CN107241461B - MAC Address acquisition methods, gateway, network authentication apparatus and network system - Google Patents
MAC Address acquisition methods, gateway, network authentication apparatus and network system Download PDFInfo
- Publication number
- CN107241461B CN107241461B CN201710575805.2A CN201710575805A CN107241461B CN 107241461 B CN107241461 B CN 107241461B CN 201710575805 A CN201710575805 A CN 201710575805A CN 107241461 B CN107241461 B CN 107241461B
- Authority
- CN
- China
- Prior art keywords
- address
- gateway
- terminal device
- mac address
- authentication apparatus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiment of the present invention provides a kind of MAC Address acquisition methods, gateway, network authentication apparatus and network system.The specific implementation principle of this method are as follows: gateway detects the DHCP Offer message for being sent to terminal device, and the IP address and MAC Address of the terminal device are obtained according to the DHCP Offer message;IP address and MAC Address based on the terminal device generate ARP message, and the ARP message is sent to the network authentication apparatus;The network authentication apparatus analyzes the received ARP message, obtains the MAC Address of the terminal device.The present invention can simply and efficiently obtain the MAC Address of terminal device across three layers.
Description
Technical field
The present invention relates to fields of communication technology, in particular to a kind of MAC Address acquisition methods, gateway, network
Authenticating device and network system.
Background technique
In portal certification system, when network authentication apparatus and terminal device are in different double layer networks, DHCP
Server is the gateway between terminal device and network authentication apparatus.At this point, terminal device is logical with network authentication apparatus
During letter, across three-layer network after message encapsulate be gateway MAC Address, terminal device issue ARP message
Network authentication apparatus can not be reached with DHCP message, network authentication apparatus can not accurately identify terminal MAC address.
Summary of the invention
In order to overcome above-mentioned deficiency in the prior art, the purpose of the present invention is to provide a kind of MAC Address acquisition methods,
Gateway, network authentication apparatus and network system can simply and efficiently obtain the MAC Address of terminal device across three layers.
To achieve the goals above, present pre-ferred embodiments the technical solution adopted is as follows:
Present pre-ferred embodiments provide a kind of MAC Address acquisition methods, be applied to including terminal device, gateway and
The network system of network authentication apparatus, wherein the terminal device and the network authentication apparatus are located at different double layer networks,
The described method includes:
Gateway detects the DHCP Offer message for being sent to terminal device, and according to the DHCP Offer
Message obtains the IP address and MAC Address of the terminal device;
IP address and MAC Address based on the terminal device generate ARP message, and the ARP message is sent to institute
State network authentication apparatus;
The network authentication apparatus analyzes the received ARP message, with obtaining the MAC of the terminal device
Location.
In a preferred embodiment of the present invention, the gateway to be sent to the DHCP Offer message of terminal device into
Before the step of row detecting, the method also includes:
The gateway opens dhcp server functionality, and configures the IP address of the network authentication apparatus;The net
Close the MAC Address that equipment obtains the network authentication apparatus by ARP protocol.
In a preferred embodiment of the present invention, sender's hardware address in the ARP message and purpose hardware address are institute
The MAC Address of terminal device is stated, the sender's IP address and purpose IP address in the ARP message are the IP of the terminal device
Address.
In a preferred embodiment of the present invention, described that the received ARP message is analyzed, obtain terminal device
The step of MAC Address includes:
Detect the received ARP message ethernet source hardware address whether be the gateway MAC Address;
When the ethernet source hardware address of the ARP message is the MAC Address of the gateway, judge that sender is hard
Whether part address is consistent with purpose hardware address;
When consistent, judge that described sender hardware address, purpose hardware address and the MAC Address of the gateway are
It is no inconsistent;
When there is inconsistency, determine described sender hardware address or purpose hardware address is the MAC of the terminal device
Address.
Present pre-ferred embodiments also provide a kind of gateway, and the gateway is recognized with terminal device and network respectively
Equipment communication connection is demonstrate,proved, the gateway includes:
Detecting module, for being detected to the DHCP Offer message for being sent to terminal device, and according to the DHCP
Offer message obtains the IP address and MAC Address of the terminal device;
First ARP module, for IP address and MAC Address generation ARP message based on the terminal device;
Sending module, for the ARP message to be sent to the network authentication apparatus, so that the network authentication apparatus
The ARP message is analyzed, the MAC Address of the terminal device is obtained.
In a preferred embodiment of the present invention, the gateway further include:
First configuration module, for opening dhcp server functionality, with being also used to configure the IP of the network authentication apparatus
Location;
The first ARP module is also used to the IP address of the network authentication apparatus according to configuration, obtains the network
The MAC Address of authenticating device.
In a preferred embodiment of the present invention, sender's hardware address in the ARP message and purpose hardware address are institute
The MAC Address of terminal device is stated, the sender's IP address and purpose IP address in the ARP message are the IP of the terminal device
Address.
Present pre-ferred embodiments also provide a kind of network authentication apparatus, and the network authentication apparatus is communicated with gateway
Connection, the network authentication apparatus include:
Receiving module, the ARP message sent for receiving the gateway;
Detection module, whether the ethernet source hardware address for detecting the received ARP message is that the gateway is set
Standby MAC Address;If so, then notifying ARP module;
2nd ARP module, for analyzing the received ARP message, when the ethernet source of the ARP message is hard
When part address is the MAC Address of the gateway, judge whether sender's hardware address is consistent with purpose hardware address;
When consistent, judge that described sender hardware address, purpose hardware address and the MAC Address of the gateway are
It is no inconsistent;
When there is inconsistency, determine described sender hardware address or purpose hardware address is the MAC of the terminal device
Address.
In a preferred embodiment of the present invention, the network authentication apparatus includes:
Second configuration module configures the IP address of the gateway;
The 2nd ARP module is also used to the IP address of the gateway according to configuration, obtains the gateway
MAC Address.
Present pre-ferred embodiments also provide a kind of network system, including terminal device, above-mentioned gateway and above-mentioned
Network authentication apparatus.
In terms of existing technologies, the invention has the following advantages:
MAC Address acquisition methods, gateway, network authentication apparatus and network system provided in an embodiment of the present invention.It should
The specific implementation principle of method are as follows: gateway detects the DHCP Offer message for being sent to terminal device, and according to
The DHCP Offer message obtains the IP address and MAC Address of the terminal device;IP address based on the terminal device
ARP message is generated with MAC Address, and the ARP message is sent to the network authentication apparatus;The network authentication apparatus pair
The received ARP message is analyzed, and the MAC Address of the terminal device is obtained.It is provided by the invention based on above-mentioned design
Technical solution obtains the MAC Address of terminal device by gateway, it is ensured that the accuracy of the MAC Address of terminal device, so
After generate corresponding ARP message and be sent to the network authentication apparatus, allow network authentication apparatus in the terminal device
The MAC Address of terminal device is obtained when access at the first time, acquisition modes are simple and efficient.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is a kind of interactive schematic diagram for the network system that present pre-ferred embodiments provide;
Fig. 2 is a kind of flow diagram for the MAC Address acquisition methods that present pre-ferred embodiments provide;
Fig. 3 is a kind of structural block diagram for the gateway that present pre-ferred embodiments provide;
Fig. 4 is another structural block diagram for the gateway that present pre-ferred embodiments provide;
Fig. 5 is a kind of structural block diagram for the network authentication apparatus that present pre-ferred embodiments provide;
Fig. 6 is another structural block diagram for the network authentication apparatus that present pre-ferred embodiments provide.
Icon: 10- network system;100- terminal device;200- gateway;209- configuration module;210- detecting module;
The first ARP module of 220-;230- sending module;300- network authentication apparatus;The second configuration module of 309-;310- receiving module;
320- detection module;The 2nd ARP module of 330-.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Usually herein
The component of the embodiment of the present invention described and illustrated in place's attached drawing can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed
The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiments of the present invention, this field is common
Technical staff's all other embodiment obtained without creative efforts belongs to the model that the present invention protects
It encloses.
Referring to Fig. 1, a kind of interactive schematic diagram of the network system 10 provided for present pre-ferred embodiments.The present embodiment
In, the network system 10 includes terminal device 100, gateway 200 and the network authentication apparatus 300 being in communication with each other.Wherein,
The terminal device 100 and the network authentication apparatus 300 are located at different double layer networks.
Wherein, the terminal device 100 can be but not limited to smart phone, personal digital assistant, PC, notes
This computer etc..
The gateway 200 can be Dynamic Host Configuration Protocol server, and in the present embodiment, Dynamic Host Configuration Protocol server can receive the terminal
The IP address of equipment 100 is requested, to be the distribution of terminal device 100 for accessing network according to the MAC Address of the terminal device 100
IP address in address pool.It is worth noting that, the IP address request that terminal device 100 is broadcasted only can be within the scope of double layer network
Diffusion, the Dynamic Host Configuration Protocol server for only belonging to a double layer network range could respond the IP address request of terminal device 100.
In the present embodiment, the network authentication apparatus 300 can be network access server (Network Access
Server, NAS), NAS can be used for disposing various strategies, for example, planning the accessible money of certified terminal device 100
Source, or different access strategies is implemented to different types of access terminal, or to the end authenticated again in interval time
End equipment 100 implements different certification policies etc., and during implementing these strategies, need NAS that can accurately identify each
A terminal device 100.
MAC Address is the address that each terminal device 100 carries, so network authentication apparatus 300 can pass through acquisition
The MAC Address of terminal device 100 identifies terminal device 100.
When Dynamic Host Configuration Protocol server and network authentication apparatus 300 are not same equipment, NAS and terminal device 100 are in not
Same double layer network, Dynamic Host Configuration Protocol server is the gateway 200 between terminal device 100 and network authentication apparatus 300.At this time eventually
The ARP message and DHCP message that end equipment 100 issues can not reach the network authentication apparatus 300.Terminal device 100 with
In 300 communication process of network authentication apparatus, across three-layer network after message encapsulate be gateway 200 MAC Address, this
When network authentication apparatus 300 can not accurately identify the MAC Address of terminal device 100, to can not know to terminal device 100
Not.
In view of this, when network authentication apparatus 300 and terminal device 100 are not at the same double layer network, in order to across
Three-layer network obtains the MAC Address of terminal device 100, referring to Fig. 2, obtaining for the MAC Address that present pre-ferred embodiments provide
Take a kind of flow diagram of method, the method terminal device 100, gateway 200 as shown in Fig. 1 and network authentication
The network system 10 that equipment 300 forms executes.The detailed process of the method is as follows:
Step S110, gateway 200 detects the DHCP Offer message for being sent to terminal device 100, and root
The IP address and MAC Address of the terminal device 100 are obtained according to the DHCP Offer message.
Optionally, in the present embodiment, before step S110, the gateway 200 can be opened according to the configuration of user
Dhcp server functionality, and the IP address of the network authentication apparatus 300 is configured, and the network is obtained by ARP protocol
The MAC Address of authenticating device 300.Specifically, the gateway 200 needs the initiate mode to DHCP process to detect,
To guarantee to respond the IP address acquisition request of terminal device 100.Meanwhile it detecting when the DHCP process is activated
When, it is also necessary to ARP entry is searched, to determine whether there is the specified corresponding ARP entry of network authentication apparatus 300,
To obtain the MAC Address of network authentication apparatus 300.
In the present embodiment, the configuration information of the IP address of network authentication apparatus 300 can first pass through in advance network administrator into
Row configuration, and corresponding configuration information is stored in the corresponding caching of the gateway 200.Recognize when the network can be obtained
When demonstrate,proving the MAC Address of equipment 300, DHCP Offer message is detected, and institute is obtained according to the DHCP Offer message
State the IP address and MAC Address of terminal device 100.
In detail, 200 detecting real-time of gateway whether there is DHCP Offer message, when terminal device 100 to
When the gateway 200 initiates DHCP request message, the gateway 200 responds the IP address of the terminal device 100
Acquisition request, Xiang Suoshu terminal device 100 send corresponding DHCP Offer message.The DHCP Offer message is the net
The message that equipment 200 is sent to the terminal device 100 in DHCP protocol interactive process is closed, for notifying terminal device 100
The configuration informations such as IP address, gateway, the dns server address of distribution.The gateway 200 can be sent to institute by intercepting and capturing
The DHCP Offer message of terminal device 100 is stated, and gets the terminal device 100 from the DHCP Offer message
IP address and MAC Address.
Step S120, IP address based on the terminal device 100 and MAC Address generate ARP message, and by the ARP
Message is sent to the network authentication apparatus 300.
In detail, the gateway 200 can by the IP address of the terminal device 100 intercepted and MAC Address according to
ARP protocol is packaged to generate ARP message, and be sent to the network authentication apparatus 300 for having specified IP address.And in this reality
It applies in example, the gateway 200 and the network authentication apparatus 300 are in the same double layer network, therefore the gateway
Equipment 200 can be by sending ARP message to the network authentication apparatus 300.
More specifically, sender's hardware address of ARP protocol and purpose hardware address are the end in the ARP message
The MAC Address of end equipment 100, the sender's IP address and purpose IP address of ARP protocol are that the terminal is set in the ARP message
Standby 100 IP address.
Based on above-mentioned design, when terminal device 100 needs to access network, gateway 200 can be passed through first
IP address is obtained, and gateway 200 and terminal device 100 are in the same double layer network, gateway 200 is returned by intercepting and capturing
Back to the DHCP Offer message of the terminal device 100, the MAC Address of terminal device 100 is got.And due to gateway
200 be the gateway between terminal device 100 and network authentication apparatus 300, and gateway 200 and network authentication apparatus 300 are also located
In the same double layer network, and then gateway 200 can be sent described in MAC Address notice of the ARP message by terminal device 100
Network authentication apparatus 300.The ARP message notifying network authentication apparatus 300 that the above method passes through customization, wherein ARP protocol is every
The standard agreement that one equipment is all supported, without other processes newly developed, and since ARP protocol is one two layers
Agreement, to resource overhead very little, so that MAC Address acquisition modes are simply accurate.
Step S130, the network authentication apparatus 300 analyze the received ARP message, obtain the terminal
The MAC Address of equipment 100.
Optionally, in the present embodiment, the network authentication apparatus 300 before receiving the ARP message,
In the present embodiment, the configuration information of the IP address of gateway 200 can first pass through in advance network administrator and match
It sets, and corresponding configuration information is stored in the corresponding caching of the network authentication apparatus 300.It is set when the gateway can be obtained
When standby 200 MAC Address, the ARP message is received, the ethernet source hardware address in the ARP message is parsed, then should
Ethernet source hardware address is compared with the MAC Address of the gateway 200 of designated IP address.When the ARP message
Ethernet source hardware address when being the MAC Address of the gateway 200, according to the MAC Address of the gateway 200,
Sender's hardware address and purpose hardware address obtain the MAC Address of the terminal device 100 across three-layer network.
Specifically, firstly, determining the ethernet source hardware address and the gateway 200 of designated IP address
When MAC Address is consistent, judge whether sender's hardware address and purpose hardware address are consistent in the ARP message.Then, it is sending out
When the side's of sending hardware address is consistent with purpose hardware address, described sender hardware address, purpose hardware address and the net are judged
Whether the MAC Address for closing equipment 200 is inconsistent.Subsequently, when described sender hardware address, purpose hardware address and the net
When the MAC Address of pass equipment 200 is inconsistent, determines described sender hardware address or purpose hardware address is across three-layer network
Terminal device 100 MAC Address, to realize the MAC Address of across three-layer network acquisition terminal device 100.
Based on above-mentioned design, the MAC Address of terminal device 100 is obtained by gateway 200, it is ensured that terminal device
Then the accuracy of 100 MAC Address generates corresponding ARP message and is sent to the network authentication apparatus 300, so that network
Authenticating device 300 can obtain the MAC Address of terminal device 100, acquisition side at the first time when the terminal device 100 accesses
Formula is simple and efficient.
Further, referring to Fig. 3, present pre-ferred embodiments also provide a kind of gateway 200, the gateway
200 communicate to connect with terminal device 100 and network authentication apparatus 300 respectively, and the gateway 200 includes:
Detecting module 210, for being detected to the DHCP Offer message for being sent to terminal device 100, and according to institute
State IP address and MAC Address that DHCP Offer message obtains the terminal device 100.
First ARP module 220, for IP address and MAC Address generation ARP message based on the terminal device 100.
Sending module 230, for the ARP message to be sent to the network authentication apparatus 300, so that the network is recognized
Card equipment 300 analyzes the ARP message, obtains the MAC Address of the terminal device 100.
In the present embodiment, sender's hardware address and purpose hardware address in the ARP message are the terminal device
100 MAC Address, sender's IP address and purpose IP address in the ARP message are the IP of the terminal device 100
Location.
Preferably, referring to Fig. 4, the gateway 200 can also include:
First configuration module 209 is also used to configure the network authentication apparatus 300 for opening dhcp server functionality
IP address.
Further, the first ARP module 220, with being also used to the IP of the network authentication apparatus 300 according to configuration
Location obtains the MAC Address of the network authentication apparatus 300.
Further, referring to Fig. 5, present pre-ferred embodiments also provide a kind of network authentication apparatus 300, the network
Authenticating device 300 and gateway 200 communicate to connect, and the network authentication apparatus 300 includes:
Receiving module 310, the ARP message sent for receiving the gateway 200;
Detection module 320, whether the ethernet source hardware address for detecting the received ARP message is the gateway
The MAC Address of equipment 200;If so, then notifying ARP module;
2nd ARP module 330, for analyzing the received ARP message, when the Ethernet of the ARP message
When source hardware address is the MAC Address of the gateway 200, judge sender's hardware address and purpose hardware address whether one
It causes;When consistent, judge described sender hardware address, purpose hardware address and the gateway 200 MAC Address whether
It is inconsistent;When there is inconsistency, determine described sender hardware address or purpose hardware address is the terminal device 100
MAC Address.
Further, referring to Fig. 6, the network authentication apparatus 300 can also include:
Second configuration module 309 configures the IP address of the gateway 200;
The 2nd ARP module 330 is also used to the IP address of the gateway 200 according to configuration, obtains the net
Close the MAC Address of equipment 200.
In conclusion MAC Address acquisition methods provided in an embodiment of the present invention, gateway 200, network authentication apparatus
300 and network system 10.The specific implementation principle of this method are as follows: gateway 200 is to the DHCP for being sent to terminal device 100
Offer message is detected, and with obtaining IP address and the MAC of the terminal device 100 according to the DHCP Offer message
Location;IP address based on the terminal device 100 and MAC Address generate ARP message, and the ARP message are sent to described
Network authentication apparatus 300;The network authentication apparatus 300 analyzes the received ARP message, obtains the terminal and sets
Standby 100 MAC Address.Technical solution provided by the invention obtains the MAC Address of terminal device 100 by gateway 200, really
The accuracy of the MAC Address of terminal device 100 has been protected, corresponding ARP message has then been generated and is sent to the network authentication apparatus
300, allow network authentication apparatus 300 to obtain terminal device 100 at the first time when the terminal device 100 accesses
MAC Address, acquisition modes are simple and efficient.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power
Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims
Variation is included within the present invention.Any reference signs in the claims should not be construed as limiting the involved claims.
Claims (9)
1. a kind of MAC Address acquisition methods, applied to the network system including terminal device, gateway and network authentication apparatus
System, wherein the terminal device and the network authentication apparatus are located at different double layer networks, which is characterized in that the method
Include:
Gateway detects the DHCP Offer message for being sent to terminal device, and according to the DHCP Offer message
Obtain the IP address and MAC Address of the terminal device;
IP address and MAC Address based on the terminal device generate ARP message, and the ARP message is sent to the net
Network authenticating device;
The network authentication apparatus analyzes the received ARP message, obtains the MAC Address of the terminal device;
Wherein, described that the received ARP message is analyzed, the MAC Address of the terminal device is obtained, is specifically included:
Detect the received ARP message ethernet source hardware address whether be the gateway MAC Address;
When the ethernet source hardware address of the ARP message is the MAC Address of the gateway, with judging sender's hardware
Whether location is consistent with purpose hardware address;
When consistent, whether not the MAC Address of described sender hardware address, purpose hardware address and the gateway is judged
Unanimously;
When there is inconsistency, determine described sender hardware address or purpose hardware address is the MAC Address of the terminal device.
2. MAC Address acquisition methods according to claim 1, which is characterized in that in the gateway to being sent to end
Before the step of DHCP Offer message of end equipment is detected, the method also includes:
The gateway opens dhcp server functionality, and configures the IP address of the network authentication apparatus;The gateway is set
The standby MAC Address that the network authentication apparatus is obtained by ARP protocol.
3. MAC Address acquisition methods according to claim 1, which is characterized in that sender's hardware in the ARP message
Address and purpose hardware address are the MAC Address of the terminal device, sender's IP address and destination IP in the ARP message
Address is the IP address of the terminal device.
4. a kind of gateway, which is characterized in that the gateway respectively with terminal device and network authentication apparatus communication link
It connects, the terminal device and the network authentication apparatus are in different double layer networks, and the gateway includes:
Detecting module, for being detected to the DHCP Offer message for being sent to terminal device, and according to the DHCP
Offer message obtains the IP address and MAC Address of the terminal device;
First ARP module, for IP address and MAC Address generation ARP message based on the terminal device;
Sending module, for the ARP message to be sent to the network authentication apparatus, so that the network authentication apparatus is to institute
It states ARP message to be analyzed, obtains the MAC Address of the terminal device, wherein the network authentication apparatus is to received described
ARP message is analyzed, when the ethernet source hardware address of the ARP message is the MAC Address of the gateway, judgement
Whether sender's hardware address is consistent with purpose hardware address;When consistent, described sender hardware address, purpose hardware are judged
Whether address and the MAC Address of the gateway are inconsistent;When there is inconsistency, determine described sender hardware address or mesh
Hardware address be terminal device MAC Address.
5. gateway according to claim 4, which is characterized in that the gateway further include:
First configuration module is also used to configure the IP address of the network authentication apparatus for opening dhcp server functionality;
The first ARP module is also used to the IP address of the network authentication apparatus according to configuration, obtains the network authentication
The MAC Address of equipment.
6. gateway according to claim 4 or 5, which is characterized in that sender's hardware address in the ARP message
It is the MAC Address of the terminal device, sender's IP address and purpose IP address in the ARP message with purpose hardware address
For the IP address of the terminal device.
7. a kind of network authentication apparatus, which is characterized in that the network authentication apparatus and gateway communicate to connect, terminal device
It is in different double layer networks with the network authentication apparatus, the network authentication apparatus includes:
Receiving module, the ARP message sent for receiving the gateway, wherein the ARP message is the gateway
Based on to the DHCP Offer message for being sent to the terminal device carry out detecting acquisition the terminal device IP address and
The ARP message that MAC Address generates;
Detection module, whether the ethernet source hardware address for detecting the received ARP message is the gateway
MAC Address;If so, then notifying ARP module;
2nd ARP module, for analyzing the received ARP message, when the ethernet source hardware of the ARP message
When location is the MAC Address of the gateway, judge whether sender's hardware address is consistent with purpose hardware address;
When consistent, whether not the MAC Address of described sender hardware address, purpose hardware address and the gateway is judged
Unanimously;
When there is inconsistency, determine described sender hardware address or purpose hardware address for the MAC Address of terminal device.
8. network authentication apparatus according to claim 7, which is characterized in that the network authentication apparatus includes:
Second configuration module configures the IP address of the gateway;
The 2nd ARP module is also used to the IP address of the gateway according to configuration, obtains the gateway
MAC Address.
9. a kind of network system, which is characterized in that including gateway described in any one of terminal device, claim 4-6
And network authentication apparatus described in claim 7 or 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710575805.2A CN107241461B (en) | 2017-07-14 | 2017-07-14 | MAC Address acquisition methods, gateway, network authentication apparatus and network system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710575805.2A CN107241461B (en) | 2017-07-14 | 2017-07-14 | MAC Address acquisition methods, gateway, network authentication apparatus and network system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107241461A CN107241461A (en) | 2017-10-10 |
CN107241461B true CN107241461B (en) | 2019-09-13 |
Family
ID=59991061
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710575805.2A Active CN107241461B (en) | 2017-07-14 | 2017-07-14 | MAC Address acquisition methods, gateway, network authentication apparatus and network system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107241461B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108429641B (en) * | 2018-02-28 | 2021-07-06 | 新华三技术有限公司 | Network equipment management method and device |
CN108540588A (en) * | 2018-03-15 | 2018-09-14 | 深信服科技股份有限公司 | MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1753364A (en) * | 2005-10-26 | 2006-03-29 | 杭州华为三康技术有限公司 | Method of controlling network access and its system |
CN102739684A (en) * | 2012-06-29 | 2012-10-17 | 杭州迪普科技有限公司 | Portal authentication method based on virtual IP address, and server thereof |
CN106209912A (en) * | 2016-08-30 | 2016-12-07 | 迈普通信技术股份有限公司 | Access authorization methods, device and system |
CN106230788A (en) * | 2016-07-22 | 2016-12-14 | 上海斐讯数据通信技术有限公司 | The reorientation method of a kind of portal certification, radio reception device, portal server |
CN106954212A (en) * | 2017-03-02 | 2017-07-14 | 上海斐讯数据通信技术有限公司 | A kind of portal authentication method and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4664143B2 (en) * | 2005-07-22 | 2011-04-06 | 株式会社日立製作所 | Packet transfer apparatus, communication network, and packet transfer method |
-
2017
- 2017-07-14 CN CN201710575805.2A patent/CN107241461B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1753364A (en) * | 2005-10-26 | 2006-03-29 | 杭州华为三康技术有限公司 | Method of controlling network access and its system |
CN102739684A (en) * | 2012-06-29 | 2012-10-17 | 杭州迪普科技有限公司 | Portal authentication method based on virtual IP address, and server thereof |
CN106230788A (en) * | 2016-07-22 | 2016-12-14 | 上海斐讯数据通信技术有限公司 | The reorientation method of a kind of portal certification, radio reception device, portal server |
CN106209912A (en) * | 2016-08-30 | 2016-12-07 | 迈普通信技术股份有限公司 | Access authorization methods, device and system |
CN106954212A (en) * | 2017-03-02 | 2017-07-14 | 上海斐讯数据通信技术有限公司 | A kind of portal authentication method and system |
Also Published As
Publication number | Publication date |
---|---|
CN107241461A (en) | 2017-10-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8433811B2 (en) | Test driven deployment and monitoring of heterogeneous network systems | |
CN104144163B (en) | Auth method, apparatus and system | |
CN103313429B (en) | A kind of processing method identifying forgery WIFI hot spot | |
CN106603507A (en) | Method and system for automatically completing network security self checking | |
CN103916490B (en) | DNS tamper-proof method and device | |
CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
CN102055813A (en) | Access controlling method for network application and device thereof | |
CN106060072B (en) | Authentication method and device | |
CN106878135A (en) | A kind of connection method and device | |
CN103796278A (en) | Mobile terminal wireless network access control method | |
CN105119901A (en) | Method and system for detecting phishing hotspot | |
CN108881103A (en) | A kind of method and device accessing network | |
CN106961683B (en) | Method and system for detecting illegal AP and discoverer AP | |
CN110099129A (en) | A kind of data transmission method and equipment | |
CN108123961A (en) | Information processing method, apparatus and system | |
CN110022374A (en) | Method for connecting network, device, communication equipment and storage medium based on Internet of Things | |
CN107241461B (en) | MAC Address acquisition methods, gateway, network authentication apparatus and network system | |
CN107124715B (en) | Safety protection performance evaluation method suitable for electric power wireless private network terminal | |
CN108322366A (en) | Access the methods, devices and systems of network | |
CN106454903A (en) | Method and device for accessing smart terminal equipment into Internet | |
Evers et al. | Security measurement on a cloud-based cyber-physical system used for intelligent transportation | |
CN106332083B (en) | TCP connection method and device, Intranet authentication method and system | |
US8724506B2 (en) | Detecting double attachment between a wired network and at least one wireless network | |
CN107529165B (en) | The recognition methods of wireless access points legitimacy under a kind of Campus Net | |
CN114124436B (en) | APN access trusted computing management system based on electric power Internet of things universal terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |