CN103220378A - Reporting method and equipment of unified certificated user IP (Internet Protocol) - Google Patents
Reporting method and equipment of unified certificated user IP (Internet Protocol) Download PDFInfo
- Publication number
- CN103220378A CN103220378A CN2013101575020A CN201310157502A CN103220378A CN 103220378 A CN103220378 A CN 103220378A CN 2013101575020 A CN2013101575020 A CN 2013101575020A CN 201310157502 A CN201310157502 A CN 201310157502A CN 103220378 A CN103220378 A CN 103220378A
- Authority
- CN
- China
- Prior art keywords
- address
- message
- source mac
- class
- matched rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a reporting method and equipment of unified certificated user IP (Internet Protocol). The reporting method and equipment are applied to NAS (Net Access Server) equipment. The reporting method comprises the following steps that: after unified certificated users are successfully on line, a forwarding chip receives an unified certification message sent by a Radius (Remote Authentication Dial In User Service) server, wherein the unified certification message carries a correspondence between a user source MAC (Media Access Control) address and a first-class IP address; the forwarding chip reports the user source MAC address and the first-class IP address in the unified certification message to a CPU (Central Processing Unit); the CPU issues a first message matching rule for matching the user source MAC address and a second-class IP address to the forwarding chip according to the content of the unified certification message; matching messages containing the user source MAC address and the second-class IP address according to the first message matching rule, the forwarding chip reports the matched messages to the CPU and sets the first message matching rule as ineffectiveness; and the CPU sends a request message to the Radius server, wherein the request message carries a correspondence between user address information and the second-class IP address, and IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) addresses are simultaneously displayed.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of report method and equipment of unified certification User IP.
Background technology
In prior art, the Portal(door) management function that can provide convenience for operator of business, portal website can carry out the business of advertisement, community service, personalization etc., makes bandwidth operator, equipment supplier and content and service provider form an industrial ecosystem.Along with the increased popularity of IPv6 business, much insert the user and can use IPv4, IPv6 address simultaneously, obtain better experience in order to make the user, the notion of unified certification has appearred.Unified certification is meant uses IPv4 simultaneously, the user of the two stacks of IPv6, if the Portal authentication has been passed through in user's IPv4 address, the address of IPv6 authenticates with regard to not needing so, directly just can pass through, and vice versa.As shown in Figure 1, be Portal and Radius(Remote Authentication Dial In User Service, remote authentication dial-in user's service) the mutual flow chart of equipment room.
In above-mentioned Portal identifying procedure figure, when carrying out unified certification, the Radius server is only known IPv4 or the IPv6 address that authenticates, though and another flow that does not pass through the IP address of authentication also can pass through NAS(Net Access Server, network access server) equipment, but the information that does not have this IP address on this Radius server promptly can't realize showing in IPv4, the IPv6 address on this server, has also caused inconvenience to management.
Summary of the invention
The purpose of the embodiment of the invention is to provide method, equipment and the system of message transmission, can't be implemented in the problem that shows IPv4, IPv6 address on the Radius server simultaneously to solve in the prior art.
In order to achieve the above object, the embodiment of the invention provides a kind of report method of unified certification User IP, and described method is applied to comprise in the network access server NAS equipment:
After the user of unified certification reached the standard grade success, forwarding chip receiving remote checking dial-in customer served the unified certification message that the Radius server sends, and carries the corresponding relation of user source MAC Address and first kind IP address in the described unified certification message;
Described forwarding chip is with user source MAC Address in the described unified certification message and first kind IP reporting address CPU;
Described CPU issues the first message matched rule of the match user source MAC and the second class IP address to described forwarding chip according to the content of described unified certification message;
When forwarding chip matches the message that comprises the user source MAC Address and the second class IP address according to the described first message matched rule, with the coupling message reporting CPU, and the described first message matched rule is set to invalid;
Described CPU sends request message to the Radius server, has carried the corresponding relation of the station address information and the second class IP address in the described request message.
Preferably, described message reporting CPU with coupling specifically comprises:
Described forwarding chip is chosen the message of described coupling in the mode of sampling, and reports the described message of choosing to give described CPU.
Preferably, described method also comprises:
Described CPU issues the second message matched rule of match user source MAC according to the content of described unified certification message to described forwarding chip, and the priority of the described second message matched rule is lower than the described first message matched rule;
When described forwarding chip matches the message that includes described user source MAC Address arbitrarily according to the described second message matched rule, transmit the message that matches according to the described second message matched rule.
Preferably, described station address information comprises a kind of or whole in the following content:
The user source MAC Address;
First kind IP address.
Preferably,
Described first kind IP address is the IPv4 address, and the described second class IP address is the IPv6 address; Or,
Described first kind IP address is the IPv6 address, and the described second class IP address is the IPv5 address.
The embodiment of the invention provides a kind of NAS equipment, comprising:
Receiver module is used for user in unified certification and reaches the standard grade after the success, and receiving remote checking dial-in customer serves the unified certification message that the Radius server sends, and carries the corresponding relation of user source MAC Address and first kind IP address in the described unified certification message;
Reporting module is used for user source MAC Address and first kind IP reporting address CPU with described unified certification message;
The rule downloading module is used for issuing to described forwarding chip according to the content of described unified certification message the first message matched rule of the match user source MAC and the second class IP address;
Processing module is used for when matching the message that comprises the user source MAC Address and the second class IP address according to the described first message matched rule, with the coupling message reporting CPU, and the described first message matched rule is set to invalid;
Sending module is used for sending request message to the Radius server, has carried the corresponding relation of the station address information and the second class IP address in the described request message.
Preferably, described processing module specifically is used in the mode of sampling the message of described coupling being chosen, and reports the described message of choosing to give described CPU.
Preferably, described rule downloading module also is used for:
Issue the second message matched rule of match user source MAC according to the content of described unified certification message to described forwarding chip, the priority of the described second message matched rule is lower than the described first message matched rule;
Described processing module is used for when matching the message that includes described user source MAC Address arbitrarily according to the described second message matched rule, transmits the message that matches according to the described second message matched rule.
Preferably, described station address information comprises a kind of or whole in the following content:
The user source MAC Address;
First kind IP address.
Preferably,
Described first kind IP address is the IPv4 address, and the described second class IP address is the IPv6 address; Or,
Described first kind IP address is the IPv6 address, and the described second class IP address is the IPv5 address.
Compared with prior art, the technical scheme that the embodiment of the invention proposed has the following advantages:
By the present invention program's proposition, realized on the Radius server, showing in IPv4, the IPv6 address, make the Radius server more effective simultaneously to user's unified management.
Description of drawings
Fig. 1 is Portal identifying procedure figure of the prior art;
Fig. 2 is the report flow schematic diagram of the unified certification User IP that provides of the embodiment of the invention;
Fig. 3 is the report flow schematic diagram of the unified certification User IP that provides of the embodiment of the invention one;
Fig. 4 is the installation drawing that reports of the unified certification User IP that provides of the embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing among the present invention, the technical scheme among the present invention is clearly and completely described, obviously, described embodiment only is part embodiment of the present invention, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making all other embodiment that obtained under the creative work prerequisite.
Referring to Fig. 2, the report flow schematic diagram of the unified certification User IP that provides for the embodiment of the invention, this flow process comprises:
In this step, after the unified certification user successfully reached the standard grade, the Radius server can obtain user's source MAC(Media Access Control, media interviews control) corresponding relation of address and first kind IP address.
In this step, the message matched rule comprises: the first message matched rule that is used for the match user source MAC and the second class IP address, and the second message matched rule that is used for the match user source MAC, wherein, the first message matched rule priority is higher than the second message matched rule.
In this step, the first message matched rule is set to invalid after, forwarding chip can mate according to the second message matched rule, for match include the message of user source MAC Address arbitrarily the time, can transmit the message that matches according to the second message matched rule.
In this step, the corresponding relation that carries in the request message can be the corresponding relation of the user source MAC Address and the second class IP address, or, the corresponding relation of the first kind IP address and the second class IP address, or, the corresponding relation of user source MAC Address, first kind IP address and the second class IP address.
In the present embodiment, after the user of unified certification reaches the standard grade success, forwarding chip receiving remote checking dial-in customer serves the unified certification message that the Radius server sends, and carries the corresponding relation of user source MAC Address and first kind IP address in the unified certification message; Forwarding chip is with user source MAC Address in the unified certification message and first kind IP reporting address CPU; CPU issues the first message matched rule of the match user source MAC and the second class IP address to forwarding chip according to the content of unified certification message; When forwarding chip matches the message that comprises the user source MAC Address and the second class IP address according to the first message matched rule, with the message reporting CPU of coupling; CPU sends request message to the Radius server, carried the corresponding relation of the station address information and the second class IP address in the request message, realized on the Radius server, showing in IPv4, the IPv6 address, made the Radius server more effective simultaneously user's unified management.
With a specific embodiment the invention described above is done detailed elaboration below, but be not limited only to this embodiment.
As shown in Figure 3, the report flow figure of the unified certification User IP that provides for the embodiment of the invention one, wherein, the IPv4 message has passed through the authentication of Portal server, and this flow process can comprise:
In this step, the Radius server can obtain user's source MAC and the corresponding relation of IPv4.
In this step, the message matched rule is: the first message matched rule that is used to mate source MAC and IPv6 address, and the second message matched rule that is used to mate source MAC, wherein, the first message matched rule priority is higher than the second message matched rule.
Step 304 when forwarding chip matches the message that comprises source MAC and IPv6 according to the first message matched rule, is sampled to the message of coupling, and the message mirror that sampling is chosen is given CPU, and the first message matched rule is set to invalid.
In this step, the first message matched rule is set to invalid after, forwarding chip can mate according to the second message matched rule, for match include the message of source MAC arbitrarily the time, can transmit the message that matches according to the second message matched rule;
Simultaneously,, can regularly activate the first message matched rule, thereby after the user revises the IPv6 address, obtain the up-to-date IPv6 address of user according to the first message matched rule in order to prevent user's modification IPv6 address.
In this step, the corresponding relation that carries in the request message can be the corresponding relation of source MAC and IPv6, or, the corresponding relation of IPv4 and IPv6, or, the corresponding relation of source MAC, IPv4 and IPv6.
In the present embodiment, after the user of unified certification reaches the standard grade success, forwarding chip receiving remote checking dial-in customer serves the unified certification message that the Radius server sends, and carries the corresponding relation of user source MAC Address and first kind IP address in the unified certification message; Forwarding chip is with user source MAC Address in the unified certification message and first kind IP reporting address CPU; CPU issues the first message matched rule of the match user source MAC and the second class IP address to forwarding chip according to the content of unified certification message; When forwarding chip matches the message that comprises the user source MAC Address and the second class IP address according to the first message matched rule, with the message reporting CPU of coupling; CPU sends request message to the Radius server, carried the corresponding relation of the station address information and the second class IP address in the request message, realized on the Radius server, showing in IPv4, the IPv6 address, made the Radius server more effective simultaneously user's unified management.
What need point out is, the situation of having passed through the authentication of Portal server for the IPv6 message, because the flow process basically identical that its flow process and IPv4 message authenticate through Portal server, so, no longer do concrete elaboration herein.
Based on the design identical with said method, the embodiment of the invention also provides a kind of NAS equipment, and as shown in Figure 4, this NAS equipment comprises forwarding chip 41 and CPU42;
This forwarding chip 41 comprises: receiver module 411, reporting module 412, processing module 413; This CPU42 comprises: rule downloading module 421 and sending module 422;
Receiver module 411, being used for user in unified certification reaches the standard grade after the success, receiving remote checking dial-in customer serves the unified certification message that the Radius server sends, and carries the corresponding relation of user source MAC Address and first kind IP address in the described unified certification message;
Described processing module 413 also is used for when matching the message that includes described user source MAC Address arbitrarily according to the described second message matched rule, transmits the message that matches according to the described second message matched rule;
Sending module 422 is used for sending request message to the Radius server, has carried the corresponding relation of the station address information and the second class IP address in the described request message.
Described station address information comprises a kind of or whole in the following content:
The user source MAC Address;
First kind IP address.
Described first kind IP address is the IPv4 address, and the described second class IP address is the IPv6 address; Or,
Described first kind IP address is the IPv6 address, and the described second class IP address is the IPv5 address.
In the present embodiment, after the user of unified certification reaches the standard grade success, forwarding chip receiving remote checking dial-in customer serves the unified certification message that the Radius server sends, and carries the corresponding relation of user source MAC Address and first kind IP address in the unified certification message; Forwarding chip is with user source MAC Address in the unified certification message and first kind IP reporting address CPU; CPU issues the first message matched rule of the match user source MAC and the second class IP address to forwarding chip according to the content of unified certification message; When forwarding chip matches the message that comprises the user source MAC Address and the second class IP address according to the first message matched rule, with the message reporting CPU of coupling; CPU sends request message to the Radius server, carried the corresponding relation of the station address information and the second class IP address in the request message, realized on the Radius server, showing in IPv4, the IPv6 address, made the Radius server more effective simultaneously user's unified management.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the method for each embodiment of the present invention.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, module in the accompanying drawing or flow process might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device among the embodiment can be distributed in the device of embodiment according to the embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of the foregoing description can be merged into a module, also can further split into a plurality of submodules.
The invention described above embodiment sequence number is not represented the quality of embodiment just to description.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.
Claims (10)
1. the report method of a unified certification User IP is characterized in that, described method is applied to comprise in the network access server NAS equipment:
After the user of unified certification reached the standard grade success, forwarding chip receiving remote checking dial-in customer served the unified certification message that the Radius server sends, and carries the corresponding relation of user source MAC Address and first kind IP address in the described unified certification message;
Described forwarding chip is with user source MAC Address in the described unified certification message and first kind IP reporting address CPU;
Described CPU issues the first message matched rule of the match user source MAC and the second class IP address to described forwarding chip according to the content of described unified certification message;
When forwarding chip matches the message that comprises the user source MAC Address and the second class IP address according to the described first message matched rule, with the coupling message reporting CPU, and the described first message matched rule is set to invalid;
Described CPU sends request message to the Radius server, has carried the corresponding relation of the station address information and the second class IP address in the described request message.
2. the method for claim 1 is characterized in that, described message reporting CPU with coupling specifically comprises:
Described forwarding chip is chosen the message of described coupling in the mode of sampling, and reports the described message of choosing to give described CPU.
3. the method for claim 1 is characterized in that, described method also comprises:
Described CPU issues the second message matched rule of match user source MAC according to the content of described unified certification message to described forwarding chip, and the priority of the described second message matched rule is lower than the described first message matched rule;
When described forwarding chip matches the message that includes described user source MAC Address arbitrarily according to the described second message matched rule, transmit the message that matches according to the described second message matched rule.
4. the method for claim 1 is characterized in that, described station address information comprises a kind of or whole in the following content:
The user source MAC Address;
First kind IP address.
5. as each described method of claim 1-4, it is characterized in that,
Described first kind IP address is the IPv4 address, and the described second class IP address is the IPv6 address; Or,
Described first kind IP address is the IPv6 address, and the described second class IP address is the IPv5 address.
6. a NAS equipment is characterized in that, comprising:
Receiver module is used for user in unified certification and reaches the standard grade after the success, and receiving remote checking dial-in customer serves the unified certification message that the Radius server sends, and carries the corresponding relation of user source MAC Address and first kind IP address in the described unified certification message;
Reporting module is used for user source MAC Address and first kind IP reporting address CPU with described unified certification message;
The rule downloading module is used for issuing to described forwarding chip according to the content of described unified certification message the first message matched rule of the match user source MAC and the second class IP address;
Processing module is used for when matching the message that comprises the user source MAC Address and the second class IP address according to the described first message matched rule, with the coupling message reporting CPU, and the described first message matched rule is set to invalid;
Sending module is used for sending request message to the Radius server, has carried the corresponding relation of the station address information and the second class IP address in the described request message.
7. NAS equipment as claimed in claim 6 is characterized in that, described processing module specifically is used in the mode of sampling the message of described coupling being chosen, and reports the described message of choosing to give described CPU.
8. NAS equipment as claimed in claim 6 is characterized in that, described rule downloading module also is used for:
Issue the second message matched rule of match user source MAC according to the content of described unified certification message to described forwarding chip, the priority of the described second message matched rule is lower than the described first message matched rule;
Described processing module also is used for when matching the message that includes described user source MAC Address arbitrarily according to the described second message matched rule, transmits the message that matches according to the described second message matched rule.
9. NAS equipment as claimed in claim 6 is characterized in that, described station address information comprises a kind of or whole in the following content:
The user source MAC Address;
First kind IP address.
10. as each described NAS equipment of claim 6-9, it is characterized in that,
Described first kind IP address is the IPv4 address, and the described second class IP address is the IPv6 address; Or,
Described first kind IP address is the IPv6 address, and the described second class IP address is the IPv5 address.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310157502.0A CN103220378B (en) | 2013-04-27 | 2013-04-27 | A kind of report method of unified certification User IP and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310157502.0A CN103220378B (en) | 2013-04-27 | 2013-04-27 | A kind of report method of unified certification User IP and equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103220378A true CN103220378A (en) | 2013-07-24 |
CN103220378B CN103220378B (en) | 2015-12-02 |
Family
ID=48817827
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310157502.0A Active CN103220378B (en) | 2013-04-27 | 2013-04-27 | A kind of report method of unified certification User IP and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103220378B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111327599A (en) * | 2020-01-21 | 2020-06-23 | 新华三信息安全技术有限公司 | Authentication process processing method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008099065A2 (en) * | 2007-02-16 | 2008-08-21 | Teliasonera Ab | Mobile ip access to a requested service |
CN101692674A (en) * | 2009-10-30 | 2010-04-07 | 杭州华三通信技术有限公司 | Method and equipment for double stack access |
CN102340509A (en) * | 2011-10-24 | 2012-02-01 | 杭州华三通信技术有限公司 | Access control method and equipment for dual-stack user |
CN102437946A (en) * | 2010-09-29 | 2012-05-02 | 杭州华三通信技术有限公司 | Access control method, network access server (NAS) equipment and authentication server |
-
2013
- 2013-04-27 CN CN201310157502.0A patent/CN103220378B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008099065A2 (en) * | 2007-02-16 | 2008-08-21 | Teliasonera Ab | Mobile ip access to a requested service |
CN101692674A (en) * | 2009-10-30 | 2010-04-07 | 杭州华三通信技术有限公司 | Method and equipment for double stack access |
CN102437946A (en) * | 2010-09-29 | 2012-05-02 | 杭州华三通信技术有限公司 | Access control method, network access server (NAS) equipment and authentication server |
CN102340509A (en) * | 2011-10-24 | 2012-02-01 | 杭州华三通信技术有限公司 | Access control method and equipment for dual-stack user |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111327599A (en) * | 2020-01-21 | 2020-06-23 | 新华三信息安全技术有限公司 | Authentication process processing method and device |
CN111327599B (en) * | 2020-01-21 | 2022-05-27 | 新华三信息安全技术有限公司 | Authentication process processing method and device |
Also Published As
Publication number | Publication date |
---|---|
CN103220378B (en) | 2015-12-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101465856B (en) | Method and system for controlling user access | |
CN104823470A (en) | System and method for correlating network information with subscriber information in mobile network environment | |
CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
CN103414709A (en) | User identity binding and user identity binding assisting method and device | |
CN102884764A (en) | Message receiving method, deep packet inspection device, and system | |
CN102055816A (en) | Communication method, business server, intermediate equipment, terminal and communication system | |
CN104158824A (en) | Method and system of network real name authentication | |
CN108900484B (en) | Access right information generation method and device | |
CN105472613B (en) | Authentication request receiving method and system, user side and AP | |
CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
CN103535004A (en) | Anonymous signalling | |
CN101616405A (en) | Wireless Internet access method and wireless router | |
CN104010001A (en) | Method and system for carrying out connection communication on same networking requests in mobile terminal | |
CN102215486B (en) | Network access method, system, network authentication method, equipment and terminal | |
CN101588575B (en) | System and method for providing Internet information encryption transmission service to group customer | |
CN103634792A (en) | Method, device and system for monitoring WLAN network user state and client | |
CN103227990A (en) | Wireless access method and equipment | |
CN104158825A (en) | Method and system of matching and pushing Internet advertising information | |
CN103916489A (en) | Method and system for resolving single-domain-name multi-IP domain name | |
CN107666426A (en) | A kind of IPv6 access systems of Android platform | |
CN102571817A (en) | Method and device for accessing application server | |
CN103220378A (en) | Reporting method and equipment of unified certificated user IP (Internet Protocol) | |
CN104580178A (en) | Method and equipment for Portal authentication | |
CN103001930A (en) | Remote data communication system | |
CN102185795A (en) | Method and system for realizing group communication on community platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |