CN103001890A - Network access control method - Google Patents
Network access control method Download PDFInfo
- Publication number
- CN103001890A CN103001890A CN2012105878297A CN201210587829A CN103001890A CN 103001890 A CN103001890 A CN 103001890A CN 2012105878297 A CN2012105878297 A CN 2012105878297A CN 201210587829 A CN201210587829 A CN 201210587829A CN 103001890 A CN103001890 A CN 103001890A
- Authority
- CN
- China
- Prior art keywords
- network
- application server
- client
- access control
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000013480 data collection Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000000903 blocking effect Effects 0.000 abstract description 2
- 238000013500 data storage Methods 0.000 abstract 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a network access control method which includes: defining a public address for each application server and storing the public addresses in a data storage device; setting a data table on each client side, wherein public addresses for the application servers and actual addresses of the application servers in a local area network are arranged in the data table; enabling a central server to designate an application server according to the preset strategy, to find out the public address of the designated application server from the data storage device and to transmit the public address to the client sides for transmitting requests, enabling the client sides to obtain the actual address of the designated application server according to the public addresses of the designated application servers and to visit the application servers. The network access control method has the advantages of combining a security and protection system network and an office network, improving safety of the integral network, controlling data exchanging between an inner network and an outer network and preventing a large number of data from appearing on a public network or an unrelated network and blocking the network.
Description
Technical field
The present invention relates to a kind of control method of supervisory control system, relate in particular to a kind of method for network access control.
Background technology
Existing safety-protection system is owing to adopted digital signal and web camera so that its demand to network is more and more higher, set up independently network so that data sharing is difficult as independent for safety-protection system, and need overlapping investment, as safety-protection system network and office network merging are easily caused potential safety hazard to office network, and because safety-protection system can produce a large amount of voice datas, easily cause office network to block up.
Summary of the invention
For the problems referred to above that existing safety-protection system network exists, now provide a kind of method for network access control that is intended to realize safety-protection system network and office network merging.
Concrete technical scheme is as follows:
A kind of method for network access control, be applied to be provided with the network of central server, comprise a plurality of local area network (LAN)s that are in different segment in the described network, comprise a plurality of work stations in each described local area network (LAN), each described local area network (LAN) is connected with described central server by transmitting switching equipment, a plurality of described work stations comprise some application servers and some clients, wherein, the public address that is used for described client-access for each application server definition one, one data memory device is set, stores the public address of every described application server in the described data memory device; Every described client is provided with a tables of data, is provided with public address and the actual address of every described application server in the local area network (LAN) of place of every described application server in the described tables of data; Described client is sent request to described central server when access occurs, described application server of policy assignments that described central server basis is preset and the public address that finds the described application server that is assigned in described data memory device are sent to the described client of the request of sending, described client obtains the actual address of the described application server that is assigned in the tables of data of self according to the public address of the described application server that is assigned, the actual address of the described application server that described client basis is assigned is accessed described application server.
Preferably, described forwarding switching equipment is router.
Preferably, described application server comprises for the media server of preserving audio frequency, video data.
Preferably, described data memory device is mainly formed by the computer that database software is installed.
Preferably, comprise in the described client that connecting rig camera gathers the data collection task station of audio frequency, video data and be used for implementing monitoring and the media work station of audio frequency, video playback.
Preferably, the described strategy that presets is, described central server will be in the described application server of the same network segment with the described client of filing a request or the described application server that will be in the immediate network segment of the described client network segment of living in of filing a request is assigned to the described client of filing a request.
Preferably, described application server public address and described actual address are all main by the IP(Internet Protocol Internet protocol that meets Internet protocol) address forms.
The beneficial effect of technique scheme is:
Realize that safety-protection system network and office network merge, client can only be accessed the fail safe that the application server of central server appointment has improved network integral body, by the conversion and control Intranet of public address and actual address and the exchanges data between outer net, by assigning with the application server of client same network segment or preventing that near the application server of the network segment mass data from appearing at Blocking Networks on public network or the incoherent local area network (LAN).
Description of drawings
Fig. 1 is the topology of networks schematic diagram that a kind of method for network access control of the present invention is suitable for.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments, but not as limiting to the invention.
As shown in Figure 1, a kind of method for network access control of the present invention, be applied to be provided with the network of central server, comprise a plurality of local area network (LAN)s that are in different segment in the network, comprise a plurality of work stations in each local area network (LAN), each local area network (LAN) is connected with central server by transmitting switching equipment, a plurality of work stations comprise some application servers and some clients, wherein, the public address that is used for client-access for each application server definition one, one data memory device is set, stores the public address of every application server in the data memory device; Every client is provided with a tables of data, is provided with public address and the actual address of every application server in the local area network (LAN) of place of every application server in the tables of data; Client is sent request to central server when access occurs, application server of policy assignments that the central server basis is preset and the public address that finds the application server that is assigned in data memory device are sent to the client of the request of sending, client obtains the actual address of the application server that is assigned, the actual address access application server of the application server that the client basis is assigned in the tables of data of self according to the public address of the application server that is assigned.
Technique scheme is by assigning the method for application server to improve the overall security of network by central server to client, and realized isolation between public network and the internal network by the conversion operations of public address and actual address, effectively control the exchanges data between public network and the internal network, further improved the fail safe of network.
On the technique scheme basis, further, transmit switching equipment and can adopt router.Router is to be widely used in the forwarding switching equipment that cross-network segment connects, and it can be selected and the setting route automatically according to the situation of channel, with optimal path, by front and back order transmitted signal, and safeguard simply, be easy to arrange, the auxiliary security means such as fire compartment wall can also be provided.
On the technique scheme basis, further, application server comprises for the media server of preserving audio frequency, video data.Media server can be distributed in each local area network (LAN), also can be connected in the network with central server peer.Certainly also can comprise the application server for other application of office network in the application server.
On the technique scheme basis, further, data memory device can mainly be formed by the computer that database software is installed.The computer operation that database is installed is convenient, and is compatible good, can adapt to different networks by changing network adapter.
On the technique scheme basis, further, comprise in the client that connecting rig camera gathers the data collection task station of audio frequency, video data and be used for implementing monitoring and the media work station of audio frequency, video playback.Certainly also can comprise the various work stations that are applied to office network in the work station.
On the technique scheme basis, further, preset that server centered by the strategy will be in the application server of the same network segment with the client of filing a request or the application server that will be in the immediate network segment of the client of the filing a request network segment of living in is assigned to the client of filing a request.Can prevent that by will or being assigned to client near the application server of the network segment with the client same network segment a large amount of audio frequency, video data from appearing in public network or the incoherent local area network (LAN), block as a large amount of audio frequency, video data to prevent network.
On the technique scheme basis, further, application server public address and actual address all can be mainly by the IP(Internet Protocol Internet protocols that meets Internet protocol) address forms.Internet protocol is used extensively, and is various for its network equipment that designs, and is easy to networking and implements, and is convenient to safeguard.
The above only is preferred embodiment of the present invention; be not so restriction embodiments of the present invention and protection range; to those skilled in the art; should recognize that being equal to that all utilizations specification of the present invention and diagramatic content done replace and the resulting scheme of apparent variation, all should be included in protection scope of the present invention.
Claims (7)
1. method for network access control, be applied to be provided with the network of central server, comprise a plurality of local area network (LAN)s that are in different segment in the described network, comprise a plurality of work stations in each described local area network (LAN), each described local area network (LAN) is connected with described central server by transmitting switching equipment, a plurality of described work stations comprise some application servers and some clients, it is characterized in that, the public address that is used for described client-access for each application server definition one, one data memory device is set, stores the public address of every described application server in the described data memory device; Every described client is provided with a tables of data, is provided with public address and the actual address of every described application server in the local area network (LAN) of place of every described application server in the described tables of data; Described client is sent request to described central server when access occurs, described application server of policy assignments that described central server basis is preset and the public address that finds the described application server that is assigned in described data memory device are sent to the described client of the request of sending, described client obtains the actual address of the described application server that is assigned in the tables of data of self according to the public address of the described application server that is assigned, the actual address of the described application server that described client basis is assigned is accessed described application server.
2. method for network access control as claimed in claim 1 is characterized in that described forwarding switching equipment is router.
3. method for network access control as claimed in claim 1 is characterized in that, described application server comprises for the media server of preserving audio frequency, video data.
4. method for network access control as claimed in claim 1 is characterized in that described data memory device is mainly formed by the computer that database software is installed.
5. method for network access control as claimed in claim 1 is characterized in that, comprises in the described client that connecting rig camera gathers the data collection task station of audio frequency, video data and be used for implementing monitoring and the media work station of audio frequency, video playback.
6. method for network access control as claimed in claim 1, it is characterized in that, the described strategy that presets is, described central server will be in the described application server of the same network segment with the described client of filing a request or the described application server that will be in the immediate network segment of the described client network segment of living in of filing a request is assigned to the described client of filing a request.
7. such as method for network access control as described in arbitrary among the claim 1-6, it is characterized in that described application server public address and described actual address are all mainly formed by the IP address that meets Internet protocol.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210587829.7A CN103001890B (en) | 2012-12-28 | 2012-12-28 | A kind of method for network access control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210587829.7A CN103001890B (en) | 2012-12-28 | 2012-12-28 | A kind of method for network access control |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103001890A true CN103001890A (en) | 2013-03-27 |
| CN103001890B CN103001890B (en) | 2016-06-29 |
Family
ID=47930043
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210587829.7A Expired - Fee Related CN103001890B (en) | 2012-12-28 | 2012-12-28 | A kind of method for network access control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103001890B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104378231A (en) * | 2014-11-06 | 2015-02-25 | 四川传世科技有限公司 | Control system and control method for enterprise wireless router |
| CN104580252A (en) * | 2015-01-29 | 2015-04-29 | 小米科技有限责任公司 | Network access control method and device |
| CN106790458A (en) * | 2016-12-08 | 2017-05-31 | Tcl集团股份有限公司 | A kind of Memcache data sharing methods and system across LAN |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1741536A (en) * | 2005-09-21 | 2006-03-01 | 烽火通信科技股份有限公司 | Method for combining network based on floating interface of CORBA |
| CN101197856A (en) * | 2007-12-27 | 2008-06-11 | 北京交通大学 | IP address space planning-free and private domain name access method in VPN network |
| CN101207626A (en) * | 2007-12-05 | 2008-06-25 | 中兴通讯股份有限公司 | Control protocol and corresponding remote video supervisory control system |
| CN102196009A (en) * | 2010-03-19 | 2011-09-21 | 华为软件技术有限公司 | Method for logging on network, server and client |
| WO2012001366A2 (en) * | 2010-06-30 | 2012-01-05 | British Telecommunications Public Limited Company | Wlan location services |
-
2012
- 2012-12-28 CN CN201210587829.7A patent/CN103001890B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1741536A (en) * | 2005-09-21 | 2006-03-01 | 烽火通信科技股份有限公司 | Method for combining network based on floating interface of CORBA |
| CN101207626A (en) * | 2007-12-05 | 2008-06-25 | 中兴通讯股份有限公司 | Control protocol and corresponding remote video supervisory control system |
| CN101197856A (en) * | 2007-12-27 | 2008-06-11 | 北京交通大学 | IP address space planning-free and private domain name access method in VPN network |
| CN102196009A (en) * | 2010-03-19 | 2011-09-21 | 华为软件技术有限公司 | Method for logging on network, server and client |
| WO2012001366A2 (en) * | 2010-06-30 | 2012-01-05 | British Telecommunications Public Limited Company | Wlan location services |
Non-Patent Citations (2)
| Title |
|---|
| 俞国锋 等: "多媒体网络视频数字监控系统", 《建筑电气》, vol. 26, no. 11, 30 November 2007 (2007-11-30) * |
| 李红英 等: "基于C/S结构的分布式数字视频监控系统的设计和实现", 《安防科技》, no. 4, 30 April 2007 (2007-04-30) * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104378231A (en) * | 2014-11-06 | 2015-02-25 | 四川传世科技有限公司 | Control system and control method for enterprise wireless router |
| CN104580252A (en) * | 2015-01-29 | 2015-04-29 | 小米科技有限责任公司 | Network access control method and device |
| CN104580252B (en) * | 2015-01-29 | 2018-03-20 | 小米科技有限责任公司 | Method for network access control and device |
| CN106790458A (en) * | 2016-12-08 | 2017-05-31 | Tcl集团股份有限公司 | A kind of Memcache data sharing methods and system across LAN |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103001890B (en) | 2016-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9167612B2 (en) | Minimal synchronized network operations | |
| EP3499815A1 (en) | Packet transmission | |
| WO2020248963A1 (en) | Method and apparatus for establishing end-to-end network connection, and network system | |
| CN104320267A (en) | ARP broadcast restraining system and method for achieving VxLAN based on SDN framework | |
| TW201541262A (en) | Method for virtual machine migration using software defined networking (SDN) | |
| CN101808107B (en) | Storage device and user communication method, device and system | |
| US10652142B2 (en) | SDN-based ARP implementation method and apparatus | |
| CN104618243A (en) | Routing method, device and system, and gateway scheduling method and device | |
| CN104980368A (en) | Bandwidth guarantee method and apparatus in software defined network (SDN) | |
| EP2218214B1 (en) | Network location service | |
| CN108134856A (en) | A kind of virtualization MAC Address anti-collision method and device based on network tree | |
| CN103167049B (en) | Demand assigned method for network address translation, equipment and system | |
| KR101786620B1 (en) | Method, apparatus and computer program for subnetting of software defined network | |
| CN103560962A (en) | Method for automatically updating host routing table entries of Ethernet switch and switch | |
| CN102664804B (en) | Method and system for achieving network bridge function of network equipment | |
| CN102984031A (en) | Method and device for allowing encoding equipment to be safely accessed to monitoring and control network | |
| CN101867586A (en) | Method and system for realizing cross network segment signaling interworking of videoconference system | |
| CN103001890A (en) | Network access control method | |
| CN102647360A (en) | Method and equipment for transmitting messages in VRRPE (virtual router redundancy protocol equilibrium) | |
| US9813159B2 (en) | Method for setting maintenance association MA, apparatus, and system | |
| CN103685610A (en) | Method for achieving Address Resolution Protocol (ARP) proxy | |
| CN102238040B (en) | Method for monitoring CE (Customer Edge router) and routing device | |
| CN102868615A (en) | Method and system for transmitting message among local area networks | |
| CN105847143A (en) | VRRP (virtual router redundancy protocol)-based load balancing method and system | |
| CN104917660A (en) | VLAN (virtual local area network) service division network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160629 |