CN107241461B - MAC Address acquisition methods, gateway, network authentication apparatus and network system - Google Patents

MAC Address acquisition methods, gateway, network authentication apparatus and network system Download PDF

Info

Publication number
CN107241461B
CN107241461B CN201710575805.2A CN201710575805A CN107241461B CN 107241461 B CN107241461 B CN 107241461B CN 201710575805 A CN201710575805 A CN 201710575805A CN 107241461 B CN107241461 B CN 107241461B
Authority
CN
China
Prior art keywords
address
gateway
terminal device
mac address
authentication apparatus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710575805.2A
Other languages
Chinese (zh)
Other versions
CN107241461A (en
Inventor
黄梦弦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maipu Communication Technology Co Ltd
Original Assignee
Maipu Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maipu Communication Technology Co Ltd filed Critical Maipu Communication Technology Co Ltd
Priority to CN201710575805.2A priority Critical patent/CN107241461B/en
Publication of CN107241461A publication Critical patent/CN107241461A/en
Application granted granted Critical
Publication of CN107241461B publication Critical patent/CN107241461B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

The embodiment of the present invention provides a kind of MAC Address acquisition methods, gateway, network authentication apparatus and network system.The specific implementation principle of this method are as follows: gateway detects the DHCP Offer message for being sent to terminal device, and the IP address and MAC Address of the terminal device are obtained according to the DHCP Offer message;IP address and MAC Address based on the terminal device generate ARP message, and the ARP message is sent to the network authentication apparatus;The network authentication apparatus analyzes the received ARP message, obtains the MAC Address of the terminal device.The present invention can simply and efficiently obtain the MAC Address of terminal device across three layers.

Description

MAC Address acquisition methods, gateway, network authentication apparatus and network system
Technical field
The present invention relates to fields of communication technology, in particular to a kind of MAC Address acquisition methods, gateway, network Authenticating device and network system.
Background technique
In portal certification system, when network authentication apparatus and terminal device are in different double layer networks, DHCP Server is the gateway between terminal device and network authentication apparatus.At this point, terminal device is logical with network authentication apparatus During letter, across three-layer network after message encapsulate be gateway MAC Address, terminal device issue ARP message Network authentication apparatus can not be reached with DHCP message, network authentication apparatus can not accurately identify terminal MAC address.
Summary of the invention
In order to overcome above-mentioned deficiency in the prior art, the purpose of the present invention is to provide a kind of MAC Address acquisition methods, Gateway, network authentication apparatus and network system can simply and efficiently obtain the MAC Address of terminal device across three layers.
To achieve the goals above, present pre-ferred embodiments the technical solution adopted is as follows:
Present pre-ferred embodiments provide a kind of MAC Address acquisition methods, be applied to including terminal device, gateway and The network system of network authentication apparatus, wherein the terminal device and the network authentication apparatus are located at different double layer networks, The described method includes:
Gateway detects the DHCP Offer message for being sent to terminal device, and according to the DHCP Offer Message obtains the IP address and MAC Address of the terminal device;
IP address and MAC Address based on the terminal device generate ARP message, and the ARP message is sent to institute State network authentication apparatus;
The network authentication apparatus analyzes the received ARP message, with obtaining the MAC of the terminal device Location.
In a preferred embodiment of the present invention, the gateway to be sent to the DHCP Offer message of terminal device into Before the step of row detecting, the method also includes:
The gateway opens dhcp server functionality, and configures the IP address of the network authentication apparatus;The net Close the MAC Address that equipment obtains the network authentication apparatus by ARP protocol.
In a preferred embodiment of the present invention, sender's hardware address in the ARP message and purpose hardware address are institute The MAC Address of terminal device is stated, the sender's IP address and purpose IP address in the ARP message are the IP of the terminal device Address.
In a preferred embodiment of the present invention, described that the received ARP message is analyzed, obtain terminal device The step of MAC Address includes:
Detect the received ARP message ethernet source hardware address whether be the gateway MAC Address;
When the ethernet source hardware address of the ARP message is the MAC Address of the gateway, judge that sender is hard Whether part address is consistent with purpose hardware address;
When consistent, judge that described sender hardware address, purpose hardware address and the MAC Address of the gateway are It is no inconsistent;
When there is inconsistency, determine described sender hardware address or purpose hardware address is the MAC of the terminal device Address.
Present pre-ferred embodiments also provide a kind of gateway, and the gateway is recognized with terminal device and network respectively Equipment communication connection is demonstrate,proved, the gateway includes:
Detecting module, for being detected to the DHCP Offer message for being sent to terminal device, and according to the DHCP Offer message obtains the IP address and MAC Address of the terminal device;
First ARP module, for IP address and MAC Address generation ARP message based on the terminal device;
Sending module, for the ARP message to be sent to the network authentication apparatus, so that the network authentication apparatus The ARP message is analyzed, the MAC Address of the terminal device is obtained.
In a preferred embodiment of the present invention, the gateway further include:
First configuration module, for opening dhcp server functionality, with being also used to configure the IP of the network authentication apparatus Location;
The first ARP module is also used to the IP address of the network authentication apparatus according to configuration, obtains the network The MAC Address of authenticating device.
In a preferred embodiment of the present invention, sender's hardware address in the ARP message and purpose hardware address are institute The MAC Address of terminal device is stated, the sender's IP address and purpose IP address in the ARP message are the IP of the terminal device Address.
Present pre-ferred embodiments also provide a kind of network authentication apparatus, and the network authentication apparatus is communicated with gateway Connection, the network authentication apparatus include:
Receiving module, the ARP message sent for receiving the gateway;
Detection module, whether the ethernet source hardware address for detecting the received ARP message is that the gateway is set Standby MAC Address;If so, then notifying ARP module;
2nd ARP module, for analyzing the received ARP message, when the ethernet source of the ARP message is hard When part address is the MAC Address of the gateway, judge whether sender's hardware address is consistent with purpose hardware address;
When consistent, judge that described sender hardware address, purpose hardware address and the MAC Address of the gateway are It is no inconsistent;
When there is inconsistency, determine described sender hardware address or purpose hardware address is the MAC of the terminal device Address.
In a preferred embodiment of the present invention, the network authentication apparatus includes:
Second configuration module configures the IP address of the gateway;
The 2nd ARP module is also used to the IP address of the gateway according to configuration, obtains the gateway MAC Address.
Present pre-ferred embodiments also provide a kind of network system, including terminal device, above-mentioned gateway and above-mentioned Network authentication apparatus.
In terms of existing technologies, the invention has the following advantages:
MAC Address acquisition methods, gateway, network authentication apparatus and network system provided in an embodiment of the present invention.It should The specific implementation principle of method are as follows: gateway detects the DHCP Offer message for being sent to terminal device, and according to The DHCP Offer message obtains the IP address and MAC Address of the terminal device;IP address based on the terminal device ARP message is generated with MAC Address, and the ARP message is sent to the network authentication apparatus;The network authentication apparatus pair The received ARP message is analyzed, and the MAC Address of the terminal device is obtained.It is provided by the invention based on above-mentioned design Technical solution obtains the MAC Address of terminal device by gateway, it is ensured that the accuracy of the MAC Address of terminal device, so After generate corresponding ARP message and be sent to the network authentication apparatus, allow network authentication apparatus in the terminal device The MAC Address of terminal device is obtained when access at the first time, acquisition modes are simple and efficient.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 is a kind of interactive schematic diagram for the network system that present pre-ferred embodiments provide;
Fig. 2 is a kind of flow diagram for the MAC Address acquisition methods that present pre-ferred embodiments provide;
Fig. 3 is a kind of structural block diagram for the gateway that present pre-ferred embodiments provide;
Fig. 4 is another structural block diagram for the gateway that present pre-ferred embodiments provide;
Fig. 5 is a kind of structural block diagram for the network authentication apparatus that present pre-ferred embodiments provide;
Fig. 6 is another structural block diagram for the network authentication apparatus that present pre-ferred embodiments provide.
Icon: 10- network system;100- terminal device;200- gateway;209- configuration module;210- detecting module; The first ARP module of 220-;230- sending module;300- network authentication apparatus;The second configuration module of 309-;310- receiving module; 320- detection module;The 2nd ARP module of 330-.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Usually herein The component of the embodiment of the present invention described and illustrated in place's attached drawing can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiments of the present invention, this field is common Technical staff's all other embodiment obtained without creative efforts belongs to the model that the present invention protects It encloses.
Referring to Fig. 1, a kind of interactive schematic diagram of the network system 10 provided for present pre-ferred embodiments.The present embodiment In, the network system 10 includes terminal device 100, gateway 200 and the network authentication apparatus 300 being in communication with each other.Wherein, The terminal device 100 and the network authentication apparatus 300 are located at different double layer networks.
Wherein, the terminal device 100 can be but not limited to smart phone, personal digital assistant, PC, notes This computer etc..
The gateway 200 can be Dynamic Host Configuration Protocol server, and in the present embodiment, Dynamic Host Configuration Protocol server can receive the terminal The IP address of equipment 100 is requested, to be the distribution of terminal device 100 for accessing network according to the MAC Address of the terminal device 100 IP address in address pool.It is worth noting that, the IP address request that terminal device 100 is broadcasted only can be within the scope of double layer network Diffusion, the Dynamic Host Configuration Protocol server for only belonging to a double layer network range could respond the IP address request of terminal device 100.
In the present embodiment, the network authentication apparatus 300 can be network access server (Network Access Server, NAS), NAS can be used for disposing various strategies, for example, planning the accessible money of certified terminal device 100 Source, or different access strategies is implemented to different types of access terminal, or to the end authenticated again in interval time End equipment 100 implements different certification policies etc., and during implementing these strategies, need NAS that can accurately identify each A terminal device 100.
MAC Address is the address that each terminal device 100 carries, so network authentication apparatus 300 can pass through acquisition The MAC Address of terminal device 100 identifies terminal device 100.
When Dynamic Host Configuration Protocol server and network authentication apparatus 300 are not same equipment, NAS and terminal device 100 are in not Same double layer network, Dynamic Host Configuration Protocol server is the gateway 200 between terminal device 100 and network authentication apparatus 300.At this time eventually The ARP message and DHCP message that end equipment 100 issues can not reach the network authentication apparatus 300.Terminal device 100 with In 300 communication process of network authentication apparatus, across three-layer network after message encapsulate be gateway 200 MAC Address, this When network authentication apparatus 300 can not accurately identify the MAC Address of terminal device 100, to can not know to terminal device 100 Not.
In view of this, when network authentication apparatus 300 and terminal device 100 are not at the same double layer network, in order to across Three-layer network obtains the MAC Address of terminal device 100, referring to Fig. 2, obtaining for the MAC Address that present pre-ferred embodiments provide Take a kind of flow diagram of method, the method terminal device 100, gateway 200 as shown in Fig. 1 and network authentication The network system 10 that equipment 300 forms executes.The detailed process of the method is as follows:
Step S110, gateway 200 detects the DHCP Offer message for being sent to terminal device 100, and root The IP address and MAC Address of the terminal device 100 are obtained according to the DHCP Offer message.
Optionally, in the present embodiment, before step S110, the gateway 200 can be opened according to the configuration of user Dhcp server functionality, and the IP address of the network authentication apparatus 300 is configured, and the network is obtained by ARP protocol The MAC Address of authenticating device 300.Specifically, the gateway 200 needs the initiate mode to DHCP process to detect, To guarantee to respond the IP address acquisition request of terminal device 100.Meanwhile it detecting when the DHCP process is activated When, it is also necessary to ARP entry is searched, to determine whether there is the specified corresponding ARP entry of network authentication apparatus 300, To obtain the MAC Address of network authentication apparatus 300.
In the present embodiment, the configuration information of the IP address of network authentication apparatus 300 can first pass through in advance network administrator into Row configuration, and corresponding configuration information is stored in the corresponding caching of the gateway 200.Recognize when the network can be obtained When demonstrate,proving the MAC Address of equipment 300, DHCP Offer message is detected, and institute is obtained according to the DHCP Offer message State the IP address and MAC Address of terminal device 100.
In detail, 200 detecting real-time of gateway whether there is DHCP Offer message, when terminal device 100 to When the gateway 200 initiates DHCP request message, the gateway 200 responds the IP address of the terminal device 100 Acquisition request, Xiang Suoshu terminal device 100 send corresponding DHCP Offer message.The DHCP Offer message is the net The message that equipment 200 is sent to the terminal device 100 in DHCP protocol interactive process is closed, for notifying terminal device 100 The configuration informations such as IP address, gateway, the dns server address of distribution.The gateway 200 can be sent to institute by intercepting and capturing The DHCP Offer message of terminal device 100 is stated, and gets the terminal device 100 from the DHCP Offer message IP address and MAC Address.
Step S120, IP address based on the terminal device 100 and MAC Address generate ARP message, and by the ARP Message is sent to the network authentication apparatus 300.
In detail, the gateway 200 can by the IP address of the terminal device 100 intercepted and MAC Address according to ARP protocol is packaged to generate ARP message, and be sent to the network authentication apparatus 300 for having specified IP address.And in this reality It applies in example, the gateway 200 and the network authentication apparatus 300 are in the same double layer network, therefore the gateway Equipment 200 can be by sending ARP message to the network authentication apparatus 300.
More specifically, sender's hardware address of ARP protocol and purpose hardware address are the end in the ARP message The MAC Address of end equipment 100, the sender's IP address and purpose IP address of ARP protocol are that the terminal is set in the ARP message Standby 100 IP address.
Based on above-mentioned design, when terminal device 100 needs to access network, gateway 200 can be passed through first IP address is obtained, and gateway 200 and terminal device 100 are in the same double layer network, gateway 200 is returned by intercepting and capturing Back to the DHCP Offer message of the terminal device 100, the MAC Address of terminal device 100 is got.And due to gateway 200 be the gateway between terminal device 100 and network authentication apparatus 300, and gateway 200 and network authentication apparatus 300 are also located In the same double layer network, and then gateway 200 can be sent described in MAC Address notice of the ARP message by terminal device 100 Network authentication apparatus 300.The ARP message notifying network authentication apparatus 300 that the above method passes through customization, wherein ARP protocol is every The standard agreement that one equipment is all supported, without other processes newly developed, and since ARP protocol is one two layers Agreement, to resource overhead very little, so that MAC Address acquisition modes are simply accurate.
Step S130, the network authentication apparatus 300 analyze the received ARP message, obtain the terminal The MAC Address of equipment 100.
Optionally, in the present embodiment, the network authentication apparatus 300 before receiving the ARP message,
In the present embodiment, the configuration information of the IP address of gateway 200 can first pass through in advance network administrator and match It sets, and corresponding configuration information is stored in the corresponding caching of the network authentication apparatus 300.It is set when the gateway can be obtained When standby 200 MAC Address, the ARP message is received, the ethernet source hardware address in the ARP message is parsed, then should Ethernet source hardware address is compared with the MAC Address of the gateway 200 of designated IP address.When the ARP message Ethernet source hardware address when being the MAC Address of the gateway 200, according to the MAC Address of the gateway 200, Sender's hardware address and purpose hardware address obtain the MAC Address of the terminal device 100 across three-layer network.
Specifically, firstly, determining the ethernet source hardware address and the gateway 200 of designated IP address When MAC Address is consistent, judge whether sender's hardware address and purpose hardware address are consistent in the ARP message.Then, it is sending out When the side's of sending hardware address is consistent with purpose hardware address, described sender hardware address, purpose hardware address and the net are judged Whether the MAC Address for closing equipment 200 is inconsistent.Subsequently, when described sender hardware address, purpose hardware address and the net When the MAC Address of pass equipment 200 is inconsistent, determines described sender hardware address or purpose hardware address is across three-layer network Terminal device 100 MAC Address, to realize the MAC Address of across three-layer network acquisition terminal device 100.
Based on above-mentioned design, the MAC Address of terminal device 100 is obtained by gateway 200, it is ensured that terminal device Then the accuracy of 100 MAC Address generates corresponding ARP message and is sent to the network authentication apparatus 300, so that network Authenticating device 300 can obtain the MAC Address of terminal device 100, acquisition side at the first time when the terminal device 100 accesses Formula is simple and efficient.
Further, referring to Fig. 3, present pre-ferred embodiments also provide a kind of gateway 200, the gateway 200 communicate to connect with terminal device 100 and network authentication apparatus 300 respectively, and the gateway 200 includes:
Detecting module 210, for being detected to the DHCP Offer message for being sent to terminal device 100, and according to institute State IP address and MAC Address that DHCP Offer message obtains the terminal device 100.
First ARP module 220, for IP address and MAC Address generation ARP message based on the terminal device 100.
Sending module 230, for the ARP message to be sent to the network authentication apparatus 300, so that the network is recognized Card equipment 300 analyzes the ARP message, obtains the MAC Address of the terminal device 100.
In the present embodiment, sender's hardware address and purpose hardware address in the ARP message are the terminal device 100 MAC Address, sender's IP address and purpose IP address in the ARP message are the IP of the terminal device 100 Location.
Preferably, referring to Fig. 4, the gateway 200 can also include:
First configuration module 209 is also used to configure the network authentication apparatus 300 for opening dhcp server functionality IP address.
Further, the first ARP module 220, with being also used to the IP of the network authentication apparatus 300 according to configuration Location obtains the MAC Address of the network authentication apparatus 300.
Further, referring to Fig. 5, present pre-ferred embodiments also provide a kind of network authentication apparatus 300, the network Authenticating device 300 and gateway 200 communicate to connect, and the network authentication apparatus 300 includes:
Receiving module 310, the ARP message sent for receiving the gateway 200;
Detection module 320, whether the ethernet source hardware address for detecting the received ARP message is the gateway The MAC Address of equipment 200;If so, then notifying ARP module;
2nd ARP module 330, for analyzing the received ARP message, when the Ethernet of the ARP message When source hardware address is the MAC Address of the gateway 200, judge sender's hardware address and purpose hardware address whether one It causes;When consistent, judge described sender hardware address, purpose hardware address and the gateway 200 MAC Address whether It is inconsistent;When there is inconsistency, determine described sender hardware address or purpose hardware address is the terminal device 100 MAC Address.
Further, referring to Fig. 6, the network authentication apparatus 300 can also include:
Second configuration module 309 configures the IP address of the gateway 200;
The 2nd ARP module 330 is also used to the IP address of the gateway 200 according to configuration, obtains the net Close the MAC Address of equipment 200.
In conclusion MAC Address acquisition methods provided in an embodiment of the present invention, gateway 200, network authentication apparatus 300 and network system 10.The specific implementation principle of this method are as follows: gateway 200 is to the DHCP for being sent to terminal device 100 Offer message is detected, and with obtaining IP address and the MAC of the terminal device 100 according to the DHCP Offer message Location;IP address based on the terminal device 100 and MAC Address generate ARP message, and the ARP message are sent to described Network authentication apparatus 300;The network authentication apparatus 300 analyzes the received ARP message, obtains the terminal and sets Standby 100 MAC Address.Technical solution provided by the invention obtains the MAC Address of terminal device 100 by gateway 200, really The accuracy of the MAC Address of terminal device 100 has been protected, corresponding ARP message has then been generated and is sent to the network authentication apparatus 300, allow network authentication apparatus 300 to obtain terminal device 100 at the first time when the terminal device 100 accesses MAC Address, acquisition modes are simple and efficient.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims Variation is included within the present invention.Any reference signs in the claims should not be construed as limiting the involved claims.

Claims (9)

1. a kind of MAC Address acquisition methods, applied to the network system including terminal device, gateway and network authentication apparatus System, wherein the terminal device and the network authentication apparatus are located at different double layer networks, which is characterized in that the method Include:
Gateway detects the DHCP Offer message for being sent to terminal device, and according to the DHCP Offer message Obtain the IP address and MAC Address of the terminal device;
IP address and MAC Address based on the terminal device generate ARP message, and the ARP message is sent to the net Network authenticating device;
The network authentication apparatus analyzes the received ARP message, obtains the MAC Address of the terminal device;
Wherein, described that the received ARP message is analyzed, the MAC Address of the terminal device is obtained, is specifically included:
Detect the received ARP message ethernet source hardware address whether be the gateway MAC Address;
When the ethernet source hardware address of the ARP message is the MAC Address of the gateway, with judging sender's hardware Whether location is consistent with purpose hardware address;
When consistent, whether not the MAC Address of described sender hardware address, purpose hardware address and the gateway is judged Unanimously;
When there is inconsistency, determine described sender hardware address or purpose hardware address is the MAC Address of the terminal device.
2. MAC Address acquisition methods according to claim 1, which is characterized in that in the gateway to being sent to end Before the step of DHCP Offer message of end equipment is detected, the method also includes:
The gateway opens dhcp server functionality, and configures the IP address of the network authentication apparatus;The gateway is set The standby MAC Address that the network authentication apparatus is obtained by ARP protocol.
3. MAC Address acquisition methods according to claim 1, which is characterized in that sender's hardware in the ARP message Address and purpose hardware address are the MAC Address of the terminal device, sender's IP address and destination IP in the ARP message Address is the IP address of the terminal device.
4. a kind of gateway, which is characterized in that the gateway respectively with terminal device and network authentication apparatus communication link It connects, the terminal device and the network authentication apparatus are in different double layer networks, and the gateway includes:
Detecting module, for being detected to the DHCP Offer message for being sent to terminal device, and according to the DHCP Offer message obtains the IP address and MAC Address of the terminal device;
First ARP module, for IP address and MAC Address generation ARP message based on the terminal device;
Sending module, for the ARP message to be sent to the network authentication apparatus, so that the network authentication apparatus is to institute It states ARP message to be analyzed, obtains the MAC Address of the terminal device, wherein the network authentication apparatus is to received described ARP message is analyzed, when the ethernet source hardware address of the ARP message is the MAC Address of the gateway, judgement Whether sender's hardware address is consistent with purpose hardware address;When consistent, described sender hardware address, purpose hardware are judged Whether address and the MAC Address of the gateway are inconsistent;When there is inconsistency, determine described sender hardware address or mesh Hardware address be terminal device MAC Address.
5. gateway according to claim 4, which is characterized in that the gateway further include:
First configuration module is also used to configure the IP address of the network authentication apparatus for opening dhcp server functionality;
The first ARP module is also used to the IP address of the network authentication apparatus according to configuration, obtains the network authentication The MAC Address of equipment.
6. gateway according to claim 4 or 5, which is characterized in that sender's hardware address in the ARP message It is the MAC Address of the terminal device, sender's IP address and purpose IP address in the ARP message with purpose hardware address For the IP address of the terminal device.
7. a kind of network authentication apparatus, which is characterized in that the network authentication apparatus and gateway communicate to connect, terminal device It is in different double layer networks with the network authentication apparatus, the network authentication apparatus includes:
Receiving module, the ARP message sent for receiving the gateway, wherein the ARP message is the gateway Based on to the DHCP Offer message for being sent to the terminal device carry out detecting acquisition the terminal device IP address and The ARP message that MAC Address generates;
Detection module, whether the ethernet source hardware address for detecting the received ARP message is the gateway MAC Address;If so, then notifying ARP module;
2nd ARP module, for analyzing the received ARP message, when the ethernet source hardware of the ARP message When location is the MAC Address of the gateway, judge whether sender's hardware address is consistent with purpose hardware address;
When consistent, whether not the MAC Address of described sender hardware address, purpose hardware address and the gateway is judged Unanimously;
When there is inconsistency, determine described sender hardware address or purpose hardware address for the MAC Address of terminal device.
8. network authentication apparatus according to claim 7, which is characterized in that the network authentication apparatus includes:
Second configuration module configures the IP address of the gateway;
The 2nd ARP module is also used to the IP address of the gateway according to configuration, obtains the gateway MAC Address.
9. a kind of network system, which is characterized in that including gateway described in any one of terminal device, claim 4-6 And network authentication apparatus described in claim 7 or 8.
CN201710575805.2A 2017-07-14 2017-07-14 MAC Address acquisition methods, gateway, network authentication apparatus and network system Active CN107241461B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710575805.2A CN107241461B (en) 2017-07-14 2017-07-14 MAC Address acquisition methods, gateway, network authentication apparatus and network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710575805.2A CN107241461B (en) 2017-07-14 2017-07-14 MAC Address acquisition methods, gateway, network authentication apparatus and network system

Publications (2)

Publication Number Publication Date
CN107241461A CN107241461A (en) 2017-10-10
CN107241461B true CN107241461B (en) 2019-09-13

Family

ID=59991061

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710575805.2A Active CN107241461B (en) 2017-07-14 2017-07-14 MAC Address acquisition methods, gateway, network authentication apparatus and network system

Country Status (1)

Country Link
CN (1) CN107241461B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108429641B (en) * 2018-02-28 2021-07-06 新华三技术有限公司 Network equipment management method and device
CN108540588A (en) * 2018-03-15 2018-09-14 深信服科技股份有限公司 MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1753364A (en) * 2005-10-26 2006-03-29 杭州华为三康技术有限公司 Method of controlling network access and its system
CN102739684A (en) * 2012-06-29 2012-10-17 杭州迪普科技有限公司 Portal authentication method based on virtual IP address, and server thereof
CN106209912A (en) * 2016-08-30 2016-12-07 迈普通信技术股份有限公司 Access authorization methods, device and system
CN106230788A (en) * 2016-07-22 2016-12-14 上海斐讯数据通信技术有限公司 The reorientation method of a kind of portal certification, radio reception device, portal server
CN106954212A (en) * 2017-03-02 2017-07-14 上海斐讯数据通信技术有限公司 A kind of portal authentication method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4664143B2 (en) * 2005-07-22 2011-04-06 株式会社日立製作所 Packet transfer apparatus, communication network, and packet transfer method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1753364A (en) * 2005-10-26 2006-03-29 杭州华为三康技术有限公司 Method of controlling network access and its system
CN102739684A (en) * 2012-06-29 2012-10-17 杭州迪普科技有限公司 Portal authentication method based on virtual IP address, and server thereof
CN106230788A (en) * 2016-07-22 2016-12-14 上海斐讯数据通信技术有限公司 The reorientation method of a kind of portal certification, radio reception device, portal server
CN106209912A (en) * 2016-08-30 2016-12-07 迈普通信技术股份有限公司 Access authorization methods, device and system
CN106954212A (en) * 2017-03-02 2017-07-14 上海斐讯数据通信技术有限公司 A kind of portal authentication method and system

Also Published As

Publication number Publication date
CN107241461A (en) 2017-10-10

Similar Documents

Publication Publication Date Title
US8433811B2 (en) Test driven deployment and monitoring of heterogeneous network systems
CN104144163B (en) Auth method, apparatus and system
CN103313429B (en) A kind of processing method identifying forgery WIFI hot spot
CN106603507A (en) Method and system for automatically completing network security self checking
CN103916490B (en) DNS tamper-proof method and device
CN102739684B (en) Portal authentication method based on virtual IP address, and server thereof
CN102055813A (en) Access controlling method for network application and device thereof
CN106060072B (en) Authentication method and device
CN106878135A (en) A kind of connection method and device
CN103796278A (en) Mobile terminal wireless network access control method
CN105119901A (en) Method and system for detecting phishing hotspot
CN108881103A (en) A kind of method and device accessing network
CN106961683B (en) Method and system for detecting illegal AP and discoverer AP
CN110099129A (en) A kind of data transmission method and equipment
CN108123961A (en) Information processing method, apparatus and system
CN110022374A (en) Method for connecting network, device, communication equipment and storage medium based on Internet of Things
CN107241461B (en) MAC Address acquisition methods, gateway, network authentication apparatus and network system
CN107124715B (en) Safety protection performance evaluation method suitable for electric power wireless private network terminal
CN108322366A (en) Access the methods, devices and systems of network
CN106454903A (en) Method and device for accessing smart terminal equipment into Internet
Evers et al. Security measurement on a cloud-based cyber-physical system used for intelligent transportation
CN106332083B (en) TCP connection method and device, Intranet authentication method and system
US8724506B2 (en) Detecting double attachment between a wired network and at least one wireless network
CN107529165B (en) The recognition methods of wireless access points legitimacy under a kind of Campus Net
CN114124436B (en) APN access trusted computing management system based on electric power Internet of things universal terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant