CN104601418B - More than one outlet at a vlan multi-network integration transmission system bundled authentication mechanism - Google Patents

More than one outlet at a vlan multi-network integration transmission system bundled authentication mechanism Download PDF

Info

Publication number
CN104601418B
CN104601418B CN201410718933.4A CN201410718933A CN104601418B CN 104601418 B CN104601418 B CN 104601418B CN 201410718933 A CN201410718933 A CN 201410718933A CN 104601418 B CN104601418 B CN 104601418B
Authority
CN
China
Prior art keywords
vlan
outlet
module
user
network
Prior art date
Application number
CN201410718933.4A
Other languages
Chinese (zh)
Other versions
CN104601418A (en
Inventor
王领
邓敏
赵跃
黄胜
范帅
赵良斌
赵小荭
於惠
袁帅
李陆平
Original Assignee
重庆尊贤科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 重庆尊贤科技有限公司 filed Critical 重庆尊贤科技有限公司
Priority to CN201410718933.4A priority Critical patent/CN104601418B/en
Publication of CN104601418A publication Critical patent/CN104601418A/en
Application granted granted Critical
Publication of CN104601418B publication Critical patent/CN104601418B/en

Links

Abstract

本发明公开了多个一户一vlan捆绑认证机制出口下多网融合传输系统,通过接收上行数据包并识别内网vlan网络标签;将上行数据包的内网vlan网络标签包头转换形成外网vlan网络标签包头并发送到外网;外网的下行数据的vlan网络标签包头转换成内网vlan网络标签包头;最后发送给用户。 The present invention discloses a lower outlet vlan a plurality of bundled authentication mechanism over one transmission network integration system, and by receiving the uplink data packet within the network identification tag vlan network; internal network vlan uplink data packet conversion network header to form the outer label web vlan network tag header and sent to the external network; vlan tag downlink data network outside the network of the network header is converted into the network vlan tag header; finally sent to the user. 本发明根据不同运营商所划设vlan的要求重新构建vlan包头,使内网任意vlan均能与外网不同出口运营商之间的vlan绑定信息保持一致,从而能够实现用户到运营商之间的数据正常通信,解决因内网用户与不同于运营商之间vlan划分不一致所导致用户不能更换出口运营商的问题,减少网络的重复建设,减少资源的浪费,为促进互联网的发展提供一个公平竞争的平台。 Vlan header to reconstruct the present invention depending on operator requirements scribed vlan provided that any network can vlan vlan between the external network and exit different operators binding information is consistent, so that the operator can be realized between the user the normal data communication, address the network between the user and the operator is different from the divided vlan inconsistency caused by a problem you can not replace the export operators, reduce duplication of network construction, reduce waste of resources, to promote the development of the Internet to provide a fair competition platform.

Description

多个一户一VI an捆绑认证机制出口下多网融合传输系统 More than a VI under a multi-outlet network an authentication mechanism Fusion bundled transmission system

技术领域 FIELD

[0001]本发明涉及互联网接入和传输领域,特别涉及一种多个一户一vlan捆绑认证机制出口下多网融合传输系统。 [0001] The present invention relates to the field of transmission and Internet access, and particularly to a a plurality of a bundled authentication mechanism vlan exit transmission system integration of multiple networks.

背景技术 Background technique

[0002] 当前的互联网发展如火如荼,新建小区和商城层出不穷,老旧小区也不断地进行线路的升级改造,但怎么满足这些小区和商城的互联网接入呢?往往是几大运营商同时在这些小区和商场建设各自独立的接入网,极大地浪费社会资源和物质资源,如果用户要更换运营商,还需要重新布设从楼栋到用户之间的接入线路,不仅效率低下,还费时费力,影响小区和商场的美观。 [0002] The current development of the Internet in full swing, the new district and the mall after another, the old district is also constantly upgrading the line, but how to meet the Internet access of these cells and store it? There are several major operators in these cells at the same time the construction of shopping centers and independent access network, a great waste of social resources and material resources, if users want to change carriers, also need to re-laid line between access to users from BAN, not only inefficient, but also time-consuming, the impact area and the mall aesthetic.

[0003] 现在己经有设备可以完成多个运营商的共网同缆传输,实现用户在更换运营商时,勿需重新布设接入线路,只更换用户上网的PPPoE帐号即可完成运营商的更换,大大提高了效率,方便了用户。 [0003] The present device may have already completed a plurality of common carriers with cable transmission network realized when replacing a carrier, do not need to re-access line laid, replacing only the user account to complete the PPPoE Internet operators replacement, greatly improving the efficiency and convenience of the user. 但运营商为了网络安全和便于管理,往往进行了qinq及vlan的划分,并且几乎都采用一户一vlan绑定的方式进行管理,要实现更换上网的PPPoE帐号即可完成更换运营商这样的目标,其前提条件就是小区、商城的qinq及vlan的划分必须能够同时满足这几大运营商的要求,由于几大运营是各自独立经营,发展规划各有差异,qinq及vlan 的规划和配置肯定存在不同,小区、商城区域内的网络qinq及vlan的划分要同时符合这几大运营的网络vlan规划几乎是不可能的,因此,要解决几大运营商的共网同缆传输,通过只更换帐号完成更换运营商的问题,必须要将小区、商城区域内的网络qinq及vlan的配置划分与几大运营的网络vlan规划独立开来。 But the operator provider for network security and ease of management, often carried out qinq and division vlan, and are used almost a way of a binding vlan manage to achieve Geng Huan PPPoE Internet account to complete the replacement of this goal operators , with the proviso that area, mall qinq and vlan division must be able to simultaneously satisfy several requirements of operators, due to the several major operators are independent business, development planning their own differences, and vlan qinq planning and configuration must exist qinq network and vlan divided in different, residential, mall area network vlan to simultaneously satisfy these large operations planning is almost impossible, therefore, to solve several major carriers with a total of cable transmission network, by replacing only account complete the replacement problem operators must want community, network qinq in the mall area and division vlan configuration with several major network operators planning to open an independent vlan.

[0004] 因此需要一种多个一户一vlan捆绑认证机制出口下多网融合传输系统。 [0004] Thus a need exists for a plurality of multi-outlet under a net fusion vlan bundled transmission system authentication mechanism.

发明内容 SUMMARY

[0005] 有鉴于此,本发明所要解决的技术问题是提供一种多个一户一vlan捆绑认证机制出口下多网融合传输系统。 [0005] Accordingly, the present invention is to solve the technical problem of providing a plurality of a mechanism for authentication bundled outlet vlan a multi-network integration transmission system.

[0006] 本发明的目的是这样实现的: [0006] The object of the present invention is implemented as follows:

[0007] 本发明提供的多个一户一vlan捆绑认证机制出口下多网融合传输系统,包括数据接收模块、用户MAC和内网vlan识别模块、PPPoE报文识别模块、目标出口尝试和确定模块、 出口vlan尝试和确定模块、出口侧vlan重构模块、一户一vlan分配模块、一户一vlan对应关系永久表生成模块、认证结果识别模块、出口侧数据收发模块、用户侧数据收发模块;所述出口指ISP; [0007] vlan bundling a plurality of a mechanism of the present invention provides authentication exit multiplay transmission system comprising a data receiving module, MAC, and network vlan user identification module, PPPoE packet identification module, to try and determine the target outlet module , and attempts to exit vlan determination module, the outlet side vlan reconstruction module, an assignment module a vlan, a correspondence relationship between a permanent vlan table generating module, an authentication result of the identifying module, the outlet-side data transceiver module, the user-side data transceiver module; the ISP said outlet means;

[0008] 所述用户侧数据收发模块,用于接收和发送用户侧数据包; [0008] The user-side data transceiver module for receiving and transmitting user-side data packet;

[0009] 所述出口侧数据收发模块,用于接收和发送出口侧数据包; [0009] The outlet-side data transceiver module for receiving and transmitting data packets outlet side;

[0010] 所述用户MAC和内网vlan识别模块,用于识别用户MAC和内网vlan; [0010] The MAC and network vlan user identification module for identifying the user and the network MAC vlan;

[0011] 所述PPPoE报文识别模块,用于识别用户PPPoE帐号; 、 [0011] The PPPoE packet identification module for identifying a user account PPPoE;,

[0012] 所述目标出口尝试和确定模块,用于获取帐号-出口-出口vlan对应关系永久表并对用户的目标出口进彳了选择芸试和识别; [0012] The target outlet try and determination module, configured to obtain account - outlet - outlet vlan correspondence relation table and the permanent user's left foot into the target outlet selection and identification test Yun;

[0013]所述出口vlan尝试和确定模块,用于获取出口vlan取值范围及绑定要求配置表、 帐号-出口-出口vlan对应关系永久表并对出口上的一户一“仙进行选择尝试和识别; [0013] The outlet vlan try and determination module, configured to obtain the range and the outlet binding requirements vlan configuration table, the account - outlet - outlet vlan correspondence relation table and an a permanent "cents on the selected outlet to try and recognition;

[0014]所述出口侧vlan重构模块,用于将用户侧的内网丫1仙包头去掉,按照用户目标出口的vlan参数及对应关系临时表,重新构建出口侧的vlan; [0014] The reconstruction module vlan outlet side, for the network user side 1 Ah Sin header removed, and the corresponding relationship between the temporary parameter vlan port table according to the target user, rebuild vlan outlet side;

[0015] 所述一户一vlan分配模块,用于对每个用户分配对应的一个vlan; [0015] The one vlan a dispensing means for dispensing a vlan corresponding to each user;

[0016]所述vlan对应关系永久表生成模块,用于存储帐号-出口—出口vlan对应关系永久表; [0016] The permanent vlan correspondence relation table generating module, configured to store account - outlet - outlet vlan permanent correspondence relation table;

[0017]所述认证结果识别模块,用于识别出口、出口vlan、用户MAC、PPPoE帐号认证结果; [0018]所述用户侧数据收发模块、用户MAC和内网vlan识别模块、PPP〇E报文识别模块、目标出口尝试和确定模块、出口vlan尝试和确定模块、出口侧vlan重构模块和出口侧数据收发模块依次连接; [0017] the authentication result identification module for identifying an outlet, the outlet vlan, the MAC, the PPPoE account authentication result; [0018] of the user-side data transceiver module, the MAC, and network identification module vlan, reported PPP〇E identification module, to try and determine the target outlet module, and the determination module attempts vlan outlet, an outlet side and an outlet side vlan reconstruction module data transceiver modules sequentially connected;

[0019]所述vlan对应关系永久表生成模块与认证结果识别模块连接,所述一户一vlan分配模块连接于出口vlan尝试和确定模块与一户一vlan对应关系永久表生成模块之间; [0019] The permanent vlan correspondence relation table generating module identification module is connected with the authentication result, said one module is connected to a dispensing outlet vlan vlan try and a determination module vlan a correspondence relationship between the permanent table generating module;

[0020]还包括第一对应关系临时表模块、第二对应关系临时表模块、用户侧vlan重构模块; [0020] further comprises a first correspondence relationship between the temporary table module, a second module corresponding relationship between the temporary table, the user-side vlan reconstruction module;

[0021]所述第一对应关系临时表模块,用于生成保存MAC-内网vlan对应关系的临时表; [0022]所述第二对应关系临时表模块,用于生成保存MAC-帐号-出口-出口vlan对应关系的临时表; [0021] The temporary first correspondence table module, for generating a MAC- network vlan stored correspondence relationship between the temporary table; [0022] The second temporary correspondence relation table module, for generating a MAC- saving account - outlet - export vlan temporary table correspondence relationship;

[0023]所述用户侧vlan重构模块,用于将出口侧的vlan包头去掉,按照MAC-内网vlan对应关系临时表,为用户重新构建所对应的用户侧的v lan; [0023] The user side vlan reconstruction module, configured to remove the header of the outlet side of the vlan according to a correspondence relationship vlan MAC- network temporary tables, users reconstruct v corresponding to LAN user side;

[0024]所述第一对应关系临时表模块与出口vlan识别模块连接;所述第二对应关系临时表模块与用户MAC和内网vlan识别模块连接;所述用户侧vlan重构模块分别与第一对应关系临时表模块、第二对应关系临时表模块和认证生成模块连接。 [0024] The first correspondence table temporary identification module and the outlet module vlan; said second correspondence table temporary MAC module connected to the user and the network identification module vlan; the user side, respectively, and the second reconstruction module vlan a corresponding relationship between the temporary table module, a second correspondence relationship between the temporary table generation module and an authentication module.

[0025] 进一步,还包括与连接用户终端的用户侧网络接口,所述用户侧网络接口与用户侧数据收发模块连接。 [0025] Further, further comprising connecting a user terminal user network interface, and the user-side interface to the user-side network data transceiver modules.

[0026]进一步,还包括与用户访问的网络目标连接的出口侧网络接口;所述出口侧网络接口与出口侧数据收发模块连接。 [0026] Further, further comprising an outlet side of the target network interface for connection to the user access; network interface side and the outlet side of the outlet connection data transceiver module.

[0027] 本发明的有益效果在于:本发明采用针对不同运营商的出口分别进行一户一vlan 网络标签转换,完成了用户在不同运营商所划设vlan之间构建网络连接通信。 [0027] Advantageous effects of the present invention is that: the present invention is carried out using a one vlan for each label switching network outlet different operators, to build a network connecting the user to complete the communication between different operators set vlan scribed. 根据不同运营商所划设vlan的要求重新构建vlan包头,完成vlan转换,使内网任意用户均能经本设备vlan转换后,与外网不同出口运营商之间的一户一vlan绑定彳目息保持一致,从而能够实现用户到运营商之间的数据正常通信,这样既可以保持小区和商城等区域的网络vlan独立, 又能解决因内网用户与不同于运营商之间vlan划分不一致所导致用户不能轻易更换出口运营商的问题,实现一个接入网络就可同时为多个一户一vlan捆绑认证机制出口的运营商提供接入,减少网络的重复建设,也减少资源的浪费,为促进互联网的发展提供一个公平竞争的平台。 Vlan reconstructed header according to a different operator requirements scribed provided vlan, vlan complete conversion, the user can make any network after conversion vlan present apparatus, the external network and between different operators an outlet a left foot binding vlan head consistent interest, thereby enabling the user to the normal communication between the data carrier, so that both may be maintained and cell area network vlan mall and other independent, and can address the user and between the network operator different from the divided inconsistent vlan the problem causing the user can not easily replace the outlet operators to implement a network access can also provide access to more than one outlet of a bundled authentication mechanism vlan operators, reduce duplication of the network, but also to reduce the waste of resources, to promote the development of the internet provide a platform for fair competition.

附图说明 BRIEF DESCRIPTION

[0028]为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步的详细描述,其中: [0028] To make the objectives, technical solutions, and advantages of the present invention will become more apparent below in conjunction with the accompanying drawings of the present invention will be further described in detail, wherein:

[0029]图1为本发明实施例提供的多个一户一vlan捆绑认证机制出口下多网融合传输系统示意图。 [0029] FIG more than one bundle vlan a one authentication mechanism provided by the multi-network exit fusion schematic embodiment of the invention the transmission system.

具体实施方式 Detailed ways

[0030]以下将参照附图,对本发明的优选实施例进行详细的描述。 [0030] below with reference to the accompanying drawings, detailed description of embodiments of the present invention is preferably. 应当理解,优选实施例仅为了说明本发明,而不是为了限制本发明的保护范围。 It should be understood that the preferred embodiments are merely illustrative of the invention and not intended to limit the scope of the present invention.

[0031]如图所示,本发明提供的多个一户一vlan捆绑认证机制出口下多网融合传输系统,包括数据接收模块、用户MAC和内网vlan识别模块、PPPoE报文识别模块、目标出口尝试和确定模块、出口vlan尝试和确定模块、出口侧vlan重构模块、一户一vlan分配模块、一户一vlan对应关系永久表生成模块、认证结果识别模块、出口侧数据收发模块、用户侧数据收发模块; [0031] As shown, a plurality of a lower outlet vlan bundled authentication mechanism of the present invention provides a multi-network integration transmission system comprising a data receiving module, MAC, and network vlan user identification module, PPPoE packet identification module, the target try and outlet determination module, and determining module attempts vlan outlet, the outlet side vlan reconstruction module, an assignment module a vlan, a correspondence relationship between a permanent vlan table generating module, an authentication result of the identifying module, the outlet-side data transceiver module, the user a data transceiver module side;

[0032]所述用户侧数据收发模块,用于接收和发送用户侧数据包; [0032] The user-side data transceiver module for receiving and transmitting user-side data packet;

[0033]所述出口侧数据收发模块,用于接收和发送出口侧数据包; [0033] The outlet-side data transceiver module for receiving and transmitting data packets outlet side;

[0034] 所述用户MAC和内网vlan识别模块,用于识别用户MAC和内网vlan; [0034] The MAC and network vlan user identification module for identifying the user and the network MAC vlan;

[0035] 所述PPPoE报文识别模块,用于识别用户PPPoE帐号; [0035] The identification module PPPoE packet, PPPoE for identifying a user account;

[0036] 所述目标出口尝试和确定模块,用于获取帐号-出口-出口vlan对应关系永久表并对用户的目标出口进行选择尝试和识别; [0036] The target outlet try and determination module, configured to obtain account - outlet - outlet vlan correspondence relationship between the target outlet permanent table and to try and select a user identification;

[0037] 所述出口vlan尝试和确定模块,用于获取出口vlan取值范围及绑定要求配置表、 帐号-出口-出口vlan对应关系永久表并对出口上的一户一vlan进行选择尝试和识别; [0037] The outlet vlan try and determination module, configured to obtain the range and the outlet binding requirements vlan configuration table, the account - outlet - outlet vlan permanent correspondence relation table and an outlet on a vlan selected to try and recognition;

[0038] 所述出口侧vlan重构模块,用于将用户侧的内网vlan包头去掉,按照用户目标出口的vlan参数及对应关系临时表,重新构建出口侧的vlan; [0038] The reconstruction module vlan outlet side, for the network users vlan header removes the side, and the corresponding relationship between the temporary parameter vlan port table according to the target user, rebuild vlan outlet side;

[0039] 所述一户一vlan分配模块,用于对每个用户分配对应的一个Vlan; [0039] The one vlan a dispensing means for dispensing a Vlan corresponding to each user;

[0040] 所述vlan对应关系永久表生成模块,用于存储帐号-出口-出口Vlan对应关系永久表; [0040] The permanent vlan correspondence relation table generating module, configured to store account - outlet - outlet Vlan permanent correspondence relation table;

[0041] 所述认证结果识别模块,用于识别出口、出口vlan、用户MAC、PPPoE帐号认证结果; [0042]所述用户侧数据收发模块、用户MAC和内网vlan识别模块、PPPoE报文识别模块、目标出口尝试和确定模块、出口vlan尝试和确定模块、出口侧Vlan重构模块和出口侧数据收发模块依次连接; [0041] the authentication result identification module for identifying an outlet, the outlet vlan, the MAC, PPPoE account authentication result; [0042] of the user-side data transceiver module, the MAC, and network identification module vlan, PPPoE packet identification module, to try and determine the target outlet module, and the determination module attempts vlan outlet, an outlet side and an outlet side vlan reconstruction module data transceiver modules sequentially connected;

[0043] 所述vlan对应关系永久表生成模块与认证结果识别模块连接,所述一户一vlan分配模块连接于出口v:Lan尝试和确定模块与一户一vlan对应关系永久表生成模块之间。 [0043] The permanent vlan correspondence relation table generating module identification module is connected with the authentication result, said one module is connected to a dispensing outlet vlan v: Lan between try and a determination module and a permanent vlan correspondence relation table generating module .

[0044]还包括第一对应关系临时表模块、第二对应关系临时表模块、用户侧vlan重构模块; [0044] further comprises a first correspondence relationship between the temporary table module, a second module corresponding relationship between the temporary table, the user-side vlan reconstruction module;

[0045] 所述第一对应关系临时表模块,用于生成保存MAC-内网vlan对应关系的临时表; [0045] the first correspondence relationship between the temporary table module for generating a MAC- network vlan stored correspondence relationship between the temporary table;

[0046] 所述第二对应关系临时表模块,用于生成保存MAC-帐号-出口-出口vlan对应关系的临时表; [0046] The second temporary table corresponding relationship module for generating a MAC- saving account - outlet - outlet vlan correspondence relationship between the temporary table;

[0047] 所述用户侧vlan重构模块,用于将出口侧的vlan包头去掉,按照mac-内网¥1£111对应关系临时表,为用户重新构建所对应的用户侧的vlan; [0047] The user side vlan reconstruction module, configured to remove the header of the outlet side of the vlan according mac- ¥ 1 £ 111 network temporary correspondence relation table for the user to rebuild vlan side corresponding to the user;

[0048] 所述第一对应关系临时表模块与出口vlan识别模块连接;所述第二对应关系临时表模块与用户MAC和内网vlan识别模块连接;所述用户侧vlan重构検块分别与第一对应关系临时表模块、第二对应关系临时表模块和认证生成模块连接。 [0048] The first correspondence table temporary identification module and the outlet module vlan; said second correspondence table temporary MAC module connected to the user and the network identification module vlan; user side of the block respectively vlan reconstructed ken a temporary first correspondence table module, a second correspondence relationship between the temporary table generation module and an authentication module.

[0049] 还包括与连接用户终端的用户侧网络接口,所述用户侧网络接口与用户侧数据收; 发模块连接。 [0049] The connector further includes a user terminal user network interface, and the user-side network interface with the user-side data received; send module.

[0050] 还包括与用户访问的网络目标连接的出口侧网络接口;所述出口侧网络接口与出口侧数据收发模块连接。 [0050] further includes an outlet-side target network interface for connection to the user access; network interface side and the outlet side of the outlet connection data transceiver module.

[0051] 本实施例提供的多个一户一vlan捆绑认证机制出口下多网融合传输系统中各个组成部分工作过程按照以下步骤进行: [0051] a plurality of bundling a vlan authentication mechanism of the present embodiment provides the outlet portion of each multi-network integration process Composition of the transmission system in accordance with the following steps:

[0052] S1:接收到用户PPPoE数据包; [0052] S1: receiving a user PPPoE packet;

[0053] S2:判断用户PPPoE数据包的MAC最后一次登录状态是否为登录成功;所述步骤S2 中如果用户PPPoE数据包的MAC最后一次登录状态没有登录成功;则按照以下步骤执行: [0053] S2: PPPoE packet determines that the user last logged MAC whether login succeeds; step S2, if the user PPPoE packet MAC last successful login is not logged; perform the following steps:

[0054] S21:判断该MAC现在是否未处于尝试vlan状态; [0054] S21: determines whether or not now is not in the MAC attempt vlan state;

[0055] 所述步骤S21中MAC现在处于尝试vlan状态,则按照以下步骤执行: [0055] In step S21, the MAC is now in state attempts vlan, perform the following steps:

[0056] S211:判断该MAC是否还未尝试完假定出口上的所有vlan;如果否,则进入步骤S215; [0056] S211: determining whether the MAC has not yet completed all attempts to assume the vlan outlet; if not, the process proceeds to step S215;

[0057] S212 :如果是,则将该MAC临时固定到下一个假定出口上,按照该出口上的空闲vlan进行一一尝试; [0057] S212: If it is, the temporarily fixed to the lower MAC outlet on an assumption, be able to try on the vlan according to the idle outlet;

[0058] S21:3:判断该MAC使用当前的帐号在现在当前的出口上使用空闲vlan是否登录成功;如果MAC使用当前的帐号在现在当前的出口上使用空闲vlan登录没有成功,则进入步骤S215; [0058] S21: 3: determines whether the MAC uses the current account using idle vlan whether the login is successful in the current outlet now; if the MAC using the current account using idle on the current outlet now vlan login is not successful, the process proceeds to step S215 ;

[0059] S214:如果MAC使用当前的帐号在现在当前的出口上使用空闲vlan登录成功,则将该MAC、帐号、出口、出口vlan信息写入登录成功的记录,删除该MAC处于尝试vlan状态的标记(视作新用户即对假定出口上的空闲vlan进行一一尝试); [0059] S214: If the MAC using the current account using a spare vlan on the current export now log in successfully, the MAC, the account, export, export vlan information is written to log successful track record, delete the MAC in an attempt vlan state mark (as the new user that is assumed to idle vlan on export one by one try);

[0060] S215:判断该MAC是尝试完所出口和所有出口的所有空闲vlan;如果否,则返回步骤S21X^tMAC现在是否未处于尝试vlan状态进行判断;如果是,则删除该MAC处于尝试出口状态的标记和删除尝试vlan状态的标记(视作新用户即对所有出口所有vlan尝试均失败)。 [0060] S215: determining whether the MAC is to try to complete the outlet and all all idle vlan port; if not, returns to step S21X ^ tMAC now if not in attempts vlan state determination; if so, delete the MAC in trial outlet marking and erasure of a state attempt vlan tag (that is viewed as a new user vlan all else fails on all exports). [0061] S22:如果是,则判断该MAC现在是否未处于尝试出口状态;所述步骤S22中MAC现在处于尝试出口状态,则按照以下步骤执行: [0061] S22: If it is, it is determined whether it is now not in the MAC outlet attempt state; in the step S22 is now in attempt MAC outlet state, the following steps:

[0062] S221:判断该MAC是否还未尝试完所有出口,如果否,则进入步骤S225; [0062] S221: determining whether the MAC has not yet completed all attempts to exit, if NO, the process proceeds to step S225;

[0063] S222:如果是,则将该MAC按照出口顺序,更换到下一个出口进行一一初次尝试,且在尝试的出口上使用该出口的空闲的vlan进行尝试; [0063] S222: If it is, then the MAC outlet according to the order, the next outlet to replace one by one the first attempt, and on attempts to use the spare outlet port vlan attempt;

[0064] S223:判断该MAC使用当前的帐号,在现在尝试的出口上是否登录成功,如果否,则进入步骤S221: [0064] S223: determine the MAC using the current account is logged in on the success of current attempts to export, and if not, to step S221:

[0065] S224:如果是,则将该MAC、帐号、出口、出口vlan信息写入登录成功的记录,删除该MAC处于尝试出口状态的标记(视作新用户:对出口进行一一尝试); [0065] S224: If it is, the MAC, the account, export, export vlan login information written record of success, try to delete the MAC in export mark state (regarded as a new user: try to exit one by one);

[0066] S225:将该MAC临时固定到一个假定出口上,按照该出口上的空闲vlan进行一一尝试; [0066] S225: The temporarily fixed to a MAC outlet assumed, be able to try on the vlan according to the idle outlet;

[0067] S226:判断该MAC使用当前的帐号,在现在当前的出口的空闲vlan上是否登录成功,如果否,则将该MAC写入处于尝试vlan状态的标记; [0067] S226: The MAC determines the current account, on the idle current export vlan now whether the login is successful, if not, the flag is written in the MAC attempt vlan state;

[0068] 所述步骤S226中将MAC写入处于尝试vlan状态的标记后;还按照以下步骤执行:返回步骤S21对MAC现在是否未处于尝试vlan状态进行判断; [0068] The MAC in the step S226 is written in the flag state attempts vlan; further performs the following steps: now returns to step S21 whether or not in the MAC vlan state determination attempt;

[0069] S227:如果是,则将该MAC、帐号、出口、出□ vlan信息写入登录成功的记录,删除该MAC处于尝试vlan状态的标记(视作新用户:对假定出口上的空闲vlan进行一一尝试)。 [0069] S227: If it is, the MAC, the account, export a record □ vlan information is written to log successful attempts to remove the mark in the MAC vlan state (regarded as a new user: to assume idle vlan on exports one by one try).

[0070] S23:如果MAC现在未处于尝试出口状态,则将该MAC按出口顺序,假定一个出口进行初次尝试,且在这个尝试的出口上使用该出口的空闲的vlan进行尝试; [0070] S23: If the current is not in the MAC outlet attempt state, according to the MAC outlet order, assuming an outlet for a first attempt, and to use the idle outlet vlan attempt to try in this outlet;

[0071] S24:判断该MAC使用当前的帐号,在现在尝试的出口上是否登录成功,如果现在尝试的出口没有登录成功,则将该MAC写入处于尝试出口状态的标记;并返回步骤S21对MAC现在是否未处于尝试vlan状态进行判断; [0071] S24: The MAC determines the current account, on the exit is now attempted login is successful, if we try to exit not the login is successful, then the flag is written to try MAC outlet state; and returns to step S21 to now if the MAC is not in attempts vlan state determination;

[0072] S25:如果现在尝试的出口登录成功,则将该MAC、帐号、出口、出口Vlan信息写入登录成功的记录(视作新用户即首次尝试就登录成功); [0072] S25: If you now try to export the login is successful, then the MAC, accounts, export, export Vlan login information written record of success (that is treated as a new user log in successfully on the first attempt);

[0073] S3:如果是,则按照MAC最后一次登录成功的出口和出口vlan转发后续PPPoE报文; [0074] S4:判断当前使用的帐号是否已在帐号、出口、出口vlan对应关系记录中;如果否, 则将该MAC按照当前使用的帐号,按帐号、出口、出口vlan对应关系转发后续PPP〇E报文,直到结束通信; [0073] S3: If so, then in accordance with the outlet and the outlet vlan last MAC successful login forwards the subsequent PPPoE packets; [0074] S4: determining the account currently in use whether the correspondence relationship recorded in the account, the outlet, the outlet vlan; If not, then the MAC in the account currently in use, according to the account, the outlet, the outlet vlan PPP〇E subsequent correspondence forwards packets, until the end of communication;

[0075] S5:如果是,则判断当前使用的帐号是否与该MAC最后一次登录成功的记录一致; 如果否,则从登录成功的记录中删除该MAC对应的信息; [0075] S5: If yes, it is determined whether the current account last login to use the same MAC records successful; otherwise, the login is successful from the recording remove information corresponding to the MAC;

[0076] S6:如果当前使用的帐号与该MAC最后一次登录成功的记录一致,则固定该MAC按照最后一次登录成功的出口和出口vlan转发后续PPPoE报文(视作老用户并按既有的帐号、 出口、出口vlan对应关系进行处理和转发),直到结束通信。 [0076] S6: If you are using the account record of consistent success with the MAC last logged in, fixed the MAC forwarding subsequent PPPoE packets in accordance with the last successful login exports and export vlan (treated as existing and old customers and press account, outlet, outlet vlan process and transmit the corresponding relationship) until the end of communication.

[0077] 本实施例中的VLAN是指802. lq和QINQ的VLAN。 [0077] The embodiment of the present embodiment refers to 802. lq VLAN and a VLAN QINQ.

[0078] 本实施例中的一户一vlan是指某些ISP运营商为确保网络安全和防止用户间帐号互相借用,采取的每个vlan限制为只能一个用户使用的一种技术措施,即该ISP运营商下的每个用户都需要使用各不相同的vlan才能接入。 [0078] The present embodiment refers to a vlan a certain ISP network operator to ensure safety and prevent user accounts between each other to borrow, each vlan taken as a technical measure can limit a user, i.e., each user in the ISP operators need to use a different vlan can access.

[0079] 出口:指ISP;出口vlan,即指ISP所能允许接入的vlan。 [0079] Export: means ISP; vlan outlet, meaning that will permit vlan ISP access.

[0080]最后说明的是,以上实施例仅用以说明本发明的技术方案而非限制,尽管通过参照本发明的优选实施例已经对本发明进行了描述,但本领域的普通技术人员应当理解,可以在形式上和细节上对其做出各种各样的改变,而不偏离本发明所限定的精神和范围。 [0080] Finally is noted that, the above embodiments are intended to illustrate and not limit the present invention, although the embodiments of the present invention has been described with reference to the preferred embodiment of the invention, but those of ordinary skill in the art should be understood, various changes may be made in form and detail without departing from the defined scope and spirit of the invention.

Claims (3)

1.多个一户一vlan捆绑认证机制出口下多网融合传输系统,其特征在于:包括数据接收模块、用户MAC和内网vlan识别模块、PPPoE报文识别模块、目标出口尝试和确定模块、出口vlan尝试和确定模块、出口侧vlan重构模块、一户一vlan分配模块、一户一vlan对应关系永久表生成模块、认证结果识别模块、出口侧数据收发模块和用户侧数据收发模块;所述出口指ISP; 所述用户侧数据收发模块,用于接收和发送用户侧数据包; 所述出口侧数据收发模块,用于接收和发送出口侧数据包; 所述用户MAC和内网vlan识别模块,用于识别用户MAC和内网vlan; 所述PPPoE报文识别模块,用于识别用户PPPoE帐号; 所述目标出口尝试和确定模块,用于获取帐号-出口-出口vlan对应关系永久表并对用户的目标出口进行选择尝试和识别; 所述出口vlan尝试和确定模块,用于获取出口vlan取值范围及绑 1. vlan bundling a plurality of a mechanism for authentication at the outlet multiplay transmission system comprising: a data receiving module, MAC, and network vlan user identification module, PPPoE packet identification module, to try and determine the target outlet module, vlan determination module try and outlet, the outlet side vlan reconstruction module, an assignment module a vlan, a correspondence relationship between a permanent vlan table generating module, an authentication result of the identifying module, and an outlet side of the user-side data transceiver module data transceiver module; the said outlet means the ISP; the user-side data transceiver module for receiving and transmitting user-side data packet; said outlet-side data transceiver module for receiving and transmitting data packets outlet side; the user MAC and network identification vlan means for identifying the user and the network MAC vlan; the PPPoE packet identification module for identifying a user account PPPoE; try and determine the target outlet module, configured to obtain account - outlet - outlet vlan correspondence relation table and permanent for the user to select the target outlet to try and identify; vlan try and determine the outlet module, configured to obtain the range and the outlet tied vlan 定要求配置表、帐号-出口-出口vlan对应关系永久表并对出口上的一户一vlan进行选择尝试和识别; 所述出口侧vlan重构模块,用于将用户侧的内网vlan包头去掉,按照用户目标出口的vlan参数及对应关系临时表,重新构建出口侧的vlan; 所述一户一vlan分配模块,用于对每个用户分配对应的一个vlan; 所述vlan对应关系永久表生成模块,用于存储帐号-出口-出口vlan对应关系永久表; 所述认证结果识别模块,用于识别出口、出口vlan、用户MAC、PPP〇E帐号认证结果; 所述用户侧数据收发模块、用户MAC和内网V lan识别模块、PPPoE报文识别模块、目标出口尝试和确定模块、出口vlan尝试和确定模块、出口侧vlan重构模块和出口侧数据收发模块依次连接; 所述vlan对应关系永久表生成模块与认证结果识别模块连接,所述一户一Vlan分配模块连接于出口vlan尝试和确定模块与一户 Configuration table given requirements, account number - outlet - outlet vlan permanent correspondence relation table and an outlet on a vlan selected to try and identify; vlan the outlet side of a reconstruction module for the network user side header removes vlan , and the corresponding relationship between the temporary vlan parameter table according to the user's target outlet, the outlet side of the rebuild vlan; the one vlan a dispensing means for dispensing a corresponding vlan for each user; vlan said correspondence relation table generating permanent means for storing account - outlet - outlet vlan permanent correspondence relation table; the authentication result identification module for identifying an outlet, the outlet vlan, the MAC user, PPP〇E account authentication result; the user-side data transceiver module, the user V lan MAC and network identification module, PPPoE packet identification module, to try and determine the target outlet module, and the determination module attempts vlan outlet, an outlet side and an outlet side vlan reconstruction module data transceiver modules sequentially connected; the correspondence relationship permanent vlan table generating module connected to the identification result of the authentication module, the one module is connected to a dispensing outlet vlan vlan try and a determining module vlan对应关系永久表生成模块之间; 还包括第一对应关系临时表模块、第二对应关系临时表模块和用户侧vlan重构模块; 所述第一对应关系临时表模块,用于生成保存MAC-内网vlan对应关系的临时表; 所述第二对应关系临时表模块,用于生成保存MAC-帐号-出口-出口vlan对应关系的临时表; 所述用户侧vlan重构模块,用于将出口侧的vlan包头去掉,按照MAC-内网vlan对应关系临时表,为用户重新构建所对应的用户侧的vlan; 所述第一对应关系临时表模块与出口vlan识别模块连接;所述第二对应关系临时表模块与用户MAC和内网vlan识别模块连接;所述用户侧vlan重构模块分别与第一对应关系临时表模块、第二对应关系临时表模块和认证生成模块连接。 vlan correspondence relationship between the permanent table generating module; Linshi further comprises a first correspondence table module, a second correspondence table module and a user side Linshi vlan reconstruction module; Linshi the first correspondence table module, for creating and storing MAC - a temporary network vlan correspondence relation table; said temporary second correspondence table module, for generating a MAC- saving account - outlet - outlet vlan correspondence relation temporary table; vlan reconstruction module the user side, for an outlet side header removes the vlan according to a correspondence relationship vlan MAC- network temporary table to rebuild vlan user corresponding to the user side; the first correspondence table module is connected to the outlet temporary identification module vlan; the second correspondence relation table temporary MAC module and the user identification module and a network connection vlan; vlan the user-side relation temporary table reconstruction module respectively corresponding to the first module, the second module and the corresponding relationship between the temporary table generation module connection authentication.
2.根据权利要求1所述的多个一户一vlan捆绑认证机制出口下多网融合传输系统,其特征在于:还包括与连接用户终端的用户侧网络接口,所述用户侧网络接口与用户侧数据收发模块连接。 The said more than one outlet at a bundled multi-network authentication mechanism vlan a fusion transmission system as claimed in claim, characterized in that: the user terminal further comprises a connection interface to the user network, the user interface and the user-side network a data transceiver module connection side.
3.根据权利要求1所述的多个一户一vlan捆绑认证机制出口下多网融合传输系统,其特征在于:还包括与用户访问的网络目标连接的出口侧网络接口;所述出口侧网络接口与出口侧数据收发模块连接。 The vlan a plurality of a bundle of the authentication mechanism as claimed in claim 1, the lower outlet multiplay transmission system, characterized by: further comprising an outlet side of the target network interface for connection to the user access; the outlet side of the network an interface connected to the outlet side of the data transceiver module.
CN201410718933.4A 2014-12-02 2014-12-02 More than one outlet at a vlan multi-network integration transmission system bundled authentication mechanism CN104601418B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410718933.4A CN104601418B (en) 2014-12-02 2014-12-02 More than one outlet at a vlan multi-network integration transmission system bundled authentication mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410718933.4A CN104601418B (en) 2014-12-02 2014-12-02 More than one outlet at a vlan multi-network integration transmission system bundled authentication mechanism

Publications (2)

Publication Number Publication Date
CN104601418A CN104601418A (en) 2015-05-06
CN104601418B true CN104601418B (en) 2017-11-21

Family

ID=53126942

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410718933.4A CN104601418B (en) 2014-12-02 2014-12-02 More than one outlet at a vlan multi-network integration transmission system bundled authentication mechanism

Country Status (1)

Country Link
CN (1) CN104601418B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5949783A (en) * 1997-09-08 1999-09-07 3Com Corporation LAN emulation subsystems for supporting multiple virtual LANS
CN1633102A (en) * 2003-12-24 2005-06-29 华为技术有限公司 Method for implementing NAT traversing and system thereof
CN101197760A (en) * 2006-12-05 2008-06-11 中兴通讯股份有限公司 User grouping intercommunication/isolation device in virtual special network service

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5949783A (en) * 1997-09-08 1999-09-07 3Com Corporation LAN emulation subsystems for supporting multiple virtual LANS
CN1633102A (en) * 2003-12-24 2005-06-29 华为技术有限公司 Method for implementing NAT traversing and system thereof
CN101197760A (en) * 2006-12-05 2008-06-11 中兴通讯股份有限公司 User grouping intercommunication/isolation device in virtual special network service

Also Published As

Publication number Publication date
CN104601418A (en) 2015-05-06

Similar Documents

Publication Publication Date Title
CN100553196C (en) Apparatus and method for integrated billing management by real-time session management in wire/wireless integrated service network
Ekanayake et al. Smart grid: technology and applications
US20080235770A1 (en) System and Method of Network Authentication, Authorization and Accounting
CA2404907A1 (en) Methods and apparatus for processing network data transmissions
CN102576345A (en) Dynamic management of network flows
WO2005076884A3 (en) Wi-fi service delivery platform for retail service providers
CN104067591B (en) Global equipment for real-time remote communications, systems and methods
KR100740604B1 (en) Communication method, line provider apparatus, line lender apparatus
CA2468667A1 (en) System and method for identifying and accessing network services
BRPI0515074A (en) architecture to facilitate group sessions through dispatch operators
CN1441573A (en) Virtual LAN connector
CN1416239A (en) Method for switching in virtual local area network of the access network with mixed optical fiber and coaxial line
CN102291796A (en) Data transmission method, and system management control center
KR101538424B1 (en) Terminal for payment and local network monitoring
US8369232B2 (en) Terminal device, system and method for measuring traffic based on user services
US7283537B2 (en) Network system and packet data transmission method
CN104023092B (en) A method for implementing packet directional flow system and
CN1486029A (en) Method for implementing EAP authentication in remote authentication based network
CN1323522C (en) Method for determining relation between routers at fringe of client site and virtual private network
CN101252592B (en) Method and system for tracing network source of IP network
EP1681796B1 (en) Wireless local area network prepaid billing system and method
CN101282276B (en) Method and apparatus for protecting Ethernet tree service
US8416787B2 (en) Method, system and apparatus for implementing L2VPN between autonomous systems
CN102437914B (en) Method by utilizing telecommunication network to supply user identity label and user identity authentication to Internet service
CN102710777B (en) Advertisement push-delivery method and system, as well as advertisement pusher

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
GR01