CN106357486A - Access method and device for network users - Google Patents
Access method and device for network users Download PDFInfo
- Publication number
- CN106357486A CN106357486A CN201610688663.6A CN201610688663A CN106357486A CN 106357486 A CN106357486 A CN 106357486A CN 201610688663 A CN201610688663 A CN 201610688663A CN 106357486 A CN106357486 A CN 106357486A
- Authority
- CN
- China
- Prior art keywords
- dhcp
- session
- server
- message
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
- H04L12/2869—Operational details of access network equipments
- H04L12/287—Remote access server, e.g. BRAS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses an Internet user access method and device, which is based on IPoE technique of DHCP, comprising discovery, authentication, preassignment, inquiry and confirmation phases, while the authentication phase includes: BRAS server extracts received information in DHCP_Discover message sent by DHCP client side to construct the authentication information; BRAS server sends authentication request which includes authentication information to Radius server; BRAS server receives the authentication result returned by Radius server after verification of authentication information, when the authentication result is passed, BARS server transmits DHCP_Discover message to DHCP server. The Internet user access method and device transfer user authentication business to broadband access server for completion, while the dynamic host configuration protocol server merely needs to allocate resources for the dynamic host configuration protocol client side, reducing loads of the dynamic host configuration protocol server.
Description
Technical field
The application is related to a kind of computer technology, more particularly, to a kind of network user's cut-in method and device.
Background technology
With the development of network technology, also more and more higher is required to the authentication mode of user access network.In prior art
Generally provide user access network using the Ethernet the Internet dial mode based on DHCP, DynamicHost is joined
Put the network address that agreement can dynamically in Resources allocation pond, reclaim the network address that client does not use in time;Ether
Net the Internet dial mode does not need to install any program on the subscriber terminal it is not necessary to input username and password, very suitable
Close the terminal traffic being difficult to support the point-to-point dialing protocol of built-in ethernet.But it is based on DHCP in prior art
Ethernet the Internet dial mode, by extracting user profile, certification, distribution address etc. business all concentrate on dynamic host configuration
On server, the requirement to server is complicated, and the traffic load of high concentration also affects the performance of server.
Content of the invention
The application provides the method and apparatus that a kind of network user accesses, and solves relevant issues of the prior art.
According to the embodiment of the present application in a first aspect, provide a kind of network user's cut-in method, based on dynamic host configuration
The Ethernet the Internet dialing ipoe technology of agreement dhcp, the method comprises discovery, certification, predistribution, demand, the stage of recognition,
Described authentication phase includes step:
Broadband inserting service bras server extracts the dynamic of the DHCP dhcp client transmission receiving
Host configuration finds the information in dhcp_discover message, constructs described authentication information;
Described bras server sends to remote customer dialing authentication service radius server and comprises described authentication information
Certification request;
The authentication result that described bras server returns after receiving authentication information described in described radius server authentication, when
Described authentication result be by when, described bras server forwards described dhcp_discover message to assist to dynamic host configuration
View dhcp server.
According to the second aspect of the embodiment of the present application, provide a kind of network user's access device, using based on DynamicHost
The Ethernet the Internet dialing ipoe technology transmitting-receiving message of configuration protocol dhcp, the message received and dispatched comprises discovery, certification, divides in advance
Join, the message of demand, the stage of recognition, described device is located at bras server, and this device includes:
Receiver module, the DynamicHost being configured to extract the DHCP dhcp client transmission receiving is joined
Put the information in protocol discovery dhcp_discover message, construct described authentication information;
Certification request module, be configured to remote customer dialing authentication service radius server send comprise described in recognize
The certification request of card information;
Authentication result module, the certification returning after being configured to receive authentication information described in described radius server authentication
As a result, when described authentication result be by when, described bras server forwards described dhcp_discover message to DynamicHost
Configuration protocol dhcp server.
The business of user authentication is transferred to BAS Broadband Access Server to complete by the application, DHCP service
Device only needs to, to dhcp client end Resources allocation, reduce the load of Dynamic Host Configuration Protocol server.
Brief description
Fig. 1 is the flow chart of an exemplary embodiment in the embodiment of the present application;
Fig. 2 is the flow chart of an exemplary embodiment in the embodiment of the present application;
Fig. 3 is the block diagram of an exemplary embodiment in the embodiment of the present application;
Fig. 4 is the block diagram of an exemplary embodiment in the embodiment of the present application;
Fig. 5 is the block diagram of an exemplary embodiment in the embodiment of the present application;
Fig. 6 is the block diagram of an exemplary embodiment in the embodiment of the present application;
Fig. 7 is the block diagram of an exemplary embodiment in the embodiment of the present application;
Fig. 8 is the block diagram of an exemplary embodiment in the embodiment of the present application;
Fig. 9 is the block diagram of an exemplary embodiment in the embodiment of the present application.
Specific embodiment
Here will in detail exemplary embodiment be illustrated, its example is illustrated in the accompanying drawings.Explained below is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with such as appended
The example of the consistent apparatus and method of some aspects being described in detail in claims, the application.
It is the purpose only merely for description specific embodiment in term used in this application, and be not intended to be limiting the application.
" a kind of ", " described " and " being somebody's turn to do " of singulative used in the application and appended claims is also intended to including most
Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wraps
Containing one or more associated any or all possible combination listing project.
It will be appreciated that though various information may be described using term first, second, third, etc. in the application, but this
A little information should not necessarily be limited by these terms.These terms are only used for same type of information is distinguished from each other out.For example, without departing from
In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determining ".
Fig. 1 is a kind of network user's cut-in method according to an exemplary embodiment.
The application is using based on dhcp, (dynamic host configuration protocol, dynamic host configuration is assisted
View) ipoe (internet protocol over ethernet, Ethernet the Internet dial) technology, a kind of user is provided
Method during access network.The node comprising in network environment has dhcp client, bras (broadband remote
Access server, broadband inserting service) server, radius (remote authentication dial in user
Service, remote customer dialing authentication service) server, dhcp server.Dhcp adopts c/s (client/server, client
End/server) communication pattern, dhcp client is dhcp client to dhcp server proposition distribution request, dhcp server
The configuration informations such as distribution ip (network) address, gateway, to realize the dynamic configuration of the information such as ip address.Radius is that one kind is used for
Needing the nas (network access server, network access server) of authentication url and shared certificate server between
Be authenticated, the document protocol of authorization and accounting information, radius is a kind of agreement of c/s structure, any operation radius visitor
The computer of family end software can become the client of radius.Bras mainly completes control realization function: with Verification System,
Charge system and client management system and service strategy control system match and realize certification, charging and the management work(of user's access
Energy.Ipoe authentication mode is authenticated using dhcp+option (option) extended field, the physical location pair based on Internet user
User is authenticated, and need not input username and password during user's online;Option field mainly comprise option60 and
Option82, option60 are by the information carrying during user terminal initiation dhcp request, for identifying client terminal type,
Thus identifying client traffic type, dhcp server may rely on the different business ip address of this distribution;Option82 is
It is inserted in the dhcp message that client sends by the network equipment, be mainly used to identify the on-position of client.
Dhcp message forwards and is broadly divided into four-stage:
Discover (discovery) stage, during dhcp client request ip address, the position of unclear dhcp server, because
This dhcp client can send request message with broadcast mode in local network, and this message is referred to as dhcp_discover report
It is therefore an objective to find the dhcp server in network, all dhcp servers receiving dhcp_discover message all can send literary composition
Back message, dhcp client is known that the position of dhcp server present in network accordingly.
Offer (pre- offer) stage, after dhcp server receives dhcp_discover message, will be on the ground being configured
Search a suitable ip address in the pond of location, add corresponding lease time limit and other configurations information (as gateway, dns server
Deng), construct a dhcp_offer message, be sent to dhcp client, inform that dhcp client book server can carry for it
For ip address.But this process is to notify this dhcp server of dhcp client can provide ip address, is predistribution property,
Also need to dhcp client and this ip address is detected by arp (address resolution protocol, address resolution protocol)
Whether repeat.
In request (demand) stage, dhcp client may receive a lot of dhcp_offer messages, so must be at this
A little messages select one in responding, and the dhcp server that dhcp client generally selects first response dhcp_offer message is made
For the target dhcp server of oneself, and respond a broadcast-type dhcp_request message, in network, notice selection
Dhcp server.After dhcp client successfully obtains ip address, when address uses the past in rental period 1/2, can be to dhcp server
Send the dhcp_request message of unicast type, re-rent to target dhcp request address;Re-rent without obtaining address, renting
During past phase 3/4, dhcp client can send broadcast-type dhcp_request message, all dhcp server requests in network
Address is re-rented.
Ack (confirmation) stage, after dhcp server receives dhcp_request message, according to the dhcp visitor carrying in message
Family end mac address (medium access control, physical address) searching whether to there is corresponding lease record, if
Have and then send dhcp_ack message as response, notify dhcp client can use the ip address of distribution.
For ipoe technology segment, further comprises the certification link in dhcp message repeating process.
As shown in figure 1, describing the design to the certification link in dhcp message repeating process in the application.In step
In s101, bras server extracts the information in the dhcp_discover message that the dhcp client receiving sends, and constructs certification
Information;In step s102, bras server sends, to radius server, the certification request comprising authentication information;In step
The authentication result that in s103, bras server returns after receiving radius server authentication authentication information, when authentication result is to pass through
When, bras server forwards dhcp_discover message to dynamically main dhcp server.
As shown in Fig. 2 describing the partial routine forwarding herein in connection with the message of certification link.
Dhcp client 201 sends dhcp_discover message, carries option60 information, and this message is passing through
Option82 information is added during dhcp relaying.
Bras server 202, after receiving dhcp_discover message, extracts option60 and option82 information, structure
Build authentication information.Authentication information includes user name, password and nas-port-id (network access server port-mark), user
By mac address and option60 information structure, form is mac@option60 to name;Password can be generated based on arbitrary string;
Nas-port-id is by option82 information structure.Authentication information is sent to radius server 203 by bras server 202, sends out
Play certification request.
Radius server 203 does legitimacy detection to the user name in authentication information, password and nas-port-id to be recognized
Card, authentication result is returned to bras server 202.
When certification is passed through, dhcp_discover message is sent to dhcp server 204, dhcp by bras server 202
Server 204 searches a suitable ip address in the address pool being configured, and adds corresponding lease time limit and other configurations
Information (as gateway, dns server etc.), constructs dhcp_offer message, is sent to bras server 202, and then is transmitted to
Dhcp client 201, notifies dhcp client 201, and dhcp server 204 can provide ip address for it.This process is
Notify dhcp client 201, dhcp server 204 can provide ip address, belong to predistribution property in addition it is also necessary to dhcp client
By arp (address resolution protocol, address resolution protocol), 201 detect whether this ip address repeats.dhcp
Client 101 sends broadcast arp request message in network, and the purpose ip address in message is set in dhcp_offer message
The ip address carrying, if dhcp client 201 does not receive arp response message, shows not existing ip address conflict in network, instead
Then there is ip address conflict.
The ip address that dhcp client 201 carries in confirming dhcp_offer message can use, when there is not address conflict,
Via bras server 202, in network, all of dhcp server broadcast sends dhcp_request message, and notice selects
Dhcp server.
During dhcp server 204 when receiving dhcp_request message, judge to carry in dhcp_request message
Whether server info points to itself, if mismatched, dhcp server 204 is not responding to dhcp_request message, and removes
The ip address assignment record of response;If it does, proving dhcp client 201 using the ip address of book server distribution, rent
About and other configuration informations, dhcp server 204 sends dhcp_ack message, sends to dhcp visitor via bras server 202
Family end 201, confirms formally to distribute ip address, lease and other configuration informations to dhcp client 101.
Every load in whole certification link, the structure certification originally being undertaken by dhcp server are believed by the application
Breath, sends certification request and turns and undertaken by bras server, dhcp server is only responsible for, to dhcp client Resources allocation, reducing
The load of dhcp server, improves the performance of dhcp server.
Conventional art in dhcp message repeating process, lack a kind of prison to message status, dhcp client state
Control mechanism.The application introduces session (session control) mechanism, and bras server records dhcp client by session
Information and the status indicator of session, dhcp client-side information comprises the physics mac address of dhcp client, dhcp client
Network ip address, status indicator be used for represent dhcp client send message forwarding state, status indicator create
It is assigned initialization during session, be changed to forward stage corresponding state with message in each transmitting-receiving message.
Session is disposed on bras server.
Bras server whether there is and dhcp client according to the mac address search carrying in dhcp_discover message
Hold corresponding session, if do not existed, then create the corresponding session in mac address, this session records dhcp
The mac address of client and ip address, and by status indicator assignment session_init (initial);If there is with dhcp client
Hold corresponding session, then directly the status indicator of this session is revised as session_init;Mistake after this
Cheng Zhong, when receiving and dispatching message, bras server is according to the corresponding session of mac address search in the message received and dispatched, and leads to
Cross this session and change corresponding status indicator it is ensured that each progress that message forwards intuitively can be looked into by session
Ask.
When bras server initiates the certification request of session, the status indicator of session is set to session_
Auth (certification);Bras server can also start a certification timer, receive the duration of certification message, certification for labelling
Timer can be closed when receiving authentication result or timing time-out;
When bras server receives certification success message, session state is set to be worth accordingly by bras server,
Session_pass (passes through), terminates certification timer;
When bras server receives authentification failure message, session state is set to be worth accordingly by bras server,
Session_fail (fails), terminates certification timer;
When bras server does not receive authentication result, session state is arranged session_loser by bras server
(unknown), and send authentication information again, for example it is set to send again every 10 seconds, repeats to send 3 times, such as bras receives not yet
To authentication result, then current session state is set to session_fail, terminates certification timer.
When dhcp server sends dhcp_ack message via bras server to dhcp client, represent dhcp service
The ip address that device distributes for dhcp client and relevant configuration information formally use, and bras server is by dhcp_ack message
The ip address carrying and relevant configuration information write session, keep information content in session to be up-to-date.Now this session
Terminate, bras server then closes session corresponding with this session.
If dhcp server fails after receiving dhcp_discover message normally to return dhcp_offer message, that is,
Dhcp server fails to distribute ip address and relevant configuration information to dhcp client, and dhcp server will send dhcp_nak report
Literary composition, sends to dhcp client via bras server, notifies dhcp client book server cannot distribute ip address and correlation
Configuration information.Now this session terminates, and bras server then closes session corresponding with this session.
When user terminates network insertion, dhcp client can discharge ip address and the relevant configuration information of use.dhcp
Client sends dhcp_release (release) message, sends to dhcp server via bras server, notifies dhcp service
Device reclaims the ip address carrying in message and relevant configuration information, and bras server deletion simultaneously is corresponding with this dhcp client
session.
Fig. 3 is a kind of network user's access device 300 according to an exemplary embodiment.
Device 300 is transmited and receive telegrams using the Ethernet the Internet dialing ipoe technology based on DHCP dhcp
Literary composition, the message received and dispatched comprises the message of discovery, certification, predistribution, demand, the stage of recognition it is characterised in that device is located at
Bras server, this device includes:
Receiver module 301, is configured to extract the dynamic master that the DHCP dhcp client receiving sends
Machine configuration protocol finds the information in dhcp_discover message, constructs authentication information;
Certification request module 302, is configured to comprise to recognize to remote customer dialing authentication service radius server transmission
The certification request of card information;
Authentication result module 303, the authentication result returning after being configured to receive radius server authentication authentication information,
When authentication result be by when, forward dhcp_discover message to DHCP dhcp server.
As an example, as shown in figure 4, device 300 can also include,
Address conflict detection module 304, is configured to dhcp client is detected in dhcp_offer message by arp
When there is not address conflict in the network ip address carrying, the dhcp_request message of transmission, it is forwarded to dhcp server.
As an example, as shown in figure 5, device 300 can also include,
Session control module 305, is configured to the state that session records dhcp client-side information and session
Mark, dhcp client-side information comprises the mac address of dhcp client, ip address, and status indicator is used for representing dhcp client
The forwarding state of the message sending, when creating session to status indicator assignment, in each record dhcp client-side information
Change status indicator.
As an example, as shown in fig. 6, session control module 305 can include,
Creation module 306, is configured to the mac address search according to carrying in dhcp_discover message and whether there is
Corresponding session, if do not existed, then creates the corresponding session in mac address;
Logging modle 307, is configured to record mac address and the ip address of dhcp client, and to status indicator assignment;
And when there is mac address, status indicator is modified;And when receiving and dispatching message afterwards, according in the message received and dispatched
Mac address search, to after corresponding session, changes corresponding status indicator by this session.
As an example, as shown in fig. 7, device 300 can also include,
Timer module 308, is configured to start a certification timer when initiating certification request, and is receiving radius
Terminate certification timer after the authentication result of server or certification timer expired.
Logging modle 307 can be configured to,
When receiving dhcp_discover message, the state of session is set to the initial session_ of session control
init;
When initiating certification request to radius server, session state is set to session control authentication
session_auth;
When receiving authentication result, session state is set to the state corresponding with authentication result, authentication result bag
Include certification to pass through or authentification failure;
When not receiving authentication result after certification timer expired, session state is set to session control unknown
Session_loser, and send certification request again;When receiving authentication result not yet, session state is set to session
Control unsuccessfully session_fail.
Logging modle 307 can be additionally configured to,
The DHCP returning after forwarding dhcp server to receive dhcp_request message confirms dhcp_
After ack message, the information updating of the dhcp client in session is corresponding part in dhcp_ack message.
As shown in figure 8, creation module 306 can also include,
Closedown module 309, is configured to the DHCP dhcp_ unconfirmed forwarding dhcp server to send
Nak message, to dhcp client, closes session;Dhcp_nak message receives dhcp_discover message for dhcp server
Afterwards, fail normally to send and send during dhcp_offer message.
As shown in figure 9, creation module 306 can also include,
Release module 310, is configured to send out dhcp client when needing and discharging allocated dhcp client-side information
The DHCP release dhcp_release message sending is forwarded to dhcp server, closes session.
These are only the preferred embodiment of the application, not in order to limit the application, all in spirit herein and
Within principle, any modification, equivalent substitution and improvement done etc., should be included within the scope of the application protection.
Claims (18)
1. a kind of network user's cut-in method, dial the Ethernet the Internet based on DHCP dhcp ipoe skill
Art, the method comprises discovery, certification, predistribution, demand, the stage of recognition it is characterised in that described authentication phase includes step:
Broadband inserting service bras server extracts the DynamicHost that the DHCP dhcp client receiving sends
Configuration protocol finds the information in dhcp_discover message, constructs described authentication information;
Described bras server sends to remote customer dialing authentication service radius server and comprises recognizing of described authentication information
Card request;
The authentication result that described bras server returns after receiving authentication information described in described radius server authentication, when described
Authentication result be by when, described bras server forwards described dhcp_discover message to DHCP
Dhcp server.
2. the method for claim 1 is it is characterised in that described pre-allocation stage includes step:
Described dhcp client detects DHCP predistribution dhcp_offer message by address resolution protocol arp
In the network ip address that carries, when described ip address does not have address conflict, described dhcp client services to described bras
Device sends DHCP demand dhcp_request message;Described dhcp_request is reported by described bras server
Literary composition is transmitted to described dhcp server.
3. the method for claim 1 is it is characterised in that methods described also includes:
Described bras server records the shape of described dhcp client-side information and described session by session control session
State identifies, and described dhcp client-side information comprises the physics mac address of described dhcp client, the network of described dhcp client
Ip address, described status indicator is used for representing the forwarding state of the message of described dhcp client transmission, described status indicator exists
Create and be assigned during described session, be modified in each transmitting-receiving message.
4. method as claimed in claim 3 is it is characterised in that described bras server is recorded by session control session
The step of the status indicator of described dhcp client-side information and described session includes:
It is right that described bras server whether there is according to the described mac address search carrying in described dhcp_discover message
The described session answering, if do not existed, then creates the corresponding described session in described mac address, records described dhcp client
The mac address at end and ip address, and to described status indicator assignment;If it does, modifying to described status indicator;It
Afterwards, when receiving and dispatching message, according to the corresponding described session of the mac address search in the message received and dispatched and described by this
Session changes corresponding described status indicator.
5. method as claimed in claim 4 is it is characterised in that methods described further comprises the steps of:
Described bras server starts a certification timer when initiating described certification request, and is receiving described radius service
Terminate described certification timer after the authentication result of device or described certification timer expired.
6. method as claimed in claim 5 is it is characterised in that described bras server is recorded by session control session
The step of the status indicator of described dhcp client-side information and described session includes:
When receiving described dhcp_discover message, described status indicator is set to the initial session_ of session control
init;
When initiating described certification request to described radius server, described status indicator is set to session control authentication
session_auth;
When receiving described authentication result, described status indicator is set to the value corresponding with described authentication result, described recognizes
Card result includes certification and passes through or authentification failure;
When not receiving described authentication result after described certification timer expired, described status indicator is set to session control not
Know session_loser, and send described certification request again;When receiving described authentication result not yet, by described state mark
Know and be set to session control failure session_fail.
7. method as claimed in claim 3 is it is characterised in that described bras server is recorded by session control session
The step of the status indicator of described dhcp client-side information and described session also includes:
In the stage of recognition, described bras server forwards described dhcp server to return after receiving described dhcp_request message
DHCP confirm dhcp_ack message to dhcp client, by the described dhcp client in described session
Client information is updated in described dhcp_ack message corresponding part.
8. method as claimed in claim 3 is it is characterised in that methods described also includes,
In described pre-allocation stage, described bras server forwards described dhcp server to receive described dhcp_discover report
When failing normally to send described dhcp_offer message after literary composition, the DHCP dhcp_nak unconfirmed report of transmission
Literary composition, closes described session.
9. method as claimed in claim 3 is it is characterised in that methods described also includes,
Described dhcp client is sent by described bras server when needing to discharge allocated described dhcp client-side information
DHCP discharges dhcp_release message, is forwarded to described dhcp server, closes described session.
10. a kind of network user's access device, using the Ethernet the Internet dialing based on DHCP dhcp
Ipoe technology receives and dispatches message, and the message received and dispatched comprises the message of discovery, certification, predistribution, demand, the stage of recognition, its feature
It is, described device is located at bras server, this device includes:
Receiver module, is configured to extract the dynamic host configuration association that the DHCP dhcp client receiving sends
View finds the information in dhcp_discover message, constructs described authentication information;
Certification request module, is configured to comprise described certification letter to remote customer dialing authentication service radius server transmission
The certification request of breath;
Authentication result module, the certification knot returning after being configured to receive authentication information described in described radius server authentication
Really, when described authentication result be by when, described bras server forwards described dhcp_discover message to join to DynamicHost
Put agreement dhcp server.
11. devices as claimed in claim 10 it is characterised in that described device also includes,
Address conflict detection module, is configured to described dhcp client is detected by address resolution protocol arp and dynamically leads
When there is not address conflict in the network ip address carrying in machine configuration protocol predistribution dhcp_offer message, the dynamic master of transmission
Machine configuration protocol demand dhcp_request message, is forwarded to described dhcp server.
12. devices as claimed in claim 11 it is characterised in that described device also includes,
Session control module, is configured to session control session and records described dhcp client-side information and described
The status indicator of session, described dhcp client-side information comprises the physics mac address of described dhcp client, described dhcp
The network ip address of client, described status indicator is used for representing the forwarding state of the message of described dhcp client transmission,
Create to described status indicator assignment during described session, change described shape when recording described dhcp client-side information every time
State identifies.
13. devices as claimed in claim 12 it is characterised in that described session control module includes,
Creation module, is configured to the described mac address search according to carrying in described dhcp_discover message and whether there is
Corresponding described session, if do not existed, then creates the corresponding described session in described mac address;
Logging modle, is configured to record mac address and the ip address of described dhcp client, and described status indicator is assigned
Value;And when there is described mac address, described status indicator is modified;And when receiving and dispatching message afterwards, according to being received
Mac address search in the message sent out is to after corresponding described session, corresponding described by session modification this described
Status indicator.
14. devices as claimed in claim 13 it is characterised in that described device also includes,
Timer module, is configured to start a certification timer when initiating described certification request, and described receiving
Terminate described certification timer after the authentication result of radius server or described certification timer expired.
15. devices as claimed in claim 14 it is characterised in that described logging modle is configured to,
When receiving described dhcp_discover message, the state of described session is set to session control initial
session_init;
When initiating described certification request to described radius server, described session state is set to session control mirror
Power session_auth;
When receiving described authentication result, described session state is set to the state corresponding with described authentication result, institute
State authentication result include certification pass through or authentification failure;
When not receiving described authentication result after described certification timer expired, described session state is set to session control
Make unknown session_loser, and send described certification request again;When receiving described authentication result not yet, will be described
Session state is set to session control failure session_fail.
16. devices as claimed in claim 15 are it is characterised in that described logging modle is additionally configured to, described when forwarding
After the DHCP that dhcp server returns after receiving described dhcp_request message confirms dhcp_ack message,
The information updating of the described dhcp client in described session is corresponding part in described dhcp_ack message.
17. devices as claimed in claim 13 it is characterised in that described creation module also includes,
Closedown module, is configured to the DHCP dhcp_nak unconfirmed report forwarding described dhcp server to send
Literary composition, to described dhcp client, closes described session;Described dhcp_nak message receives described for described dhcp server
After dhcp_discover message, fail normally to send transmission during described dhcp_offer message.
18. devices as described in right 13 requires it is characterised in that described creation module also includes,
Release module, is configured to send out described dhcp client when needing and discharging allocated described dhcp client-side information
The DHCP release dhcp_release message sending is forwarded to described dhcp server, closes described session.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610688663.6A CN106357486A (en) | 2016-08-18 | 2016-08-18 | Access method and device for network users |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610688663.6A CN106357486A (en) | 2016-08-18 | 2016-08-18 | Access method and device for network users |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106357486A true CN106357486A (en) | 2017-01-25 |
Family
ID=57843596
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610688663.6A Pending CN106357486A (en) | 2016-08-18 | 2016-08-18 | Access method and device for network users |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106357486A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107995070A (en) * | 2017-11-21 | 2018-05-04 | 新华三技术有限公司 | Networking control method, device and BRAS based on IPOE |
| CN108712411A (en) * | 2018-05-11 | 2018-10-26 | 南京铁道职业技术学院 | A kind of IPoE roamings conversation controlling method |
| CN109768906A (en) * | 2019-03-29 | 2019-05-17 | 新华三技术有限公司 | A kind of subnet special line configuration method and device |
| CN110798546A (en) * | 2019-11-08 | 2020-02-14 | 杭州海兴电力科技股份有限公司 | DUID-based DHCP client access authentication method |
| CN110855573A (en) * | 2019-11-30 | 2020-02-28 | 四川天邑康和通信股份有限公司 | 3DES (3 data encryption Standard) DHCP option60 decryption method based on linux bridge |
| CN111628963A (en) * | 2020-04-01 | 2020-09-04 | 新华三信息安全技术有限公司 | Anti-attack method, device, equipment and machine readable storage medium |
| CN112118330A (en) * | 2020-09-22 | 2020-12-22 | 青岛海信传媒网络技术有限公司 | DHCP (dynamic host configuration protocol) network reconnection method and display equipment |
| CN113765904A (en) * | 2021-08-26 | 2021-12-07 | 新华三大数据技术有限公司 | Authentication method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127600A (en) * | 2006-08-14 | 2008-02-20 | 华为技术有限公司 | A method for user access authentication |
| CN101141253A (en) * | 2006-09-05 | 2008-03-12 | 华为技术有限公司 | Implementing authentication method and system |
| CN101272247A (en) * | 2007-03-23 | 2008-09-24 | 华为技术有限公司 | Method and equipment and system for implementing user authentication based on DHCP |
| CN102480399A (en) * | 2010-11-30 | 2012-05-30 | 中国电信股份有限公司 | Multi-service authentication method based on IPoE and system thereof |
| CN103368780A (en) * | 2013-07-22 | 2013-10-23 | 杭州华三通信技术有限公司 | Service control method and equipment |
| CN104601743A (en) * | 2015-02-11 | 2015-05-06 | 杭州华三通信技术有限公司 | IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet |
-
2016
- 2016-08-18 CN CN201610688663.6A patent/CN106357486A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127600A (en) * | 2006-08-14 | 2008-02-20 | 华为技术有限公司 | A method for user access authentication |
| CN101141253A (en) * | 2006-09-05 | 2008-03-12 | 华为技术有限公司 | Implementing authentication method and system |
| CN101272247A (en) * | 2007-03-23 | 2008-09-24 | 华为技术有限公司 | Method and equipment and system for implementing user authentication based on DHCP |
| CN102480399A (en) * | 2010-11-30 | 2012-05-30 | 中国电信股份有限公司 | Multi-service authentication method based on IPoE and system thereof |
| CN103368780A (en) * | 2013-07-22 | 2013-10-23 | 杭州华三通信技术有限公司 | Service control method and equipment |
| CN104601743A (en) * | 2015-02-11 | 2015-05-06 | 杭州华三通信技术有限公司 | IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107995070B (en) * | 2017-11-21 | 2020-12-08 | 新华三技术有限公司 | IPOE-based networking control method and device and BRAS |
| CN107995070A (en) * | 2017-11-21 | 2018-05-04 | 新华三技术有限公司 | Networking control method, device and BRAS based on IPOE |
| CN108712411A (en) * | 2018-05-11 | 2018-10-26 | 南京铁道职业技术学院 | A kind of IPoE roamings conversation controlling method |
| CN108712411B (en) * | 2018-05-11 | 2021-02-02 | 南京铁道职业技术学院 | IPoE roaming session control method |
| CN109768906B (en) * | 2019-03-29 | 2021-04-27 | 新华三技术有限公司 | Private subnet line configuration method and device |
| CN109768906A (en) * | 2019-03-29 | 2019-05-17 | 新华三技术有限公司 | A kind of subnet special line configuration method and device |
| CN110798546A (en) * | 2019-11-08 | 2020-02-14 | 杭州海兴电力科技股份有限公司 | DUID-based DHCP client access authentication method |
| CN110855573A (en) * | 2019-11-30 | 2020-02-28 | 四川天邑康和通信股份有限公司 | 3DES (3 data encryption Standard) DHCP option60 decryption method based on linux bridge |
| CN111628963A (en) * | 2020-04-01 | 2020-09-04 | 新华三信息安全技术有限公司 | Anti-attack method, device, equipment and machine readable storage medium |
| CN111628963B (en) * | 2020-04-01 | 2023-03-28 | 新华三信息安全技术有限公司 | Anti-attack method, device, equipment and machine readable storage medium |
| CN112118330A (en) * | 2020-09-22 | 2020-12-22 | 青岛海信传媒网络技术有限公司 | DHCP (dynamic host configuration protocol) network reconnection method and display equipment |
| CN113765904A (en) * | 2021-08-26 | 2021-12-07 | 新华三大数据技术有限公司 | Authentication method and device |
| CN113765904B (en) * | 2021-08-26 | 2023-03-31 | 新华三大数据技术有限公司 | Authentication method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106357486A (en) | Access method and device for network users | |
| CN110300117A (en) | Authentication method, equipment and the medium of IOT equipment and user's binding | |
| CN102369750B (en) | For the method and apparatus for the certification for managing user | |
| CN100438516C (en) | Network connection system, network connection method, and switch used therefor | |
| CN101133618B (en) | Connecting VPN users in a public network | |
| CN1671101B (en) | Access point and method for controlling access point | |
| EP1998506B1 (en) | Method for controlling the connection of a virtual network | |
| CN102480399B (en) | Based on multi-service authentication method and the system of IPoE | |
| CN101471936B (en) | Method, device and system for establishing IP conversation | |
| CN101447879B (en) | Charging method and access equipment therefor | |
| CN101888389B (en) | Method and system for realizing uniform authentication of ICP union | |
| US9973399B2 (en) | IPV6 address tracing method, apparatus, and system | |
| CN103580980A (en) | Automatic searching and automatic configuration method and device of VN | |
| TW200300312A (en) | Parameter setting system | |
| CN102055816A (en) | Communication method, business server, intermediate equipment, terminal and communication system | |
| CN106301847B (en) | Access point interface configuration recovery method and device and home gateway | |
| CN101656712B (en) | Method for recovering IP session, network system and network edge device | |
| CN102857517B (en) | Authentication method, Broadband Remote Access Server and certificate server | |
| CN103262502B (en) | The DNS proxy service of multi-core platform | |
| JP2002123491A (en) | Authentication proxy method, device and system | |
| CN101272247A (en) | Method and equipment and system for implementing user authentication based on DHCP | |
| CN103051594A (en) | Method, network side equipment and system of establishing end-to-end security of marked net | |
| CN104581977B (en) | WLAN user management method, apparatus and system | |
| CN102695171B (en) | Subscriber identity obtaining method, system and equipment thereof | |
| CN105208140A (en) | Method used for sending data, apparatus and system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170125 |
|
| RJ01 | Rejection of invention patent application after publication |