CN106330894B - SAVI proxy authentication system and method based on link-local address - Google Patents
SAVI proxy authentication system and method based on link-local address Download PDFInfo
- Publication number
- CN106330894B CN106330894B CN201610701943.6A CN201610701943A CN106330894B CN 106330894 B CN106330894 B CN 106330894B CN 201610701943 A CN201610701943 A CN 201610701943A CN 106330894 B CN106330894 B CN 106330894B
- Authority
- CN
- China
- Prior art keywords
- savi
- client
- address
- link
- list item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/58—Caching of addresses or names
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of SAVI proxy authentication system and method based on link-local address.The system includes: Web Portal subsystem, for the pop-up web page prompt input username and password when user networks;SAVI proxy authentication subsystem, for being authenticated instead of SAVI client.The purpose of above scheme is to avoid developing a variety of SAVI certification networked clients programs, and the Windows developed now, the type of Linux, MAC OS, iOS, Andriod client are too many, and operating cost is too high.
Description
Technical field
The present invention relates to technical field of the computer network more particularly to a kind of SAVI agency based on link-local address to recognize
Card system, for providing more convenient to use and deployment certification network access for the SAVI system in education network.
Background technique
In recent years, with China Internet industry high speed development, information network has become the important guarantee of social development.
SAVI system is the true source address certification connecting internet system inside education network.Refectory user, such as student, to pass through
SAVI system online, it is desirable to provide the user NID (i.e. user name, 10 bit digitals) and password of registration, the user NID generally can be with
The binding of the identity informations such as student number.When user surfs the Internet, oneself user NID and password are inputted.After certification passes through, SAVI system is to use
The address IPv6,64 information of the meeting containing NID behind the address IPv6 are distributed in family.When user accesses the website IPv6, user is all
Correspondence with foreign country be all to be carried out by the address IPv6 of this distribution.Network administrator can be chased after by this address IPv6
Trace back to NID information, can also find in this way be which student number the net that goes of people.The verification process of SAVI need user name and
Password, traditional approach are the online clients for developing each platform.The Windows that needs to develop, Linux, MAC OS, iOS,
The version of Andriod client is numerous, and deployment, operating cost are too high.User needs voluntarily to install, and uses inconvenience;And
And the platform having needs highest root authority, and the user having more is caused to cannot achieve root and surf the Internet.
Summary of the invention
To solve above-mentioned problems of the prior art, the present invention proposes a kind of SAVI generation based on link-local address
Manage Verification System.The SAVI proxy authentication system based on link-local address is disposed by the same network segment surfed the Internet in user, it can
With proxy user SAVI certification, so that user is not had to installation client can surf the Internet.
According to an aspect of the present invention, a kind of SAVI proxy authentication system based on link-local address is provided comprising:
SAVI interchanger is used to access to client network, and when client is initially accessed, distributes for client
One link-local address, also by the MAC Address of client and link-local address associated storage in MIB tables of data;
SAVI network management system will for periodically checking the MIB tables of data, and when having in MIB tables of data new list item
MAC Address and link-local address in new list item are stored in SAVI authentication database;
Web Portal subsystem is used for when client is initially networked, and pops up the user authentication page, prompts user defeated
Enter the NID and password of client, and the NID, password and link-local address of client are transmitted to SAVI proxy authentication subsystem
System;
SAVI proxy authentication subsystem uses NID, password and the link-local address of client to the identity of client
Information is authenticated to SAVI Verification System;
SAVI Dynamic Host Configuration Protocol server is used to receive the IPV6 address assignment request of client, and in the client certificate
By rear, the address IPV6 is returned to for it
According to a further aspect of the invention, a kind of SAVI proxy authentication method based on link-local address, the party are provided
Method includes:
Step 1, when client is initially accessed to SAVI network, SAVI interchanger for it with distributing a link-local
Location, while the MAC Address of client and link-local address being all stored in the MIB tables of data of SAVI interchanger;
Step 2, SAVI network management system periodically read SAVI interchanger MIB tables of data, and have new table in MIB tables of data
Xiang Shi, by new list item MAC Address and link-local address be stored in SAVI authentication database;
Step 3, when client access web site when, Web Portal system to client pop up certification page, prompt it is defeated
Enter the NID and password of client;
Step 4, Web Portal system obtain client NID and password after, by the NID of the client, password and
Link-local address is sent to SAVI proxy authentication subsystem;
Step 5, the SAVI proxy authentication subsystem are using NID, password and the link-local address of client to client
The identity information at end is authenticated to SAVI Verification System;
After step 6, client certificate success, SAVI Dynamic Host Configuration Protocol server distributes the address IPv6 for it, while will be described
The MAC Address of the address IPv6 and the client, link-local address associated storage are into SAVI authentication database;
Step 7, when client uses the machine MAC Address application address IPv6 again, SAVIDHCP server is record
The address IPv6 returns to client.
Above scheme proposed by the present invention is real by combining link-local address, Web Portal, proxy authentication module
When real, efficiently certification and function of surfing the Net, for into education network user provide SAVI authentication service.The system is using standard
Http protocol, so that various terminals platform can be authenticated without installing Authentication Client, and have compatibility well,
The respective characteristic of various terminals operating system is avoided, the cost of various client exploitations and deployment has greatly been saved.
Detailed description of the invention
Fig. 1 is the SAVI proxy authentication system architecture diagram based on link-local address in the present invention;
Fig. 2 is SAVI proxy authentication process flow diagram flow chart in the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with detail, and referring to attached
Figure, the present invention is described in more detail.Embodiment according to the present invention journey can clearly show that acting on behalf of SAVI under the invention recognizes
Demonstrate,prove function.
The SAVI proxy authentication system based on link-local address that the invention proposes a kind of.The system is based on IPv6 agreement
In link-local address carry out initial authentication process, and using standard http protocol.As shown in Figure 1, the system includes:
Web Portal subsystem is used for when client is initially networked, and pops up the user authentication page, prompts user defeated
Enter the NID and password of online, and password is issued SAVI proxy authentication subsystem.
SAVI proxy authentication subsystem, the NID and password inputted using user, which authenticates subscriber identity information to SAVI, is
System is authenticated, and the address of the NID of user and user are stored in SAVI authentication database after the authentication has been successful.
The system also includes:
SAVI interchanger is used to access to client network, and is terminal distribution when terminal initial accesses network
One link-local address, also by the MAC Address of client and link-local address associated storage in MIB tables of data;Visitor
After family end is that the SAVI interchanger disconnects, SAVI interchanger deletes list item of the client in MIB tables of data;
SAVI network management system will be new for periodically checking MIB tables of data, and when having in MIB tables of data new list item
MAC Address and link-local address in list item are stored in SAVI authentication database;In addition, corresponding to certain in MIB tables of data
After the list item of a client is deleted, list item corresponding with the client in SAVI authentication database is deleted, that is, deletes the visitor
MAC Address, link-local address and the NID at family end;
SAVI Dynamic Host Configuration Protocol server is used to receive the IPV6 address assignment request of client, and in the client certificate
By rear, the address IPV6 is returned to for it.Each component part of the system is discussed in detail below by specific embodiment, joins
See attached drawing 2:
1, SAVI interchanger configures
Firstly, should be configured to the access switch of SAVI.Configuration mainly has two o'clock: first point is to open neighbours' discovery
(Neighbor Discovery, ND), allows access terminal that can obtain IPv6 gateway address, and the IPv6 gateway address of configuration is exactly
The link-local address of Web Portal server, it is therefore an objective to the data message for the terminal for just accessing network be made to be dealt into Web
Portal server, it is the anti-HTTP request for asking outer net that Web Portal server, which has been found that, just redirects that login
The page, login page have the list of input NID and password, allow user to input and verify its identity information;Second point is not match
The routing address prefix information in router advertisement (Router Advertisement, RA) message is set, but configures interchanger
Parameter uses DHCPv6, allows access terminal that can not obtain the stateless address IPv6 in this way, and application can only be gone to have shape by DHCPv6
The address state IPv6.
2, consistency operation when user terminal physics accesses
When user terminal physics accesses SAVI network, i.e., catv terminal plugs cable and is switched on, and wireless terminal connects nothing
When line AP (wireless access points) signal, SAVI exchange opportunity generates a link-local address for it, i.e. FE80::x:x:
X:x/64.The network management system in SAVI system can periodically be gone in the MIB table for reading SAVI interchanger (such as the interval several seconds) simultaneously
Data, when network management system reads the data of MAC and link-local address, it will find that there is new terminal to access,
Because having found new MAC Address and link-local address.This new data can be added to recognizing for SAVI by network management system
It demonstrate,proves in database, MAC Address, link-local address is saved in database a line.This is consistency operation, complete to user terminal
It does not influence entirely.Note that having in user terminal at this time due to the configuration of interchanger and only address IPv6 being exactly this local
Link address, default gateway are the link-local address of Web Portal server.
3, operation when user terminal access website
When opening browser access website in user terminal, this HTTP request has been sent to Web Portal service
Device.After Web Portal server intercepts HTTP request, it is returned to the page of login authentication.Web Portal server for
The data packet of other agreements, such as FTP etc. then all abandon.The page of login authentication is shown on user terminal, user just knows
Road authenticates not yet, he must just input user name i.e. NID and password at this time.After user inputs NID and password, and touches the button and mention
Certification is handed over, can prompt to authenticate successfully if correct, otherwise prompt authentification failure.
4, the operation of SAVI proxy authentication system
When user inputs NID and password and submits information, Web Portal server is sent to three user informations
SAVI proxy authentication system.These three user informations be the link-local address of user, the NID of user, user password.SAVI
After proxy authentication system obtains these information, the NID and password of user are sent to the NID management server of SAVI Verification System
It goes to be authenticated.If authentification failure, NID management server returns to failure cause, and SAVI proxy authentication system returns to reason
Web Portal server is given, Web Portal server returns it to User Page.If authenticated successfully, NID management clothes
Business device is saved in link-local address, NID in the authentication database of SAVI.Note that since network management system has been in second step
Through in SAVI interchanger MAC Address and link-local address be saved in same table in same database and suffer, at this time NID manage
This row in table is found according to link-local address as long as managing server, NID is saved in corresponding field.If that
Network management system goes to read MIB table not yet in two steps, does not just have this journey in database at this time, at this time NID management server
Need to be inserted into a newline, including link-local address, NID, after network management system goes to read MIB table, network management system is according to this
Ground link address finds this row in table, and MAC Address is saved in corresponding field.
5, the operation when user terminal acquisition address IPv6
In the first step, SAVI interchanger is arranged to the address of stateful DHCPv6 distributing user, so user
Terminal one, which connects after physical network obtains link-local address, will go to request DHCP service distribution address.The DHCPv6 of SAVI takes
After business device receives this DHCP request, the authentication database of inquiry SAVI is just removed, is inquired according to user terminal MAC Address.Such as
Network management system of the fruit in second step goes to read MIB table not yet, does not just have related data in database, and the DHCPv6 of SAVI takes
Business device does not just return to station address information;If found, but if user does not authenticate success, do not have in this data
NID information, illustrate user also do not authenticate or authenticate it is unsuccessful, the DHCPv6 server of SAVI do not return to yet station address letter
Breath.In both cases, the DHCP request of user terminal is not responded, and user terminal will send repeatedly DHCPv6 and ask
It asks, and the DHCPv6 server of SAVI then can just can real basis after MAC, link-local address, NID information are all complete
The address of SAVI generates scheme (using three user NID, MAC, time elements) address Lai Shengcheng global unicast IPv6, and returns
To user terminal.User terminal is repeatedly during request address, and only link-local address can not access external website.
When DHCPv6 server returns to the address IPv6 to user terminal, while dns server address and new default gateway address are returned to,
User can access external website in this way.DHCPv6 server return the address IPv6 while, SAVI interchanger also can with
The family address MAC and IPv6 is added in interchanger binding table (MIB table).Interchanger binding table accesses control, is added to and ties up
Determine to allow for the data packet of the address IPv6 by switch port in table, not the IPv6 address date packet in binding table by
It abandons.
6, operation when user terminal suspension
User terminal suspension is left, if user terminal sends DHCP Release request, the DHCPv6 server of SAVI
After receiving request, the list item in aforementioned data library can be deleted according to its MAC Address.If user terminal directly shuts down or pulls out net
The modes suspension such as line, then SAVI exchange opportunity disconnects according to physical link and deletes interchanger binding list item, the network management system of SAVI
The deletion of list item is read, also will be deleted the list item in aforementioned data library.Other suspension operations are grasped with the original suspension of SAVI system
Make equally, to be not repeated herein.
In another embodiment of the present invention, it is also proposed that a kind of SAVI proxy authentication method based on link-local address, it should
Method includes:
Step 1, when client is initially accessed to SAVI network, SAVI interchanger for it with distributing a link-local
Location, while the MAC Address of client and link-local address being all stored in the MIB tables of data of SAVI interchanger;
Step 2, SAVI network management system periodically read SAVI interchanger MIB tables of data, and have new table in MIB tables of data
Xiang Shi, by new list item MAC Address and link-local address be stored in SAVI authentication database;
Step 3, when client access web site when, Web Portal system to client pop up certification page, prompt it is defeated
Enter the NID and password of client;
Step 4, Web Portal system obtain client NID and password after, by the NID of the client, password and
Link-local address is sent to SAVI proxy authentication subsystem;
Step 5, the SAVI proxy authentication subsystem are using NID, password and the link-local address of client to client
The identity information at end is authenticated to SAVI Verification System;
After step 6, client certificate success, SAVI Dynamic Host Configuration Protocol server distributes the address IPv6 for it, while will be described
The MAC Address of the address IPv6 and the client, link-local address associated storage are into SAVI authentication database;
Step 7, when client uses the machine MAC Address application address IPv6 again, SAVIDHCP server is record
The address IPv6 returns to client.
Particular embodiments described above journey has carried out further the purpose of the present invention, technical scheme and beneficial effects
It is described in detail, it should be understood that Cheng Eryi above is only a specific embodiment of the present invention, is not limited to this hair
Bright, all within the neoteric spirit of this loophole and principle, any modification, equivalent substitution, improvement and etc. done should be included in
Within protection scope of the present invention.
Claims (8)
1. a kind of SAVI proxy authentication system based on link-local address characterized by comprising
SAVI interchanger is used to access to client network, and when client is initially accessed, distributes one for client
Link-local address, also by the MAC Address of client and link-local address associated storage in MIB tables of data;
SAVI network management system will be new for periodically checking the MIB tables of data, and when having in MIB tables of data new list item
MAC Address and link-local address in list item are stored in SAVI authentication database;
Web Portal subsystem is used for when client is initially networked, and pops up the user authentication page, and user is prompted to input visitor
The NID and password at family end, and the NID, password and link-local address of client are transmitted to SAVI proxy authentication subsystem;
SAVI proxy authentication subsystem uses NID, password and the link-local address of client to the identity information of client
It is authenticated to SAVI Verification System;
SAVI Dynamic Host Configuration Protocol server is used to receive the IPV6 address assignment request of client, and passes through in the client certificate
Afterwards, the address IPV6 is returned to for it;
Wherein, the SAVI interchanger is configured as: the first, the IPv6 gateway address returned to the client of access is Web
The link-local address of Portal subsystem;The second, the routing address prefix in RA message is not configured, and is configured described in its use
SAVI Dynamic Host Configuration Protocol server.
2. the system as claimed in claim 1, which is characterized in that further include:
SAVI Verification System utilizes NID, password and the link-local of the client received from SAVI proxy authentication subsystem
Address is authenticated, and after the authentication has been successful, and the link-local address of the client and NID are saved in SAVI authentication data
In library.
3. system as claimed in claim 2, which is characterized in that SAVI Verification System is according to the link-local of the client
The SAVI authentication database is searched in location, if there are the corresponding tables of the link-local address in the SAVI authentication database
, then the NID is inserted into the list item, it is corresponding if there is no the link-local address in the SAVI authentication database
List item, then establish one include the link-local address and NID list item.
4. system as claimed in claim 3, which is characterized in that the SAVI network management system exists, by the MAC in new list item
Location and link-local address are stored in SAVI authentication database, check SAVI authentication data first with the link-local address
Whether corresponding list item is had existed in library, if it is present directly the MAC Address is inserted into the list item;If do not deposited
New list item is then being established, and save the MAC Address and link-local address in the new list item.
5. the system as claimed in claim 1, which is characterized in that
When client accesses SAVI interchanger, according to the DHCPv6 server address that SAVI interchanger provides, Xiang Suoshu
DHCPv6 server sends DHCP request;
The SAVI Dynamic Host Configuration Protocol server inquires SAVI after receiving the DHCP request of client, according to the MAC Address of client
Authentication database, if having the MAC Address of the client in the SAVI authentication database, and client has authenticated and passed through,
Then the address IPv6 is returned to client.
6. system as claimed in claim 5, which is characterized in that the SAVI Dynamic Host Configuration Protocol server is to client return IPv6
Behind location, the IPV6 address information is stored in the MAC Address of the client corresponding list item in MIB table by SAVI interchanger
In.
7. the system as claimed in claim 1, which is characterized in that the SAVI Dynamic Host Configuration Protocol server receives client transmission
After suspension request, the list item in the SAVI authentication database is deleted according to the MAC Address of the client;If client
Not sent suspension is requested directly after suspension, and the SAVI interchanger deletes corresponding list item in MIB table, and SAVI network management system
After detecting that the list item in MIB table is deleted, corresponding list item in the SAVI authentication database is deleted.
8. a kind of SAVI proxy authentication method based on link-local address, this method comprises:
Step 1, when client is initially accessed to SAVI network, SAVI interchanger is that it distributes a link-local address, together
When the MAC Address of client and link-local address are all stored in the MIB tables of data of SAVI interchanger, SAVI exchange
Machine is configured as: the first, being the link-local of Web Portal subsystem to the IPv6 gateway address of the client of access return
Address;The second, the routing address prefix in RA message is not configured, and is configured it and used the SAVI Dynamic Host Configuration Protocol server;
Step 2, SAVI network management system periodically read SAVI interchanger MIB tables of data, and have new list item in MIB tables of data
When, by new list item MAC Address and link-local address be stored in SAVI authentication database;
Step 3, when client access web site when, Web Portal system to client pop up certification page, prompt input visitor
The NID and password at family end;
After step 4, Web Portal system obtain the NID and password of client, by the NID, password and local of the client
Link address is sent to SAVI proxy authentication subsystem;
Step 5, the SAVI proxy authentication subsystem are using NID, password and the link-local address of client to client
Identity information is authenticated to SAVI Verification System;
After step 6, client certificate success, SAVI Dynamic Host Configuration Protocol server is that it distributes the address IPv6, while by the IPv6
The MAC Address of address and the client, link-local address associated storage are into SAVI authentication database;
Step 7, when client uses the machine MAC Address application address IPv6 again, SAVIDHCP server is record IPv6
Location returns to client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610701943.6A CN106330894B (en) | 2016-08-22 | 2016-08-22 | SAVI proxy authentication system and method based on link-local address |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610701943.6A CN106330894B (en) | 2016-08-22 | 2016-08-22 | SAVI proxy authentication system and method based on link-local address |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106330894A CN106330894A (en) | 2017-01-11 |
CN106330894B true CN106330894B (en) | 2019-11-22 |
Family
ID=57742678
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610701943.6A Active CN106330894B (en) | 2016-08-22 | 2016-08-22 | SAVI proxy authentication system and method based on link-local address |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106330894B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881308B (en) * | 2018-08-09 | 2021-10-12 | 下一代互联网重大应用技术(北京)工程研究中心有限公司 | User terminal and authentication method, system and medium thereof |
CN110224980B (en) * | 2019-05-05 | 2020-10-27 | 清华大学 | Credible MPTCP transmission method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102014142A (en) * | 2010-12-31 | 2011-04-13 | 中国科学院计算技术研究所 | Source address validation method and system |
CN102624729A (en) * | 2012-03-12 | 2012-08-01 | 北京星网锐捷网络技术有限公司 | Web authentication method, device and system |
CN102710448A (en) * | 2012-06-12 | 2012-10-03 | 清华大学 | Adaptive regulating method of life cycle parameter of SAVI (Source Address Validation Improvements) switch filter table |
CN104852919A (en) * | 2015-05-14 | 2015-08-19 | 杭州华三通信技术有限公司 | Method and apparatus for realizing portal authentication |
-
2016
- 2016-08-22 CN CN201610701943.6A patent/CN106330894B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102014142A (en) * | 2010-12-31 | 2011-04-13 | 中国科学院计算技术研究所 | Source address validation method and system |
CN102624729A (en) * | 2012-03-12 | 2012-08-01 | 北京星网锐捷网络技术有限公司 | Web authentication method, device and system |
CN102710448A (en) * | 2012-06-12 | 2012-10-03 | 清华大学 | Adaptive regulating method of life cycle parameter of SAVI (Source Address Validation Improvements) switch filter table |
CN104852919A (en) * | 2015-05-14 | 2015-08-19 | 杭州华三通信技术有限公司 | Method and apparatus for realizing portal authentication |
Non-Patent Citations (1)
Title |
---|
基于交换机的安全接入系统研究与实现;陈虹钊;《中国优秀硕士学位论文》;20140521;正文第3.1、3.2节 * |
Also Published As
Publication number | Publication date |
---|---|
CN106330894A (en) | 2017-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106851632B (en) | A kind of method and device of smart machine access WLAN | |
CN108881308B (en) | User terminal and authentication method, system and medium thereof | |
US9215234B2 (en) | Security actions based on client identity databases | |
CN110300117A (en) | Authentication method, equipment and the medium of IOT equipment and user's binding | |
CN101447879B (en) | Charging method and access equipment therefor | |
CN104159225A (en) | Wireless network based real-name registration system management method and system | |
CN103023856B (en) | Method, system and the information processing method of single-sign-on, system | |
CN109862565A (en) | A kind of WLAN unaware control method, system and readable storage medium storing program for executing | |
CN103428211A (en) | Network authentication system on basis of switchboards and authentication method for network authentication system | |
CN105592180B (en) | A kind of method and apparatus of Portal certification | |
CN103997479B (en) | A kind of asymmetric services IP Proxy Methods and equipment | |
CN101764808A (en) | Authentication processing method and system for automatic login as well as server | |
CN105592062A (en) | Method and device for remaining IP address unchanged | |
CN106603556B (en) | Single-point logging method, apparatus and system | |
CN104468619B (en) | A kind of method and authentication gateway for realizing double stack web authentications | |
CN103634111B (en) | Single-point logging method and system and single sign-on client-side | |
US8769623B2 (en) | Grouping multiple network addresses of a subscriber into a single communication session | |
CN114079971A (en) | Service flow management and control method, system, DPI node and storage medium | |
CN106330894B (en) | SAVI proxy authentication system and method based on link-local address | |
CN106789905A (en) | A kind of network access equipment and method | |
JP2002152276A (en) | Internet utilizing method and device utilizing wired or wireless lan system, and line concentration/connection device | |
CN106209750A (en) | A kind of network allocation method, server, network access equipment and system | |
KR20120044381A (en) | Method and system for subscriber to log in internet content provider(icp) website in identity/location separation network and login device thereof | |
CN103634421A (en) | Address distribution method and server | |
CN103118025A (en) | Single sign-on method based on network access certification, single sign-on device and certificating server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |