CN102638371B - User allocation method and device, communication method and device, and network management station - Google Patents
User allocation method and device, communication method and device, and network management station Download PDFInfo
- Publication number
- CN102638371B CN102638371B CN201210103628.5A CN201210103628A CN102638371B CN 102638371 B CN102638371 B CN 102638371B CN 201210103628 A CN201210103628 A CN 201210103628A CN 102638371 B CN102638371 B CN 102638371B
- Authority
- CN
- China
- Prior art keywords
- snmp
- user
- behalf
- described user
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a user allocation method and device of an SNMP (simple network management protocol) v3, a communication method and device based on the SNMP v3, and a network management station, wherein the user allocation method of the SNMP v3 comprises the following steps of: obtaining a predetermined identifier of an SNMP v3 agent corresponding to the user by the network management station according to the user information containing user names and enciphered information, and establishing a user table for the user. The user table comprises the user name and the enciphered information of the user as well as the IP (internet protocol) address and identifier of the SNMP v3 agent corresponding to the user. The network management station can automatically allocate the user according to the user information of the user so as to enhance the management efficiency of the SNMP v3 user and simplify the management work of the SNMP v3 user, thus the problems of the complexity and low efficiency of the management work in the artificial management on the SNMP v3 user in the prior art can be solved.
Description
Technical field
The present invention relates to network communicating system, particularly, relate to the method and apparatus of the configuration of a kind of SNMP v3 user, based on the communication means of SNMP v3 and device, Network Management Station.
Background technology
The development of Simple Network Management Protocol (SNMP, Simple Network Management Protocol) mainly comprises three version: SNMP v1, SNMP v2 and up-to-date SNMP v3.From authentication mechanism, the performance of SNMP v1, SNMP v2 is poor, and SNMP v3 have employed new SNMP extension framework, under this framework, the fail safe of SNMP v3 and managerial ability improves a lot.
Adopt in SNMP v1, SNMP v2 and carry out user management based on group's word (community) templating Managed Solution, the set of a SNMPAgent and group SNMP Manager is defined in group's word, be defined in Agent and Manager in group's word each other authentication legal, can conduct interviews, in concrete communication process, can whether Manager mate confirm operate Agent by checking group's word.
But group's word cannot be suitable in SNMP v3.Because SNMP v3 adopts the security authentication mechanism based on user, sending with when receiving message, all needing to use the PKI in the middle of user profile to carry out enciphering/deciphering to message, obviously, cannot be managed SNMP v3 user by the mode of group's word.Visible, how more effectively managing user information is inevitable problem in SNMP v3.
Fig. 1 shows the structural representation based on the communication system of SNMP v3 in prior art, and the communication means that Network Management Station 1 and SNMP v3 act on behalf of between 2 is as follows:
Step one, Network Management Station 1 sets up the corresponding relation between mark snmp Engine ID+ user name userName+ user encryption information (comprising the information such as cryptographic algorithm, PKI) this three of User of SNMP v3 agency;
Step 2, when Network Management Station 1 acts on behalf of 2 transmission SNMP v3 request to SNMP v3, first obtain the mark (i.e. snmp Engine ID) of SNMP v3 agency 2, the snmp Engine ID of the 2 and userName of user is acted on behalf of according to determined SNMP v3, the enciphered message User for user is searched in the corresponding relation of the snmpEngineID+userName set up, Network Management Station 1 uses the cryptographic algorithm in the User found, PKI to be encrypted SNMP v3 message, then sends to SNMP v3 to act on behalf of 2 together with userName the message after encryption;
Step 3, after SNMP v3 agency 2 receives message, cryptographic algorithm, the PKI of finding out correspondence in the User of this user according to userName are deciphered message, SNMP v3 acts on behalf of 2 by this cryptographic algorithm of message, the public key encryption of response, and can send to Network Management Station 1 by the message after encryption equally together with userName;
Step 4, when the webserver 1 receives and acts on behalf of the message of 2 from SNMP v3, finds corresponding User according to the snmpEngineID+userName carried in message, deciphers according to cryptographic algorithm, PKI to message.
As can be seen from above-mentioned communication process, realize in the process of the communication that Network Management Station and SNMP v3 act on behalf of, need the corresponding relation one to one using a large amount of snmpEngineID+username+User.In the network operation process of reality, the user management of SNMP v3 is acted on behalf of based on SNMP v3, and to the configuration of the corresponding relation of snmpEngineID+username+User by manually operating, the process of configuration process comprises: first manually determine the mark (snmpEngineID) that SNMP v3 acts on behalf of, determine again to act on behalf of corresponding user with SNMP v3, corresponding relation one to one between last human configuration snmpEngineID+username+User.At present, in the above-mentioned layoutprocedure acted on behalf of based on SNMP v3, artificial obtain the job very difficult of the mark of SNMP v3 agency and workload is very large, easily make mistakes.
Visible, there is the problem of manually carrying out SNMP v3 user management intricate operation, inefficiency in the management at present to SNMP v3 user.
Summary of the invention
In view of this, embodiments provide the collocation method of a kind of SNMP v3 user, in order to solve problem that is loaded down with trivial details to the management work existed in the management of SNMP v3 user in prior art, inefficiency.
Correspondingly, the embodiment of the present invention additionally provide a kind of SNMP v3 user inking device, based on the communication means of SNMP v3 and device, Network Management Station.
Embodiment of the present invention technical scheme is as follows:
A SNMP v3 user's collocation method, comprising: Network Management Station, according to the user profile of user, obtains the mark of the SNMP v3 agency that predetermined user can access; Wherein, user profile comprises the user name of user and the enciphered message of user; Network Management Station is set up user or is upgraded user list, and user's list comprises the mark and IP address that SNMP v3 that user profile and the user that gets can access acts on behalf of.
A SNMP v3 user's inking device, comprising: acquisition module, the mark that the SNMP v3 that can access for obtaining predetermined user according to user profile acts on behalf of; Wherein, user profile comprises the user name of user and the enciphered message of user; Maintenance module, for setting up user or upgrading user list, uncle user's list comprises the mark and IP address that SNMP v3 that user profile and the user that gets can access acts on behalf of.
A kind of communication means based on SNMP v3, comprise: Network Management Station is for user's SNMP v3 message to be sent, according to the IP address that the user name in this SNMP v3 message and SNMP v3 are acted on behalf of, in the user's list in advance for user's foundation, find the enciphered message of user; Wherein, user's list comprises IP address and the mark of the SNMP v3 agency that the user name of user, the enciphered message of user and user can access; Use the enciphered message found to be encrypted to sent SNMP v3 message, and send the SNMP v3 message after encryption.
Based on a communicator of SNMP v3, comprising: configuration module, for setting up user's list of user in advance; Wherein, user's list comprises IP address and the mark of the SNMPv3 agency that the user name of user, the enciphered message of user and user can access; Search module, for for user's SNMP v3 message to be sent, according to the IP address that the user name in this SNMP v3 message and SNMP v3 are acted on behalf of, in the user list of configuration module in advance for user's foundation, find the enciphered message of user; Encrypting module, for use search module searches to enciphered message be encrypted to sent SNMP v3 message; Sending module, for sending the SNMP v3 message after encrypting module encryption.
A kind of Network Management Station, comprising: the inking device of SNMP v3 user as above, or as above based on the communicator of SNMP v3.
According to the technical scheme that the embodiment of the present invention provides, by the user profile of Network Management Station according to the user name and enciphered message that comprise user, obtain the mark that the predetermined SNMP v3 corresponding with this user acts on behalf of, user's list is set up to this user, this user's list comprises the user name of user, enciphered message, the IP address that the SNMP v3 corresponding with this user acts on behalf of and mark, Network Management Station can be configured user automatically according to the user profile of user, thus the efficiency of management that can improve SNMP v3 user, simplify the management work to SNMPv3 user, can to solve in prior art that to there is management work in the artificial management to SNMP v3 user loaded down with trivial details, the problem of inefficiency.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from specification, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in write specification, claims and accompanying drawing and obtain.
Accompanying drawing explanation
Fig. 1 is the structural representation based on the communication system of SNMP v3 in prior art;
The workflow diagram of the collocation method of the SNMP v3 user that Fig. 2 provides for the embodiment of the present invention;
The structured flowchart of the inking device of the SNMP v3 user that Fig. 3 provides for the embodiment of the present invention;
Fig. 4 is the preferred enforcement structured flowchart of Fig. 3 shown device;
The workflow diagram of the communication means based on SNMP v3 that Fig. 5 provides for the embodiment of the present invention;
The structured flowchart of the communicator based on SNMP v3 that Fig. 6 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, embodiments of the invention are described, should be appreciated that embodiment described herein is only for instruction and explanation of the present invention, is not intended to limit the present invention.
The embodiment of the present invention, for the problem of, the inefficiency loaded down with trivial details to the management work of SNMP v3 user existed in prior art, proposes the allocation plan of a kind of SNMP v3 user, for solving this problem.
In the technical scheme that the embodiment of the present invention provides, Network Management Station is according to the user profile of the user name and enciphered message that comprise user, obtain the mark that the predetermined SNMP v3 corresponding with this user acts on behalf of, user's list is set up to this user, this user's list comprises the user name of user, enciphered message, the IP address that the SNMP v3 corresponding with this user acts on behalf of and mark, Network Management Station can be configured user automatically according to the user profile of user, compared in prior art, the mark that artificial acquisition SNMP v3 acts on behalf of, and based on the mark that SNMP v3 acts on behalf of, to the user name of user, for the enciphered message of user, corresponding relation between the mark that SNMP v3 acts on behalf of is configured, the configuration to SNMP v3 user can be simplified, management work, improve the efficiency of management to SNMP v3 user, can solve in prior art loaded down with trivial details to there is management work in the management of SNMPv3 user, the problem of inefficiency.
The embodiment of the present invention, based on the allocation plan of above-mentioned SNMP v3 user, additionally provides a kind of communication plan based on SNMP v3.In this communication plan, based on to the pre-configured user's list of user, act on behalf of in the process of initiating communication in Network Management Station to SNMP v3, the IP address only need acted on behalf of according to SNMP v3 and user name just can find the enciphered message of user, compared to the mark first finding SNMPv3 agency in prior art, and then the mark to act on behalf of according to SNMP v3 and user name find enciphered message for user, processing speed and the efficiency of communication can be improved.
Below the embodiment of the present invention is described in detail.
Fig. 2 shows the workflow diagram of the collocation method of the SNMP v3 user that the embodiment of the present invention provides, and as shown in Figure 2, the method comprises following processing procedure:
Step 21, Network Management Station, according to the user profile of user, obtain the mark that the predetermined SNMP v3 corresponding with user acts on behalf of; Wherein, user profile comprises the user name of user and the enciphered message of user;
Step 22, Network Management Station are set up user or are upgraded user's list, the IP address that user's list comprises user profile and the SNMP v3 corresponding with user agency and the mark that the SNMP v3 corresponding with user got acts on behalf of.
Particularly, in above-mentioned steps 21, the process that the SNMP v3 that predefined user can access acts on behalf of comprises: Network Management Station judges SNMP v3 to be configured agency, and in advance whether mark is corresponding with user; When mark is not corresponding with user in advance for SNMP v3 to be configured agency, Network Management Station uses the user profile of user to act on behalf of execution to SNMP v3 to be configured and to fetch data operation, when SNMP v3 to be configured agency returns response message for operation of fetching data, determine that the SNMP v3 that SNMP v3 agency to be configured can access for user acts on behalf of; When mark is corresponding with user in advance for SNMP v3 to be configured agency, determine that the SNMP v3 that SNMP v3 agency to be configured can access for user acts on behalf of.
Particularly, in above-mentioned steps 21, the process obtaining the mark of the SNMP v3 agency that predetermined user can access according to user profile comprises: Network Management Station uses user profile to act on behalf of to the SNMP v3 that user can access and sends do-nothing instruction, and the SNMP v3 that can access from user acts on behalf of the response message returned, obtains the mark of the SNMP v3 agency that user can access.
According to above-mentioned processing procedure, by the user profile of Network Management Station according to the user name and enciphered message that comprise user, obtain the mark that the predetermined SNMP v3 corresponding with this user acts on behalf of, user's list is set up to this user, this user's list comprises the user name of user, enciphered message, the IP address that the SNMP v3 corresponding with this user acts on behalf of and mark, Network Management Station can be configured user automatically according to the user profile of user, thus the efficiency of management that can improve SNMP v3 user, simplify the management work to SNMP v3 user, can to solve in prior art that to there is management work in the artificial management to SNMP v3 user loaded down with trivial details, the problem of inefficiency.
SNMP v3 agency (namely corresponding with user SNMP v3 acts on behalf of) that the method that the embodiment of the present invention provides can be accessed by first determining user, obtain the mark that the SNMP v3 corresponding with user acts on behalf of again, compared to the mark directly obtaining the SNMP v3 agency that user can access, the method that the embodiment of the present invention provides is with good expansibility and the wider scope of application; Use the method that the embodiment of the present invention provides, known or the unknown situation of corresponding relation between acting on behalf of for user and SNMP v3 all can process, and directly obtain the process of the mark of the SNMP v3 agency that user can access, be only applicable to user and SNMP v3 act on behalf of between the explicitly known situation of corresponding relation, embodiments provide a kind of management method having more universality, more general SNMP v3 user as seen.
Shown below the preferred implementation process of method shown in Fig. 2.
Step one, Network Management Station obtain the IP address that several SNMP v3 to be configured act on behalf of;
Step 2, Network Management Station choose an IP address as current IP address from the IP address that several SNMP v3 to be configured act on behalf of;
Step 3, Network Management Station judge whether current IP address identifies corresponding user, and when identifying the user having correspondence, process proceeds to step 9, otherwise when not identifying corresponding user, process proceeds to step 4;
Step 4, Network Management Station choose a user as active user from several users to be configured, and extract the user profile of this active user, user profile comprises user name and the enciphered message of user;
Step 5, use the user profile extracted to act on behalf of execution to the SNMP v3 that current IP address is pointed to fetch data operation, this carries user name in the user profile extracted to some extent and enciphered message in fetching data and operating;
Step 6, when receive current IP address point to SNMP v3 act on behalf of for fetch data operation return response message, process proceed to step 7, otherwise, process proceed to step 8;
Step 7, active user generated or upgrades user list, by user's list of current IP address record active user, in user's list, also recording the user profile of active user;
Step 8, to judge whether user to be configured chooses complete, when not choosing complete, the processing returns to step four, otherwise process proceeds to step 10;
Step 9, current IP address is recorded in user's list of corresponding user;
Step 10, judge whether the IP address that SNMP v3 to be configured acts on behalf of configures complete, when not configuring complete, the processing returns to step two, otherwise process proceeds to step 11;
The subscriber's meter nonoculture of step 11, an extraction user is active user's list;
Step 12, judge whether to exist in active user's list and record IP address that SNMP v3 acts on behalf of but do not record the situation of the mark (ID) that the SNMP v3 corresponding with this IP address acts on behalf of, when judging to there is this kind of situation, process proceeds to step 13, otherwise process proceeds to step 10 seven;
Step 13, using the IP address of the ID that do not have SNMP v3 to act on behalf of as current IP address, use the user name in this user's list and enciphered message to act on behalf of to the SNMP v3 of current IP address indication and send do-nothing instruction;
The SNMP v3 of step 14, reception current IP address indication acts on behalf of the response message returned for this do-nothing instruction;
Step 15, resolve the response message received, the mark obtaining corresponding with current IP address SNMP v3 agency;
Step 10 six, identification record that the SNMP v3 corresponding with current IP address that obtain act on behalf of will be resolved in user's list of this user;
Step 10 seven, judge whether user's list of whole user extracts complete, when extracting complete, process terminates, otherwise process turns back to step 11.
According to above-mentioned processing procedure, the situation of the corresponding relation the unknown between user and SNMP v3 are acted on behalf of, Network Management Station is according to the user profile of the user name and enciphered message that comprise user, determine that the SNMP v3 that this user can access acts on behalf of, and obtain the mark of the SNMP v3 agency corresponding with user further, user is set up or upgrades user's list; The situation that corresponding relation between acting on behalf of for user and SNMP v3 is known, Network Management Station, according to the user profile of the user name and enciphered message that comprise user, obtains the mark that the SNMP v3 corresponding with user acts on behalf of, and sets up or upgrade user's list to user; Thus Network Management Station can be configured user and SNMP v3 agency automatically according to the user profile of user, the efficiency of management to SNMP v3 user can be improved, simplify management work to SNMP v3 user, can solve in prior art and in the artificial management to SNMP v3 user, have that management work is loaded down with trivial details, the problem of inefficiency.
Below the situation of the concrete enforcement of method shown in Fig. 2 is described.
Scene one
In this scenario, network management stands in initialized process and is configured user, the corresponding relation of user and SNMPv3 agency is unknown, Network Management Station realizes determining that (namely corresponding with user) SNMP v3 that user can access acts on behalf of automatically, and obtaining the mark of the SNMP v3 agency corresponding with user, the process of configuration comprises the steps:
Step one, Network Management Station obtain IP address list, have recorded the IP address that each SNMP v3 of being connected with Network Management Station acts on behalf of in IP address list;
An IP address is chosen as current IP address in step 2, the list of Network Management Station secondary IP address;
Step 3, Network Management Station judge that current IP address does not identify corresponding user;
Step 4, Network Management Station choose a user as active user from several users to be configured, and extract the user profile of this active user, user profile comprises user name and the enciphered message of user;
Step 5, use the user profile extracted to act on behalf of execution to the SNMP v3 that current IP address is pointed to fetch data operation, this carries user name in the user profile extracted to some extent and enciphered message in fetching data and operating;
Step 6, when receive current IP address point to SNMP v3 act on behalf of for fetch data operation return response message, process proceed to step 7, otherwise, process proceed to step 8;
Step 7, user's list is generated to active user, current IP address is recorded in user's list of active user, in user's list, also records the user profile of active user;
Step 8, to judge whether user to be configured chooses complete, when not choosing complete, the processing returns to step four, otherwise process proceeds to step 9;
Whether step 9, the IP address judged in IP address list are all chosen complete, when not choosing complete, the processing returns to step two, otherwise process proceeds to step 10;
The subscriber's meter nonoculture of step 10, an extraction user is active user's list;
Step 11, judge whether to exist in active user's list and record IP address that SNMP v3 acts on behalf of but do not record the situation of the mark (ID) that the SNMP v3 corresponding with this IP address acts on behalf of, when judging to there is this kind of situation, process proceeds to step 12, otherwise process proceeds to step 10 six;
Step 12, using the IP address of the ID that do not have SNMP v3 to act on behalf of as current IP address, use the user name in this user's list and enciphered message to act on behalf of to the SNMP v3 of current IP address indication and send do-nothing instruction;
The SNMP v3 of step 13, reception current IP address indication acts on behalf of the response message returned for this do-nothing instruction;
Step 14, resolve the response message received, the mark obtaining corresponding with current IP address SNMP v3 agency;
Step 15, identification record that the SNMP v3 corresponding with current IP address that obtain act on behalf of will be resolved in user's list of this user;
Step 10 six, judge whether user's list of whole user extracts complete, when extracting complete, process terminates, otherwise process turns back to step 10.
According to above-mentioned processing procedure, can in the process of system initialization, Network Management Station is according to the user profile of user, automatically determine that the SNMP v3 corresponding with user acts on behalf of, obtain the mark that the SNMP v3 corresponding with user acts on behalf of, set up IP address that the user name of user and enciphered message and the SNMP v3 corresponding with this user act on behalf of and corresponding relation between identifying, thus Network Management Station can be configured SNMP v3 user automatically, can improve the allocative efficiency to SNMP v3 user and the efficiency of management.
Scene two
In this scenario, Network Management Station is through as above stating the processing procedure in scene one, in initialization procedure, user's list is configured with to managed user, Network Management Station uses Topology Discovery application to search out new SNMP v3 and acts on behalf of, which uncertain managed user acts on behalf of corresponding with the new SNMP v3 that this searches out, and it is as follows that Network Management Station acts on behalf of to the new SNMP v3 searched out the process be configured:
Step one, Network Management Station obtain the IP address that several new SNMP v3 act on behalf of;
Step 2, Network Management Station choose an IP address as current IP address using in the IP address acted on behalf of from several new SNMP v3;
Step 3, Network Management Station judge that current IP address does not identify corresponding user;
Step 4, Network Management Station choose a user as active user from several users to be configured, and from user's list of this user, extract user profile, user profile comprises user name and the enciphered message of user;
Step 5, use the user profile extracted to act on behalf of execution to the SNMP v3 that current IP address is pointed to fetch data operation, this carries user name in the user profile extracted to some extent and enciphered message in fetching data and operating;
Step 6, when receive current IP address point to SNMP v3 act on behalf of for fetch data operation return response message, process proceed to step 7, otherwise, process proceed to step 8;
User's list of step 7, renewal active user, is recorded to current IP address in user's list of active user, also records the user profile of active user in user's list;
Step 8, to judge whether user to be configured chooses complete, when not choosing complete, the processing returns to step four, otherwise process proceeds to step 9;
Whether the IP address that the new SNMP v3 that step 9, judgement get acts on behalf of all is chosen complete, when not choosing complete, the processing returns to step two, otherwise process proceeds to step 10;
The subscriber's meter nonoculture of step 10, an extraction user is active user's list;
Step 11, judge whether to exist in active user's list and record IP address that SNMP v3 acts on behalf of but do not record the situation of the mark (ID) that the SNMP v3 corresponding with this IP address acts on behalf of, when judging to there is this kind of situation, process proceeds to step 12, otherwise process proceeds to step 10 six;
Step 12, using the IP address of the ID that do not have SNMP v3 to act on behalf of as current IP address, use the user name in this user's list and enciphered message to act on behalf of to the SNMP v3 of current IP address indication and send do-nothing instruction;
The SNMP v3 of step 13, reception current IP address indication acts on behalf of the response message returned for this do-nothing instruction;
Step 14, resolve the response message received, the mark obtaining corresponding with current IP address SNMP v3 agency;
Step 15, identification record that the SNMP v3 corresponding with current IP address that obtain act on behalf of will be resolved in user's list of this user;
Step 10 six, judge whether user's list of whole user extracts complete, when extracting complete, process terminates, otherwise process turns back to step 10.
According to above-mentioned processing procedure, when applied topology finds that searching out new SNMP v3 acts on behalf of, this new SNMP v3 acts on behalf of with the corresponding relation of user indefinite, Network Management Station can based on user's list, automatically determine to act on behalf of corresponding user with newfound SNMP v3, and obtain the mark of this newfound SNMP v3 agency, and then set up the IP address of newfound SNMP v3 agency and identify and the user name of corresponding user and the corresponding relation of enciphered message, automatically can be configured newfound SNMP v3 agency based on user's list.
Scene three
In this scenario, Network Management Station has been passed through as the processing procedure in above-mentioned scene one, user's list is configured with to managed user, increase new SNMP v3 in system to act on behalf of, the SNMP v3 newly increased acts on behalf of with the corresponding relation of user clearly known, user corresponding on IP address designation in advance to this new SNMP v3 agency, it is as follows that the SNMP v3 of Network Management Station to new configuration acts on behalf of the processing procedure be configured:
Step one, Network Management Station obtain the IP address of several SNMP v3 agency newly increased;
Step 2, Network Management Station choose an IP address as current IP address from the IP address that several SNMP v3 newly increased act on behalf of;
Step 3, Network Management Station judge that current IP address mark has corresponding user;
Step 4, be recorded in user's list of corresponding user by current IP address;
Whether the IP address that the SNMP v3 that step 5, judgement newly increase acts on behalf of configures complete, when not configuring complete, the processing returns to step two, otherwise process proceeds to step 6;
The subscriber's meter nonoculture of step 6, an extraction user is active user's list;
Step 7, judge whether to exist in active user's list and record IP address that SNMP v3 acts on behalf of but do not record the situation of the mark (ID) that the SNMP v3 corresponding with this IP address acts on behalf of, when judging to there is this kind of situation, process proceeds to step 8, otherwise process proceeds to step 12;
Step 8, using the IP address of the ID that do not have SNMP v3 to act on behalf of as current IP address, use the user name in this user's list and enciphered message to act on behalf of to the SNMP v3 of current IP address indication and send do-nothing instruction;
The SNMP v3 of step 9, reception current IP address indication acts on behalf of the response message returned for this do-nothing instruction;
Step 10, resolve the response message received, the mark obtaining corresponding with current IP address SNMP v3 agency;
Step 11, identification record that the SNMP v3 corresponding with current IP address that obtain act on behalf of will be resolved in user's list of this user;
Step 12, judge whether user's list of whole user extracts complete, when extracting complete, process terminates, otherwise process turns back to step 6.
According to above-mentioned processing procedure, increase new SNMP v3 in system to act on behalf of, and when the SNMP v3 newly increased acts on behalf of and the corresponding relation of user is known, Network Management Station can based on user's list, automatically the IP address that the SNMP v3 newly increased acts on behalf of is written in user's list of corresponding user, and obtain the mark of SNMP v3 agency that this newly increases, and then set up the IP address of newfound SNMP v3 agency and identify and the user name of corresponding user and the corresponding relation of enciphered message, automatically can be configured the SNMP v3 agency newly increased based on user's list.
The collocation method of the SNMP v3 user that the embodiment of the present invention provides, not only can be realized by hardware, can also pass through software simulating, namely be realized by the inking device of following SNMP v3 user.
Fig. 3 shows the structured flowchart of the inking device of the SNMP v3 user that the embodiment of the present invention provides, and as shown in Figure 3, this device comprises:
Acquisition module 31, the mark that the SNMP v3 that can access for obtaining predetermined user according to user profile acts on behalf of; Wherein, user profile comprises the user name of user and the enciphered message of user;
Maintenance module 32, is connected to acquisition module 31, and for setting up user or upgrading user list, uncle user's list comprises the mark and IP address that SNMP v3 that user profile and the user that gets can access acts on behalf of.
A kind of preferred mode, Fig. 4 shows the preferred enforcement structure of Fig. 3 shown device, and Fig. 4 shown device, on the basis of Fig. 3 shown device, also comprises:
Judge module 33, for judging SNMP v3 to be configured agency, in advance whether mark is corresponding with user;
Determination module 34, be connected to judge module 33, for judging that at judge module 33 SNMPv3 agency to be configured does not identify corresponding with user in advance, use the user profile of user to act on behalf of execution to SNMP v3 to be configured to fetch data operation, when SNMP v3 to be configured agency returns response message for operation of fetching data, determine that the SNMPv3 that can access that SNMP v3 to be configured acts on behalf of as user acts on behalf of; When judge module 33 judges that SNMP v3 agency to be configured identifies corresponding with user in advance, determine that the SNMP v3 that can access that SNMP v3 to be configured acts on behalf of as user acts on behalf of.
A kind of preferred mode, acquisition module 32, be connected to determination module 34, specifically for: use user profile act on behalf of to the SNMP v3 that can access with user and sends do-nothing instruction, from the mark of the SNMP v3 agency that SNMP v3 acts on behalf of the response message returned, acquisition user can access that user can access.
According to device as implied above, the user name of user and the user profile of enciphered message is comprised by basis, obtain the mark that the predetermined SNMP v3 corresponding with this user acts on behalf of, user's list is set up to this user, this user's list comprises the user name of user, enciphered message, the IP address that the SNMP v3 corresponding with this user acts on behalf of and mark, Network Management Station can be configured user automatically according to the user profile of user, thus the efficiency of management that can improve SNMP v3 user, simplify the management work to SNMP v3 user, can to solve in prior art that to there is management work in the artificial management to SNMP v3 user loaded down with trivial details, the problem of inefficiency.
The embodiment of the present invention, on the basis of the allocation plan of above-mentioned SNMP v3 user, additionally provides a kind of communication plan based on SNMPv3.
Fig. 5 shows the workflow diagram of the communication means based on SNMP v3 that the embodiment of the present invention provides, and as shown in Figure 5, the method comprises following processing procedure:
Step 51, Network Management Station, for user's SNMP v3 message to be sent, according to the IP address that the user name in this SNMP v3 message and SNMP v3 are acted on behalf of, find the enciphered message of user in the user's list in advance for user's foundation; Wherein, user's list comprises the user name of user, the enciphered message of user and the IP address acted on behalf of with the SNMP v3 that user can access and mark;
The enciphered message that step 52, use find is encrypted to sent SNMP v3 message, and sends the SNMP v3 message after encryption.
Wherein, in step 51 in advance for user's configure user list processing procedure can as shown in above-mentioned steps 21 to step 22 (or as step 21 to step 22 preferred implementation shown in).
By method as shown in Figure 5, based in advance to user configured user's list, act on behalf of in the process of initiating communication in Network Management Station to SNMP v3, the IP address only need acted on behalf of according to SNMP v3 in SNMP v3 message and user name just can find the enciphered message for user in user's list, compared to the mark first finding SNMP v3 agency in prior art according to the processing procedure of complexity, the mark acted on behalf of according to SNMP v3 again and user name find enciphered message for user, can improve the processing speed based on the communication of SNMP v3 and efficiency.
The embodiment of the present invention provides the communication means based on SNMP v3, not only can be realized by hardware, can also be realized by software, and namely Network Management Station comprises the following communicator based on SNMP v3.
Fig. 6 shows the structured flowchart of the communicator based on SNMP v3 that the embodiment of the present invention provides, and as shown in Figure 6, this device comprises:
Configuration module 61, for setting up user's list of user in advance; Wherein, user's list comprises the user name of user, the enciphered message of user and the IP address acted on behalf of with the SNMP v3 that user can access and mark; A kind of preferred mode, the structure of configuration module 61 is as shown in Figure 3;
Search module 62, be connected to configuration module 61, for for user's SNMP v3 message to be sent, according to the IP address that the user name in this SNMP v3 message and SNMP v3 are acted on behalf of, in the user list of configuration module in advance for user's foundation, find the enciphered message of user;
Encrypting module 63, is connected to and searches module 62, searches the enciphered message that module 62 finds be encrypted to sent SNMP v3 message for using;
Sending module 64, is connected to encrypting module 63, for sending the SNMPv3 message after encrypting module 63 encryption.
The operation principle of Fig. 6 shown device as shown in Figure 5, repeats no more here.A kind of preferred mode, the operation principle of configuration module 61 as shown in Figure 2, repeats no more here.
By device as shown in Figure 6, based in advance to user configured user's list, acting on behalf of in the process of initiating communication to SNMP v3, the IP address only need acted on behalf of according to SNMP v3 in SNMP v3 message and user name just can find the enciphered message for user in user's list, compared to the mark first finding SNMP v3 agency in prior art according to the processing procedure of complexity, the mark acted on behalf of according to SNMP v3 again and user name find enciphered message for user, can improve the processing speed based on the communication of SNMP v3 and efficiency.
Below the situation of the concrete enforcement of method shown in Fig. 5 is described.
Scene four
In this scenario, Network Management Station by as the processing procedure in above-mentioned scene one to the user that manages be configured with user's list, the communication of Network Management Station to user processes, and processing procedure is as follows:
Step one, Network Management Station for user's SNMP v3 message to be sent, according to the IP address that the user name in this SNMP v3 message and SNMP v3 are acted on behalf of, in advance for finding the enciphered message for this user in this user configured user's list;
The enciphered message that step 2, use find is encrypted to sent SNMP v3 message;
Step 3, the SNMP v3 message SNMP v3 that sends to the IP address in this SNMP v3 message to point to after encryption to be acted on behalf of;
Step 4, Network Management Station receive SNMP v3 message;
Step 5, Network Management Station are according to the user name in the SNMP v3 message received, the user's list comprising this user name is determined in whole user's list, according to the mark that the SNMP v3 in the SNMP v3 message received acts on behalf of, in the user's list determined, find enciphered message;
The enciphered message that step 6, use find is decrypted the SNMP v3 message received, and obtains the SNMP v3 message after deciphering.
According to above-mentioned processing procedure, based in advance to user configured user's list, act on behalf of in the process of initiating communication in Network Management Station to SNMP v3, the IP address only need acted on behalf of according to SNMP v3 in SNMP v3 message and user name just can find the enciphered message for user in user's list, compared to the mark first finding SNMP v3 agency in prior art, the mark acted on behalf of according to SNMP v3 again and user name find enciphered message for user, can improve processing speed and the efficiency of communication.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (9)
1. a Simple Network Management Protocol third edition SNMP v3 user's collocation method, is characterized in that, comprising:
Network Management Station, according to the user profile of user, obtains the mark of the SNMP v3 agency that predetermined described user can access; Wherein, described user profile comprises the user name of described user and the enciphered message of user;
Described Network Management Station is set up described user or is upgraded user's list, and described user's list comprises the mark and IP address that SNMP v3 that described user profile and the described user that gets can access acts on behalf of;
Wherein, the SNMP v3 that predefined described user can access acts on behalf of, and specifically comprises:
Described Network Management Station judges SNMP v3 to be configured agency, and in advance whether mark is corresponding with described user;
When mark is not corresponding with described user in advance for described SNMP v3 to be configured agency, described Network Management Station uses the user profile of described user to act on behalf of execution to described SNMP v3 to be configured and to fetch data operation, when described SNMP v3 to be configured agency returns response message for operation of fetching data, determine that described SNMP v3 to be configured acts on behalf of the SNMP v3 that can access for described user and acts on behalf of;
When mark is corresponding with described user in advance for described SNMP v3 to be configured agency, determine that described SNMP v3 to be configured acts on behalf of the SNMP v3 that can access for described user and acts on behalf of.
2. method according to claim 1, is characterized in that, obtains the mark of the SNMP v3 agency that predetermined described user can access, specifically comprise according to described user profile:
Described Network Management Station uses described user profile to act on behalf of to the SNMP v3 that described user can access and sends do-nothing instruction, and the SNMP v3 that can access from described user acts on behalf of the response message returned, obtains the mark of the SNMP v3 agency that described user can access.
3. method according to any one of claim 1 to 2, is characterized in that, described method also comprises:
Described Network Management Station, for user's SNMP v3 message to be sent, according to the IP address that the user name in this SNMP v3 message and SNMP v3 are acted on behalf of, finds the enciphered message of described user in the user's list for described user's foundation;
Use the enciphered message found to be encrypted to sent SNMP v3 message, and send the SNMP v3 message after encryption.
4. a Simple Network Management Protocol third edition SNMP v3 user's inking device, is characterized in that, comprising:
Acquisition module, the mark that the SNMP v3 that can access for obtaining predetermined described user according to described user profile acts on behalf of; Wherein, described user profile comprises the user name of described user and the enciphered message of user;
Maintenance module, for setting up described user or upgrading user's list, described user's list comprises the mark and IP address that SNMP v3 that described user profile and the described user that gets can access acts on behalf of;
Wherein, described device also comprises:
Judge module, for judging SNMP v3 to be configured agency, in advance whether mark is corresponding with described user;
Determination module, for judging that at described judge module described SNMP v3 to be configured agency does not identify corresponding with described user in advance, use the user profile of described user to act on behalf of execution to described SNMP v3 to be configured to fetch data operation, when described SNMP v3 to be configured agency returns response message for operation of fetching data, determine that the SNMP v3 that can access that described SNMP v3 to be configured acts on behalf of as described user acts on behalf of; When described judge module judges that described SNMP v3 to be configured agency identifies corresponding with described user in advance, determine that the SNMP v3 that can access that described SNMP v3 to be configured acts on behalf of as described user acts on behalf of.
5. device according to claim 4, is characterized in that, described acquisition module, specifically for:
Use described user profile to act on behalf of to the SNMP v3 that can access with described user and send do-nothing instruction, the SNMP v3 that can access from described user acts on behalf of the response message returned, obtain the mark that SNMP v3 that described user can access acts on behalf of.
6. the device according to any one of claim 4 to 5, is characterized in that, described device, also comprises:
Search module, for for described user SNMP v3 message to be sent, according to the IP address that the user name in this SNMP v3 message and SNMP v3 are acted on behalf of, be the enciphered message finding described user in user's list of described user foundation at described maintenance module;
Encrypting module, for search described in using module searches to enciphered message be encrypted to sent SNMP v3 message;
Sending module, for sending the SNMP v3 message after the encryption of described encrypting module.
7. based on a communication means of Simple Network Management Protocol third edition SNMP v3, it is characterized in that, comprising:
Network Management Station, for user's SNMP v3 message to be sent, according to the IP address that the user name in this SNMP v3 message and SNMP v3 are acted on behalf of, finds the enciphered message of described user in the user's list set up for described user in advance; Wherein, described user's list comprises IP address and the mark of the SNMP v3 agency that the user name of described user, the enciphered message of described user and described user can access;
Use the enciphered message found to be encrypted to sent SNMP v3 message, and send the SNMP v3 message after encryption;
Wherein, the SNMP v3 agency that described user can access specifically adopts and pre-determines with the following method:
Described Network Management Station judges SNMP v3 to be configured agency, and in advance whether mark is corresponding with described user; When mark is not corresponding with described user in advance for described SNMP v3 to be configured agency, described Network Management Station uses the user profile of described user to act on behalf of execution to described SNMP v3 to be configured and to fetch data operation, when described SNMP v3 to be configured agency returns response message for operation of fetching data, determine that described SNMP v3 to be configured acts on behalf of the SNMP v3 that can access for described user and acts on behalf of; When mark is corresponding with described user in advance for described SNMP v3 to be configured agency, determine that described SNMP v3 to be configured acts on behalf of the SNMP v3 that can access for described user and acts on behalf of.
8. based on a communicator of Simple Network Management Protocol third edition SNMP v3, it is characterized in that, comprising:
Configuration module, for setting up user's list of user in advance; Wherein, described user's list comprises IP address and the mark of the SNMP v3 agency that the user name of described user, the enciphered message of described user and described user can access;
Search module, for for described user SNMP v3 message to be sent, according to the IP address that the user name in this SNMP v3 message and SNMP v3 are acted on behalf of, be the enciphered message finding described user in user's list of described user foundation in advance at described configuration module;
Encrypting module, for search described in using module searches to enciphered message be encrypted to sent SNMP v3 message;
Sending module, for sending the SNMP v3 message after the encryption of described encrypting module;
Wherein, described device also comprises:
Judge module, for judging SNMP v3 to be configured agency, in advance whether mark is corresponding with described user;
Determination module, for judging that at described judge module described SNMP v3 to be configured agency does not identify corresponding with described user in advance, use the user profile of described user to act on behalf of execution to described SNMP v3 to be configured to fetch data operation, when described SNMP v3 to be configured agency returns response message for operation of fetching data, determine that the SNMP v3 that can access that described SNMP v3 to be configured acts on behalf of as described user acts on behalf of; When described judge module judges that described SNMP v3 to be configured agency identifies corresponding with described user in advance, determine that the SNMP v3 that can access that described SNMP v3 to be configured acts on behalf of as described user acts on behalf of.
9. a Network Management Station, is characterized in that, comprising: the inking device of the SNMP v3 user according to any one of claim 4 to 6, or as claimed in claim 8 based on the communicator of SNMP v3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210103628.5A CN102638371B (en) | 2012-04-10 | 2012-04-10 | User allocation method and device, communication method and device, and network management station |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210103628.5A CN102638371B (en) | 2012-04-10 | 2012-04-10 | User allocation method and device, communication method and device, and network management station |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102638371A CN102638371A (en) | 2012-08-15 |
| CN102638371B true CN102638371B (en) | 2015-03-11 |
Family
ID=46622624
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210103628.5A Active CN102638371B (en) | 2012-04-10 | 2012-04-10 | User allocation method and device, communication method and device, and network management station |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102638371B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103200030B (en) * | 2013-03-12 | 2016-06-29 | 福建星网锐捷网络有限公司 | The apparatus and method of network management |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1993689A (en) * | 2004-06-23 | 2007-07-04 | 诺基亚公司 | System and method for selecting of versions for snmp communication |
| CN101047493A (en) * | 2006-06-02 | 2007-10-03 | 华为技术有限公司 | Method and system for acquiring simple network management protocol management key |
| CN101068160A (en) * | 2007-06-15 | 2007-11-07 | 杭州华三通信技术有限公司 | Method for managing dynamic address equipment and agenty device |
-
2012
- 2012-04-10 CN CN201210103628.5A patent/CN102638371B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1993689A (en) * | 2004-06-23 | 2007-07-04 | 诺基亚公司 | System and method for selecting of versions for snmp communication |
| CN101047493A (en) * | 2006-06-02 | 2007-10-03 | 华为技术有限公司 | Method and system for acquiring simple network management protocol management key |
| CN101068160A (en) * | 2007-06-15 | 2007-11-07 | 杭州华三通信技术有限公司 | Method for managing dynamic address equipment and agenty device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102638371A (en) | 2012-08-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3843364B1 (en) | Method, device, and apparatus for processing cloud service in cloud system | |
| Vanhoef et al. | Why MAC address randomization is not enough: An analysis of Wi-Fi network discovery mechanisms | |
| US11350286B2 (en) | Device identifier obtaining method and apparatus | |
| CN106851632B (en) | A kind of method and device of smart machine access WLAN | |
| CN110059055B (en) | File storage and reading method and device based on distributed private cloud | |
| CN104125558B (en) | A kind of client-based method for processing business, equipment and system | |
| CN103973651A (en) | Account password identification setting and inquiring method and device based on salt password bank | |
| CN104639391A (en) | Method for generating network flow record and corresponding flow detection equipment | |
| CN102904865A (en) | Method, system and equipment for management of multiple digital certificates on basis of mobile terminal | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| US20130028411A1 (en) | Simple Group Security for Machine-to-Machine Networking (SGSM2M) | |
| CN105516395A (en) | Network address assignment method and device | |
| CN111066014A (en) | Apparatus, method and program for remotely managing devices | |
| CN113784354B (en) | Request conversion method and device based on gateway | |
| CN111177755A (en) | Method and device for processing data permission in report application, computer equipment and computer storage medium | |
| CN105072212B (en) | To code method and to code system | |
| CN110062016B (en) | Method and device for trusted service management | |
| WO2012041029A1 (en) | Method and device for server processing service | |
| CN109788528B (en) | Access point and method and system for opening internet access service thereof | |
| CN103780690A (en) | Method and system for safely sharing user data | |
| CN103139201A (en) | Network strategy acquiring method and data center switchboard | |
| CN102638371B (en) | User allocation method and device, communication method and device, and network management station | |
| CN100473049C (en) | Method for realizing access device long-distance identification-dialing user service proxy authentication | |
| CN115396247B (en) | Distribution network method, device and system of Matter equipment | |
| CN112559250B (en) | Configuration data backup method and device for electric power Internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |