CN102801538A - Authentication and accounting method, device and system for local area network user, and network equipment - Google Patents
Authentication and accounting method, device and system for local area network user, and network equipment Download PDFInfo
- Publication number
- CN102801538A CN102801538A CN2012102126556A CN201210212655A CN102801538A CN 102801538 A CN102801538 A CN 102801538A CN 2012102126556 A CN2012102126556 A CN 2012102126556A CN 201210212655 A CN201210212655 A CN 201210212655A CN 102801538 A CN102801538 A CN 102801538A
- Authority
- CN
- China
- Prior art keywords
- user
- online
- certificate server
- authentication
- nas
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses an authentication and accounting method, an authentication and accounting device and an authentication and accounting system for a local area network user, and user equipment. The method comprises the following steps that: under the condition that a network access server (NAS) detects that an authentication server cannot work normally, the NAS enables an intelligent release function for an accessing client, records the online time length of an online user during an intelligent release period, and provides the recorded online time length of the user during the intelligent release period for the authentication server, and the authentication server updates the online time length in own stored user online time length record, and accounts the user according to the updated online time length record. Therefore, the NAS can accurately determine the online condition and online time length of the user when the authentication server cannot work normally, and the problem that the system cannot accurately determine the online state and online time length of the user under the condition that the authentication server applying an 802.1x authentication standard cannot work normally in the prior art can be solved.
Description
Technical field
The present invention relates to network communicating system, particularly, relate to a kind of authentication bookkeeping methods, Apparatus and system, network equipment of LAN subscriber.
Background technology
At (the IEEE of IEEE; Institute of Electrical and Electronic Engineer) 802 local area network (LAN) (LAN; Local Area Network) in the defined LAN environment, as long as there is physical connection, any PC or user just can get into network; Can bring serious intranet security problem like this, the proposition of 802.1x is exactly in order to address this problem.
IEEE 802.1x is in the LAN standard formulated of 802 committees of IEEE.For a LAN who disposes the 802.1x authentication, when user's (like PC etc.) need just can carry out access to netwoks through the 802.1x authentication when being linked among the LAN, the user through authentication can't not be linked among the LAN.
802.1x relate to following three roles in authentication (the follow-up abbreviation 1x authentication) process:
1, Authentication Client (Supplicant, follow-up abbreviation Su): be contained on the PC (or other accesses terminal) of needs through the use network of authentication.
2, Verification System (Authenticator): network access server (NAS, Network Access Server) is otherwise known as in actual the use.Verification System is the message forwarding person in the whole authentication process; Receive the authentication request of Su; Be transmitted to (the Radius of remote customer dialing authentication system after carrying out necessary verification and encapsulating; Remote Authentication Dial In User Service) server carries out authentication, is transmitted to Su after the response message that simultaneously the Radius server is returned carries out necessary verification and encapsulates.In actual the use is the access device in the network.
3, certificate server (Authentication System): in actual the use is the Radius server, for Su provides authentication service, verification is carried out in the authentication that Su initiates, and receives or the refusal authentication.
Fig. 1 shows the workflow of 802.1x certificate scheme, and is as shown in Figure 1, and the identifying procedure between 802.1X and the certificate server is following:
Step 11,802.1X client are received (being after the user fills in username and password and clicks the login button of Authentication Client) after the request of authentification of user, send authentication to 802.1X NAS and begin message EAPOL-Start message, triggering authentication process;
Step 12,802.1X NAS send ID authentication request to client; Can adopt the Extensible Authentication Protocol (EAPOL of local area network (LAN) particularly; Extensible Authentication Protocol over LAN) sends the message of ID authentication request; Be EAPOL-Request [Identity] message, require to obtain user name;
Step 13,802.1X client are responded EAPOL-Response [Identity] message with user name through authentication and are sent to 802.1X NAS;
EAPOL-Response [Identity] message that step 14,802.1X NAS send client is encapsulated in the Radius agreement, generates Radius/EAPOL-Response [Identity] message, is transmitted to certificate server;
Step 15,802.1X certificate server send password request Radius/EAPOL-Request [Challenge] message to NAS, and message content is the random number (normally 32 bytes) of certain-length, sends cryptographic challenge to client;
Step 16,802.1X NAS receive the password request Radius/EAPOL-Request [Challenge] that certificate server sends, and the EAPOL-Request that encapsulates in the message [Challenge] message is transmitted to the 802.1X client;
Step 17,802.1X client send to 802.1X NAS with password through password response EAPOL-Response [MD5];
EAPOL-Response [MD5] message that step 18,802.1X NAS send client is encapsulated in the Radius agreement, and assembling Radius/EAPOL-Response [MD5] message is transmitted to certificate server;
Step 19,802.1X certificate server to the user bright and password verify, if authentication success sends authentication success Radius/EAPOL-Success message to NAS, if authentification failure sends authentification failure Radius/EAPOL-Failure message to NAS;
After step 10,802.1X NAS receive the Radius/EAPOL-Success message of certificate server transmission, transmit the EAPOL-Success message, and think that client certificate is successful, open controlled mouthful, allow the client-access Internet resources to client; 802.1X after NAS receives the Radius/EAPOL-Failure message of certificate server transmission, transmit the EAPOL-Failure message, do not open controlled mouthful to client.
The user through authentication after, system keeps accounts to the situation of customer access network resource.The equipment that carries out the user accounting processing only relates to NAS and certificate server; When concrete the application, also can carry out the book keeping operation function of certificate server by Radius billed services device; As shown in Figure 2, concrete message interaction flow process comprises: step 21, send Radius book keeping operation message (RADIUS Accounting-Request) by NAS to Radius billed services device, after step 22, Radius billed services device receive the book keeping operation message; Send response message (RADIUS Accounting-Response) to NAS; And according to the type of book keeping operation message the user is chargeed accordingly, for example when the Radius that receives book keeping operation message is the keep-alive message, represent that corresponding user is still online; Do not do accounting processing to the user this moment; When the Radius that receives book keeping operation message is accounting completion packet, represent that corresponding user rolls off the production line, keep accounts to user according to user's online hours of record this moment.
There is following problem in such scheme in present implementation process:
1, behind certificate server (the being the Radius server) machine of delaying or safeguard during, all users of the whole network can't accessing network resources, the fault of certificate server solves by the time, just can carry out access authentication; And, certificate server delay machine or safeguard during, user who newly reaches the standard grade or the authenticated user who reaches the standard grade use the duration of network to add up.
2, after the certificate server machine of delaying recovers or safeguards completion, through the table of the online user in the reading database (recording ID and user's online duration in this table), and each bar record in will showing is as an online user.Online user's information that this method obtains is inaccurate; For example; If the user is rolled off the production line during certificate server is delayed machine or maintenance; This moment certificate server whether do not go to discern this user also online, only according to the online user show to go to assert the user online be inaccurate, and do not have the online hours of more accurate method statistic recording user.
To problem 1, at present available solution is: the 802.1x function of net administrator's Temporarily Closed NAS, wait for that then the technical staff solves the delay fault of machine of certificate server; Perhaps; The technical staff opens the intelligence clearance function of NAS; Interim open access authority, so-called intelligence is let pass and referred to: it is unavailable to detect certificate server such as the NAS of access device through certain means, then during access authentication of user; No longer carry out authentication through certificate server, this user directly lets pass.But these two kinds of solutions all can not effectively be managed (comprising charging, end points prevention policies etc.) to the user who surfs the Net, and have also strengthened keeper's work load simultaneously through the method for manual setting.
To problem 2, there is not effective scheme to carry out user's On line inspection at present, also can't discern the user's online situation exactly, and the online duration of precise statistics user.
It is thus clear that, in the prior art, use the certificate server of 802.1x Valuation Standard can't the situation of operate as normal under system can't confirm user's online state and online hours exactly.
Summary of the invention
In view of this; The embodiment of the invention provides a kind of authentication bookkeeping methods, Apparatus and system, network equipment of LAN subscriber; In order to solve in the prior art; Use the certificate server of 802.1x Valuation Standard can't the situation of operate as normal under, system can't confirm the problem of user's online state and online hours exactly.
Embodiment of the invention technical scheme is following:
A kind of authentication bookkeeping methods of LAN subscriber comprises: network access server NAS detect certificate server can't the situation of operate as normal under, the access client of NAS is opened intelligent clearance function; NAS writes down online user's bypass information under detecting through the online situation of the user of said access client login, said bypass information comprises: online user's ID and the online hours of this user during intelligence is let pass; NAS detect again certificate server in proper working order after, to the bypass information that certificate server sends record, bypass information is used to that certificate server carries out authentification of user and charging provides reference.
A kind of authentication of LAN subscriber book keeping operation device comprises: first detecting module is used for whether operate as normal of probe authentication server; Intelligence clearance module, be used for said first detecting module detect certificate server can't the situation of operate as normal under, the access client of said device place network access server NAS is opened intelligent clearance function; Second detecting module, be used for said first detecting module detect certificate server can't the situation of operate as normal under, whether survey the user who logins through said access client online; Logging modle is used for detecting under the online situation of user at said second detecting module, record online user's bypass information, and said bypass information comprises: online user's ID and the online hours of this user during intelligence is let pass; Sending module; Be used for first detecting module detect again said certificate server in proper working order after; To the bypass information that said certificate server sends said logging modle record, said bypass information is used to that certificate server carries out authentification of user and charging provides reference.
A kind of network equipment comprises the authentication book keeping operation device of aforesaid LAN subscriber.
A kind of authentication bookkeeping methods of LAN subscriber; Comprise: certificate server is after operate as normal again; Reception is from the bypass information of network access server, and said bypass information comprises: online user's ID and the online hours of this user during intelligence is let pass; Certificate server is updated to the online hours of user during intelligence is let pass in the user's online duration record of storage according to said ID; Certificate server is kept accounts to the user according to the online hours record after upgrading.
A kind of authentication book keeping operation device of LAN subscriber; Comprise: receiver module; Be used for behind said device place certificate server operate as normal again; Reception is from the bypass information of network access server, and said bypass information comprises: online user's ID and the online hours of this user during intelligence is let pass; Update module is used for according to said ID, the online hours of user during intelligence is let pass is updated in the user's online duration record of storage; Accounting module is used for according to the online hours record after the said update module renewal user being kept accounts.
A kind of network equipment comprises the authentication book keeping operation device of aforesaid LAN subscriber.
A kind of authentication accounting system of LAN subscriber comprises the authentication book keeping operation device of aforesaid two kinds of LAN subscribers.
The embodiment of the invention through NAS detect certificate server can't the situation of operate as normal under; NAS opens intelligent clearance function to the client that inserts; And record intelligence let pass during online user's online hours; And after detecting the certificate server operate as normal; The online hours of user during intelligence is let pass of record are offered certificate server; Certificate server is updated to these online hours in the user's online hours record of self storing, and according to the online hours record after upgrading the user is kept accounts, thereby NAS can confirm exactly that certificate server can't normal work period user's online situation and user's online duration; Can solve in the prior art certificate server of using the 802.1x Valuation Standard can't the situation of operate as normal under, system can't confirm the problem of user's online state and online hours exactly.
Other features and advantages of the present invention will be set forth in specification subsequently, and, partly from specification, become obvious, perhaps understand through embodiment of the present invention.The object of the invention can be realized through the structure that in the specification of being write, claims and accompanying drawing, is particularly pointed out and obtained with other advantages.
Description of drawings
Fig. 1 is the workflow diagram of 802.1x certificate scheme in the prior art;
Fig. 2 is for having carried out the recording work flow chart after the 802.1x authentication to the user in the prior art;
The workflow diagram of the authentication bookkeeping methods of the LAN subscriber that Fig. 3 provides for the embodiment of the invention;
Fig. 4 a is the structured flowchart of the authentication book keeping operation device of the LAN subscriber that provides of the embodiment of the invention;
Fig. 4 b is the preferred structure block diagram of the authentication book keeping operation device of the LAN subscriber that provides of the embodiment of the invention;
The workflow diagram of the authentication bookkeeping methods of the LAN subscriber that Fig. 5 provides for the embodiment of the invention;
The structured flowchart of the authentication book keeping operation device of the LAN subscriber that Fig. 6 provides for the embodiment of the invention;
The structured flowchart of the authentication accounting system of the LAN subscriber that Fig. 7 provides for the embodiment of the invention;
Fig. 8 is the workflow diagram of NAS in the concrete application of the embodiment of the invention;
Fig. 9 is the workflow diagram of certificate server in the concrete application of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing embodiments of the invention are described, should be appreciated that embodiment described herein only is used for explanation and explains the present invention, and be not used in qualification the present invention.
The embodiment of the invention to the certificate server of using the 802.1x Valuation Standard in the prior art can't the situation of operate as normal under; System can't confirm the problem of user's online state and online hours exactly; A kind of authentication book keeping operation scheme of LAN subscriber has been proposed, to address this problem.
In the technical scheme of the embodiment of the invention; Utilize the interface features of NAS, by NAS probe authentication server operate as normal whether, under the situation that detects the certificate server cisco unity malfunction; NAS opens intelligent clearance function to the client that inserts; And user's online situation during the clearance of detection intelligence, for detecting online user, write down the online hours of this user during intelligence is let pass; NAS sends to certificate server with user's online duration information during the intelligence clearance of being write down under the situation that detects the certificate server operate as normal again; Certificate server is updated to these online hours in the user's online hours information that self writes down; Online hours information according to after upgrading is kept accounts to the user, thereby NAS can confirm exactly that certificate server can't normal work period user's online situation and user's online duration.
Technical scheme in the face of the embodiment of the invention is elaborated down.
One, at first the operation principle of NAS side is described
Fig. 3 shows the workflow diagram of the authentication bookkeeping methods of the LAN subscriber that the embodiment of the invention provides, and as shown in Figure 3, this method comprises:
Particularly, NAS can with process that certificate server is communicated by letter in, the working condition of probe authentication server termly; For example; NAS can select a kind of network communication protocol regularly to send heartbeat message to certificate server, and NAS receives in scheduled duration under the situation from the response of the heartbeat message of certificate server, confirms that certificate server is in proper working order; NAS does not receive in scheduled duration under the situation of response of heartbeat message, confirms that certificate server fails operate as normal;
Particularly, NAS detect certificate server can't operate as normal and start intelligent clearance function after, can survey the user's online situation that inserts termly; The online user of this moment can be divided into two types; A kind of be certificate server can't operate as normal before just online user, another kind is to start intelligence let pass back unauthenticated and online user, NAS selects a kind of network communication protocol; Regularly send heartbeat message to online user's client; NAS receives in scheduled duration under the situation of response of heartbeat message, confirms that the user of logging on client is still online, this moment NAS record online user bypass information; In scheduled duration, do not receive under the situation of response of heartbeat message, confirm user offline;
NAS is also after having sent bypass information to certificate server; Close intelligent clearance function; Deletion online user's bypass information is sent ID authentication request to the client of online user's login, and ID authentication request is used to make the Client-Prompt user to carry out the authentication login again.
Through above-mentioned processing procedure; NAS is under active probe can't the situation of operate as normal to certificate server; Start intelligent clearance function; And active probe inserts the user's online situation, and writes down online user's online duration, and NAS promptly can ensure access user normal access Internet resources under certificate server can't the situation of operate as normal like this; Online hours that can also recording user; Thereby can confirm exactly that certificate server can't normal work period user's online situation and user's online duration, can solve the certificate server of using the 802.1x Valuation Standard in the prior art can't the situation of operate as normal under, system can't confirm the problem of user's online state and online hours exactly.
Method shown in Figure 3 can realize through hardware configuration, also can realize through software program, promptly realizes through the device shown in Fig. 4 a.
Fig. 4 a shows the structured flowchart of the authentication book keeping operation device of the LAN subscriber that the embodiment of the invention provides, and shown in Fig. 4 a, this device comprises:
First detecting module 41 is used for whether operate as normal of probe authentication server;
Second detecting module 43 is connected to first detecting module 41, be used for first detecting module 41 detect certificate server can't the situation of operate as normal under, whether onlinely survey through the access user who inserts the client login;
Sending module 45; Be connected to first detecting module 41 and logging modle 44; Be used for first detecting module 41 detect again certificate server in proper working order after; To the bypass information that certificate server sends logging modle 44 records, bypass information is used to that certificate server carries out authentification of user and charging provides reference; Also be used for first detecting module 41 detect again certificate server in proper working order after, send ID authentication request to the client of online user login, ID authentication request is used to make the Client-Prompt user to carry out the authentication login again;
Preferably, shown in Fig. 4 b, intelligent clearance module 42 also is connected to sending module 45, also is used for after sending module 45 has sent bypass information, closes intelligent clearance function;
Also can ensure according to the device shown in Fig. 4 a or Fig. 4 b and to insert user's normal access Internet resources under certificate server can't the situation of operate as normal; Online hours that can also recording user; Thereby can confirm exactly that certificate server can't normal work period user's online situation and user's online duration; Can solve in the prior art certificate server of using the 802.1x Valuation Standard can't the situation of operate as normal under, system can't confirm the problem of user's online state and online hours exactly.
The embodiment of the invention also provides a kind of network equipment, and this network equipment comprises the device shown in Fig. 4 a or Fig. 4 b, and preferably, this network equipment can be NAS when concrete the application.
Two, describe in the face of the operation principle of certificate server side down.
Fig. 5 shows the workflow diagram of the authentication bookkeeping methods of the LAN subscriber that the embodiment of the invention provides, and as shown in Figure 5, this method comprises:
Step 51, certificate server receive the bypass information from NAS after operate as normal again, bypass information comprises: online user's ID and the online hours of this user during intelligence is let pass;
Step 52, certificate server are updated to the online hours of user during intelligence is let pass in the user's online duration record of storage according to ID;
Step 53, certificate server are kept accounts to the user according to the online hours record after upgrading.
Through processing procedure as shown in Figure 5; Certificate server can be after operate as normal again; According to user's online duration record from the bypass information updating of NAS storage, thus can confirm exactly the user certificate server can't normal work period online hours, and the user kept accounts accurately; Can solve in the prior art certificate server of using the 802.1x Valuation Standard can't the situation of operate as normal under, system can't confirm the problem of user's online duration exactly.
Method shown in Figure 5 can realize through hardware configuration, also can realize through software configuration, promptly realizes through device as shown in Figure 6.
Fig. 6 shows the structured flowchart of the authentication book keeping operation device of the LAN subscriber that the embodiment of the invention provides, and as shown in Figure 6, this device comprises:
According to device as shown in Figure 6; Also can be according to the user's online duration record of being stored from the bypass information updating of NAS; Thereby can confirm exactly the user certificate server can't normal work period online hours; And the user kept accounts accurately, can solve the certificate server of using the 802.1x Valuation Standard in the prior art can't the situation of operate as normal under, system can't confirm the problem of user's online duration exactly.
The embodiment of the invention also provides a kind of network equipment, and this network equipment comprises device as shown in Figure 6, and preferably, this network equipment can be a certificate server in the process of practical implementation.
The embodiment of the invention also provides a kind of authentication accounting system of LAN subscriber, and this system comprises aforesaid two kinds of network equipments, also promptly comprise aforesaid as NAS the network equipment and as the network equipment of certificate server.This system can be as shown in Figure 7, comprising NAS 71, and certificate server 72, NAS 72 inserts a plurality of clients 73.The operation principle of NAS 71 and certificate server 72 repeats no more as stated here.
Three, describe in the face of the concrete situation about using of the embodiment of the invention down.
The concrete applied scene of the embodiment of the invention can be as shown in Figure 7; The process that the user of NAS 71 and 72 pairs of logging on client 73 of certificate server carries out authentication; This verification process can be as shown in Figure 1, and client 73 is through accessing network resources after the authentication of certificate server 72.
In the process that NAS 71 and certificate server 72 communicate; The operating state of NAS 71 regular probe authentication servers; Fail under the situation of operate as normal detecting certificate server; The online user is surveyed, statistics online user's online hours, the concrete processing procedure of NAS 71 is as shown in Figure 8:
The operating state of step 81, NAS 71 regular probe authentication servers, particularly, NAS 71 is regularly to certificate server 72 transmission the Internet Internet Control Message Protocol (ICMP; Internet Control Message Protocol) Radius message; And the startup timer, NAS 71 received before timer expires under the situation from the Radius back message using of certificate server 72, confirmed that certificate server 72 is in proper working order; At this moment, step 81 is returned in processing; NAS 71 expires and does not receive under the situation from the Radius back message using of certificate server 72 at timer, confirms that certificate server 72 can't work, and for example certificate server 72 machine of delaying handles proceeding to step 82;
The access client of step 82,71 couples of NAS of NAS is opened intelligent clearance function; Like this; User just online before certificate server 72 is delayed machine will be still online; And the client that logging on client is reached the standard grade during the intelligent clearance function of unlatching will not carry out authentication, directly can carry out access to netwoks;
Step 85, NAS 71 send to certificate server 72 with the online user's of record bypass information so that certificate server 72 with the online hours information updating in the bypass information in user's online hours information of certificate server 72 storages;
Step 87, NSA 71 send ID authentication request to the client of online user's login; After client received ID authentication request, the prompting user logined, and follow-uply will carry out authentication processing as shown in Figure 1; Thereby certificate server carries out authentication and book keeping operation to the user again; For the user of authentication success once more, NAS71 is online with the user's online status indication, handles and returns step 81.
The handling process of certificate server 72 after reworking is as shown in Figure 9:
Step 91, certificate server 72 be operate as normal again, and for example certificate server 72 maintenances are accomplished or the machine of delaying is restarted the back operate as normal;
Step 92, the pre-configured NAS that is connected with certificate server 72 of certificate server 72 inquiries;
Step 93, certificate server 72 send the request of obtaining bypass information to the NAS that inquires 71;
The bypass information that step 94, certificate server 72 receive from the user of NAS 71;
Step 95, certificate server 72 be according to the ID in the bypass information that receive, with the user's online hours information updating in the bypass information in user's online hours record of certificate server 72 storages;
Step 96, certificate server 72 follow-up will book keeping operations to the user according to the record of the user's online hours after upgrading;
Step 97, certificate server 72 carry out authentication again for the user, and the processing procedure of authentication is as shown in Figure 1.
Through above-mentioned processing procedure; The operating state of NAS 71 regular probe authentication servers 72; Detect certificate server 72 can't the situation of operate as normal under; The access client of NAS is opened intelligent clearance function, and survey user's online state through the login of access client, and to detecting this user's online duration of online user record; Detecting certificate server 72 again under the situation of operate as normal; User's online hours information of record is sent to certificate server 72, user's online hours information that certificate server 72 is stored according to the bypass information updating that receives, thus can realize confirming exactly that certificate server can't normal work period user's online state and online hours.
To sum up institute is said; The embodiment of the invention through NAS detect certificate server can't the situation of operate as normal under; NAS opens intelligent clearance function to the client that inserts; Online user's online hours during record intelligence is let pass; And after detecting the certificate server operate as normal, the online hours of the user who writes down during intelligence is let pass being offered certificate server, certificate server is updated to these online hours in user's online hours record of self storing; Online hours record according to after upgrading is kept accounts to the user; Thereby NAS can confirm exactly that certificate server can't normal work period user's online situation and user's online duration, can solve the certificate server of using the 802.1x Valuation Standard in the prior art can't the situation of operate as normal under, system can't confirm the problem of user's online state and online hours exactly.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, belong within the scope of claim of the present invention and equivalent technologies thereof if of the present invention these are revised with modification, then the present invention also is intended to comprise these changes and modification interior.
Claims (9)
1. the authentication bookkeeping methods of a LAN subscriber is characterized in that, comprising:
Network access server NAS detect certificate server can't the situation of operate as normal under, the access client of NAS is opened intelligent clearance function;
NAS writes down online user's bypass information under detecting through the online situation of the user of said access client login, said bypass information comprises: online user's ID and the online hours of this user during intelligence is let pass;
NAS detect again certificate server in proper working order after, to the bypass information that certificate server sends record, bypass information is used to that certificate server carries out authentification of user and charging provides reference.
2. method according to claim 1 is characterized in that, NAS is after sending the bypass information of record to certificate server, and said method also comprises:
Close intelligent clearance function, deletion online user's bypass information is sent ID authentication request to the client of online user's login.
3. the authentication of LAN subscriber book keeping operation device is characterized in that, comprising:
First detecting module is used for whether operate as normal of probe authentication server;
Intelligence clearance module, be used for said first detecting module detect certificate server can't the situation of operate as normal under, the access client of said device place network access server NAS is opened intelligent clearance function;
Second detecting module, be used for said first detecting module detect certificate server can't the situation of operate as normal under, whether survey the user who logins through said access client online;
Logging modle is used for detecting under the online situation of user at said second detecting module, record online user's bypass information, and said bypass information comprises: online user's ID and the online hours of this user during intelligence is let pass;
Sending module; Be used for first detecting module detect again said certificate server in proper working order after; To the bypass information that said certificate server sends said logging modle record, said bypass information is used to that certificate server carries out authentification of user and charging provides reference.
4. device according to claim 3 is characterized in that, said intelligent clearance module also is used for: after said sending module sends said bypass information, close intelligent clearance function;
Said logging modle also is used for: after said sending module sends said bypass information, and deletion online user's bypass information;
Said sending module also is used for: said first detecting module detect again certificate server in proper working order after, send ID authentication request to the client of online user login.
5. a network equipment is characterized in that, comprises the authentication book keeping operation device of the LAN subscriber described in claim 3 or 4.
6. the authentication bookkeeping methods of a LAN subscriber is characterized in that, comprising:
Certificate server receives the bypass information from network access server after operate as normal again, said bypass information comprises: online user's ID and the online hours of this user during intelligence is let pass;
Certificate server is updated to the online hours of user during intelligence is let pass in the user's online duration record of storage according to said ID;
Certificate server is kept accounts to the user according to the online hours record after upgrading.
7. the authentication of LAN subscriber book keeping operation device is characterized in that, comprising:
Receiver module is used for behind said device place certificate server operate as normal again, receiving the bypass information from network access server, and said bypass information comprises: online user's ID and the online hours of this user during intelligence is let pass;
Update module is used for according to said ID, the online hours of user during intelligence is let pass is updated in the user's online duration record of storage;
Accounting module is used for according to the online hours record after the said update module renewal user being kept accounts.
8. a network equipment is characterized in that, comprises the authentication book keeping operation device of LAN subscriber as claimed in claim 7.
9. the authentication accounting system of a LAN subscriber is characterized in that, comprises the authentication book keeping operation device like claim 5 and 8 described LAN subscribers.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012102126556A CN102801538A (en) | 2012-06-21 | 2012-06-21 | Authentication and accounting method, device and system for local area network user, and network equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012102126556A CN102801538A (en) | 2012-06-21 | 2012-06-21 | Authentication and accounting method, device and system for local area network user, and network equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102801538A true CN102801538A (en) | 2012-11-28 |
Family
ID=47200512
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012102126556A Pending CN102801538A (en) | 2012-06-21 | 2012-06-21 | Authentication and accounting method, device and system for local area network user, and network equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102801538A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106059781A (en) * | 2016-06-23 | 2016-10-26 | 杭州华三通信技术有限公司 | Accounting method and device |
| CN106454833A (en) * | 2016-12-21 | 2017-02-22 | 锐捷网络股份有限公司 | Method and system for realizing wireless 802.1X authentication |
| CN108900480A (en) * | 2018-06-12 | 2018-11-27 | 新华三技术有限公司 | Client certificate management method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1620017A (en) * | 2003-11-18 | 2005-05-25 | 华为技术有限公司 | Charging buffer storage system of broad band network cut-in service device and its method |
| CN101197717A (en) * | 2007-12-27 | 2008-06-11 | 中兴通讯股份有限公司 | Method and system for guarantee normal on-line state during break-down of RADIUS server |
| EP1940112A2 (en) * | 2006-12-27 | 2008-07-02 | Fujitsu Ltd. | Method for protecting against failures of the Mobile IP home agent, AAA server, and radio access network gateway apparatus |
| CN102299859A (en) * | 2011-09-20 | 2011-12-28 | 北京星网锐捷网络技术有限公司 | Mutual information forwarding method and device |
-
2012
- 2012-06-21 CN CN2012102126556A patent/CN102801538A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1620017A (en) * | 2003-11-18 | 2005-05-25 | 华为技术有限公司 | Charging buffer storage system of broad band network cut-in service device and its method |
| EP1940112A2 (en) * | 2006-12-27 | 2008-07-02 | Fujitsu Ltd. | Method for protecting against failures of the Mobile IP home agent, AAA server, and radio access network gateway apparatus |
| CN101197717A (en) * | 2007-12-27 | 2008-06-11 | 中兴通讯股份有限公司 | Method and system for guarantee normal on-line state during break-down of RADIUS server |
| CN102299859A (en) * | 2011-09-20 | 2011-12-28 | 北京星网锐捷网络技术有限公司 | Mutual information forwarding method and device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106059781A (en) * | 2016-06-23 | 2016-10-26 | 杭州华三通信技术有限公司 | Accounting method and device |
| CN106454833A (en) * | 2016-12-21 | 2017-02-22 | 锐捷网络股份有限公司 | Method and system for realizing wireless 802.1X authentication |
| CN108900480A (en) * | 2018-06-12 | 2018-11-27 | 新华三技术有限公司 | Client certificate management method and device |
| CN108900480B (en) * | 2018-06-12 | 2021-12-07 | 新华三技术有限公司 | Client authentication management method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109272606B (en) | Intelligent lock supervision equipment and method based on block chain and storage medium | |
| CN104754582B (en) | Safeguard the client and method of BYOD safety | |
| US7640581B1 (en) | Method and system for providing secure, centralized access to remote elements | |
| CN109120620B (en) | Server management method and system | |
| CN109712278A (en) | Intelligent door lock identity identifying method, system, readable storage medium storing program for executing and mobile terminal | |
| CN105516163B (en) | A kind of login method and terminal device and communication system | |
| CN103503408A (en) | System and method for providing access credentials | |
| JP5382819B2 (en) | Network management system and server | |
| US20110170696A1 (en) | System and method for secure access | |
| CN109104475B (en) | Connection recovery method, device and system | |
| CN102271133B (en) | Authentication method, device and system | |
| CN101714918A (en) | Safety system for logging in VPN and safety method for logging in VPN | |
| CN108900484B (en) | Access right information generation method and device | |
| CN101217482A (en) | A method traversing NAT sending down strategy and a communication device | |
| CN110365741A (en) | A kind of connection method for building up and transfer server | |
| CN107438074A (en) | The means of defence and device of a kind of ddos attack | |
| CN101083660A (en) | Session control based IP network authentication method of dynamic address distribution protocol | |
| CN111314381A (en) | Safety isolation gateway | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| CN101986598A (en) | Authentication method, server and system | |
| CN103731410A (en) | Virtual network building system, virtual network building method, small terminal, and authentication server | |
| CN110138779A (en) | A kind of Hadoop platform security control method based on multi-protocols reverse proxy | |
| CN102801538A (en) | Authentication and accounting method, device and system for local area network user, and network equipment | |
| CN103475491A (en) | Remote maintenance system which is logged in to safely without code and achieving method | |
| CN112929388A (en) | Network identity cross-device application rapid authentication method and system, and user agent device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20121128 |