CN105591987B - A kind for the treatment of method and apparatus of protocol massages - Google Patents

A kind for the treatment of method and apparatus of protocol massages Download PDF

Info

Publication number
CN105591987B
CN105591987B CN201510540830.8A CN201510540830A CN105591987B CN 105591987 B CN105591987 B CN 105591987B CN 201510540830 A CN201510540830 A CN 201510540830A CN 105591987 B CN105591987 B CN 105591987B
Authority
CN
China
Prior art keywords
interface
protocol
protocol massages
access
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510540830.8A
Other languages
Chinese (zh)
Other versions
CN105591987A (en
Inventor
徐勇刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201510540830.8A priority Critical patent/CN105591987B/en
Publication of CN105591987A publication Critical patent/CN105591987A/en
Application granted granted Critical
Publication of CN105591987B publication Critical patent/CN105591987B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides a kind for the treatment of method and apparatus of protocol massages, this method comprises: interface board is when itself is the interface board interacted with server, if receiving the protocol massages from the server, the address information of the Authentication Client carried in the protocol massages is obtained;The interface board fib table local according to address information inquiry, obtains the access interface of the Authentication Client access on the access device;When the access interface is the interface on the interface board, then the protocol massages are handled;When the access interface is the interface on the access device on other interface boards, then the identification information of the access interface is added in the protocol massages, and is sent to other interface boards and is handled.According to the technical solution of the present invention, the cpu resource of interface board on access device can be made full use of, the cpu resource consumption of master control borad on access device is reduced.

Description

A kind for the treatment of method and apparatus of protocol massages
Technical field
The present invention relates to the communications field more particularly to a kind for the treatment of method and apparatus of protocol massages.
Background technique
As shown in Figure 1, for the networking schematic diagram of Portal (portal) certification.Access device in Fig. 1 mainly has following three The effect of aspect:
First, before authenticating Authentication Client, it is responsible for for the HTTP request of Authentication Client being redirected to Portal server;
Second, it is carried out in verification process to Authentication Client, is responsible for carrying out with Portal server and certificate server Interaction, completes the functions such as the authentication, authorization, charging of Authentication Client;
Third allows Authentication Client to access authorized internet after carrying out certification to Authentication Client and passing through Resource.
Currently, access device is with Portal server and certificate server when interacting, by the master of access device Control monitoring and processing that plate carries out message, that is, either interface board direct-connected with Portal server on access device, or with The direct-connected interface board of certificate server, after receiving related protocol message, on give master control borad and handled, this results in leading The cpu resource consumption for controlling plate is larger, so that the access performance of Authentication Client is poor.
Summary of the invention
The present invention provides a kind of processing method of protocol massages, the described method comprises the following steps:
The interface board of access device is when itself is the interface board interacted with server, if received from the service The protocol massages of device then obtain the address information of the Authentication Client carried in the protocol massages;
The interface board forwarding information storehouse fib table local according to address information inquiry, obtains the access device The access interface of the upper Authentication Client access;
When the access interface is the interface on the interface board, then the protocol massages are handled;
When the access interface is the interface on the access device on other interface boards, then by the access interface Identification information is added in the protocol massages, and is sent to other interface boards and is handled.
The present invention provides a kind of processing unit of protocol massages, applied on the interface board of access device, and the processing Device specifically includes:
Module is obtained, for when the interface board is the interface board interacted with server, if received from the clothes The protocol massages of business device, then obtain the address information of the Authentication Client carried in the protocol massages;
Determining module is obtained for inquiring the forwarding information storehouse fib table of the interface board local according to the address information The access interface of the Authentication Client access on the access device;
Processing module, for when the access interface is the interface on the interface board, then to the protocol massages into Row processing;When the access interface is the interface on other interface boards, then the identification information of the access interface is added to In the protocol massages, and it is sent to other interface boards and is handled.
Based on the above-mentioned technical proposal, it in the embodiment of the present invention, is connect by the access that Authentication Client accesses on access device Interface board where mouthful is directly handled the protocol massages from server, does not need for all protocol massages to be sent to Master control borad is handled, and the cpu resource of interface board can be made full use of, and is reduced the cpu resource consumption of master control borad, is improved access and set Standby whole process performance.Moreover, because protocol massages of the Authentication Client in verification process are handled on relevant interface plate, The access performance of Authentication Client can be increased substantially.
Detailed description of the invention
Fig. 1 is the networking schematic diagram of Portal certification;
Fig. 2 is one of the flow chart of processing method of protocol massages in one embodiment of the present invention;
Fig. 3 is two of the flow chart of the processing method of protocol massages in one embodiment of the present invention;
Fig. 4 is the hardware structure diagram of access device in one embodiment of the present invention;
Fig. 5 is the structure chart of the processing unit of protocol massages in one embodiment of the present invention.
Specific embodiment
Aiming at the problems existing in the prior art, a kind of processing method of protocol massages is proposed in the embodiment of the present invention, it should Method can be applied to include on the access device of master control borad and interface board.Show by the application scenarios of the embodiment of the present invention of Fig. 1 It is intended to, in Portal certification network, each Authentication Client is connect with access device, and access device is serviced with Portal respectively Device, certificate server connection.Under above-mentioned application scenarios, as shown in Fig. 2, the processing method of the protocol massages, specifically can wrap Include following steps:
Step 201, the interface board of access device comes from when itself is the interface board interacted with server if received The protocol massages of server then obtain the address information of the Authentication Client carried in protocol massages.
Wherein, interface board after enabled portal protocol, supervise by all messages that can be received to this interface board It listens, to receive the protocol massages from server.
Wherein, the address information of Authentication Client is specifically including but not limited to the IP address of Authentication Client.
Step 202, according to the local FIB of address information inquiry, (Forward Information Base turns interface board Photos and sending messages library) table, obtain the access interface that the Authentication Client accesses on access device.
Wherein, when the access interface is the interface on this interface board, 203 are thened follow the steps;When the access interface is to connect When entering the interface in equipment on other interface boards, 204 are thened follow the steps.
In the embodiment of the present invention, access device can issue identical fib table on each interface board, record in the fib table Corresponding relationship in the address information and access device of Authentication Client between the access interface of Authentication Client access.Base In this fib table, interface board can inquire local by the address information after the address information for obtaining Authentication Client Fib table, obtains the corresponding access interface of the address information, the corresponding access interface of the address information be exactly on access device this recognize Demonstrate,prove the access interface of client access.
Step 203, interface board handles the protocol massages.
Step 204, the identification information of access interface is added in protocol massages by interface board, will be added to the access interface Identification information protocol massages be sent to the access interface where other interface boards handled.
Other interface boards directly utilize the agreement report being currently received when receiving the protocol massages from the interface board The identification information of the access interface carried in text handles the protocol massages being currently received.
In the embodiment of the present invention, after the interface board access interface that the Authentication Client accesses on obtaining access device, When the access interface is global interface, then the identification information of the access interface is added in protocol massages by interface board, and will The protocol massages for being added to the identification information of the access interface are sent to the master control borad of access device, by master control borad according to receiving The identification information of the access interface carried in protocol massages handles the protocol massages received.Wherein, master control borad is receiving After protocol massages, can directly from the access interface for obtaining the Authentication Client on access device in protocol massages and accessing, and When the access interface for obtaining Authentication Client access on access device is global interface, directly the protocol massages received are carried out Processing.
In the embodiment of the present invention, interface board is come from when itself is not the interface board interacted with server if received The protocol massages of other interface boards on access device, then this interface board is according to the access carried in the protocol massages being currently received The identification information of interface handles the protocol massages being currently received.Wherein, interface board is being received from other interfaces After the protocol massages of plate, can directly from the access interface for obtaining the Authentication Client on access device in protocol massages and accessing, And when the access interface of Authentication Client access on obtaining access device is the interface on this interface board, directly to receiving Protocol massages are handled.
In the embodiment of the present invention, signified server is Portal server or certificate server in step 201.Work as clothes When business device is Portal server, protocol massages can include but is not limited to user port information request message, CHAP (Challenge Handshake Authentication Protocol inquires Challenge-Handshake Authentication Protocol) request message or base In the authentication request packet of portal protocol.When server is certificate server, protocol massages can include but is not limited to base In RADIUS (Remote Authentication Dial In User Service, remote customer dialing authentication service) agreement Certification success message or authentification failure message.
In the embodiment of the present invention, (i.e. step 203) can specifically include the process that interface board handles protocol massages But it is not limited to such as under type:
When protocol massages are user port information request message, then interface board is obtained using address information (such as IP address) Authentication Client user information (access interface of such as Authentication Client, VLAN (Virtual Local Area Network, Virtual LAN) etc. information), and utilize the user information structuring user's port information response message, and by the user terminal message Breath response message is sent to Portal server.
When protocol massages are CHAP request message, then interface board generates challenge attribute information (such as random number), and CHAP response message is constructed using the challenge attribute information, and the CHAP response message is sent to Portal server.
When protocol massages are the authentication request packet based on portal protocol, then interface board, which utilizes, is based on portal protocol Authentication request packet generate the authentication request packet based on radius protocol, and by the certification request report based on radius protocol Text is sent to certificate server.Herein, when interface board was not only direct-connected with Portal server, but it is direct-connected with certificate server when, The authentication request packet of radius protocol is directly sent to authentication service by the interface direct-connected with certificate server by interface board Device;When interface board is not direct-connected with certificate server, interface board is assisted RADIUS by the interface board direct-connected with certificate server Certificate server is given in the authentication request packet of view.
When protocol massages are certification success message or authentification failure message based on radius protocol, then interface board is sharp It is successfully reported with the certification of successfully message or the generation of authentification failure message based on portal protocol that authenticates based on radius protocol The successful message of certification based on portal protocol or authentification failure message are simultaneously sent to by literary perhaps authentification failure message Portal server.
Wherein, other interface boards are using the identification information of the access interface carried in the protocol massages being currently received to working as Before the process that is handled of the protocol massages that receive, it is similar with the process that above-mentioned interface board handles protocol massages, This is repeated no more.
In addition, interface board is not when itself is the interface board interacted with server, interface board is according to the association being currently received The process and master control that the identification information of the access interface carried in view message handles the protocol massages being currently received The process that plate is handled the protocol massages received according to the identification information of the access interface carried in the protocol massages received, It is similar with the process that above-mentioned interface board handles protocol massages, it only after processing is completed, can will treated agreement Message (such as user port information response message) is sent to the interface board interacted with server, by the interface interacted with server By treated, protocol massages are sent to server to plate, and details are not described herein for detailed process.
Based on the above-mentioned technical proposal, it in the embodiment of the present invention, is connect by the access that Authentication Client accesses on access device Interface board where mouthful is directly handled the protocol massages from server, does not need for all protocol massages to be sent to Master control borad is handled, and the cpu resource of interface board can be made full use of, and is reduced the cpu resource consumption of master control borad, is improved access and set Standby whole process performance.Moreover, because protocol massages of the Authentication Client in verification process are handled on relevant interface plate, The access performance of Authentication Client can be increased substantially.
Below in conjunction with specific process flow, the above-mentioned technical proposal of the embodiment of the present invention is described in detail.Such as Fig. 3 Shown, the processing method of the protocol massages can specifically include following steps:
Step 301, Authentication Client 1 sends authentication information (such as username and password) to Portal server.
Wherein, unverified Authentication Client 1 is inputted in the address field of Web browser when accessing network by user Arbitrary internet address, this HTTP request can be redirected to Portal server by access device when by access device Web authentication homepage on.User submits after input authentication information in the dialog box of web authentication homepage, authentication authorization and accounting client 1 to Portal server sends authentication information.
Step 302, Portal server sends user port information request message to access device.
Step 303, access device obtains certification client using the IP address carried in the user port information request message The user information at end 1, and add in user port information response message the user information of the Authentication Client 1, and by the use Family port information response message is sent to Portal server.
Assuming that the interface board 1 of access device is the interface board interacted with Portal server, then interface board 1, which receives, comes from The user port information request message of Portal server, and obtain the certification visitor carried in the user port information request message The IP address at family end 1, and the fib table issued on this interface board 1 is inquired using the IP address of Authentication Client 1, obtain the certification The corresponding access interface of the IP address of client 1.
If the access interface is located on interface board 1, interface board 1 in the user port information request message using carrying IP address, obtain the user information of Authentication Client 1, and add the Authentication Client in user port information response message 1 user information, and the user port information response message is sent to Portal server.
If the access interface is located on interface board 2, interface board 1 adds this in user port information request message and connects It is sent to interface board 2 after the identification information of incoming interface, is utilized in the user port information request message received and is carried by interface board 2 IP address, obtain the user information of Authentication Client 1, and add the Authentication Client in user port information response message 1 user information, and the user port information response message is sent to interface board 1, by interface board 1 by the user port information Response message is transmitted to Portal server.
Wherein, the user information of Authentication Client 1 can be the access interface and VLAN of Authentication Client 1.
Step 304, Portal server sends CHAP request message to access device.
Step 305, access device generates challenge attribute information (such as random number), is believed using the challenge attribute Breath construction CHAP response message (i.e. in CHAP response message add challenge attribute information), and by CHAP response message It is sent to Portal server.
Assuming that the interface board 1 of access device is the interface board interacted with Portal server, then interface board 1, which receives, comes from After the CHAP request message of Portal server, the IP address of the Authentication Client 1 carried in the CHAP request message is obtained, and The fib table issued on this interface board 1 is inquired using the IP address of Authentication Client 1, obtains the IP address pair of the Authentication Client 1 The access interface answered.
If the access interface is located on interface board 1, interface board 1 generates challenge attribute information, utilizes Challenge attribute information constructs CHAP response message, and CHAP response message is sent to Portal server.
If the access interface is located on interface board 2, interface board 1 adds the access interface in CHAP request message It is sent to interface board 2 after identification information, challenge attribute information is generated by interface board 2, utilizes challenge attribute information CHAP response message is constructed, CHAP response message is sent to interface board 1, is transmitted to the CHAP response message by interface board 1 Portal server.
Step 306, Portal server sends the authentication request packet based on portal protocol to access device.
Step 307, access device receives the authentication request packet based on portal protocol, using based on portal protocol Authentication request packet generates the authentication request packet based on radius protocol, and by the authentication request packet based on radius protocol It is sent to certificate server.
Assuming that the interface board 1 of access device is the interface board interacted with Portal server, and the interface board 1 of access device For the interface board interacted with certificate server, then interface board 1 receive from Portal server based on portal protocol After authentication request packet, the IP address of the Authentication Client 1 carried in the authentication request packet based on portal protocol is obtained, And the fib table issued on this interface board 1 is inquired using the IP address of Authentication Client 1, obtain the IP address of the Authentication Client 1 Corresponding access interface.
If the access interface is located on interface board 1, interface board 1 utilizes the authentication request packet based on portal protocol The authentication request packet based on radius protocol is generated, and the authentication request packet based on radius protocol is sent to certification clothes Business device.
If the access interface is located on interface board 2, interface board 1 is in the authentication request packet based on portal protocol It is sent to interface board 2 after adding the identification information of the access interface, the certification request based on portal protocol is utilized by interface board 2 Message generates the authentication request packet based on radius protocol, and the authentication request packet based on radius protocol is sent to and is connect The authentication request packet based on radius protocol is sent to certificate server by interface board 1 by oralia 1.
Step 308, certificate server sends certification success message or certification based on radius protocol to access device Failure message.
If authenticated using the authentication information carried in the authentication request packet based on radius protocol to Authentication Client 1 Success, certificate server send the certification success message based on radius protocol to access device;If using RADIUS is based on The authentication information carried in the authentication request packet of agreement is to 1 authentification failure of Authentication Client, and certificate server is to access device Send the authentification failure message based on radius protocol.
Step 309, access device is generated using the successful message of the certification based on radius protocol or authentification failure message Certification success message or authentification failure message based on portal protocol, and by the certification success message based on portal protocol Or authentification failure message is sent to Portal server.
Assuming that the interface board 1 of access device is the interface board interacted with Portal server, and the interface board 1 of access device For the interface board interacted with certificate server, then interface board 1 receives the recognizing based on radius protocol from certificate server It demonstrate,proves successful message and perhaps obtains certification success message or authentification failure message based on radius protocol after authentification failure message The IP address of the Authentication Client 1 of middle carrying, and inquired using the IP address of the Authentication Client 1 and to be issued on this interface board 1 Fib table obtains the corresponding access interface of IP address of the Authentication Client 1.
If the access interface is located on interface board 1, interface board 1 utilizes the certification success message based on radius protocol Either authentification failure message generates certification success message or authentification failure message based on portal protocol, and will be based on The certification success message or authentification failure message of portal protocol are sent to Portal server.
If the access interface is located on interface board 2, interface board 1 based on radius protocol certification success message or It is sent to interface board 2 after adding the identification information of the access interface in person's authentification failure message, is utilized and is based on by interface board 2 Radius protocol authenticate successfully message or authentification failure message generate certification success message based on portal protocol or Authentification failure message, and the successful message of the certification based on portal protocol or authentification failure message are sent to interface board 1, by The certification success message or authentification failure message based on portal protocol are sent to Portal server by interface board 1.
It, can also be in about 1 interface board after the interface board 1 of access device receives the success message of the certification based on radius protocol Hair allows Authentication Client 1 to access the ACL (Access Control List, accesses control list) of network, opens certification client The access at end 1 and internet allows Authentication Client 1 to access internet.
Wherein, Portal server is after receiving the certification success message based on portal protocol, Portal server It can also be notified to have passed through the information of certification to Authentication Client 1.
For Portal server after receiving the authentification failure message based on portal protocol, Portal server can be with Notify it not over the information of certification to Authentication Client 1.
Based on the above-mentioned technical proposal, the embodiment of the present invention proposes a kind of processing unit of protocol massages, is applied to include master On the access device for controlling plate and interface board, the processing unit of protocol massages proposed by the present invention can be applied in access device, It specially applies in the interface board of access device.The processing unit of the protocol massages can also be led to by software realization The mode for crossing hardware or software and hardware combining is realized.Taking software implementation as an example, as the device on a logical meaning, agreement report The processing unit of text is by the processor of the access device where it, by computer program corresponding in nonvolatile memory Instruction reads what operation in interface board was formed.For hardware view, as shown in figure 4, being protocol massages proposed by the present invention Processing unit where access device a kind of hardware structure diagram, in addition to processor shown in Fig. 4, network interface, memory with And outside nonvolatile memory, access device can also include other hardware, such as be responsible for the forwarding chip of processing message;From hard From part structure, which is also possible to be distributed apparatus, may include multiple interface cards, so as to hardware view into The extension of row Message processing.
The processing unit of the protocol massages provided in the embodiment of the present invention, as shown in figure 5, the processing of the protocol massages fills It sets and specifically includes:
Module 11 is obtained, for when the interface board be interface board interact with server, if described in receiving and coming from The protocol massages of server obtain the address information of the Authentication Client carried in the protocol massages;
Determining module 12 is obtained for inquiring the forwarding information storehouse fib table of the interface board local according to the address information The access interface of the Authentication Client access on to the access device;
Processing module 13, for when the access interface is the interface on the interface board, then to the protocol massages It is handled;When the access interface is the interface on other interface boards, then the identification information of the access interface is added Into the protocol massages, and it is sent to other interface boards and is handled.
The processing module 13 is also used to obtain connecing for Authentication Client access on access device in determining module 12 After incoming interface, when the access interface is global interface, the identification information of the access interface is added to the agreement report Wen Zhong is sent to the master control borad of the access device, is connect according to carrying in the protocol massages received as the master control borad The identification information of incoming interface handles the protocol massages received.
The processing module 13 is also used to when the interface board is not the interface board interacted with server, if received To the protocol massages of interface boards other on the access device, then connect according to what is carried in the protocol massages being currently received The identification information of incoming interface handles the protocol massages being currently received.
The server is Portal server or certificate server;
When the server is Portal server, then the protocol massages are user port information request message, ask Ask Challenge-Handshake Authentication Protocol CHAP request message or the authentication request packet based on portal protocol;
When the server is certificate server, then the protocol massages are based on remote customer dialing authentication service The certification success message or authentification failure message of radius protocol.
The processing module 13, be specifically used for the protocol massages in the process of processing, when the agreement report When text is user port information request message, then the user information of the Authentication Client is obtained using the address information, and It is sent to using the user information structuring user's port information response message, and by the user port information response message Portal server;When the protocol massages are CHAP request message, then challenge attribute information is generated, and utilize institute Challenge attribute information construction CHAP response message is stated, and the CHAP response message is sent to the Portal and is serviced Device;When the protocol massages are the authentication request packet based on portal protocol, then using described based on portal protocol Authentication request packet generates the authentication request packet based on radius protocol, and by the certification request based on radius protocol Message is sent to certificate server;When the protocol massages are certification success message or authentification failure based on radius protocol When message, then the certification success message using described based on radius protocol or authentification failure message are generated and are assisted based on Portal The certification success message of view perhaps authentification failure message and by the certification success message or certification based on portal protocol Failure message is sent to the Portal server.
Wherein, the modules of apparatus of the present invention can integrate in one, can also be deployed separately.Above-mentioned module can close And be a module, multiple submodule can also be further split into.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can be by Software adds the mode of required general hardware platform to realize, naturally it is also possible to which by hardware, but in many cases, the former is more Good embodiment.Based on this understanding, technical solution of the present invention substantially in other words contributes to the prior art Part can be embodied in the form of software products, which is stored in a storage medium, if including Dry instruction is used so that a computer equipment (can be personal computer, server or the network equipment etc.) executes this hair Method described in bright each embodiment.It will be appreciated by those skilled in the art that attached drawing is the schematic diagram of a preferred embodiment, Module or process in attached drawing are not necessarily implemented necessary to the present invention.
It will be appreciated by those skilled in the art that the module in device in embodiment can describe be divided according to embodiment It is distributed in the device of embodiment, corresponding change can also be carried out and be located in one or more devices different from the present embodiment.On The module for stating embodiment can be merged into a module, can also be further split into multiple submodule.The embodiments of the present invention Serial number is for illustration only, does not represent the advantages or disadvantages of the embodiments.
Disclosed above is only several specific embodiments of the invention, and still, the present invention is not limited to this, any ability What the technical staff in domain can think variation should all fall into protection scope of the present invention.

Claims (8)

1. a kind of processing method of protocol massages, which is characterized in that the described method comprises the following steps:
The interface board of access device is when itself is the interface board interacted with server, if received from the server Protocol massages then obtain the address information of the Authentication Client carried in the protocol massages;
The interface board forwarding information storehouse fib table local according to address information inquiry, obtains institute on the access device State the access interface of Authentication Client access;
When the access interface is the interface on the interface board, then the protocol massages are handled;
When the access interface is the interface on the access device on other interface boards, then by the mark of the access interface Information is added in the protocol massages, and is sent to other interface boards and is handled;
Wherein, the server is portal Portal server or certificate server;
When the server is Portal server, then the protocol massages are user port information request message, inquire and hold Hand authentication protocol CHAP request message or the authentication request packet based on portal protocol;
When the server is certificate server, then the protocol massages are to service RADIUS based on remote customer dialing authentication The certification success message or authentification failure message of agreement.
2. the method according to claim 1, wherein the method further includes:
When the access interface is global interface, the identification information of the access interface is added to the association by the interface board It discusses in message, and is sent to the master control borad of the access device, by the master control borad according to being carried in the protocol massages received The identification information of the access interface handles the protocol massages received.
3. the method according to claim 1, wherein the method further includes:
The interface board is not when itself is the interface board interacted with server, if receiving on the access device it The protocol massages of its interface board, then the interface board is according to the mark of the access interface carried in the protocol massages being currently received Information handles the protocol massages being currently received.
4. the method according to claim 1, wherein the mistake that the interface board handles the protocol massages Journey specifically includes:
When the protocol massages are user port information request message, the interface board is using described in address information acquisition The user information of Authentication Client, and the user information structuring user's port information response message is utilized, and by the user Port information response message is sent to the Portal server;
When the protocol massages are CHAP request message, the interface board generates challenge attribute information, and described in utilization Challenge attribute information constructs CHAP response message, and the CHAP response message is sent to the Portal server;
When the protocol massages are the authentication request packet based on portal protocol, it is based on described in the interface board utilization The authentication request packet of portal protocol generates the authentication request packet based on radius protocol, and described will be assisted based on RADIUS The authentication request packet of view is sent to certificate server;
When the protocol massages are certification success message or authentification failure message based on radius protocol, the interface board The certification of successfully message or the generation of authentification failure message based on portal protocol is authenticated based on radius protocol using described Success message perhaps authentification failure message and by the certification success message or authentification failure message based on portal protocol It is sent to the Portal server.
5. a kind of processing unit of protocol massages, which is characterized in that the processing unit is applied on the interface board of access device, And the processing unit specifically includes:
Module is obtained, for when the interface board is the interface board interacted with server, if received from the server Protocol massages, then obtain the address information of the Authentication Client carried in the protocol massages;
Determining module obtains described for inquiring the forwarding information storehouse fib table of the interface board local according to the address information The access interface of the Authentication Client access on access device;
Processing module, for when the access interface is the interface on the interface board, then to the protocol massages at Reason;When the access interface is the interface on other interface boards, then the identification information of the access interface is added to described In protocol massages, and it is sent to other interface boards and is handled;
Wherein, the server is portal Portal server or certificate server;
When the server is Portal server, then the protocol massages are user port information request message, inquire and hold Hand authentication protocol CHAP request message or the authentication request packet based on portal protocol;
When the server is certificate server, then the protocol massages are to service RADIUS based on remote customer dialing authentication The certification success message or authentification failure message of agreement.
6. device according to claim 5, which is characterized in that
The processing module, the access for being also used to obtain the Authentication Client access on the access device in determining module connect After mouthful, when the access interface is global interface, the identification information of the access interface is added in the protocol massages, It is sent to the master control borad of the access device, by the master control borad according to the access interface carried in the protocol massages received Identification information the protocol massages received are handled.
7. device according to claim 5, which is characterized in that
The processing module is also used to come from when the interface board is not the interface board interacted with server if received The protocol massages of other interface boards on the access device, then according to the access interface carried in the protocol massages being currently received Identification information the protocol massages being currently received are handled.
8. device according to claim 5, which is characterized in that
The processing module, be specifically used for the protocol massages in the process of processing, when the protocol massages be use When the port information request message of family, then the user information of the Authentication Client is obtained using the address information, and utilize institute It states user information structuring user's port information response message, and the user port information response message is sent to described Portal server;When the protocol massages are CHAP request message, then challenge attribute information is generated, and utilize institute Challenge attribute information construction CHAP response message is stated, and the CHAP response message is sent to the Portal and is serviced Device;When the protocol massages are the authentication request packet based on portal protocol, then using described based on portal protocol Authentication request packet generates the authentication request packet based on radius protocol, and by the certification request based on radius protocol Message is sent to certificate server;When the protocol massages are certification success message or authentification failure based on radius protocol When message, then the certification success message using described based on radius protocol or authentification failure message are generated and are assisted based on Portal The certification success message of view perhaps authentification failure message and by the certification success message or certification based on portal protocol Failure message is sent to the Portal server.
CN201510540830.8A 2015-08-28 2015-08-28 A kind for the treatment of method and apparatus of protocol massages Active CN105591987B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510540830.8A CN105591987B (en) 2015-08-28 2015-08-28 A kind for the treatment of method and apparatus of protocol massages

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510540830.8A CN105591987B (en) 2015-08-28 2015-08-28 A kind for the treatment of method and apparatus of protocol massages

Publications (2)

Publication Number Publication Date
CN105591987A CN105591987A (en) 2016-05-18
CN105591987B true CN105591987B (en) 2019-07-09

Family

ID=55931215

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510540830.8A Active CN105591987B (en) 2015-08-28 2015-08-28 A kind for the treatment of method and apparatus of protocol massages

Country Status (1)

Country Link
CN (1) CN105591987B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143379A (en) * 2021-11-29 2022-03-04 杭州迪普科技股份有限公司 HTTPS redirection device and method based on Portal authentication
CN115766407A (en) * 2022-09-27 2023-03-07 新华三技术有限公司 BFD session maintenance system, method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325551A (en) * 2008-07-28 2008-12-17 杭州华三通信技术有限公司 Method and device for processing message

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325551A (en) * 2008-07-28 2008-12-17 杭州华三通信技术有限公司 Method and device for processing message

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于Portal协议的安全认证接入的设计与实现;刘旭;《中国优秀硕士论文全文数据库》;20140515;正文第16-17页,第22-23页,附图3.4

Also Published As

Publication number Publication date
CN105591987A (en) 2016-05-18

Similar Documents

Publication Publication Date Title
CN103609090B (en) Identity logs method and apparatus
US10382434B2 (en) Actively federated mobile authentication
CN111783067B (en) Automatic login method and device between multiple network stations
US8495720B2 (en) Method and system for providing multifactor authentication
US10069827B2 (en) Extending authentication and authorization capabilities of an application without code changes
CN104283886B (en) A kind of implementation method of the web secure access based on intelligent terminal local authentication
CN104144163B (en) Auth method, apparatus and system
CN106027565B (en) A kind of method and apparatus of the intranet and extranet unified certification based on PPPOE
CN106209749A (en) Single-point logging method and the processing method and processing device of device, relevant device and application
CN104936181B (en) A kind of access authentication method and device connecting specified AP
CN106921636A (en) Identity identifying method and device
CN103428203A (en) Access control method and device
CN109150874A (en) Access authentication method, device and authenticating device
CN106131066B (en) A kind of authentication method and device
CN105991518B (en) Network access verifying method and device
Ferry et al. Security evaluation of the OAuth 2.0 framework
Berbecaru et al. Providing login and Wi-Fi access services with the eIDAS network: A practical approach
CN106331003B (en) The access method and device of application door system on a kind of cloud desktop
CN110401641A (en) User authen method, device, electronic equipment
CN105141580B (en) A kind of resource access control method based on the domain AD
US10601809B2 (en) System and method for providing a certificate by way of a browser extension
Chen et al. An identity management framework for internet of things
CN108234386A (en) For the method and apparatus of certification
CN106254328B (en) A kind of access control method and device
CN110247758A (en) The method, apparatus and code management device of Password Management

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: Huasan Communication Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant