The content of the invention
In view of this, the present invention provides a kind of user terminal network appliance, makes isp server directly remote by dynamic port
User terminal network appliance in Cheng Denglu LANs, realize isp server to the user terminal network appliance in its service range
More effectively, safer management.
In addition, the present invention also provides a kind of remote entry method, isp server is made directly can remotely to be stepped on by dynamic port
The user terminal network appliance in LAN is recorded, realizes isp server more having to the user terminal network appliance in its service range
Effect, safer management.
The user terminal network appliance that embodiment of the present invention provides, leads to the upper layer network in LAN and lower floor's network
Letter, upper layer network all include at least one other user terminal network appliance with lower floor's network, and LAN communicates with isp server.
The user terminal network appliance includes search module, configuration module, logins module.Search module is used to receive from upper layer network
Enter line search to the other users end network equipment in lower floor's network after searching order, confirm to belong to ISP services in lower floor's network
The quantity of the other users end network equipment of device management, and quantity is reported to upper layer network.Configuration module is used to receive
Port configuration is carried out after the configuration order of upper layer network and receives the port that upper layer network is distributed, port configuration includes:Open
Remote login service, using the port of upper layer network distribution as the Telnet default port of user terminal network appliance, according to upper
The port of layer network distribution and the quantity of search module report are to belonging to the other users end of isp server management in lower floor's network
The network equipment carry out port assignment, send be the other users end network equipment distribution port and configuration order into lower floor's network
Belong to the other users end network equipment of institute's SP server admins.Module is logined, for being monitored by Telnet default port
Remote Login request from upper layer network, when the package destination interface of Remote Login request matches with Telnet default port
When, telecommunication is established with isp server by Telnet default port and is connected.
Preferably, when user terminal network appliance be in LAN it is top when, user terminal network appliance leads to isp server
Letter, receives search order, configuration order and the Remote Login request of isp server, and isp server is that the user terminal network is set
The port that back-up is matched somebody with somebody is the dynamic port being randomly assigned.
Preferably, user terminal network appliance also includes closedown module, and closedown module, which is used to receive from upper layer network, closes far
The order of journey login service, the remote login service of ustomer premises access equipment is closed, discharge Telnet default port.
Preferably, when user terminal network appliance is not at bottom network, configuration module is additionally operable to open package forwarding
Function, closedown module be additionally operable to send close remote login service order belong into lower floor's network isp server management its
His user terminal network appliance, and close package forwarding capability.
Preferably, configuration module is additionally operable to receive the other users end network for belonging to isp server management in lower floor's network
The port assignment and configuration result of device replied.
The method for the Telnet that embodiment of the present invention is provided, applied to user terminal network appliance, user terminal network
Equipment and the upper layer network in LAN and lower floor's network service, upper layer network all include at least one other use with lower floor's network
The family end network equipment, LAN communicate with isp server.It the described method comprises the following steps:Search is received from upper layer network
Enter line search after order to the other users end network equipment in lower floor's network, confirm to belong to isp server pipe in lower floor's network
The quantity of the other users end network equipment of reason, and quantity is reported to upper layer network;Ordered in the configuration for receiving upper layer network
Port configuration is carried out after order and receives the port that upper layer network is distributed, port configuration includes:Open remote login service, the above
The port of layer network distribution is Telnet default port according to the port of upper layer network distribution and the number of search module report
Measure and port assignment is carried out to the other users end network equipment for belonging to isp server management in lower floor's network, send and used for other
The port of family end network equipment distribution and configuration order belong to the other users end of the isp server management into lower floor's network
The network equipment;Remote Login request from upper layer network is monitored by Telnet default port, when Remote Login request
When package destination interface matches with Telnet default port, established by Telnet default port and the isp server
Telecommunication connects.
Preferably, when user terminal network appliance be in LAN it is top when, user terminal network appliance leads to isp server
Letter, receives search order, configuration order and the Remote Login request of isp server, and isp server is user terminal network appliance point
The port matched somebody with somebody is the dynamic port being randomly assigned.
Preferably, methods described is further comprising the steps of:The order for closing remote login service is received from upper layer network, is closed
The remote login service of ustomer premises access equipment is closed, discharges Telnet default port.
Preferably, methods described is further comprising the steps of:When user terminal network appliance is not at bottom network, open
Package forwarding capability, send and close the other users that remote login service order belongs to isp server management into lower floor's network
The network equipment is held, closes package forwarding capability.
Preferably, methods described is further comprising the steps of:Receive other use for belonging to isp server management in lower floor's network
The port assignment and configuration result that the family end network equipment is replied.
User terminal network appliance and remote entry method provided in embodiment of the present invention by searching confirmation layer by layer
All user terminal network appliance quantity belonged in the range of isp server, by it is progressive for user terminal network appliance with
Machine distributes port as telnet ports, makes isp server can be by the user in the direct Telnet LAN of dynamic port
The network equipment is held, realizes single long-range line, while dynamic port also makes Telnet safer, is not easy to be attacked, and realizes
More effective, safer to user terminal network appliance in its service range ISP management.
Embodiment
Fig. 1 is the application environment schematic diagram of an embodiment of the present invention.In the present embodiment, multiple CPE101,102,
103rd, 104,105,106 in LAN 10, and isp server 20 is located at outside LAN 10, is carried for some CPE in LAN
For related service and manage.Numerous CPE in LAN 10 form multitiered network, and CPE101 is that the first layer network is root
CPE, CPE102~104 are located at the second layer network, and CPE105 and CPE106 are then third layer namely bottom network.In LAN
Portion uses private address, is communicated by NAT with public network, and herein, CPE101 also functions as the role of NAT main frames.
LAN 10 forms the application environment of the specific embodiment of the invention, it is necessary to illustrate together with isp server 20,
In embodiments of the present invention, isp server 20 can be more than one or more, and one is only shown for diagram simplicity in Fig. 1,
Not limited to this in practical application.
It should be noted that in an embodiment of the present invention, CPE101,102,103,104,105,106 can be multiple
There is the network equipment such as router, gateway even PC etc. of DHCP functions, nat feature above, the present invention to this not
It is limited.
It should be noted that in an embodiment of the present invention, root CPE serve as the angle of NAT main frames in LAN 10
Color, realize that NAT is changed for the communication package of equipment and public network in LAN 10.Each CPE in LAN 10 can be used as NAT
Port is distributed for lower floor CPE and carries out necessary package address conversion.
It should be noted that the CPE in LAN 10 might not be in ISP service range, when CPE does not take in ISP
When in the range of business, then isp server management is not belonging to.In the following description, for convenience of description, root in this LAN 10 is given tacit consent to
CPE is that CPE101 belongs to isp server management, and in lower floor's network in addition to CPE103, other CPE belong to isp server 20
Management.
It should be noted that the number of plies of the inside multitiered network of LAN 10 can be more than at least one layer, herein to this not
It is restricted.
Need to illustrate when, be top network because CPE101 serves as root CPE in LAN 10, therefore after this paper
In continuous description, for CPE101, its upper layer network is considered as isp server 20.
It should be noted that because CPE101,102,103,104,105,106 are structure function identical devices, thus
Only using one of them as representative in following explanation.
In an embodiment of the present invention, when isp server 20 need to service it is corresponding in LAN 10
When CPE is managed, corresponding operating can be carried out by the corresponding CPE of telnet mode Telnets, thus complete CPE management.
Referring to Fig. 2, it show the functional block diagram of the embodiments of CPE mono- in the present invention.This enters exemplified by sentencing CPEl01
Row explanation.CPE101 include search module 10121, configuration module 10122, login module 10123, closedown module 10124 and
Database 10125.
Search module 10121 is used to receive the checking on upper strata and lower floor is verified, and performs function of searching to confirm
Belong to the CPE of isp server 20 quantity.Exemplified by this sentences CPE101, serviced when search module 10121 receives from ISP
During the authentication requesting of device 20, the user name made an appointment and password to isp server 20 can be sent, continue after being proved to be successful etc.
Treat, when receiving ISP search orders, if itself there is lower floor CPE, authentication requesting sent to all CPE in the second layer network,
The CPE being verified then belongs to isp server 20 and managed.When have in the second layer network belong to isp server 20 management CPE
When (this is sentenced exemplified by CPE102 and CPE103), search module 10121 sends to search to CPE102 and CPE103 and orders and open again
Beginning timing, timing time is presetting when sending order by isp server 20, successively decreases layer by layer in the clocking internal time of LAN 10, such as
First layer network is T, then the second layer network can be T/2, and the rest may be inferred.CPE102 and CPE103 searches CPE by it is replied
Quantity after search module 10121 receives reply, is replied to ISP to search module 10121 and searches the search result of oneself, search
The CPE quantity sought should be:All reply quantity+1 received.For example, in LAN 10, without lower floor's network under CPE102
CPE, therefore it is replied search module 10121 and searches quantity and should be and have CPE105 and CPE106 under 1, CPE104, therefore it is replied and searched
Module 10121 searches quantity and should be 3, for CPE103, is managed because it is not belonging to isp server 20, loses checking in checking
Lose, search module 10121 learns that it is not belonging to ISP management, search order will not be sent to it, therefore CPE103 searches quantity acquiescence
For 0.For above-mentioned search result, search module 10121 will recorded in database 10125 and establish corresponding form and be deposited
Storage, is then the simple record to foregoing description as shown in Figure 9, and the present invention is not limited to physical record form.As described above, most
Eventually, search module 10121 responds the search order of isp server 20, and search result is returned back into isp server 20:Search
Isp server 20 manage CPE quantity be:1+3+1=5.In timing time, own if not receiving in the second layer network
Belong to the CPE of the management of isp server 20 reply, search module 10121 can continue monitoring until timing terminates, then will now
The CPE quantity for belonging to the management of isp server 20 searched replys isp server 20.In addition, if search module 10121 is connected to
Isp server 20 finds to have no lower floor CPE or to finding not over checking after CPE checkings in the second layer network after searching order
CPE, then directly reply ISP search quantity be 1, i.e. only mono- CPE of CPE101 returns its management in ISP service ranges.On
All search results (each layer network CPE searches quantity) are stated to be stored in database 10125 in case inquiring about.
Configuration module 10122 is used to carry out port assignment to lower floor CPE and port is configured.Isp server 20 connects
After the CPE quantity for receiving the reply of search module 10121, a port and this port numbers and open are randomly assigned for CPE101
Port send orders are sent to CPE101, it is desirable to which CPE101 belongs to isp server 20 for the second layer network in LAN 10 again and managed
The CPE of reason carries out port assignment and configured all to have distributed port.After configuration module 10122 receives above-mentioned port and order, according to
According to report search quantity be the second layer network in it is all belong to isp server 20 management CPE distribute ports, port assignment with
Based on port of the isp server 20 for itself distribution.CPE101 orders the port numbers distributed and open port send
Order retransmits into the second layer network all CPE for belonging to the management of isp server 20, it is desirable to which it in third layer network again to belonging to
The CPE that isp server 20 manages carries out port assignment and configuration, so layer by layer deeply, until bottom network.Bottom network
In belong to isp server 20 management CPE receive its last layer CPE distribution port numbers after and open port send orders
Afterwards, directly open remote login service, and be the port that it is distributed as telnet default ports using last layer CPE, configure
Last layer is responded with open port response after, port assignment result and configuring condition are included in order.Last layer CPE
After receiving response, open remote login service, and using last layer CPE again be the port that it is distributed as telnet default ports,
Port fotwarding (package forwarding mechanism) are opened simultaneously, are so reported layer by layer.For CPE101, when it receives the second layer
During the open port response orders that all CPE for belonging to the management of isp server 20 of network are responded, Telnet clothes are opened
Business, using the port that isp server 20 is its distribution as telnet default ports, while port forwarding are opened, forwarding rule
It is then:Forwarding destination interface is that the telnet for the CPE for belonging to the management of isp server 20 in all lower floor's networks of CPE101 gives tacit consent to end
The package of slogan.After the completion of configuration, CPE101 responds isp server 20 with open port response, informs its LAN
Each CPE port allocation result and configuring condition in 10.Above-mentioned port assignment and configuration detailed process are as follows:If isp server 20
It is 340 to the port that CPE 101 is distributed, then configuration module 10122 is that the port number that CPE102 and CPEl03 is distributed should be
341st, 342 etc., specific port numbers situation is different according to the CPE quantity that each CPE originals report, and port numbers order is according to CPE
MAC sizes are incrementally distributed.For example, it is 1 that CPE102 originals, which report quantity, and it is 3 that CPE104 originals, which report quantity, and CPE102 MAC
Address is more than CPE104, then configuration module 10122 is 340+1=341 to the port numbers that CPE104 is distributed, to CPE102 distribution
Port numbers are 340+1+3=344, and the rest may be inferred, and CPE104 is that the port of CPE105 distribution is 342, for the end of CPE106 distribution
Mouth is 343, and above-mentioned corresponding ports are set to respective telnet default ports by each CPE again.In this way, CPE101 port
Forwarding forwarding rule be:The package that destination interface scope is 341-344 is forwarded, other each layer CPE are by that analogy.It is above-mentioned
Port assignment and configuration result include CPE and corresponding telnet default port numbers and corresponding port forwarding ports model
Enclose also while be stored in database 10125 in case inquiring about.
Module 10123 is logined to be used to realize Telnet of the isp server 20 to corresponding CPE.Still by taking CPE101 as an example,
Login module 10123 and the telnet requests from upper layer network are monitored by telnet default ports 340, when telnet asks to seal
When the destination interface of bag matches with telnet default ports 340, then it is assumed that this telnet requests are intended for CPE101, then,
The telnet requests that module 10123 receives isp server 20 by port 340 are logined, receive its management to CPE101.Instead
It, if port match fails, logins module 10123 and tenet Request Packets is entered according to port forwarding forwarding rules
Row forwarding, until package reaches CPE corresponding to its destination interface.Here, it is assumed that the external IP that CPE101 is communicated with public network
The inside IP in LAN 10 for 10.130.21, CPE102 and CPE103 be respectively 192.168.1.102 and
192.168.1.101.When isp server needs remotely to login a certain CPE in LAN 10, the telnet requests that please be sent are sealed
Bag destination address should be:CPEl01IP+ corresponds to CPE telnet default ports, when telnet Request Packets reach CPE101,
Module 10123 is logined to judge the destination interface of telnet Request Packets, if not with CPE101 telnet default ports
340 is consistent, then right according to port forwarding forwardings rule (package that forwarding destination interface scope is 341-344)
Telnet Request Packets are forwarded, and have a mistake changed according to port assignment and configuration result to destination address among these
Journey, if Figure 10 is to login the sample list that module 10123 changed to telnet Request Packet destination addresses.With ISP
Server 20 want it is long-range login exemplified by CPE106 is managed, because CPE106 telnet default ports are 343, therefore telnet
The initial destination address of Request Packet should be:10.130.21:343, login module 10123 and known by inquiry, this telnet
The destination interface 343 of Request Packet is not equal to itself telnet default port 340, therefore logins module 10123 and it is forwarded,
From the port assignment and configuring condition originally stored, module 10123 is logined it is known that 343 ports correspond to CPE106 and come
From reporting for CPE104, therefore CPE104IP can be converted into the destination address of telnet Request Packets by logining module 10123:343
That is 192.168.1.100:343, telnet Request Packets are forwarded to CPE104.And CPE104 asks to seal to this telnet
The processing of bag to CPE101 be it is similar, it is so progressive, finally, destination address 10.130.21:343 telnet please
Package is asked to reach at CPE106, isp server directly can establish telecommunication with CPE106.
Closedown module 10124 is used to receive the related command from upper layer network, closes remote login service, resets former end
Mouth configuration, discharges corresponding port.Still by taking CPE101 as an example, when CPE101 receives the disable from isp server 20
Telnet send orders, when indicating that the CPE of all category ISP management in LAN 10 closes remote login service, closedown module
10124 close CPE101 remote login service, discharge original port 340, meanwhile, disable telnet send are ordered
Order is transmitted issue CPE102 and CPE104 downwards, it is desirable to which they are also switched off remote login service.CPE102 and CPE104 completes phase
After should operating, it can inform that CPE101 has completed corresponding operating with disable telnet response as response.Close
After module 10124 receives the disable telnet send orders that CPE102 and CPE104 is replied, port is closed
Forwarding, and isp server 20 is replied with disable telnet send orders, inform that it is turned off Telnet clothes
Business, while the configuration of original port has been failed.The CPE for belonging to the management of isp server 20 in other lower floor's networks is receiving disable
Way after telnet send orders is identical with CPE101, only difference is that the CPE in bottom network, without past again
Under send disable telnet send orders, while because it does not open port forwarding, therefore dynamic without closing
Make.
As can be seen here, CPE belongs to the scope of isp server 20 by searching confirmation layer by layer provided in embodiment of the present invention
Interior all CPE quantity, then port is randomly assigned as telnet ports, LAN 10 for root CPE by isp server 20
Each layer CPE for inside belonging to the management of isp server 20 each completes the port assignment to lower floor CPE and configuration again, and unlatching is remotely stepped on
Record service and port forward functions, thus, ISP every time can be by the telnet LANs 10 of port one time of dynamically distributes
The single CPE of each layer network, single long-range line is realized, while dynamic port also makes Telnet safer, is not easy to be attacked
Hit, realize the ISP management more effective, safer to CPE in its service range.
Referring to Fig. 3, it show the functional block diagram of another embodiments of CPE in the present invention.This sentences root CPE
Illustrated exemplified by 101.CPE101 includes search module 10121, configuration module 10122, logins module 10223, closedown module
10124th, database 10125, processor 1011 and storaging medium 1012.Module 10121~10125 is to be stored in storaging medium
Executable program in 1012, function is consistent with described in Fig. 2, and processor 1011 performs these executable programs, to realize
Its respective function.
Referring to Fig. 4, shown is the flow chart of the long-range embodiment of method one for logining user terminal network appliance of the invention.
In the present embodiment, this method is realized by the modules shown in Fig. 2 or Fig. 3.Chatted below by taking CPE101 as an example
State.
In step S400, have verified that successful CPE101 search module 10121 receives ISP and searched after order to the
All CPE in double layer network send that verification command is verified and the confirmation to being proved to be successful belongs to isp server 20 and managed
Second layer CPE send search order, search module 10121 receive belong to isp server 20 management second layer CPE each return
To be searching for CPE101 after all search quantity superpositions received plus after 1 after the search result (including searching quantity etc.) answered
Quantity is sought, this result is responded isp server 20 by search module 10121.
In step S402, isp server 20 is that CPE101 arbitrarily distributes a dynamic port 340 and sends open port
Send orders are to configuration module 10122, it is desirable to all in local area network 10 on this basis to belong to what isp server 20 managed
CPE carries out port assignment and configuration.After configuration module 10122 receives port numbers 340 and the order of above-mentioned distribution, in port 340
On the basis of be lower floor's network in CPE102 and CPE104 distribute port 344 and 341 respectively, then respectively by the port of distribution
Number issue CPE102 and CPE104 together with open port send orders, CPE102 and CPE104 complete corresponding port distribution
With with postponing, configuration module 10122 is responded with open port response, its second layer network is informed and following belongs to ISP
Port assignment and configuring condition (including each CPE acquiescence telnet ports and the port for the CPE that server 20 manages
Forwarding rules).
In step s 404, after configuration module 10122 receives above-mentioned reply, remote login service is opened, with isp server
The port 340 of 20 distribution is used as telnet default ports, while opens port forwarding, and forwarding rule is:Forward purpose
Port range is the package for the telnet default port numbers for belonging to the management of isp server 20 in all lower floor's networks of CPE101,
So far, the distribution of CPE101 completing ports and configuration, isp server 20 is responded with open port response, informs its local
All CPE for belonging to ISP management port assignment and configuring condition in net 10.
In step S406, login module 10123 and monitored by telnet default ports 340 from isp server 20
Telnet is asked, when the destination interface of telnet Request Packets matches with CPE101 telnet default ports 340, then it is assumed that
This telnet requests are intended for CPE101, then, login module 10123 and respond isp server 20 by port 340
Telnet is asked, and telecommunication is established with isp server 20, receives its management to corresponding CPE101.
Referring to Fig. 5, the refinement stream for realizing that CPE searches an embodiment in Fig. 4 in step S400 is shown in the present invention
Cheng Tu.In the present embodiment, this method is realized by the modules shown in Fig. 2.Chatted below by taking CPE101 as an example
State.
In step S500, S502 and S504, search module 10121 is sent out after receiving the authentication requesting of isp server 20
The user name made an appointment can be sent with password as responding by sending, and wait isp server 20 further to order after being proved to be successful, when
When receiving the search order of isp server 20, action is just begun search for confirm that belonging to isp server 20 in LAN 10 manages
CPE total quantitys.
In step S506, search module 10121 judges that CPE101 whether there is lower floor CPE, if so, into step
S508, all CPE in authentication requesting to the second layer network are sent, into step S508;If no, into step S524,
ISP ends search result is directly responded, search result is:Belong to isp server 20 in LAN 10 and manage CPE quantity N=1, i.e.,
Only CPE101 mono-.
In step S510, if search module 10121 has the user name for receiving and making an appointment from the CPE of the second layer network
With password, then illustrate in the second layer network exist belong to ISP management CPE (being herein CPE102 and CPE104).
In step S514, search module 10121 sends to search to CPE102 and CPE104 orders and starts timing, timing
Time T by isp server 20 send search order when it is default, progressively successively decrease in follow-up progressive search, such as the
One layer is T, then the second layer can be T/2, and the rest may be inferred.
In step S516, if search module 10121 has been received by the search result that CPE102 and CPE104 is responded and includes CPE
Quantity is searched, then into step S518, adds 1 after quantity summation is searched to the CPE in all response results received, in this, as
CPE101 searches quantity, and search result is responded into isp server 20, and CPE101 is included when herein plus 1 is to count.
In addition, in step S516, CPE101 can record the search quantity under all second layer CPE, for being not belonging to isp server 20
The CPE of management, then it is 0 that acquiescence, which searches quantity, is as shown in Figure 9 the simple examples list to this, and the present invention is not limited this
System.
If search module 10121 does not receive CPE102 and CPE104 response, lasting monitoring terminates up to timing, also enters
Enter step S518, the search result that cut-off to timing is terminated replys isp server 20 with the search that avoids having no limits.
In step S510, if there is the CPE in the second layer network not send the username and password made an appointment to searching
Seek module 10121 or transmission content can not be identified, then think that this CPE is not belonging to isp server 20 and managed in step S512
CPE, as shown in fig. 1 CPE103, when it is PC or private network's equipment without ISP management, then search mould
The CPE103 search results that block 10121 receives will default to 0.In addition, in step S522, if there is no energy in the second layer network
By the CPE of checking, i.e. search module 10121 had not received the user to make an appointment that CPE is sent in the second layer network
Name and password, then enter step S524, directly responds ISP search results, and search result is:Belong to ISP pipes in LAN 10
The CPE quantity of reason is 1, i.e., only CPE101 mono-.Conversely, then enter step S514.Above layers search result will all be deposited
Enter in database 10125 in case inquiring about.
Application environment as shown in Figure 1, in addition to CPE103 is not belonging to isp server 20 and managed, other CPE receive ISP
Management, according to method as shown in Figure 5, then isp server 20 receives should be 5 from the CPE101 search results responded, this knot
Fruit is progressive, and process is as follows:The CPE105 and CPE106 of the bottom do not have lower floor CPE, so responding respectively thereon
Layer CPE104 search results are 1.CPE104 searches receive two after quantity is added along with 1 obtains 3, as search result
Respond CPE101.Meanwhile the CPE102 that same layer is in CPE104 then responds CPE101 search results as 1, and CPE103 because
Not over checking, 0 has been defaulted as.After CPE101 sums all search quantity received plus 1 i.e. 1+3+0+1=5 is obtained
Search quantity to final, i.e., 5, and isp server 20 is responded with this.
Referring to Fig. 6, shown is that CPE carries out port assignment in step S402 and step S404 in the present invention and configuration one is real
The flow chart of mode is applied, in the present embodiment, this method is realized by the modules shown in Fig. 2.
In step S600, configuration module 10122 persistently monitors the order from isp server 20, is serviced when receiving ISP
When the open port send orders of device 20 and isp server 20 are the dynamic port 340 of its distribution at random, from database
Original search result is inquired about in 10125, if having the CPE for belonging to the management of isp server 20 in lower floor's network, into step
S604, open port send orders are sent to the CPE102 and CPE104 for belonging to the management of isp server 20 in the second layer network
And the port numbers 344 and 341 distributed for them, port assignment is CPE101 points with former search result and isp server 20 herein
Based on the port 340 matched somebody with somebody.Above-mentioned port assignment detailed process is as follows:If the port that isp server 20 distributes to CPE101
For 340, then configuration module 10122 is to belong to CPE102 and the CPE104 distribution of the management of isp server 20 in the second layer network
Port numbers then should be more than 340 port numbers such as port 341, port 342 etc., specific port numbers situation according to each CPE102 and
Search quantity that CPE104 originals report and it is different, and port numbers order is incrementally distributed according to CPE MAC sizes.For example, CPE102
It is 1 that i.e. original, which reports and searches quantity, and it is 3 that CPE104 originals, which report search quantity, and CPE102 MAC Address is more than CPE104, then
Configuration module 10122 is 340+1=341 to the port numbers that CPE104 is distributed, and the port numbers to CPE102 distribution are 340+1+3=
344. it is above-mentioned be CPE101 be in the second layer network CPE102 and CPE104 distribution port and send related command process, for
The second layer is with the CPE in lower network, and its port assignment is identical with this with configuring condition, and port assignment and configuring condition will
Report layer by layer.Above-mentioned allocation result is stored into database 10125 in case inquiry.
In step S606, CPE102 and CPE104 can give a response after open port send are received to this order
(port assignment and configuring condition of replying CPE below the second layer), after configuration module 10122 receives response, opens CPE101's
Remote login service, using isp server 20 for itself distribution port numbers be port 340 as telnet default ports, meanwhile,
Port forward are opened, forwarding rule is:Forwarding destination interface is to belong to isp server 20 in all lower floor's networks of CPE101
The package of the CPE of management telnet default port numbers, namely the package that forwarding destination interface scope is 341-344.So far,
The port assignment and configuration for respectively belonging to the CPE of the management of isp server 20 in CPE101 LANs 10 are completed, configuration module 10122
Isp server 20 is responded with open port response, informs the end of all CPE for belonging to ISP management in its LAN 10
Mouth distribution and configuring condition.
In step S602, if configuration module 10122 finds to have no in CPE101 lower floors network through inquiry belongs to ISP services
Device 20 manage CPE, then directly open remote login service, using isp server 20 for itself distribute port 340 as
Telnet default ports, isp server 20open port response are responded to inform its port assignment and configuring condition.
Referring to Fig. 7, shown is the flow chart for being realized in Fig. 4 in step S404 the embodiments of Telnet CPE mono-.At this
In embodiment, this method is realized by the modules shown in Fig. 2 or Fig. 3.Fig. 7 is carried out by taking CPE101 as an example below
Description.
In step S700, login module 10123 and monitored by telnet default ports 340 from upper layer network
Telnet is asked, after telnet Request Packets are received, into step S702, if the destination interface of telnet Request Packets with
When telnet default ports 340 match, then it is assumed that this telnet requests are intended for CPE101, into step S704.If conversely,
Port match fails, then into step S706.
In step S704, the telnet requests that module 10123 receives isp server 20 by port 340 are logined, with
Isp server 20 establishes telecommunication, receives its management to CPE101.
In step S706, module 10123 is logined according to port forwarding forwarding rules to telnet Request Packets
Forwarded, until package reaches CPE corresponding to its destination interface.
Here, it is assumed that the external IP that CPE101 is communicated with public network is 10.130.21, CPE102 and CPE103 in office
The inside IP of domain net 10 is respectively 192.168.1.102 and 192.168.1.101.Then Fig. 7 specific implementation process is as follows:When
When isp server needs remotely to login a certain CPE in LAN 10, the telnet Request Packet destination addresses sent should be:
CPE101IP+ corresponds to CPE telnet default ports, and when telnet Request Packets reach CPE101, it is right to login module 10123
The destination interface of telnet Request Packets is judged, if not consistent with CPE101 telnet default ports 340, foundation
Port forwarding forwardings rule (package that forwarding destination interface scope is 341-344) is carried out to telnet Request Packets
Forwarding, there is a process changed according to port assignment and configuration result to destination address among these, if Figure 10 is to login
The sample list that module 10123 is changed to telnet Request Packet destination addresses.Wanted with isp server 20 long-range
Login exemplified by CPE106 is managed, because CPE106 telnet default ports are 343, therefore the mesh that telnet Request Packets are initial
Address should be:10.130.21:343, login module 10123 and known by inquiry, the destination of this telnet Request Packet
Mouth 343 is not equal to itself telnet default port 340, therefore logins module 10123 and it is forwarded, from the port originally stored
Distribution and configuring condition, module 10123 is logined it is known that port 343 corresponds to CPE106 and be reporting from CPE104,
Therefore CPE104 IP can be converted into the destination address of telnet Request Packets by logining module 10123:343 are
192.168.1.100:343, then telnet Request Packets be forwarded to CPE104.And CPE104 is to this Request Packet
It is similar to handle to CPE101, so progressive, finally, destination address 10.130.21:343 telnet request envelopes
Bag can be reached at CPE106, and isp server 20 directly can establish telecommunication with CPE106 by port 343.Referring to Fig. 8,
Shown is that Fig. 8 is the flow chart that the embodiment of remote login service one is closed in user terminal network appliance of the present invention.In this implementation
In mode, this method is realized by the modules shown in Fig. 2 or Fig. 3.Fig. 8 is retouched by taking CPE101 as an example below
State.
In step S800, closedown module 10124 persistently monitors the order from isp server 20, when CPE101 is received
To the disable telnet send orders from isp server 20, indicate that the CPE of all category ISP management in LAN 10 is closed
When closing remote login service, into step S802.
In step S802, closedown module 10124 inquires about database 10125, belongs to isp server 20 if having under CPE101
The lower floor CPE of management, then into step S804, CPE101 remote login service is closed, discharges original port 340.Meanwhile
Disable telnet send orders are transmitted downwards and issue CPE102 and CPE104, it is desirable to which they are also switched off Telnet clothes
Business.After CPE102 and CPE104 completes corresponding operating, it can be informed with disable telnet response as response
CPE101 has completed corresponding operating.
In step S806, closedown module 10124 receives the disable telnet send that CPE102 and CPE104 is replied
After order, into step S808, port forwarding are closed, and ISP clothes are replied with disable telnet send orders
Business device 20, inform that it is turned off remote login service, while the configuration of original port has been failed.
In step S802, if not belonging to the lower floor CPE of the management of isp server 20 through inquiring about under CPE101, directly
Into step S810, CPE101 remote login service is closed, discharges original port 340.
It should be noted that the CPE for belonging to the management of isp server 20 in other lower floor's networks is receiving disable
Way after telnet send orders is identical with CPE101, only difference is that the CPE in bottom network, without past again
Under send disable telnet send orders, while because it does not open port forwarding, therefore dynamic without closing
Make.
It should be noted that above-mentioned Fig. 4~Fig. 8 is CPE101 and isp server 20 communication process with root CPE
Exemplified by illustrate, for other in LAN belong to isp server 20 manage CPE, its function is identical with CPE101, levels
Communication process with CPE101 and isp server 20 communication process is also similar between CPE between network, so not doing specifically
It is bright.
As can be seen here, the CPE provided in embodiment of the present invention and remote entry method confirm category by searching layer by layer
All CPE quantity in the range of isp server 20, then by isp server 20 be root CPE be randomly assigned port as
Telnet ports, each layer CPE that the management of isp server 20 is belonged in LAN 10 each complete port point to lower floor CPE again
Match somebody with somebody and configure, open remote login service and port forward functions, thus, ISP can pass through the port of dynamically distributes every time
The single CPE of each layer network in telnet LAN 10, single long-range line is realized, while dynamic port also makes remotely to step on
Record safer, be not easy to be attacked, realize the ISP management more effective, safer to CPE in its service range.