CN107404492B - The recognition methods of equipment in a kind of communication network - Google Patents
The recognition methods of equipment in a kind of communication network Download PDFInfo
- Publication number
- CN107404492B CN107404492B CN201710691705.6A CN201710691705A CN107404492B CN 107404492 B CN107404492 B CN 107404492B CN 201710691705 A CN201710691705 A CN 201710691705A CN 107404492 B CN107404492 B CN 107404492B
- Authority
- CN
- China
- Prior art keywords
- equipment
- protocol massages
- port
- protocol
- state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a kind of recognition methods of equipment in communication network, it is related to field of network communication, including S1: the equipment timing of interchanger middle port access other ports in Link up state into the interchanger send protocol massages, and the protocol massages include the address distinctive purpose mac and privately owned ethernet type;S2: the port in Link up state receives protocol massages, and protocol massages are sent to the CPU of interchanger;S3:CPU analysis protocol message, and judge whether the protocol contents in protocol massages data meet the identification characteristics of authenticating device, the protocol contents include the address mac of the equipment of message format, protocol type and transmission protocol massages;If so, Forwarding state is set by protocol massages sending port, and the device identification that protocol massages sending port is accessed is authenticating device, if it is not, then setting Block state for protocol massages sending port.The present invention can effectively identify the equipment identities in access switch.
Description
Technical field
The present invention relates to field of network communication, and in particular to the recognition methods of equipment in a kind of communication network.
Background technique
With the development of communication network technique, the number and type of communication network equipment are also more and more, various communication networks
Network equipment is linked into network, greatly facilitates many aspects such as people's lives, study, exchange.Meanwhile as people pacify
The promotion realized entirely, especially certain special dimensions are higher to network security requirement, need to guarantee that the equipment being linked into network is
Private device (authenticating device) prevents the access of other illegality equipments (unauthenticated device), and then to the network security of user
It plays a protective role.
But current general universal exchange, effective identification can not be carried out to the equipment of access, thus can not be directed to
The port that unverified illegality equipment uses carries out communication limit or equipment is rejected, in the close network stringenter to safety
In, this is current urgent problem to be solved.
Summary of the invention
In view of the deficiencies in the prior art, the purpose of the present invention is to provide a kind of identifications of equipment in communication network
Method effectively identifies the equipment identities in access switch.
To achieve the above objectives, the technical solution adopted by the present invention is that, comprising:
S1: equipment timing other ports in Link up state into the interchanger of interchanger middle port access
Protocol massages are sent, the protocol massages include the address distinctive purpose mac and privately owned ethernet type, the Link up
State is connection opening state;
S2: the port in Link up state receives protocol massages, and protocol massages are sent to the CPU of interchanger;
S3:CPU analysis protocol message, and judge whether the protocol contents in protocol massages data meet the mark of authenticating device
Know feature, the protocol contents include the address mac of the equipment of message format, protocol type and transmission protocol massages;If so,
Forwarding state then is set by protocol massages sending port, and is by the device identification that protocol massages sending port accesses
Authenticating device, if it is not, then setting Block state for protocol massages sending port.
Based on the above technical solution, the protocol massages are network management message.
Based on the above technical solution, the identification characteristics are used to specify the address mac, the message format of authenticating device
And protocol type.
Based on the above technical solution, when there is equipment access in port, which is Link up state.
Based on the above technical solution, the port for being set as Block state can only receive and dispatch protocol massages.
Based on the above technical solution, the equipment accessed for having been set to the port of Forwarding state, if
The other equipment accessed in interchanger do not receive the protocol massages of port device transmission again in preset timing cycle,
Block state then is set by the interface, and cancels the mark of authenticating device of the port access device.
Based on the above technical solution, the equipment of port access is in Link up status port agreement report to other
The highest-priority queue that the transmission of text is transmitted using data in interchanger.
Based on the above technical solution, protocol massages are sent to interchanger by the port in Link up state
The highest-priority queue that CPU is transmitted using data in interchanger.
Compared with the prior art, the advantages of the present invention are as follows: the device periodically that port is accessed is to other states
The port of Link up state sends protocol massages, and by the way of intersecting transmission protocol massages, while CPU sends out protocol massages
The identity of the access device of sending end mouth is judged, to be adjusted to the state of protocol massages sending port, i.e., for end
The equipment identities that are accessed of mouth carry out multiple authentication, it is ensured that the equipment that port is accessed is always authenticating device, while working as certain
The equipment that a port is accessed does not send protocol massages to other port devices at the appointed time, then directly the interface is arranged
It for Block state, further ensures that be authenticating device in access switch, the safety of data network is effectively ensured.
Detailed description of the invention
Fig. 1 is the flow chart of the recognition methods of equipment in a kind of communication network of the present invention.
Specific embodiment
Below in conjunction with attached drawing, invention is further described in detail.
Shown in Figure 1, the present invention provides a kind of recognition methods of equipment in communication network, for being linked into interchanger
In the identity of equipment identified that the present invention specifically includes:
S1: the equipment timing of interchanger middle port access is other in Link up state (connection open shape into interchanger
State) port send protocol massages, include the address distinctive purpose mac (physical address) and privately owned Ethernet in protocol massages
Type, by the address distinctive purpose mac and privately owned ethernet type, protocol massages are sent to other in Link up
The port of state, the specific address distinctive purpose mac and privately owned ethernet type are customized according to the actual situation.Specifically
, protocol massages are that management message also can be by agreement report even if facilitating the subsequent port for Block state (locking-in state)
Text reports to the CPU of interchanger.When there is equipment access in port, which is in an open state, i.e., when some end of interchanger
When mouth has equipment access, either authenticating device or unauthenticated device, the port have become Link up shape to the equipment of access
State.
S2: the port in Link up state receives protocol massages, and protocol massages are sent to the CPU of interchanger.
S3:CPU analysis protocol message, and judge whether the protocol contents in protocol massages data meet the mark of authenticating device
Know feature, if so, setting Forwarding state (forwarding state) for protocol massages sending port, and protocol massages is sent out
The device identification of sending end mouth access is authenticating device, if it is not, then setting Block state for protocol massages sending port.Association
View content includes the address mac of the equipment of message format, protocol type and transmission protocol massages, passes through the association to protocol massages
The address mac of the equipment of message format, protocol type and transmission protocol massages is judged in view content, to identify transmission
Whether the equipment of protocol massages is authenticating device.The port for being set as Forwarding state can forward and transmitting data stream
Amount, and send protocol massages, and protocol massages can only be received and dispatched by being set as the port of Block state, effectively prevent it is other not
Authenticating device carries out the transmission of data in a switch, guarantees the safety of network.
Identification characteristics are used to specify the address mac, message format and the protocol type of authenticating device, meet setting for identification characteristics
Standby as authenticating device, and be authenticating device by the device identification, for the mac for the authenticating device specified in identification characteristics
Location, message format and protocol type, by artificially being set.
Meanwhile whether authenticating device has survived in access interface to determine, for having been set to Forwarding state
The equipment of port access, if the other equipment accessed in interchanger, i.e., other equipment in Link up status port are not fixed
When the period in receive the protocol massages of port device transmission again, then set Block state for the interface, and cancelling should
The authenticating device of port access device identifies.
Equipment for the timeliness of guarantee agreement message transmissions, port access is assisted to other in Link up status port
The transmission of message is discussed using the highest-priority queue of data transmission in interchanger, meanwhile, it will be assisted in Link up status port
View message is sent to the CPU of interchanger using the highest-priority queue of data transmission in interchanger, effectively avoids passing because of data
Defeated blocking influences the timeliness of protocol massages transmission.Simultaneously, it is contemplated that the quantity of protocol massages and port in entire interchanger
Quantity limits the protocol massages quantity for being sent to CPU, it is ensured that for the network attack of the agreement of implementation of the present invention
CPU will not be made to take paralysis.
The recognition methods of equipment in communication network of the invention, the equipment that port is accessed is periodically and periodically to other shapes
State is that the port of Link up state sends protocol massages, and protocol massages are sent to CPU by the equipment of other ports, and CPU is to agreement
The identity of the access device of message source mouth is judged, to be adjusted to the state of protocol massages sending port, i.e.,
The equipment identities accessed for port carry out multiple authentication, it is ensured that and the equipment that port is accessed is always authenticating device, and
The equipment room of each port access interacts protocol massages certified transmission mode, while when the equipment that some port is accessed is being advised
Protocol massages are not sent to other port devices in fixing time, then directly sets Block state for the interface, further ensures that
It is authenticating device in access switch, the safety of data network is effectively ensured.
The present invention is not limited to the above-described embodiments, for those skilled in the art, is not departing from
Under the premise of the principle of the invention, several improvements and modifications can also be made, these improvements and modifications are also considered as protection of the invention
Within the scope of.The content being not described in detail in this specification belongs to the prior art well known to professional and technical personnel in the field.
Claims (8)
1. the recognition methods of equipment in a kind of communication network, for identifying that feature exists to the equipment accessed in interchanger
In, comprising:
S1: the equipment timing of interchanger middle port access other ports in Link up state into the interchanger are sent
Protocol massages, the protocol massages include the address distinctive purpose mac and privately owned ethernet type, the Link up state
To connect opening state;
S2: the port in Link up state receives protocol massages, and protocol massages are sent to the CPU of interchanger;
S3:CPU analysis protocol message, and judge whether the protocol contents in protocol massages data meet the mark spy of authenticating device
Sign, the protocol contents include the address mac of the equipment of message format, protocol type and transmission protocol massages;If so, will
Protocol massages sending port is set as Forwarding state, and is to have recognized by the device identification that protocol massages sending port accesses
Equipment is demonstrate,proved, if it is not, then setting Block state for protocol massages sending port.
2. the recognition methods of equipment in a kind of communication network as described in claim 1, it is characterised in that: the protocol massages are
Network management message.
3. the recognition methods of equipment in a kind of communication network as described in claim 1, it is characterised in that: the identification characteristics are used
In the address mac, message format and the protocol type of specified authenticating device.
4. the recognition methods of equipment in a kind of communication network as described in claim 1, it is characterised in that: when port has equipment to connect
Fashionable, which is Link up state.
5. the recognition methods of equipment in a kind of communication network as described in claim 1, it is characterised in that: be set as Block shape
The port of state can only receive and dispatch protocol massages.
6. the recognition methods of equipment in a kind of communication network as described in claim 1, it is characterised in that: for having been set to
Forwarding state port access equipment, if the other equipment accessed in interchanger not in preset timing cycle again
The secondary protocol massages for receiving port device transmission, then set Block state for the interface, and cancels port access and set
The standby mark of authenticating device.
7. the recognition methods of equipment in a kind of communication network as described in claim 1, it is characterised in that: the equipment of port access
The highest-priority queue transmitted to other transmissions in Link up status port protocol massages using data in interchanger.
8. the recognition methods of equipment in a kind of communication network as described in claim 1, it is characterised in that: be in Link up shape
Protocol massages are sent to the CPU of interchanger using the highest-priority queue of data transmission in interchanger by the port of state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710691705.6A CN107404492B (en) | 2017-08-14 | 2017-08-14 | The recognition methods of equipment in a kind of communication network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710691705.6A CN107404492B (en) | 2017-08-14 | 2017-08-14 | The recognition methods of equipment in a kind of communication network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107404492A CN107404492A (en) | 2017-11-28 |
| CN107404492B true CN107404492B (en) | 2019-09-03 |
Family
ID=60396946
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710691705.6A Active CN107404492B (en) | 2017-08-14 | 2017-08-14 | The recognition methods of equipment in a kind of communication network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107404492B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101695022A (en) * | 2009-11-02 | 2010-04-14 | 杭州华三通信技术有限公司 | Management method and device for service quality |
| CN103685187A (en) * | 2012-09-14 | 2014-03-26 | 华耀(中国)科技有限公司 | Method for switching SSL (Secure Sockets Layer) authentication mode on demands to achieve resource access control |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2571814C (en) * | 2004-12-30 | 2012-06-19 | Bce Inc. | System and method for secure access |
-
2017
- 2017-08-14 CN CN201710691705.6A patent/CN107404492B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101695022A (en) * | 2009-11-02 | 2010-04-14 | 杭州华三通信技术有限公司 | Management method and device for service quality |
| CN103685187A (en) * | 2012-09-14 | 2014-03-26 | 华耀(中国)科技有限公司 | Method for switching SSL (Secure Sockets Layer) authentication mode on demands to achieve resource access control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107404492A (en) | 2017-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104639624B (en) | A kind of method and apparatus for realizing mobile terminal remote access control | |
| CN103916475B (en) | A kind of network remote control method | |
| CN101800753B (en) | Comprehensive safety protecting method based on integral network safety service framework | |
| CN103269332A (en) | Safeguard system for power secondary system | |
| US20180013615A1 (en) | Management Method for Home Network Device and Network Management System | |
| CN105119911B (en) | A kind of safety certifying method and system based on SDN streams | |
| CN110417739A (en) | It is a kind of based on block chain technology safety Netowrk tape in measurement method | |
| CN102130975A (en) | Method and system for accessing network on public equipment by using identifier | |
| CN110519750A (en) | Message processing method, equipment and system | |
| CN107749863B (en) | Method for network security isolation of information system | |
| CN109617867A (en) | A kind of Intelligent gateway system for home equipment control | |
| CN104333547B (en) | A kind of method for security protection of two-way interaction intelligent electric energy meter | |
| CN101834785A (en) | Method and device for realizing stream filtration | |
| CN109302397A (en) | A kind of network safety managing method, platform and computer readable storage medium | |
| CN102984031A (en) | Method and device for allowing encoding equipment to be safely accessed to monitoring and control network | |
| CN101355585B (en) | System and method for protecting information of distributed architecture data communication equipment | |
| CN107404492B (en) | The recognition methods of equipment in a kind of communication network | |
| CN104468497B (en) | The data isolation method and device of monitoring system | |
| CN102347932B (en) | A kind of processing method of data message and system | |
| CN201878191U (en) | Security access device for video | |
| CN108449758A (en) | A kind of binding method and system of Intelligent hardware | |
| CN105959950A (en) | Wireless access system and connection method thereof | |
| CN205407853U (en) | Double -link data transmission system | |
| CN1996960B (en) | A filtering method for instant communication message and instant communication system | |
| CN102546387B (en) | Method, device and system for processing data message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |