CN103001890B - A kind of method for network access control - Google Patents
A kind of method for network access control Download PDFInfo
- Publication number
- CN103001890B CN103001890B CN201210587829.7A CN201210587829A CN103001890B CN 103001890 B CN103001890 B CN 103001890B CN 201210587829 A CN201210587829 A CN 201210587829A CN 103001890 B CN103001890 B CN 103001890B
- Authority
- CN
- China
- Prior art keywords
- application server
- network
- data
- client
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a kind of method for network access control, wherein, define a public address for each application server and be stored in data memory device;Every client is provided with a tables of data, tables of data is provided with the public address of every application server and every application server in actual address in a local network, central server is according to one application server of policy assignments preset and finds the public address of the application server being assigned in data memory device and is sent to the client of the request of sending, and client obtains the actual address access application server of the application server being assigned according to the public address of the application server being assigned in the tables of data of self.Its technical scheme provides the benefit that: realizes safety-protection system network and merges with office network, improves the safety that network is overall, controls data exchange between Intranet and outer net, it is prevented that mass data occurs in Blocking Networks on public network or incoherent LAN.<!--1-->
Description
Technical field
The present invention relates to a kind of control method monitoring system, particularly relate to a kind of method for network access control.
Background technology
Existing safety-protection system makes it that demand of network is more and more higher owing to have employed digital signal and web camera, set up independent network for safety-protection system make data sharing difficulty as independent, and need overlapping investment, easily office network is caused potential safety hazard as merged with office network by safety-protection system network, and owing to safety-protection system can produce a large amount of voice data, easily cause office network and block up.
Summary of the invention
For the problems referred to above that existing safety-protection system network exists, now provide a kind of and aim at the method for network access control that safety-protection system network merges with office network.
Concrete technical scheme is as follows:
A kind of method for network access control, it is applied to be provided with the network of central server, described network includes multiple LAN being in different segment, each described LAN includes multiple work station, each described LAN is connected with described central server by forwarding switching equipment, multiple described work stations include some application servers and some clients, wherein, a public address being used for described client-access is defined for each application server, one data memory device is set, described data memory device stores the public address of every described application server;Every described client is provided with a tables of data, described tables of data is provided with the public address of every described application server and every described application server in actual address in a local network;In time accessing generation, described client sends request to described central server, described central server is according to one the described application server of policy assignments preset and finds the public address of the described application server being assigned in described data memory device and is sent to the described client of the request of sending, described client obtains the actual address of the described application server being assigned according to the public address of the described application server being assigned in the tables of data of self, described client accesses described application server according to the actual address of the described application server being assigned.
Preferably, described forwarding switching equipment is router.
Preferably, described application server includes the media server for preserving audio frequency, video data.
Preferably, described data memory device is mainly formed by the computer being provided with database software.
Preferably, described client include connecting CCTV camera gather audio frequency, video data data collection task station and for the media work station of implementing monitoring and audio frequency, video playback.
Preferably, described preset strategy is, described central server will be in the described application server of the same network segment or the described application server of the immediate network segment of the network segment residing for the described client being in and file a request is assigned to the described client filed a request with the described client filed a request.
Preferably, described application server public address and described actual address are all main by the IP(InternetProtocol Internet protocol meeting Internet protocol) address formed.
Technique scheme provides the benefit that:
Realize safety-protection system network to merge with office network, client can only access the application server that central server specifies and improve the safety that network is overall, exchanged by data between the conversion and control Intranet of public address and actual address and outer net, by assigning application server with client same network segment or being closer to the application server of the network segment and prevent mass data from occurring in Blocking Networks on public network or incoherent LAN.
Accompanying drawing explanation
Fig. 1 is the topology of networks schematic diagram that a kind of method for network access control of the present invention is suitable for.
Detailed description of the invention
Below in conjunction with the drawings and specific embodiments, the invention will be further described, but not as limiting to the invention.
As shown in Figure 1, one method for network access control of the present invention, it is applied to be provided with the network of central server, network includes multiple LAN being in different segment, each LAN includes multiple work station, each LAN is connected with central server by forwarding switching equipment, multiple work stations include some application servers and some clients, wherein, a public address being used for client-access is defined for each application server, one data memory device is set, data memory device stores the public address of every application server;Every client is provided with a tables of data, tables of data is provided with the public address of every application server and every application server in actual address in a local network;In time accessing generation, client sends request to central server, central server is according to one application server of policy assignments preset and finds the public address of the application server being assigned in data memory device and is sent to the client of the request of sending, client obtains the actual address of the application server being assigned according to the public address of the application server being assigned in the tables of data of self, and client accesses application server according to the actual address of the application server being assigned.
Technique scheme is by being assigned the method for application server to improve the overall security of network by central server to client, and achieve the isolation between public network and internal network by the conversion operation of public address and actual address, it is effectively controlled the data exchange between public network and internal network, further increases the safety of network.
On technique scheme basis, further, switching equipment is forwarded can to adopt router.Router is widely used in the forwarding switching equipment that cross-network segment connects, and it can automatically select according to the situation of channel and set route, with optimal path, sends signal by tandem, and safeguards simple, it is easy to arrange, it is also possible to provide the auxiliary security means such as fire wall.
On technique scheme basis, further, application server includes the media server for preserving audio frequency, video data.Media server can be distributed in each LAN, it is also possible to is connected in the network at the same level with central server.Certain application server can also include for the application server of other application in office network.
On technique scheme basis, further, data memory device can mainly be formed by the computer being provided with database software.The computer operation being provided with data base is convenient, compatible good, can pass through to change network adapter and adapt to different networks.
On technique scheme basis, further, client include connecting CCTV camera gather audio frequency, video data data collection task station and for the media work station of implementing monitoring and audio frequency, video playback.Certain work station may also include the various work stations being applied to office network.
On technique scheme basis, further, centered by preset strategy, server will be in the application server of the same network segment or the application server of the immediate network segment of the network segment residing for the client being in and file a request be assigned to the client filed a request with the client filed a request.By by with client same network segment or be closer to the application server of the network segment and be assigned to client and can prevent a large amount of audio frequency, video data from occurring in public network or incoherent LAN, to prevent network be a large amount of audio frequency, video data blocks.
On technique scheme basis, further, application server public address and actual address all can mainly by the IP(InternetProtocol Internet protocols meeting Internet protocol) address formed.Internet protocol uses extensively, various for its network equipment designed, it is easy to networking is implemented, it is simple to safeguard.
The foregoing is only preferred embodiment of the present invention; not thereby restriction embodiments of the present invention and protection domain; to those skilled in the art; the equivalent replacement done by all utilizations description of the present invention and diagramatic content and the obtained scheme of apparent change should be can appreciate that, all should be included in protection scope of the present invention.
Claims (6)
1. a method for network access control, it is applied to be provided with the network of central server, described network includes multiple LAN being in different segment, each described LAN includes multiple work station, each described LAN is connected with described central server by forwarding switching equipment, multiple described work stations include some application servers and some clients, it is characterised in that define a public address being used for described client-access for each application server;One data memory device is set, described data memory device stores the public address of every described application server;Every described client is provided with a tables of data, described tables of data is provided with the public address of every described application server and every described application server in actual address in a local network;In time accessing generation, described client sends request to described central server, described central server is according to one the described application server of policy assignments preset and finds the public address of the described application server being assigned in described data memory device and is sent to the described client of the request of sending, described client obtains the actual address of the described application server being assigned according to the public address of the described application server being assigned in the tables of data of self, described client accesses described application server according to the actual address of the described application server being assigned;
Described client include connecting CCTV camera gather audio frequency, video data data collection task station, for implementing monitoring and audio frequency, the media work station of video playback be applied to the work station of office network.
2. method for network access control as claimed in claim 1, it is characterised in that described forwarding switching equipment is router.
3. method for network access control as claimed in claim 1, it is characterised in that described application server includes the media server for preserving audio frequency, video data.
4. method for network access control as claimed in claim 1, it is characterised in that described data memory device is mainly formed by the computer being provided with database software.
5. method for network access control as claimed in claim 1, it is characterized in that, described strategy is, described central server will be in the described application server of the same network segment or the described application server of the immediate network segment of the network segment residing for the described client being in and file a request is assigned to the described client filed a request with the described client filed a request.
6. method for network access control as described in arbitrary in claim 1-5, it is characterised in that described application server public address and described actual address are all mainly formed by the IP address meeting Internet protocol.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210587829.7A CN103001890B (en) | 2012-12-28 | 2012-12-28 | A kind of method for network access control |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210587829.7A CN103001890B (en) | 2012-12-28 | 2012-12-28 | A kind of method for network access control |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103001890A CN103001890A (en) | 2013-03-27 |
CN103001890B true CN103001890B (en) | 2016-06-29 |
Family
ID=47930043
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210587829.7A Active CN103001890B (en) | 2012-12-28 | 2012-12-28 | A kind of method for network access control |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103001890B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104378231A (en) * | 2014-11-06 | 2015-02-25 | 四川传世科技有限公司 | Control system and control method for enterprise wireless router |
CN104580252B (en) * | 2015-01-29 | 2018-03-20 | 小米科技有限责任公司 | Method for network access control and device |
CN106790458B (en) * | 2016-12-08 | 2021-05-18 | Tcl科技集团股份有限公司 | Cross-local area network Memcache data sharing method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1741536A (en) * | 2005-09-21 | 2006-03-01 | 烽火通信科技股份有限公司 | Method for combining network based on floating interface of CORBA |
CN101197856A (en) * | 2007-12-27 | 2008-06-11 | 北京交通大学 | IP address space planning-free and private domain name access method in VPN network |
CN101207626A (en) * | 2007-12-05 | 2008-06-25 | 中兴通讯股份有限公司 | Control protocol and corresponding remote video supervisory control system |
CN102196009A (en) * | 2010-03-19 | 2011-09-21 | 华为软件技术有限公司 | Method for logging on network, server and client |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012001366A2 (en) * | 2010-06-30 | 2012-01-05 | British Telecommunications Public Limited Company | Wlan location services |
-
2012
- 2012-12-28 CN CN201210587829.7A patent/CN103001890B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1741536A (en) * | 2005-09-21 | 2006-03-01 | 烽火通信科技股份有限公司 | Method for combining network based on floating interface of CORBA |
CN101207626A (en) * | 2007-12-05 | 2008-06-25 | 中兴通讯股份有限公司 | Control protocol and corresponding remote video supervisory control system |
CN101197856A (en) * | 2007-12-27 | 2008-06-11 | 北京交通大学 | IP address space planning-free and private domain name access method in VPN network |
CN102196009A (en) * | 2010-03-19 | 2011-09-21 | 华为软件技术有限公司 | Method for logging on network, server and client |
Non-Patent Citations (2)
Title |
---|
基于C/S结构的分布式数字视频监控系统的设计和实现;李红英 等;《安防科技》;20070430(第4期);第38-40页、第78页 * |
多媒体网络视频数字监控系统;俞国锋 等;《建筑电气》;20071130;第26卷(第11期);第53-60页 * |
Also Published As
Publication number | Publication date |
---|---|
CN103001890A (en) | 2013-03-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20150309818A1 (en) | Method of virtual machine migration using software defined networking | |
CN109391614B (en) | Method and device for calling monitoring data based on video network | |
CN104468625B (en) | Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials | |
CN104601959A (en) | Video monitoring system and method for rapidly accessing web camera | |
EP3032859A1 (en) | Access control method and system, and access point | |
CN102984031B (en) | Method and device for allowing encoding equipment to be safely accessed to monitoring and control network | |
CN103944867A (en) | Dynamic host configuration protocol (DHCP) message processing method, device and system | |
KR101358775B1 (en) | User access method, system, and access server, access device | |
KR101786620B1 (en) | Method, apparatus and computer program for subnetting of software defined network | |
EP2959397A1 (en) | Ip reflection | |
CN102916897A (en) | Method and equipment for realizing VRRP load sharing | |
CN104980368A (en) | Bandwidth guarantee method and apparatus in software defined network (SDN) | |
CN103001890B (en) | A kind of method for network access control | |
CN110581975A (en) | Conference terminal updating method and video networking system | |
KR101710385B1 (en) | Method, apparatus and computer program for managing arp packet | |
CN101808107A (en) | Storage device and user communication method, device and system | |
CN102664804B (en) | Method and system for achieving network bridge function of network equipment | |
JP2012533959A (en) | Effective host management protocol for multicast routers | |
CN106254267B (en) | Data forwarding path adjusting method and gateway equipment | |
CN108965219B (en) | Data processing method and device based on video network | |
CN103595789B (en) | A kind of wireless security electric power file sharing devices based on WIFI | |
CN108989896B (en) | Video-on-demand request processing method and device | |
CN104917660A (en) | VLAN (virtual local area network) service division network | |
CN112968879B (en) | Method and equipment for realizing firewall management | |
CN109905363B (en) | Network disk access method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |