CN106304071B - A kind of network access verifying method, access authentication equipment and system - Google Patents
A kind of network access verifying method, access authentication equipment and system Download PDFInfo
- Publication number
- CN106304071B CN106304071B CN201610668024.3A CN201610668024A CN106304071B CN 106304071 B CN106304071 B CN 106304071B CN 201610668024 A CN201610668024 A CN 201610668024A CN 106304071 B CN106304071 B CN 106304071B
- Authority
- CN
- China
- Prior art keywords
- access
- access authentication
- equipment
- authentication equipment
- device identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/04—Arrangements for maintaining operational condition
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the present invention provides a kind of network access verifying method, access authentication equipment and certificate server, is related to the communications field, and the access terminal of caused access internet is lost when solving the problems, such as that existing access authentication equipment breaks down.This method comprises: access authentication equipment is newly selected to receive the takeover request that access point apparatus is sent, the takeover request includes the device identification for the failure access authentication equipment connecting between access point apparatus there are failure, the business information for requesting that access authentication equipment taking over fault access authentication equipment is newly selected to handle;The business information that access point apparatus is sent is received, and sends adapter tube notification message to certificate server, which includes the device identification of access point apparatus and the device identification for newly selecting access authentication equipment with access point apparatus interconnection;Receive the response message that certificate server is sent.
Description
Technical field
The present invention relates to the communications field more particularly to a kind of network access verifying methods, access authentication equipment and certification clothes
Business device.
Background technique
Access authentication equipment is the equipment closest to access terminal, commonly used in carrying out message interaction with certificate server,
To which the access request of access terminal is transmitted to certificate server, so that the certificate server carries out network access authentication.
Fig. 1 is existing most common access authentication equipment network architecture diagram, which includes: certificate server 11, connects
Enter authenticating device 12 (main 12a, standby 12b), AP (English: Access Point, Chinese: access point) equipment 13 and access terminal
14.Wherein, AP equipment 13 is used to the user access request that access terminal 14 is initiated being transmitted to access authentication equipment 12, and accesses
Authenticating device 12 is mainly used for carrying out the judgement of network insertion permission to access terminal 14, if the access terminal 14 has network insertion power
Limit then indicates that user is visited if the access terminal 14 does not have network insertion permission in the access terminal 14 directly access internet
Ask that request is transmitted to certificate server 11, so that certificate server 11 carries out network access authentication operation to access terminal 14.This
Outside, the problem of can not judging user right in order to avoid being out of order due to access authentication equipment 12, existing networking are usual
Active and standby two access authentication equipment can be arranged, and (in general, main access authentication equipment 12a is powered on, another standby 12b access authentication is set
It is standby not power on).Meanwhile in order to guarantee that spare access authentication equipment 12b can replace main access authentication equipment 12a processing business,
Two configured in one piece would generally be configured (for example, equipment SN (English: serial number, Chinese: sequence number), device IP (English
Text: Internet Protocol, Chinese: the agreement interconnected between network), protocol communication port configuration etc.) identical connect
Enter authenticating device.It is based on group-network construction shown in FIG. 1 in this way, certificate server 11 can go out event in main access authentication equipment 12a
When barrier, still network access authentication can be carried out to access terminal 14.
But since access authentication equipment active and standby in above-mentioned networking is completely self-contained two equipment, when main access authentication
When equipment 12a is out of order, which can lose the access terminal 14 of access internet (for example, online
Access terminal and be prepared for online access terminal), so that access terminal 14 must log in standby access authentication equipment again
12 come that re-authentication is online, and entire replacement process is equivalent to restarting for primary equipment, to influence the access of access terminal 14
Perception, i.e., this mode only reduce troubleshooting from the time and access the entire business procedure of internet industry to access terminal 14
Influence, do not accomplish zero influence after single device failure on access terminal access Internet service whole process.
Summary of the invention
The embodiment of the present invention provides a kind of network access verifying method, access authentication equipment and certificate server, with solution
The problem of access terminal of caused access internet is lost when certainly existing access authentication equipment breaks down.
In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that
In a first aspect, providing a kind of network access verifying method, comprising:
Access authentication equipment is newly selected to receive the takeover request that access point apparatus is sent, the takeover request includes to connect with described
The device identification for the failure access authentication equipment that access point equipment room is connected there are failure described new selects access authentication to set for requesting
The business information of standby taking over fault access authentication equipment processing;
The business information that described access point equipment is sent is received, and sends adapter tube notification message to certificate server, it is described
Adapter tube notification message includes the device identification of described access point equipment and connects with the new choosing of described access point equipment interconnection
Enter the device identification of authenticating device;
Receive the response message that the certificate server is sent.
Second aspect provides a kind of network access verifying method, comprising:
Certificate server receives the adapter tube notification message for newly selecting access authentication equipment to send;
Parsed from the adapter tube notification message described access point equipment device identification and with the connection equipment
The new device identification for selecting access authentication equipment of interconnection;
The device identification of described access point equipment and the new device identification for selecting access authentication equipment are closed according to interconnection
System's correspondence is stored to database;
New access authentication equipment feedback response message is selected to described.
The third aspect provides a kind of access authentication equipment, comprising:
Receiving module, for receiving the takeover request of access point apparatus transmission, which includes the event broken down
The device identification for hindering access authentication equipment, the industry for requesting that access authentication equipment taking over fault access authentication equipment is newly selected to handle
Business information;
Above-mentioned receiving module is also used to receive the business information of described access point equipment transmission;
Sending module, for sending adapter tube notification message to certificate server, adapter tube notification message includes access point apparatus
Device identification and newly select the device identification of access authentication equipment with access point apparatus interconnection;
Above-mentioned receiving module, the response message sent for receiving the certificate server.
Fourth aspect provides a kind of certificate server, comprising:
Receiving module, for receiving the adapter tube notification message for newly access authentication equipment being selected to send;
Parsing module, for parsing the device identification of access point apparatus from the received adapter tube notification message of receiving module
And the device identification for newly selecting access authentication equipment with access point apparatus interconnection;
Memory module, the device identification of the access point apparatus for parsing parsing module select access authentication equipment with new
Device identification according to interconnecting relation correspondence store to database;
Sending module is used for Xiang Xinxuan access authentication equipment feedback response message.
A kind of network access verifying method, access authentication equipment and the certificate server that the embodiment of the present invention provides,
When failure access authentication device fails can not be interconnected with access point apparatus, access point apparatus can be redistributed for access terminal
One adapter tube equipment (newly selecting access authentication equipment), and the takeover request sent to the adapter tube equipment, to request the adapter tube to set
Business information handled by standby taking over fault access authentication equipment, and the adapter tube equipment will connect after receiving the takeover request
The business information that pipe access point apparatus is sent, and adapter tube notification message is sent to certificate server, Lai Tongzhi certificate server should
Access point apparatus is interconnected with access authentication equipment is newly selected, thus guarantee adapter tube equipment and certificate server can seamless interfacing,
Ensure the normal transmitting-receiving of follow-up business.Further, since when access authentication device fails, the access point apparatus meeting that is interconnected with it
Again new adapter tube equipment is distributed for access terminal, so that the access terminal of access internet is unaffected, for example, on
The access terminal of line no longer needs to that re-authentication is online, and being prepared for online access terminal will not be forced to exit.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be in embodiment or description of the prior art
Required attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only some realities of the invention
Example is applied, it for those of ordinary skill in the art, without creative efforts, can also be according to these attached drawings
Obtain other attached drawings.
Fig. 1 is a kind of access authentication equipment network architecture diagram provided in an embodiment of the present invention;
Fig. 2 is a kind of access authentication device clusters group-network construction figure provided in an embodiment of the present invention;
Fig. 3 is a kind of method flow diagram of network access verifying method provided in an embodiment of the present invention;
Fig. 4 is the method flow diagram of another network access verifying method provided in an embodiment of the present invention;
Fig. 5 is a kind of form schematic diagram of Portal message format provided in an embodiment of the present invention;
Fig. 6 is a kind of structural schematic diagram of access authentication equipment provided in an embodiment of the present invention;
Fig. 7 is a kind of structural schematic diagram of certificate server provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
It is with reference to the accompanying drawing and specific real in order to make those skilled in the art better understand technical solution of the present invention
Applying example, the present invention is described in further detail.
Fig. 2 is the access authentication device clusters group-network construction figure of application of the embodiment of the present invention, as shown in Fig. 2, the access is recognized
Card equipment network includes certificate server 21, access authentication device clusters 22, access point apparatus 23 and access terminal 24, in which:
Above-mentioned access point apparatus is used to receive network management system and issues all access authentications in access authentication device clusters
Device configuration information.The access point apparatus can be router.The access point apparatus can will be accessed for providing access hot spot
Terminal 24 is connected in wireless network.
Above-mentioned access authentication device clusters 22 form (22a, 22b, 22c in such as Fig. 2) by N number of access authentication equipment,
Each access authentication equipment possesses independent device identification SN, device IP and agreement respectively in the access authentication device clusters 22
Communication port configuration, and all access authentication equipment in the access authentication device clusters 22 possess identical Portal certification and match
Set, radius configuration etc. authenticated configurations, it is believed that all access authentication equipment physics in the access authentication device clusters 22
On can be deployed in different location, but logically belong to the same entirety, i.e., the access authentication equipment in the embodiment of the present invention
All access authentication equipment in cluster 22 have identical traffic handing capacity.Meanwhile in the access authentication device clusters 22
All access authentication equipment between can interact, the business information of its handled business of intercommunication.Specifically, access authentication
Equipment is used to carry out permission judgement to the access terminal of access internet, that is, determines whether the access terminal possesses access internet
Permission, if the access terminal 24 has access authority, indicate the access terminal 24 directly access internet;If the access is whole
End 24 does not have network insertion permission, then user access request is transmitted to certificate server 22, so that certificate server 21 docks
Enter terminal 24 and carries out network access authentication operation.
Above-mentioned certificate server is mainly used for providing authentication service interactive interface for the successful access terminal of certification, and with
The access authentication equipment carries out message interaction, to complete the network access authentication of access terminal.The certificate server includes AAA clothes
Business device and Portal server, wherein the aaa server (AAA server) is the clothes for being capable of handling user access request
Business device program.Verifying authorization and account service, the usually same NS software of aaa server, gateway server, data are provided
Library and user information catalogue etc. cooperate, and the network attached server interface with aaa server cooperation is that " remote identity is tested
It demonstrate,proves Dial-In User Service (RADIUS).Portal server is used to carry out access terminal Portal certification, and to pass through
The access terminal of Portal certification provides the Portal server administrator Internet resources of authorization.
Based on the corresponding group-network construction of Fig. 2, the embodiment of the present invention provides a kind of network access verifying method, as shown in figure 3,
This method comprises the following steps:
101, access authentication equipment is newly selected to receive the takeover request that access point apparatus is sent.
Wherein, above-mentioned takeover request includes setting for the failure access authentication equipment connecting between access point apparatus there are failure
Standby mark, the business information for requesting that access authentication equipment taking over fault access authentication equipment is newly selected to handle.Failure access is recognized
The device identification for demonstrate,proving equipment can be SN code, be the sequence number of equipment, have uniqueness.
Illustratively, as shown in figure 4, the access point apparatus in the embodiment of the present invention is in the access terminal for receiving its subordinate
The certification request of transmission is (for example, HTTP (English: Hyper Text Transfer Protocol, Chinese: Hyper text transfer association
View) request) after, an access authentication equipment can be selected from access authentication device clusters based on access authentication device configuration strategy
It comes into force to oneself.It (disconnects and connecting with access point apparatus when the access authentication equipment interconnected with access point apparatus breaks down in this way
Connect) when, what it is due to first discovery this problem is the access point apparatus interconnected with it, when access point apparatus is found to oneself
When the access authentication device fails to come into force, which can be according to access authentication device configuration strategy from access authentication
An access authentication equipment is reselected in device clusters and is used as adapter tube equipment, carrys out taking over fault equipment (i.e. failure access authentication
Equipment) all business to be treated, and takeover request is sent to adapter tube equipment (newly selecting access authentication equipment).
Further, since after access point apparatus and the interconnection of access authentication equipment, between access point apparatus and access authentication equipment
The period sends message to schedule for meeting, and therefore, access point apparatus can be by determining the access point apparatus in the predetermined time
Whether the message of access authentication equipment transmission is received in period to determine whether the access authentication equipment interconnected with it occurs event
Barrier, i.e., when do not received in access point apparatus predetermined time cycle access authentication equipment transmission message when, then judgement and its
The access authentication device fails of interconnection.
102, it newly selects access authentication equipment to receive the business information that access point apparatus is sent, and is connect to certificate server transmission
Pipe notification message.
Wherein, above-mentioned adapter tube notification message includes the device identification of the access point apparatus and mutual with the access point apparatus
The device identification for newly selecting access authentication equipment of connection selects access authentication for informing that the certificate server access point apparatus and this are new
Equipment interconnection, that is, inform the certificate server access point apparatus and the new interconnecting relation for selecting access authentication equipment room.Specifically
, the device identification of above-mentioned access point apparatus can be the MAC information of access point apparatus, and the new access authentication equipment of selecting
Device identification can be the new SN mark for selecting access authentication equipment.
103, certificate server receives the adapter tube notification message for newly selecting access authentication equipment to send.
104, certificate server parses device identification and and the access point of access point apparatus from adapter tube notification message
The device identification for newly selecting access authentication equipment of equipment interconnection.
105, certificate server by the device identification of access point apparatus with newly select the device identification of access authentication equipment according to
Interconnecting relation correspondence is stored to database.
Illustratively, as shown in figure 4, certificate server will record all access authentications in access authentication device clusters sets
It is standby, it, all can be to authentication service when any one access authentication equipment has taken over the access point apparatus of failure access authentication equipment
The Portal server of device sends adapter tube notice message, and after certificate server receives the adapter tube notification message, it parses this and connects
Pipe notification message, to get the access point apparatus and newly select the interconnecting relation of access authentication equipment room, and by the access point
Equipment and the interconnecting relation of access authentication equipment room is newly selected to store to database, record equipment adapter tube relationship, so that guarantee is recognized
The business such as card, offline are normal.
106, certificate server Xiang Xinxuan access authentication equipment feedback response message.
107, access authentication equipment is newly selected to receive the response message that certificate server is sent.
Optionally, after step 106, this method further include:
106a, service message is received.
It include the device identification of the corresponding target access equipment of purpose access terminal, the business in above-mentioned service message
Message is to be carried on UDP (English: User Datagram Protocol, Chinese: User Datagram Protocol) message.
106b, it is read from database according to the device identification of target access equipment and target access equipment presence
The device identification of the target access authentication equipment of interconnecting relation, by target access authentication equipment to target access device forwards
Service message.
Illustratively, when certificate server needs to send message to faulty equipment, the certificate server is first from the report
The device identification of purpose access point apparatus is parsed in the service message carried in text, is then found in the database and the mesh
Access point apparatus interconnection purpose access authentication equipment, by Portal certificate server in the increased adaptation of Message processing layer
The purpose access point apparatus is adapted to by device with the purpose access authentication equipment, to guarantee subsequent to be sent to faulty equipment
Message can normally be sent to adapter tube equipment (i.e. purpose access authentication equipment).
Optionally, adapter tube notification message is sent to certificate server in step 102 and specifically include following content: taking to certification
Business device sends the adapter tube notice message based on Portal message format.
Based on above content, corresponding step 107 specifically includes following content: receive that certificate server sends based on
The response message of Portal message format.
Illustratively, the form schematic diagram of Portal message format referring to Figure 5 is it is found that existing Portal message
Format includes Ver (version) field, Type (type of message) field, Pap/Chap (auth type) field, SerialNo (equipment
Sequence number) field, ReqID (response ID) field, UserIP (User IP) field, ErrCode (error code) field, AttrNum
(attribute number) field.Wherein, if the attribute number stored in the AttrNum field is not 0, need to store all properties
Attribute information is specifically referred to following tables 1.
Table 1
Wherein, the attribute wlanapmac support in table 1 carries multiple in a message, takes over event convenient for equipment batch
Hinder the access point apparatus of equipment, only needs a message.
Illustratively, if the information carried in each field in adapter tube notice message are as follows: Type=0xc0, Pap/Chap=
0x01, SerialNo=equipment generate ident value, and ReqID=equipment generates at random, UserIP=0.0.0.0, ErrCode=0.
The information then carried in each field in corresponding response message are as follows: Ver=0x01, Type=0xc1, Pap/Chap
The SerialNo of=0x01, SerialNo=notice message, ReqID, the UserIP=0.0.0.0 of ReqID=notice message,
ErrCode=0, AttrNum=0.
It should be noted that after newly selecting access authentication equipment to send adapter tube notice message to certificate server, if new choosing
Access authentication equipment does not receive the response message that certificate server is fed back also after sending adapter tube notice message after 10 seconds, then can be again
Adapter tube notice message is sent, is so retried twice, to guarantee normally being sent to for message.If newly select access authentication equipment continuously to
Certificate server sends adapter tube notice message three times, and certificate server all new does not select access authentication equipment to send adapter tube sound to this
Answer message, then the access terminal access network problem be not only this it is new select access authentication equipment to break down, also need pair
Networking other equipment are detected.
Further, since between all access authentication equipment in access authentication device clusters in the embodiment of the present invention
It interacts, the business information of its handled business of intercommunication.Therefore, when access authentication device fails, the faulty equipment
The service message that can be processed to is synchronized in other access authentication equipment in access authentication device clusters.
Specifically, before step 101, this method further include:
A1, other being synchronized to failure access authentication equipment currently processed business information in access authentication device clusters
Access authentication equipment.
Certainly, above-mentioned synchronizing process is also not only access authentication equipment there are can just execute when failure, normal
In the case of, the business information that all access authentication equipment in the access authentication device clusters can be processed to is synchronized to other
Access authentication equipment, it is not limited here.
The network access verifying method that the embodiment of the present invention provides, failure access authentication device fails can not be with
When access point apparatus interconnects, access point apparatus can redistribute an adapter tube equipment for access terminal and (newly access authentication be selected to set
It is standby), and the takeover request sent to the adapter tube equipment, to request handled by the adapter tube equipment taking over fault access authentication equipment
Business information, and the adapter tube equipment after receiving the takeover request will adapter tube access point apparatus send business information, and
Send adapter tube notification message to certificate server, the Lai Tongzhi certificate server access point apparatus with newly select access authentication equipment
Interconnection, thus guarantee adapter tube equipment and certificate server can seamless interfacing, ensure the normal transmitting-receiving of follow-up business.In addition, by
When access authentication device fails, the access point apparatus interconnected with it can distribute new adapter tube again for access terminal and set
It is standby, so that the access terminal of access internet is unaffected, for example, online access terminal no longer needs in re-authentication
Line, being prepared for online access terminal will not be forced to exit.
The embodiment of the present invention provides a kind of access authentication equipment, as shown in fig. 6, the access authentication equipment 2 includes: to receive
Module 21 and sending module 22, in which:
Receiving module 21, for receiving the takeover request of access point apparatus transmission, takeover request includes the event broken down
The device identification for hindering access authentication equipment, the industry for requesting that access authentication equipment taking over fault access authentication equipment is newly selected to handle
Business information.
Receiving module 21 is also used to receive the business information of access point apparatus transmission.
Sending module 22, for sending adapter tube notification message to certificate server, adapter tube notification message is set comprising access point
Standby device identification and the device identification for newly selecting access authentication equipment with access point apparatus interconnection.
Receiving module 21, for receiving the response message of certificate server transmission.
Illustratively, the above-mentioned new access authentication device clusters selected where access authentication equipment and failure access authentication equipment
It is made of N number of access authentication equipment, each access authentication equipment possesses independent equipment mark respectively in access authentication device clusters
Knowledge, device IP and the configuration of protocol communication port, and all access authentication equipment in the access authentication device clusters possess
Identical authenticated configuration.
Optionally, sending module 22 is specifically used for:
The adapter tube notice message based on Portal message format is sent to certificate server;
Receiving module 21 is specifically used for when receiving the response message that certificate server is sent:
Receive the response message based on Portal message format that certificate server is sent.
Optionally, as shown in fig. 6, the access authentication equipment further include: synchronization module 23, in which:
Synchronization module 23, for the currently processed business information of failure access authentication equipment to be synchronized to access authentication equipment
Other access authentication equipment in cluster.
The embodiment of the present invention provide access authentication equipment, failure access authentication device fails can not be with access
When point device interconnects, access point apparatus can redistribute an adapter tube equipment (newly selecting access authentication equipment) for access terminal,
And the takeover request sent to the adapter tube equipment, to request business handled by the adapter tube equipment taking over fault access authentication equipment
Information, and the adapter tube equipment after receiving the takeover request will the business information that sends of adapter tube access point apparatus, and to recognizing
Demonstrate,prove server and send adapter tube notification message, the Lai Tongzhi certificate server access point apparatus with newly select access authentication equipment mutual
Connection, thus guarantee adapter tube equipment and certificate server can seamless interfacing, ensure the normal transmitting-receiving of follow-up business.Further, since
When access authentication device fails, the access point apparatus interconnected with it can distribute new adapter tube equipment again for access terminal,
So that the access terminal of access internet is unaffected, for example, to no longer need to re-authentication online for online access terminal,
Being prepared for online access terminal will not be forced to exit.
It should be noted that during specific implementation, access authentication equipment institute in above-mentioned method flow as shown in Figure 3
The computer that each step executed can execute the software form stored in memory by the processor of example, in hardware executes
Instruction realizes that, to avoid repeating, details are not described herein again.And program corresponding to movement performed by above-mentioned access authentication equipment is equal
It can be stored in a software form in the memory of the access authentication equipment, execute the above modules in order to which processor calls
Corresponding operation.
The embodiment of the present invention provides a kind of certificate server, as shown in fig. 7, the certificate server 3 includes: receiving module
31, parsing module 32, memory module 33 and sending module 34, in which:
Receiving module 31, for receiving the adapter tube notification message for newly access authentication equipment being selected to send.
Parsing module 32, the equipment for parsing access point apparatus from the received adapter tube notification message of receiving module 31
Mark and the device identification for newly selecting access authentication equipment interconnected with access point apparatus.
Memory module 33, the device identification of the access point apparatus for parsing parsing module 32 select access authentication with new
The device identification of equipment is stored according to interconnecting relation correspondence to database.
Sending module 34 is used for Xiang Xinxuan access authentication equipment feedback response message.
Optionally, above-mentioned receiving module 31, is also used to receive service message, which includes purpose access terminal
The device identification of corresponding target access equipment.
Sending module 34 is also used to be read from database according to the device identification of target access equipment and access with target
There are the device identifications of the target access authentication equipment of interconnecting relation for point device, are accessed by target access authentication equipment to target
Point device forwarding service message.
The embodiment of the present invention provide certificate server, failure access authentication device fails can not be with access point
When equipment interconnects, access point apparatus can redistribute an adapter tube equipment (newly selecting access authentication equipment) for access terminal, recognize
Card server just therefrom parses access point apparatus after receiving the adapter tube notification message for newly access authentication equipment being selected to send
Device identification and the device identification for newly selecting access authentication equipment interconnected with access point apparatus, then storage equipment adapter tube closes
System, and send adapter tube response message to access authentication equipment, thus guarantee certificate server and adapter tube equipment can seamless interfacing,
Ensure the normal transmitting-receiving of follow-up business.Further, since when access authentication device fails, the access point apparatus meeting that is interconnected with it
Again new adapter tube equipment is distributed for access terminal, so that the access terminal of access internet is unaffected, for example, on
The access terminal of line no longer needs to that re-authentication is online, and being prepared for online access terminal will not be forced to exit.
It should be noted that certificate server is held in above-mentioned method flow as shown in Figure 3 during specific implementation
The computer execution that capable each step can execute the software form stored in memory by the processor of example, in hardware refers to
It enables and realizing, to avoid repeating, details are not described herein again.And program corresponding to movement performed by above-mentioned certificate server can be with
It is stored in the memory of the certificate server in a software form, in order to which processor calls the above modules of execution corresponding
Operation.
Memory above may include volatile memory (volatile memory), such as random access memory
Device (random-access memory, RAM);It also may include nonvolatile memory (non-volatile memory), example
Such as read-only memory (read-only memory, ROM), flash memory (flash memory), hard disk (hard disk
Drive, HDD) or solid state hard disk (solid-state drive, SSD);It can also include the combination of the memory of mentioned kind.
Processor in device presented above can be a processor, be also possible to the system of multiple processing elements
Claim.For example, processor can be central processing unit (central processing unit, CPU;It may be other general places
Manage device, digital signal processor (digital signal processing, DSP), specific integrated circuit (application
Specific integrated circuit, ASIC), field programmable gate array (field-programmable gate
Array, FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components etc..It is logical
It can be microprocessor with processor or the processor be also possible to any conventional processor etc.;It can also be dedicated processes
Device, the application specific processor may include at least one of baseband processing chip, radio frequency processing chip etc..
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description
It with the specific work process of module, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the module, only
Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple module or components can be tied
Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit
Letter connection can be electrical property, mechanical or other forms.
The module as illustrated by the separation member may or may not be physically separated, aobvious as module
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that the independent physics of each unit includes, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (12)
1. a kind of network access verifying method characterized by comprising
Access authentication equipment is newly selected to receive the takeover request that access point apparatus is sent, the takeover request includes the event broken down
Hinder access authentication equipment device identification, for request it is described it is new select access authentication equipment taking over fault access authentication equipment handle
Business information;
The business information that described access point equipment is sent is received, and sends adapter tube notification message, the adapter tube to certificate server
Notification message includes the device identification of described access point equipment and recognizes with the new choosing access of described access point equipment interconnection
Demonstrate,prove the device identification of equipment;
Receive the response message that the certificate server is sent.
2. new selecting access authentication equipment and the failure to access to recognize the method according to claim 1, wherein described
Access authentication device clusters where card equipment are made of N number of access authentication equipment, each in the access authentication device clusters
Access authentication equipment possesses independent device identification, device IP and the configuration of protocol communication port, and the access authentication respectively
All access authentication equipment in device clusters possess identical authenticated configuration.
3. the method according to claim 1, wherein described specific to certificate server transmission adapter tube notification message
Include:
It is described it is new select access authentication equipment to certificate server send the adapter tube notice message based on Portal message format;
The response message for receiving the certificate server transmission specifically includes:
The new response based on the Portal message format for selecting access authentication equipment to receive the certificate server transmission
Message.
4. according to the method described in claim 2, it is characterized in that, it is described it is new select access authentication equipment receive access point apparatus hair
Before the takeover request sent, the method also includes:
The currently processed business information of the failure access authentication equipment is synchronized to its in the access authentication device clusters
His access authentication equipment.
5. the method according to claim 1, wherein the method also includes:
The certificate server receives the adapter tube notification message for newly selecting access authentication equipment to send;
Parsed from the adapter tube notification message access point apparatus device identification and with described access point equipment interconnection
The new device identification for selecting access authentication equipment;
By the device identification of described access point equipment and the new device identification for selecting access authentication equipment according to interconnecting relation pair
It should store to database;
New access authentication equipment feedback response message is selected to described.
6. according to the method described in claim 5, it is characterized in that, described new select access authentication equipment feedback response to disappear to described
After breath, the method also includes:
The certificate server receives service message, and the service message includes that the corresponding target access of purpose access terminal is set
Standby device identification;
It is read from database according to the device identification of the target access equipment and is existed mutually with the target access equipment
The device identification of the target access authentication equipment of connection relationship is set by the target access authentication equipment to the target access
Standby forwarding service message.
7. a kind of access authentication equipment characterized by comprising
Receiving module, for receiving the takeover request of access point apparatus transmission, the takeover request includes the failure to break down
The device identification of access authentication equipment newly selects access authentication equipment to take over the failure access authentication equipment processing for requesting
Business information;
The receiving module is also used to receive the business information of described access point equipment transmission;
Sending module, for sending adapter tube notification message to certificate server, the adapter tube notification message includes described access point
The device identification of equipment and the new device identification for selecting access authentication equipment interconnected with described access point equipment;
The receiving module, the response message sent for receiving the certificate server.
8. access authentication equipment according to claim 7, which is characterized in that it is described it is new select access authentication equipment and it is described therefore
Access authentication device clusters where barrier access authentication equipment are made of N number of access authentication equipment, the access authentication equipment collection
Each access authentication equipment possesses independent device identification, device IP and the configuration of protocol communication port respectively in group, and described
All access authentication equipment in access authentication device clusters possess identical authenticated configuration.
9. access authentication equipment according to claim 7, which is characterized in that the sending module is specifically used for:
The adapter tube notice message based on Portal message format is sent to certificate server;
The receiving module is specifically used for when receiving the response message that the certificate server is sent:
Receive the response message based on the Portal message format that the certificate server is sent.
10. access authentication equipment according to claim 8, which is characterized in that the access authentication equipment further include:
Synchronization module is set for the currently processed business information of the failure access authentication equipment to be synchronized to the access authentication
Other access authentication equipment in standby cluster.
11. a kind of network access authentication system characterized by comprising
Access authentication equipment and certificate server as described in claim any one of 7-10;
The certificate server includes:
Receiving module, for receiving the adapter tube notification message for newly access authentication equipment being selected to send;
Parsing module, the equipment for parsing access point apparatus from the received adapter tube notification message of the receiving module
Mark and the new device identification for selecting access authentication equipment interconnected with described access point equipment;
Memory module, the device identification of the described access point equipment for parsing the parsing module and the new choosing access
The device identification of authenticating device is stored according to interconnecting relation correspondence to database;
Sending module, for new selecting access authentication equipment feedback response message to described.
12. network access authentication system according to claim 11, it is characterised in that:
The receiving module, is also used to receive service message, and the service message includes that the corresponding target of purpose access terminal connects
Enter the device identification of point device;
The sending module is also used to be read from database according to the device identification of the target access equipment and the mesh
Access point apparatus is marked there are the device identification of the target access authentication equipment of interconnecting relation, passes through the target access authentication equipment
To the target access device forwards service message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610668024.3A CN106304071B (en) | 2016-08-15 | 2016-08-15 | A kind of network access verifying method, access authentication equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610668024.3A CN106304071B (en) | 2016-08-15 | 2016-08-15 | A kind of network access verifying method, access authentication equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106304071A CN106304071A (en) | 2017-01-04 |
| CN106304071B true CN106304071B (en) | 2019-06-18 |
Family
ID=57671941
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610668024.3A Active CN106304071B (en) | 2016-08-15 | 2016-08-15 | A kind of network access verifying method, access authentication equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106304071B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10660030B2 (en) * | 2018-02-08 | 2020-05-19 | Litepoint Corporation | System and method for controlling uses of wireless points of access during testing of radio frequency (RF) devices under test (DUTS) |
| CN114205404B (en) * | 2020-08-31 | 2024-03-29 | 浙江宇视科技有限公司 | Media stream holding method, device, electronic equipment and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103731407B (en) * | 2012-10-12 | 2017-08-11 | 华为技术有限公司 | The method and system of IKE message negotiations |
| US9588850B2 (en) * | 2014-10-30 | 2017-03-07 | Aruba Networks, Inc. | Network controller failover request to reduce network outages |
| CN104410990B (en) * | 2014-11-14 | 2018-10-30 | 迈普通信技术股份有限公司 | Realize the method and system of access authentication server switching |
| CN105589765A (en) * | 2015-12-17 | 2016-05-18 | 迈普通信技术股份有限公司 | Method for realizing program backup |
| CN105577444B (en) * | 2015-12-30 | 2019-02-22 | 迈普通信技术股份有限公司 | A kind of wireless controller management method and wireless controller |
-
2016
- 2016-08-15 CN CN201610668024.3A patent/CN106304071B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN106304071A (en) | 2017-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5693576B2 (en) | Managing instant messaging sessions | |
| WO2016062002A1 (en) | Connection management method and apparatus, electrical device | |
| US9231826B2 (en) | Zero configuration of a virtual distributed device | |
| US9113031B2 (en) | Call control for conferencing calls | |
| US10250581B2 (en) | Client, server, radius capability negotiation method and system between client and server | |
| CN106911648B (en) | Environment isolation method and equipment | |
| CN108667699B (en) | Method and device for interconnecting terminal equipment and gateway equipment | |
| JP5419907B2 (en) | Network system and communication recovery method | |
| CN111049946B (en) | Portal authentication method, portal authentication system, electronic equipment and storage medium | |
| CN105744555B (en) | A kind of terminal maintenance method, maintenance device and NM server | |
| CN111194035B (en) | Network connection method, device and storage medium | |
| CN106169964B (en) | Network equipments configuration synchronous method and device | |
| US20180302370A1 (en) | Communication system, address notification apparatus, communication control apparatus, terminal, communication method, and program | |
| US20170272339A1 (en) | Method and apparatus for detecting connectivity | |
| WO2015184410A1 (en) | Domain trusted video network | |
| WO2017005163A1 (en) | Wireless communication-based security authentication device | |
| CN106304071B (en) | A kind of network access verifying method, access authentication equipment and system | |
| CN108966363A (en) | A kind of connection method for building up and device | |
| US20140324950A1 (en) | Connection method and management server | |
| CN106453400B (en) | A kind of authentication method and system | |
| WO2015139633A1 (en) | Data transmission method and apparatus | |
| US20150229513A1 (en) | Systems and methods for efficient remote security panel configuration and management | |
| US10979287B2 (en) | Method and apparatus for receiving a solution when configuration function verification fails in a terminal | |
| CN113973101A (en) | Method and device for processing table item information | |
| WO2016127583A1 (en) | Authentication processing method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |