CN104301336A - PPPoE access authentication method - Google Patents
PPPoE access authentication method Download PDFInfo
- Publication number
- CN104301336A CN104301336A CN201410639956.6A CN201410639956A CN104301336A CN 104301336 A CN104301336 A CN 104301336A CN 201410639956 A CN201410639956 A CN 201410639956A CN 104301336 A CN104301336 A CN 104301336A
- Authority
- CN
- China
- Prior art keywords
- pppoe
- authentication information
- access
- authentication
- padi message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The invention relates to a PPPoE access authentication method. The authentication method comprises six steps: step one, a PPPoE client side sends a PADI message with authentication information; step two, a PPPoE server judges whether the authentication information of the PADI message exists or not after receiving the PADI message; step 3, if the authentication information of the PADI message does not exist, the PPPoE server considers an opposite terminal as a non-authenticated client side and ignores the access; step four, if the authentication information of the PADI message exists, the PPPoE server is used for matching the authentication information; step 5, if the authentication information of the PADI message is matched, the PPPoE server considers the opposite terminal as an authenticated client side and sends the PADI message to the opposite terminal; step 6, if the authentication information of the PADI message is not matched, the PPPoE server considers the opposite terminal as an authentication-failed client side and ignores the access. The method is used for the authentication of PPPoE access.
Description
Technical field:
The present invention relates to the authentication method that a kind of PPPoE accesses.
Background technology:
Compared with traditional access way, pppoe has the higher ratio of performance to price, and it does well in a series of application such as cell networking construction and be widely adopted comprising.What the domestic large-scale operator such as present China Telecom used access terminal or mostly home gateway is to adopt PPP over Ethernet to access.
But in current PPPoE technology, only just can initiate the certification to pppoe client after entering the pppoe session stage, now PPPoE server is for current sessions is assigned with certain resource.When authentification failure, session can not normally be set up, then bring extra operation expense can to PPPoE server; Potential malicious attack then may make PPPoE server can not provide normal service, servers go down even.
Summary of the invention:
The invention provides a kind of method, solve at PPPoE discovery phase, PPPoE server does not carry out the problem of access authentication to pppoe client.
Above-mentioned object is realized by following technical scheme:
An authentication method for PPPoE access, this authentication method comprises six steps, and first step pppoe client sends the PADI message with authentication information; After second step PPPoE server receives PADI message, judge whether the authentication information of PADI message exists; If the authentication information of the 3rd step PADI message does not exist, PPPoE server thinks that opposite end is non-authentication client, and ignores this access; If the authentication information of the 4th step PADI message exists, PPPoE server mates authentication information; If the authentication information coupling of the 5th step PADI message, PPPoE server thinks that opposite end is Authentication Client, and sends PADO message to it; If the authentication information of the 6th step PADI message does not mate, PPPoE server thinks that opposite end is authentification failure client, and ignores this access.
The authentication method of described PPPoE access, if the authentication information of the 3rd described step PADI message does not exist, PPPoE server ignores this access.
The authentication method of described PPPoE access, if the authentication information coupling of the 5th described step PADI message, PPPoE server sends PADO message to opposite end.
The authentication method of described PPPoE access, if the authentication information of the 6th described step PADI message does not mate, PPPoE server ignores this access.
The authentication method of described PPPoE access, the authentication information of described PADI message is all kept in the middle of PPPoE Tag.
Described PPPoE is the point-to-point protocol (Point-to-Point over Ethernet) based on Ethernet.
Described PADI message is that PPPoE activity finds initial (PPPoE Active Discovery Initiation is called for short PADI) message.
Described PADO message is that PPPoE activity finds to propose bag (PPPoE ActiveDiscovery Offer) message
Described PPPoE Tag is the label field of PPPoE message payload.
Beneficial effect:
The invention provides a kind of method of at PPPoE discovery phase PPPoE server, pppoe client being carried out to access authentication, effectively can avoid the access of illegal pppoe client.
The present invention effectively can take precautions against the PADI that may occur to a certain extent and attack, and reduces the overhead that illegitimate client is brought within the scope of the service load allowed.
Embodiment:
Embodiment 1:
An authentication method for PPPoE access, this authentication method comprises six steps, and first step pppoe client sends the PADI message with authentication information; After second step PPPoE server receives PADI message, judge whether the authentication information of PADI message exists; If the authentication information of the 3rd step PADI message does not exist, PPPoE server thinks that opposite end is non-authentication client, and ignores this access; If the authentication information of the 4th step PADI message exists, PPPoE server mates authentication information; If the authentication information coupling of the 5th step PADI message, PPPoE server thinks that opposite end is Authentication Client, and sends PADO message to it; If the authentication information of the 6th step PADI message does not mate, PPPoE server thinks that opposite end is authentification failure client, and ignores this access.
Embodiment 2:
The authentication method of the PPPoE access described in embodiment 1, if the authentication information of the 3rd described step PADI message does not exist, PPPoE server ignores this access.
Embodiment 3:
The authentication method of the PPPoE access described in embodiment 1, if the authentication information coupling of the 5th described step PADI message, PPPoE server sends PADO message to opposite end.
Embodiment 4:
The authentication method of the PPPoE access described in embodiment 1, if the authentication information of the 6th described step PADI message does not mate, PPPoE server ignores this access.
Embodiment 5:
The authentication method of the PPPoE access described in embodiment 1, the authentication information of described PADI message is all kept in the middle of PPPoE Tag.
Accompanying drawing illustrates:
Accompanying drawing 1 is the flow chart of this product.
Claims (5)
1. an authentication method for PPPoE access, is characterized in that: this authentication method comprises six steps, and first step pppoe client sends the PADI message with authentication information; After second step PPPoE server receives PADI message, judge whether the authentication information of PADI message exists; If the authentication information of the 3rd step PADI message does not exist, PPPoE server thinks that opposite end is non-authentication client, and ignores this access; If the authentication information of the 4th step PADI message exists, PPPoE server mates authentication information; If the authentication information coupling of the 5th step PADI message, PPPoE server thinks that opposite end is Authentication Client, and sends PADO message to it; If the authentication information of the 6th step PADI message does not mate, PPPoE server thinks that opposite end is authentification failure client, and ignores this access.
2. the authentication method of PPPoE access according to claim 1, is characterized in that: if the authentication information of the 3rd described step PADI message does not exist, and PPPoE server ignores this access.
3. the authentication method of PPPoE access according to claim 1, is characterized in that: if the authentication information coupling of the 5th described step PADI message, PPPoE server sends PADO message to opposite end.
4. the authentication method of PPPoE access according to claim 1, is characterized in that: if the authentication information of the 6th described step PADI message does not mate, and PPPoE server ignores this access.
5. the authentication method of PPPoE access according to claim 4, is characterized in that: the authentication information of described PADI message is all kept in the middle of PPPoE Tag.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410639956.6A CN104301336A (en) | 2014-11-14 | 2014-11-14 | PPPoE access authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410639956.6A CN104301336A (en) | 2014-11-14 | 2014-11-14 | PPPoE access authentication method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104301336A true CN104301336A (en) | 2015-01-21 |
Family
ID=52320904
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410639956.6A Pending CN104301336A (en) | 2014-11-14 | 2014-11-14 | PPPoE access authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104301336A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104852974A (en) * | 2015-04-29 | 2015-08-19 | 华为技术有限公司 | Message processing method in the process of PPPoE authentication and related equipment |
CN105939372A (en) * | 2015-12-24 | 2016-09-14 | 杭州迪普科技有限公司 | PPPoE session establishing method and device |
CN107046568A (en) * | 2017-02-22 | 2017-08-15 | 新华三技术有限公司 | A kind of authentication method and device |
WO2021017849A1 (en) * | 2019-07-31 | 2021-02-04 | 中兴通讯股份有限公司 | Method for implementing 5g user registration, network element apparatus, and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101197837A (en) * | 2007-12-25 | 2008-06-11 | 华为技术有限公司 | Method and system of Ethernet P2P protocol negotiation authentication mode |
CN101621515A (en) * | 2009-08-07 | 2010-01-06 | 中兴通讯股份有限公司 | Access method based on point-to-point protocol on Ethernet and exchanger |
US20100325295A1 (en) * | 2009-06-17 | 2010-12-23 | Takatoshi Kajiwara | Communication apparatus |
CN103095597A (en) * | 2011-10-28 | 2013-05-08 | 华为技术有限公司 | Load balancing method and device |
-
2014
- 2014-11-14 CN CN201410639956.6A patent/CN104301336A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101197837A (en) * | 2007-12-25 | 2008-06-11 | 华为技术有限公司 | Method and system of Ethernet P2P protocol negotiation authentication mode |
US20100325295A1 (en) * | 2009-06-17 | 2010-12-23 | Takatoshi Kajiwara | Communication apparatus |
CN101621515A (en) * | 2009-08-07 | 2010-01-06 | 中兴通讯股份有限公司 | Access method based on point-to-point protocol on Ethernet and exchanger |
CN103095597A (en) * | 2011-10-28 | 2013-05-08 | 华为技术有限公司 | Load balancing method and device |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104852974A (en) * | 2015-04-29 | 2015-08-19 | 华为技术有限公司 | Message processing method in the process of PPPoE authentication and related equipment |
WO2016173269A1 (en) * | 2015-04-29 | 2016-11-03 | 华为技术有限公司 | Message processing method and related device during pppoe authentication |
US10666650B2 (en) | 2015-04-29 | 2020-05-26 | Huawei Technologies Co., Ltd. | Packet processing method in PPPoE authentication process and relevant device |
CN105939372A (en) * | 2015-12-24 | 2016-09-14 | 杭州迪普科技有限公司 | PPPoE session establishing method and device |
CN107046568A (en) * | 2017-02-22 | 2017-08-15 | 新华三技术有限公司 | A kind of authentication method and device |
WO2021017849A1 (en) * | 2019-07-31 | 2021-02-04 | 中兴通讯股份有限公司 | Method for implementing 5g user registration, network element apparatus, and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100534055C (en) | Method for implementing network access through broadband router | |
CN102217245B (en) | Method for processing message and device thereof | |
CN104580116B (en) | A kind of management method and equipment of security strategy | |
CN104301336A (en) | PPPoE access authentication method | |
WO2015085848A1 (en) | Security authentication method and bidirectional forwarding detection method | |
CN103166814A (en) | Smart home remote control system based on Internet of things | |
WO2007030238A2 (en) | Distributed authentication functionality | |
US8572366B1 (en) | Authenticating clients | |
CN103825881A (en) | Method and apparatus for realizing redirection of WLAN user based on wireless access controller (AC) | |
WO2017080335A1 (en) | Pppoe network-based dialing method, dialing system, and router | |
CN105578463A (en) | Double connection secure communication method and device | |
CN102801819B (en) | A kind of method of transparent transmission IPv6 address in network access control system | |
CN103051738B (en) | A kind of dhcp address distribution method and system | |
CN102624692A (en) | User identity authentication avoiding method based on hypertext transport protocol (HTTP) | |
CN104022947A (en) | Quantum private communication HTTP (Hyper Text Transport Protocol) proxy gateway | |
CN102480473A (en) | Security information interaction system and method based on frequency shift keying (FSK) | |
WO2012041029A1 (en) | Method and device for server processing service | |
US10447549B2 (en) | Neighbor establishment method and system, and device | |
CN102195952B (en) | Method and device terminal for triggering 802.1X Authentication | |
CN103392333A (en) | Authentication method, device and system in access network | |
WO2016074354A1 (en) | Wifi sharing method and system, home gateway and wireless local area network gateway | |
CN107046568B (en) | Authentication method and device | |
EP3294006B1 (en) | Multilink-based data transmission method and device | |
CN103458060A (en) | Method and device for transmitting host machine identifiers under multistage network address translation (NAT) | |
CN104038415A (en) | Method for batch processing of messages |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150121 |
|
WD01 | Invention patent application deemed withdrawn after publication |