CN103561129A - Secure access and real-time updating method and interchanger - Google Patents
Secure access and real-time updating method and interchanger Download PDFInfo
- Publication number
- CN103561129A CN103561129A CN201310538610.2A CN201310538610A CN103561129A CN 103561129 A CN103561129 A CN 103561129A CN 201310538610 A CN201310538610 A CN 201310538610A CN 103561129 A CN103561129 A CN 103561129A
- Authority
- CN
- China
- Prior art keywords
- dhcp
- list item
- subscriber equipment
- address
- request message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a secure access and real-time updating method and an interchanger. The method comprises the steps that according to the timing period of a first timer and DHCP table entries of user equipment in a DHCP binding table, ARP request messages are broadcasted, and a second timer is started to carry out timing; whether ARP responses are received or not is monitored, and if the ARP responses are not received before the set deadline of the second timer, it is determined that the user equipment with the DHCP table entries is in an off-line state; broadcast operation is repeatedly executed, and when the frequency of the user equipment with the DHCP table entries in the off-line state reaches a set threshold, ACL table entries, corresponding to ALC rules in hardware ACLs, of the DHCP table entries are deleted. According to the secure access and real-time updating method and the interchanger, access requirements of more kinds of DHCP user equipment can be met, and the utilization rate of an access control list of the interchanger is increased.
Description
Technical field
The present invention relates to computer network data communication technical field, relate in particular to a kind of method and switch of safety access real-time update.
Background technology
Dynamic address resolution agreement (DHCP, Dynamic Host Configuration Protocol) be a kind of automatic agreement for user equipment allocation IP address and other option (as gateway, DNS etc.), be widely used in local area network (LAN), DHCP can simplified network deployment, be easy to the maintenance of network.It is a kind of proprietary protocol of the DHCP of monitoring request process that DHCP tries to find out (DHCP SNOOPING), and it uses in switch, and the subscriber equipment that can successfully obtain IP for each generates a corresponding DHCP binding list item.
Gratuitous ARP packet is a kind of special address resolution protocol (Address Resolution Protocol, ARP) message, the transmitting terminal carrying in gratuitous ARP packet and destination end IP address are all the machine IP addresses, the transmitting terminal MAC Address of message is the machine MAC Address, and the destination end MAC Address of message is broadcast address.The IP address that subscriber equipment is determined miscellaneous equipment by overseas broadcast gratuitous ARP packet whether with the IP address conflict of subscriber equipment.When miscellaneous equipment is received after gratuitous ARP packet, if find that the IP address in message is identical with the IP address of oneself, return to an ARP response to the equipment that sends gratuitous ARP packet, inform that user equipment (UE) IP address clashes.
Access Control List (ACL) (Access Control List, ACL) set being formed by one or more rule, be used for identifying message flow, the rule here refers to the judgement statement of describing message matching condition, and matching condition can be source address, destination address and the port numbers etc. of message.The network equipment identifies specific message according to these rules, and according to predefined strategy, it is processed.
Maintenance and management for the ease of network, prevent subscriber equipment access network privately, switch can be controlled user equipment access network in conjunction with DHCP SNOOPING process, making to obtain the subscriber equipment of IP address by DHCP mode can accesses network, and the subscriber equipment of setting up IP address illegally will not allow accesses network.The mode of this access network need to realize in conjunction with exchange hardware ACL, and each DHCP subscriber equipment need to issue an ACL list item that allows accesses network, and acl rule is set.
In the prior art, the ACL list item finite capacity of switching equipment, therefore, when DHCP binding list item number is greater than the number of capacity of ACL list item of equipment, the ACL list item that some DHCP binding list items are corresponding cannot issue, these DHCP subscriber equipmenies just cannot accesses network, and the utilance of Access Control List (ACL) is lower.
Summary of the invention
The object of the invention is to propose a kind of method and switch of safety access real-time update, to improve switch-access, control the utilance of list.
On the one hand, the invention provides a kind of method of safety access real-time update, described method comprises:
According to first timer timing cycle, according to the DHCP list item of subscriber equipment in dynamic host configuration protocol DHCP binding table, broadcast address analysis protocol ARP request message, and start second timer and carry out timing, wherein, the IP address of the transmitting terminal of described ARP request message and the IP address of destination end are the IP address of subscriber equipment described in described DHCP list item, it is the MAC Address of subscriber equipment described in described DHCP list item that MAC Address is controlled in the media interviews of the transmitting terminal of described ARP request message, and the MAC Address of the destination end of described ARP request message is broadcast address;
Monitor and whether receive ARP response, if receive ARP before described second timer is set duration cut-off, respond, determine that the subscriber equipment of described DHCP list item is in off-line state;
Repeat above-mentioned broadcast operation, when the subscriber equipment of the described DHCP list item number of times in off-line state reaches setting threshold, described DHCP list item is controlled to the ACL list item that in list ACL, acl rule is corresponding at hardware access and delete.
Accordingly, the present invention also provides a kind of switch, and described switch comprises:
Broadcast module, be used for according to first timer timing cycle, according to the DHCP list item of subscriber equipment in dynamic host configuration protocol DHCP binding table, broadcast address analysis protocol ARP request message, and start second timer and carry out timing, wherein, the IP address of the transmitting terminal of described ARP request message and the IP address of destination end are the IP address of subscriber equipment described in described DHCP list item, it is the MAC Address of subscriber equipment described in described DHCP list item that MAC Address is controlled in the media interviews of the transmitting terminal of described ARP request message, the MAC Address of the destination end of described ARP request message is broadcast address,
Monitor module, for monitoring, whether receive ARP response, if receive ARP before described second timer is set duration cut-off, respond, determine that the subscriber equipment of described DHCP list item is in off-line state;
Processing module, for repeating above-mentioned broadcast operation, when the subscriber equipment of the described DHCP list item number of times in off-line state reaches setting threshold, controls at hardware access the ACL list item that in list ACL, acl rule is corresponding by described DHCP list item and deletes.
The present invention proposes a kind of method and switch of safety access real-time update, whether the subscriber equipment by judging DHCP list item is in off-line state, delete ACL list item corresponding to DHCP list item under off-line state, can provide ACL list item space for subscriber equipment, can meet the access requirement of more DHCP subscriber equipmenies, improve the utilance of switch-access control list.
Accompanying drawing explanation
Fig. 1 is the applicable network application figure of the embodiment of the present invention.
Fig. 2 is the safe realization flow figure that accesses the method for real-time update that first embodiment of the invention provides.
Fig. 3 is the safe realization flow figure that accesses the method for real-time update that second embodiment of the invention provides.
Fig. 4 is the structural representation of the device of the switch that provides of third embodiment of the invention.
Embodiment
For the technical scheme of technical problem that the present invention is solved, employing and the technique effect that reaches clearer, below in conjunction with drawings and Examples, the present invention is described in further detail.Be understandable that, specific embodiment described herein is only for explaining the present invention, but not limitation of the invention.It also should be noted that, for convenience of description, in accompanying drawing, only show part related to the present invention but not full content.Below in conjunction with accompanying drawing and by embodiment, further illustrate technical scheme of the present invention.
The applicable network environment of the embodiment of the present invention as shown in Figure 1.In network, be provided with switch, it is connected with a plurality of subscriber equipmenies with Dynamic Host Configuration Protocol server respectively.
Embodiment mono-
Fig. 2 is the safe realization flow figure that accesses the method for real-time update that first embodiment of the invention provides.The switch that the method that the embodiment of the present invention provides can be provided by the embodiment of the present invention in the network environment shown in Fig. 1 is carried out.As shown in Figure 2, the method that the embodiment of the present invention provides comprises:
In embodiments of the present invention, described ARP request message can be gratuitous ARP request message, the IP address of its transmitting terminal and the IP address of destination end are the IP address of subscriber equipment described in described DHCP list item, the MAC Address of the transmitting terminal of described ARP request message is the MAC Address of subscriber equipment described in described DHCP list item, and the MAC Address of the destination end of described ARP request message is broadcast address.Thus, can convey each subscriber equipment that switch is connected and all receive this message, and respond according to protocols having.Because ARP request message is that address based on each list item sends, thus if subscriber equipment is online, will inevitably receive the ARP request message consistent with self address, and need carry out ARP response according to agreement.
According to the ARP request message of broadcast in step 201, switch monitors whether receive ARP response, if receive ARP before described second timer is set duration cut-off, responds, and determines that the subscriber equipment of described DHCP list item is in off-line state; If can receive ARP before described second timer is set duration cut-off, respond, determine that the subscriber equipment of described DHCP list item is in line states, the second timer of resetting.For example, it is 1 second that described second timer setting duration can be set, if switch received ARP in 1 second, responds, and determines that the subscriber equipment of described DHCP list item is in off-line state.
When if in step 202, the number of times of the subscriber equipment of definite described DHCP list item in off-line state reaches setting threshold, ACL list item corresponding to the address of described DHCP list item acl rule in hardware ACL deleted.For example, can arrange when subscriber equipment off-line state being detected and reach 3 times, can judge described subscriber equipment off-line.By repeated detection off-line, can improve the reliability of detection, avoid responding caused mistake deletion because other reason causes replying ARP.
Wherein, described acl rule be in Access Control List (ACL) for identifying the judgement statement of the matching condition of message flow, described ACL list item can comprise: IP address, MAC Address, access interface and the vlan number of described subscriber equipment.
The method of the safety access real-time update that the present embodiment provides, by monitoring, whether receiving ARP responds, judge that whether the relative user equipment of DHCP list item is in off-line state, and ACL list item corresponding to the subscriber equipment of deleting the DHCP list item under off-line state, can, for subscriber equipment provides ACL list item space, improve the utilance of switch-access control list.In such scheme, utilize first timer to carry out the offline inspection of clocked flip to subscriber equipment in DHCP list item, can to ACL list item, clear up maintenance in time.Utilized gratuitous ARP request message and ARP thereof to respond, effectively utilized existing message mechanism, without expansion extra equipment and software, so the popularization of technology is convenient, cost is low.
Embodiment bis-
Fig. 3 is the realization flow figure that second embodiment of the invention provides the method for safety access real-time update.The present embodiment be take embodiment mono-as basis, and hardware environment is identical with embodiment mono-.As shown in Figure 3, the method that the embodiment of the present invention provides comprises:
In embodiments of the present invention, described DHCP request message comprises MAC Address, incoming end slogan and the vlan number of DHCP SNOOPING process, and the back message using of described Dynamic Host Configuration Protocol server comprises IP address, rental period, gateway and the domain name system DNS number of DHCP SNOOPING process.
In embodiments of the present invention, described DHCP list item comprises: MAC Address, access interface, vlan number, IP address and rental period.The constructive process of described DHCP list item: the MAC Address in described DHCP request message, access interface and vlan number information are saved in the DHCP list item of binding table of described subscriber equipment; After receiving the back message using of described Dynamic Host Configuration Protocol server, extract IP address and rental period in described back message using, and described IP address and rental period are added in the DHCP list item of binding table of described subscriber equipment.
Wherein, described DHCP list item comprises: IP address, MAC Address, access interface, vlan number and rental period.Extract IP address, MAC Address, access interface and vlan number in described DHCP list item, generate corresponding ACL list item.After the message that switch is received, while only having list item in message and a subitem in the described ACL list item in switch to match, can forward described message.
The method of the safety access real-time update that the present embodiment provides, is the preferred embodiment proposing on the basis of embodiment mono-, reaches identical function, can provide ACL list item space for subscriber equipment, has improved the utilance of switch-access control list.
Further, before the back message using of the DHCP of described reception subscriber equipment request message and Dynamic Host Configuration Protocol server, preferably also comprise: the monitor function that the DHCP of enabled switch tries to find out; Issue a DHCP message redirecting to the acl rule of switch CPU, issue the acl rule that an acquiescence does not forward all messages simultaneously, wherein, described acl rule is for identifying the judgement statement of the matching condition of message flow in Access Control List (ACL).The usefulness of this scheme is to start the safety function of DHCP SNOOPING process, and pre-configured acl rule, makes switch according to the acl rule information that E-Packets targetedly, guarantees the fail safe that switch E-Packets.
Embodiment tri-
Fig. 4 is the structural representation of the device that comprises of switch that third embodiment of the invention provides.As shown in Figure 4, the device that the embodiment of the present invention provides comprises: broadcast module 405, monitoring module 406 and processing module 407.
Wherein, described broadcast module 405, be used for according to first timer timing cycle, according to the DHCP list item of subscriber equipment in DHCP binding table, broadcast arp request message, and start second timer and carry out timing, wherein, the IP address of the transmitting terminal of described ARP request message and the IP address of destination end are the IP address of subscriber equipment described in described DHCP list item, the MAC Address of the transmitting terminal of described ARP request message is the MAC Address of subscriber equipment described in described DHCP list item, and the MAC Address of the destination end of described ARP request message is broadcast address.Whether described monitoring module 406, receive ARP response for monitoring, if receive ARP before described second timer is set duration cut-off, responds, and determines that the address of described DHCP list item is in off-line state.Described processing module 407, for repeating above-mentioned broadcast operation, the number of times when the address of described DHCP list item in off-line state reaches setting threshold, the address of the described DHCP list item ACL list item that acl rule is corresponding in ACL table is deleted.
In such scheme, by broadcast module, carry out broadcast arp request message, by monitoring module, monitor and whether receive ARP and respond, and then whether the relative user equipment that judges DHCP list item is in off-line state, by processing module, delete the ACL list item corresponding to subscriber equipment of the DHCP list item under off-line state, can carry out cleaning in time to the ACL list item of the subscriber equipment of off-line and safeguard, improve the utilance of switch-access control list.Effectively utilized existing message mechanism, without expansion extra equipment and software, so the popularization of technology is convenient, cost is low.
In such scheme, preferably, also comprise: receiver module 402, creation module 403 and generation module 404.
Wherein, described receiver module 402, for according to first timer timing cycle, according to the DHCP list item of subscriber equipment in DHCP binding table, before broadcast arp request message, receive the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, wherein, described DHCP request message comprises MAC Address, incoming end slogan and the vlan number of DHCP SNOOPING process, and the back message using of described Dynamic Host Configuration Protocol server comprises IP address, rental period, gateway and the domain name system DNS number of DHCP SNOOPING process.Described creation module 403 for according to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, creates DHCP list item in DHCP binding table.Described generation module 404, for according to described DHCP list item, generates ACL list item.
In such scheme, preferably, also comprise: configuration module 401, for before receiving the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, the monitor function of the DHCP SNOOPING of enabled switch, issue a DHCP message redirecting to the acl rule of switch CPU, issue the acl rule that an acquiescence does not forward all messages simultaneously.
Further, described creation module 403 specifically for: the MAC Address in described DHCP request message, access interface and vlan number information are saved in the DHCP list item of binding table of described subscriber equipment; After receiving the back message using of described Dynamic Host Configuration Protocol server, extract IP address and rental period in described back message using, and described IP address and rental period are added in the DHCP list item of binding table of described subscriber equipment.
In embodiments of the present invention, the ACL list item in described processing module 407 can comprise: IP address, MAC Address, access interface and the vlan number of described subscriber equipment.
The method of real-time update that accesses safely that the switch that the present embodiment provides provides for carrying out any embodiment of the present invention, possesses corresponding functional module, reaches identical technique effect.
Note, foregoing is only preferred embodiment of the present invention.Skilled person in the art will appreciate that and the invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art various obvious variations, readjust and substitute and can not depart from protection scope of the present invention.Therefore, although the present invention is described in further detail by above embodiment, the present invention is not limited only to above embodiment, in the situation that not departing from the present invention's design, can also comprise more other equivalent embodiment, and scope of the present invention is determined by appended claim scope.
Claims (10)
1. a method for safety access real-time update, is characterized in that, comprising:
According to first timer timing cycle, according to the DHCP list item of subscriber equipment in dynamic host configuration protocol DHCP binding table, broadcast address analysis protocol ARP request message, and start second timer and carry out timing, wherein, the IP address of the transmitting terminal of described ARP request message and the IP address of destination end are the IP address of subscriber equipment described in described DHCP list item, it is the MAC Address of subscriber equipment described in described DHCP list item that MAC Address is controlled in the media interviews of the transmitting terminal of described ARP request message, and the MAC Address of the destination end of described ARP request message is broadcast address;
Monitor and whether receive ARP response, if receive ARP before described second timer is set duration cut-off, respond, determine that the subscriber equipment of described DHCP list item is in off-line state;
Repeat above-mentioned broadcast operation, when the subscriber equipment of the described DHCP list item number of times in off-line state reaches setting threshold, described DHCP list item is controlled to the ACL list item that in list ACL, acl rule is corresponding at hardware access and delete.
2. method according to claim 1, is characterized in that, according to first timer timing cycle, the DHCP list item according to subscriber equipment in DHCP binding table, before broadcast arp request message, also comprises:
Receive the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, wherein, described DHCP request message comprises that DHCP tries to find out the MAC Address of process, incoming end slogan and virtual LAN VLAN number, and the back message using of described Dynamic Host Configuration Protocol server comprises that DHCP tries to find out IP address, rental period, gateway and the domain name system DNS number of process;
According to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, in DHCP binding table, create DHCP list item;
According to described DHCP list item, generate ACL list item.
3. method according to claim 2, is characterized in that, before the back message using of the DHCP of described reception subscriber equipment request message and Dynamic Host Configuration Protocol server, also comprises:
The monitor function that the DHCP of enabled switch tries to find out;
Issue a DHCP message redirecting to the acl rule of switch CPU, issue the acl rule that an acquiescence does not forward all messages simultaneously.
4. method according to claim 2, is characterized in that, described according to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, creates DHCP list item in DHCP binding table, comprising:
MAC Address in described DHCP request message, access interface and vlan number information are saved in the DHCP list item of binding table of described subscriber equipment;
After receiving the back message using of described Dynamic Host Configuration Protocol server, extract IP address and rental period in described back message using, and described IP address and rental period are added in the DHCP list item of binding table of described subscriber equipment.
5. method according to claim 1, is characterized in that, described ACL list item comprises: IP address, MAC Address, access interface and the vlan number of described subscriber equipment.
6. a switch, is characterized in that, comprising:
Broadcast module, be used for according to first timer timing cycle, according to the DHCP list item of subscriber equipment in dynamic host configuration protocol DHCP binding table, broadcast address analysis protocol ARP request message, and start second timer and carry out timing, wherein, the IP address of the transmitting terminal of described ARP request message and the IP address of destination end are the IP address of subscriber equipment described in described DHCP list item, it is the MAC Address of subscriber equipment described in described DHCP list item that MAC Address is controlled in the media interviews of the transmitting terminal of described ARP request message, the MAC Address of the destination end of described ARP request message is broadcast address,
Monitor module, for monitoring, whether receive ARP response, if receive ARP before described second timer is set duration cut-off, respond, determine that the subscriber equipment of described DHCP list item is in off-line state;
Processing module, for repeating above-mentioned broadcast operation, when the subscriber equipment of the described DHCP list item number of times in off-line state reaches setting threshold, controls at hardware access the ACL list item that in list ACL, acl rule is corresponding by described DHCP list item and deletes.
7. switch according to claim 6, is characterized in that, also comprises:
Receiver module, for according to first timer timing cycle, according to the DHCP list item of subscriber equipment in DHCP binding table, before broadcast arp request message, receive the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, wherein, described DHCP request message comprises that DHCP tries to find out the MAC Address of process, incoming end slogan and virtual LAN VLAN number, and the back message using of described Dynamic Host Configuration Protocol server comprises that DHCP tries to find out IP address, rental period, gateway and the domain name system DNS number of process;
Creation module for according to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, creates DHCP list item in DHCP binding table;
Generation module, for according to described DHCP list item, generates ACL list item.
8. switch according to claim 7, is characterized in that, also comprises:
Configuration module, for before receiving the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, the monitor function that the DHCP of enabled switch tries to find out, issue a DHCP message redirecting to the acl rule of switch CPU, issue the acl rule that an acquiescence does not forward all messages simultaneously.
9. switch according to claim 7, is characterized in that, described creation module specifically for:
MAC Address in described DHCP request message, access interface and vlan number information are saved in the DHCP list item of binding table of described subscriber equipment;
After receiving the back message using of described Dynamic Host Configuration Protocol server, extract IP address and rental period in described back message using, and described IP address and rental period are added in the DHCP list item of binding table of described subscriber equipment.
10. switch according to claim 6, is characterized in that, the ACL list item in described processing module comprises: IP address, MAC Address, access interface and the vlan number of described subscriber equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310538610.2A CN103561129A (en) | 2013-11-04 | 2013-11-04 | Secure access and real-time updating method and interchanger |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310538610.2A CN103561129A (en) | 2013-11-04 | 2013-11-04 | Secure access and real-time updating method and interchanger |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103561129A true CN103561129A (en) | 2014-02-05 |
Family
ID=50015279
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310538610.2A Pending CN103561129A (en) | 2013-11-04 | 2013-11-04 | Secure access and real-time updating method and interchanger |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103561129A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101471936A (en) * | 2007-12-29 | 2009-07-01 | 华为技术有限公司 | Method, device and system for establishing IP conversation |
| CN101651682A (en) * | 2009-09-15 | 2010-02-17 | 杭州华三通信技术有限公司 | Method, system and device of security certificate |
| CN102447709A (en) * | 2012-01-17 | 2012-05-09 | 神州数码网络(北京)有限公司 | Access authority control method and system based on DHCP (Dynamic host configuration protocol) and 802.1x |
| US20130297825A1 (en) * | 2012-02-14 | 2013-11-07 | Huawei Technologies Co., Ltd. | Method, switch, and system for processing a message |
-
2013
- 2013-11-04 CN CN201310538610.2A patent/CN103561129A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101471936A (en) * | 2007-12-29 | 2009-07-01 | 华为技术有限公司 | Method, device and system for establishing IP conversation |
| CN101651682A (en) * | 2009-09-15 | 2010-02-17 | 杭州华三通信技术有限公司 | Method, system and device of security certificate |
| CN102447709A (en) * | 2012-01-17 | 2012-05-09 | 神州数码网络(北京)有限公司 | Access authority control method and system based on DHCP (Dynamic host configuration protocol) and 802.1x |
| US20130297825A1 (en) * | 2012-02-14 | 2013-11-07 | Huawei Technologies Co., Ltd. | Method, switch, and system for processing a message |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101453495B (en) | Method, system and equipment for preventing authentication address resolution protocol information loss | |
| CN110855633B (en) | DDOS attack protection method, device, system, communication equipment and storage medium | |
| JP5364671B2 (en) | Terminal connection status management in network authentication | |
| KR100992968B1 (en) | Network switch and method for protecting ip address conflict thereof | |
| CN103248724A (en) | SDN (Software-Defined Networking) controller-based DHCP (Dynamic Host Configuration Protocol) broadcast processing method | |
| US20180048633A1 (en) | Perception-free authentication method and system, and control method and system based on the same | |
| CN101883158A (en) | Method and client for acquiring VLAN (Virtual Local Area Network) IDs (Identifiers) and network protocol addresses | |
| CN107241313B (en) | Method and device for preventing MAC flooding attack | |
| CN103001868A (en) | Method and device used for synchronous ARP (Address Resolution Protocol) list item of virtual router redundancy protocol backup set | |
| US20140143413A1 (en) | Method, local gateway, and system for local voice survivability | |
| CN103560961A (en) | Method for dynamically updating host routing table entries of Ethernet switch and switch | |
| WO2012146120A1 (en) | Method for forwarding response packet from dhcp server, forwarding device and system | |
| CN102137073B (en) | Method and access equipment for preventing imitating internet protocol (IP) address to attack | |
| CN101179515B (en) | Method and device for inhibiting black hole routing | |
| CN101197811B (en) | Method for improving server reliability in dynamic main unit configuration protocol under proxy mode | |
| JP6137178B2 (en) | COMMUNICATION INFORMATION DETECTING DEVICE AND COMMUNICATION INFORMATION DETECTING METHOD | |
| CN102347903B (en) | Data message forwarding method as well as device and system | |
| CN102143164A (en) | Message relaying method, message relaying device and base station | |
| CN103795581A (en) | Address processing method and address processing device | |
| US10680930B2 (en) | Method and apparatus for communication in virtual network | |
| CN103595711A (en) | Adjusting safety access method and exchanger | |
| CN106131046B (en) | anti-attack processing method and device | |
| CN102594808A (en) | System and method for preventing Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) server spoofing | |
| CN104283982B (en) | A kind of method that DMZ host automatically points to, system and gateway | |
| CN103561129A (en) | Secure access and real-time updating method and interchanger |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140205 |