CN103944886A - Method and system for achieving safety of port - Google Patents
Method and system for achieving safety of port Download PDFInfo
- Publication number
- CN103944886A CN103944886A CN201410110953.3A CN201410110953A CN103944886A CN 103944886 A CN103944886 A CN 103944886A CN 201410110953 A CN201410110953 A CN 201410110953A CN 103944886 A CN103944886 A CN 103944886A
- Authority
- CN
- China
- Prior art keywords
- mac
- source
- rule
- port security
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and system for achieving safety of a port. The method mainly comprises the steps of enabling a switch port to obtain the port safety function, and closing the capacity that the port performs hardware learning on the MAC address; configuring the port safety IP-MAC rule to the switch port; if the state of the switch port is up when the IP-MAC rule is configured or after the IP-MAC rule is configured, sending an ARP message by the switch port, performing matching according to the content of the received ARP message and the configured port safety IP-MAC rule, and executing motion on MAC table items in an FDB table. According to the method and system, the problems existing in the port safety and compatibility between various operation systems can be solved well, meanwhile, the problem that the MAC address table is too large can be solved, and in the practical application, the application of banks or other financial systems in the safety access control strategy can be effectively achieved.
Description
Technical field
The invention belongs to data communication technology field, relate to a kind of implementation method and system of port security rule.
Background technology
To access safe access control stricter industry, for example financial industry for realizing safe access control, is conventionally opened port security feature and is carried out safe access control on access switch.The particular host ability accesses network of only having permission, the main frame not being allowed to is disable access network.
On access-layer switch, implement after port security module, if that enforcement is the MAC(Media Access Control of port security, media interviews control) rule, uncontrollable user arbitrarily changes the phenomenon of IP address; If what implement is maximum number rule, cannot carry out security control for certain particular terminal; But the IP-MAC rule of port security has solved above two problems, and its way adopting is to only have the terminal of special MAC and IP address just to allow accesses network, otherwise can be rejected.But in actual applications,, if IP-MAC mechanism is dealt with improperly and can cause and the compatibility issue of different operating system terminal, cause IP-MAC rule to be restricted in specifically practicing.
The problem summing up is thus, on access-layer switch, implementing port security conducts interviews after control, what no matter adopt is MAC rule or MAXIMUM rule, all cannot accomplish that designated terminal uses effect of assigned ip access network, IP-MAC rule process flow process imperfection also can cause the problem of port security and different operating system compatibility simultaneously.
Summary of the invention
Technical problem to be solved by this invention is in order to overcome that prior art middle port safety regulation and different operating system terminal exist compatible problem and implementation method and system that a kind of port security is provided.
The technical scheme that the present invention solves its technical problem employing is: a kind of implementation method of port security IP-MAC rule, comprising:
The port security feature of enabled switch port, closes the ability of this port hardware study media interviews control MAC Address;
In the safe IP-MAC rule of switch ports themselves configured port;
If when in the time of configuration of IP-MAC rule or after configuration of IP-MAC rule, the state of switch ports themselves is for connection up, switch ports themselves sends ARP message and mates with the port security IP-MAC rule of configuration according to the ARP message content receiving, and according to matching result, the MAC address entries in FDB table is carried out to corresponding actions.
Further, if the state of described switch ports themselves is that while being communicated with up, switch ports themselves sends ARP request message;
When three layers of VLAN interface at the switch ports themselves place that has configured port security IP-MAC rule dispose IP address, in the ARP request message sending, source IP and source MAC select IP and the MAC of these three layers of VLAN interfaces;
When three layers of VLAN interface at the switch ports themselves place that has configured port security IP-MAC rule do not have configuration of IP address, the source IP in the ARP request message sending and source MAC select other IP and the MAC of arbitrary three layers of VLAN interface of switch;
When the arbitrary three layers of VLAN interface of switch complete machine all do not dispose IP, do not send ARP request message.
Further, the process that described switch mates with port security IP-MAC rule according to the ARP message content receiving is:
Source MAC in the ARP message that extraction receives and source IP, if source MAC and port security IP-MAC rule match, but IP do not mate, and source IP in this ARP message is not full 0, deletes the MAC address entries of this source MAC in FDB table;
If source MAC and port security IP-MAC rule match, but IP do not mate, and source IP in this ARP message is full 0, do not delete the MAC address entries of this source MAC in FDB table;
If source MAC and source IP all mate with port security IP-MAC rule, this source MAC is added to the MAC address entries in FDB table;
If source MAC does not mate with port security IP-MAC rule, delete the MAC address entries of this source MAC in FDB table.
Further, the ARP message that described switch receives comprises ARP request message and arp response message, comprises respectively source MAC and source IP in described ARP request message and arp response message.
Further, if after configuration of IP-MAC rule the state of switch ports themselves when not being communicated with DOWN or terminal in down status, in FDB table, delete this MAC address entries.
Further, whether described terminal tests by regular transmission ARP message in down status, if do not receive that the back message using of terminal represents that this terminal is in down status in Preset Time or in default transmission ARP message number of times, delete this MAC address entries in FDB table.
For technical solution problem, the present invention also provides a kind of system that realizes of port security IP-MAC rule, comprising: port security starts module, port security IP-MAC rule configuration module and port security IP-MAC rule match module;
Described port security starts the port security feature of module for enabled switch port, closes the ability of this port hardware learning MAC address;
Described port security IP-MAC rule configuration module is used in the safe IP-MAC rule of switch ports themselves configured port;
If described port security IP-MAC rule match module is up for the state of switch ports themselves in the time that configuration of IP-MAC is regular or after configuration of IP-MAC rule, switch ports themselves sends ARP message and mates with the port security IP-MAC rule of configuration according to the ARP message content receiving, and the MAC address entries in FDB table is performed an action.
Further, described port security IP-MAC matching module is in the time that the state of described switch ports themselves is up, and switch ports themselves sends ARP request message;
When having configured three layers of VLAN(local area network (LAN) at switch ports themselves place of port security IP-MAC rule) interface configuration has IP address, and in the ARP request message sending, source IP and source MAC select IP and the MAC of these three layers of VLAN interfaces;
When three layers of VLAN interface at the switch ports themselves place that has configured port security IP-MAC rule do not have configuration of IP address, the source IP in the ARP request message sending and source MAC select other IP and the MAC of arbitrary three layers of VLAN interface of switch;
When the arbitrary three layers of VLAN interface of switch complete machine all do not dispose IP, do not send ARP request message.
Further, the process that in described port security IP-MAC matching module, switch mates with port security IP-MAC rule according to the ARP message content receiving is:
Source MAC in the ARP message that extraction receives and source IP, if source MAC and port security IP-MAC rule match, but IP do not mate, and source IP in this ARP message is not full 0, deletes the MAC address entries of this source MAC in FDB table;
If source MAC and port security IP-MAC rule match, but IP do not mate, and source IP in this ARP message is full 0, do not delete the MAC address entries of this source MAC in FDB table;
If source MAC and source IP all mate with port security IP-MAC rule, this source MAC is added to the MAC address entries in FDB table;
If source MAC does not mate with port security IP-MAC rule, delete the MAC address entries of this source MAC in FDB table.
Further, described port security IP-MAC matching module also for, if after configuration of IP-MAC rule the state of switch ports themselves be DOWN or terminal in down status, in FDB table, delete this MAC address entries.
Beneficial effect of the present invention: implementation method and the system of a kind of port security IP-MAC rule of the present invention, by sending ARP message and receive ARP message at the switch ports themselves that disposes port security IP-MAC rule, and the source MAC and the source IP that extract in message mate with port security IP-MAC rule, specify the terminal of MAC and IP address can allow accesses network thereby realized, can be good at solving the problem existing between port security and the compatibility of various operating systems, can prevent the problem that mac address table is excessive simultaneously; And in actual applications, can effectively realize bank or the application of other financial sectors on Access control strategy.
Brief description of the drawings
Fig. 1 is the system block diagram of the implementation method of a kind of port security IP-MAC rule of the embodiment of the present invention;
Fig. 2 is the particular flow sheet of the implementation method middle port state of a kind of port security IP-MAC rule of embodiment of the present invention IP-MAC rule match while being up;
Fig. 3 is the particular flow sheet of the IP-MAC rule match of the implementation method middle port state of a kind of port security IP-MAC rule of the embodiment of the present invention while being DOWN;
Fig. 4 is the schematic block diagram of the system that realizes of a kind of port security IP-MAC rule of the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing and specific embodiment, the invention will be further elaborated.
The system block diagram that is illustrated in figure 1 the implementation method of a kind of port security IP-MAC rule of the embodiment of the present invention, comprising:
The port security feature of enabled switch port, closes this port hardware study MAC(Media Access Control, media interviews control) ability of address;
The safe IP-MAC rule of configured port on this port of switch; Described IP-MAC rule refers to the rule that has comprised an IP address and a MAC Address;
If the state of switch ports themselves is up in the time of configuration of IP-MAC rule or after configuration of IP-MAC rule, switch ports themselves sends ARP (Address Resolution Protocol, address resolution protocol) request message mating with the port security IP-MAC rule of configuration according to the ARP message content that receives, according to matching result to FDB(Forwarding DataBase, addresses forwarding table) table in MAC address entries carry out corresponding actions.
A kind of port security implementation method of the present invention is by sending ARP message and receive ARP message at the switch ports themselves that disposes port security IP-MAC rule, and the source MAC and the source IP that extract in message mate with port security IP-MAC rule, specify the terminal of MAC and IP address can allow accesses network thereby realized, below will be respectively under switch ports themselves different conditions after the safe IP-MAC rule of configured port, the process of IP-MAC rule match is elaborated:
As shown in Figure 2, if when the state of described switch ports themselves is up, switch ports themselves sends ARP request message;
When having configured three layers of VLAN(local area network (LAN) at switch ports themselves place of port security IP-MAC rule) interface configuration has IP address, and in the ARP request message sending, source IP and source MAC select IP and the MAC of these three layers of VLAN interfaces;
When three layers of VLAN interface at the switch ports themselves place that has configured port security IP-MAC rule do not have configuration of IP address, the source IP in the ARP request message sending and source MAC select other IP and the MAC of arbitrary three layers of VLAN interface of switch;
When the arbitrary three layers of VLAN interface of switch complete machine all do not dispose IP, do not send ARP request message.
After the safe IP-MAC rule of configured port, and when switch ports themselves state is up, switch ports themselves can receive ARP message, and described ARP message comprises ARP request message and arp response message, comprises respectively source MAC and source IP in described ARP request message and arp response message; The process that described switch mates with port security IP-MAC rule according to the ARP message content receiving is:
Source MAC and source IP address in the ARP message that extraction receives, if source MAC mates with the MAC Address in port security IP-MAC rule, but IP does not mate, and source IP in this ARP message is not full 0, deletes the MAC address entries of this source MAC in FDB table;
If source MAC and port security IP-MAC rule match, but IP do not mate, and source IP in this ARP message is full 0, do not delete the MAC address entries of this source MAC in FDB table;
If source MAC and source IP all mate with port security IP-MAC rule, this source MAC is added to the MAC address entries in FDB table;
If source MAC does not mate with port security IP-MAC rule, delete the MAC address entries of this source MAC in FDB table.
Meanwhile, as shown in Figure 3, if after configuration of IP-MAC rule the state of switch ports themselves be DOWN or terminal in down status, in FDB table, delete this MAC address entries.In order to reduce taking of device hardware resources of chip, whether described terminal can test by regular transmission ARP message in down status, if do not receive that the back message using of terminal represents that this terminal is in down status in Preset Time or in default transmission ARP message number of times, in FDB table, delete this MAC address entries, wherein Preset Time or preset times can change according to concrete actual environment.
For technical solution problem, the present invention also provides a kind of system that realizes of port security IP-MAC rule, as shown in Figure 4, comprising: port security starts module, port security IP-MAC rule configuration module and port security IP-MAC rule match module;
Described port security starts the port security feature of module for enabled switch port, closes the ability of this port hardware learning MAC address;
Described port security IP-MAC rule configuration module is used in the safe IP-MAC rule of switch ports themselves configured port;
If described port security IP-MAC rule match module is up for the state of switch ports themselves in the time that configuration of IP-MAC is regular or after configuration of IP-MAC rule, switch ports themselves sends ARP message and mates with the port security IP-MAC rule of configuration according to the ARP message content receiving, and the MAC address entries in FDB table is performed an action.
Described port security IP-MAC matching module is in the time that the state of described switch ports themselves is up, and switch ports themselves sends ARP request message;
When having configured three layers of VLAN(local area network (LAN) at switch ports themselves place of port security IP-MAC rule) interface configuration has IP address, and in the ARP request message sending, source IP and source MAC select IP and the MAC of these three layers of VLAN interfaces;
When three layers of VLAN interface at the switch ports themselves place that has configured port security IP-MAC rule do not have configuration of IP address, the source IP in the ARP request message sending and source MAC select other IP and the MAC of arbitrary three layers of VLAN interface of switch;
When the arbitrary three layers of VLAN interface of switch complete machine all do not dispose IP, do not send ARP request message.
The process that in described port security IP-MAC matching module, switch mates with port security IP-MAC rule according to the ARP message content receiving is:
Source MAC in the ARP message that extraction receives and source IP, if source MAC and port security IP-MAC rule match, but IP do not mate, and source IP in this ARP message is not full 0, deletes the MAC address entries of this source MAC in FDB table;
If source MAC and port security IP-MAC rule match, but IP do not mate, and source IP in this ARP message is full 0, do not delete the MAC address entries of this source MAC in FDB table;
If source MAC and source IP all mate with port security IP-MAC rule, this source MAC is added to the MAC address entries in FDB table;
If source MAC does not mate with port security IP-MAC rule, delete the MAC address entries of this source MAC in FDB table.
Meanwhile, described port security IP-MAC matching module also for, if after configuration of IP-MAC rule the state of switch ports themselves be DOWN or terminal in down status, in FDB table, delete this MAC address entries.
Those of ordinary skill in the art will appreciate that, embodiment described here is in order to help reader understanding's principle of the present invention, should be understood to that protection scope of the present invention is not limited to such special statement and embodiment.Those of ordinary skill in the art can make various other various concrete distortion and combinations that do not depart from essence of the present invention according to these technology enlightenments disclosed by the invention, and these distortion and combination are still in protection scope of the present invention.
Claims (10)
1. an implementation method for port security, is characterized in that, comprising:
The port security feature of enabled switch port, closes the ability of this port hardware study media interviews control MAC Address;
On this port of switch, configure at least one port security IP-MAC rule;
If when in the time of configuration of IP-MAC rule or after configuration of IP-MAC rule, the state of switch ports themselves is for connection up, switch ports themselves sends ARP request message and mates with the port security IP-MAC rule of configuration according to the ARP message content receiving, and according to matching result, the MAC address entries in forwarding address FDB table is carried out to corresponding actions.
2. the method for claim 1, is characterized in that, if when the state of described switch ports themselves is up, switch ports themselves sends ARP request message;
When the L 3 virtual local area network (LAN) VLAN interface at the switch ports themselves place that has configured port security IP-MAC rule disposes IP address, in the ARP request message sending, source IP and source MAC select IP and the MAC of these three layers of VLAN interfaces;
When three layers of VLAN interface at the switch ports themselves place that has configured port security IP-MAC rule do not have configuration of IP address, the source IP in the ARP request message sending and source MAC select other IP and the MAC of arbitrary three layers of VLAN interface of switch;
When the arbitrary three layers of VLAN interface of switch complete machine all do not dispose IP, do not send ARP request message.
3. the method for claim 1, is characterized in that, the process that described switch mates with port security IP-MAC rule according to the ARP message content receiving is:
Source MAC in the ARP message that extraction receives and source IP, if source MAC and port security IP-MAC rule match, but IP do not mate, and source IP in this ARP message is not full 0, deletes the MAC address entries of this source MAC in FDB table;
If source MAC and port security IP-MAC rule match, but IP do not mate, and source IP in this ARP message is full 0, do not delete the MAC address entries of this source MAC in FDB table;
If source MAC and source IP all mate with port security IP-MAC rule, this source MAC is added to the MAC address entries in FDB table;
If source MAC does not mate with port security IP-MAC rule, delete the MAC address entries of this source MAC in FDB table.
4. the method as described in claims 1 to 3 any one, is characterized in that, the ARP message that described switch receives comprises ARP request message and arp response message, comprises respectively source MAC and source IP in described ARP request message and arp response message.
5. the method for claim 1, is characterized in that, if after configuration of IP-MAC rule the state of switch ports themselves be DOWN or terminal in down status, in FDB table, delete this MAC address entries.
6. method as claimed in claim 5, it is characterized in that, whether described terminal tests by regular transmission ARP message in down status, if do not receive that the back message using of terminal represents that this terminal is in down status in Preset Time or in default transmission ARP message number of times, delete this MAC address entries in FDB table.
7. the system that realizes of port security, is characterized in that, comprising: port security starts module, port security IP-MAC rule configuration module and port security IP-MAC rule match module;
Described port security starts the port security feature of module for enabled switch port, closes the ability of this port hardware learning MAC address;
Described port security IP-MAC rule configuration module is for configuring at least one port security IP-MAC rule at switch ports themselves;
If described port security IP-MAC rule match module is up for the state of switch ports themselves in the time that configuration of IP-MAC is regular or after configuration of IP-MAC rule, switch ports themselves sends ARP message and mates with the port security IP-MAC rule of configuration according to the ARP message content receiving, and the MAC address entries in FDB table is performed an action.
8. system as claimed in claim 7, is characterized in that, described port security IP-MAC matching module is in the time that the state of described switch ports themselves is up, and switch ports themselves sends ARP request message;
When three layers of VLAN interface at the switch ports themselves place that has configured port security IP-MAC rule dispose IP address, in the ARP request message sending, source IP and source MAC select IP and the MAC of these three layers of VLAN interfaces;
When three layers of VLAN interface at the switch ports themselves place that has configured port security IP-MAC rule do not have configuration of IP address, the source IP in the ARP request message sending and source MAC select other IP and the MAC of arbitrary three layers of VLAN interface of switch;
When the arbitrary three layers of VLAN interface of switch complete machine all do not dispose IP, do not send ARP request message.
9. system as claimed in claim 7, is characterized in that, the process that in described port security IP-MAC matching module, switch mates with port security IP-MAC rule according to the ARP message content receiving is:
Source MAC in the ARP message that extraction receives and source IP, if source MAC and port security IP-MAC rule match, but IP do not mate, and source IP in this ARP message is not full 0, deletes the MAC address entries of this source MAC in FDB table;
If source MAC and port security IP-MAC rule match, but IP do not mate, and source IP in this ARP message is full 0, do not delete the MAC address entries of this source MAC in FDB table;
If source MAC and source IP all mate with port security IP-MAC rule, this source MAC is added to the MAC address entries in FDB table;
If source MAC does not mate with port security IP-MAC rule, delete the MAC address entries of this source MAC in FDB table.
10. the system as described in claim 7 to 9 any one, it is characterized in that, described port security IP-MAC matching module also for, if after configuration of IP-MAC rule the state of switch ports themselves be DOWN or terminal in down status, in FDB table, delete this MAC address entries.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410110953.3A CN103944886B (en) | 2014-03-24 | 2014-03-24 | A kind of realization method and system of port security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410110953.3A CN103944886B (en) | 2014-03-24 | 2014-03-24 | A kind of realization method and system of port security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103944886A true CN103944886A (en) | 2014-07-23 |
| CN103944886B CN103944886B (en) | 2017-11-10 |
Family
ID=51192370
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410110953.3A Active CN103944886B (en) | 2014-03-24 | 2014-03-24 | A kind of realization method and system of port security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103944886B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105430113A (en) * | 2015-11-03 | 2016-03-23 | 上海斐讯数据通信技术有限公司 | SDN APR message processing method and device, SDN controller and SDN switch |
| CN108900481A (en) * | 2018-06-13 | 2018-11-27 | 四川微迪智控科技有限公司 | A kind of interchanger safety access system and method |
| CN111010354A (en) * | 2019-12-13 | 2020-04-14 | 苏州浪潮智能科技有限公司 | Optical module access judgment method and device, backbone network switch and medium |
| CN114826680A (en) * | 2022-03-30 | 2022-07-29 | 北京经纬恒润科技股份有限公司 | Vehicle-mounted data processing method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1599372A (en) * | 2004-06-25 | 2005-03-23 | 港湾网络有限公司 | Entity searching method of 802.1* identification based on media access control |
| CN101378350A (en) * | 2007-08-27 | 2009-03-04 | 上海市闵行中学 | Solution method for usurpation of LAN IP address |
-
2014
- 2014-03-24 CN CN201410110953.3A patent/CN103944886B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1599372A (en) * | 2004-06-25 | 2005-03-23 | 港湾网络有限公司 | Entity searching method of 802.1* identification based on media access control |
| CN101378350A (en) * | 2007-08-27 | 2009-03-04 | 上海市闵行中学 | Solution method for usurpation of LAN IP address |
Non-Patent Citations (1)
| Title |
|---|
| 付勇: "关于网络通信中应对ARP欺骗和攻击的方法", 《电脑知识与技术》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105430113A (en) * | 2015-11-03 | 2016-03-23 | 上海斐讯数据通信技术有限公司 | SDN APR message processing method and device, SDN controller and SDN switch |
| CN105430113B (en) * | 2015-11-03 | 2018-07-03 | 上海斐讯数据通信技术有限公司 | SDN network ARP message processing methods, system, controller and interchanger |
| CN108900481A (en) * | 2018-06-13 | 2018-11-27 | 四川微迪智控科技有限公司 | A kind of interchanger safety access system and method |
| CN111010354A (en) * | 2019-12-13 | 2020-04-14 | 苏州浪潮智能科技有限公司 | Optical module access judgment method and device, backbone network switch and medium |
| CN114826680A (en) * | 2022-03-30 | 2022-07-29 | 北京经纬恒润科技股份有限公司 | Vehicle-mounted data processing method and device |
| CN114826680B (en) * | 2022-03-30 | 2023-07-07 | 北京经纬恒润科技股份有限公司 | Vehicle-mounted data processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103944886B (en) | 2017-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103718527B (en) | Communication security processing method, apparatus and system | |
| CN105338003B (en) | A kind of method of realizing fireproof wall applied to software defined network | |
| US20130315242A1 (en) | Network Communication Method and Device | |
| CN103118149B (en) | Communication control method between same tenant's server and the network equipment | |
| EP2965476B1 (en) | Forwarding ethernet packets | |
| CN204089858U (en) | A kind of Secure isolation ALG | |
| CN103944886A (en) | Method and system for achieving safety of port | |
| CN105049412A (en) | Secure data exchange method, device and equipment among different networks | |
| CN103618733A (en) | Data filtering system and method applied to mobile internet | |
| EP2680141A1 (en) | Security for TCP/IP-based access from a virtual machine to network attached storage by creating dedicated networks, MAC address authentification and data direction control | |
| CN103067359A (en) | System and method based on connection multiplexing and capable of improving server concurrent processing capacity | |
| US11283804B2 (en) | Group zoning and access control over a network | |
| CN104735071A (en) | Network access control implementation method between virtual machines | |
| CN103229489A (en) | Virtual-machine control strategy configuration method and switch | |
| CN103001966B (en) | The process of a kind of private network IP, recognition methods and device | |
| CN104168200A (en) | Open vSwitch-based method and system for realizing ACL function | |
| CN106130903A (en) | SDN switch stream table encryption method based on FPGA | |
| CN202261380U (en) | Network security system | |
| CN104601578A (en) | Recognition method and device for attack message and core device | |
| CN203164961U (en) | Safe portable storage device | |
| CN207638693U (en) | Gateway is isolated | |
| CN103957166B (en) | Terminal accesses number controlling method and system | |
| CN102624567A (en) | Hardware type network safety control server thermal backup device | |
| CN104980499A (en) | Method for safely transmitting USB flash disk files on financial network counters and file transmission system | |
| WO2017063578A1 (en) | Data packet processing method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |