CN103973678B - Access control method for terminal computer - Google Patents
Access control method for terminal computer Download PDFInfo
- Publication number
- CN103973678B CN103973678B CN201410175331.9A CN201410175331A CN103973678B CN 103973678 B CN103973678 B CN 103973678B CN 201410175331 A CN201410175331 A CN 201410175331A CN 103973678 B CN103973678 B CN 103973678B
- Authority
- CN
- China
- Prior art keywords
- mac
- terminal
- port
- authentication
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses an access control method for a terminal computer. A terminal has five states, wherein according to the first state, the terminal is an invalid terminal, according to the second state, the terminal is a valid terminal without installing a client side, according to the third state, the terminal is a terminal with an installed valid client side, according to the fourth state, the terminal is a terminal with a valid client side uninstalled, and according to the fifth state, the terminal is a terminal with a privately reinstalled client side. The method comprises the following steps that if the terminal is in the third state, the terminal passes authentication in the access process; if the terminal is in the first state, or the second state, or the fourth state or the fifth state, the terminal cannot pass the authentication in the access process, and the terminal can get access to a network only by forcibly installing the valid client side on the terminal. According to the access control method for the terminal computer, the protected MAC, log-on messages and on-line states are distinguished through the authentication process of MAC authentication, log-on authentication and on-line authentication, so that the five states of the terminal computer are found in real time, and the different authentication processes are performed on the terminal in the different states.
Description
Technical field
The invention belongs to terminal computer access management technology field, and in particular to a kind of access management and control of terminal computer
Method.
Background technology
At present all of terminal management system realizes the premise to terminal management, is all that terminal conduit has been mounted with terminal
Reason client software.
The management of terminal computer, using client-server mode, i.e., so-called C/S frameworks, the present invention is no exception
Employing this framework.Client is responsible for the status information of acquisition terminal computer, including the basic configuration letter of terminal computer
Breath (such as CPU usage, MEM utilization rates, memory utilization rate), system information (version, system password such as operating system,
Number etc. of patch is installed), application message (anti-virus software, the various application programs such as run) and Terminal Security Management
Information that strategy needs (such as system whether illegal external connection, system password meet code requirement);Server is collecting visitor
Statistics, analysis and the management of terminal situation are carried out on the basis of the end data of family.If being fitted without on terminal computer or unloading
Client software, server cannot just obtain the relevant information of the terminal, and the terminal cannot include terminal management scope;Such as
Fruit does not find and controls the ways and means that this kind of terminal computer installs client, and this part terminal computer will swim always
From outside terminal management scope, and become the dead angle and blind area of terminal computer management, all of terminal computer management is arranged
Applying all can not play a role thereon.
The content of the invention
(1) technical problem to be solved
For the problem for overcoming prior art to exist, the present invention proposes a kind of access management-control method of terminal computer.
(2) technical scheme
The access management-control method of terminal computer proposed by the present invention, the terminal includes five kinds of states, and first state is
Illegal terminal, the second state be do not install client the legal terminal third state be installed the terminal of legitimate client,
The terminal that four states are the unloaded terminal of legitimate client, the 5th state is refitting client privately, the method includes following
Each step:If the terminal is the third state, the terminal in access procedure by certification, if the terminal be first,
Secondth, the 4th or the 5th state, then the terminal can not be by certification in access procedure, and in pressure, the terminal installs legitimate client
Network is had access to after end.
(3) beneficial effect
Three verification process that the present invention passes through MAC certifications, authentication registration and on-line authentication composition, to MAC, the note protected
Volume information, presence are differentiated, find in real time terminal computer five kinds of states (1. illegal terminal, 2. client is not installed
The legal terminal at end, the terminal for 3. having installed legitimate client, 4. the unloaded terminal of legitimate client, 5. reset client privately
The terminal at end), different authentication processings are done to five kinds of states, 3. the state that realizes passes through, discovery 1. 2. 4. 5. can not lead to
Cross checking.By the enforcement of the technical measures, 1. 2. 4. 5. the terminal computer of state installs legitimate client (including this for pressure
Other clients that the client of system and management are required), access network is otherwise unable to, reach and finally make control measures covering institute
There is the purpose of online terminal computer, eliminate management dead angle and blind area.And existing all terminal management systems, including being based on
3. the terminal management system of 802.1x technologies, all can only find state, it is impossible to find and differentiate state 1. 2. 4. 5., therefore cannot
Effectively management is realized to state terminal 1. 2. 4. 5., management dead angle and blind area is left.
Description of the drawings
Fig. 1 is the flow chart that terminal computer of the present invention accesses management-control method.
Specific embodiment
To make the object, technical solutions and advantages of the present invention become more apparent, below in conjunction with specific embodiment, and reference
Accompanying drawing, the present invention is described in more detail.
Fig. 1 is the flow chart of the access management-control method of terminal computer proposed by the present invention.Realize that the method mainly considers
Factor include:1) management and control ability of the SEAD modules to switch ports themselves in ACM;2) client registers in PROXY modules in ACM
Data;3) in ACM the client registers data that MCC is realized global synchronization, the Access Control without client terminal is divided into two kinds
Situation, a kind of terminal for being to be fitted without completely client software, another kind is the terminal for installing terminal software unloading.
As shown in figure 1, the method specifically includes following steps:
The present invention cuts with one fixed MAC Address, can connect network by wired network port and wireless network port
IP device be all considered as terminal, including PC, the network printer, IP phone, the various network equipments being connected on access switch.
Terminal equipment access network, is the course of work of ARP protocol.In ethernet networks, every network node all can be certainly
An ARP list is set up in oneself ARP buffering areas, to represent the corresponding relation of switch ports themselves PORT and MAC Address.When one
Network node is connected on access switch, and after physical link successful connection, the ARP protocol on network node is to the Home Network being located
Section sends ARP broadcast packets, declares the MAC Address of oneself, and switch receives after this ARP broadcast, the MAC Address of the node is write
Enter the ARP buffering areas of oneself, indicate the MAC Address of the node and the corresponding relation of network port PORT, network node also can be received
The ARP broadcast packets of other nodes come to switch forwarding, write the ARP buffering areas of oneself, complete the access of the node
Journey.
When source node needs for a packet to be sent to destination node, oneself ARP buffering area row can be first checked for
Whether there is the corresponding MAC Address of the IP address in table, if it has, just directly delivering a packet to this MAC Address;If
No, just the corresponding MAC Address of this destination node is inquired about to the broadcast packet of local network segment one ARP request of initiation.This ARP please
Seek the IP address of the IP address, hardware address and destination host in packet including source node.All of node is received in network
To after this ARP request, can check whether purpose IP in packet is consistent with the IP address of oneself.If differ be ignored as
This packet;If identical, the node is first added to the MAC Address and IP address of transmitting terminal in the ARP lists of oneself, such as
There is the information of the IP in fruit ARP table, then covered, then sent an arp response packet to source node, told
Other side oneself is the MAC Address that it is required to look up;Source node is received after this arp response packet, by the destination host for obtaining
IP address and MAC Address be added in the ARP lists of oneself, and start the transmission of data using this information.
Alleged MAC certifications of the invention:The terminal device MAC that MAC authentication module Jing switches are obtained, inquiry MAC certifications storehouse,
Confirm the MAC legitimacies of access device, legal (existing in storehouse), then by certification, illegal (not existing in storehouse) then refuses.
Alleged authentication registration of the invention:Authentication registration module polls endpoint registration storehouse, to the MAC from client
Login state checking is carried out, whether the client for confirming the MAC is registered, registration (existing in storehouse) is then by certification, unregistered (storehouse
In do not exist), then refuse.
Alleged on-line authentication of the invention:On-line authentication module selects the online storehouse of terminal by looking into, to by the visitor of authentication registration
Family end carries out presence confirmation, then passes through online, does not then refuse online.
Different according to the state of terminal, authentication processing is also what is differed.The SOT state of termination that the present invention considers includes five kinds,
It is respectively:1. illegal terminal, the legal terminal for 2. not installing client, the terminal, the 4. legal visitor that have 3. installed legitimate client
Five kinds of states are done different authentication processings by the unloaded terminal in family end, the terminal for 5. resetting client privately, realize state
3. terminal can be by certification, and state terminal 1. 2. 4. 5. can not be by checking.By the enforcement of the technical measures,
Forced regime be 1. 2. 4. terminal computer 5. install legitimate client (client and management including the system require its
Its client), access network is otherwise unable to, the purpose for finally making control measures cover all online terminal computers is reached, disappear
Except management dead angle and blind area.
And existing all terminal management systems, including the terminal management system based on 802.1x technologies, all can only find
State is terminal 3., it is impossible to find and resolution state is terminal 1. 2. 4. 5., thus cannot be to state 1. 2. 4. 5. end
Effectively management is realized at end, leaves management dead angle and blind area.
The verification process of the terminal of different conditions is illustrated separately below.
1) verification process of illegal terminal
Never occurred in Home Network, the registered terminal device in MAC certifications storehouse, is not considered as illegal terminal, its MAC
Not in MAC certifications storehouse.When illegal terminal connects switch, its MAC Address is obtained by switch, and switch is in the mac table
MAC-PORT relations are set up, MAC authentication modules read the MAC-PORT using snmp protocol, specifically, MAC authentication modules lead to
The MAC table information that switch is read in snmp polling is crossed, switch MAC-PORT is obtained, then MAC authentication modules are with MAC as major key
Inquiry MAC certifications storehouse, MAC certifications storehouse only preserves the MAC of legal terminal, and Query Result is not to exist and returning, wherein exist returning
Return " 1 ", there is no return " and 0 ", MAC authentication modules are judged as that illegal terminal is accessed, MAC certification moulds according to this returning result
The MAC-PORT is given closing performing module by block, is closed performing module and is closed the MAC- to switch transmission using snmp protocol
PORT port commands, switch close port, MAC is denied access, and specifically, closes performing module and sends to switch
PORT in MAC-PORT is delivered as SNMP parameters and changed planes, and closes switch ports themselves.
In above procedure, the MAC is obtained by system, once Jing manual confirmations are legal terminal equipment, its MAC is chased after
MAC certifications storehouse is added to, becomes legal terminal, be changed into the legal terminal for not installing client, i.e. state terminal 2..
2) verification process of the legal terminal of client is not installed
When the legal terminal connection switch of client is not installed, its verification process and 1) similar process, difference is, from
The Query Result that MAC certifications storehouse returns to MAC authentication modules is different, and to exist, accordingly result judges MAC authentication modules its result
For legal terminal, no longer to performing module transmission closing switch ports themselves instruction is closed, the opening of switch ports themselves is kept,
Into authentication registration process.
After MAC certifications pass through, the MAC-PORT is given authentication registration module by MAC authentication modules, authentication registration module with
MAC is search index endpoint registration storehouse, and endpoint registration storehouse only preserves the MAC of registration terminal, therefore the result for returning not exist
, there is return in the client registers information of the terminal " 1 ", there is no return " and 0 ", authentication registration module is judged as accordingly unregistered
Client, to performing module is closed MAC-PORT out codes are sent, and close switch ports themselves, and refusal is accessed.
The terminal is due to being fitted without client software, it is impossible to the subsequent process of renewal of registration certification.Once the terminal peace
Filled client software, and unique mark (its registration process is completed in window phase) be assigned, then be changed into be mounted with it is legal
The terminal of client, i.e. state are 3..
3) it is mounted with the terminal authentication procedure of client software
The terminal of client software is mounted with, Jing window phases complete registration process, after obtaining unique mark, becomes installation and close
The terminal of method client, unique mark is to discriminate between the foundation of legitimate client and illegitimate client, and it is in client and agency
PROXY two ends are used in client with agent communication with the preservation of fingerprint form as checking information.
State terminal connection network 3., verification process is similar to aforementioned process, and difference is to return to authentication registration mould
The result of block is exist, and authentication registration module is judged as accordingly registered clients, no longer sends out to close to closing performing module and hands over
Change planes port command, keep switch ports themselves opening, certification passes through, and send on-line authentication module by MAC-PORT, enter
On-line authentication process.Specifically, endpoint registration storehouse returns " 1 ", and authentication registration module gives the MAC-PORT of the terminal online
Authentication module;Return " 0 ", MAC-PORT is sent closing performing module by Registering modules.
Client software in terminal, MAC Address, IP address and unique mark OID are protected in the way of heartbeat
PROXY communications are held and act on behalf of, the presence of all clients is recorded in real time at the online storehouse of terminal by agency.
On-line authentication module after the MAC-PORT that authentication registration module is sent is received, immediately with MAC as search index end
Online storehouse, the online storehouse of terminal is held to maintain the client presence of legal terminal, " 1 " is masked as online, be masked as offline " 0 ".
The online storehouse returning result of terminal is online, and on-line authentication module is judged as that accordingly legitimate client is online, does not perform mould to closing
Block sends close port instruction, preserves switch ports themselves opening, by checking;If the result for returning is offline, prolong
Late a period of time (starting up of terminal starting time), presence is inquired about again, returning result is online, then by checking.
4) the unloaded terminal authentication procedure of legitimate client
The unloaded terminal of legitimate client, its MAC and the client once installed are respectively present in MAC certifications storehouse and end
End registry, and obtain legal unique mark OID.
After state terminal connection switch 4., 3. verification process is similar to state for its verification process, can be recognized by MAC
Card and authentication registration, except for the difference that, it is impossible to by on-line authentication, because its client has been unloaded, agency does not receive the end
The heartbeat message of end client, therefore the client can be in off-line state, the result of return is offline, on-line authentication module evidence
This judges that client has been unloaded, and to performing module is closed MAC-PORT out codes are sent, and closes switch ports themselves, and refusal connects
Enter.
5) terminal authentication procedure of client is reset privately
Client has to pass through registration process and could obtain unique mark OID, and a note is produced in registration database
Volume record, the client-side program for resetting privately, without corresponding registration in not registered then endpoint registration storehouse, also without only
One mark.Client because lacking unique mark, and endpoint registration storehouse in without corresponding record, it is impossible to and agent communication, agency
Also the not no corresponding status data of the client in the online storehouse of terminal of maintenance.
State 5. terminal connection switch, its verification process and state 4. similar process, can be by MAC certifications and registration
Certification, except for the difference that, it is impossible to by on-line authentication, because its client had been unloaded, the client heartbeat letter installed privately
Cease and lack OID information, the proxied discarding of meeting, without its corresponding status information in the online storehouse of terminal, the result of return is not deposit
, on-line authentication module judges that accordingly client resets privately, to close performing module send MAC-PORT out codes, close
Switch ports themselves, refusal is accessed.
Three verification process that the present invention passes through MAC certifications, authentication registration and on-line authentication composition, to MAC, the note protected
Volume information, presence are differentiated, find in real time terminal computer five kinds of states (1. illegal terminal, 2. client is not installed
The legal terminal at end, the terminal for 3. having installed legitimate client, 4. the unloaded terminal of legitimate client, 5. reset client privately
The terminal at end), different authentication processings are done to five kinds of states, realize state and 3. pass through, 1. discovery 2. 4. 5. can not lead to
Cross checking.By the enforcement of the technical measures, 1. 2. 4. 5. the terminal computer of state installs legitimate client (including this for pressure
Other clients that the client of system and management are required), access network is otherwise unable to, reach and finally make control measures covering institute
There is the purpose of online terminal computer, eliminate management dead angle and blind area.
And existing all terminal management systems, including the terminal management system based on 802.1x technologies, all can only find
State is 3., it is impossible to finds and differentiates state 1. 2. 4. 5., therefore cannot realize effectively management to state terminal 1. 2. 4. 5.,
Leave management dead angle and blind area.
Particular embodiments described above, has been carried out further in detail to the purpose of the present invention, technical scheme and beneficial effect
Describe in detail bright, it should be understood that the foregoing is only the specific embodiment of the present invention, be not limited to the present invention, it is all
Within the spirit and principles in the present invention, any modification, equivalent substitution and improvements done etc. should be included in the protection of the present invention
Within the scope of.
Claims (7)
1. a kind of access management-control method of terminal computer, the terminal includes five kinds of states, and first state is illegal terminal, the
Two-state is that not install the legal terminal of client, the third state be to have installed the terminal of legitimate client, the 4th state to close
The unloaded terminal of method client, the 5th state are the terminal for resetting client privately, and the method includes following steps:If
The terminal is the third state, then the terminal in access procedure by certification, if the terminal be the first, second, the 4th or
5th state, then the terminal can not be by certification in access procedure, can after forcing the terminal to install legitimate client
Access network;
Wherein, the client-side program for resetting privately of the 5th state, without corresponding registration in not registered then endpoint registration storehouse
Record, also without unique mark, client because lacking unique mark, and endpoint registration storehouse in not no corresponding registration, because
This cannot and agent communication, the also not no corresponding status data of the client in the online storehouse of terminal of agent maintenance;When the terminal
During connection switch, the MAC Address of the terminal is obtained by switch, and switch sets up in the mac table MAC-PORT relations, MAC
Authentication module reads the MAC-PORT using snmp protocol, then inquires about MAC certifications storehouse, and Query Result is the presence of the terminal
MAC Address, then MAC certifications storehouse to MAC authentication modules return Query Result, MAC authentication modules according to this return Query Result,
The terminal is judged for legal terminal, after MAC certifications pass through, the MAC-PORT is sent to authentication registration module by MAC authentication modules,
With MAC as search index endpoint registration storehouse, the result returned after inquiry is registered MAC to authentication registration module, afterwards by MAC-
PORT is sent to on-line authentication module, and on-line authentication module is with MAC after the MAC-PORT that authentication registration module is sent is received
The online storehouse of search index terminal, the client heartbeat message installed privately lacks OID information, and the proxied discarding of meeting, terminal is online
Without its corresponding status information in storehouse, the result of return does not exist for the terminal, and on-line authentication module judges accordingly client
Reset privately, to performing module is closed MAC-PORT out codes are sent, close switch ports themselves, refusal is accessed.
2. method according to claim 1, the method is further included:For the terminal of first state, the terminal is connecing
Verification process during entering includes:When illegal terminal connects switch, the MAC Address of the terminal is obtained by switch, is handed over
Changing planes MAC-PORT relations of set up in the mac table, MAC authentication modules read the MAC-PORT, Ran Houcha using snmp protocol
MAC certifications storehouse is ask, Query Result is the MAC Address that there is no the terminal, then MAC certifications storehouse returns to MAC authentication modules and inquires about
As a result, MAC authentication modules judge the terminal for illegal terminal access according to this return Query Result, and MAC authentication modules should
MAC-PORT is sent to closing performing module, closes performing module and closes the MAC-PORT to switch transmission using snmp protocol
Port command, switch close port, MAC is denied access.
3. method according to claim 2, it is characterised in that Jing is artificial after the MAC of the illegal terminal is obtained by system
When confirming as legal terminal equipment, its MAC is appended to MAC certifications storehouse, becomes legal terminal, and the illegal terminal is changed into does not pacify
The legal terminal of dress client.
4. method according to claim 1, it is characterised in that for the terminal of the second state, the terminal is in access procedure
In verification process include:When the terminal connection switch, the MAC Address of the terminal is obtained by switch, and switch is in MAC
MAC-PORT relations are set up in table, MAC authentication modules read the MAC-PORT using snmp protocol, then inquire about MAC certifications
Storehouse, Query Result is the MAC Address that there is the terminal, then MAC certifications storehouse returns Query Result, MAC certifications to MAC authentication modules
Module judges the terminal for legal terminal according to this return Query Result, and after MAC certifications pass through, MAC authentication modules should
MAC-PORT is sent to authentication registration module, and authentication registration module is returned with MAC as search index endpoint registration storehouse after inquiry
As a result it is the client registers information that there is no the terminal, authentication registration module judges that accordingly the terminal is unregistered client,
MAC-PORT out codes are sent to performing module is closed, switch ports themselves are closed, refusal is accessed.
5. method according to claim 1, it is characterised in that for the terminal of the third state, the terminal is in access procedure
In verification process include:When the terminal connection switch, the MAC Address of the terminal is obtained by switch, and switch is in MAC
MAC-PORT relations are set up in table, MAC authentication modules read the MAC-PORT using snmp protocol, then inquire about MAC certifications
Storehouse, Query Result is the MAC Address that there is the terminal, then MAC certifications storehouse returns Query Result, MAC certifications to MAC authentication modules
Module judges the terminal for legal terminal according to this return Query Result, and after MAC certifications pass through, MAC authentication modules should
MAC-PORT is sent to authentication registration module, and authentication registration module is returned with MAC as search index endpoint registration storehouse after inquiry
As a result it is registered clients, afterwards MAC-PORT is sent to into on-line authentication module, on-line authentication module is recognized receiving registration
After the MAC-PORT that card module is sent, with MAC as the online storehouse of search index terminal, returning result is that the terminal is online, is recognized online
Card module is judged as that accordingly legitimate client is online, not to performing module transmission close port instruction is closed, preserves and exchanges generator terminal
Mouth opening, by checking;If the result for returning is offline, postpone certain hour, presence is inquired about again, return
As a result it is online, then by checking.
6. method according to claim 1, it is characterised in that for the terminal of the 4th state, the terminal is in access procedure
In verification process include:When the terminal connection switch, the MAC Address of the terminal is obtained by switch, and switch is in MAC
MAC-PORT relations are set up in table, MAC authentication modules read the MAC-PORT using snmp protocol, then inquire about MAC certifications
Storehouse, Query Result is the MAC Address that there is the terminal, then MAC certifications storehouse returns Query Result, MAC certifications to MAC authentication modules
Module judges the terminal for legal terminal according to this return Query Result, and after MAC certifications pass through, MAC authentication modules should
MAC-PORT is sent to authentication registration module, and authentication registration module is returned with MAC as search index endpoint registration storehouse after inquiry
As a result it is registered clients, afterwards MAC-PORT is sent to into on-line authentication module, on-line authentication module is recognized receiving registration
After the MAC-PORT that card module is sent, with MAC as the online storehouse of search index terminal, returning result is that the terminal is offline, is recognized online
Card module judges that accordingly client has been unloaded, and to performing module is closed MAC-PORT out codes are sent, and closes and exchanges generator terminal
Mouthful, refusal is accessed.
7. method according to claim 6, it is characterised in that the unloaded terminal of legitimate client, its MAC and once pacified
The client of dress is respectively present in MAC certifications storehouse and endpoint registration storehouse, and obtains legal unique mark OID, the terminal
Because its client has been unloaded, agency does not receive the heartbeat message of the client terminals, thus the client can be in from
Line states, the result of return is offline, and on-line authentication module judges that accordingly client has been unloaded, and is sent to performing module is closed
MAC-PORT out codes, close switch ports themselves, and refusal is accessed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410175331.9A CN103973678B (en) | 2014-04-28 | 2014-04-28 | Access control method for terminal computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410175331.9A CN103973678B (en) | 2014-04-28 | 2014-04-28 | Access control method for terminal computer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103973678A CN103973678A (en) | 2014-08-06 |
| CN103973678B true CN103973678B (en) | 2017-04-26 |
Family
ID=51242724
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410175331.9A Expired - Fee Related CN103973678B (en) | 2014-04-28 | 2014-04-28 | Access control method for terminal computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103973678B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104113453A (en) * | 2014-08-08 | 2014-10-22 | 福建富士通信息软件有限公司 | Method and system for monitoring and alarming abnormal parallel accessing of local area network |
| CN110505357B (en) * | 2019-09-06 | 2021-04-02 | 上海航天测控通信研究所 | Management method of aerospace VOIP voice terminal |
| CN114124900B (en) * | 2021-11-03 | 2023-08-01 | 中盈优创资讯科技有限公司 | Method and device for positioning private small-route equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1571799A1 (en) * | 2004-03-02 | 2005-09-07 | Alcatel | A method to grant access to a data communication network and related devices |
| CN101714927A (en) * | 2010-01-15 | 2010-05-26 | 福建伊时代信息科技股份有限公司 | Network access control method for comprehensive safety management of inner network |
| CN101883090A (en) * | 2010-04-29 | 2010-11-10 | 北京星网锐捷网络技术有限公司 | Client access method, equipment and system |
| CN101909059A (en) * | 2010-07-30 | 2010-12-08 | 北京星网锐捷网络技术有限公司 | Method and system for deleting residual client information and authentication server |
| CN103078813A (en) * | 2013-01-04 | 2013-05-01 | 西安交大捷普网络科技有限公司 | Simple network management protocol (SNMP)-based terminal security access control method |
-
2014
- 2014-04-28 CN CN201410175331.9A patent/CN103973678B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1571799A1 (en) * | 2004-03-02 | 2005-09-07 | Alcatel | A method to grant access to a data communication network and related devices |
| CN101714927A (en) * | 2010-01-15 | 2010-05-26 | 福建伊时代信息科技股份有限公司 | Network access control method for comprehensive safety management of inner network |
| CN101883090A (en) * | 2010-04-29 | 2010-11-10 | 北京星网锐捷网络技术有限公司 | Client access method, equipment and system |
| CN101909059A (en) * | 2010-07-30 | 2010-12-08 | 北京星网锐捷网络技术有限公司 | Method and system for deleting residual client information and authentication server |
| CN103078813A (en) * | 2013-01-04 | 2013-05-01 | 西安交大捷普网络科技有限公司 | Simple network management protocol (SNMP)-based terminal security access control method |
Non-Patent Citations (1)
| Title |
|---|
| 终端控制保护技术研究与系统设计;曹吉;《中国优秀硕士学位论文全文数据库 信息科技辑》;20120315(第3期);正文第6页第1段、第28页第2段、第51页第5.3小节 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103973678A (en) | 2014-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220104018A1 (en) | Cross access login controller | |
| CN100437550C (en) | Ethernet confirming access method | |
| CN104796969A (en) | Network accessing method and system for equipment of internet of things on basis of recognition codes of internet of things | |
| CN102438028B (en) | A kind of prevent Dynamic Host Configuration Protocol server from cheating method, Apparatus and system | |
| CN109862565A (en) | A kind of WLAN unaware control method, system and readable storage medium storing program for executing | |
| CN100546304C (en) | A kind of method and system that improves network dynamic host configuration DHCP safety | |
| CN103354550A (en) | Authorization control method and device based on terminal information | |
| CN104954508B (en) | A kind of system and its auxiliary charging method for DHCP protocol auxiliary charging | |
| CN103973678B (en) | Access control method for terminal computer | |
| CN101707587A (en) | Method, device and Radius server used for detecting client connection status | |
| CN102984031A (en) | Method and device for allowing encoding equipment to be safely accessed to monitoring and control network | |
| CN103825901A (en) | Network access control method and equipment | |
| CN111683162A (en) | IP address management method and device based on flow identification | |
| US20120209976A1 (en) | Remote management and control using common internet protocols | |
| CN101123559B (en) | A green network access service deployment system and authorized access method for this service | |
| CN100544348C (en) | Act on behalf of detection method | |
| CN100454825C (en) | Static user access network control method based on MAC address | |
| CN103338440B (en) | Authentication method in Verification System and equipment end | |
| CN109981462A (en) | A kind of message processing method and device | |
| CN1265579C (en) | Method for network access user authentication | |
| CN113556337A (en) | Terminal address identification method, network system, electronic device and storage medium | |
| CN113812125B (en) | Verification method and device for login behavior, system, storage medium and electronic device | |
| TWI628936B (en) | Automatic control system for controlling the existence of internet protocol address device and control method thereof | |
| CN1832491A (en) | PnP network technology insertion method of network video product | |
| CN103929726B (en) | Wireless LAN accesses control correlation technique and system in interacting with fixed network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170426 Termination date: 20190428 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |