CN103684861B - Method and device for processing network configuration and communication system - Google Patents
Method and device for processing network configuration and communication system Download PDFInfo
- Publication number
- CN103684861B CN103684861B CN201310652734.3A CN201310652734A CN103684861B CN 103684861 B CN103684861 B CN 103684861B CN 201310652734 A CN201310652734 A CN 201310652734A CN 103684861 B CN103684861 B CN 103684861B
- Authority
- CN
- China
- Prior art keywords
- vlan
- port
- sub
- mark
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a method and device for processing network configuration and a communication system. The method includes the steps that an access device in a network is found by a core device through a device cluster management protocol, and a management channel connected with the access device is established; port information of the access device is studied through the management channel, so that the access device is virtualized into a board card of the core device; an IP application request sent by user equipment through the management channel is received, and a corresponding IP address is distributed to the user equipment according to the IP application request; user identification in the IP application request is related with a default sub virtual local area network, a first port connected into the user equipment and a corresponding first access device are identified, default permission information of the default sub virtual local area network is configured to the first port through the management channel, and accordingly the first access device can conduct corresponding processing on a resource access request according to the default permission information on the first port when the resource access request sent by the user equipment is received through the first port.
Description
Technical field
The present invention relates to the communication technology, more particularly to a kind of network configuration treating method and apparatus and communication system.
Background technology
At present, Fig. 1 is three-layer network configuration diagram traditional in the prior art, and Fig. 2 is flattening net in the prior art
Network configuration diagram, as depicted in figs. 1 and 2, network flattening refers to make strong core, the network structure of weak access, by network
Structure changes from the three-layer network framework of traditional " core+convergence+access " to the two-tiered structure of " core+access ".Flat
In change network, as shown in Fig. 2 mainly including nucleus equipment and access device;Wherein, nucleus equipment, as strong core, is one high
End equipment, realizes being uniformly processed for network switch, and access device therein is to be routed directly to network switch
Nucleus equipment is uniformly processed, then unified treatment and forwarding is carried out on nucleus equipment, realizes nucleus equipment to whole net institute
Have business is uniformly controlled treatment, makes Network centralization, unitizes.
But, the deployment of existing flattening network is required for going to complete one by one based on equipment, it is stipulated that user can only connect
Enter the network of regulation, when user on-position changes, in addition it is also necessary to manually adjust the network design that corresponding user accesses.
Particularly, the adaptivity and redirecting for user department do not transposed for user's transfer-position cannot all be automatically performed, be required for into
The complicated substantial amounts of network design configuration work of row can just be completed, therefore, existing flattening network design workload is big, and uses
Family complex management, it is impossible to realize the adaptivity of network design.
The content of the invention
The present invention provides a kind for the treatment of method and apparatus and communication system of network configuration, for solving in the prior art
The big problem of flattening network design workload.
The first aspect of the invention is to provide a kind of processing method of network configuration, including:
Nucleus equipment finds the access device in network using device clusters management agreement, and sets up and the access device
Management passage;
The nucleus equipment learns the port information of the access device by the management passage, and the access is set
A standby board for inventing the nucleus equipment;
The nucleus equipment receives the protocol IP Shen of interconnection between the network that user equipment is sent by the management passage
Please ask, and be applied asking according to the IP, be the corresponding IP address of the user equipment allocation;
The mark virtual local area VLAN with acquiescence of the user in IP application requests is set up and closed by the nucleus equipment
Connection relation, and the first port and corresponding first access device of the user equipment access are recognized, by the acquiescence Sub-VLAN
On default privilege information be configured in the first port by the management passage, so that first access device is logical
When crossing the first port and receiving the resource access request that the user equipment sends, according to the acquiescence in the first port
Authority information, is processed the resource access request accordingly.
Another aspect of the present invention is to provide a kind of processing method of network configuration, including:
Access device receives the protocol IP application request of interconnection between the network that user equipment is sent by first port, and
IP application requests are sent to nucleus equipment by the management passage set up with nucleus equipment;For the nucleus equipment root
Apply asking according to the IP, be described for the corresponding IP address of equipment distribution, and by the user's in IP application requests
Mark sets up incidence relation with acquiescence Sub-VLAN;
The access device is transmitted to by the IP address that the nucleus equipment that the management passage will be received sends
The user equipment;
The access device receives the sub- virtual local area of the acquiescence that the nucleus equipment is sent by the management passage
Default privilege information on VLAN, and the default privilege message identification is configured in the first port;
The resource access request that the access device reception user equipment is sent by the first port, and according to
The default privilege information, is processed the resource access request accordingly.
An additional aspect of the present invention is to provide a kind of processing unit of network configuration, including:
It was found that processing module, for being found the access device in network using device clusters management agreement, and is set up and institute
State the management passage of access device;
Study processing module, the port information for learning the access device by the management passage will be described
Access device invents a board of the nucleus equipment;
Transceiver module, for receiving the protocol IP Shen interconnected between the network that user equipment is sent by the management passage
Please ask;
IP address distribute module, is the corresponding IP address of the user equipment allocation for being applied asking according to the IP;
Configuration processing module, for the mark of the user in IP application requests to be built with sub- virtual local area VLAN is given tacit consent to
Vertical incidence relation, and recognize the first port and corresponding first access device of the user equipment access;
The transceiver module, for the default privilege information on the acquiescence Sub-VLAN to be configured by the management passage
Onto the first port, so that first access device is receiving the user equipment transmission by the first port
Resource access request when, according to the default privilege information in the first port, the resource access request is carried out accordingly
Treatment.
Still another aspect of the invention is to provide a kind of processing unit of network configuration, including:
Transceiver module, please for receiving the protocol IP application interconnected between the network that user equipment is sent by first port
Ask, and IP application requests are sent to nucleus equipment by the management passage set up with nucleus equipment;For the core
Equipment applies asking according to the IP, is described for the corresponding IP address of equipment distribution, and by IP application requests
The mark of user virtual local area VLAN with acquiescence sets up incidence relation;
The transceiver module is additionally operable to the IP address that the nucleus equipment sends that will be received by the management passage
It is transmitted to the user equipment;
The transceiver module is additionally operable to receive the acquiescence that the nucleus equipment is sent by the management passage
Default privilege information on VLAN;
Configuration module, for the default privilege message identification to be configured into the first port;
The transceiver module is additionally operable to receive the resource access request that the user equipment is sent by the first port;
Processing module, for according to the default privilege information, being processed accordingly the resource access request.
Another aspect of the invention is to provide a kind of communication system, including:Nucleus equipment and access device;Wherein, institute
State the processing unit that nucleus equipment is the network configuration as described in above-mentioned another aspect;The access device is to go back one as described above
The processing unit of the network configuration described in individual aspect.
The solution have the advantages that:Find that the access in network sets using device clusters management agreement by nucleus equipment
It is standby, and the management passage with the access device is set up, the port information of the access device being learnt by the management passage, will connect
Enter the board that equipment invents the nucleus equipment, be the user after the IP application requests for receiving user equipment transmission
Equipment distributes IP address, and sets up the incidence relation identified with the acquiescence Sub-VLAN that the IP applies for the user in request, identification
First port and corresponding first access device that user equipment is accessed, will give tacit consent to the default privilege information on Sub-VLAN by being somebody's turn to do
Management passage is configured in first port, so that first access device is receiving user equipment transmission by first port
Resource access request when, according to the default privilege information in the first port, the resource access request is located accordingly
Reason, so that the deployment of existing flat network topology is not needed upon equipment to go to complete one by one, i.e., according to the request of user, to it
Connectivity port carries out automatic deployment, therefore solves the problems, such as that flattening network design workload is big in the prior art, and effectively
Improve the adaptivity of network design.
Brief description of the drawings
Fig. 1 is three-layer network configuration diagram traditional in the prior art;
Fig. 2 is flattening network architecture schematic diagram in the prior art;
Fig. 3 is the flow chart of one embodiment of the processing method of inventive network configuration;
Fig. 4 is the flow chart of another embodiment of the processing method of inventive network configuration;
Fig. 5 is the flow chart of another embodiment of the processing method of inventive network configuration;
Fig. 6 is the flow chart of a still further embodiment of the processing method of inventive network configuration;
Fig. 7 is the flow chart of the further embodiment of the processing method of inventive network configuration;
Fig. 8 is the structural representation of one embodiment of the processing unit of inventive network configuration;
Fig. 9 is the structural representation of another embodiment of the processing unit of inventive network configuration;
Figure 10 is the structural representation of another embodiment of the processing unit of inventive network configuration.
Specific embodiment
Fig. 3 is the flow chart of one embodiment of the processing method of inventive network configuration, as shown in figure 3, the present embodiment
Method include:
Step 101, nucleus equipment find the access device in network using device clusters management agreement, and foundation connects with this
Enter the management passage of equipment.
In the present embodiment, the cluster management protocol can be specially Link Layer Discovery Protocol(Link Layer
Discovery Protocol;Referred to as:LLDP)The cluster protocol, or virtual switch unit of extension(Virtual
Switching Unit;Referred to as:VSU)The extension of agreement, can also be other privately owned implementations, concrete implementation mode sheet
Embodiment is not intended to limit.
In addition, in the present embodiment, nucleus equipment is made up of multiple equipment or multiple board polymerizations, and it is further referred to as
Mainframe box;Access device is same to be polymerized by multiple equipment or multiple boards, and the aggregation protocol of equipment is not limited, and it can also claim
Be interface cabinet.Nucleus equipment is uniformly controlled all of access device of management, and then realizes being managed collectively whole Campus Networks
And control.
Preferably, after the access device during nucleus equipment finds network using device clusters management agreement, can also be with
The access device sets up data channel.Wherein, nucleus equipment can learn the port information of access device by management passage, and
Realize authority and ask issuing for response.Nucleus equipment can realize the forwarding of network message by data channel.
Step 102, nucleus equipment learn the port information of the access device by the management passage, by the access device
Invent a board of the nucleus equipment.
In the present embodiment, nucleus equipment can automatically identify the port of the access device according to network topology scheme
Information, the port can be the user port of interconnection port and access device with access device and user equipment;And can be with
Interconnection port is configured to Trunk mouthfuls, user port is configured to ACCESS mouthfuls.In addition, the port information of the access device can
To be specially its port number, and each port speed and the information such as broadband.
In addition, in the present embodiment, nucleus equipment learns the port information of the access device by the management passage, so that
So that all of access device invents a board of nucleus equipment, i.e., the access device seen on nucleus equipment is exactly core
A sheet by a sheet board in heart equipment, access device can then regard the extension to nucleus equipment port as, and then form a machine one
The concept of network.
Step 103, nucleus equipment receive the agreement of interconnection between the network that user equipment is sent by the management passage
(Internet Protocol;Referred to as:IP)Application request, and applied asking according to the IP, will be user equipment allocation correspondence
IP address.
Step 104, nucleus equipment are by the mark of the user in IP application requests and give tacit consent to sub- VLAN
(Virtual Local Area Network;Referred to as:VLAN)Incidence relation is set up, and recognizes the user equipment is accessed first
Port and corresponding first access device, this is configured to by the default privilege information on the acquiescence Sub-VLAN by the management passage
In first port, so that first access device is receiving the resource access that the user equipment sends by the first port
During request, according to the default privilege information in the first port, the resource access request is processed accordingly.
In the present embodiment, ID can be specially user name.The first port is above-mentioned user port.Separately
Outward, recognize that the first port of user equipment access and the implementation of corresponding first access device are:If nucleus equipment pipe
User's topology information is managed, then inquiry can directly have been gone from user's topology information by IP address, to recognize the user equipment
The first port of access and corresponding first access device;If nucleus equipment does not manage user's topology information, can pass through
Address resolution protocol(Address Resolution Protocol;Referred to as:ARP)And medium access control(Media Access
Control;Referred to as:MAC)List item is searched, specifically, first passing through IP address searches corresponding ARP, to show that the user sets
Standby MAC Address, and search MAC address entries according to the MAC Address to recognize the first port and corresponding that the user equipment is accessed
First access device.
In the present embodiment, the access device in network is found using device clusters management agreement by nucleus equipment, and
The management passage with the access device is set up, the port information of the access device is learnt by the management passage, access is set
A standby board for inventing the nucleus equipment, after the IP application requests for receiving user equipment transmission, for this is used for equipment
Distribution IP address, and the incidence relation identified with the acquiescence Sub-VLAN that the IP applies for the user in request is set up, identifying user
First port and corresponding first access device that equipment is accessed, will give tacit consent to the default privilege information on Sub-VLAN by the management
Passage is configured in first port, so that first access device is receiving the money that the user equipment sends by first port
During the access request of source, according to the default privilege information in the first port, the resource access request is processed accordingly, from
And cause that the deployment of existing flat network topology is not needed upon equipment and goes to complete one by one, i.e., according to the request of user, connect to it
Port carries out automatic deployment, therefore solves the problems, such as that flattening network design workload is big in the prior art, and effectively carries
The adaptivity of network design high.
Fig. 4 is the flow chart of another embodiment of the processing method of network configuration of the invention, as shown in figure 4, the party
Method includes:
Step 201, nucleus equipment find the access device in network using device clusters management agreement, and foundation connects with this
Enter the management passage of equipment.
In the present embodiment, the cluster management protocol can be specially Link Layer Discovery Protocol(Link Layer
Discovery Protocol;Referred to as:LLDP)The cluster protocol, or virtual switch unit of extension(Virtual
Switching Unit;Referred to as:VSU)The extension of agreement, can also be other privately owned implementations, concrete implementation mode sheet
Embodiment is not intended to limit.
In addition, in the present embodiment, nucleus equipment is made up of multiple equipment or multiple board polymerizations, and it is further referred to as
Mainframe box;Access device is same to be polymerized by multiple equipment or multiple boards, and the aggregation protocol of equipment is not limited, and it can also claim
Be interface cabinet.Nucleus equipment is uniformly controlled all of access device of management, and then realizes being managed collectively whole Campus Networks
And control.
Preferably, after the access device during nucleus equipment finds network using device clusters management agreement, can also be with
The access device sets up data channel.Wherein, nucleus equipment can learn the port information of access device by management passage, and
Realize authority and ask issuing for response.Nucleus equipment can realize the forwarding of network message by data channel.
Step 202, nucleus equipment learn the port information of the access device by the management passage, by the access device
Invent a board of the nucleus equipment.
In the present embodiment, nucleus equipment can automatically identify the port of the access device according to network topology scheme
Information, the port can be the user port of interconnection port and access device with access device and user equipment;And can be with
Interconnection port is configured to Trunk mouthfuls, user port is configured to ACCESS mouthfuls.In addition, the port information of the access device can
To be specially its port number, and each port speed and the information such as broadband.
The mark that step 203, nucleus equipment obtain default privilege information, the organizational information of department and department is corresponding
Authority information;The organizational information of the department includes the mark of the user under the mark and the department of the department.
In the present embodiment, in order to carry out control of authority to department, for different departments, it should there is network legal power
Differentiation, that is, need the authorities different to different Department formations, for example:Certain department can not access certain Internet resources;Or
Person, the corresponding differentiation network speed limit of different departments, network storm control of differentiation etc..
In addition, default privilege synchronizing information is to acquiescence Sub-VLAN, for the user not being authenticated, acquiescence is belonged to
VLAN。
Step 204, nucleus equipment create a primary vlan, and are respectively the corresponding son of mark establishment of each department
VLAN, and the corresponding authority information of the mark of the department is configured on corresponding Sub-VLAN respectively.
Step 205, nucleus equipment create acquiescence Sub-VLAN, and by the default privilege information configuration to the acquiescence Sub-VLAN
On.
Wherein, the acquiescence Sub-VLAN is associated with primary vlan respectively with the Sub-VLAN.
In the present embodiment, VLAN is mapped by the way of Super VLAN, i.e., by son(Sub)Between VLAN realizes user
Two layers of isolation, and the whole network only one of which Super VLAN.Specifically, first automatically creating a master(Primary)VLAN, while
An acquiescence Sub-VLAN is created, the user, when user is not authenticated, is put into the acquiescence portion by the mapping for giving tacit consent to department
Door, will user and the acquiescence Sub-VLAN set up incidence relation.
In addition, creating a Sub-VLAN for each department, and the authority information of each department is configured to corresponding
On Sub-VLAN.It should be noted that the acquiescence Sub-VLAN is associated with primary vlan respectively with Sub-VLAN.
Step 206, nucleus equipment receive the IP application requests that user equipment sends, and are applied asking according to the IP, for this
The corresponding IP address of user equipment allocation.
In the present embodiment, due to one Super VLAN of the whole network, therefore, all users are the Super VLAN's
Under Sub VLAN, in order to be managed collectively, DHCP is created for Primary VLAN(Dynamic Host
Configuration Protocol;Referred to as:DHCP)The IP address that address is used for whole network users is distributed, i.e., all Sub VLAN
Interior user distributes IP from the corresponding address pools of Primary VLAN.In addition, IP address pond is deployed with two ways, one
It is one big address pool of distribution to plant, for example:The address space of 16 bitmasks, all users distribute IP from the address space;
Another kind is that the multiple address pools of deployment are corresponding with Primary VLAN, for example:Each address pool is the address space of 24 masks, is
Realize that multiple address pools are corresponding with Primary VLAN, it is necessary to give Primary VLAN establishment multiple Second IP, each
Second IP one address pool network segment of correspondence.
The mark of the user in IP application requests and acquiescence Sub-VLAN are set up incidence relation by step 207, nucleus equipment,
And recognize the user equipment access first port and corresponding first access device, by the default privilege on the acquiescence Sub-VLAN
Information is configured in the first port by the management passage, so that first access device is received by the first port
During the resource access request that the user equipment sends, according to the default privilege information in the first port, the resource is accessed please
Ask and processed accordingly.
In the present embodiment, because user is not authenticated, therefore first by the mark of user and acquiescence Sub-VLAN foundation
Incidence relation, and by the default privilege information configuration on the acquiescence Sub-VLAN to the first port, so that passing through first
The resource access request that port sends, is required to be processed accordingly according to default privilege information.
Fig. 5 is the flow chart of another embodiment of the processing method of inventive network configuration, is being implemented shown in above-mentioned Fig. 4
On the basis of example, as shown in figure 5, after step 207, the method also includes:
Step 208, nucleus equipment are received the user equipment and are sent by the first port and corresponding first access device
Certification request, the mark of the certification request including the user.
Step 209, nucleus equipment are authenticated according to the certification request, the mark to the user, and the certification that will be obtained
Response returns to the user equipment.
Step 210, nucleus equipment obtain the primary sector belonging to the mark of the user, and it is corresponding to obtain the primary sector
First Sub-VLAN, incidence relation is set up by the mark of the user and first Sub-VLAN, deletes the ID with acquiescence
The incidence relation of VLAN.
The first authority information on first Sub-VLAN that step 211, nucleus equipment will get is configured to the first end
Mouthful, to replace the default privilege information in the first port, so that first access device is received by first port
During the resource access request that the user equipment sends, according to the first authority information in the first port, the resource is accessed please
Ask and processed accordingly.
In the present embodiment, after certification passes through, the department obtained belonging to the user can be identified by user, issues this
The Sub-VLAN control of department, authority information that will be on the Sub-VLAN of the department is configured in first port, to perform the department
Control of authority.
Fig. 6 is the flow chart of a still further embodiment of the processing method of inventive network configuration, is being implemented shown in above-mentioned Fig. 5
On the basis of example, as shown in fig. 6, after step 211, the method also includes:
Step 212, nucleus equipment receive the handover request of user equipment transmission, and the handover request includes:The user's
Mark and the mark of corresponding secondary sector.
Step 213, nucleus equipment obtain secondary sector corresponding second Sub-VLAN of mark, and by the mark of the user with
Second Sub-VLAN sets up incidence relation, deletes the incidence relation of the ID and first Sub-VLAN.
The second authority information on second Sub-VLAN that step 214, nucleus equipment will get is configured to the first end
Mouthful, to replace first authority information in the first port, so that first access device is received by first port
During the resource access request that the user equipment sends, according to the second authority information in the first port, the resource is accessed please
Ask and processed accordingly.
In the present embodiment, after the department that user is belonged to switches, due to can be automatically real by nucleus equipment
The network that existing user accesses is redeployed, therefore, it is effectively improved the adaptivity of network design.
In addition, also, it should be noted that after step 207, can also realize that the department belonged to as user cuts
When changing, the automatic deployment of nucleus equipment, its realization principle is similar to step 214 to step 212, and here is omitted.
Fig. 7 is the flow chart of the further embodiment of the processing method of inventive network configuration, as shown in fig. 7, this implementation
The method of example includes:
Step 301, access device receive user equipment and apply for request by the IP that first port sends, and the IP is applied
Request is sent to nucleus equipment by the management passage set up with nucleus equipment;So that the nucleus equipment please according to IP applications
Ask, be the corresponding IP address of the user equipment allocation, and the mark of the user in IP application requests and acquiescence Sub-VLAN are built
Vertical incidence relation.
In the present embodiment, nucleus equipment can perform the technical side of any shown embodiments of the method for above-mentioned Fig. 1 to Fig. 4
Case, its realization principle is similar, and here is omitted.
Step 302, access device are transmitted to by the IP address that the nucleus equipment that the management passage will be received sends
The user equipment.
Step 303, access device receive silent on the acquiescence Sub-VLAN that the nucleus equipment is sent by the management passage
Recognize authority information, and the default privilege message identification is configured in the first port.
Step 304, access device receive the resource access request that the user equipment is sent by the first port, and according to
The default privilege information, is processed the resource access request accordingly.
In the present embodiment, access device receives user equipment and applies asking by the IP that first port sends, the IP Shens
Please ask to include the mark of user, and IP application requests are sent to nucleus equipment;So that the nucleus equipment is according to the IP
Application request, is the corresponding IP address of the user equipment allocation, and the IP is applied the mark and acquiescence of the user in request
VLAN sets up incidence relation, and the IP address that the nucleus equipment that will be received sends is transmitted to the user equipment, receives the core
The default privilege information on the acquiescence Sub-VLAN that equipment sends, and by the default privilege information configuration to the first port,
The resource access request that the user equipment is sent by the first port is received, and according to the default privilege information, to the resource
Access request is processed accordingly, so that the deployment of existing flat network topology is not needed upon equipment to go to complete one by one,
I.e. nucleus equipment carries out automatic deployment to its connectivity port, therefore solve flattening in the prior art according to the request of user
The big problem of network design workload, and it is effectively improved the adaptivity of network design.
Further, in another embodiment of the present invention, on the basis of above-mentioned embodiment illustrated in fig. 7, step 303
Or after step 304, the method can also include:
Access device receives the certification request that the user equipment is sent by the first port, and the certification request includes:Should
The mark of user;And the certification request is sent to the nucleus equipment, so that the nucleus equipment is according to the certification request, to the use
The mark at family is authenticated, and obtains the primary sector that the mark of the user is belonged to, and the mark of the primary sector is corresponding
The first Sub-VLAN, the mark of the user and first Sub-VLAN are set up into incidence relation, delete the ID and the acquiescence
The incidence relation of Sub-VLAN;
The authentication response that access device will be received is sent to the user equipment;
The first authority that access device is received on first Sub-VLAN that the nucleus equipment is sent by the management passage is believed
Breath, and first authority information is configured in the first port, to replace the default privilege information in the first port;
Then when the access device receives the resource access request that the user equipment is sent by the first port, access sets
For according to first authority information, the resource access request is processed accordingly.
Preferably, the method can further include:
Access device receives the handover request that the user equipment is sent by the first port, and the handover request includes:Should
The mark and the mark of corresponding secondary sector of user;And the handover request is sent to the nucleus equipment, so that the core sets
It is standby that corresponding second Sub-VLAN of mark of secondary sector is obtained according to the handover request, and by the mark of the user and this second
Sub-VLAN sets up incidence relation, and deletes the incidence relation or the ID of the ID and the acquiescence Sub-VLAN and be somebody's turn to do
The incidence relation of the first Sub-VLAN;
The second authority that access device is received on second Sub-VLAN that the nucleus equipment is sent by the management passage is believed
Breath, and second authority information is configured in the first port, with replace the default privilege information in the first port or
First authority information in the person first port;
Then the mark for carrying the user that the user equipment is sent by the first port is received in the access device
During resource access request, the access device is processed the resource access request accordingly according to second authority information.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above-mentioned each method embodiment can lead to
The related hardware of programmed instruction is crossed to complete.Foregoing program can be stored in a computer read/write memory medium.The journey
Sequence upon execution, performs the step of including above-mentioned each method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or
Person's CD etc. is various can be with the medium of store program codes.
Fig. 8 is the structural representation of one embodiment of the processing unit of inventive network configuration, as shown in figure 8, this reality
The device for applying example includes:It was found that processing module 11, study processing module 12, transceiver module 13, IP address distribute module 14 and matching somebody with somebody
Put processing module 15;Wherein, it is found that processing module 11 is used to find the access device in network using device clusters management agreement,
And the management passage of foundation and the access device;Study processing module 12 is used to learn the access device by the management passage
Port information, the access device is invented a board of the nucleus equipment;Transceiver module 13 is used to receive user equipment
The IP application requests of transmission;IP address distribute module 14 is used to be applied asking according to the IP, for the user equipment allocation is corresponding
IP address;The mark of the user that configuration processing module 15 is used for during IP applications are asked is set up with acquiescence Sub-VLAN and is associated
System, and recognize the first port and corresponding first access device of user equipment access;Transceiver module 13 is used to give tacit consent to this
Default privilege information on Sub-VLAN is configured in the first port by the management passage, so that first access device is logical
Cross the first port receive the user equipment transmission resource access request when, according in the first port default privilege letter
Breath, is processed the resource access request accordingly.
The processing unit of the network configuration of the present embodiment is specially nucleus equipment, it is possible to perform the implementation of method shown in Fig. 3
The technical scheme of example, its realization principle is similar, and here is omitted.
In the present embodiment, the access device in network is found using device clusters management agreement by nucleus equipment, and
The management passage with the access device is set up, the port information of the access device is learnt by the management passage, access is set
A standby board for inventing the nucleus equipment, after the IP application requests for receiving user equipment transmission, for this is used for equipment
Distribution IP address, and the incidence relation identified with the acquiescence Sub-VLAN that the IP applies for the user in request is set up, identifying user
First port and corresponding first access device that equipment is accessed, will give tacit consent to the default privilege information on Sub-VLAN by the management
Passage is configured in first port, so that first access device is receiving the money that the user equipment sends by first port
During the access request of source, according to the default privilege information in the first port, the resource access request is processed accordingly, from
And cause that the deployment of existing flat network topology is not needed upon equipment and goes to complete one by one, i.e., according to the request of user, connect to it
Port carries out automatic deployment, therefore solves the problems, such as that flattening network design workload is big in the prior art, and effectively carries
The adaptivity of network design high.
Fig. 9 is the structural representation of another embodiment of the processing unit of inventive network configuration, shown in above-mentioned Fig. 8
On the basis of embodiment, as shown in figure 9, transceiver module 13 is additionally operable to receive the user equipment by the first port and corresponding
The certification request that first access device sends, the certification request includes the mark of the user.
Then the device of the present embodiment also includes:Authentication module 16 is used for according to the certification request, and the mark to the user is entered
Row certification;The transceiver module 13 is additionally operable to for the authentication response of acquisition to return to the user equipment;The configuration processing module 15 is also
For obtaining the primary sector belonging to the mark of the user, and corresponding first Sub-VLAN of the primary sector is obtained, by the user
Mark and first Sub-VLAN set up incidence relation, delete the incidence relation of the ID and the acquiescence Sub-VLAN;The receipts
The first authority information that hair module 13 is additionally operable on first Sub-VLAN that will get by the management passage be configured to this
Single port, to replace the default privilege information in the first port, so that first access device is by the first port
When receiving the resource access request of user equipment transmission, according to the first authority information in the first port, to the resource
Access request is processed accordingly.
Preferably, the transceiver module 13 is additionally operable to receive the handover request that the user equipment sends, and the handover request includes:
The mark and the mark of corresponding secondary sector of the user;
Then the configuration processing module 15 is additionally operable to obtain corresponding second Sub-VLAN of mark of secondary sector, and by the user
Mark and second Sub-VLAN set up incidence relation, delete the incidence relation of the ID and the acquiescence Sub-VLAN;The receipts
The second authority information that hair module 13 is additionally operable on second Sub-VLAN that will get is configured to the first port, so that replace should
Default privilege information in first port, so that first access device is receiving user equipment hair by first port
During the resource access request sent, according to the second authority information in the first port, the resource access request is carried out accordingly
Treatment.
Or, then the configuration processing module 15 is additionally operable to obtain corresponding second Sub-VLAN of mark of secondary sector, and will
The mark of the user and second Sub-VLAN set up incidence relation, and that deletes the ID and first Sub-VLAN associates pass
System;The second authority information that the transceiver module 13 is additionally operable on second Sub-VLAN that will get is configured to the first port,
To replace first authority information in the first port, so that first access device is receiving the use by first port
During the resource access request that family equipment sends, according to the second authority information in the first port, the resource access request is entered
The corresponding treatment of row.
Preferably, transceiver module 13 is additionally operable to obtain the mark of default privilege information, the organizational information of department and department
Know corresponding authority information;The organizational information of the department includes the mark of the user under the mark and the department of the department.
Then the device also includes:VLAN creation modules 17 and permission configuration module 18;Wherein, VLAN creation modules 17 are used for
A primary vlan is created, and is respectively the mark of each department and create corresponding Sub-VLAN;Permission configuration module 18 is used to divide
The corresponding authority information of the mark of the department is not configured on corresponding Sub-VLAN;The VLAN creation modules 17 are additionally operable to create
Acquiescence Sub-VLAN;The permission configuration module 18 is additionally operable in the default privilege information configuration to the acquiescence Sub-VLAN;Wherein, should
Acquiescence Sub-VLAN is associated with primary vlan respectively with the Sub-VLAN.
The processing unit of the network configuration of the present embodiment can perform the technical side of any shown embodiments of the method for Fig. 4 to 6
Case, its realization principle is similar, and here is omitted.
Figure 10 is the structural representation of another embodiment of the processing unit of inventive network configuration, as shown in Figure 10,
The device of the present embodiment includes:Transceiver module 21, configuration module 22 and processing module 23;Wherein, transceiver module 21 is used to receive
User equipment applies for request by the IP that first port sends, and the IP is applied to ask the management by being set up with nucleus equipment
Passage is sent to nucleus equipment;So that the nucleus equipment is applied asking according to the IP, corresponding IP ground is distributed for this is used for equipment
Location, and the mark of the user in IP application requests and acquiescence Sub-VLAN are set up into incidence relation;Transceiver module 21 be additionally operable to by
The nucleus equipment for receiving is transmitted to the user equipment by the IP address that the management passage sends;Transceiver module 21 is additionally operable to
Receive the default privilege information on the acquiescence Sub-VLAN that the nucleus equipment is sent by the management passage;Configuration module 22 is used for
The default privilege message identification is configured in the first port;Transceiver module 21 be additionally operable to receive the user equipment by this
The resource access request that Single port sends;Processing module 23 is used for according to the default privilege information, and the resource access request is entered
The corresponding treatment of row.
The processing unit of the network configuration of the present embodiment is specially access device, it is possible to perform the implementation of method shown in Fig. 7
The technical scheme of example, its realization principle is similar, and here is omitted.
In the present embodiment, access device receives user equipment and applies asking by the IP that first port sends, the IP Shens
Please ask to include the mark of user, and IP application requests are sent to nucleus equipment;So that the nucleus equipment is according to the IP
Application request, is the corresponding IP address of the user equipment allocation, and the IP is applied the mark and acquiescence of the user in request
VLAN sets up incidence relation, and the IP address that the nucleus equipment that will be received sends is transmitted to the user equipment, receives the core
The default privilege information on the acquiescence Sub-VLAN that equipment sends, and by the default privilege information configuration to the first port,
The resource access request that the user equipment is sent by the first port is received, and according to the default privilege information, to the resource
Access request is processed accordingly, so that the deployment of existing flat network topology is not needed upon equipment to go to complete one by one,
I.e. nucleus equipment carries out automatic deployment to its connectivity port, therefore solve flattening in the prior art according to the request of user
The big problem of network design workload, and it is effectively improved the adaptivity of network design.
Further, in another embodiment of the present invention, on the basis of example shown in above-mentioned Figure 10, transceiver module
21 are additionally operable to receive the certification request that the user equipment is sent by the first port, and the certification request includes:The mark of the user
Know;And the certification request is sent to the nucleus equipment, so that the nucleus equipment is according to the certification request, to the mark of the user
Be authenticated, and obtain the primary sector that the mark of the user is belonged to, and the primary sector mark it is corresponding first son
VLAN, incidence relation is set up by the mark of the user and first Sub-VLAN, deletes the ID with the acquiescence Sub-VLAN
Incidence relation;The authentication response that the transceiver module 21 is additionally operable to receive is sent to the user equipment;The transceiver module 21
Be additionally operable to receive the first authority information on first Sub-VLAN that the nucleus equipment is sent by the management passage with;The configuration
Module 22 is additionally operable to be configured to first authority information in the first port, to replace the default privilege in the first port
Information;The transceiver module 21 is additionally operable to receive the user equipment by first port transmission resource access request;The treatment mould
Block 23 is additionally operable to, according to first authority information, the resource access request be processed accordingly.
Preferably, transceiver module 21 is additionally operable to receive the handover request that the user equipment is sent by the first port, should
Handover request includes:The mark and the mark of corresponding secondary sector of the user;And the handover request is sent to the core sets
It is standby, so that the nucleus equipment is according to the handover request, obtain corresponding second Sub-VLAN of mark of secondary sector, and by the user
Mark and second Sub-VLAN set up incidence relation, and delete the ID and the acquiescence Sub-VLAN incidence relation or
The incidence relation of the ID and first Sub-VLAN;The transceiver module 21 is additionally operable to receive the nucleus equipment by the management
The mark of the second authority information and corresponding user on second Sub-VLAN of passage transmission;The configuration module 22 be additionally operable to by
The mark of second authority information and corresponding user is configured in the first port, to replace the acquiescence in the first port
First authority information on authority information or the first port;The transceiver module 21 be additionally operable to receive the user equipment pass through
The first port sends resource access request;The processing module 23 is additionally operable to according to second authority information, and the resource is accessed
Request is processed accordingly.
Present invention also offers a kind of communication system, including:Nucleus equipment and access device;Wherein, the nucleus equipment is
The processing unit of the network configuration as shown in above-mentioned Fig. 8 or 9;The access device is the treatment dress of network configuration as shown in Figure 10
Put, its realization principle is similar, and here is omitted.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent
Pipe has been described in detail with reference to foregoing embodiments to the present invention, it will be understood by those within the art that:Its according to
The technical scheme described in foregoing embodiments can so be modified, or which part or all technical characteristic are entered
Row equivalent;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology
The scope of scheme.
Claims (11)
1. a kind of processing method of network configuration, it is characterised in that including:
Nucleus equipment finds the access device in network using device clusters management agreement, and sets up the pipe with the access device
Reason passage;
The nucleus equipment learns the port information of the access device by the management passage, and the access device is empty
Intend into a board of the nucleus equipment;
The nucleus equipment receives the protocol IP application interconnected between the network that user equipment is sent by the management passage and asks
Ask, and applied asking according to the IP, be the corresponding IP address of the user equipment allocation;
The nucleus equipment associates the mark of the user in IP application requests with sub- virtual local area VLAN foundation is given tacit consent to
System, and the first port and corresponding first access device of the user equipment access are recognized, by the acquiescence Sub-VLAN
Default privilege information is configured in the first port by the management passage, so that first access device is by institute
When stating first port and receiving the resource access request that the user equipment sends, according to the default privilege in the first port
Information, is processed the resource access request accordingly;
The nucleus equipment recognizes the first port and corresponding first access device of the user equipment access, by the acquiescence
After default privilege information on Sub-VLAN is configured in the first port by the management passage, methods described is also wrapped
Include:
The nucleus equipment receives the user equipment by recognizing that the first port and corresponding first access device send
Card request, the certification request includes the mark of the user;
The nucleus equipment is authenticated according to the certification request, the mark to the user, and the authentication response that will be obtained
Return to the user equipment;
The nucleus equipment obtains the primary sector belonging to the mark of the user, and obtains the primary sector corresponding first
Sub-VLAN, incidence relation is set up by the mark of the user and first Sub-VLAN, deletes the ID silent with described
Recognize the incidence relation of Sub-VLAN;
The first authority information on first Sub-VLAN that the nucleus equipment will get is configured by the management passage
To the first port, to replace the default privilege information in the first port, so that first access device exists
When receiving the resource access request that the user equipment sends to the first port, according to first in the first port
Authority information, is processed the resource access request accordingly.
2. method according to claim 1, it is characterised in that first Sub-VLAN that the nucleus equipment will get
On the first authority information the first port is configured to by the management passage, described in replacing in the first port
After default privilege information, also include:
The nucleus equipment receives the handover request that the user equipment sends, and the handover request includes:The mark of the user
Know the mark with corresponding secondary sector;The nucleus equipment obtains corresponding second Sub-VLAN of mark of secondary sector, and will
The mark of the user sets up incidence relation with second Sub-VLAN, deletes the ID and first Sub-VLAN
The second authority information on incidence relation, then second Sub-VLAN that will be got is configured to the first port, to replace
First authority information in the first port, so that first access device is received by the first port
During the resource access request that the user equipment sends, according to the second authority information in the first port, to the resource
Access request is processed accordingly.
3. method according to claim 1, it is characterised in that the nucleus equipment receives the IP applications that user equipment sends
Before request, methods described also includes:
The nucleus equipment obtains the corresponding authority letter of mark of default privilege information, the organizational information of department and department
Breath;The organizational information of the department includes the mark of the user under the mark and the department of the department;
The nucleus equipment creates a primary vlan, and respectively the mark of each department creates corresponding Sub-VLAN, and
The corresponding authority information of the mark of the department is configured on corresponding Sub-VLAN respectively;
The nucleus equipment creates acquiescence Sub-VLAN, and by the default privilege information configuration to the acquiescence Sub-VLAN;
Wherein, the acquiescence Sub-VLAN is associated with primary vlan respectively with the Sub-VLAN.
4. a kind of processing method of network configuration, it is characterised in that including:
Access device receives the protocol IP application request of interconnection between the network that user equipment is sent by first port, and by institute
State IP application requests and nucleus equipment is sent to by the management passage set up with nucleus equipment;So that the nucleus equipment is according to institute
IP application requests are stated, is the corresponding IP address of the user equipment allocation, and the IP is applied the mark of the user in request
Incidence relation is set up with acquiescence Sub-VLAN;
The access device is transmitted to described by the IP address that the nucleus equipment that the management passage will be received sends
User equipment;
The access device receives the nucleus equipment by the sub- virtual local area VLAN of the acquiescence that the management passage sends
On default privilege information, and the default privilege message identification is configured in the first port;
The access device receives the resource access request that the user equipment is sent by the first port, and according to described
Default privilege information, is processed the resource access request accordingly;
Also include:
The access device receives the certification request that the user equipment is sent by the first port, the certification request bag
Include:The mark of the user;And the certification request is sent to the nucleus equipment, so that the nucleus equipment is according to
Certification request, the mark to the user is authenticated, and obtains the primary sector that the mark of the user is belonged to, Yi Jisuo
Corresponding first Sub-VLAN of mark of primary sector is stated, the mark of the user is set up with first Sub-VLAN and is associated
System, deletes the incidence relation of the ID and the acquiescence Sub-VLAN;
The authentication response that the access device will be received is sent to the user equipment;
The access device receives first on first Sub-VLAN that the nucleus equipment is sent by the management passage
Authority information, and first authority information is configured in the first port, described in replacing in the first port
Default privilege information;
It is described to connect then when the access device receives the user equipment and sends resource access request by the first port
Enter equipment according to first authority information, the resource access request is processed accordingly.
5. method according to claim 4, it is characterised in that also include:
The access device receives the handover request that the user equipment is sent by the first port, the handover request bag
Include:The mark and the mark of corresponding secondary sector of the user;And the handover request is sent to the nucleus equipment, with
For the nucleus equipment according to the handover request, corresponding second Sub-VLAN of mark of secondary sector is obtained, and by the use
The mark at family and second Sub-VLAN set up incidence relation, and delete associating for the ID and first Sub-VLAN
Relation;
The access device receives second on second Sub-VLAN that the nucleus equipment is sent by the management passage
Authority information, and second authority information is configured in the first port, described in replacing in the first port
First authority information;
It is described to connect then when the access device receives the user equipment and sends resource access request by the first port
Enter equipment according to second authority information, the resource access request is processed accordingly.
6. a kind of processing unit of network configuration, it is characterised in that including:
It was found that processing module, for finding the access device in network using device clusters management agreement, and foundation connects with described
Enter the management passage of equipment;
Study processing module, the port information for learning the access device by the management passage, by the access
Equipment invents a board of nucleus equipment;
Transceiver module, please for receiving the protocol IP application interconnected between the network that user equipment is sent by the management passage
Ask;
IP address distribute module, is the corresponding IP address of the user equipment allocation for being applied asking according to the IP;
Configuration processing module, closes for the mark virtual local area VLAN with acquiescence of the user in IP application requests to be set up
Connection relation, and recognize the first port and corresponding first access device of the user equipment access;
The transceiver module, for the default privilege information on the acquiescence Sub-VLAN to be configured into institute by the management passage
State in first port, so that first access device is receiving the money that the user equipment sends by the first port
During the access request of source, according to the default privilege information in the first port, the resource access request is located accordingly
Reason;
The transceiver module is additionally operable to receive the user equipment by the first port and corresponding first access device hair
The certification request sent, the certification request includes the mark of the user;
Then described device also includes:
Authentication module, for according to the certification request, the mark to the user to be authenticated;
The transceiver module is additionally operable to for the authentication response of acquisition to return to the user equipment;
The configuration processing module is additionally operable to obtain the primary sector belonging to the mark of the user, and obtains the primary sector
Corresponding first Sub-VLAN, incidence relation is set up by the mark of the user and first Sub-VLAN, deletes user's mark
Know the incidence relation with the acquiescence Sub-VLAN;
The first authority information that the transceiver module is additionally operable on first Sub-VLAN that will get is logical by the management
Road is configured to the first port, to replace the default privilege information in the first port, for the described first access
Equipment when the resource access request that the user equipment sends is received by the first port, according to the first port
On the first authority information, the resource access request is processed accordingly.
7. device according to claim 6, it is characterised in that the transceiver module is additionally operable to receive the user equipment hair
The handover request sent, the handover request includes:The mark and the mark of corresponding secondary sector of the user;
Then the configuration processing module is additionally operable to obtain corresponding second Sub-VLAN of mark of secondary sector, and by the user's
Mark sets up incidence relation with second Sub-VLAN, deletes the incidence relation of the ID and first Sub-VLAN;
The second authority information that the transceiver module is additionally operable on second Sub-VLAN that will get is configured to the first port,
To replace first authority information in the first port, so that first access device is by the first port
When receiving the resource access request that the user equipment sends, according to the second authority information in the first port, to institute
Resource access request is stated to be processed accordingly.
8. device according to claim 6, it is characterised in that the transceiver module be additionally operable to obtain default privilege information,
The organizational information of department and the corresponding authority information of the mark of department;The organizational information of the department includes the portion
The mark of the user under the mark of door and the department;
Then described device also includes:
VLAN creation modules, corresponding son is created for creating a primary vlan, and being respectively the mark of each department
VLAN;
Permission configuration module, for the corresponding authority information of the mark of the department to be configured into corresponding Sub-VLAN respectively;
The VLAN creation modules are additionally operable to create acquiescence Sub-VLAN;
The permission configuration module is additionally operable in the default privilege information configuration to the acquiescence Sub-VLAN;
Wherein, the acquiescence Sub-VLAN is associated with primary vlan respectively with the Sub-VLAN.
9. a kind of processing unit of network configuration, it is characterised in that including:
Transceiver module, asks for receiving the protocol IP application interconnected between the network that user equipment is sent by first port,
And IP application requests are sent to nucleus equipment by the management passage set up with nucleus equipment;For the nucleus equipment
Asked according to IP applications, be described for the corresponding IP address of equipment distribution, and the IP is applied for into the user in request
Mark set up incidence relation with the sub- virtual local area VLAN of acquiescence;
The IP address that the nucleus equipment sends that the transceiver module is additionally operable to be received by the management passage is forwarded
To the user equipment;
The transceiver module is additionally operable to receive on the acquiescence Sub-VLAN that the nucleus equipment is sent by the management passage
Default privilege information;
Configuration module, for the default privilege message identification to be configured into the first port;
The transceiver module is additionally operable to receive the resource access request that the user equipment is sent by the first port;
Processing module, for according to the default privilege information, being processed accordingly the resource access request;
The transceiver module is additionally operable to receive the certification request that the user equipment is sent by the first port, the certification
Request includes:The mark of the user;And the certification request is sent to the nucleus equipment, for the nucleus equipment root
According to the certification request, the mark to the user is authenticated, and obtains the primary sector that the mark of the user is belonged to,
And corresponding first Sub-VLAN of mark of the primary sector, the mark of the user is set up with first Sub-VLAN and is closed
Connection relation, deletes the incidence relation of the ID and the acquiescence Sub-VLAN;
The authentication response that the transceiver module is additionally operable to receive is sent to the user equipment;
The transceiver module is additionally operable to receive on first Sub-VLAN that the nucleus equipment is sent by the management passage
The first authority information;
The configuration module is additionally operable to be configured to first authority information in the first port, to replace the first end
The default privilege information on mouth;
The transceiver module is additionally operable to receive the user equipment by first port transmission resource access request;
The processing module is additionally operable to, according to first authority information, the resource access request be processed accordingly.
10. device according to claim 9, it is characterised in that the transceiver module is additionally operable to receive the user equipment
The handover request sent by the first port, the handover request is included:The mark of the user and corresponding second
The mark of door;And the handover request is sent to the nucleus equipment, so that the nucleus equipment is according to the handover request,
Corresponding second Sub-VLAN of mark of secondary sector is obtained, and the mark of the user is associated with second Sub-VLAN foundation
Relation, and delete the incidence relation of the ID and first Sub-VLAN;
The transceiver module is additionally operable to receive on second Sub-VLAN that the nucleus equipment is sent by the management passage
The second authority information;
The configuration module is additionally operable to be configured to second authority information in the first port, to replace the first end
First authority information on mouth;
The transceiver module is additionally operable to receive the user equipment by first port transmission resource access request;
The processing module is additionally operable to, according to second authority information, the resource access request be processed accordingly.
A kind of 11. communication systems, it is characterised in that including:Nucleus equipment and access device;Wherein, the nucleus equipment be as
The processing unit of any described network configuration of claim 6 to 8;The access device is such as any institute of claim 9 to 10
The processing unit of the network configuration stated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310652734.3A CN103684861B (en) | 2013-12-05 | 2013-12-05 | Method and device for processing network configuration and communication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310652734.3A CN103684861B (en) | 2013-12-05 | 2013-12-05 | Method and device for processing network configuration and communication system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103684861A CN103684861A (en) | 2014-03-26 |
CN103684861B true CN103684861B (en) | 2017-05-24 |
Family
ID=50321242
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310652734.3A Active CN103684861B (en) | 2013-12-05 | 2013-12-05 | Method and device for processing network configuration and communication system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103684861B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106330492B (en) * | 2015-06-23 | 2019-11-26 | 华为技术有限公司 | A kind of method, apparatus and system configuring user equipment forwarding table |
CN105376132B (en) * | 2015-10-27 | 2019-08-16 | 上海斐讯数据通信技术有限公司 | System and method based on client configuring virtual LAN |
CN105610669A (en) * | 2015-12-28 | 2016-05-25 | 湖南基石通信技术有限公司 | Address distribution method and device for Supervlan flattened network |
CN108833362B (en) * | 2018-05-23 | 2021-05-07 | 邱婧 | Equipment access authority control method, device and system |
CN110175824A (en) * | 2019-05-22 | 2019-08-27 | 上海盛付通电子支付服务有限公司 | For carrying out the equipment and resource allocation method of resource distribution |
CN110519404B (en) * | 2019-08-02 | 2022-04-26 | 锐捷网络股份有限公司 | SDN-based policy management method and device and electronic equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101427523B (en) * | 2006-12-27 | 2011-07-06 | 华为技术有限公司 | A business-binding method and device |
CN102326370A (en) * | 2011-08-05 | 2012-01-18 | 华为技术有限公司 | Message processing method, apparatus and system |
CN103095495A (en) * | 2013-01-06 | 2013-05-08 | 华为技术有限公司 | Network implementation configuration method, device and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130034015A1 (en) * | 2011-08-05 | 2013-02-07 | International Business Machines Corporation | Automated network configuration in a dynamic virtual environment |
-
2013
- 2013-12-05 CN CN201310652734.3A patent/CN103684861B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101427523B (en) * | 2006-12-27 | 2011-07-06 | 华为技术有限公司 | A business-binding method and device |
CN102326370A (en) * | 2011-08-05 | 2012-01-18 | 华为技术有限公司 | Message processing method, apparatus and system |
CN103095495A (en) * | 2013-01-06 | 2013-05-08 | 华为技术有限公司 | Network implementation configuration method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN103684861A (en) | 2014-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103684861B (en) | Method and device for processing network configuration and communication system | |
CN104685500B (en) | The method and system of application security strategy in overlay network | |
CN104272702B (en) | Method and apparatus for supporting accesses control list in multi-tenant environment | |
CN103607432B (en) | A kind of method and system of network creation and the network control center | |
CN105991738B (en) | Method and system across security domain resource-sharing in a kind of cloud resource pond | |
CN105577723B (en) | Virtualize the method and apparatus that load balancing is realized in network | |
CN107113219A (en) | VLAN marks in virtual environment | |
CN104506404B (en) | The method and apparatus for establishing VLAN forwarding channel | |
CN106383736B (en) | Ports-Extending method and apparatus | |
CN103026660A (en) | Network policy configuration method, management device and network management centre device | |
CN107426152B (en) | Multitask security isolation system and method under cloud platform actual situation Interconnection Environment | |
CN107979614A (en) | Data packet detection method and device | |
CN104144095B (en) | Terminal authentication method and interchanger | |
CN105635190B (en) | Service executing apparatus in data center network and device | |
CN103138990A (en) | Virtual machine management method under cloud computing network and cloud computing network management device | |
CN109639455A (en) | A kind of network management and system of container cloud platform | |
WO2016095493A1 (en) | Method, apparatus, and controller for resource virtualization processing | |
CN107846313A (en) | A kind of method and the network equipment of network service template generation | |
CN107547351A (en) | Address distribution method and device | |
CN104349511B (en) | The distribution method and device of AP addresses in wlan network | |
CN106375442A (en) | Cross-platform device information management method and apparatus | |
CN106921610A (en) | Access control method and the network equipment | |
CN105827648B (en) | Network admittance control system and control method based on the binding of IP-MAC real name | |
CN105281957B (en) | A kind of method and server of the access device in Internet of Things | |
CN108270858A (en) | A kind of private cloud framework and its data processing method based on API gateway |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |