CN104917719B - User terminal network appliance and the method for Telnet - Google Patents
User terminal network appliance and the method for Telnet Download PDFInfo
- Publication number
- CN104917719B CN104917719B CN201410086309.7A CN201410086309A CN104917719B CN 104917719 B CN104917719 B CN 104917719B CN 201410086309 A CN201410086309 A CN 201410086309A CN 104917719 B CN104917719 B CN 104917719B
- Authority
- CN
- China
- Prior art keywords
- network
- port
- telnet
- isp server
- user terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
Abstract
A kind of user terminal network appliance, with the upper layer network in LAN and lower floor's network service, the LAN communicates with isp server.The user terminal network appliance includes search module, configuration module, logins module and closedown module.Search module is used to receive to search from the upper layer network to order and enter line search to the other users end network equipment in lower floor's network.Configuration module is used to receive order from the upper layer network to carry out port configuration, while receives the port of the upper layer network distribution and be used as telnet default ports.Login module telecommunication is established with isp server by the telnet default ports and be connected.Closedown module is used to receive order from the upper layer network to close remote login service, discharges corresponding port.The present invention also proposes a kind of method of Telnet.Above-mentioned user terminal network appliance and the method for Telnet can make ISP pass through the direct Telnet clients end network equipment of dynamic port.
Description
Technical field
The present invention relates to network communication field, more particularly to one kind make ISP (Intemet Service Provider, mutually
The Internet services provider) can be by dynamically distributes the user terminal network appliance of the direct Telnet in port and the side of Telnet
Method.
Background technology
With the development of Internet technology, the increasing network equipment is used in disparate networks, wherein, ISP leads to
Cross the network equipment and provide the user respective service, and the CPE in user terminal (Customer Premise Equipment, is used
The family end network equipment) while ISP services are received, be also frequently necessary to receive isp server management carry out setting accordingly,
Safeguard or update.When general ISP is upgraded for CPE products, changes the management action such as setting and maintenance, mostly using long-range
The mode for logging in (telnet, Telnet) is carried out, and associative operation is carried out after remotely logining CPE.But looked forward to due to many now
Private address is used inside industry LAN, is taken through NAT (Network Address Translation, network address translation)
Business device communicates with public network, and therefore, isp server can not directly learn the network address for the CPE that NAT rear ends need to manage and carry out
Telnet, this manages ISP its CPE and causes certain difficulty, in addition, ISP is to NAT rear ends, how many needs the CPE numbers managed
Amount is difficult to distinguish, also easily mixes the CPE for needing to manage with being not required to the CPE of management.Meanwhile general telnet default ports are consolidated
It is set to 23, potential security breaches are also brought in fixed port.Therefore, how by telnet exactly with needing the mesh that manages
CPE establish telecommunication, while make management safer, be a urgent problem.
The content of the invention
In view of this, the present invention provides a kind of user terminal network appliance, makes isp server directly remote by dynamic port
User terminal network appliance in Cheng Denglu LANs, realize isp server to the user terminal network appliance in its service range
More effectively, safer management.
In addition, the present invention also provides a kind of remote entry method, isp server is made directly can remotely to be stepped on by dynamic port
The user terminal network appliance in LAN is recorded, realizes isp server more having to the user terminal network appliance in its service range
Effect, safer management.
The user terminal network appliance that embodiment of the present invention provides, leads to the upper layer network in LAN and lower floor's network
Letter, upper layer network all include at least one other user terminal network appliance with lower floor's network, and LAN communicates with isp server.
The user terminal network appliance includes search module, configuration module, logins module.Search module is used to receive from upper layer network
Enter line search to the other users end network equipment in lower floor's network after searching order, confirm to belong to ISP services in lower floor's network
The quantity of the other users end network equipment of device management, and quantity is reported to upper layer network.Configuration module is used to receive
Port configuration is carried out after the configuration order of upper layer network and receives the port that upper layer network is distributed, port configuration includes:Open
Remote login service, using the port of upper layer network distribution as the Telnet default port of user terminal network appliance, according to upper
The port of layer network distribution and the quantity of search module report are to belonging to the other users end of isp server management in lower floor's network
The network equipment carry out port assignment, send be the other users end network equipment distribution port and configuration order into lower floor's network
Belong to the other users end network equipment of institute's SP server admins.Module is logined, for being monitored by Telnet default port
Remote Login request from upper layer network, when the package destination interface of Remote Login request matches with Telnet default port
When, telecommunication is established with isp server by Telnet default port and is connected.
Preferably, when user terminal network appliance be in LAN it is top when, user terminal network appliance leads to isp server
Letter, receives search order, configuration order and the Remote Login request of isp server, and isp server is that the user terminal network is set
The port that back-up is matched somebody with somebody is the dynamic port being randomly assigned.
Preferably, user terminal network appliance also includes closedown module, and closedown module, which is used to receive from upper layer network, closes far
The order of journey login service, the remote login service of ustomer premises access equipment is closed, discharge Telnet default port.
Preferably, when user terminal network appliance is not at bottom network, configuration module is additionally operable to open package forwarding
Function, closedown module be additionally operable to send close remote login service order belong into lower floor's network isp server management its
His user terminal network appliance, and close package forwarding capability.
Preferably, configuration module is additionally operable to receive the other users end network for belonging to isp server management in lower floor's network
The port assignment and configuration result of device replied.
The method for the Telnet that embodiment of the present invention is provided, applied to user terminal network appliance, user terminal network
Equipment and the upper layer network in LAN and lower floor's network service, upper layer network all include at least one other use with lower floor's network
The family end network equipment, LAN communicate with isp server.It the described method comprises the following steps:Search is received from upper layer network
Enter line search after order to the other users end network equipment in lower floor's network, confirm to belong to isp server pipe in lower floor's network
The quantity of the other users end network equipment of reason, and quantity is reported to upper layer network;Ordered in the configuration for receiving upper layer network
Port configuration is carried out after order and receives the port that upper layer network is distributed, port configuration includes:Open remote login service, the above
The port of layer network distribution is Telnet default port according to the port of upper layer network distribution and the number of search module report
Measure and port assignment is carried out to the other users end network equipment for belonging to isp server management in lower floor's network, send and used for other
The port of family end network equipment distribution and configuration order belong to the other users end of the isp server management into lower floor's network
The network equipment;Remote Login request from upper layer network is monitored by Telnet default port, when Remote Login request
When package destination interface matches with Telnet default port, established by Telnet default port and the isp server
Telecommunication connects.
Preferably, when user terminal network appliance be in LAN it is top when, user terminal network appliance leads to isp server
Letter, receives search order, configuration order and the Remote Login request of isp server, and isp server is user terminal network appliance point
The port matched somebody with somebody is the dynamic port being randomly assigned.
Preferably, methods described is further comprising the steps of:The order for closing remote login service is received from upper layer network, is closed
The remote login service of ustomer premises access equipment is closed, discharges Telnet default port.
Preferably, methods described is further comprising the steps of:When user terminal network appliance is not at bottom network, open
Package forwarding capability, send and close the other users that remote login service order belongs to isp server management into lower floor's network
The network equipment is held, closes package forwarding capability.
Preferably, methods described is further comprising the steps of:Receive other use for belonging to isp server management in lower floor's network
The port assignment and configuration result that the family end network equipment is replied.
User terminal network appliance and remote entry method provided in embodiment of the present invention by searching confirmation layer by layer
All user terminal network appliance quantity belonged in the range of isp server, by it is progressive for user terminal network appliance with
Machine distributes port as telnet ports, makes isp server can be by the user in the direct Telnet LAN of dynamic port
The network equipment is held, realizes single long-range line, while dynamic port also makes Telnet safer, is not easy to be attacked, and realizes
More effective, safer to user terminal network appliance in its service range ISP management.
Brief description of the drawings
Fig. 1 is the application environment schematic diagram of the embodiment of user terminal network appliance one of the present invention.
Fig. 2 is the functional block diagram of the embodiment of user terminal network appliance one in Fig. 1.
Fig. 3 is the functional block diagram of another embodiment of user terminal network appliance in the present invention.
Fig. 4 is the flow chart of the embodiment of method one of the Telnet clients end of the present invention network equipment.
Fig. 5 is to realize that CPE searches the refined flow chart of an embodiment in Fig. 4 in step S400.
Fig. 6 is to realize that port configures the flow chart of an embodiment in Fig. 4 in step S402 and step S404.
Fig. 7 is the flow chart for realizing the embodiments of Telnet CPE mono- in Fig. 4 in step S404.
Fig. 8 is the flow chart that the embodiment of remote login service one is closed in user terminal network appliance of the present invention.
Fig. 9 is the sample list of search result one that user terminal network appliance receives in an embodiment in the present invention.
Figure 10 is that user terminal network appliance carries out destination address one sample list of conversion in an embodiment in the present invention.
Main element symbol description
LAN 10
Isp server 20
CPE 101、102、103、104、105、106
Processor 1011
Storaging medium 1012
Search module 10121
Configuration module 10122
Login module 10123
Closedown module 10124
Database 10125
Following embodiment will combine above-mentioned accompanying drawing and further illustrate the present invention.
Embodiment
Fig. 1 is the application environment schematic diagram of an embodiment of the present invention.In the present embodiment, multiple CPE101,102,
103rd, 104,105,106 in LAN 10, and isp server 20 is located at outside LAN 10, is carried for some CPE in LAN
For related service and manage.Numerous CPE in LAN 10 form multitiered network, and CPE101 is that the first layer network is root
CPE, CPE102~104 are located at the second layer network, and CPE105 and CPE106 are then third layer namely bottom network.In LAN
Portion uses private address, is communicated by NAT with public network, and herein, CPE101 also functions as the role of NAT main frames.
LAN 10 forms the application environment of the specific embodiment of the invention, it is necessary to illustrate together with isp server 20,
In embodiments of the present invention, isp server 20 can be more than one or more, and one is only shown for diagram simplicity in Fig. 1,
Not limited to this in practical application.
It should be noted that in an embodiment of the present invention, CPE101,102,103,104,105,106 can be multiple
There is the network equipment such as router, gateway even PC etc. of DHCP functions, nat feature above, the present invention to this not
It is limited.
It should be noted that in an embodiment of the present invention, root CPE serve as the angle of NAT main frames in LAN 10
Color, realize that NAT is changed for the communication package of equipment and public network in LAN 10.Each CPE in LAN 10 can be used as NAT
Port is distributed for lower floor CPE and carries out necessary package address conversion.
It should be noted that the CPE in LAN 10 might not be in ISP service range, when CPE does not take in ISP
When in the range of business, then isp server management is not belonging to.In the following description, for convenience of description, root in this LAN 10 is given tacit consent to
CPE is that CPE101 belongs to isp server management, and in lower floor's network in addition to CPE103, other CPE belong to isp server 20
Management.
It should be noted that the number of plies of the inside multitiered network of LAN 10 can be more than at least one layer, herein to this not
It is restricted.
Need to illustrate when, be top network because CPE101 serves as root CPE in LAN 10, therefore after this paper
In continuous description, for CPE101, its upper layer network is considered as isp server 20.
It should be noted that because CPE101,102,103,104,105,106 are structure function identical devices, thus
Only using one of them as representative in following explanation.
In an embodiment of the present invention, when isp server 20 need to service it is corresponding in LAN 10
When CPE is managed, corresponding operating can be carried out by the corresponding CPE of telnet mode Telnets, thus complete CPE management.
Referring to Fig. 2, it show the functional block diagram of the embodiments of CPE mono- in the present invention.This enters exemplified by sentencing CPEl01
Row explanation.CPE101 include search module 10121, configuration module 10122, login module 10123, closedown module 10124 and
Database 10125.
Search module 10121 is used to receive the checking on upper strata and lower floor is verified, and performs function of searching to confirm
Belong to the CPE of isp server 20 quantity.Exemplified by this sentences CPE101, serviced when search module 10121 receives from ISP
During the authentication requesting of device 20, the user name made an appointment and password to isp server 20 can be sent, continue after being proved to be successful etc.
Treat, when receiving ISP search orders, if itself there is lower floor CPE, authentication requesting sent to all CPE in the second layer network,
The CPE being verified then belongs to isp server 20 and managed.When have in the second layer network belong to isp server 20 management CPE
When (this is sentenced exemplified by CPE102 and CPE103), search module 10121 sends to search to CPE102 and CPE103 and orders and open again
Beginning timing, timing time is presetting when sending order by isp server 20, successively decreases layer by layer in the clocking internal time of LAN 10, such as
First layer network is T, then the second layer network can be T/2, and the rest may be inferred.CPE102 and CPE103 searches CPE by it is replied
Quantity after search module 10121 receives reply, is replied to ISP to search module 10121 and searches the search result of oneself, search
The CPE quantity sought should be:All reply quantity+1 received.For example, in LAN 10, without lower floor's network under CPE102
CPE, therefore it is replied search module 10121 and searches quantity and should be and have CPE105 and CPE106 under 1, CPE104, therefore it is replied and searched
Module 10121 searches quantity and should be 3, for CPE103, is managed because it is not belonging to isp server 20, loses checking in checking
Lose, search module 10121 learns that it is not belonging to ISP management, search order will not be sent to it, therefore CPE103 searches quantity acquiescence
For 0.For above-mentioned search result, search module 10121 will recorded in database 10125 and establish corresponding form and be deposited
Storage, is then the simple record to foregoing description as shown in Figure 9, and the present invention is not limited to physical record form.As described above, most
Eventually, search module 10121 responds the search order of isp server 20, and search result is returned back into isp server 20:Search
Isp server 20 manage CPE quantity be:1+3+1=5.In timing time, own if not receiving in the second layer network
Belong to the CPE of the management of isp server 20 reply, search module 10121 can continue monitoring until timing terminates, then will now
The CPE quantity for belonging to the management of isp server 20 searched replys isp server 20.In addition, if search module 10121 is connected to
Isp server 20 finds to have no lower floor CPE or to finding not over checking after CPE checkings in the second layer network after searching order
CPE, then directly reply ISP search quantity be 1, i.e. only mono- CPE of CPE101 returns its management in ISP service ranges.On
All search results (each layer network CPE searches quantity) are stated to be stored in database 10125 in case inquiring about.
Configuration module 10122 is used to carry out port assignment to lower floor CPE and port is configured.Isp server 20 connects
After the CPE quantity for receiving the reply of search module 10121, a port and this port numbers and open are randomly assigned for CPE101
Port send orders are sent to CPE101, it is desirable to which CPE101 belongs to isp server 20 for the second layer network in LAN 10 again and managed
The CPE of reason carries out port assignment and configured all to have distributed port.After configuration module 10122 receives above-mentioned port and order, according to
According to report search quantity be the second layer network in it is all belong to isp server 20 management CPE distribute ports, port assignment with
Based on port of the isp server 20 for itself distribution.CPE101 orders the port numbers distributed and open port send
Order retransmits into the second layer network all CPE for belonging to the management of isp server 20, it is desirable to which it in third layer network again to belonging to
The CPE that isp server 20 manages carries out port assignment and configuration, so layer by layer deeply, until bottom network.Bottom network
In belong to isp server 20 management CPE receive its last layer CPE distribution port numbers after and open port send orders
Afterwards, directly open remote login service, and be the port that it is distributed as telnet default ports using last layer CPE, configure
Last layer is responded with open port response after, port assignment result and configuring condition are included in order.Last layer CPE
After receiving response, open remote login service, and using last layer CPE again be the port that it is distributed as telnet default ports,
Port fotwarding (package forwarding mechanism) are opened simultaneously, are so reported layer by layer.For CPE101, when it receives the second layer
During the open port response orders that all CPE for belonging to the management of isp server 20 of network are responded, Telnet clothes are opened
Business, using the port that isp server 20 is its distribution as telnet default ports, while port forwarding are opened, forwarding rule
It is then:Forwarding destination interface is that the telnet for the CPE for belonging to the management of isp server 20 in all lower floor's networks of CPE101 gives tacit consent to end
The package of slogan.After the completion of configuration, CPE101 responds isp server 20 with open port response, informs its LAN
Each CPE port allocation result and configuring condition in 10.Above-mentioned port assignment and configuration detailed process are as follows:If isp server 20
It is 340 to the port that CPE 101 is distributed, then configuration module 10122 is that the port number that CPE102 and CPEl03 is distributed should be
341st, 342 etc., specific port numbers situation is different according to the CPE quantity that each CPE originals report, and port numbers order is according to CPE
MAC sizes are incrementally distributed.For example, it is 1 that CPE102 originals, which report quantity, and it is 3 that CPE104 originals, which report quantity, and CPE102 MAC
Address is more than CPE104, then configuration module 10122 is 340+1=341 to the port numbers that CPE104 is distributed, to CPE102 distribution
Port numbers are 340+1+3=344, and the rest may be inferred, and CPE104 is that the port of CPE105 distribution is 342, for the end of CPE106 distribution
Mouth is 343, and above-mentioned corresponding ports are set to respective telnet default ports by each CPE again.In this way, CPE101 port
Forwarding forwarding rule be:The package that destination interface scope is 341-344 is forwarded, other each layer CPE are by that analogy.It is above-mentioned
Port assignment and configuration result include CPE and corresponding telnet default port numbers and corresponding port forwarding ports model
Enclose also while be stored in database 10125 in case inquiring about.
Module 10123 is logined to be used to realize Telnet of the isp server 20 to corresponding CPE.Still by taking CPE101 as an example,
Login module 10123 and the telnet requests from upper layer network are monitored by telnet default ports 340, when telnet asks to seal
When the destination interface of bag matches with telnet default ports 340, then it is assumed that this telnet requests are intended for CPE101, then,
The telnet requests that module 10123 receives isp server 20 by port 340 are logined, receive its management to CPE101.Instead
It, if port match fails, logins module 10123 and tenet Request Packets is entered according to port forwarding forwarding rules
Row forwarding, until package reaches CPE corresponding to its destination interface.Here, it is assumed that the external IP that CPE101 is communicated with public network
The inside IP in LAN 10 for 10.130.21, CPE102 and CPE103 be respectively 192.168.1.102 and
192.168.1.101.When isp server needs remotely to login a certain CPE in LAN 10, the telnet requests that please be sent are sealed
Bag destination address should be:CPEl01IP+ corresponds to CPE telnet default ports, when telnet Request Packets reach CPE101,
Module 10123 is logined to judge the destination interface of telnet Request Packets, if not with CPE101 telnet default ports
340 is consistent, then right according to port forwarding forwardings rule (package that forwarding destination interface scope is 341-344)
Telnet Request Packets are forwarded, and have a mistake changed according to port assignment and configuration result to destination address among these
Journey, if Figure 10 is to login the sample list that module 10123 changed to telnet Request Packet destination addresses.With ISP
Server 20 want it is long-range login exemplified by CPE106 is managed, because CPE106 telnet default ports are 343, therefore telnet
The initial destination address of Request Packet should be:10.130.21:343, login module 10123 and known by inquiry, this telnet
The destination interface 343 of Request Packet is not equal to itself telnet default port 340, therefore logins module 10123 and it is forwarded,
From the port assignment and configuring condition originally stored, module 10123 is logined it is known that 343 ports correspond to CPE106 and come
From reporting for CPE104, therefore CPE104IP can be converted into the destination address of telnet Request Packets by logining module 10123:343
That is 192.168.1.100:343, telnet Request Packets are forwarded to CPE104.And CPE104 asks to seal to this telnet
The processing of bag to CPE101 be it is similar, it is so progressive, finally, destination address 10.130.21:343 telnet please
Package is asked to reach at CPE106, isp server directly can establish telecommunication with CPE106.
Closedown module 10124 is used to receive the related command from upper layer network, closes remote login service, resets former end
Mouth configuration, discharges corresponding port.Still by taking CPE101 as an example, when CPE101 receives the disable from isp server 20
Telnet send orders, when indicating that the CPE of all category ISP management in LAN 10 closes remote login service, closedown module
10124 close CPE101 remote login service, discharge original port 340, meanwhile, disable telnet send are ordered
Order is transmitted issue CPE102 and CPE104 downwards, it is desirable to which they are also switched off remote login service.CPE102 and CPE104 completes phase
After should operating, it can inform that CPE101 has completed corresponding operating with disable telnet response as response.Close
After module 10124 receives the disable telnet send orders that CPE102 and CPE104 is replied, port is closed
Forwarding, and isp server 20 is replied with disable telnet send orders, inform that it is turned off Telnet clothes
Business, while the configuration of original port has been failed.The CPE for belonging to the management of isp server 20 in other lower floor's networks is receiving disable
Way after telnet send orders is identical with CPE101, only difference is that the CPE in bottom network, without past again
Under send disable telnet send orders, while because it does not open port forwarding, therefore dynamic without closing
Make.
As can be seen here, CPE belongs to the scope of isp server 20 by searching confirmation layer by layer provided in embodiment of the present invention
Interior all CPE quantity, then port is randomly assigned as telnet ports, LAN 10 for root CPE by isp server 20
Each layer CPE for inside belonging to the management of isp server 20 each completes the port assignment to lower floor CPE and configuration again, and unlatching is remotely stepped on
Record service and port forward functions, thus, ISP every time can be by the telnet LANs 10 of port one time of dynamically distributes
The single CPE of each layer network, single long-range line is realized, while dynamic port also makes Telnet safer, is not easy to be attacked
Hit, realize the ISP management more effective, safer to CPE in its service range.
Referring to Fig. 3, it show the functional block diagram of another embodiments of CPE in the present invention.This sentences root CPE
Illustrated exemplified by 101.CPE101 includes search module 10121, configuration module 10122, logins module 10223, closedown module
10124th, database 10125, processor 1011 and storaging medium 1012.Module 10121~10125 is to be stored in storaging medium
Executable program in 1012, function is consistent with described in Fig. 2, and processor 1011 performs these executable programs, to realize
Its respective function.
Referring to Fig. 4, shown is the flow chart of the long-range embodiment of method one for logining user terminal network appliance of the invention.
In the present embodiment, this method is realized by the modules shown in Fig. 2 or Fig. 3.Chatted below by taking CPE101 as an example
State.
In step S400, have verified that successful CPE101 search module 10121 receives ISP and searched after order to the
All CPE in double layer network send that verification command is verified and the confirmation to being proved to be successful belongs to isp server 20 and managed
Second layer CPE send search order, search module 10121 receive belong to isp server 20 management second layer CPE each return
To be searching for CPE101 after all search quantity superpositions received plus after 1 after the search result (including searching quantity etc.) answered
Quantity is sought, this result is responded isp server 20 by search module 10121.
In step S402, isp server 20 is that CPE101 arbitrarily distributes a dynamic port 340 and sends open port
Send orders are to configuration module 10122, it is desirable to all in local area network 10 on this basis to belong to what isp server 20 managed
CPE carries out port assignment and configuration.After configuration module 10122 receives port numbers 340 and the order of above-mentioned distribution, in port 340
On the basis of be lower floor's network in CPE102 and CPE104 distribute port 344 and 341 respectively, then respectively by the port of distribution
Number issue CPE102 and CPE104 together with open port send orders, CPE102 and CPE104 complete corresponding port distribution
With with postponing, configuration module 10122 is responded with open port response, its second layer network is informed and following belongs to ISP
Port assignment and configuring condition (including each CPE acquiescence telnet ports and the port for the CPE that server 20 manages
Forwarding rules).
In step s 404, after configuration module 10122 receives above-mentioned reply, remote login service is opened, with isp server
The port 340 of 20 distribution is used as telnet default ports, while opens port forwarding, and forwarding rule is:Forward purpose
Port range is the package for the telnet default port numbers for belonging to the management of isp server 20 in all lower floor's networks of CPE101,
So far, the distribution of CPE101 completing ports and configuration, isp server 20 is responded with open port response, informs its local
All CPE for belonging to ISP management port assignment and configuring condition in net 10.
In step S406, login module 10123 and monitored by telnet default ports 340 from isp server 20
Telnet is asked, when the destination interface of telnet Request Packets matches with CPE101 telnet default ports 340, then it is assumed that
This telnet requests are intended for CPE101, then, login module 10123 and respond isp server 20 by port 340
Telnet is asked, and telecommunication is established with isp server 20, receives its management to corresponding CPE101.
Referring to Fig. 5, the refinement stream for realizing that CPE searches an embodiment in Fig. 4 in step S400 is shown in the present invention
Cheng Tu.In the present embodiment, this method is realized by the modules shown in Fig. 2.Chatted below by taking CPE101 as an example
State.
In step S500, S502 and S504, search module 10121 is sent out after receiving the authentication requesting of isp server 20
The user name made an appointment can be sent with password as responding by sending, and wait isp server 20 further to order after being proved to be successful, when
When receiving the search order of isp server 20, action is just begun search for confirm that belonging to isp server 20 in LAN 10 manages
CPE total quantitys.
In step S506, search module 10121 judges that CPE101 whether there is lower floor CPE, if so, into step
S508, all CPE in authentication requesting to the second layer network are sent, into step S508;If no, into step S524,
ISP ends search result is directly responded, search result is:Belong to isp server 20 in LAN 10 and manage CPE quantity N=1, i.e.,
Only CPE101 mono-.
In step S510, if search module 10121 has the user name for receiving and making an appointment from the CPE of the second layer network
With password, then illustrate in the second layer network exist belong to ISP management CPE (being herein CPE102 and CPE104).
In step S514, search module 10121 sends to search to CPE102 and CPE104 orders and starts timing, timing
Time T by isp server 20 send search order when it is default, progressively successively decrease in follow-up progressive search, such as the
One layer is T, then the second layer can be T/2, and the rest may be inferred.
In step S516, if search module 10121 has been received by the search result that CPE102 and CPE104 is responded and includes CPE
Quantity is searched, then into step S518, adds 1 after quantity summation is searched to the CPE in all response results received, in this, as
CPE101 searches quantity, and search result is responded into isp server 20, and CPE101 is included when herein plus 1 is to count.
In addition, in step S516, CPE101 can record the search quantity under all second layer CPE, for being not belonging to isp server 20
The CPE of management, then it is 0 that acquiescence, which searches quantity, is as shown in Figure 9 the simple examples list to this, and the present invention is not limited this
System.
If search module 10121 does not receive CPE102 and CPE104 response, lasting monitoring terminates up to timing, also enters
Enter step S518, the search result that cut-off to timing is terminated replys isp server 20 with the search that avoids having no limits.
In step S510, if there is the CPE in the second layer network not send the username and password made an appointment to searching
Seek module 10121 or transmission content can not be identified, then think that this CPE is not belonging to isp server 20 and managed in step S512
CPE, as shown in fig. 1 CPE103, when it is PC or private network's equipment without ISP management, then search mould
The CPE103 search results that block 10121 receives will default to 0.In addition, in step S522, if there is no energy in the second layer network
By the CPE of checking, i.e. search module 10121 had not received the user to make an appointment that CPE is sent in the second layer network
Name and password, then enter step S524, directly responds ISP search results, and search result is:Belong to ISP pipes in LAN 10
The CPE quantity of reason is 1, i.e., only CPE101 mono-.Conversely, then enter step S514.Above layers search result will all be deposited
Enter in database 10125 in case inquiring about.
Application environment as shown in Figure 1, in addition to CPE103 is not belonging to isp server 20 and managed, other CPE receive ISP
Management, according to method as shown in Figure 5, then isp server 20 receives should be 5 from the CPE101 search results responded, this knot
Fruit is progressive, and process is as follows:The CPE105 and CPE106 of the bottom do not have lower floor CPE, so responding respectively thereon
Layer CPE104 search results are 1.CPE104 searches receive two after quantity is added along with 1 obtains 3, as search result
Respond CPE101.Meanwhile the CPE102 that same layer is in CPE104 then responds CPE101 search results as 1, and CPE103 because
Not over checking, 0 has been defaulted as.After CPE101 sums all search quantity received plus 1 i.e. 1+3+0+1=5 is obtained
Search quantity to final, i.e., 5, and isp server 20 is responded with this.
Referring to Fig. 6, shown is that CPE carries out port assignment in step S402 and step S404 in the present invention and configuration one is real
The flow chart of mode is applied, in the present embodiment, this method is realized by the modules shown in Fig. 2.
In step S600, configuration module 10122 persistently monitors the order from isp server 20, is serviced when receiving ISP
When the open port send orders of device 20 and isp server 20 are the dynamic port 340 of its distribution at random, from database
Original search result is inquired about in 10125, if having the CPE for belonging to the management of isp server 20 in lower floor's network, into step
S604, open port send orders are sent to the CPE102 and CPE104 for belonging to the management of isp server 20 in the second layer network
And the port numbers 344 and 341 distributed for them, port assignment is CPE101 points with former search result and isp server 20 herein
Based on the port 340 matched somebody with somebody.Above-mentioned port assignment detailed process is as follows:If the port that isp server 20 distributes to CPE101
For 340, then configuration module 10122 is to belong to CPE102 and the CPE104 distribution of the management of isp server 20 in the second layer network
Port numbers then should be more than 340 port numbers such as port 341, port 342 etc., specific port numbers situation according to each CPE102 and
Search quantity that CPE104 originals report and it is different, and port numbers order is incrementally distributed according to CPE MAC sizes.For example, CPE102
It is 1 that i.e. original, which reports and searches quantity, and it is 3 that CPE104 originals, which report search quantity, and CPE102 MAC Address is more than CPE104, then
Configuration module 10122 is 340+1=341 to the port numbers that CPE104 is distributed, and the port numbers to CPE102 distribution are 340+1+3=
344. it is above-mentioned be CPE101 be in the second layer network CPE102 and CPE104 distribution port and send related command process, for
The second layer is with the CPE in lower network, and its port assignment is identical with this with configuring condition, and port assignment and configuring condition will
Report layer by layer.Above-mentioned allocation result is stored into database 10125 in case inquiry.
In step S606, CPE102 and CPE104 can give a response after open port send are received to this order
(port assignment and configuring condition of replying CPE below the second layer), after configuration module 10122 receives response, opens CPE101's
Remote login service, using isp server 20 for itself distribution port numbers be port 340 as telnet default ports, meanwhile,
Port forward are opened, forwarding rule is:Forwarding destination interface is to belong to isp server 20 in all lower floor's networks of CPE101
The package of the CPE of management telnet default port numbers, namely the package that forwarding destination interface scope is 341-344.So far,
The port assignment and configuration for respectively belonging to the CPE of the management of isp server 20 in CPE101 LANs 10 are completed, configuration module 10122
Isp server 20 is responded with open port response, informs the end of all CPE for belonging to ISP management in its LAN 10
Mouth distribution and configuring condition.
In step S602, if configuration module 10122 finds to have no in CPE101 lower floors network through inquiry belongs to ISP services
Device 20 manage CPE, then directly open remote login service, using isp server 20 for itself distribute port 340 as
Telnet default ports, isp server 20open port response are responded to inform its port assignment and configuring condition.
Referring to Fig. 7, shown is the flow chart for being realized in Fig. 4 in step S404 the embodiments of Telnet CPE mono-.At this
In embodiment, this method is realized by the modules shown in Fig. 2 or Fig. 3.Fig. 7 is carried out by taking CPE101 as an example below
Description.
In step S700, login module 10123 and monitored by telnet default ports 340 from upper layer network
Telnet is asked, after telnet Request Packets are received, into step S702, if the destination interface of telnet Request Packets with
When telnet default ports 340 match, then it is assumed that this telnet requests are intended for CPE101, into step S704.If conversely,
Port match fails, then into step S706.
In step S704, the telnet requests that module 10123 receives isp server 20 by port 340 are logined, with
Isp server 20 establishes telecommunication, receives its management to CPE101.
In step S706, module 10123 is logined according to port forwarding forwarding rules to telnet Request Packets
Forwarded, until package reaches CPE corresponding to its destination interface.
Here, it is assumed that the external IP that CPE101 is communicated with public network is 10.130.21, CPE102 and CPE103 in office
The inside IP of domain net 10 is respectively 192.168.1.102 and 192.168.1.101.Then Fig. 7 specific implementation process is as follows:When
When isp server needs remotely to login a certain CPE in LAN 10, the telnet Request Packet destination addresses sent should be:
CPE101IP+ corresponds to CPE telnet default ports, and when telnet Request Packets reach CPE101, it is right to login module 10123
The destination interface of telnet Request Packets is judged, if not consistent with CPE101 telnet default ports 340, foundation
Port forwarding forwardings rule (package that forwarding destination interface scope is 341-344) is carried out to telnet Request Packets
Forwarding, there is a process changed according to port assignment and configuration result to destination address among these, if Figure 10 is to login
The sample list that module 10123 is changed to telnet Request Packet destination addresses.Wanted with isp server 20 long-range
Login exemplified by CPE106 is managed, because CPE106 telnet default ports are 343, therefore the mesh that telnet Request Packets are initial
Address should be:10.130.21:343, login module 10123 and known by inquiry, the destination of this telnet Request Packet
Mouth 343 is not equal to itself telnet default port 340, therefore logins module 10123 and it is forwarded, from the port originally stored
Distribution and configuring condition, module 10123 is logined it is known that port 343 corresponds to CPE106 and be reporting from CPE104,
Therefore CPE104 IP can be converted into the destination address of telnet Request Packets by logining module 10123:343 are
192.168.1.100:343, then telnet Request Packets be forwarded to CPE104.And CPE104 is to this Request Packet
It is similar to handle to CPE101, so progressive, finally, destination address 10.130.21:343 telnet request envelopes
Bag can be reached at CPE106, and isp server 20 directly can establish telecommunication with CPE106 by port 343.Referring to Fig. 8,
Shown is that Fig. 8 is the flow chart that the embodiment of remote login service one is closed in user terminal network appliance of the present invention.In this implementation
In mode, this method is realized by the modules shown in Fig. 2 or Fig. 3.Fig. 8 is retouched by taking CPE101 as an example below
State.
In step S800, closedown module 10124 persistently monitors the order from isp server 20, when CPE101 is received
To the disable telnet send orders from isp server 20, indicate that the CPE of all category ISP management in LAN 10 is closed
When closing remote login service, into step S802.
In step S802, closedown module 10124 inquires about database 10125, belongs to isp server 20 if having under CPE101
The lower floor CPE of management, then into step S804, CPE101 remote login service is closed, discharges original port 340.Meanwhile
Disable telnet send orders are transmitted downwards and issue CPE102 and CPE104, it is desirable to which they are also switched off Telnet clothes
Business.After CPE102 and CPE104 completes corresponding operating, it can be informed with disable telnet response as response
CPE101 has completed corresponding operating.
In step S806, closedown module 10124 receives the disable telnet send that CPE102 and CPE104 is replied
After order, into step S808, port forwarding are closed, and ISP clothes are replied with disable telnet send orders
Business device 20, inform that it is turned off remote login service, while the configuration of original port has been failed.
In step S802, if not belonging to the lower floor CPE of the management of isp server 20 through inquiring about under CPE101, directly
Into step S810, CPE101 remote login service is closed, discharges original port 340.
It should be noted that the CPE for belonging to the management of isp server 20 in other lower floor's networks is receiving disable
Way after telnet send orders is identical with CPE101, only difference is that the CPE in bottom network, without past again
Under send disable telnet send orders, while because it does not open port forwarding, therefore dynamic without closing
Make.
It should be noted that above-mentioned Fig. 4~Fig. 8 is CPE101 and isp server 20 communication process with root CPE
Exemplified by illustrate, for other in LAN belong to isp server 20 manage CPE, its function is identical with CPE101, levels
Communication process with CPE101 and isp server 20 communication process is also similar between CPE between network, so not doing specifically
It is bright.
As can be seen here, the CPE provided in embodiment of the present invention and remote entry method confirm category by searching layer by layer
All CPE quantity in the range of isp server 20, then by isp server 20 be root CPE be randomly assigned port as
Telnet ports, each layer CPE that the management of isp server 20 is belonged in LAN 10 each complete port point to lower floor CPE again
Match somebody with somebody and configure, open remote login service and port forward functions, thus, ISP can pass through the port of dynamically distributes every time
The single CPE of each layer network in telnet LAN 10, single long-range line is realized, while dynamic port also makes remotely to step on
Record safer, be not easy to be attacked, realize the ISP management more effective, safer to CPE in its service range.
Claims (10)
1. a kind of user terminal network appliance, with the upper layer network in LAN and lower floor's network service, the upper layer network is with
Layer network all includes at least one other user terminal network appliance, and the LAN communicates with isp server, it is characterised in that
The user terminal network appliance includes:
Search module, for being received from the upper layer network after search is ordered to the other users end net in lower floor's network
Network equipment enters line search, the other users end network equipment for confirming to belong to the isp server management in lower floor's network
Quantity, and the quantity is reported to the upper layer network;
Configuration module, for carrying out port configuration after the configuration order of the upper layer network is received and receiving the upper wire
The port that network is distributed, the port configuration include:Remote login service is opened, using the port of upper layer network distribution as institute
The Telnet default port of user terminal network appliance is stated, port and the search module report according to upper layer network distribution
The quantity accused carries out port to the other users end network equipment for belonging to the isp server management in lower floor's network
Distribution, send and belong to the ISP into lower floor's network for the port of other users end network equipment distribution and configuration order
The other users end network equipment of server admin;And
Module is logined, for monitoring the Remote Login request from the upper layer network by the Telnet default port,
When the package destination interface of the Remote Login request matches with the Telnet default port, pass through the Telnet
Default port is established telecommunication with the isp server and is connected.
2. user terminal network appliance as claimed in claim 1, it is characterised in that when the user terminal network appliance is in local
When netting top, the user terminal network appliance communicates with the isp server, receive the isp server search order,
Configuration order and Remote Login request, the isp server are that the port of the user terminal network appliance distribution is to be randomly assigned
Dynamic port.
3. user terminal network appliance as claimed in claim 1, it is characterised in that the user terminal network appliance also includes closing
Module, the closedown module are used to receive the order for closing remote login service from the upper layer network, close the user terminal
The remote login service of equipment, discharge the Telnet default port.
4. user terminal network appliance as claimed in claim 3, it is characterised in that when the user terminal network appliance is not at most
During bottom-layer network, the configuration module is additionally operable to open package forwarding capability, and the closedown module is additionally operable to send and closed remotely
Login service order belongs to the other users end network equipment of the isp server management into lower floor's network, and closes
The package forwarding capability.
5. user terminal network appliance as claimed in claim 1, it is characterised in that the configuration module be additionally operable to receive it is described under
The port assignment and configuration knot that all other users end network equipments for belonging to the isp server management are replied in layer network
Fruit.
6. a kind of method of Telnet, for user terminal network appliance, the user terminal network appliance with it is upper in LAN
Layer network and lower floor's network service, the upper layer network all include at least one other user terminal network appliance with lower floor's network,
The LAN communicates with isp server, it is characterised in that methods described includes:
The other users end network equipment in lower floor's network is searched after receiving search order from the upper layer network
Seek, confirm the quantity of the other users end network equipment for belonging to the isp server management in lower floor's network, and by described in
Quantity is reported to the upper layer network;
Port configuration is carried out after receiving the configuration order of the upper layer network and receives the port that the upper layer network is distributed,
The port configuration includes:Remote login service is opened, end is given tacit consent to as Telnet using the port of upper layer network distribution
Mouth is according to the port of upper layer network distribution and the quantity of search module report to belonging in lower floor's network
The other users end network equipment of the isp server management carries out port assignment, sends as the other users end network equipment point
The port and configuration order matched somebody with somebody belong to the other users end network equipment of the isp server management into lower floor's network;
And
Remote Login request from the upper layer network is monitored by the Telnet default port, when the Telnet
When the package destination interface of request matches with the Telnet default port, by the Telnet default port with it is described
Isp server establishes telecommunication connection.
7. method as claimed in claim 6, it is characterised in that methods described also includes:
When the user terminal network appliance be in LAN it is top when, the user terminal network appliance and the isp server
Communication, receives search order, configuration order and the Remote Login request of the isp server, the isp server is the use
The port of family end network equipment distribution is the dynamic port being randomly assigned.
8. method as claimed in claim 6, it is characterised in that methods described also includes:
The order for closing remote login service is received from the upper layer network;And
The remote login service of the ustomer premises access equipment is closed, discharges the Telnet default port.
9. method as claimed in claim 6, it is characterised in that methods described also includes:
When the user terminal network appliance is not at bottom network, package forwarding capability is opened;
Send and close the other users end that remote login service order belongs to the isp server management into lower floor's network
The network equipment;And
Close the package forwarding capability.
10. method as claimed in claim 6, it is characterised in that methods described also includes:
Receive and belong to the port assignment that the other users end network equipment of the isp server management is replied in lower floor's network
And configuration result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410086309.7A CN104917719B (en) | 2014-03-10 | 2014-03-10 | User terminal network appliance and the method for Telnet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410086309.7A CN104917719B (en) | 2014-03-10 | 2014-03-10 | User terminal network appliance and the method for Telnet |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104917719A CN104917719A (en) | 2015-09-16 |
| CN104917719B true CN104917719B (en) | 2018-03-20 |
Family
ID=54086432
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410086309.7A Active CN104917719B (en) | 2014-03-10 | 2014-03-10 | User terminal network appliance and the method for Telnet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104917719B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108989271B (en) * | 2017-06-05 | 2022-06-10 | 中兴通讯股份有限公司 | Method and device for preventing home gateway port from being attacked |
| CN111314106A (en) * | 2019-12-16 | 2020-06-19 | 上海邸客网络科技有限公司 | Server remote management method under local area network |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1437358A (en) * | 2002-02-07 | 2003-08-20 | 华为技术有限公司 | Relay management method of network equipment based on Telnet protocol |
| CN1441569A (en) * | 2002-02-27 | 2003-09-10 | 华为技术有限公司 | Concentrated network equipment managing method |
| WO2007030970A1 (en) * | 2005-09-12 | 2007-03-22 | Zte Corporation | A system for cluster managing in the ethernet switch layer and the method thereof |
| CN101047698A (en) * | 2006-03-29 | 2007-10-03 | 鸿富锦精密工业(深圳)有限公司 | Remote access protection system and method |
| CN102013998A (en) * | 2010-11-30 | 2011-04-13 | 广东星海数字家庭产业技术研究院有限公司 | Tr-069 protocol-based management method for realizing home network |
| CN102123050A (en) * | 2011-03-09 | 2011-07-13 | 成都勤智数码科技有限公司 | Network terminal management method |
| TW201327206A (en) * | 2011-12-30 | 2013-07-01 | Aten Int Co Ltd | Remote management system, remote management apparatus, and remote management method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170502B (en) * | 2007-11-20 | 2011-10-26 | 中兴通讯股份有限公司 | A method and system for realizing mutual access between stacking members |
-
2014
- 2014-03-10 CN CN201410086309.7A patent/CN104917719B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1437358A (en) * | 2002-02-07 | 2003-08-20 | 华为技术有限公司 | Relay management method of network equipment based on Telnet protocol |
| CN1441569A (en) * | 2002-02-27 | 2003-09-10 | 华为技术有限公司 | Concentrated network equipment managing method |
| WO2007030970A1 (en) * | 2005-09-12 | 2007-03-22 | Zte Corporation | A system for cluster managing in the ethernet switch layer and the method thereof |
| CN101047698A (en) * | 2006-03-29 | 2007-10-03 | 鸿富锦精密工业(深圳)有限公司 | Remote access protection system and method |
| CN102013998A (en) * | 2010-11-30 | 2011-04-13 | 广东星海数字家庭产业技术研究院有限公司 | Tr-069 protocol-based management method for realizing home network |
| CN102123050A (en) * | 2011-03-09 | 2011-07-13 | 成都勤智数码科技有限公司 | Network terminal management method |
| TW201327206A (en) * | 2011-12-30 | 2013-07-01 | Aten Int Co Ltd | Remote management system, remote management apparatus, and remote management method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104917719A (en) | 2015-09-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11528226B2 (en) | Network validation with dynamic tunneling | |
| US8295285B2 (en) | Method and apparatus for communication of data packets between local networks | |
| US9450861B2 (en) | Ethernet-compatible method and system | |
| US20070081530A1 (en) | Packet relay apparatus | |
| CN105376299B (en) | Network communication method, equipment and network attached storage equipment | |
| US20130208592A1 (en) | Traffic-control-based data transmission method and communication system | |
| WO2017211235A1 (en) | Client device management method and system, automatic configuration server, and storage medium | |
| WO2004059925A1 (en) | Communication model, signal, method, and device for confirming reachability in network where host reachability is accomplished by relating static identifier to dynamic address | |
| US20190215308A1 (en) | Selectively securing a premises network | |
| JP2006524974A5 (en) | ||
| US20100312818A1 (en) | Configuration of Routers for DHCP Service Requests | |
| CN102710485B (en) | Transparent proxy method and proxy server | |
| CN110493366A (en) | The method and device of network management is added in a kind of access point | |
| US7701934B2 (en) | System and method for managing devices within a private network via a public network | |
| CN108028835A (en) | automatic configuration server and method | |
| KR101358775B1 (en) | User access method, system, and access server, access device | |
| CN104917719B (en) | User terminal network appliance and the method for Telnet | |
| US20200084633A1 (en) | Method for establishing a secure connection | |
| KR100964860B1 (en) | Device and method for address mapping | |
| JP4292897B2 (en) | Relay device and port forward setting method | |
| KR20120044381A (en) | Method and system for subscriber to log in internet content provider(icp) website in identity/location separation network and login device thereof | |
| CN101138198A (en) | Method for managing bridging connection equipment | |
| TWI491209B (en) | Router and security system using the same | |
| US9398098B2 (en) | Customer premise equipment and method of remote login | |
| CA3167446A1 (en) | Network device identification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20180226 Address after: 201613 Shanghai City, Songjiang District Songjiang Export Processing Zone South Road No. 1925 Applicant after: Ambit Microsystems (Shanghai) Ltd. Address before: 201613 Shanghai City, Songjiang District Songjiang Export Processing Zone South Road No. 1925 Applicant before: Ambit Microsystems (Shanghai) Ltd. Applicant before: HON HAI PRECISION INDUSTRY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181228 Address after: No. 590 Xingwang Road, Bengbu High-tech Zone, Anhui Province Patentee after: BENGBU KEDA ELECTRICAL EQUIPMENT Co.,Ltd. Address before: 201613 Shanghai Songjiang District Songjiang Export Processing Zone South Le road 1925 Patentee before: Ambit Microsystems (Shanghai) Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221202 Address after: Room 413C, 4/F, Building 2, No. 669 Chuansha Road, Pudong New Area, Shanghai 200000 Patentee after: Shanghai Yi Yuan Industrial Automation Technology Co.,Ltd. Address before: No. 590 Xingwang Road, Bengbu High-tech Zone, Anhui Province Patentee before: BENGBU KEDA ELECTRICAL EQUIPMENT Co.,Ltd. |
|
| TR01 | Transfer of patent right |