CN106534129B - Connection control method and device - Google Patents

Connection control method and device Download PDF

Info

Publication number
CN106534129B
CN106534129B CN201611020668.8A CN201611020668A CN106534129B CN 106534129 B CN106534129 B CN 106534129B CN 201611020668 A CN201611020668 A CN 201611020668A CN 106534129 B CN106534129 B CN 106534129B
Authority
CN
China
Prior art keywords
user
information
authentication information
authentication
recorded
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611020668.8A
Other languages
Chinese (zh)
Other versions
CN106534129A (en
Inventor
廖以顺
章靠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Information Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201611020668.8A priority Critical patent/CN106534129B/en
Publication of CN106534129A publication Critical patent/CN106534129A/en
Application granted granted Critical
Publication of CN106534129B publication Critical patent/CN106534129B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a kind of connection control method and device, wherein this method is applied to BRAS equipment, this method comprises: the authentication information of record user;When detecting that the communication failure between this equipment and aaa server restores, the authentication information of the user is sent to aaa server, so that aaa server authenticates user using the authentication information, and after certification passes through, corresponding online user's information is recorded in online user's table.

Description

Connection control method and device
Technical field
This application involves network communication technology field, in particular to a kind of connection control method and device.
Background technique
As shown in Figure 1, BRAS (Broadband Remote Access Server, Broadband Remote Access Server) business System is mainly by subscriber's main station, BRAS equipment and AAA (Authentication Authorization and Accounting, authentication and authorization charging) server composition.
Subscriber's main station can be all terminal devices that can access network such as computer, mobile phone or set-top box, pass through friendship It changes planes and accesses BRAS equipment or be directly accessed BRAS equipment.The user information that BRAS equipment sends subscriber's main station is sent to Aaa server, to complete the authentication, authorization, accounting to user.After user authentication passes through, subscriber's main station can pass through BRAS equipment accesses external network (such as internet).
After user authentication passes through, BRAS equipment can send charging starting request message, AAA service to aaa server After device receives charging starting request message, start to carry out user charging, subsequent, BRAS equipment can periodically take to AAA Device of being engaged in sends billing update packet, aaa server can according to the billing update packet received to the charge information of user into Row updates, and judges that user is online.
But if because aaa server failure restarts, upgrade or link between BRAS equipment and aaa server therefore Barrier, leads to the communication disruption between aaa server and BRAS equipment, then aaa server can be updated in received over time less than charging Think that user is offline when message, so that the user information in online user's table be removed, and notifies BRAS equipment by user It is offline, to ensure the consistency of online user's information on aaa server and BRAS equipment.But due to aaa server with Communication between BRAS equipment has been interrupted, and therefore, BRAS equipment can not receive the notice of aaa server, subscriber's main station according to Right accessible network still preserves user information in online user's table in BRAS equipment.
Subsequent, when the communication recovery between aaa server and BRAS equipment, aaa server receives BRAS equipment hair After the billing update packet come, finds that corresponding user information is not present in online user's table, be then notified that BRAS equipment allows User offline.In this way, needing again online after user offline, to bring inconvenience for user, user experience is influenced.
Summary of the invention
In view of this, the application provides a kind of connection control method and device.
Specifically, the application is achieved by the following technical solution:
On the one hand, a kind of connection control method is provided, this method is applied to BRAS equipment, this method comprises:
Record the authentication information of user;
When detecting that the communication failure between this equipment and aaa server restores, the authentication information of user is sent to Aaa server so that aaa server authenticates user using the authentication information, and after certification passes through, by it is corresponding Line user information is recorded in online user's table.
On the other hand, a kind of connection control method is additionally provided, this method is applied to aaa server, this method comprises:
Receive the authentication information for the user that BRAS equipment is sent;
User is authenticated using the authentication information, and after certification passes through, corresponding online user's information is recorded Into online user's table.
Another aspect additionally provides a kind of access control apparatus, which is applied in BRAS equipment, which includes:
Recording unit, for recording the authentication information of user;
Detection unit, for detecting the communications status between this equipment and aaa server;
Transmission unit, for inciting somebody to action when detection unit detects that the communication failure between this equipment and aaa server restores The authentication information of the user of recording unit records is sent to aaa server, so that aaa server is using the authentication information to user It is authenticated, and after certification passes through, corresponding online user's information is recorded in online user's table.
Another aspect additionally provides a kind of access control apparatus, which is applied in aaa server, which includes:
Receiving unit, for receiving the authentication information for the user that BRAS equipment is sent;
Authentication unit, for after receiving unit receives the authentication information of user, using the authentication information to user It is authenticated, and after certification passes through, corresponding online user's information is recorded in online user's table.
By the above technical scheme of the application, the authentication information of the pre-recorded online user of BRAS equipment takes with AAA After communication failure between business device restores, the authentication information of record is sent to aaa server, aaa server can use The authentication information again authenticates user, and online user's information is recorded after certification passes through, in this way, in communication recovery Afterwards, online user is acted on behalf of by BRAS equipment and carries out re-authentication, so that aaa server is again authenticated user, AAA Server will not reinform BRAS equipment and allow user offline, will not influence subscriber's main station and normally access network, improve user's body It tests.
Detailed description of the invention
Fig. 1 is the configuration diagram of BRAS operation system;
Fig. 2 is the interaction diagrams of the connection control method shown in one exemplary embodiment of the application;
Fig. 3 is that recording shown in one exemplary embodiment of the application after user authentication passes through and logs in letter at authentication information Breath, and the information recorded carries the interaction diagrams of the connection control method in billing update packet;
Fig. 4 be shown in one exemplary embodiment of the application using pin mode when connection control method interaction flow Figure;
Fig. 5 be shown in one exemplary embodiment of the application using non-pin mode when connection control method interactive stream Cheng Tu;
Fig. 6 is the hardware configuration of BRAS equipment applied by access control apparatus shown in one exemplary embodiment of the application Schematic diagram;
Fig. 7 is the structural representation of the access control apparatus applied to BRAS equipment shown in one exemplary embodiment of the application Figure;
Fig. 8 is the hardware knot of aaa server applied by access control apparatus shown in one exemplary embodiment of the application Structure schematic diagram;
Fig. 9 is a kind of knot of the access control apparatus applied to aaa server shown in one exemplary embodiment of the application Structure schematic diagram;
Figure 10 is the another kind of the access control apparatus applied to aaa server shown in one exemplary embodiment of the application Structural schematic diagram.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application. It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from In the case where the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determination ".
In order to solve the problems, such as that user experience existing in the prior art is poor, one is provided in the application following embodiment Kind connection control method, and a kind of access control apparatus that can apply this method.
As shown in Fig. 2, the connection control method of the embodiment of the present application the following steps are included:
Step S101, BRAS equipment record the authentication information of user;
Wherein, in step s101, BRAS equipment can record the authentication information of user in user authentication process, can also Just to record the authentication information of user after certification passes through, the embodiment of the present application is not limited this.
Step S102, when detecting that communication failure between this equipment and aaa server restores, BRAS equipment is by user Authentication information be sent to aaa server;
Step S103, aaa server authenticate user using the authentication information received, and after certification passes through, Corresponding online user's information is recorded in online user's table.
In addition, in the methods described above, BRAS equipment can also record the landing time of user, also, detect this When communication failure between equipment and aaa server restores, which is sent to aaa server, in this way, AAA is serviced Landing time in online user's information can be recorded as the landing time received by device.
In the actual implementation process, BRAS equipment can count the authentication information of user and the carrying of the landing time of user Expense, which updates in message, is sent to aaa server;The authentication information of user and logging in for user can also be sent by other messages Time, at this point, BRAS equipment, which can first pass through other messages, is sent to AAA for the landing time of the authentication information of user and user Server, then retransmits billing update packet, and the embodiment of the present application does not limit this.
It authenticates the authentication information and logon information for employing family by postscript for the first time in user with BRAS equipment, also, records Authentication information and logon information carry in billing update packet for be illustrated.At this point, BRAS equipment and aaa server Between interaction flow it is as shown in Figure 3, comprising the following steps:
Step S201, after user authentication passes through, BRAS equipment sends charging starting request message to aaa server;
Step S202, aaa server are responded after receiving the charging starting request message of the user to BRAS equipment The charging of the user begins to respond to message;
Step S203, BRAS equipment record recognizing for the user after the charging for receiving the user begins to respond to message Demonstrate,prove information and landing time;
For example, BRAS equipment can record the authentication information and landing time of the user in key information table, this is logged in Time is the time that user authentication passes through in step S201.
When the communication disruption between BRAS equipment and aaa server, which still can normally access network.This When, BRAS equipment can still count the flow and log in duration that the user uses according to the prior art, and online user is recorded In table in corresponding online user's information.Also, BRAS equipment still periodically can send charging to aaa server and update report Text.
Step S204, when detecting that communication failure between this equipment and aaa server restores, BRAS equipment is to AAA Server sends the billing update packet of the user, wherein this recorded in step S203 is carried in the billing update packet The authentication information and landing time of user;
Step S205, aaa server use what is carried in the message after receiving the billing update packet of the user Authentication information authenticates the user, and after certification passes through, corresponding online user's information is recorded in online user's table, And the landing time in online user's information is recorded as the landing time carried in the message.
During due to communication disruption between BRAS equipment and aaa server, BRAS equipment can still be counted simultaneously The flow and log in duration that the user uses are recorded, therefore, in step S204, in the billing update packet that BRAS equipment is sent Also it carries the flow of record and logs in duration, thus, in step S205, aaa server is in the charging for receiving the user After updating message, when can record the flow carried in the billing update packet in corresponding online user's information and log in It is long, also, according to the flow carried in the message and duration is logged in, charging is carried out to the user, so as to set in BRAS Expense during the standby communication disruption with aaa server carries out charging, reduces the economic loss of operator.
By method as shown in Figure 3, the authentication information of the pre-recorded online user of BRAS equipment, with aaa server Between communication failure restore after, the authentication information of record is sent to aaa server, aaa server can be recognized using this Card information again authenticates user, and online user's information is recorded after certification passes through, in this way, leading to after communication recovery It crosses BRAS equipment and acts on behalf of online user's progress re-authentication, so that aaa server is again authenticated user, AAA service Device will not reinform BRAS equipment and allow user offline, will not influence subscriber's main station and normally access network, the user experience is improved.
In addition, in method as shown in Figure 3, since aaa server weighs online user in step S205 New certification, therefore, after certification passes through can mistake the landing time in online user's information be recorded as re-authentication pass through Time, can be with by carrying landing time when certification for the first time in billing update packet in the method for the embodiment of the present application So that aaa server accurately records the landing time in online user's information after carrying out re-authentication to user and passing through Landing time when to authenticate for the first time, can be to avoid billing error the problem of.
In the actual implementation process, after step S203, BRAS equipment is in the authentication information for having recorded the user and steps on After the time of land, record can also be responded to aaa server and complete message, in this way, aaa server can determine recognizing for the user Demonstrate,prove information and landing time recorded completion.
Obviously, in method as shown in Figure 3, BRAS equipment can also just be remembered immediately after user authenticates pass through for the first time Employ the authentication information and landing time at family.
It in the actual implementation process, can be for all methods used and use above-described embodiment per family, alternatively, can also be with needle To the method that certain customers use above-described embodiment, when using the method for above-described embodiment only for certain customers, for side Just it describes, such user can be known as special user.
In addition, the mode that aaa server carries out re-authentication to user can use pin mode, non-password can also be used Mode.It include: username and password in the authentication information of user when using pin mode;When using non-pin mode, use May include in the authentication information at family user name, the MAC Address of subscriber's main station, subscriber's main station one of access information or more Kind combination.In the actual implementation process, which kind of authentication mode is specifically used, can be negotiated by BRAS equipment and aaa server true It is fixed, manual configuration can also be carried out, alternatively, being notified by aaa server to BRAS equipment;Also, when using non-pin mode, Which authentication information specifically needed to record, can negotiate to determine by BRAS equipment and aaa server, can also be matched manually It sets, alternatively, notifying that, to BRAS equipment, the embodiment of the present application does not limit this by aaa server.
It is described in detail below by two specific embodiments.
In a kind of embodiment, as shown in Figure 1, the entitled user of the user of a certain user, password password, the user make The MAC Address of subscriber's main station 1 is PC-MAC, and it is special user that the user is recorded on aaa server, and aaa server uses Re-authentication mode be pin mode.Specific process flow at this time is as shown in Figure 4, comprising the following steps:
Step S301, after user authentication passes through, BRAS equipment sends charging starting request message to aaa server;
Whether step S302, aaa server judge the user after receiving the charging starting request message of the user For special user, judging result be it is yes, then responded to BRAS equipment and carry the charging of Remark (label) attribute and begin to respond to The value of message, the Remark attribute is set to predetermined value;
When the value of Remark attribute is set to predetermined value, for indicate the user need BRAS equipment and AAA equipment it Between communication failure restore after, by BRAS equipment act on behalf of the user carry out re-authentication.For example, the predetermined value can be 1.
Step S303, BRAS equipment are set after receiving the charging and beginning to respond to message according to what is carried in the message For the Remark attribute of predetermined value, special user is determined that the user is, the user name, close of the user is recorded in key information table Code and landing time, as shown in table 1;
Table 1
User name Password Landing time
user password Jun 28 16:17:12:482
In addition, can further include in the authentication information of user: the MAC of subscriber's main station 1 when using pin mode Address, subscriber's main station 1 the information such as access information.Wherein, which can specifically include: user is connected in BRAS equipment VLAN belonging to the port of host 1 and subscriber's main station 1.
Since in the prior art, BRAS equipment not will record the password of user, therefore, in the embodiment of the present application, BRAS Equipment can keep in the password of user in user authentication phase, if determining that the user is special user in step S303, The password is recorded in table 1, and deletes temporary password;And if determining that the user is not special use in step S303 Family then can directly delete temporary password.This way it is possible to avoid committed memory space, and avoid thus bring information peace Full blast danger.
In the actual implementation process, consider for information security, the password recorded in table 1 can be the ciphertext by encryption Password, encrypting used Encryption Algorithm can preset, and can also negotiate to determine by BRAS equipment and aaa server.
Step S304, after the recording is completed, BRAS equipment are set to pre- to the Remark attribute that aaa server responds carrying The record of definite value completes message;
When the communication disruption between BRAS equipment and aaa server, which still can normally access Internet. At this point, BRAS equipment can still count the flow and log in duration that the user uses according to the prior art, and online use is recorded In the table of family in corresponding online user's information, also, still billing update packet periodically can be sent to aaa server.
Step S305, when detecting that communication failure between this equipment and aaa server restores, BRAS equipment is to AAA Server sends the billing update packet of the user, wherein carries the user's recorded in table 1 in the billing update packet User name, password and landing time;
Specifically, BRAS equipment is first by the use when detecting that the communication failure between this equipment and aaa server restores Then family, the billing update packet of the user is sent to aaa server, carried in the billing update packet labeled as to be sent There are Remark attribute, Proxy-Authorization (proxy authentication) attribute, user name and landing time, wherein the Remark The value of attribute is set to predetermined value, and the password of the user is carried in the Proxy-Authorization attribute.
Step S306, after receiving the billing update packet, the Remark parsed in the message belongs to aaa server Property value be predetermined value, then using the user name user and password password carried in the message, which is authenticated, And after certification passes through, corresponding online user's information is recorded in online user's table of this equipment, and the online user is believed Landing time in breath is recorded as 28 16:17:12:482 of landing time Jun carried in the message;
Wherein, if the password password carried in the billing update packet is ciphertext password, aaa server needs First it is decrypted, is then authenticated again.
Step S307, aaa server respond the charging update that the Remark attribute carried is set to predetermined value to BRAS equipment Response message.
After BRAS equipment receives charging update response message, the label to be sent of the user, rear supervention can be removed The billing update packet sent is normal billing update packet, no longer carrying Remark attribute.
In addition, BRAS equipment according to the prior art in addition to that can delete pair in online user's table after user is actively offline It answers other than online user's information, also will be deleted table 1.
In another embodiment, as shown in Figure 1, the entitled user of the user of a certain user, password password, the user make The MAC Address of subscriber's main station 1 is PC-MAC, and it is special user that the user is recorded on aaa server, and aaa server uses Re-authentication mode be non-pin mode, the authentication information for needing to record in such mode includes: user name, subscriber's main station The access information of MAC Address and subscriber's main station.Specific process flow at this time is as shown in Figure 5, comprising the following steps:
Step S401, aaa server authenticate user, and after certification passes through, by the user name user of the user, Local data base is recorded in the MAC Address PC-MAC of subscriber's main station 1 and the access information PortA and VLAN10 of subscriber's main station 1 In;
Step S402, BRAS equipment send charging starting request message to aaa server;
Whether step S403, aaa server judge the user after receiving the charging starting request message of the user For special user, judging result be it is yes, then responded to BRAS equipment and carry the charging of Remark attribute and begin to respond to message, should The value of Remark attribute is set to predetermined value;
Step S404, BRAS equipment are set after receiving the charging and beginning to respond to message according to what is carried in the message For the Remark attribute of predetermined value, special user is determined that the user is, the user name of the user is recorded in key information table, is used MAC Address, the access information of subscriber's main station 1 and the landing time of user of householder's machine 1, as shown in table 2;
Table 2
User name MAC Address Access information Landing time
user PC-MAC PortA、VLAN10 Jun 28 16:17:12:482
Step S405, after the recording is completed, BRAS equipment are set to pre- to the Remark attribute that aaa server responds carrying The record of definite value completes message;
When the communication disruption between BRAS equipment and aaa server, which still can normally access Internet. At this point, BRAS equipment can still count the flow and log in duration that the user uses according to the prior art, and online use is recorded In the table of family in corresponding online user's information, also, still billing update packet periodically can be sent to aaa server.
Step S406, when detecting that communication failure between this equipment and aaa server restores, BRAS equipment is to AAA Server sends the billing update packet of the user, wherein carried in the billing update packet user name recorded in table 2, MAC Address, the access information of subscriber's main station 1 and the landing time of user of subscriber's main station 1;
Specifically, BRAS equipment is first by the use when detecting that the communication failure between this equipment and aaa server restores Then family, the billing update packet of the user is sent to aaa server, carried in the billing update packet labeled as to be sent There is Remark attribute, the value of the Remark attribute is set to predetermined value.
Step S407, after receiving the billing update packet, the Remark parsed in the message belongs to aaa server Property value be predetermined value, then by the user name user carried in the message, MAC Address PC-MAC, the subscriber's main station of subscriber's main station 1 1 access information PortA and VLAN10, is matched with the corresponding informance recorded in local data base respectively, if matching, It determines that the user authentication passes through, records corresponding online user's information in online user's table of this equipment, and by the online use Landing time in the information of family is recorded as 28 16:17:12:482 of landing time Jun carried in the message;
Step S408, aaa server respond the charging update that the Remark attribute carried is set to predetermined value to BRAS equipment Response message.
After BRAS equipment receives charging update response message, the label to be sent of the user, rear supervention can be removed The billing update packet sent is normal billing update packet, no longer carrying Remark attribute.
In addition, BRAS equipment according to the prior art in addition to that can delete pair in online user's table after user is actively offline It answers other than online user's information, also will be deleted table 2.
In above two specific embodiment, aaa server is after receiving billing update packet, more due to the charging Newest flow and duration are also carried in new message, aaa server can also be according to the newest flow and duration, to user Carry out charging.
Therefore in the method for the embodiment of the present application, BRAS equipment needs to record the authentication information of user;Work as detection When restoring to the communication failure between this equipment and aaa server, the authentication information of user is sent to aaa server, so that Aaa server authenticates user using the authentication information, and after certification passes through, and corresponding online user's information is recorded Into online user's table.It wherein, include: username and password in the authentication information of user;Alternatively, being wrapped in the authentication information of user Include one of following information or multiple combinations: user name, the MAC Address of subscriber's main station, subscriber's main station access information.
In addition, BRAS equipment also records the landing time of user, by user when logging in a wherein embodiment Between be sent to aaa server so that aaa server by the landing time in online user's information be recorded as send when logging in Between.
In a wherein embodiment, the authentication information carrying of user is sent to AAA service in billing update packet Device.
In the method for the embodiment of the present application, aaa server needs to receive the authentication information for the user that BRAS equipment is sent; User is authenticated using the authentication information, and after certification passes through, online use is recorded in corresponding online user's information In the table of family.It wherein, include: username and password in the authentication information of user;Alternatively, including following letter in the authentication information of user Breath one of or multiple combinations: user name, the MAC Address of subscriber's main station, subscriber's main station access information.
When including one of following information or multiple combinations: the MAC of user name, subscriber's main station in the authentication information of user Address, subscriber's main station access information when, aaa server is before receiving the authentication information of user that BRAS equipment is sent, also The authentication information of user can be recorded in local data base after passing through to user authentication;To which aaa server is using It, can be by the authentication information in the authentication information and local data base that receive when the authentication information received authenticates user It is matched, if matching, it is determined that user authentication passes through, and passes through otherwise, it determines user does not authenticate.
In addition, aaa server also receives when the logging in of user that BRAS equipment is sent in a wherein embodiment Between, the landing time in online user's information is recorded as to the landing time received.At this point, for being carried out according to online hours The mode of charging can carry out accurate billing to user's service condition.
Corresponding with the embodiment of aforementioned connection control method, present invention also provides a kind of applied in BRAS equipment The embodiment of access control apparatus and a kind of embodiment applied to the access control apparatus in aaa server.
In a kind of embodiment, the embodiment of the application access control apparatus 60 can be applied in BRAS equipment.Device is real Applying example can also be realized by software realization by way of hardware or software and hardware combining.Taking software implementation as an example, make For the device on a logical meaning, being will be right in nonvolatile memory 505 by the processor 501 of BRAS equipment where it The computer program instructions answered read what operation in memory 504 was formed.For hardware view, as shown in fig. 6, being the application A kind of hardware structure diagram of 60 place BRAS equipment of access control apparatus, in addition to processor 501 shown in fig. 6, internal bus 502, except network interface 503, memory 504 and nonvolatile memory 505, the BRAS equipment in embodiment where device Generally according to the actual functional capability of the BRAS equipment, it can also include other hardware, this is repeated no more.
Referring to FIG. 7, including with lower unit in the access control apparatus 60 of the embodiment of the present application: recording unit 601, detection Unit 602 and transmission unit 603, in which:
Recording unit 601, for recording the authentication information of user;
Detection unit 602, for detecting the communications status between this equipment and aaa server;
Transmission unit 603, for detecting that the communication failure between this equipment and aaa server is extensive when detection unit 602 When multiple, the authentication information for the user that recording unit 601 records is sent to aaa server, so that aaa server uses the certification Information authenticates user, and after certification passes through, and corresponding online user's information is recorded in online user's table.
It wherein, include: username and password in the authentication information for the user that recording unit 601 records;Alternatively, recording unit It include one of following information or multiple combinations: the MAC of user name, subscriber's main station in the authentication information of the user of 601 records Address, subscriber's main station access information.
In a wherein embodiment, recording unit 601 is also used to record the landing time of user;
Transmission unit 603 is also used to the landing time for the user that recording unit 601 records being sent to aaa server, with Make aaa server that the landing time in online user's information to be recorded as to the landing time sent.
In a wherein embodiment, the authentication information for the user that transmission unit 603 is sent is carried to update in charging and be reported Wen Zhong.
In another embodiment, the embodiment of the application access control apparatus 70 can be applied on aaa server.Device Embodiment can also be realized by software realization by way of hardware or software and hardware combining.Taking software implementation as an example, It is by the processor 801 of aaa server where it by nonvolatile memory 805 as the device on a logical meaning In corresponding computer program instructions read in memory 804 what operation was formed.For hardware view, as shown in figure 8, for this A kind of hardware structure diagram for applying for 70 place aaa server of access control apparatus, in addition to processor 801 shown in Fig. 8, inside are total AAA service except line 802, network interface 803, memory 804 and nonvolatile memory 805, in embodiment where device Device can also include other hardware, repeat no more to this generally according to the actual functional capability of the aaa server.
Referring to FIG. 9, including with lower unit in the access control apparatus 70 of the embodiment of the present application: receiving unit 701 and recognizing Demonstrate,prove unit 702, in which:
Receiving unit 701, for receiving the authentication information for the user that BRAS equipment is sent;
Authentication unit 702, for using the authentication information after receiving unit 701 receives the authentication information of user User is authenticated, and after certification passes through, corresponding online user's information is recorded in online user's table.
It wherein, include username and password in the authentication information for the user that receiving unit 701 receives;Alternatively, receiving single It include one of following information or multiple combinations in the authentication information for the user that member 701 receives: user name, subscriber's main station The access information of MAC Address, subscriber's main station.
It wherein, include one of following information or a variety of in the authentication information of the user received when receiving unit 701 Combination: user name, the MAC Address of subscriber's main station, subscriber's main station access information when, as shown in Figure 10, above-mentioned access control dress It sets in 70 further include: recording unit 703, in which:
Recording unit 703, for before the authentication information of user that receiving unit 701 receives that BRAS equipment is sent, After passing through to user authentication, the authentication information of user is recorded in local data base;That is, being authenticated for the first time in user Cheng Zhong, after receiving unit 701 receives the authentication request packet for the user that BRAS equipment is sent, authentication unit 702 uses should The username and password carried in authentication request packet, authenticates user, and recording unit 703 can will be used after certification passes through The authentication information at family is recorded in local data base;
The authentication information that authentication unit 702 is specifically used for receiving using receiving unit 701 in the following manner is to user It is authenticated: the authentication information that receiving unit 701 receives is matched with the authentication information in local data base, if Match, it is determined that user authentication passes through, and passes through otherwise, it determines user does not authenticate.
Wherein, receiving unit 701 are also used to receive the landing time for the user that BRAS equipment is sent;Recording unit 703, It is also used to the landing time in online user's information being recorded as the landing time that receiving unit 701 receives.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual The purpose for needing to select some or all of the modules therein to realize application scheme.Those of ordinary skill in the art are not paying Out in the case where creative work, it can understand and implement.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.

Claims (14)

1. a kind of connection control method, which is characterized in that the method is applied to Broadband Remote Access Server BRAS equipment, institute The method of stating includes:
In user authentication process or after certification passes through, the authentication information of user is recorded;
When detecting that the communication failure between this equipment and authentication and authorization charging aaa server restores, by recognizing for the user Card information is sent to the aaa server, so that the aaa server recognizes the user using the authentication information Card, and after certification passes through, corresponding online user's information is recorded in online user's table;
During the communication failure, the user normally accesses network, and BRAS equipment counts the flow and step on that the user uses Duration is recorded, and is recorded in online user's table of this equipment in corresponding online user's information.
2. the method according to claim 1, wherein including: user name in the authentication information of the user and close Code;Alternatively, including one of following information or multiple combinations in the authentication information of the user: user name, subscriber's main station The access information of MAC Address, subscriber's main station.
3. the method according to claim 1, wherein the method also includes:
Record the landing time of the user;
The landing time of the user is sent to the aaa server, so that the aaa server believes the online user Landing time in breath is recorded as the landing time sent.
4. the method according to claim 1, wherein the authentication information of the user is carried in billing update packet In.
5. a kind of connection control method, which is characterized in that the method is applied to authentication and authorization charging aaa server, the side Method includes:
When the communication failure between this equipment and Broadband Remote Access Server BRAS equipment restores, broad band remote access is received The authentication information for the user that server B RAS equipment is sent, the authentication information of the user are the certification letter of BRAS equipment record Breath;
The user is authenticated using the authentication information received, and after certification passes through, corresponding online user is believed Breath is recorded in online user's table;
During the communication failure, the user normally accesses network, and BRAS equipment counts the flow and step on that the user uses Duration is recorded, and is recorded in online user's table of BRAS equipment in corresponding online user's information.
6. according to the method described in claim 5, it is characterized in that, including in following information in the authentication information of the user One or more combinations: user name, the MAC Address of subscriber's main station, subscriber's main station access information, then,
Before the authentication information for receiving the user that BRAS equipment is sent, further includes: after passing through to the user authentication, by institute The authentication information for stating user is recorded in local data base;
The user is authenticated using the authentication information received, comprising: by the authentication information received and the local Authentication information in database is matched, if matching, it is determined that the user authentication passes through, otherwise, it determines the user does not have There is certification to pass through.
7. according to the method described in claim 5, it is characterized in that, the method also includes:
Receive the landing time for the user that the BRAS equipment is sent;
Landing time in online user's information is recorded as the landing time received.
8. a kind of access control apparatus, which is characterized in that described device is applied in Broadband Remote Access Server BRAS equipment, Described device includes:
Recording unit, in user authentication process or after certification passes through, recording the authentication information of user;
Detection unit, for detecting the communications status between this equipment and authentication and authorization charging aaa server;
Transmission unit, for detecting that the communication failure between this equipment and the aaa server restores when the detection unit When, the authentication information of the user of the recording unit records is sent to the aaa server, so that the AAA is serviced Device authenticates the user using the authentication information, and after certification passes through, and corresponding online user's information is recorded Into online user's table;
During the communication failure, the user normally accesses network, and BRAS equipment counts the flow and step on that the user uses Duration is recorded, and is recorded in online user's table of this equipment in corresponding online user's information.
9. device according to claim 8, which is characterized in that the authentication information of the user of the recording unit records In include: username and password;Alternatively, including in following information in the authentication information of the user of the recording unit records One or more combinations: user name, the MAC Address of subscriber's main station, subscriber's main station access information.
10. device according to claim 8, which is characterized in that
The recording unit is also used to record the landing time of the user;
The transmission unit is also used to for the landing time of the user of the recording unit records being sent to the AAA clothes Business device, so that the landing time in online user's information is recorded as the landing time sent by the aaa server.
11. device according to claim 8, which is characterized in that the certification letter for the user that the transmission unit is sent Breath carries in billing update packet.
12. a kind of access control apparatus, which is characterized in that described device is applied in authentication and authorization charging aaa server, described Device includes:
Receiving unit, for connecing when the communication failure between this equipment and Broadband Remote Access Server BRAS equipment restores The authentication information for the user that Broadband Remote Access Server BRAS equipment is sent is received, the authentication information of the user is BRAS equipment The authentication information of record;
Authentication unit, for using the certification received after the authentication information that the receiving unit receives the user Information authenticates the user, and after certification passes through, and corresponding online user's information is recorded in online user's table;
During the communication failure, the user normally accesses network, and BRAS equipment counts the flow and step on that the user uses Duration is recorded, and is recorded in online user's table of BRAS equipment in corresponding online user's information.
13. device according to claim 12, which is characterized in that the certification for the user that the receiving unit receives It include one of following information or multiple combinations: the access of user name, the MAC Address of subscriber's main station, subscriber's main station in information Information, then, in described device further include: recording unit, in which:
The recording unit, for before the authentication information of user that the receiving unit receives that BRAS equipment is sent, right After the user authentication passes through, the authentication information of the user is recorded in local data base;
The authentication unit is specifically used in the following manner authenticating the user using the authentication information received: will The authentication information that the receiving unit receives is matched with the authentication information in the local data base, if matching, really The fixed user authentication passes through, otherwise, it determines the user does not authenticate and passes through.
14. device according to claim 13, which is characterized in that
The receiving unit is also used to receive the landing time for the user that the BRAS equipment is sent;
The recording unit is also used to the landing time in online user's information being recorded as the receiving unit to receive Landing time.
CN201611020668.8A 2016-11-18 2016-11-18 Connection control method and device Active CN106534129B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611020668.8A CN106534129B (en) 2016-11-18 2016-11-18 Connection control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611020668.8A CN106534129B (en) 2016-11-18 2016-11-18 Connection control method and device

Publications (2)

Publication Number Publication Date
CN106534129A CN106534129A (en) 2017-03-22
CN106534129B true CN106534129B (en) 2019-10-11

Family

ID=58352781

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611020668.8A Active CN106534129B (en) 2016-11-18 2016-11-18 Connection control method and device

Country Status (1)

Country Link
CN (1) CN106534129B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108259457B (en) * 2017-09-27 2021-06-29 新华三技术有限公司 WEB authentication method and device
CN107820250B (en) * 2017-11-13 2020-07-10 北京首信科技股份有限公司 Authentication method and authentication server
CN108900480B (en) * 2018-06-12 2021-12-07 新华三技术有限公司 Client authentication management method and device
CN109547223A (en) * 2018-11-15 2019-03-29 北京首信科技股份有限公司 The method and apparatus of information processing in telecommunications IPTV network
CN114501445B (en) * 2022-01-06 2024-02-09 新华三技术有限公司合肥分公司 Access control method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753370A (en) * 2008-12-08 2010-06-23 中兴通讯股份有限公司 System and method for detecting usability of certification process for broadband access user
CN101765114A (en) * 2010-01-18 2010-06-30 杭州华三通信技术有限公司 Method, system and equipment for controlling wireless user access
CN102361472A (en) * 2011-11-11 2012-02-22 杭州华三通信技术有限公司 Method and server for controlling equipment management user
CN103036753A (en) * 2012-12-11 2013-04-10 华为技术有限公司 Message sending method and broadband remote access server (BRAS)
CN103501252A (en) * 2013-10-14 2014-01-08 华为技术有限公司 Method and device for cloud terminal certification
CN106067857A (en) * 2016-08-10 2016-11-02 杭州华三通信技术有限公司 A kind of user of preventing is forced the method and device rolled off the production line

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9065936B2 (en) * 2010-12-09 2015-06-23 Allot Communications Ltd. Cellular traffic monitoring and charging using application detection rules
CN103124216B (en) * 2011-11-18 2015-11-25 华为技术有限公司 The two stack user charging method of a kind of Ipv4/Ipv6 and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753370A (en) * 2008-12-08 2010-06-23 中兴通讯股份有限公司 System and method for detecting usability of certification process for broadband access user
CN101765114A (en) * 2010-01-18 2010-06-30 杭州华三通信技术有限公司 Method, system and equipment for controlling wireless user access
CN102361472A (en) * 2011-11-11 2012-02-22 杭州华三通信技术有限公司 Method and server for controlling equipment management user
CN103036753A (en) * 2012-12-11 2013-04-10 华为技术有限公司 Message sending method and broadband remote access server (BRAS)
CN103501252A (en) * 2013-10-14 2014-01-08 华为技术有限公司 Method and device for cloud terminal certification
CN106067857A (en) * 2016-08-10 2016-11-02 杭州华三通信技术有限公司 A kind of user of preventing is forced the method and device rolled off the production line

Also Published As

Publication number Publication date
CN106534129A (en) 2017-03-22

Similar Documents

Publication Publication Date Title
CN106534129B (en) Connection control method and device
CN108462710B (en) Authentication and authorization method, device, authentication server and machine-readable storage medium
CN105119722B (en) A kind of auth method, equipment and system
CN102378171B (en) Automatic authentication method and system thereof, Portal server, and RADIUS server
CN106850209A (en) A kind of identity identifying method and device
WO2016062002A1 (en) Connection management method and apparatus, electrical device
CN105933888B (en) A kind of eSIM card method for burn-recording and device based on NFC
CN109104475B (en) Connection recovery method, device and system
CN107948204A (en) One key login method and system, relevant device and computer-readable recording medium
CN106488453A (en) A kind of method and system of portal certification
CN107484152A (en) The management method and device of terminal applies
CN103731413A (en) Abnormal login handling method
CN109495503A (en) A kind of SSL VPN authentication method, client, server and gateway
CN104202299A (en) System and method of identity authentication based on Bluetooth
CN111314381A (en) Safety isolation gateway
CN108900484A (en) A kind of generation method and device of access authority information
CN106713321A (en) Authority management method and device for debugging function of point of sale
CN106375123A (en) Configuration method and device for 802.1X authentication
CN107819766A (en) Safety certifying method, system and computer-readable recording medium
CN106941405A (en) A kind of method and apparatus of terminal authentication in a wireless local area network
CN109889474A (en) A kind of method and device of subscriber authentication
CN106302539A (en) A kind of embedded type WEB safety certifying method
CN109409109A (en) Data processing method, device, processor and server in network service
CN107864146A (en) A kind of safe cloud storage system
CN106603567B (en) A kind of login management method and device of WEB administrator

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: NEW H3C TECHNOLOGIES Co.,Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: HANGZHOU H3C TECHNOLOGIES Co.,Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230607

Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466

Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd.