CN102916826A - Method and device for controlling network access - Google Patents

Method and device for controlling network access Download PDF

Info

Publication number
CN102916826A
CN102916826A CN2011102184133A CN201110218413A CN102916826A CN 102916826 A CN102916826 A CN 102916826A CN 2011102184133 A CN2011102184133 A CN 2011102184133A CN 201110218413 A CN201110218413 A CN 201110218413A CN 102916826 A CN102916826 A CN 102916826A
Authority
CN
China
Prior art keywords
mac address
terminal
gateway
control
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011102184133A
Other languages
Chinese (zh)
Inventor
刘成天
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2011102184133A priority Critical patent/CN102916826A/en
Publication of CN102916826A publication Critical patent/CN102916826A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a device for controlling network access. The method includes that a gateway acquires an MAC (medium access control) address of a message transmitted by a terminal; and the gateway utilizes a preset strategy corresponding to the acquired MAC address to control the message to access a network according to a corresponding relation between the MAC address and the preset strategy, and the corresponding relation is configured in advanced. The method and the device have the advantage that reasonableness of network access of users is improved.

Description

The control method of network insertion and device
Technical field
The present invention relates to the communications field, in particular to a kind of control method and device of network insertion.
Background technology
Development along with network technology, the network user progressively increases, network has become key factor indispensable in people's life, work and the amusement, it has brought unprecedented useful help to people, but fast-developing Internet technology has also been brought great drawback, has especially affected teen-age physical and mental health and normal study.How effectively to control the subscriber equipment child's of family the network access authority especially under the gateway, limit the rights of using of its network service time and web application, become an extremely urgent problem.
To this problem, multiple solution has also appearred in industry at present, a kind of is that the green internet that provides of operator is professional, and this business utilizes the access device of operator that user's internet behavior is monitored, and provides normal online account number and green internet account number for the user.Professional merchant is used for the Web content that the restriction different user is accessed this limiter stage at the internet content of this side monitoring green internet account number access of access device.Although this method has solved the problem of different user authority, use simultaneously helplessly for a plurality of subscriber equipmenies, and should business generally all be paid service.Also have a kind of application software that can be installed on the terminal equipment, finish the control function that network uses, the method is for the difficult monitoring of keeper, and uses and have a lot of problems.
The problem that need to carry out in terminal the software setting for Network access control in the correlation technique not yet proposes effective solution at present.
Summary of the invention
Main purpose of the present invention is to provide a kind of control method and device of network insertion, to address the above problem at least.
According to an aspect of the present invention, provide a kind of control method of network insertion, having comprised: gateway obtains the media access control MAC address that terminal sends message; Gateway uses the predetermined policy control message access network corresponding with the MAC Address of obtaining according to pre-configured MAC Address and the corresponding relation of predetermined policy.
Preferably, gateway is according to pre-configured MAC Address and the corresponding relation of predetermined policy, use before the predetermined policy control message access network corresponding with the MAC Address of obtaining, also comprise: receive the keeper's of network input, configure the predetermined policy corresponding with the sign of terminal, wherein, sign comprises the MAC Address of terminal at least, and predetermined policy comprises: time strategy and filtering policy.
Preferably, gateway uses the predetermined policy corresponding with the MAC Address of obtaining to control the message access network to comprise: the state that gateway is determined terminal is the requirement that the on-line time of upper line states and terminal satisfies the corresponding time strategy of sign of terminal; Gateway uses filtering policy control message access network corresponding to MAC Address.
Preferably, the media access control MAC address that gateway obtains terminal transmission message comprises: gateway obtains the identification information of terminal, not in the situation of MAC Address of terminal at the identification information that obtains, obtain the MAC Address corresponding with identification information, wherein, identification information comprises: the IP address of terminal, host name (HostName) or MAC Address.
Preferably, gateway uses predetermined policy corresponding to MAC Address control message access network to comprise: the state that gateway is determined terminal does not satisfy the requirement of the corresponding time strategy of sign of terminal as the on-line time of down status or terminal; The corresponding filtering policy of sign of gateway deletion terminal.
Preferably, filtering policy comprises the filtration to one of following or its combination in any: the filtration of network layer interface, agreement, IP address, (URL) address, application layer unified resource location.
According to a further aspect in the invention, provide a kind of control device of network insertion, be applied to gateway, having comprised: the first acquisition module is used for obtaining the media access control MAC address that terminal sends message; Control module is used for according to pre-configured MAC Address and the corresponding relation of predetermined policy, uses the predetermined policy control message access network corresponding with the MAC Address of obtaining.
Preferably, said apparatus also comprises: receiver module is used for the keeper's of reception network input; Configuration module is used for the configuration predetermined policy corresponding with the sign of terminal, and wherein, sign comprises the MAC Address of terminal at least, and predetermined policy comprises: time strategy and filtering policy.
Preferably, control module comprises: the first determination module, the state that is used for determining terminal are the requirement that the on-line time of upper line states and terminal satisfies the corresponding time strategy of sign of terminal; Processing module is used for the filtering policy control message access network that uses MAC Address corresponding.
Preferably, said apparatus also comprises: the second acquisition module: the identification information that is used for obtaining terminal, or not in the situation of MAC Address of terminal at the identification information that obtains, obtain the MAC Address corresponding with identification information, wherein, identification information comprises: the IP address of terminal, host name (HostName) or MAC Address.
Preferably, control module comprises: the second determination module, the state that is used for determining terminal are the requirement that the on-line time of down status or terminal does not satisfy the corresponding time strategy of sign of terminal; Removing module is used for deleting the corresponding filtering policy of sign of terminal.
By the present invention, adopt gateway to obtain the media access control MAC address that terminal sends message; Gateway is according to pre-configured MAC Address and the corresponding relation of predetermined policy, use the predetermined policy control message access network corresponding with the MAC Address of obtaining, having solved in the correlation technique Network access control need to carry out equipment in terminal and install, the problem that cost compare is high, and then reached the effect of the validity that has improved Network access control.
Description of drawings
Accompanying drawing described herein is used to provide a further understanding of the present invention, consists of the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not consist of improper restriction of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart according to the control method of the network insertion of the embodiment of the invention;
Fig. 2 is the structured flowchart according to the control device of the network insertion of the embodiment of the invention;
Fig. 3 is the structured flowchart according to the control device of the preferred network insertion of the embodiment of the invention;
Fig. 4 is the group network system structural representation according to the embodiment of the invention;
Fig. 5 is the structured flowchart of realizing system according to the network using method of the embodiment of the invention; And
Fig. 6 is the flow chart that uses control method according to the network of the embodiment of the invention.
Embodiment
Hereinafter also describe in conjunction with the embodiments the present invention in detail with reference to accompanying drawing.Need to prove, in the situation that do not conflict, embodiment and the feature among the embodiment among the application can make up mutually.
The present embodiment provides a kind of control method of network insertion, and Fig. 1 is the flow chart according to the control method of the network insertion of the embodiment of the invention, comprises following step:
Step S102: gateway obtains the MAC Address that terminal sends message;
Step S104: gateway uses the predetermined policy control message access network corresponding with the MAC Address of obtaining according to pre-configured MAC Address and the corresponding relation of predetermined policy.
Pass through above-mentioned steps, gateway is according to the MAC Address of message and the corresponding relation of predetermined policy, in the gateway unification message is controlled access, avoided using in the correlation technique in terminal the software installation has been set, lowered the cost of Network access control, and can avoid the user to the paying of software application, improve user's experience.
In a preferred implementation, gateway is according to pre-configured MAC Address and the corresponding relation of predetermined policy, use before the predetermined policy control message access network corresponding with the MAC Address of obtaining, also comprise: receive the keeper's of network input, configure the predetermined policy corresponding with the sign of terminal, wherein, sign comprises the MAC Address of terminal at least, and predetermined policy comprises: time strategy and filtering policy.This arranges and can sign be configured according to keeper's input, so that the keeper can carry out policy control to Network access control according to demand, has improved the validity of Network access control.
When implementing, gateway uses the predetermined policy corresponding with the MAC Address of obtaining to control the message access network to comprise: the state that gateway is determined terminal is the requirement that the on-line time of upper line states and terminal satisfies the corresponding time strategy of sign of terminal; Gateway uses filtering policy control message access network corresponding to MAC Address.According to time strategy, filtering policy that user's on-line time is corresponding message is controlled, improved the efficient of Network access control.
When implementing, the media access control MAC address that gateway obtains terminal transmission message comprises: gateway obtains the identification information of terminal, not in the situation of MAC Address of terminal at the identification information that obtains, obtain the MAC Address corresponding with identification information, wherein, identification information comprises: the IP address of terminal, host name (HostName) or MAC Address.Pass through the preferred embodiment, when configuration, can come collocation strategy according to a plurality of signs (the IP address of terminal, host name (HostName) or MAC Address) of user, improved the flexibility of collocation strategy, but, in the process of the usage policy of reality, be to realize by strategy corresponding to MAC Address, owing to the unique corresponding terminal of MAC Address, improved the accuracy of Network access control.
In another preferred implementation, gateway uses predetermined policy corresponding to MAC Address control message access network to comprise: the state that gateway is determined terminal does not satisfy the requirement of the corresponding time strategy of sign of terminal as the on-line time of down status or terminal; The corresponding filtering policy of sign of gateway deletion terminal.The preferred embodiment is dynamically deleted the filtering policy of gateway kernel according to the time strategy of equipment, reduced the Kernel Filtering rule set, has lowered resource and time that the filtering rule inquiry takies, has improved the forwarding performance of gateway.
Preferably, filtering policy comprises the filtration to one of following or its combination in any: the filtration of network layer interface, agreement, IP address, (URL) address, application layer unified resource location.The preferred embodiment has realized respectively or has united filtration for network layer interface, agreement, IP address, (URL) address, application layer unified resource location, has improved the flexibility of filtering.
Need to prove, can in the computer system such as one group of computer executable instructions, carry out in the step shown in the flow chart of accompanying drawing, and, although there is shown logical order in flow process, but in some cases, can carry out step shown or that describe with the order that is different from herein.
In another embodiment, also provide a kind of control software of network insertion, this software be used for to be carried out the technical scheme that above-described embodiment and preferred embodiment are described.
In another embodiment, also provide a kind of storage medium, stored above-mentioned data transmission software in this storage medium, this storage medium includes but not limited to: CD, floppy disk, hard disk, scratch pad memory etc.
The embodiment of the invention also provides a kind of control device of network insertion, the control device of this network insertion can be used for realizing control method and the preferred implementation of above-mentioned network insertion, carried out explanation, repeat no more, the module that relates in the control of the below to this network insertion describes.As used below, the combination of software and/or the hardware of predetermined function can be realized in term " module ".Although the described system and method for following examples is preferably realized with software, hardware, perhaps the realization of the combination of software and hardware also may and be conceived.
Fig. 2 is the structured flowchart according to the control device of the network insertion of the embodiment of the invention, and this control device can be applied to gateway, and this device comprises, the first acquisition module 22 and control module 24, and the below is described in detail said structure.
The first acquisition module 22 is used for obtaining the media access control MAC address that terminal sends message; Control module 24 is connected to the first acquisition module 22, is used for according to pre-configured MAC Address and the corresponding relation of predetermined policy, uses predetermined policy control message access network corresponding to MAC Address that obtains with the first acquisition module 22.
Fig. 3 is the structured flowchart according to the control device of the preferred network insertion of the embodiment of the invention, as shown in Figure 3, this also comprises: receiver module 32, configuration module 34, the second acquisition modules 36, control module 24 comprises: the first determination module 242, processing module 244, the second determination module 246, removing module 248, the below is described in detail said structure.
Receiver module 32 is used for the keeper's of reception network input; Configuration module 34, be connected to receiver module 32, for the keeper's who uses receiver module 32 to receive the input configuration predetermined policy corresponding with the sign of terminal, wherein, sign comprises the MAC Address of terminal at least, and predetermined policy comprises: time strategy and filtering policy.
Preferably, control module 24 comprises: the first determination module 242, the state that is used for determining terminal are the requirement that the on-line time of upper line states and terminal satisfies the corresponding time strategy of sign of terminal; Processing module 244 is connected to the first determination module 242, is used for the first determination module 242 and determines to satisfy after the requirement of time strategy, uses filtering policy control message access network corresponding to MAC Address.
Preferably, said apparatus also comprises: the second acquisition module 36: the identification information that is used for obtaining terminal, or not in the situation of MAC Address of terminal at the identification information that obtains, obtain the MAC Address corresponding with identification information, wherein, identification information comprises: the IP address of terminal, host name (HostName) or MAC Address.
Preferably, control module 24 comprises: the second determination module 246, the state that is used for determining terminal are the requirement that the on-line time of down status or terminal does not satisfy the corresponding time strategy of sign of terminal; Removing module 248 is connected to the second determination module 246, is used for the second determination module 246 and determines when not satisfying the requiring of time strategy the corresponding filtering policy of sign of deletion terminal.
Describe below in conjunction with preferred embodiment, following preferred embodiment combines above-described embodiment and preferred implementation.
Preferred embodiment one
The present embodiment provides a kind of network to use control method, in the present embodiment, gateway management person is according to different terminal equipment, configure different filtering policys and time strategy, Terminal Equipment Identifier can be device IP, MAC or HostName, when message when equipment is transmitted, gateway obtains the source MAC that terminal equipment is message, judge whether that message meets the filtering policy rule of configuration, whether allow these message repeatings or abandon according to these strategy decisions, thereby the distinct device of finishing under the gateway has different network rights of using.
The network of the present embodiment uses control method to comprise the steps.
Step S2: administrator configurations user's time strategy and filtering policy.
Step S4: after this user reaches the standard grade, gateway changes into device mac address to the different identification unification of equipment, and tactful according to user's time, determine whether to add corresponding filtering policy to the network layer of gateway, if run to outside the time strategy, with the filtering policy of dynamically deleting the user and having added; In addition, if behind this user offline, delete simultaneously the filtering policy that the user has added.
Preferably, in order to realize that different user devices can carry out packet filtering according to different separately strategies, the present embodiment uses media access control (the Media Access Control of terminal equipment, referred to as MAC) address, procotol (Internet Protocol, referred to as IP) any one unique identification as the user in address or the host name (HostName), finish control to the user according to this sign.
Step S6: when terminal equipment (user) during by gateway access Internet, this gateway obtains the source MAC address information of user's message, judge whether this message meets user's filtering rule, according to these rules this message is processed, for example: transmit or abandon this message, thereby finish the control to the user network rights of using.
Method by the present embodiment, distinct device user under the gateway is had different time strategy and filtering rule, so that the network rights of using of the different access users of gateway management, the environment that does not need the limited subscriber terminal, need to any software be installed in the network user's terminal yet, as long as gateway management person is the different network usage policy of different user configuration, when these subscriber equipmenies use Internet by this gateway, the network strategy that will be controlled by administrator configurations, reach the effect that the distinct device user has the heterogeneous networks rights of using, thereby realized a kind of easy, quick and green internet management method easily.
Simultaneously, according to the time strategy of equipment and the filtering policy of upper down status dynamic load and deletion gateway kernel, reduce the Kernel Filtering rule set, thereby reduced resource and time that the filtering rule inquiry takies, greatly promoted the forwarding performance of gateway.
Preferred embodiment two
The present embodiment provides a kind of group network system structure, Fig. 4 is the group network system structural representation according to the embodiment of the invention, as shown in Figure 4, be connected with a plurality of terminal equipments under the gateway of the present embodiment (router device), gateway or router are the different filtering policy of each user device configuration and time strategy, therefore, all be subjected to the restriction of relative strategy by the equipment of this gateway accessing Internet, reached the purpose of control distinct device network rights of using.Wherein, the inner bay composition of gateway or router comprises as shown in Figure 5: Configuration Manager 502, and user management module 504, time management module 506, policy management module 508, data message filters 509, and the function of each module is as follows:
Configuration Manager 502 is used for the relative strategy of configuration different user devices, and keeper's this module in can logging in gateway is carried out the subscriber policy configuration, and time strategy and filtering policy are user's policy attributes;
User management module 504 detects the online user, IP, MAC or the unification of Hostname user ID is changed into this user's equipment MAC, notification strategy module User Status;
Time management module 506, the time that is used for the management different user is tactful, and notification strategy module time state;
Policy management module 508, be used for execution and the cancellation of managing and filtering strategy, (user is for reaching the standard grade and down status when the state of user or time changes, time is effective and disarmed state), all notify this module, the availability of this module User and time state is carried out corresponding filtering policy, when state is unavailable, the filtering policy that cancellation is corresponding;
Data message filters 509, and according to the filtering policy of policy management module configuration, the message that coupling enters when the match is successful, is carried out filter result; Data filtering comprises the filtrations such as agreement, port, IP address and URL address of message.
Configuration and the handling process of this invention are described below in conjunction with Fig. 6:
Step S602: at first, the keeper logs in gateway or router, be different user devices configuration different filtering policy and time strategy by Configuration Manager 502, customer equipment identification can be device IP, MAC or HostName, filtering policy comprises the filtration to network layer port, agreement, IP address or application layer URL address, time strategy support by weekly, every day, circulation setting hourly, after arranging successfully, notice user management module 504 and time management module 506 start the user time strategy.
Step S604: the message of user's going on line or off line is sent to user management module 504.For example: after subscriber equipment was reached the standard grade, user management module 504 was obtained user related information, and the user ID unifications such as IP, MAC or HostName are changed into equipment MAC, came the unique identification subscriber equipment with MAC Address.
Step S606: user management module 504 sends to time management module 506 with user message.For example: user management module 504 is user ID and this user reaches the standard grade, off-line state information notice policy management module 508, so that the validity of policy management module 508 verified users states and time state (user reaches the standard grade and the time is effective status in the setup times section), and so that from Configuration Manager 502, obtain filtering policy corresponding to user, carry out the filtering policy task: if state is effective, then carries out and add filtering policy; If state is invalid, then carry out deletion filtering policy task;
Step S608: time management module 506 sends to policy management module with time message.The switching that time management module 506 is effective and invalid according to time state, notification strategy administration module 508, the handling process of policy management module 508 is identical with step S606.
Step S610: policy management module 508 is carried out the operation of filtering policy, for example: the filtering policy that adds or delete packet filtering module 509, because the interpolation of filtering policy only all effectively just occurs in the situation in User Status and time state, so can greatly reduce the resource that the filtering rule match search of packet filtering module 509 takies, improve forward efficiency.
Step S612: the user accesses the Internet message and arrives packet filtering module 509.
Step S614: carry out filtering rule, packet filtering module 509 is mated the user filtering strategy of configuration one by one, after the match is successful, carry out the filtration behavior, if all it fails to match for All Policies, then packet filtering module 509 is not processed this message, directly transmits this message.
Pass through above-described embodiment, a kind of control method and device of network insertion are provided, have different time strategy and filtering rule by the distinct device user under the gateway, so that the network rights of using of the different access users of gateway management, the environment that does not need the limited subscriber terminal, need to any software be installed in the network user's terminal yet, as long as gateway management person is the different network usage policy of different user configuration, when these subscriber equipmenies use Internet by this gateway, the network strategy that will be controlled by administrator configurations, reach the effect that the distinct device user has the heterogeneous networks rights of using, thereby realized realizing easy to network control, fast and easily manage.Need to prove, these technique effects are not that above-mentioned all execution modes have, and some technique effect is that some preferred implementation just can obtain.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with general calculation element, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation elements form, alternatively, they can be realized with the executable program code of calculation element, carried out by calculation element thereby they can be stored in the storage device, perhaps they are made into respectively each integrated circuit modules, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (11)

1. the control method of a network insertion is characterized in that, comprising:
Gateway obtains the media access control MAC address that terminal sends message;
Described gateway uses the predetermined policy corresponding with the described MAC Address of obtaining to control described message access network according to pre-configured MAC Address and the corresponding relation of predetermined policy.
2. method according to claim 1 is characterized in that, described gateway uses the predetermined policy corresponding with the described MAC Address of obtaining to control before the described message access network according to pre-configured MAC Address and the corresponding relation of predetermined policy, also comprises:
Receive the keeper's of described network input, configure the described predetermined policy corresponding with the sign of described terminal, wherein, described sign comprises the MAC Address of described terminal at least, and described predetermined policy comprises: time strategy and filtering policy.
3. method according to claim 2 is characterized in that, the described gateway use predetermined policy corresponding with the described MAC Address of obtaining controlled described message access network and comprised:
The state that described gateway is determined described terminal is the requirement that the on-line time of upper line states and described terminal satisfies the corresponding time strategy of sign of described terminal;
Described gateway uses filtering policy corresponding to described MAC Address to control described message access network.
4. method according to claim 2, it is characterized in that, the media access control MAC address that gateway obtains terminal transmission message comprises: described gateway obtains the identification information of described terminal, not in the situation of MAC Address of described terminal at the described identification information that obtains, obtain the MAC Address corresponding with described identification information, wherein, described identification information comprises: IP address, host name HostName or the MAC Address of described terminal.
5. method according to claim 2 is characterized in that, described gateway uses predetermined policy corresponding to described MAC Address to control described message access network to comprise:
The state that described gateway is determined described terminal is the requirement that the on-line time of down status or described terminal does not satisfy the corresponding time strategy of sign of described terminal;
Described gateway is deleted the corresponding filtering policy of sign of described terminal.
6. method according to claim 2 is characterized in that, described filtering policy comprises the filtration to one of following or its combination in any: the filtration of network layer interface, agreement, Internet protocol IP address, URL address, application layer unified resource location.
7. the control device of a network insertion is applied to gateway, it is characterized in that, comprising:
The first acquisition module is used for obtaining the media access control MAC address that terminal sends message;
Control module is used for according to pre-configured MAC Address and the corresponding relation of predetermined policy, uses the predetermined policy corresponding with the described MAC Address of obtaining to control described message access network.
8. device according to claim 7 is characterized in that, also comprises:
Receiver module is for the keeper's who receives described network input;
Configuration module is used for the configuration described predetermined policy corresponding with the sign of described terminal, and wherein, described sign comprises the MAC Address of described terminal at least, and described predetermined policy comprises: time strategy and filtering policy.
9. device according to claim 8 is characterized in that, described control module comprises:
The first determination module, the state that is used for determining described terminal are the requirement that the on-line time of upper line states and described terminal satisfies the corresponding time strategy of sign of described terminal;
Processing module is used for using filtering policy corresponding to described MAC Address to control described message access network.
10. device according to claim 8, it is characterized in that, also comprise: the second acquisition module: the identification information that is used for obtaining described terminal, or not in the situation of MAC Address of described terminal at the described identification information that obtains, obtain the MAC Address corresponding with described identification information, wherein, described identification information comprises: IP address, host name HostName or the MAC Address of described terminal.
11. device according to claim 8 is characterized in that, described control module comprises:
The second determination module, the state that is used for determining described terminal are the requirement that the on-line time of down status or described terminal does not satisfy the corresponding time strategy of sign of described terminal;
Removing module is used for deleting the corresponding filtering policy of sign of described terminal.
CN2011102184133A 2011-08-01 2011-08-01 Method and device for controlling network access Pending CN102916826A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011102184133A CN102916826A (en) 2011-08-01 2011-08-01 Method and device for controlling network access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011102184133A CN102916826A (en) 2011-08-01 2011-08-01 Method and device for controlling network access

Publications (1)

Publication Number Publication Date
CN102916826A true CN102916826A (en) 2013-02-06

Family

ID=47615066

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011102184133A Pending CN102916826A (en) 2011-08-01 2011-08-01 Method and device for controlling network access

Country Status (1)

Country Link
CN (1) CN102916826A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105338130A (en) * 2015-11-17 2016-02-17 中国联合网络通信集团有限公司 Method, system and device for configuring isolation area pointing address
CN106059802A (en) * 2016-05-25 2016-10-26 杭州华三通信技术有限公司 Terminal access authentication method and device
CN108833136A (en) * 2018-05-11 2018-11-16 上海康斐信息技术有限公司 A kind of setting method and gateway of surf time
CN110620729A (en) * 2019-10-25 2019-12-27 新华三信息安全技术有限公司 Message forwarding method and device and message forwarding equipment
CN111277590A (en) * 2020-01-19 2020-06-12 深信服科技股份有限公司 Device information screening method, firewall device, network device and storage medium
CN111988293A (en) * 2020-08-10 2020-11-24 广州通达汽车电气股份有限公司 Method, device, equipment and storage medium for filtering domain name of vehicle-mounted router
CN112202750A (en) * 2020-09-25 2021-01-08 统信软件技术有限公司 Control method for policy execution, policy execution system and computing device
CN114338438A (en) * 2021-12-02 2022-04-12 中国联合网络通信集团有限公司 Management method, system storage medium and device for internet surfing behavior
CN115277400A (en) * 2022-07-15 2022-11-01 浪潮思科网络科技有限公司 Terminal network access method, equipment and medium based on campus network environment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1398939A1 (en) * 2002-09-05 2004-03-17 Alcatel Method and server for allocating network resources to a terminal using terminal type differentiation
CN101414940A (en) * 2007-10-16 2009-04-22 华为技术有限公司 Method for establishing Ethernet business, net element equipment and network system
CN101674268A (en) * 2009-09-25 2010-03-17 中兴通讯股份有限公司 Internet access control device and method and gateway thereof
CN101909298A (en) * 2010-07-15 2010-12-08 优视科技有限公司 Secure access control method and device for wireless network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1398939A1 (en) * 2002-09-05 2004-03-17 Alcatel Method and server for allocating network resources to a terminal using terminal type differentiation
CN101414940A (en) * 2007-10-16 2009-04-22 华为技术有限公司 Method for establishing Ethernet business, net element equipment and network system
CN101674268A (en) * 2009-09-25 2010-03-17 中兴通讯股份有限公司 Internet access control device and method and gateway thereof
CN101909298A (en) * 2010-07-15 2010-12-08 优视科技有限公司 Secure access control method and device for wireless network

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105338130B (en) * 2015-11-17 2018-06-01 中国联合网络通信集团有限公司 It is directed toward the method and system and device of address in configuration isolation area
CN105338130A (en) * 2015-11-17 2016-02-17 中国联合网络通信集团有限公司 Method, system and device for configuring isolation area pointing address
CN106059802A (en) * 2016-05-25 2016-10-26 杭州华三通信技术有限公司 Terminal access authentication method and device
CN106059802B (en) * 2016-05-25 2020-11-27 新华三技术有限公司 Terminal access authentication method and device
CN108833136A (en) * 2018-05-11 2018-11-16 上海康斐信息技术有限公司 A kind of setting method and gateway of surf time
CN110620729A (en) * 2019-10-25 2019-12-27 新华三信息安全技术有限公司 Message forwarding method and device and message forwarding equipment
CN111277590B (en) * 2020-01-19 2022-06-21 深信服科技股份有限公司 Device information screening method, firewall device, network device and storage medium
CN111277590A (en) * 2020-01-19 2020-06-12 深信服科技股份有限公司 Device information screening method, firewall device, network device and storage medium
CN111988293A (en) * 2020-08-10 2020-11-24 广州通达汽车电气股份有限公司 Method, device, equipment and storage medium for filtering domain name of vehicle-mounted router
CN112202750A (en) * 2020-09-25 2021-01-08 统信软件技术有限公司 Control method for policy execution, policy execution system and computing device
CN112202750B (en) * 2020-09-25 2023-01-24 统信软件技术有限公司 Control method for policy execution, policy execution system and computing device
CN114338438A (en) * 2021-12-02 2022-04-12 中国联合网络通信集团有限公司 Management method, system storage medium and device for internet surfing behavior
CN114338438B (en) * 2021-12-02 2023-07-28 中国联合网络通信集团有限公司 Internet surfing behavior management method, system storage medium and equipment
CN115277400A (en) * 2022-07-15 2022-11-01 浪潮思科网络科技有限公司 Terminal network access method, equipment and medium based on campus network environment

Similar Documents

Publication Publication Date Title
CN102916826A (en) Method and device for controlling network access
CN102025535B (en) Virtual machine management method and device and network equipment
CN100464518C (en) Green internet-accessing system based on concentrated management and dictributed control, and method therefor
CN102025798B (en) Address allocation processing method, device and system
EP2947907B1 (en) Startup configuration method in base station, base station and server
CN101141304B (en) Management method and equipment of ACL regulation
RU2270531C2 (en) System and method for using ip-address as an identifier of wireless device
CN102724189B (en) A kind of method and device controlling user URL access
CN101330531A (en) Method for processing DHCP address allocation and DHCP relay
CN101771723A (en) Data synchronization method
CN112099913B (en) Method for realizing virtual machine security isolation based on OpenStack
CN105939267B (en) Outband management method and device
CN102045379B (en) Method and system for IP storage and storage equipment
JP2006261827A (en) Network apparatus, management apparatus thereof, network connection method, and network connection management method thereof
CN103501338B (en) A kind of lock restoration methods, equipment and NFS
US20060193330A1 (en) Communication apparatus, router apparatus, communication method and computer program product
CN101729310A (en) Method and system for realizing business monitor and information acquisition equipment
JP2012070225A (en) Network relay device and transfer control system
CN105681352B (en) A kind of wireless network access safety management-control method and system
CN105468684B (en) Filtering sensitive words system and its communication means
CN114978563B (en) Method and device for blocking IP address
WO2018113633A1 (en) Packet forwarding method, packet forwarding controller, bras, and computer storage medium
CN105227455A (en) A kind of method and system of batch user web authentication active-standby switch
EP3435615B1 (en) Network service implementation method, service controller, and communication system
CN103596649A (en) Method, equipment and system for communication in virtual local area network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20130206