CN107276819A - A kind of authentication method of the three-layer network based on snmp protocol - Google Patents
A kind of authentication method of the three-layer network based on snmp protocol Download PDFInfo
- Publication number
- CN107276819A CN107276819A CN201710546084.2A CN201710546084A CN107276819A CN 107276819 A CN107276819 A CN 107276819A CN 201710546084 A CN201710546084 A CN 201710546084A CN 107276819 A CN107276819 A CN 107276819A
- Authority
- CN
- China
- Prior art keywords
- terminal
- authentication module
- authentication
- gateway
- snmp protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses the authentication method of the three-layer network based on snmp protocol, comprise the following steps, step a:ARP is automatically generated on accessing terminal to network, three-tier switch;Step b:After terminal access network, terminal sends data and gives gateway authentication module;Step c:Gateway authentication module updates IP+MAC list items according to ARP;Step d:Gateway authentication module is matched, and step e is carried out if matching, is otherwise matched always untill matching, and then carries out step e;Step e:Terminal sends browsing pages and asks to give gateway authentication module, and the browser page of terminal is redirected to certification page by gateway authentication module;Step f:After terminal input authentication information, then it is authenticated, applicability of the invention and is easily used by gateway authentication module;The present invention can be corresponding with user's MAC address by user mobile phone number;Operating procedure is simple, it is easy to later maintenance.
Description
Technical field
The present invention relates to a kind of authentication method of the three-layer network based on snmp protocol.
Background technology
Due to smart mobile phone, computer client, IPAD clients continuous popularization, WIFI wireless technologys are further ripe, people
The demand surfed the Net in public places using wireless network sufficiently met.Wireless WIFI demand is also presented quick-fried
The growth of fried formula.Hospital, enterprise, government, market, WIFI are ubiquitous.At the same time, WIFI except provide access service it
Outside, new demand point is also constantly increasing.Current authentication mode in business WIFI comprising PORTAL certifications, wechat certification,
The authentication techniques such as one key certification, APP certifications.Current all authentication methods are all based on double layer network structure and are authenticated, when
When there is three-tier architecture in network, then can not meet the demand of certification, and requirement of the command of public security 82 to network security, it is necessary to
Network data is audited, audit must be corresponding with cell-phone number the MAC Address of user, but prior art can not be met
The demand of people.
The content of the invention
The purpose of the present invention is to overcome the shortcomings of recognizing there is provided a kind of three-layer network based on snmp protocol in existing product
Card method.
In order to achieve the above object, the present invention is achieved by the following technical solutions:
A kind of authentication method of the three-layer network based on snmp protocol, comprises the following steps:
Step a:Accessing terminal to network, then terminal obtain IP address, automatically generate ARP on three-tier switch;
Step b:After terminal access network, terminal sends data and gives gateway authentication module;
Step c:Gateway authentication module obtains ARP, gateway authentication mould by SNMP network management protocols to three-tier switch
Root tuber updates IP+MAC list items according to ARP;
Step d:The IP+MAC list items of gateway authentication module are matched with the IP information of present terminal, MAC information, if
Then progress step e is mixed, is otherwise matched always untill matching, step e is then carried out;
Step e:Terminal sends browsing pages and asks to give gateway authentication module, and gateway authentication module is received and examined after page request
Survey, the browser page of terminal is then redirected to certification page;
Step f:After terminal input authentication information, then it is authenticated by gateway authentication module, if passing through authentication gateway
Authentication module notifies terminal authentication success, and otherwise authentication gateway authentication module notifies terminal authentication failure.
The terminal is cell-phone customer terminal, computer client, IPAD clients.
The step a:Terminal passes through wireless aps access network.
The three-tier switch is made up of Layer 2 switch with router, the Layer 2 switch connection route device.
The authentication information is username and password.
The terminal either automatically or manually sends browsing pages request.
Beneficial effects of the present invention are as follows:The three-tier switch of the present invention supports snmp protocol to be that three-layer network can be achieved
Certification, without data docking, applicability and is easily used;Public security audit requirement is met, the present invention can be by user mobile phone number and use
Family MAC Address is corresponding;To existing network without changing, network is equally applicable compared with complex environment, supports snmp protocol
Complete authentication function;Step of the present invention is simple, and legacy network transformation can be achieved in low cost, and operating procedure is simple, it is easy to the later stage
Safeguard.
Embodiment
It is described further with reference to technical scheme:
A kind of authentication method of the three-layer network based on snmp protocol, comprises the following steps:
Step a:Terminal is by wireless aps access network, and then terminal is obtained automatically generates on IP address, three-tier switch
ARP;
Step b:After terminal access network, terminal sends data and gives gateway authentication module;
Step c:Gateway authentication module obtains ARP, gateway authentication mould by SNMP network management protocols to three-tier switch
Root tuber updates IP+MAC list items according to ARP;
Step d:The IP+MAC list items of gateway authentication module are matched with the IP information of present terminal, MAC information, if
Then progress step e is mixed, is otherwise matched always untill matching, step e is then carried out;
Step e:Terminal either automatically or manually sends browsing pages and asks to give gateway authentication module, and gateway authentication module is received
Detected after page request, the browser page of terminal is then redirected to certification page;
Step f:After the authentication information of terminal input username and password, then it is authenticated by gateway authentication module,
If notifying terminal authentication success by authentication gateway authentication module, otherwise authentication gateway authentication module notifies terminal authentication failure.
The terminal is cell-phone customer terminal, computer client, IPAD clients.
The three-tier switch is made up of Layer 2 switch with router, the Layer 2 switch connection route device.
IP and MAC information to user in three-layer network is bound.Because message is when doing three-tier switch forwarding
Forwarded according to purpose IP, often cross a three-layer equipment, its source mesh IP is constant always, and source mesh MAC is in each network segment
Between will change.So message is after three-tier switch, its original MAC can not find out in messages, and only interchanger
ARP remain with IP-MAC corresponding relations.
The principle of three layers of certification is exactly the ARP that gateway authentication module gets three-tier switch by snmp protocol,
Gateway authentication module updates the IP+MAC list items and present terminal of IP+MAC list items, then gateway authentication module according to ARP
IP information, MAC information matched, if matching terminal send browsing pages ask to give gateway authentication module, gateway is recognized
Card module is received and detected after page request, and the browser page of terminal then is redirected into certification page;Terminal input authentication
After information, then it is authenticated by gateway authentication module, it is no if notifying terminal authentication success by authentication gateway authentication module
Then authentication gateway authentication module notifies terminal authentication failure, if being matched always if not matching untill matching, then
It is authenticated.The binding of IP-MAC under three-layer network is thus have effectively achieved, the purpose of certification has been reached.
The three-tier switch of the present invention supports snmp protocol to be the certification that three-layer network can be achieved, and without data docking, fits
With property and being easily used;Public security audit requirement is met, the present invention can be corresponding with user's MAC address by user mobile phone number;To existing
There is network without change, network is equally applicable compared with complex environment, support snmp protocol to complete authentication function;Present invention step
Rapid simple, legacy network transformation can be achieved in low cost, and operating procedure is simple, it is easy to later maintenance.
It should be noted that listed above is only a kind of specific embodiment of the invention.It is clear that the invention is not restricted to
Upper embodiment, can also there is many deformations.In a word, one of ordinary skill in the art can directly lead from present disclosure
All deformations for going out or associating, are considered as protection scope of the present invention.
Claims (6)
1. a kind of authentication method of the three-layer network based on snmp protocol, it is characterised in that comprise the following steps:
Step a:Accessing terminal to network, then terminal obtain IP address, automatically generate ARP on three-tier switch;
Step b:After terminal access network, terminal sends data and gives gateway authentication module;
Step c:Gateway authentication module obtains ARP, gateway authentication module root by SNMP network management protocols to three-tier switch
IP+MAC list items are updated according to ARP;
Step d:The IP+MAC list items of gateway authentication module are matched with the IP information of present terminal, MAC information, if matching
Step e is then carried out, is otherwise matched always untill matching, step e is then carried out;
Step e:Terminal sends browsing pages and asks to give gateway authentication module, and gateway authentication module is received and detected after page request,
Then the browser page of terminal is redirected to certification page;
Step f:After terminal input authentication information, then it is authenticated by gateway authentication module, if passing through authentication gateway certification
Module notifies terminal authentication success, and otherwise authentication gateway authentication module notifies terminal authentication failure.
2. the authentication method of the three-layer network based on snmp protocol according to claim 1, it is characterised in that the terminal is
Cell-phone customer terminal, computer client, IPAD clients.
3. the authentication method of the three-layer network based on snmp protocol according to claim 1, it is characterised in that the step a:
Terminal passes through wireless aps access network.
4. the authentication method of the three-layer network based on snmp protocol according to claim 1, it is characterised in that three layers of friendship
Change planes and be made up of Layer 2 switch with router, the Layer 2 switch connection route device.
5. the authentication method of the three-layer network based on snmp protocol according to claim 1, it is characterised in that the certification letter
Cease for username and password.
6. the authentication method of the three-layer network based on snmp protocol according to claim 1, it is characterised in that the terminal from
Dynamic or transmission browsing pages request manually.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710546084.2A CN107276819A (en) | 2017-07-06 | 2017-07-06 | A kind of authentication method of the three-layer network based on snmp protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710546084.2A CN107276819A (en) | 2017-07-06 | 2017-07-06 | A kind of authentication method of the three-layer network based on snmp protocol |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107276819A true CN107276819A (en) | 2017-10-20 |
Family
ID=60072356
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710546084.2A Pending CN107276819A (en) | 2017-07-06 | 2017-07-06 | A kind of authentication method of the three-layer network based on snmp protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107276819A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1455548A (en) * | 2002-05-01 | 2003-11-12 | 华为技术有限公司 | Management method of user's connecting network in wideband network |
| CN101436934A (en) * | 2008-10-20 | 2009-05-20 | 福建星网锐捷网络有限公司 | Method, system and equipment for controlling user upper wire |
| CN102075504A (en) * | 2009-11-20 | 2011-05-25 | 杭州华三通信技术有限公司 | Method and system for realizing two-layer Portal authentication and Portal server |
| CN105939348A (en) * | 2016-05-16 | 2016-09-14 | 杭州迪普科技有限公司 | MAC address authentication method and apparatus |
| CN105991794A (en) * | 2015-06-01 | 2016-10-05 | 杭州迪普科技有限公司 | Address learning method and address learning device |
-
2017
- 2017-07-06 CN CN201710546084.2A patent/CN107276819A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1455548A (en) * | 2002-05-01 | 2003-11-12 | 华为技术有限公司 | Management method of user's connecting network in wideband network |
| CN101436934A (en) * | 2008-10-20 | 2009-05-20 | 福建星网锐捷网络有限公司 | Method, system and equipment for controlling user upper wire |
| CN102075504A (en) * | 2009-11-20 | 2011-05-25 | 杭州华三通信技术有限公司 | Method and system for realizing two-layer Portal authentication and Portal server |
| CN105991794A (en) * | 2015-06-01 | 2016-10-05 | 杭州迪普科技有限公司 | Address learning method and address learning device |
| CN105939348A (en) * | 2016-05-16 | 2016-09-14 | 杭州迪普科技有限公司 | MAC address authentication method and apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103546294B (en) | Entrance guard authorization method, device and equipment | |
| US7810138B2 (en) | Enabling dynamic authentication with different protocols on the same port for a switch | |
| CN105791047B (en) | A kind of control method of security video private network Network Management System | |
| CN104158767B (en) | A kind of network admittance device and method | |
| CN102932792B (en) | A kind of method realizing wireless network cloud and controller | |
| CN102724172A (en) | System and method supporting rapid access authentication | |
| CN108337677A (en) | Network authentication method and device | |
| CN103780641B (en) | Access method, home gateway and the system of cloud desktop | |
| CN103414709A (en) | User identity binding and user identity binding assisting method and device | |
| CN101588366B (en) | System and method for accessing enterprise information system based on SaaS | |
| CN101616405A (en) | Wireless Internet access method and wireless router | |
| CN107977917A (en) | A kind of E-Government integrated application platform and method | |
| CN102665216A (en) | User authentication method for extensible and distributed wireless local area network (WLAN) | |
| CN102891832A (en) | ID (Identity) binding method and system | |
| EP3612998A1 (en) | Identity recognition method, apparatus, system for an office platform and server | |
| CN106302117A (en) | Message delivery system, method and apparatus | |
| CN105897667A (en) | Device access history tracking method, apparatus, server and system | |
| CN103414719A (en) | Address list management system and method based on safety | |
| CN102420808A (en) | Method for realizing single signon on telecom on-line business hall | |
| CN107172616A (en) | Apparatus and method for connecting mobile device and field apparatus | |
| CN103997418B (en) | Optical network resource management method based on scan code | |
| CN107295510A (en) | The method, equipment and system of Home eNodeB access control are realized based on OCSP | |
| CN101599834B (en) | Method for identification and deployment and management equipment thereof | |
| CN107071900A (en) | A kind of user facility positioning method and device | |
| KR20120044381A (en) | Method and system for subscriber to log in internet content provider(icp) website in identity/location separation network and login device thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171020 |
|
| RJ01 | Rejection of invention patent application after publication |