CN107241456A - The method and server of a kind of terminal Access Control - Google Patents

The method and server of a kind of terminal Access Control Download PDF

Info

Publication number
CN107241456A
CN107241456A CN201710333497.2A CN201710333497A CN107241456A CN 107241456 A CN107241456 A CN 107241456A CN 201710333497 A CN201710333497 A CN 201710333497A CN 107241456 A CN107241456 A CN 107241456A
Authority
CN
China
Prior art keywords
address
terminal
authentication information
server
dhcp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710333497.2A
Other languages
Chinese (zh)
Inventor
张明振
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Star Net Ruijie Networks Co Ltd
Original Assignee
Beijing Star Net Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Star Net Ruijie Networks Co Ltd filed Critical Beijing Star Net Ruijie Networks Co Ltd
Priority to CN201710333497.2A priority Critical patent/CN107241456A/en
Publication of CN107241456A publication Critical patent/CN107241456A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5053Lease time; Renewal aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5061Pools of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the present invention proposes a kind of method of terminal Access Control, including:The first dhcp address distribution request that receiving terminal is sent, the IP address of terminal distribution first is given according to the first dhcp address distribution request;The IP address of first IP address and the server is sent to the terminal;Dns resolution request is received, when first IP address is in default address pool, authentication information input page is sent to the terminal;Receive first authentication information and confirm the legitimacy of first authentication information;MAC Address in the first dhcp address distribution request and the second IP address of the DHCP service module assignment are bound;MAC Address in the second dhcp address distribution request inquires about corresponding second IP address;Second IP address is sent to the terminal.The embodiment of the present invention also proposes a kind of server of terminal Access Control, and the beneficial effect of the embodiment of the present invention is:Whole scheme has good suitability.

Description

The method and server of a kind of terminal Access Control
Technical field
The present invention relates to data communication field, the method and server of especially a kind of terminal Access Control.
Background technology
In hospital, the intranet environment such as government, in order to do safety check to terminal, usually using 802.1x or The mode of Portal certifications.The flow can not obtain terminal wealth information, therefore one Web page of push that developed again, allow use Family oneself inputs personal information, after submission, and keeper authorizes, and completes terminal and reaches the standard grade flow.One complete identifying procedure, typically Comprise the following steps:
(1) dhcp process:
DHCP lease processes are exactly the process of DHCP terminal dynamic access IP address.
DHCP lease processes are divided into four steps:
1. terminal request IP address (terminal hair DHCPDISCOVER broadcast packets);
2. server is responded (server hair DHCPOFFER broadcast packets);
3. terminal selects IP address (terminal hair DHCPREQUEST broadcast packets);
4. server determines lease (server hair DHCPACK/DHCPNAK broadcast packets)
(2) Portal verification process
Portal certifications are also commonly referred to as web authentication, and Portal authentication websites typically are referred to as into portal website.
When unauthenticated user is surfed the Net, equipment forces User logs in particular station, and user can be with free access clothes therein Business.When user needs to use the other information in internet, it is necessary to be authenticated in portal website, only certification passes through rear Internet resources can be used.
User can actively access known Portal authentication websites, and input username and password is authenticated, this to open The mode of beginning Portal certification is referred to as active certification., whereas if user attempts to access other outer nets by HTTP, it will be forced Portal authentication websites are accessed, so as to start Portal verification process, this mode is referred to as forcible authentication.
This authentication mode has account (username and password), there is more maintenance and the trouble used;
In the intranet environments such as hospital/government, a kind of identifying procedure of simplification has been gradually formed.Authenticated in Portal Web page is pushed in journey, user's input personal information after keeper authorizes afterwards, completes line process on the whole.
There is problems with prior art:
Need by means of Portal identifying procedures, program deployment is also more bothered, than being connect if desired for by all in network Enter equipment and be set to NAS (network access server Network Attached Server), Portal certification work(is configured one by one Can, different manufacturers also have product type and software version compatibility problem (because for Portal identifying procedures, industry is not united One standard).
The content of the invention
In order to solve the above-mentioned technical problem, embodiments of the invention are adopted the following technical scheme that:
A kind of method of terminal Access Control, applied in the server comprising DNS service module and DHCP service module, Including:
The first dhcp address distribution request that receiving terminal is sent,
The IP address of terminal distribution first is given according to the first dhcp address distribution request, first IP address exists In the blacklist that the access external network on the gateway device of consolidated network is in the server;For first IP address First lease is set;
The IP address of first IP address and the server is sent to the terminal, in order to which the terminal is in institute State in the first lease using first IP address as source IP address, by purpose IP address of the IP address of the server to described Server sends dns resolution request;
The dns resolution request is received, when first IP address is in default address pool, is sent to the terminal Authentication information input page, is inputted by the page in order to the terminal and submits the first certification letter to the server Breath;
Receive first authentication information and confirm the legitimacy of first authentication information;
When first authentication information is legal, by the MAC Address in the first dhcp address distribution request with it is described Second IP address of DHCP service module assignment is bound;
The second dhcp address distribution request that the terminal is sent after first lease terminates is received, according to described MAC Address in two dhcp address distribution requests inquires about corresponding second IP address;
Second IP address is sent to the terminal, in order to which the terminal is according to the second IP address access network Network.
Optionally, first authentication information includes:Log in the identity information of the user of the terminal.
Optionally, methods described also includes:
The second authentication information is obtained, second authentication information includes:The position of the mark of the terminal and/or the terminal Confidence ceases;
The step of legitimacy of confirmation first authentication information, specifically includes:
Confirm the legitimacy of first authentication information and second authentication information;
It is described when first authentication information is legal, by the MAC Address in the first dhcp address distribution request with The step of second IP address is bound specifically includes:
When first authentication information and legal second authentication information, by the first dhcp address distribution request In MAC Address bound with the second IP address.
Optionally, second IP address is outside the access being in the server on the gateway device of consolidated network In the white list of network.
Optionally, methods described also includes, and the second lease is set to second IP address, and second lease is more than institute State the first lease.
The embodiment of the present invention further aspect is that also provide a kind of server of terminal Access Control, including:
First receiving module, the first dhcp address distribution request sent for receiving terminal,
Address assignment module, for according to the first dhcp address distribution request to the IP of terminal distribution the first Location, blacklist of first IP address in the access external network being in the server on the gateway device of consolidated network In;
Setup module, for setting the first lease for first IP address;
First sending module, for the IP address of first IP address and the server to be sent into the terminal, In order to the terminal in first lease using first IP address as source IP address, with the IP address of the server For purpose IP address dns resolution request is sent to the server;
Second receiving module, for receiving the dns resolution request,
Second sending module, for when first IP address is in default address pool, sending and recognizing to the terminal Information input page is demonstrate,proved, is inputted in order to the terminal by the page and submits the first authentication information to the server;
Authentication information acquisition module, for receiving first authentication information;
Authentication module, the legitimacy for confirming first authentication information;
Binding module, for when first authentication information is legal, by the first dhcp address distribution request The second IP address that MAC Address is distributed with address assignment module is bound;
First receiving module, is additionally operable to receive the second dhcp address that the terminal is sent after first lease terminates Distribution request,
Enquiry module, for the MAC Address inquiry corresponding described the in the second dhcp address distribution request Two IP address;
First sending module, is additionally operable to second IP address being sent to the terminal, in order to the terminal According to the second IP address access network.
Optionally, first authentication information includes:Log in the identity information of the user of the terminal.
Optionally,
The authentication information acquisition module is additionally operable to, and obtains the second authentication information, and second authentication information includes:It is described The positional information of the mark of terminal and/or the terminal;
The authentication module specifically for:
Confirm the legitimacy of first authentication information and second authentication information;
The binding module specifically for:
When first authentication information and legal second authentication information, by the first dhcp address distribution request In MAC Address bound with the second IP address.
Optionally, second IP address is outside the access being in the server on the gateway device of consolidated network In the white list of network.
Optionally, the setup module, is additionally operable to set the second lease to second IP address, second lease is big In first lease.
The beneficial effect of the embodiment of the present invention is:When solving tradition using Portal certifications collection user's natural information The problem of deployment is complicated, it is to avoid the trouble and various access network device compatibility issues of access network device configuration, entirely Scheme has good suitability.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be in embodiment or description of the prior art The required accompanying drawing used is briefly described, it should be apparent that, drawings in the following description are only some realities of the present invention Example is applied, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to these accompanying drawings Obtain other accompanying drawings.
Fig. 1 is a kind of method flow diagram of the embodiment of the present invention;
Fig. 2 is a kind of method flow diagram of the embodiment of the present invention;
Fig. 3 is a kind of structure drawing of device of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
First embodiment of the invention provides a kind of method of terminal Access Control, applied to comprising DNS service module and In the server of DHCP service module, as shown in figure 1, including:
S101, the first dhcp address distribution request that receiving terminal is sent,
S103, the IP address of terminal distribution first, the first IP are given according to the first dhcp address distribution request Address is in the blacklist for the access external network being in the server on the gateway device of consolidated network;
Wherein, in step S101 and S103, the new terminal of uncommitted mistake by dhcp process dynamic access IP address, Now, the DHCP service module of server area judges that the terminal is reached the standard grade (by searching DHCP internal databases) for the first time, according to The Giaddr parameters carried in dhcp address distribution request message search corresponding address pool, after finding, and further confirming should The interim network segment of address pool configuration, the temporary ip address being now not used by the terminal distribution, i.e. the first IP address;
S105, is that first IP address sets the first lease;Optionally, 5 minutes interim rental periods of the acquiescence of the first lease (parameter can be set);
S107, is sent to the terminal, in order to the end by the IP address of first IP address and the server Hold in first lease using first IP address as source IP address, using the IP address of the server as purpose IP address Dns resolution request is sent to the server;
Wherein, the terminal initiates any HTTP page access, can all trigger DNS query message, and message can be turned by route Issue the server;
S109, receives the dns resolution request,
S111, when first IP address is in default address pool, authentication information incoming page is sent to the terminal Face, is inputted by the page in order to the terminal and submits the first authentication information to the server;
Wherein, server checks the source IP address of dns resolution request message, if it is possible to the source IP net that matching is pre-configured with Section (temporary ip address section), then push the pre-defined HTTP pages to terminal.Allow terminal user input name, post, mailbox, Phone, the information such as department.
S113, receives first authentication information;
S115, confirms the legitimacy of first authentication information;
Wherein, terminal user submitted the first authentication information in 5 minutes, then first authentication information appears in server Corresponding " new user authorizes " interface;If it exceeds not completing and submitting for 5 minutes, then step S101 is walked again;If the first certification Information is submitted, but the legitimacy of keeper's first authentication information also unconfirmed, then DNS service module can push user The echo message of submission informs that user please wait keeper's examination & verification or contact keeper to user;
S117, when first authentication information is legal, by the MAC Address in the first dhcp address distribution request with Second IP address of the DHCP service module assignment is bound;
Wherein, if keeper confirms that first authentication information is legal, free IP addresses can be selected from legal IP sections, That is the second IP address, distributes to the terminal;
S119, receives the second dhcp address distribution request that the terminal is sent after first lease terminates,
S121, the MAC Address in the second dhcp address distribution request inquires about corresponding second IP address;
S123, the terminal is sent to by second IP address, in order to which the terminal is according to second IP address Access network.
The beneficial effect of the embodiment of the present invention is:When solving tradition using Portal certifications collection user's natural information The problem of deployment is complicated, it is to avoid the trouble and various access network device compatibility issues of access network device configuration, entirely Scheme has good suitability.
Optionally, based on first embodiment of the invention, in second embodiment of the invention, first authentication information includes: Log in the identity information of the user of the terminal.
Optionally, based on first embodiment of the invention or second embodiment, third embodiment of the invention as shown in Fig. 2 institute Stating method also includes:
S1011, obtains the second authentication information, and second authentication information includes:The mark of the terminal and/or the end The positional information at end;Wherein it is possible to obtain the second authentication information from the first dhcp address distribution request;In other implementations In example, any step that step S1011 can be between step S101 and step S117 is carried out, and is not repeated one by one here.
The step S115 is specifically included:
Confirm the legitimacy of first authentication information and second authentication information;
The step S117 is specifically included:
When first authentication information and legal second authentication information, by the first dhcp address distribution request In MAC Address bound with the second IP address.
Optionally, based on first embodiment of the invention, in fourth embodiment of the invention, second IP address with it is described Server is in the white list of the access external network on the gateway device of consolidated network.
Optionally, based on first embodiment of the invention, in fifth embodiment of the invention, methods described also includes:To described Second IP address sets the second lease, and second lease is more than first lease.
The embodiment of the present invention further aspect is that also provide a kind of server of terminal Access Control, the present invention the 6th is real Apply for example shown in Fig. 3, including:
First receiving module 201, the first dhcp address distribution request sent for receiving terminal,
Address assignment module 203, for giving the IP of terminal distribution the first according to the first dhcp address distribution request Address, black name of first IP address in the access external network being in the server on the gateway device of consolidated network Dan Zhong;
Setup module 205, for setting the first lease for first IP address;
First sending module 207, for the IP address of first IP address and the server to be sent into the end End, in order to the terminal in first lease using first IP address as source IP address, with the IP of the server Address is that purpose IP address sends dns resolution request to the server;
Second receiving module 209, for receiving the dns resolution request,
Second sending module 211, for when first IP address is in default address pool, being sent to the terminal Authentication information input page, is inputted by the page in order to the terminal and submits the first certification letter to the server Breath;
Authentication information acquisition module 213, for receiving first authentication information;
Authentication module 215, the legitimacy for confirming first authentication information;
Binding module 217, for when first authentication information is legal, by the first dhcp address distribution request The second IP address for being distributed with address assignment module 203 of MAC Address bound;
First receiving module 201, is additionally operable to receive the 2nd DHCP that the terminal is sent after first lease terminates Address assignment request,
Enquiry module 219, in the second dhcp address distribution request MAC Address inquiry it is corresponding described in Second IP address;
First sending module 207, was additionally operable to second IP address being sent to the terminal, in order to the end End is according to the second IP address access network.
Optionally, based on sixth embodiment of the invention, in seventh embodiment of the invention, first authentication information includes: Log in the identity information of the user of the terminal.
Optionally, based on sixth embodiment of the invention and the 7th embodiment, in eighth embodiment of the invention,
The authentication information acquisition module 213 is additionally operable to, and obtains the second authentication information, and second authentication information includes: The positional information of the mark of the terminal and/or the terminal;
The authentication module 215 specifically for:
Confirm the legitimacy of first authentication information and second authentication information;
The binding module 217 specifically for:
When first authentication information and legal second authentication information, by the first dhcp address distribution request In MAC Address bound with the second IP address.
Optionally, based on sixth embodiment of the invention, in ninth embodiment of the invention, second IP address with it is described Server is in the white list of the access external network on the gateway device of consolidated network.
Optionally, based on sixth embodiment of the invention, in tenth embodiment of the invention, the setup module 205 is additionally operable to Second lease is set to second IP address, and second lease is more than first lease.
The beneficial effect of the embodiment of the present invention is:When solving tradition using Portal certifications collection user's natural information The problem of deployment is complicated, it is to avoid the trouble and various access network device compatibility issues of access network device configuration, entirely Scheme has good suitability.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic; And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and Scope.

Claims (10)

1. a kind of method of terminal Access Control, it is characterised in that applied to comprising DNS service module and DHCP service module In server, including:
The first dhcp address distribution request that receiving terminal is sent,
The IP address of terminal distribution first is given according to the first dhcp address distribution request, is that first IP address is set First lease;First IP address is in the access external network being in the server on the gateway device of consolidated network In blacklist;
The IP address of first IP address and the server is sent to the terminal, in order to which the terminal is described Using first IP address as source IP address in one lease, by purpose IP address of the IP address of the server to the service Device sends dns resolution request;
The dns resolution request is received, when first IP address is in default address pool, certification is sent to the terminal Information input page, is inputted by the page in order to the terminal and submits the first authentication information to the server;
Receive first authentication information and confirm the legitimacy of first authentication information;
When first authentication information is legal, by the MAC Address in the first dhcp address distribution request and the DHCP Second IP address of service module distribution is bound;
The second dhcp address distribution request that the terminal is sent after first lease terminates is received, according to described second MAC Address in dhcp address distribution request inquires about corresponding second IP address;
Second IP address is sent to the terminal, in order to which the terminal is according to the second IP address access network.
2. according to the method described in claim 1, it is characterised in that first authentication information includes:Log in the terminal The identity information of user.
3. method according to claim 1 or 2, it is characterised in that also include:
The second authentication information is obtained, second authentication information includes:The position letter of the mark of the terminal and/or the terminal Breath;
The step of legitimacy of confirmation first authentication information, specifically includes:
Confirm the legitimacy of first authentication information and second authentication information;
It is described when first authentication information is legal, by the MAC Address and second in the first dhcp address distribution request The step of IP address is bound specifically includes:
When first authentication information and legal second authentication information, by the first dhcp address distribution request MAC Address is bound with the second IP address.
4. according to the method described in claim 1, it is characterised in that second IP address be in the server it is same In the white list of access external network on the gateway device of network.
5. the second lease according to the method described in claim 1, it is characterised in that also include, is set to second IP address, Second lease is more than first lease.
6. a kind of server of terminal Access Control, it is characterised in that including:
First receiving module, the first dhcp address distribution request sent for receiving terminal,
Address assignment module, for giving the IP address of terminal distribution first, institute according to the first dhcp address distribution request The first IP address is stated in the blacklist for the access external network being in the server on the gateway device of consolidated network;
Setup module, for setting the first lease for first IP address;
First sending module, for the IP address of first IP address and the server to be sent into the terminal, so as to In the terminal in first lease using first IP address as source IP address, using the IP address of the server as mesh IP address to the server send dns resolution request;
Second receiving module, for receiving the dns resolution request,
Second sending module, for when first IP address is in default address pool, certification letter to be sent to the terminal Input page is ceased, is inputted in order to the terminal by the page and submits the first authentication information to the server;
Authentication information acquisition module, for receiving first authentication information;
Authentication module, the legitimacy for confirming first authentication information;
Binding module, for when first authentication information is legal, by the MAC in the first dhcp address distribution request The second IP address that location is distributed with address assignment module is bound;
First receiving module, is additionally operable to receive the second dhcp address that the terminal is sent after first lease terminates Distribution request,
Enquiry module, corresponding 2nd IP is inquired about for the MAC Address in the second dhcp address distribution request Address;
First sending module, is additionally operable to second IP address being sent to the terminal, in order to the terminal according to The second IP address access network.
7. server according to claim 6, it is characterised in that first authentication information includes:Log in the terminal User identity information.
8. the server according to claim 6 or 7, it is characterised in that
The authentication information acquisition module is additionally operable to, and obtains the second authentication information, and second authentication information includes:The terminal Mark and/or the terminal positional information;
The authentication module specifically for:
Confirm the legitimacy of first authentication information and second authentication information;
The binding module specifically for:
When first authentication information and legal second authentication information, by the first dhcp address distribution request MAC Address is bound with the second IP address.
9. server according to claim 6, it is characterised in that second IP address is in together with the server In the white list of access external network on the gateway device of one network.
10. server according to claim 6, it is characterised in that the setup module, with being additionally operable to the 2nd IP Location sets the second lease, and second lease is more than first lease.
CN201710333497.2A 2017-05-12 2017-05-12 The method and server of a kind of terminal Access Control Pending CN107241456A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710333497.2A CN107241456A (en) 2017-05-12 2017-05-12 The method and server of a kind of terminal Access Control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710333497.2A CN107241456A (en) 2017-05-12 2017-05-12 The method and server of a kind of terminal Access Control

Publications (1)

Publication Number Publication Date
CN107241456A true CN107241456A (en) 2017-10-10

Family

ID=59984344

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710333497.2A Pending CN107241456A (en) 2017-05-12 2017-05-12 The method and server of a kind of terminal Access Control

Country Status (1)

Country Link
CN (1) CN107241456A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110071983A (en) * 2018-01-22 2019-07-30 西安中兴新软件有限责任公司 A kind of retransmission method and device
CN110351401A (en) * 2019-07-10 2019-10-18 锐捷网络股份有限公司 A kind of method and system realizing STA in big double layer network and servicing nearby
CN110855605A (en) * 2019-09-26 2020-02-28 山东鲁能软件技术有限公司 Safety protection method, system, equipment and readable storage medium for terminal equipment
CN115208593A (en) * 2021-03-26 2022-10-18 南宁富联富桂精密工业有限公司 Security monitoring method, terminal and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1505345A (en) * 2002-12-02 2004-06-16 深圳市中兴通讯股份有限公司上海第二 A method for accessing user forced access identification server
CN102111406A (en) * 2010-12-20 2011-06-29 杭州华三通信技术有限公司 Authentication method, system and DHCP proxy server
CN102244866A (en) * 2011-08-18 2011-11-16 杭州华三通信技术有限公司 Portal verifying method and access controller
CN102572005A (en) * 2011-11-23 2012-07-11 杭州华三通信技术有限公司 IP address allocation method and equipment
CN103179554A (en) * 2011-12-22 2013-06-26 中国移动通信集团广东有限公司 Control method and device for wireless broadband network access and network equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1505345A (en) * 2002-12-02 2004-06-16 深圳市中兴通讯股份有限公司上海第二 A method for accessing user forced access identification server
CN102111406A (en) * 2010-12-20 2011-06-29 杭州华三通信技术有限公司 Authentication method, system and DHCP proxy server
CN102244866A (en) * 2011-08-18 2011-11-16 杭州华三通信技术有限公司 Portal verifying method and access controller
CN102572005A (en) * 2011-11-23 2012-07-11 杭州华三通信技术有限公司 IP address allocation method and equipment
CN103179554A (en) * 2011-12-22 2013-06-26 中国移动通信集团广东有限公司 Control method and device for wireless broadband network access and network equipment

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110071983A (en) * 2018-01-22 2019-07-30 西安中兴新软件有限责任公司 A kind of retransmission method and device
CN110351401A (en) * 2019-07-10 2019-10-18 锐捷网络股份有限公司 A kind of method and system realizing STA in big double layer network and servicing nearby
CN110351401B (en) * 2019-07-10 2022-10-14 锐捷网络股份有限公司 Method and system for realizing STA (station) nearby service in large two-layer network
CN110855605A (en) * 2019-09-26 2020-02-28 山东鲁能软件技术有限公司 Safety protection method, system, equipment and readable storage medium for terminal equipment
CN110855605B (en) * 2019-09-26 2022-05-13 山东鲁能软件技术有限公司 Safety protection method, system, equipment and readable storage medium for terminal equipment
CN115208593A (en) * 2021-03-26 2022-10-18 南宁富联富桂精密工业有限公司 Security monitoring method, terminal and computer readable storage medium
CN115208593B (en) * 2021-03-26 2023-08-18 南宁富联富桂精密工业有限公司 Security monitoring method, terminal and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN110300117B (en) IOT device and user binding authentication method, device and medium
CN102984173B (en) Network access control method and system
US9391969B2 (en) Dynamic radius
EP3249877A1 (en) Redirection method, apparatus, and system
CN107241456A (en) The method and server of a kind of terminal Access Control
CN103874069B (en) A kind of wireless terminal MAC authentication devices and method
CN103973665B (en) authentication and authorization method and system
CN103179554B (en) Wireless broadband network connection control method, device and the network equipment
CN108259457B (en) WEB authentication method and device
CN107864475B (en) WiFi (Wireless Fidelity) shortcut authentication method based on Portal + dynamic password
CN104159225A (en) Wireless network based real-name registration system management method and system
CN105450643A (en) Network access authentication method, apparatus and system
CN104283848A (en) Terminal access method and device
CN107819728B (en) Network authentication method and related device
CN104753960B (en) A kind of system configuration management method based on single-sign-on
CN104144167A (en) User login authentication method of open intelligent gateway platform
CN102215486B (en) Network access method, system, network authentication method, equipment and terminal
CN107682372A (en) User profile for Portal escapes obtains and authentication method, device and access device
CN106982430A (en) A kind of portal authentication method and system based on user's use habit
CN104468619A (en) Method and gateway for achieving dual-stack web authentication
CN106330948A (en) Message control method and message control device
CN109067729B (en) Authentication method and device
US8839396B1 (en) Providing single sign-on for wireless devices
JP2006180095A (en) Gateway, and access control method of web server
CN109379339B (en) Portal authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171010

RJ01 Rejection of invention patent application after publication