CN102938715B - Based on off-line checking method and the equipment of MAC address authentication - Google Patents
Based on off-line checking method and the equipment of MAC address authentication Download PDFInfo
- Publication number
- CN102938715B CN102938715B CN201210512182.1A CN201210512182A CN102938715B CN 102938715 B CN102938715 B CN 102938715B CN 201210512182 A CN201210512182 A CN 201210512182A CN 102938715 B CN102938715 B CN 102938715B
- Authority
- CN
- China
- Prior art keywords
- user terminal
- mac address
- address
- state
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 230000032683 aging Effects 0.000 claims abstract description 12
- 238000001514 detection method Methods 0.000 claims description 26
- 238000012544 monitoring process Methods 0.000 claims description 4
- 230000004913 activation Effects 0.000 abstract 3
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Landscapes
- Small-Scale Networks (AREA)
Abstract
This application provides the off-line checking method based on MAC address authentication and equipment.Wherein, access device by after certification, performs following steps in the MAC Address of user terminal: bind the MAC Address of user terminal and IP address; When user terminal is in line states, if find that the MAC Address of user terminal is aging, then the state of described user terminal is updated to state of activation from presence; When user terminal is in state of activation, the message based on user terminal IP address is sent by the access interface of access user terminal, and detect the MAC Address whether learning to bind with user terminal IP address sending in the setting-up time after message, if, the state of described user terminal is updated to presence from state of activation, if not, force users terminal off-line.
Description
Technical Field
The present application relates to network communication technologies, and in particular, to an offline detection method and device based on MAC address authentication.
Background
The MAC address authentication is a MAC address authentication method for controlling the authority of a user for accessing a network based on a port and an MAC address, and the MAC address authentication of the user is started after an access device such as a switch detects the MAC address of the user for the first time without installing any terminal software by the user.
At present, the MAC address authentication is mainly divided into two modes:
mode 1, authentication is performed by a Remote Authentication Dial In User Service (RADIUS) server.
Mode 2, a local authentication mode is performed on the access device.
In the two MAC address authentication methods, two types of user name formats are supported: the MAC address user name uses the MAC address of the user as the user name and the password during authentication; the username is fixed and authenticated using a username and password pre-configured on the access device regardless of the value of the user's MAC address.
When the mode 1 is selected for MAC address authentication, the access device serves as an RADIUS terminal and is matched with an RADIUS server to complete MAC address authentication, and the method specifically comprises the following steps: when the MAC address user name is adopted, the access equipment sends the detected MAC address of the user to the RADIUS server for authentication as the user name and the password, when the fixed user name is adopted, the access equipment sends the locally configured user name and the password as the user name and the password of the user to be authenticated to the RADIUS server, the RADIUS server authenticates the received user name and the password, and the user passing the authentication can access the network.
When the mode 2 is selected for MAC address authentication, the access device directly completes authentication of the user locally, specifically: when the MAC address user name is adopted, the access equipment authenticates the detected MAC address of the user as the user name and the password, when the fixed user name is adopted, the access equipment authenticates the locally configured user name and the password of the user, and the user passing the authentication can access the network.
After the MAC address is authenticated, the access device further needs to perform MAC address offline detection based on MAC address authentication on the authenticated MAC address to determine whether the user with the MAC address is offline.
The MAC address offline detection based on MAC address authentication specifically includes: for the MAC address which passes the authentication, detecting whether an entry containing the MAC address exists in a learned MAC address table, if the entry containing the MAC address does not exist in the MAC address table, for example, the entry containing the MAC address is deleted from a local MAC address table because the aging time of the MAC address arrives, determining that the state of a user terminal (Client) with the MAC address is an Offline state (Offline), forcing the user terminal to be Offline, if the entry containing the MAC address exists in the MAC address table, detecting whether the MAC address is HIT (HIT), if so, determining that the state of the user terminal is an Online state (Online), if not, judging whether the state of the user terminal is a Semi-Offline state (Semi-Offline), if so, updating the state of the user terminal to the Offline state, forcing the user terminal to be Offline, if not, determining that the state of the user terminal is a semi-offline state. Fig. 1 shows a change in the state of a user terminal detected offline by a MAC address. Wherein, whether the MAC address is hit by the source specifically may include: after learning the MAC address, the access device records the MAC address into a local MAC address table, and periodically detects an aging state of the MAC address, and if a message with a source MAC address as the MAC address is not received in an aging period, it means that the MAC address is not hit by the source, and if a message with a source MAC address as the MAC address is received in an aging period, it means that the MAC address is hit by the source.
It can be seen from the above description that, in the existing MAC address offline detection, the access device itself is aged in the MAC address of the user terminal, or determines that the state of the user terminal is an offline state when the user terminal does not send a message for a certain time, and directly forces the user terminal to go offline, and meanwhile, deletes the access port accessed to the user terminal from the working VLAN of the user terminal, so that other user terminals cannot communicate with the user terminal forced to go offline. In application, for some dumb terminals like network printers, it is not in service or in the absence of specific events such as: when the UP/DOWN event of the port occurs, the message will not be sent out actively, so, by adopting the off-line detection of the existing MAC address, the access device will force the dummy terminal to go off-line directly, and the access port accessing the dummy terminal will be deleted from the working VLAN of the dummy terminal. In fact, a dumb terminal may currently simply have no traffic or no specific events such as: if the port UP/DOWN event is still in an online state, if the dumb terminal is forced to go offline according to the existing MAC address offline detection, on one hand, the dumb terminal cannot subsequently perform service with other user terminals, and on the other hand, the other terminals cannot communicate with the dumb terminal, that is, bidirectional deadlock of the dumb terminal is generated, which affects service functions.
Disclosure of Invention
The application provides an off-line detection method and device based on MAC address authentication, so as to avoid the problem caused by improper off-line of a user terminal and ensure the service function.
The technical scheme provided by the application comprises the following steps:
an off-line detection method based on MAC address authentication is disclosed, an access device executes the following steps after the MAC address of a user terminal passes the authentication:
binding the MAC address and the IP address of the user terminal;
when the user terminal is in an online state, if the MAC address of the user terminal is found to be aged, updating the state of the user terminal from the online state to an activated state;
when the user terminal is in an activated state, sending a message based on the IP address of the user terminal through an access port accessed to the user terminal, detecting whether an MAC address bound with the IP address of the user terminal is learned or not within set time after the message is sent, if so, updating the state of the user terminal from the activated state to an online state, and if not, forcing the user terminal to be offline.
An off-line detection method based on MAC address authentication is disclosed, an access device executes the following steps after the MAC address of a user terminal passes the authentication:
binding the MAC address and the IP address of the user terminal;
when the user terminal is in a semi-offline state, if the fact that the MAC address of the user terminal is not HIT by a source is detected, the state of the user terminal is updated from the semi-offline state to an activated state;
when the user terminal is in an activated state, sending a message based on the IP address of the user terminal through an access port accessed to the user terminal, detecting whether the MAC address bound with the IP address of the user terminal is hit by a source within a set time after the message is sent, if so, updating the state of the user terminal from the activated state to an online state, and if not, forcing the user terminal to be offline.
An access device applied to offline detection, comprising:
the first binding relation unit is used for storing the binding relation between the MAC address and the IP address of the user terminal;
a first state updating unit, configured to update a state of the user terminal from an online state to an active state if the user terminal is found to be currently in the online state but the MAC address of the user terminal is aged after the MAC address of the user terminal passes authentication;
the first off-line determining unit is used for sending a message based on the IP address of the user terminal through an access port accessed to the user terminal when the user terminal is in an activated state, detecting whether an MAC address bound with the IP address of the user terminal is learned or not within set time after the message is sent, if so, updating the state of the user terminal from the activated state to an on-line state, and if not, forcing the user terminal to be off-line.
An access device applied to offline detection, comprising:
the second binding relation unit is used for storing the binding relation between the MAC address and the IP address of the user terminal;
a second state updating unit, configured to update the state of the user terminal from a semi-offline state to an active state when detecting that the MAC address of the user terminal is not HIT by the source in the HIT state if the user terminal is found to be currently in the semi-offline state after the MAC address of the user terminal passes authentication;
and the second off-line determining unit is used for sending a message based on the IP address of the user terminal through an access port accessed to the user terminal when the user terminal is in an activated state, detecting whether the MAC address bound with the IP address of the user terminal is hit by a source within a set time after the message is sent, if so, updating the state of the user terminal from the activated state to an on-line state, and if not, forcing the user terminal to be off-line.
According to the technical scheme, when the MAC address of the user terminal is aged or the user terminal is in a semi-offline state and the MAC address of the user terminal is not hit by a source, the access equipment does not independently determine the user terminal with the MAC address to be offline, but detects the user state in a message sending mode, and determines whether the user terminal is offline or not according to a detection result.
Drawings
Fig. 1 shows a schematic diagram of a state change of a user terminal;
FIG. 2 is a flowchart of a method provided in embodiment 1 of the present invention;
FIG. 3 is a flowchart of a method provided in embodiment 2 of the present invention;
fig. 4 is a schematic diagram illustrating a state change of a ue according to an embodiment of the present invention;
FIG. 5 is a block diagram of an apparatus according to an embodiment of the present invention;
fig. 6 is a block diagram of another apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
The off-line detection method provided by the invention improves the existing MAC address off-line detection mechanism, and determines whether the user terminal is off-line or not by the cooperation of the access equipment and the user terminal instead of independently determining the user terminal off-line by the access equipment.
The process provided by the present invention is described below by way of two examples:
example 1:
referring to fig. 2, fig. 2 is a flowchart of a method provided in embodiment 1 of the present invention. After the MAC address of the user terminal is authenticated, as shown in fig. 2, the access device performs the following steps:
step 201, the access device binds the MAC address and the IP address of the user terminal.
In this embodiment 1, the access device may use any one of the following two ways to bind the MAC address and the IP address of the user terminal:
mode 1: the method 1 is simple, and is implemented by static configuration, specifically, a user manually configures a binding relationship between a MAC address and an IP address of a user terminal on an access device.
Mode 2: compared with the mode 1, the mode 2 is dynamically executed by the access device, specifically, the MAC address and the IP address of the user terminal are obtained by monitoring the message sent when the user terminal is in the online state, and the obtained MAC address and the IP address are bound; the manner in which the message is intercepted may depend on the ARP detection function and/or the DHCP snooping (Snoop) function, among others.
Step 202, when the user terminal is in the online state, if the access device finds that the MAC address of the user terminal is aged, the access device updates the state of the user terminal from the online state to an active state (Re-active).
The access device records each learned MAC address through the MAC address table, but each learned MAC address has certain aging time, and when the aging time of the MAC address arrives, the access device deletes the MAC address from the MAC address table. Based on this, in this step 202, when the access device does not find the MAC address of the user terminal in the local MAC address table, it determines that the MAC address of the user terminal is aged.
Step 203, when the user terminal is in the activated state, the access device sends a message based on the IP address of the user terminal through the access port of the access user terminal, and detects whether the MAC address bound with the IP address of the user terminal is learned within the set time after the message is sent, if so, the state of the user terminal is updated from the activated state to the online state, and if not, the user terminal is forced to be offline.
In this embodiment 1, the message based on the IP address of the user terminal may be an ARP request message. Of course, the present invention may also be other forms of messages responded by the dumb terminal, or one time event of the access port Down and Up actively triggering the access port of the dumb terminal, and the present invention is not limited in particular.
As can be seen from step 203, in this embodiment 1, when the ue is in the active state, the access device sends a message based on the IP address of the ue through the port of the access ue to detect whether the ue needs to go offline. Whether the access device is a dumb terminal such as a printer or other intelligent terminals, when receiving a message, the access device means that a service demand exists, if the service demand needs to be responded, the access device can send a response message, when the access device receives a message that a source MAC address is an MAC address bound with an IP address of a user terminal within a set time after sending the message, the access device indicates that the MAC address bound with the IP address of the user terminal is learned, and at the moment, the access device updates the state of the user terminal from an activated state to an online state so as to ensure the service demand of the user terminal; on the contrary, when the access device does not receive the message with the source MAC address being the MAC address bound to the IP address of the user terminal within the set time after sending the message, it indicates that the MAC address bound to the IP address of the user terminal is not learned, meaning that the user terminal may be offline, and at this time, the access device forces the user terminal to be offline, terminating the service requirement for the user terminal.
So far, the description of the flow shown in fig. 2 is completed.
It should be noted that, in this embodiment 1, to ensure that the ue reliably receives the message based on the IP address of the ue sent by the access device, the access device may further perform the following operations before forcing the ue to go offline in step 203: detecting whether the current times of sending the message based on the IP address of the user terminal reaches a set threshold value, for example, the set threshold value is 3, if so, executing the operation of forcing the user terminal to be offline, and if not, returning the operation of sending the message based on the IP address of the user terminal through a port accessed to the user terminal. The operation of returning to send the message through the port of the access user terminal may be performed at a certain time interval, for example, the time interval between two adjacent messages is 5 seconds.
Example 1 was described above, and example 2 was described below:
example 2:
referring to fig. 3, fig. 3 is a flowchart of a method provided in embodiment 2 of the present invention. After the MAC address of the user terminal is authenticated, as shown in fig. 3, the access device performs the following steps:
step 301 is the same as step 201 in embodiment 1, and is not described again.
Step 302, when the user terminal is in a semi-offline state, if it is detected that the MAC address of the user terminal is not hit by a source, the access device updates the state of the user terminal from the semi-offline state to an active state.
After learning the MAC address, the access device records the MAC address in a local MAC address table, and periodically detects an aging state of the MAC address, and if a message with a source MAC address as the MAC address is not received in an aging period, it means that the MAC address is not hit by the source, and if a message with a source MAC address as the MAC address is received in a period, it means that the MAC address is hit by the source, so that in step 302, if the MAC address of the user terminal happens to be in a state without being hit by the source, the state of the user terminal is updated from a semi-offline state to an active state, otherwise, if the MAC address of the user terminal happens to be in a state with being hit by the source, the state of the user terminal is updated from a semi-offline state to an online state.
Step 303, when the user terminal is in an activated state, the access device sends a message based on the IP address of the user terminal through the access port of the access user terminal, and detects whether the MAC address bound to the IP address of the user terminal is hit by a source within a set time after the message is sent, if so, the state of the user terminal is updated from the activated state to an online state, and if not, the user terminal is forced to be offline.
In this embodiment 2, the message based on the IP address of the user terminal may be an ARP request message as in embodiment 1. Of course, the present invention may also be other forms of messages responded by the dumb terminal, or one time event of the access port Down and Up actively triggering the access port of the dumb terminal, and the present invention is not limited in particular.
As can be seen from step 302, in this embodiment 2, when the ue is in the active state, the access device sends a message based on the IP address of the ue through the port of the access ue to detect whether the ue needs to go offline. Whether the access device is a dumb terminal such as a printer or other intelligent terminals, when receiving a message, the access device means that a service request exists, if the service request needs to be responded, the access device sends a response message, and when the access device receives a message that a source MAC address is an MAC address bound with an IP address of a user terminal within a set time after sending the message, the access device means that the MAC address bound with the IP address of the user terminal is hit by the source, and at the moment, the access device updates the state of the user terminal from an activated state to an online state so as to ensure the service request of the user terminal; otherwise, when the access device does not receive the message with the source MAC address being the MAC address bound to the IP address of the user terminal within the set time after sending the message, it indicates that the MAC address bound to the IP address of the user terminal is not hit by the source, which means that the user terminal may be offline, and at this time, the access device forces the user terminal to be offline, terminating the service requirement for the user terminal.
So far, the description of the flow shown in fig. 3 is completed.
It should be noted that, in this embodiment 2, to ensure that the ue reliably receives the message based on the IP address of the ue sent by the access device, the access device may further perform the following operations before forcing the ue to go offline in step 302: detecting whether the current times of sending the message based on the IP address of the user terminal reaches a set threshold, for example, the set threshold is 3, if so, executing the operation of forcing the user terminal to be offline, and if not, returning the operation of sending the message based on the IP address of the user terminal through an access port of the access user terminal. The operation of returning to send the message through the port of the access user terminal may be performed at a certain time interval, for example, the time interval between two adjacent messages is 5 seconds.
The description of embodiment 2 is completed so far. In order to distinguish the present offline detection mechanism from the prior offline detection mechanism, fig. 4 shows the state of the ue changing through the offline detection provided by the present invention.
The method provided by the present invention is described above, and the following describes the access device provided by the present invention:
referring to fig. 5, fig. 5 is a block diagram of an apparatus according to an embodiment of the present invention. The device is an access device applied to offline detection, and specifically performs the operation performed by the access device in embodiment 1.
As shown in fig. 5, the access device includes:
the first binding relation unit is used for storing the binding relation between the MAC address and the IP address of the user terminal;
a first state updating unit, configured to update a state of the user terminal from an online state to an active state if the user terminal is found to be currently in the online state but the MAC address of the user terminal is aged after the MAC address of the user terminal passes authentication;
the first off-line determining unit is used for sending a message based on the IP address of the user terminal through an access port accessed to the user terminal when the user terminal is in an activated state, detecting whether an MAC address bound with the IP address of the user terminal is learned or not within set time after the message is sent, if so, updating the state of the user terminal from the activated state to an on-line state, and if not, forcing the user terminal to be off-line.
In the present invention, the detecting, by the first offline determining unit, whether the MAC address bound to the IP address of the user terminal is learned within a set time after the message is sent includes:
when a message with a source MAC address being an MAC address bound with an IP address of a user terminal is received within a set time after the message is sent, determining to learn the MAC address bound with the IP address of the user terminal; and when the message of which the source MAC address is the MAC address bound with the IP address of the user terminal is not received within the set time after the message is sent, determining that the MAC address bound with the IP address of the user terminal is not learned.
In the invention, the binding relationship between the user terminal MAC address and the IP address stored in the first binding relationship unit can be configured statically, or the binding relationship unit acquires the MAC address and the IP address of the user terminal by monitoring the message sent when the user terminal is in an online state and binds the acquired MAC address and the IP address.
In the present invention, preferably, before forcing the user terminal to go offline, the first offline determining unit further detects whether the current number of times of sending the message based on the IP address of the user terminal reaches a set threshold, if so, executes the operation of forcing the user terminal to go offline, and if not, returns to the operation of sending the message based on the IP address of the user terminal through the access port of the access user terminal.
To this end, the description of the device structure shown in fig. 5 is completed.
The invention also provides another device structure diagram. Referring to fig. 6, fig. 6 is a block diagram of another apparatus according to an embodiment of the present invention. The device is an access device applied to offline detection, and specifically performs the operation performed by the access device in embodiment 2.
As shown in fig. 6, the access device includes:
the second binding relation unit is used for storing the binding relation between the MAC address and the IP address of the user terminal;
a second state updating unit, configured to update the state of the user terminal from a semi-offline state to an active state when detecting that the MAC address of the user terminal is not HIT by the source in the HIT state if the user terminal is found to be currently in the semi-offline state after the MAC address of the user terminal passes authentication;
and the second off-line determining unit is used for sending a message based on the IP address of the user terminal through an access port accessed to the user terminal when the user terminal is in an activated state, detecting whether the MAC address bound with the IP address of the user terminal is hit by a source within a set time after the message is sent, if so, updating the state of the user terminal from the activated state to an on-line state, and if not, forcing the user terminal to be off-line.
In the present invention, the MAC address of the user terminal is not hit by the source and is detected by the following steps:
periodically detecting the aging state of the MAC address, and if a message with a source MAC address as the MAC address is not received in a period, determining that the MAC address is not hit by a source;
the second offline determining unit detects whether the MAC address bound to the IP address of the user terminal is hit by a source within a set time after the message is sent, and includes: and if a message with the source MAC address being the MAC address bound with the IP address of the user terminal is received within the set time after the message is sent, determining that the MAC address bound with the IP address of the user terminal is hit by the source, otherwise determining that the MAC address bound with the IP address of the user terminal is not hit by the source.
In the invention, the binding relationship between the user terminal MAC address and the IP address stored in the second binding relationship unit can be configured statically, or the binding relationship unit acquires the MAC address and the IP address of the user terminal by monitoring the message sent when the user terminal is in an online state, and binds the acquired MAC address and the IP address.
In the present invention, preferably, before forcing the user terminal to go offline, the second offline determining unit further detects whether the number of times of currently sending the ARP request message based on the IP address of the user terminal reaches a set threshold, if so, executes the operation of forcing the user terminal to go offline, and if not, returns to the operation of sending the ARP request message based on the IP address of the user terminal through the port of the access user terminal.
To this end, the description of the device structure shown in fig. 6 is completed.
According to the technical scheme, when the MAC address is aged or the user terminal is in a semi-offline state and the MAC address is not hit by a source, the access equipment does not exclusively decide the user terminal with the MAC address to be offline, but detects the user state by sending a message and the like, and determines whether the user terminal is offline or not according to a detection result.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. An off-line detection method based on MAC address authentication is characterized in that an access device executes the following steps after the MAC address of a user terminal passes the authentication:
binding the MAC address and the IP address of the user terminal;
when the user terminal is in an online state, if the MAC address of the user terminal is found to be aged, updating the state of the user terminal from the online state to an activated state;
when the user terminal is in an activated state, sending a message based on the IP address of the user terminal through an access port accessed to the user terminal, detecting whether an MAC address bound with the IP address of the user terminal is learned or not within set time after the message is sent, if so, updating the state of the user terminal from the activated state to an online state, and if not, forcing the user terminal to be offline.
2. The method of claim 1, wherein detecting whether the MAC address bound to the IP address of the ue is learned within a set time after sending the message comprises:
when a message with a source MAC address being an MAC address bound with an IP address of a user terminal is received within a set time after the message is sent, determining to learn the MAC address bound with the IP address of the user terminal; and when the message of which the source MAC address is the MAC address bound with the IP address of the user terminal is not received within the set time after the message is sent, determining that the MAC address bound with the IP address of the user terminal is not learned.
3. An off-line detection method based on MAC address authentication is characterized in that an access device executes the following steps after the MAC address of a user terminal passes the authentication:
binding the MAC address and the IP address of the user terminal;
when the user terminal is in a semi-offline state, if the fact that the MAC address of the user terminal is not HIT by a source is detected, the state of the user terminal is updated from the semi-offline state to an activated state;
when the user terminal is in an activated state, sending a message based on the IP address of the user terminal through an access port accessed to the user terminal, detecting whether the MAC address bound with the IP address of the user terminal is hit by a source within a set time after the message is sent, if so, updating the state of the user terminal from the activated state to an online state, and if not, forcing the user terminal to be offline.
4. The method of claim 3, wherein the MAC address of the user terminal is not detected by a source hit by:
periodically detecting the aging state of the MAC address, and if a message with a source MAC address as the MAC address is not received in a period, determining that the MAC address is not hit by a source;
the detecting whether the MAC address bound with the IP address of the user terminal is hit by the source within the set time after the message is sent comprises: and if a message with the source MAC address being the MAC address bound with the IP address of the user terminal is received within the set time after the message is sent, determining that the MAC address bound with the IP address of the user terminal is hit by the source, otherwise determining that the MAC address bound with the IP address of the user terminal is not hit by the source.
5. The method of claim 1 or 3, wherein the binding the MAC address and the IP address of the user terminal by the access device comprises:
the access equipment acquires the MAC address and the IP address of the user terminal by monitoring a message sent by the user terminal when the user terminal is in an online state, and binds the acquired MAC address and the IP address; or,
the access equipment statically binds the MAC address and the IP address of the user terminal through configuration.
6. The method of claim 1 or 3, wherein the access device further comprises, before forcing the user terminal offline:
detecting whether the current times of sending the message based on the IP address of the user terminal reaches a set threshold value, if so, executing the operation of forcing the user terminal to be offline, and if not, returning the operation of sending the message based on the IP address of the user terminal through an access port of the access user terminal.
7. An access device for offline detection, the access device comprising:
the first binding relation unit is used for storing the binding relation between the MAC address and the IP address of the user terminal;
a first state updating unit, configured to update a state of the user terminal from an online state to an active state if the user terminal is found to be currently in the online state but the MAC address of the user terminal is aged after the MAC address of the user terminal passes authentication;
the first off-line determining unit is used for sending a message based on the IP address of the user terminal through an access port accessed to the user terminal when the user terminal is in an activated state, detecting whether an MAC address bound with the IP address of the user terminal is learned or not within set time after the message is sent, if so, updating the state of the user terminal from the activated state to an on-line state, and if not, forcing the user terminal to be off-line.
8. The access device of claim 7, wherein the first offline determining unit detects whether the MAC address bound to the IP address of the user terminal is learned within a set time after the message is sent by the first offline determining unit comprises:
when a message with a source MAC address being an MAC address bound with an IP address of a user terminal is received within a set time after the message is sent, determining to learn the MAC address bound with the IP address of the user terminal; and when the message of which the source MAC address is the MAC address bound with the IP address of the user terminal is not received within the set time after the message is sent, determining that the MAC address bound with the IP address of the user terminal is not learned.
9. An access device for offline detection, the access device comprising:
the second binding relation unit is used for storing the binding relation between the MAC address and the IP address of the user terminal;
a second state updating unit, configured to update the state of the user terminal from a semi-offline state to an active state when detecting that the MAC address of the user terminal is not HIT by the source in the HIT state if the user terminal is found to be currently in the semi-offline state after the MAC address of the user terminal passes authentication;
and the second off-line determining unit is used for sending a message based on the IP address of the user terminal through an access port accessed to the user terminal when the user terminal is in an activated state, detecting whether the MAC address bound with the IP address of the user terminal is hit by a source within a set time after the message is sent, if so, updating the state of the user terminal from the activated state to an on-line state, and if not, forcing the user terminal to be off-line.
10. The access device of claim 9, wherein the MAC address of the user terminal is not detected by a source hit by:
periodically detecting the aging state of the MAC address, and if a message with a source MAC address as the MAC address is not received in a period, determining that the MAC address is not hit by a source;
the second offline determining unit detects whether the MAC address bound to the IP address of the user terminal is hit by a source within a set time after the message is sent, and includes: and if a message with the source MAC address being the MAC address bound with the IP address of the user terminal is received within the set time after the message is sent, determining that the MAC address bound with the IP address of the user terminal is hit by the source, otherwise determining that the MAC address bound with the IP address of the user terminal is not hit by the source.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210512182.1A CN102938715B (en) | 2012-11-30 | 2012-11-30 | Based on off-line checking method and the equipment of MAC address authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210512182.1A CN102938715B (en) | 2012-11-30 | 2012-11-30 | Based on off-line checking method and the equipment of MAC address authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102938715A CN102938715A (en) | 2013-02-20 |
| CN102938715B true CN102938715B (en) | 2016-03-30 |
Family
ID=47697587
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210512182.1A Active CN102938715B (en) | 2012-11-30 | 2012-11-30 | Based on off-line checking method and the equipment of MAC address authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102938715B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107517138A (en) * | 2016-06-16 | 2017-12-26 | 中兴通讯股份有限公司 | Equipment detection method and device |
| CN107872391B (en) * | 2017-11-23 | 2021-06-18 | 锐捷网络股份有限公司 | Table entry updating method and device |
| CN108683660B (en) * | 2018-05-14 | 2020-09-08 | 杭州迪普科技股份有限公司 | MAC address authentication processing method and device |
| CN109067622A (en) * | 2018-09-29 | 2018-12-21 | 新华三技术有限公司 | State detection method, apparatus and network server |
| CN109005119B (en) * | 2018-09-29 | 2021-02-09 | 新华三技术有限公司合肥分公司 | Method for setting MAC address authentication offline detection time and switch |
| CN114531414A (en) * | 2022-01-07 | 2022-05-24 | 锐捷网络股份有限公司 | Terminal migration acceleration method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1571350A (en) * | 2003-07-11 | 2005-01-26 | 华为技术有限公司 | A method for triggering user terminal online via data message |
| CN101453447A (en) * | 2007-12-03 | 2009-06-10 | 华为技术有限公司 | Customer aging method for dynamic host configuration protocol DHCP and access equipment |
| CN101483676A (en) * | 2006-02-17 | 2009-07-15 | 华为技术有限公司 | Method for securing special line user access network |
-
2012
- 2012-11-30 CN CN201210512182.1A patent/CN102938715B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1571350A (en) * | 2003-07-11 | 2005-01-26 | 华为技术有限公司 | A method for triggering user terminal online via data message |
| CN101483676A (en) * | 2006-02-17 | 2009-07-15 | 华为技术有限公司 | Method for securing special line user access network |
| CN101453447A (en) * | 2007-12-03 | 2009-06-10 | 华为技术有限公司 | Customer aging method for dynamic host configuration protocol DHCP and access equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102938715A (en) | 2013-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102938715B (en) | Based on off-line checking method and the equipment of MAC address authentication | |
| CN102932785B (en) | Rapid authentication method, system and equipment of wireless local area network | |
| JP5364671B2 (en) | Terminal connection status management in network authentication | |
| EP2879419B1 (en) | Ipv6 address stateless auto-configuration system, data card, and implementation method thereof | |
| US9198206B2 (en) | Automatic connection method and apparatus between an automobile diagnostic device and a VCI device | |
| KR101587003B1 (en) | Apparatus and method for determining validity of wifi connection in wireless communication system | |
| US20110216646A1 (en) | Residential gateway for providing backup interface to external network | |
| CN103905579B (en) | The communication means of platform and terminal room, communication system, platform and relevant device | |
| CN101453495B (en) | Method, system and equipment for preventing authentication address resolution protocol information loss | |
| JP4851798B2 (en) | Wireless communication system, wireless LAN base station, and setting content confirmation / change method used therefor | |
| CN109413649B (en) | Access authentication method and device | |
| WO2015180292A1 (en) | Method and apparatus for detecting user network interface connectivity of virtual private network | |
| CN103249075B (en) | Access point (AP) fault detecting and recovering method and device | |
| CN101621802A (en) | Method, system and device for authenticating portal in wireless network | |
| EP3123762B1 (en) | Wlan access point which approves internet access only if quality of the radio link is sufficiently good | |
| WO2017215492A1 (en) | Device detection method and apparatus | |
| WO2011026358A1 (en) | Method and system for processing abnormal off-line for web authentication user | |
| CN109040295B (en) | Method and device for determining abnormal disconnection, terminal and storage medium | |
| CN101179515B (en) | Method and device for inhibiting black hole routing | |
| CN106452803B (en) | Method, system and device for realizing online charging | |
| JP6464931B2 (en) | COMMUNICATION DEVICE, COMMUNICATION METHOD, COMMUNICATION PROGRAM, AND COMMUNICATION SYSTEM | |
| EP2891299B1 (en) | Systems and methods for efficient remote security panel configuration and management | |
| CN103701837B (en) | A kind of point-to-point protocol dial on demand method and home gateway | |
| CN107332649B (en) | Off-line method of 802.1X client and 802.1X system | |
| CN106357840B (en) | Method and device for supporting port migration detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address |