SNMP v3 user's that the embodiment of the invention provides inking device, and as shown in Figure 3, this device comprises:
A kind of preferred mode, Fig. 4 shows the preferred enforcement structure of device shown in Figure 3, and device shown in Figure 4 also comprises on the basis of device shown in Figure 3:
A kind of preferred mode; Acquisition module 32; Be connected to determination module 34; Specifically be used for: use user profile to send do-nothing instruction, the response message that the SNMP v3 agency that can visit from the user returns, obtain the SNMP v3 agency's that the user can visit sign to the SNMP v3 agency that can visit with the user.
According to device as implied above; Comprise user's the user name and the user profile of enciphered message through basis; Obtain sign predetermined and the corresponding SNMP v3 agency of this user; This user is set up user's list; Comprise in this user's list the user user name, enciphered message, with the corresponding SNMP v3 agency's of this user IP address and sign; NMS can be configured the user according to user's user profile automatically, thereby can improve the efficiency of management to SNMP v3 user, simplify the management work to SNMP v3 user, can solve to have in the artificial management to SNMP v3 user in the prior art that management work is loaded down with trivial details, the problem of inefficiency.
The embodiment of the invention also provides a kind of communication plan based on SNMPv3 on the basis of above-mentioned SNMP v3 user's allocation plan.
The workflow diagram that Fig. 5 shows that the embodiment of the invention provides based on the communication means of SNMP v3, as shown in Figure 5, this method comprises following processing procedure:
The enciphered message that step 52, use find is encrypted to sent SNMP v3 message, and sends the SNMP v3 message after encrypting.
Wherein, be that the processing procedure of user's configure user list can be like above-mentioned step 21 to (perhaps shown in the preferred implementation of step 21 to step 22) shown in the step 22 in advance in step 51.
Through method as shown in Figure 5; Based in advance to user configured user's list; Initiate in the process of communication to SNMP v3 agency in NMS; Only need just can in user's list, find enciphered message to the user according to SNMP v3 agency's in the SNMP v3 message IP address and user name; In prior art, find the sign that SNMP v3 acts on behalf of according to the complex processing process earlier, sign and the user name according to SNMP v3 agency finds the enciphered message to the user again, can improve processing speed and efficient based on the communication of SNMP v3.
The embodiment of the invention provides the communication means based on SNMP v3, not only can realize through hardware, can also realize through software, promptly comprises the following communicator based on SNMP v3 in the NMS.
The structured flowchart that Fig. 6 shows that the embodiment of the invention provides based on the communicator of SNMP v3, as shown in Figure 6, this device comprises:
Configuration module 61 is used for setting up in advance user's list of user; Wherein, the enciphered message and the SNMP v3 agency's that can visit with the user IP address and the sign that comprise user's user name, user in user's list; A kind of preferred mode, the structure of configuration module 61 is as shown in Figure 3;
Encrypting module 63 is connected to and searches module 62, is used to use search the enciphered message that module 62 finds and encrypt to sent SNMP v3 message;
Sending module 64 is connected to encrypting module 63, is used to send the SNMPv3 message after encrypting module 63 is encrypted.
The operation principle of device shown in Figure 6 is as shown in Figure 5, repeats no more here.A kind of preferred mode, the operation principle of configuration module 61 is as shown in Figure 2, repeats no more here.
Through device as shown in Figure 6; Based in advance to user configured user's list; Initiating in the process of communication to SNMP v3 agency; Only need just can in user's list, find enciphered message to the user according to SNMP v3 agency's in the SNMP v3 message IP address and user name; In prior art, find the sign that SNMP v3 acts on behalf of according to the complex processing process earlier, sign and the user name according to SNMP v3 agency finds the enciphered message to the user again, can improve processing speed and efficient based on the communication of SNMP v3.
The situation of facing the practical implementation of method shown in Figure 5 down describes.
Scene four
In this scene, through like processing procedure in above-mentioned scene one user that managed disposed user list, to user's communications handle by NMS for NMS, and processing procedure is following:
Step 1, NMS are for user's SNMP v3 message to be sent, and the IP address according to user name in this SNMP v3 message and SNMP v3 agency finds the enciphered message to this user in advance for this user configured user's list;
The enciphered message that step 2, use find is encrypted to sent SNMP v3 message;
Step 3, the SNMP v3 message after will encrypting send to the SNMP v3 agency who points to the IP address in this SNMP v3 message;
Step 4, NMS receive SNMP v3 message;
Step 5, NMS are according to the user name in the SNMP v3 message that receives; In whole user's lists, confirm to comprise user's list of this user name; According to the agency's of the SNMP v3 in the SNMP v3 message that receives sign, in user's list of confirming, find enciphered message;
The enciphered message that step 6, use find is deciphered the SNMP v3 message after obtaining deciphering to the SNMP v3 message that receives.
According to above-mentioned processing procedure; Based in advance to user configured user's list; Initiate in the process of communication to SNMP v3 agency in NMS; Only need just can in user's list, find enciphered message to the user according to SNMP v3 agency's in the SNMP v3 message IP address and user name; In prior art, find the sign that SNMP v3 acts on behalf of earlier, sign and the user name according to SNMP v3 agency finds the enciphered message to the user again, can improve the processing speed and the efficient of communication.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, belong within the scope of claim of the present invention and equivalent technologies thereof if of the present invention these are revised with modification, then the present invention also is intended to comprise these changes and modification interior.
Claims (11)
1. a Simple Network Management Protocol third edition SNMP v3 user collocation method is characterized in that, comprising:
NMS is according to user's user profile, obtains the SNMP v3 agency's that predetermined said user can visit sign; Wherein, said user profile comprises said user's user name and user's enciphered message;
Said NMS is set up said user or is upgraded user's list, comprises the SNMP v3 agency's that said user profile and the said user who gets access to can visit sign and IP address in said user's list.
2. method according to claim 1 is characterized in that, confirms the SNMP v3 agency that said user can visit in advance, specifically comprises:
Said NMS judges whether wait to dispose SNMP v3 agency identifies corresponding with said user in advance;
SNMP v3 said to be disposed agency in advance under sign and the corresponding situation of said user; Said NMS uses said user's user profile to carry out the operation of fetching data to SNMP v3 agency said to be disposed; SNMP v3 agency said to be disposed returns under the situation of response message to the operation of fetching data, and confirms the SNMP v3 agency that SNMP v3 agency said to be disposed can visit for said user;
In advance under sign and the corresponding situation of said user, confirm that the SNMP v3 that SNMP v3 agency said to be disposed can visit for said user acts on behalf of SNMP v3 said to be disposed agency.
3. method according to claim 2 is characterized in that, obtains the SNMP v3 agency's that predetermined said user can visit sign according to said user profile, specifically comprises:
The SNMP v3 agency that said NMS uses said user profile can visit to said user sends do-nothing instruction, the response message that the SNMP v3 agency that can visit from said user returns, obtain the SNMP v3 agency's that said user can visit sign.
4. according to each described method in the claim 1 to 3, it is characterized in that said method also comprises:
Said NMS according to user name in this SNMP v3 message and SNMP v3 agency's IP address, finds said user's enciphered message for user's SNMP v3 message to be sent in user's list of setting up for said user;
The enciphered message that use finds is encrypted to sent SNMP v3 message, and sends the SNMP v3 message after encrypting.
5. a Simple Network Management Protocol third edition SNMP v3 user inking device is characterized in that, comprising:
Acquisition module is used for obtaining according to said user profile the SNMP v3 agency's that predetermined said user can visit sign; Wherein, said user profile comprises said user's user name and user's enciphered message;
Maintenance module is used for said user is set up or renewal user list, comprises the SNMP v3 agency's that said user profile and the said user who gets access to can visit sign and IP address in said user's list.
6. device according to claim 5 is characterized in that, said device also comprises:
Judge module is used for judging whether wait to dispose SNMP v3 agency identifies corresponding with said user in advance;
Determination module; Be used for judging that at said judge module SNMP v3 agency said to be disposed is in advance under sign and the corresponding situation of said user; Use said user's user profile to carry out the operation of fetching data to SNMP v3 agency said to be disposed; SNMP v3 agency said to be disposed returns under the situation of response message to the operation of fetching data, and confirms SNMP v3 agency said the to be disposed SNMP v3 that can the visit agency for said user; Judge that at said judge module SNMP v3 agency said to be disposed in advance under sign and the corresponding situation of said user, confirms SNMP v3 agency said the to be disposed SNMP v3 that can the visit agency for said user.
7. device according to claim 5 is characterized in that, said acquisition module specifically is used for:
Use said user profile to send do-nothing instruction, the response message that the SNMP v3 agency that can visit from said user returns, obtain the SNMP v3 agency's that said user can visit sign to the SNMP v3 agency that can visit with said user.
8. according to each described device in the claim 5 to 7, it is characterized in that said device also comprises:
Search module; Be used for SNMP v3 message to be sent for said user; According to the user name in this SNMP v3 message and SNMP v3 agency's IP address, be the enciphered message that finds said user in user's list of setting up of said user at said maintenance module;
Encrypting module, be used to use said search module searches to enciphered message encrypt to sent SNMP v3 message;
Sending module is used to send the SNMP v3 message after said encrypting module is encrypted.
9. the communication means based on Simple Network Management Protocol third edition SNMP v3 is characterized in that, comprising:
NMS according to user name in this SNMP v3 message and SNMP v3 agency's IP address, finds said user's enciphered message for user's SNMP v3 message to be sent in user's list of setting up for said user in advance; Wherein, the IP address and the sign that comprise said user's user name, said user's enciphered message and the SNMP v3 agency that said user can visit in said user's list;
The enciphered message that use finds is encrypted to sent SNMP v3 message, and sends the SNMP v3 message after encrypting.
10. the communicator based on Simple Network Management Protocol third edition SNMP v3 is characterized in that, comprising:
Configuration module is used for setting up in advance user's list of user; Wherein, the IP address and the sign that comprise said user's user name, said user's enciphered message and the SNMP v3 agency that said user can visit in said user's list;
Search module; Be used for SNMP v3 message to be sent for said user; According to user name in this SNMP v3 message and SNMP v3 agency's IP address, in user's list that said configuration module is set up for said user in advance, find said user's enciphered message;
Encrypting module, be used to use said search module searches to enciphered message encrypt to sent SNMP v3 message;
Sending module is used to send the SNMP v3 message after said encrypting module is encrypted.
11. a NMS is characterized in that, comprising: like each described SNMP v3 user's in the claim 5 to 8 inking device, or the communicator based on SNMP v3 as claimed in claim 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210103628.5A CN102638371B (en) | 2012-04-10 | 2012-04-10 | User allocation method and device, communication method and device, and network management station |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210103628.5A CN102638371B (en) | 2012-04-10 | 2012-04-10 | User allocation method and device, communication method and device, and network management station |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102638371A true CN102638371A (en) | 2012-08-15 |
| CN102638371B CN102638371B (en) | 2015-03-11 |
Family
ID=46622624
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210103628.5A Active CN102638371B (en) | 2012-04-10 | 2012-04-10 | User allocation method and device, communication method and device, and network management station |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102638371B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103200030A (en) * | 2013-03-12 | 2013-07-10 | 福建星网锐捷网络有限公司 | Network management device and method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1993689A (en) * | 2004-06-23 | 2007-07-04 | 诺基亚公司 | System and method for selecting of versions for snmp communication |
| CN101047493A (en) * | 2006-06-02 | 2007-10-03 | 华为技术有限公司 | Method and system for acquiring simple network management protocol management key |
| CN101068160A (en) * | 2007-06-15 | 2007-11-07 | 杭州华三通信技术有限公司 | Method for managing dynamic address equipment and agenty device |
-
2012
- 2012-04-10 CN CN201210103628.5A patent/CN102638371B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1993689A (en) * | 2004-06-23 | 2007-07-04 | 诺基亚公司 | System and method for selecting of versions for snmp communication |
| CN101047493A (en) * | 2006-06-02 | 2007-10-03 | 华为技术有限公司 | Method and system for acquiring simple network management protocol management key |
| CN101068160A (en) * | 2007-06-15 | 2007-11-07 | 杭州华三通信技术有限公司 | Method for managing dynamic address equipment and agenty device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103200030A (en) * | 2013-03-12 | 2013-07-10 | 福建星网锐捷网络有限公司 | Network management device and method |
| CN103200030B (en) * | 2013-03-12 | 2016-06-29 | 福建星网锐捷网络有限公司 | The apparatus and method of network management |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102638371B (en) | 2015-03-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1949765B (en) | Method and system for obtaining SSH host computer public key of device being managed | |
| CN104754582B (en) | Safeguard the client and method of BYOD safety | |
| EP3745639A1 (en) | Method and apparatus for obtaining device identification | |
| CN101296138B (en) | Wireless terminal configuration generating method, system and device | |
| CN109698746B (en) | Method and system for generating sub-keys of binding equipment based on master key negotiation | |
| CN104780069A (en) | SDN-oriented self-configuration method and system for communication channel between control layer and data layer | |
| CN113114665B (en) | Data transmission method and device, storage medium and electronic device | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| CN108966216B (en) | Mobile communication method and system applied to power distribution network | |
| CN101197711A (en) | Method, device and system for implementing unified authentication management | |
| CN102984045A (en) | Access method of Virtual Private Network and Virtual Private Network client | |
| CN104125567A (en) | Femto and authentication method and authentication device for access of femto to network side | |
| WO2016070633A1 (en) | Network log generation method and device | |
| CN112436936A (en) | Cloud storage method and system with quantum encryption function | |
| CN101697522A (en) | Virtual private network networking method, communication system and related equipment | |
| CN104519055A (en) | VPN (virtual private network) service implementation method, VPN service implementation device and VPN server | |
| CN102394770A (en) | Off-line configuration method for network equipment based on simple network management protocol (SNMP) | |
| WO2012041029A1 (en) | Method and device for server processing service | |
| CN101083594A (en) | Method and system for managing network appliance | |
| CN100473049C (en) | Method for realizing access device long-distance identification-dialing user service proxy authentication | |
| CN103139201A (en) | Network strategy acquiring method and data center switchboard | |
| CN102638371A (en) | User allocation method and device, communication method and device, and network management station | |
| CN111343070A (en) | Communication control method for sdwan network | |
| CN113163399A (en) | Communication method and device of terminal and server | |
| EP2139279A1 (en) | Systems and methods for monitoring performance of a communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |