CN107454090A - Cable data identification authentication method and system - Google Patents

Cable data identification authentication method and system Download PDF

Info

Publication number
CN107454090A
CN107454090A CN201710706877.6A CN201710706877A CN107454090A CN 107454090 A CN107454090 A CN 107454090A CN 201710706877 A CN201710706877 A CN 201710706877A CN 107454090 A CN107454090 A CN 107454090A
Authority
CN
China
Prior art keywords
data
message
port
authentication
pattern
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710706877.6A
Other languages
Chinese (zh)
Other versions
CN107454090B (en
Inventor
侯天成
黄毅喆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Comba Network Systems Co Ltd
Original Assignee
Comba Telecom Technology Guangzhou Ltd
Comba Telecom Systems China Ltd
Comba Telecom Systems Guangzhou Co Ltd
Tianjin Comba Telecom Systems Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Comba Telecom Technology Guangzhou Ltd, Comba Telecom Systems China Ltd, Comba Telecom Systems Guangzhou Co Ltd, Tianjin Comba Telecom Systems Co Ltd filed Critical Comba Telecom Technology Guangzhou Ltd
Priority to CN201710706877.6A priority Critical patent/CN107454090B/en
Publication of CN107454090A publication Critical patent/CN107454090A/en
Application granted granted Critical
Publication of CN107454090B publication Critical patent/CN107454090B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention relates to a kind of cable data identification authentication method and system,Pre-configured pattern corresponding to the default corresponding relation selection for pushing Portal demands and predetermined threshold value according to wired differentiation,When selection pre-configured pattern for port mode when,Data identification and Portal authentication processings are carried out to the message of reception according to default port data and the first authentication data,When selection pre-configured pattern for network mode when,Data identification and Portal authentication processings are carried out to the message of reception according to default network segment data and the second authentication data,The pre-configured pattern according to corresponding to wired differentiation pushes the selection of Portal demands,According to default port data,First authentication data or default network segment data,Second authentication data carries out alignment processing to the message of reception,Cable data is identified for realization and Portal certifications,Conveniently accomplish to be managed collectively,Certification is wired and wireless user data,Improve the convenience being managed to user data.

Description

Cable data identification authentication method and system
Technical field
The present invention relates to technical field of network security, more particularly to a kind of cable data identification authentication method and system.
Background technology
In numerous network application scenes, for example some public places such as campus, enterprise campus, market, cell are wireless User's access demand amount gradually increases, and the access of original wire user still retains a certain amount of demand, but existing wireless Controller (AC, Wireless Access Point Controller) can only be typically used wireless by CAPWAP tunnel agreement User data is managed and Portal certifications, wire user data can not be identified and certification simultaneously, i.e., can not accomplish to unite One management, certification is wired, wireless user data, this unified monitoring to network, management, the great inconvenience of certification band, needs badly It is a kind of can based on wireless user data is identified and certification on the basis of, be identified for wire user data and certification Method.
The content of the invention
Based on this, it is necessary in view of the above-mentioned problems, providing one kind, cable data can be identified, so as to convenient to network Data are managed collectively and the cable data identification authentication method and system of certification.
A kind of cable data identification authentication method, comprises the following steps:
Obtain wired differentiation push Portal demands;
According to corresponding to the default corresponding relation selection of wired differentiation push Portal demands and predetermined threshold value Pre-configured pattern, the corresponding pre-configured pattern include pre-configured port mode and pre-configured network pattern;
When selection pre-configured pattern for pre-configured port mode when, according to default port data and the first authentication data Data identification and Portal authentication processings are carried out to the message of reception;
When selection pre-configured pattern for pre-configured network pattern when, according to default network segment data and the second authentication data Data identification and Portal authentication processings are carried out to the message of reception.
A kind of cable data identifies Verification System, including:
Data acquisition module, for obtaining wired differentiation push Portal demands;
Pre-configured mode selection module, for pushing Portal demands and predetermined threshold value according to the wired differentiation Pre-configured pattern corresponding to default corresponding relation selection, it is described corresponding to pre-configured pattern include pre-configured port mode and prewired Put network mode;
Port mode data message processing module, for when selection pre-configured pattern for pre-configured port mode when, root Data identification and Portal authentication processings are carried out to the message of reception according to default port data and the first authentication data;
Network mode data message processing module, for when selection pre-configured pattern for pre-configured network pattern when, root Data identification and Portal authentication processings are carried out to the message of reception according to default network segment data and the second authentication data.
Above-mentioned cable data identification authentication method and system, Portal demands, root are pushed by obtaining wired differentiation Pre-configured pattern corresponding to the default corresponding relation selection of Portal demands and predetermined threshold value is pushed according to wired differentiation, it is corresponding Provisioning module include pre-configured port mode and pre-configured network pattern, when the pre-configured pattern of selection is pre-configured port During pattern, data identification and Portal authentication departments are carried out to the message of reception according to default port data and the first authentication data Reason, when selection pre-configured pattern be pre-configured network pattern when, according to default network segment data and the second authentication data docking The message of receipts carries out data identification and Portal authentication processings, according to corresponding to wired differentiation pushes the selection of Portal demands Pre-configured pattern, according to default port data, the first authentication data or default network segment data, the second authentication data to receiving Message carry out alignment processing, realize and cable data be identified and Portal certifications, in order to accomplish unified management, certification User data, improve the convenience being managed to user data.
Brief description of the drawings
Fig. 1 is cable data identification authentication method flow chart in an embodiment;
Fig. 2 is that pre-configured port mode uplink data messages handle logic chart in an embodiment;
Fig. 3 is that pre-configured port mode downlink data message handles logic chart in an embodiment;
Fig. 4 is that pre-configured network pattern uplink data messages handle logic chart in an embodiment;
Fig. 5 is that pre-configured network pattern downlink data message handles logic chart in an embodiment;
Fig. 6 is that cable data identifies Verification System structure chart in an embodiment.
Embodiment
In one embodiment, as shown in figure 1, a kind of cable data identification authentication method, comprises the following steps:
Step S110:Obtain wired differentiation push Portal demands.
Step S120:The default corresponding relation selection pair of Portal demands and predetermined threshold value is pushed according to wired differentiation The pre-configured pattern answered, corresponding pre-configured pattern include pre-configured port mode and pre-configured network pattern.Specifically, at this In embodiment, step S120 includes:When wired differentiation push Portal demands are less than predetermined threshold value, pre-configured end is selected Mouth mold formula;When wired differentiation push Portal demands are more than or equal to predetermined threshold value, pre-configured network pattern is selected.
Specifically, predetermined threshold value can be set according to specific needs, and pre-configured port mode is binding any user end Mouth is wire user port, according to the push needs of reality, is corresponding with line user end mouth and configures corresponding Portal pushing certifications Template;Pre-configured network pattern is that any network segment of binding is wire user network, according to the push needs of reality, corresponding wired use The corresponding Portal pushing certifications template of family network configuration.
Step S130:When selection pre-configured pattern for pre-configured port mode when, according to default port data and One authentication data carries out data identification and Portal authentication processings to the message of reception.In the present embodiment, step S130 includes Step 132 and step 134.
Step 132:When the message of reception is uplink data messages, when the pre-configured pattern of selection is pre-configured port mould During formula, data identification and Portal are carried out to the uplink data messages of reception according to default port data and the first authentication data Authentication processing.In the present embodiment, step 132 includes step 1322 to step 1326.
Step 1322:Uplink data messages are received, are judged according to default port data when transmission uplink data messages Whether port is pre-configured wire user port.
Specifically, default port data includes port type and IP acquisition modes etc., and port type can be according to specific Need specifically to be set, in the present embodiment, port type is that pre-configured wire user port and CAPWAP ports, IP are obtained It is to obtain and do not obtained by DHCP modes by DHCP modes to take mode, and IP herein refers to the source IP or purpose IP of message.
Step 1324:When the port for sending uplink data messages is pre-configured wire user port, line number in judgement Whether obtained according to the source IP of message by DHCP modes.
Specifically, step 1324 also includes:When the port for sending uplink data messages is not pre-configured wire user end Mouthful when, according to default port data judge transmission uplink data messages port whether be
CAPWAP ports;If so, then uplink data messages are handled according to CAPWAP message handling process;If it is not, Then uplink data messages are abandoned.Wherein, CAPWAP ports are wireless user port.
Step 1326:If so, then when judging user by Portal certifications according to the first authentication data, by upstream data Message is let pass to network, and when judging user not by Portal certifications according to default authentication data, by uplink data messages Send to user management process, user management process is according to the Portal templates of pre-configured wire user port binding to correspondingly User sends redirection message.
Specifically, user refers to user corresponding to port, and the first authentication data includes user profile, specifically includes each user Whether also included by Portal authentication datas, step 1326:When the source IP of uplink data messages is obtained by DHCP modes When taking, uplink data messages are abandoned.
Specifically, as shown in Fig. 2 the present invention be existing AC (Wireless Access Point Controller, That is wireless controller) on transformed, realize the same management and certification of wire user, wireless user data, as shown in Fig. 2 When AC ports receive uplink data messages, whether the port for first determining whether to send uplink data messages is pre-configured wired use Family port, if not then further determining whether it is CAPWAP (Control And Provisioning of Wireless Access Points Protocol Specification, mean control and the configuration protocol of WAP) port, if It is that CAPWAP ports are then handled uplink data messages according to CAPWAP message handling process, otherwise abandons the upstream data Message;If the port for sending uplink data messages is pre-configured wire user port, the upstream data is determined whether Whether message source IP is by DHCP (Dynamic Host Configuration Protocol, DHCP) Mode obtains, and if not disabled user is then considered, directly abandons uplink data messages;If obtained by DHCP modes , it is believed that it is validated user, then whether the user is further judged by Portal certifications by look-up table, if so, then direct Let pass to Internet, otherwise send the uplink data messages to user management process, user management process is according to pre-configured Wire user port binding Portal certifications template send redirection message give the wire user.
Specifically, Portal certifications are a kind of authentication modes, and the form of expression of the first authentication data is the first storage form, Specific manifestation form is not unique, and AC judges whether have corresponding to the User IP in database when receiving the message of user User profile, (there is no the user profile in the i.e. first storage form) if not, then learn the user profile, the user profile is defeated Enter in the first storage form and obtain the first authentication data, if (having the user profile in the i.e. first storage form), according to first Authentication data judges that the user whether by Portal certifications, that is, judges whether the user can be by tabling look-up by Portal certifications Method is inquired about, if correspond to the presentation of information Portal certifications of user in the first storage form by, directly clearance to network, If without Portal certifications by pushing Portal certification templates to corresponding user, can just be put after Portal certifications Row is to network, and further, default port data can build table storage in advance, when receiving data message, by the letter in message The various information that breath can determine whether to judge in data process method by look-up table inquiry contrast, for example send uplink data messages Port whether be pre-configured wire user port, uplink data messages source IP whether be to be obtained by DHCP modes etc..
Step 134:When the message of reception is downlink data message, when the pre-configured pattern of selection is pre-configured port mould During formula, data identification is carried out to the downlink data message of reception according to default port data.In the present embodiment, step 134 Including step 1342 and step 1344.
Step 1342:Downlink data message is received, the purpose road of downlink data message is judged according to default port data Whether it is pre-configured wire user port by port.
Step 1344:When the purpose routed port of downlink data message is pre-configured wire user port, mesh is judged IP whether be wire user;If so, by downlink data message routing forwarding to wire user;If it is not, then by downlink data report Text abandons.
Specifically, step 1344 also includes:When the purpose routed port of downlink data message is not pre-configured wired use During the port of family, whether the purpose routed port for judging downlink data message is CAPWAP ports;If so, then according to CAPWAP message Handling process is handled downlink data message;If it is not, then downlink data message is entered according to non-user Message processing flow Row processing.
Specifically, as shown in figure 3, when AC receives downlink data message, the purpose route end of downlink data message is judged Whether mouth is pre-configured wire user port, if whether pre-configured wire user port, determine whether purpose IP For wire user, the data if wire user is then let pass, the downlink data message is otherwise abandoned;Have if not pre-configured Line user end mouth, further determine whether as CAPWAP ports, if it is according to CAPWAP message handling process to lower line number Handled according to message, otherwise downlink data message is handled according to non-user Message processing flow.
Step S140:When selection pre-configured pattern for pre-configured network pattern when, according to default network segment data and Two authentication datas carry out data identification and Portal authentication processings to the message of reception.In the present embodiment, step S140 includes Step 142 and step 144.
Step 142:When the message of reception is uplink data messages, when the pre-configured pattern of selection is pre-configured network mould During formula, data identification and Portal are carried out to the uplink data messages of reception according to default network segment data and the second authentication data Authentication processing.In the present embodiment, step 142 includes step 1422 to step 1426.
Step 1422:Uplink data messages are received, whether judge uplink data messages source IP according to default network segment data In pre-configured wired segment.
Specifically, default network segment data include default network segment type, IP acquisition modes and user type, default net Segment type includes pre-configured wired segment and the CAPWAP network segments, and IP acquisition modes are to be obtained and do not passed through by DHCP modes DHCP modes obtain, and user type includes wire user and wireless user.
Step 1424:When uplink data messages source IP is in pre-configured wired segment, uplink data messages source is judged Whether IP is obtained by DHCP modes.
Specifically, step 1424 also includes:When uplink data messages source IP is not in pre-configured wired segment, judge Uplink data messages source IP whether the CAPWAP network segments;If so, then uplink data messages are entered according to CAPWAP message handling process Row processing;If it is not, then uplink data messages are abandoned.
Step 1426:If so, then when judging uplink data messages by Portal certifications according to the second authentication data, will Uplink data messages are let pass to network;If by Portal certifications, uplink data messages are not sent to use for uplink data messages Family managing process, user management process send to corresponding user according to the Portal templates that pre-configured wired segment is bound and reset To message.
Specifically, the second authentication data includes each network segment user profile, specifically includes whether each network user passes through Portal authentication datas;Step 1426 also includes:, will be upper when the source IP of uplink data messages is obtained by DHCP modes Row data packet loss.
Further, the form of expression of the second authentication data is the second storage form, and specific manifestation form is not unique, AC When receiving the message of each network segment user, judge whether there is user profile corresponding to the network segment User IP in database, if not (not having the user profile in the i.e. second storage form), then learn the user profile, the user profile inputted into the second storage table The second authentication data is obtained in lattice, if (having the user profile in the i.e. second storage form), judges according to the second authentication data Whether network segment user is by Portal certifications, if corresponding to the presentation of information Portal certifications of user in the second storage form By then directly letting pass to network, if without Portal certifications by pushing Portal certification templates, warp to corresponding user Crossing after Portal certifications can just let pass to network.Further, the second storage form and the first storage form can be same Two parts in individual form, or independent two forms.
As shown in figure 4, when AC is configured to network mode and receives uplink data messages, uplink data messages are first determined whether Whether source IP is in pre-configured wired segment, is further determined whether if pre-configured wired segment is not belonging to In the CAPWAP network segments, if in the CAPWAP network segments, uplink data messages are handled according to CAPWAP message handling process, If not abandoning the uplink data messages if the CAPWAP network segments, if belonging to pre-configured wired segment, judge the IP whether be Obtained from AC by DHCP modes, if not disabled user is then considered, directly abandon the uplink data messages, if it is The user is determined whether by Portal certifications, if by Portal certifications, directly should for certification user Uplink data messages are let pass, and are otherwise sent the uplink data messages to user management process, user management process is according to prewired The Portal certifications template for the wired segment binding put sends corresponding redirection message to user.
Step 144:When the message of reception is downlink data message, when the pre-configured pattern of selection is pre-configured network mould During formula, data identification is carried out to the downlink data message of reception according to default network segment data.In the present embodiment, step 144 Including step 1442 and step 1444.
Step 1442:Downlink data message is received, the purpose IP of downlink data message is judged according to default network segment data Whether in pre-configured wired segment.
Step 1444:When the purpose IP of downlink data message is in pre-configured wired segment, downlink data report is judged Whether the IP of text is obtained by DHCP modes;If so, downlink data message is sent to corresponding wire user;Otherwise under abandoning Row data message.
Specifically, step 1444 also includes:When the purpose IP of downlink data message is not in pre-configured wired segment, Judge the purpose IP of downlink data message whether in the CAPWAP network segments;If so, then according to CAPWAP message handling process under Row data message is handled;If it is not, then downlink data message is handled according to non-user Message processing flow.
Specifically, as shown in figure 5, when AC is configured to network mode and receives downlink data message, downlink data report is judged Whether whether literary purpose IP, if in the network segment, determine whether the IP by DHCP side in pre-configured wired segment Formula obtains, if being obtained by DHCP modes, then downlink data message directly is sent into wire user, otherwise that this is descending Data message directly abandons;If downlink data message purpose IP determines whether purpose IP not in the pre-configured network segment Whether it is the CAPWAP ports network segment, if it is downlink data message is handled according to CAPWAP message handling process, such as Fruit is not then by non-user Message processing.
Specifically, Fig. 2, Fig. 3, Fig. 4 and Fig. 5 are a kind of data message handling process of embodiment, if selection Pre-configured port mode, can first be judged to send the port of uplink data messages or lower line number according to default port data Whether it is pre-configured wire user port according to the purpose routed port of message, if it is not, then judging to send uplink data messages Port or downlink data message purpose routed port whether be CAPWAP interfaces or first according to default port Data judge whether the port of transmission uplink data messages or the purpose routed port of downlink data message are CAPWAP interfaces, If it is not, then judge to send whether the port of uplink data messages or the purpose routed port of downlink data message are pre-configured Wire user port, then carry out subsequent treatment;Similarly, can be first according to default if the pre-configured network pattern of selection Network segment data judge whether send the source IP of uplink data messages or the purpose IP of downlink data message has in pre-configured In gauze section, if it is not, whether the source IP for then judging to send uplink data messages is in the CAPWAP network segments or downlink data message Purpose routed port whether be CAPWAP interfaces or first according to default port data judge send upstream data report Whether the port of text or the purpose IP network section of downlink data message are the CAPWAP ports network segment, if it is not, then judging to send Whether the purpose IP of row data message source IP or downlink data message is in the pre-configured network segment, then carries out subsequent treatment.
Specifically, using pre-configured network and the method for port, there is provided both of which realizes effective knowledge to wire user Not, the particularly method of pre-configured network, it is possible to achieve to the push Portal more to become more meticulous of wire user.
Above-mentioned cable data identification authentication method, is transformed existing AC, is pushed by obtaining wired differentiation Portal demands, according to corresponding to the default corresponding relation selection of wired differentiation push Portal demands and predetermined threshold value Pre-configured pattern, corresponding provisioning module include pre-configured port mode and pre-configured network pattern, pre-configured when selection When pattern is pre-configured port mode, data knowledge is carried out to the message of reception according to default port data and the first authentication data Not and Portal authentication processings, when selection pre-configured pattern for pre-configured network pattern when, according to default network segment data with Second authentication data carries out data identification and Portal authentication processings to the message of reception, and Portal is pushed according to wired differentiation Pre-configured pattern corresponding to demand selection, according to default port data, the first authentication data or default network segment data, the Two authentication datas carry out alignment processing to the message of reception, can effectively, conveniently by way of Configuration network pattern, port mode Identification cable data, in order to the unified management of wired, wireless authentication user data, effectively solve numerous network applications Scene is wired, wireless terminal user unified management, certification the problems such as, conveniently accomplish unified management, certification is wired and wireless user Data, improve the convenience being managed collectively to user data.
In one embodiment, as shown in fig. 6, a kind of cable data identifies Verification System, including data acquisition module 110th, pre-configured mode selection module 120, port mode data message processing module 130 and network mode data message processing mould Block 140.
In one embodiment, data acquisition module 110 is used to obtain wired differentiation push Portal demands.
In one embodiment, pre-configured mode selection module 120, for pushing Portal demands according to wired differentiation Pre-configured pattern corresponding to first default corresponding relation selection of amount and predetermined threshold value, corresponding pre-configured pattern includes pre-configured Port mode and pre-configured network pattern.In the present embodiment, pre-configured mode selection module 120 is included when wired differentiation pushes away When sending the Portal demands to be less than predetermined threshold value, pre-configured port mode is selected;When wired differentiation pushes Portal demands During more than or equal to predetermined threshold value, pre-configured network pattern is selected.
In one embodiment, port mode data message processing module 130 is used for when the pre-configured pattern of selection is pre- When configuring port mode, the message of reception is carried out according to default port data and the first authentication data data identification and Portal authentication processings.In the present embodiment, port mode data message processing module 130 is included at the first uplink data messages Manage unit and first downstream data message process unit.
First uplink data messages processing unit is used for when the message of reception is uplink data messages, prewired when selection When to put pattern be pre-configured port mode, the uplink data messages according to default port data and the first authentication data to reception Carry out data identification and Portal authentication processings.In the present embodiment, the first uplink data messages processing unit includes the first use Family port type judging unit, source IP acquisition modes judging unit and the first certification pass through judging unit.
First user port type judging unit is used to receive uplink data messages, judges to work as according to default port data Whether the port for sending uplink data messages is pre-configured wire user port.
First source IP acquisition modes judging unit is used for when the port for sending uplink data messages is pre-configured wired use During the port of family, judge whether the source IP of uplink data messages is obtained by DHCP modes.
Specifically, the first source IP acquisition modes judging unit is additionally operable to when the port for sending uplink data messages is not prewired Whether it is CAPWAP ends according to the port that default port data judges to send uplink data messages during the wire user port put Mouthful;If the port for sending uplink data messages is CAPWAP ports, according to CAPWAP message handling process to upstream data report Text is handled;If it is not, then uplink data messages are abandoned.
The source IP that first certification is used to work as uplink data messages by judging unit is obtained by DHCP modes, and works as root When judging user by Portal certifications according to the first authentication data, uplink data messages are let pass to network, and when according to default When authentication data judges user not by Portal certifications, uplink data messages are sent to user management process, user management Process sends redirection message according to the Portal templates of pre-configured wire user port binding to corresponding user.
Specifically, the first certification is additionally operable to when the source IP for judging uplink data messages is not to pass through DHCP by judging unit When mode obtains, uplink data messages are abandoned.
First downstream data message process unit is used for when the message of reception is downlink data message, prewired when selection When to put pattern be pre-configured port mode, the downlink data message received according to default port data carries out data identification. In the present embodiment, first downstream data processing unit includes the second wire user port judging unit and purpose user type judges Unit.
Second user port type judging unit is used to receive downlink data message, under being judged according to default port data Whether the purpose routed port of row data message is pre-configured wire user port.
Purpose user type judging unit is used for when the purpose routed port of downlink data message is pre-configured wired use During the port of family, judge whether purpose IP is wire user;If purpose IP is wire user, downlink data message routing forwarding is given Wire user;If purpose IP is not wire user, downlink data message is abandoned.
Specifically, purpose user type judging unit is additionally operable to the purpose routed port when downlink data message not to be prewired During the wire user port put, whether the purpose routed port for judging downlink data message is CAPWAP ports;If downlink data The purpose routed port of message is CAPWAP ports, then according to CAPWAP message handling process to downlink data message at Reason;If the purpose routed port of downlink data message is not CAPWAP ports, according to non-user Message processing flow to descending Data message is handled.
In one embodiment, network mode data message processing module 140, it is pre- for the pre-configured pattern when selection During Configuration network pattern, the message of reception is carried out according to default network segment data and the second authentication data data identification and Portal authentication processings.In the present embodiment, network mode data message processing module 140 is included at the second uplink data messages Manage unit and second downstream data message process unit.
Second uplink data messages processing unit is used for when the message of reception is uplink data messages, prewired when selection When to put pattern be pre-configured network pattern, the uplink data messages according to default network segment data and the second authentication data to reception Carry out data identification and Portal authentication processings.In the present embodiment, the second uplink data messages processing unit includes the first net Segment type judge module, the second source IP acquisition modes judging unit and the second certification pass through judging unit.
First network segment type judging module is used to receive uplink data messages, judges upper line number according to default network segment data According to message source IP whether in pre-configured wired segment.
Second source IP acquisition modes judging unit is used for when uplink data messages source IP is in pre-configured wired segment, Judge whether uplink data messages source IP is obtained by DHCP modes.
Specifically, the second source IP acquisition modes judging unit is additionally operable to when uplink data messages source IP does not have in pre-configured When in gauze section, judge uplink data messages source IP whether in the CAPWAP network segments;If uplink data messages source IP is in CAPWAP In the network segment, then uplink data messages are handled according to CAPWAP message handling process;If uplink data messages source IP does not exist In the CAPWAP network segments, then uplink data messages are abandoned.
If the second certification is used for uplink data messages source IP by judging unit to be obtained by DHCP modes, work as basis When second authentication data judges uplink data messages by Portal certifications, uplink data messages are let pass to network;It is if up Data message by Portal certifications, uplink data messages is not sent to user management process, user management process is according to pre- The Portal templates of the wired segment binding of configuration send redirection message to corresponding user.
Specifically, the second certification is additionally operable to when the source IP for judging uplink data messages is not to pass through DHCP by judging unit When mode obtains, uplink data messages are abandoned.
Second downstream data message process unit is used for when the message of reception is downlink data message, prewired when selection When to put pattern be pre-configured network pattern, data identification is carried out to the downlink data message of reception according to default network segment data. In the present embodiment, second downstream data message process unit includes the second network segment type judging unit and IP acquisition modes judge Unit.
Second network segment type judging unit is used to receive downlink data message, judges lower line number according to default network segment data According to the purpose IP of message whether in pre-configured wired segment.
IP acquisition modes judging unit is used for when the purpose IP of downlink data message is in pre-configured wired segment, sentences Whether the IP of disconnected downlink data message is obtained by DHCP modes, if the IP of downlink data message is obtained by DHCP modes, Downlink data message is sent to corresponding wire user, otherwise abandons downlink data message.
Specifically, IP acquisition modes judging unit is additionally operable to the purpose IP when downlink data message not pre-configured wired When in the network segment, judge the purpose IP of downlink data message whether in the CAPWAP network segments;If the purpose IP of downlink data message exists In the CAPWAP network segments, then downlink data message is handled according to CAPWAP message handling process;If downlink data message Purpose IP is then handled downlink data message not in the CAPWAP network segments according to non-user Message processing flow.
Above-mentioned cable data identifies Verification System, Portal demands is pushed by obtaining wired differentiation, according to wired Differentiation pushes pre-configured pattern corresponding to the default corresponding relation selection of Portal demands and predetermined threshold value, corresponding prewired Putting module includes pre-configured port mode and pre-configured network pattern, when the pre-configured pattern of selection is pre-configured port mode When, data identification and Portal authentication processings are carried out to the message of reception according to default port data and the first authentication data, When selection pre-configured pattern for pre-configured network pattern when, according to default network segment data and the second authentication data to reception Message carries out data identification and Portal authentication processings, prewired according to corresponding to wired differentiation pushes the selection of Portal demands Pattern is put, according to default port data, the first authentication data or default network segment data, the second authentication data to the report of reception Text carries out alignment processing, realizes and cable data is identified and Portal certifications, conveniently accomplish unified management, certification it is wired and Wireless user data, improve the convenience being managed collectively to user data.
Each technical characteristic of embodiment described above can be combined arbitrarily, to make description succinct, not to above-mentioned reality Apply all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited In contradiction, the scope that this specification is recorded all is considered to be.
Embodiment described above only expresses the several embodiments of the present invention, and its description is more specific and detailed, but simultaneously Can not therefore it be construed as limiting the scope of the patent.It should be pointed out that come for one of ordinary skill in the art Say, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the protection of the present invention Scope.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.

Claims (10)

1. a kind of cable data identification authentication method, it is characterised in that comprise the following steps:
Obtain wired differentiation push Portal demands;
It is prewired according to corresponding to the default corresponding relation selection of wired differentiation push Portal demands and predetermined threshold value Pattern is put, the corresponding pre-configured pattern includes pre-configured port mode and pre-configured network pattern;
When selection pre-configured pattern for pre-configured port mode when, docked according to default port data and the first authentication data The message of receipts carries out data identification and Portal authentication processings;
When selection pre-configured pattern for pre-configured network pattern when, docked according to default network segment data and the second authentication data The message of receipts carries out data identification and Portal authentication processings.
2. cable data identification authentication method according to claim 1, it is characterised in that described when the pre-configured mould of selection When formula is pre-configured port mode, data identification is carried out to the message of reception according to default port data and the first authentication data The step of with Portal authentication processings, including:
When the message of reception is uplink data messages, when selection pre-configured pattern for pre-configured port mode when, according to pre- If port data and the first authentication data data identification and Portal authentication processings are carried out to the uplink data messages of reception;
When the message of reception is downlink data message, when selection pre-configured pattern for pre-configured port mode when, according to pre- If port data data identification is carried out to the downlink data message of reception.
3. cable data identification authentication method according to claim 2, it is characterised in that according to default port data and The step of first authentication data carries out data identification and Portal authentication processings to the uplink data messages of reception, including:
Uplink data messages are received, whether are pre-configured according to the port that default port data judges to send uplink data messages Wire user port;
When the port for sending uplink data messages is pre-configured wire user port, the source of the uplink data messages is judged Whether IP is obtained by DHCP modes;
If so, then the uplink data messages are let pass when judging user by Portal certifications according to the first authentication data To network, and when judging user not by Portal certifications according to the first authentication data, the uplink data messages are sent To user management process, user management process is according to the Portal templates of the pre-configured wire user port binding to correspondingly User sends redirection message.
4. cable data identification authentication method according to claim 2, it is characterised in that described under the message received is During row data message, when selection pre-configured pattern for pre-configured port mode when, according to default port data to reception Downlink data message is carried out the step of data identification, including:
Receive downlink data message, according to default port data judge the downlink data message purpose routed port whether For pre-configured wire user port;
When the purpose routed port of the downlink data message is pre-configured wire user port, judge purpose IP whether be Wire user;
If so, give the downlink data message routing forwarding to the wire user;
If it is not, then the downlink data message is abandoned.
5. cable data identification authentication method according to claim 1, it is characterised in that described when the pre-configured mould of selection When formula is pre-configured network pattern, data identification is carried out to the message of reception according to default network segment data and the second authentication data The step of with Portal authentication processings, including:
When the message of reception is uplink data messages, when selection pre-configured pattern for pre-configured network pattern when, according to pre- If network segment data and the second authentication data data identification and Portal authentication processings are carried out to the uplink data messages of reception;
When the message of reception is downlink data message, when selection pre-configured pattern for pre-configured network pattern when, according to pre- If the network segment data data identification is carried out to the downlink data message of reception.
6. cable data identification authentication method according to claim 5, it is characterised in that described when the message received is upper During row data message, when selection pre-configured pattern for pre-configured network pattern when, recognized according to default network segment data and second Demonstrate,prove data and data identification and Portal authentication processing steps are carried out to the uplink data messages of reception, including:
Uplink data messages are received, judge the source IP of the uplink data messages whether pre-configured according to default network segment data Wired segment in;
When the source IP of the uplink data messages is in pre-configured wired segment, the source IP of the uplink data messages is judged Whether obtained by DHCP modes;
If so, then when judging the uplink data messages by Portal certifications according to the second authentication data, will be described up Data message is let pass to network;
If by Portal certifications, the uplink data messages are not sent to user management process for the uplink data messages, User management process sends redirection message according to the Portal templates that the pre-configured wired segment is bound to corresponding user.
7. cable data identification authentication method according to claim 5, it is characterised in that described under the message received is During row data message, when selection pre-configured pattern for pre-configured network pattern when, according to default network segment data to reception Downlink data message is carried out the step of data identification, including:
Downlink data message is received, judges the purpose IP of the downlink data message whether prewired according to default network segment data In the wired segment put;
When the purpose IP of the downlink data message is in pre-configured wired segment, the IP of the downlink data message is judged Whether obtained by DHCP modes;
If so, the downlink data message is sent to corresponding wire user;
If it is not, then abandon the downlink data message.
8. a kind of cable data identifies Verification System, it is characterised in that including:
Data acquisition module, for obtaining wired differentiation push Portal demands;
Pre-configured mode selection module, for pushing the default of Portal demands and predetermined threshold value according to the wired differentiation Pre-configured pattern corresponding to corresponding relation selection, the corresponding pre-configured pattern include pre-configured port mode and pre-configured net Network pattern;
Port mode data message processing module, for when selection pre-configured pattern for pre-configured port mode when, according to pre- If port data and the first authentication data data identification and Portal authentication processings are carried out to the message of reception;
Network mode data message processing module, for when selection pre-configured pattern for pre-configured network pattern when, according to pre- If network segment data and the second authentication data data identification and Portal authentication processings are carried out to the message of reception.
9. cable data according to claim 8 identifies Verification System, it is characterised in that the port mode data message Processing module includes:
First uplink data messages processing unit, it is pre-configured when selection for when the message of reception is uplink data messages When pattern is pre-configured port mode, the uplink data messages of reception are entered according to default port data and the first authentication data Row data identify and Portal authentication processings;
First downstream data message process unit, it is pre-configured when selection for when the message of reception is downlink data message When pattern is pre-configured port mode, data identification is carried out to the downlink data message of reception according to default port data.
10. cable data according to claim 8 identifies Verification System, it is characterised in that the network mode datagram Literary processing module includes:
Second uplink data messages processing unit, it is pre-configured when selection for when the message of reception is uplink data messages When pattern is pre-configured network pattern, the uplink data messages of reception are entered according to default network segment data and the second authentication data Row data identify and Portal authentication processings;
Second downstream data message process unit, it is pre-configured when selection for when the message of reception is downlink data message When pattern is pre-configured network pattern, data identification is carried out to the downlink data message of reception according to default network segment data.
CN201710706877.6A 2017-08-17 2017-08-17 Wired data identification and authentication method and system Expired - Fee Related CN107454090B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710706877.6A CN107454090B (en) 2017-08-17 2017-08-17 Wired data identification and authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710706877.6A CN107454090B (en) 2017-08-17 2017-08-17 Wired data identification and authentication method and system

Publications (2)

Publication Number Publication Date
CN107454090A true CN107454090A (en) 2017-12-08
CN107454090B CN107454090B (en) 2019-12-27

Family

ID=60491440

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710706877.6A Expired - Fee Related CN107454090B (en) 2017-08-17 2017-08-17 Wired data identification and authentication method and system

Country Status (1)

Country Link
CN (1) CN107454090B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1505331A (en) * 2002-12-04 2004-06-16 华为技术有限公司 Method for realizing port based identification and transmission layer based identification compatibility
CN101388816A (en) * 2008-11-05 2009-03-18 深圳华为通信技术有限公司 Network interface mode switching method and device
CN102572830A (en) * 2012-01-19 2012-07-11 华为技术有限公司 Method and customer premise equipment (CPE) for terminal access authentication
CN103067348A (en) * 2011-10-20 2013-04-24 安美世纪(北京)科技有限公司 Hotel public network wired/wireless unified authentication roaming method
US20140196126A1 (en) * 2013-01-04 2014-07-10 Apple Inc. Facilitating wireless network access by using a ubiquitous ssid

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1505331A (en) * 2002-12-04 2004-06-16 华为技术有限公司 Method for realizing port based identification and transmission layer based identification compatibility
CN101388816A (en) * 2008-11-05 2009-03-18 深圳华为通信技术有限公司 Network interface mode switching method and device
CN103067348A (en) * 2011-10-20 2013-04-24 安美世纪(北京)科技有限公司 Hotel public network wired/wireless unified authentication roaming method
CN102572830A (en) * 2012-01-19 2012-07-11 华为技术有限公司 Method and customer premise equipment (CPE) for terminal access authentication
US20140196126A1 (en) * 2013-01-04 2014-07-10 Apple Inc. Facilitating wireless network access by using a ubiquitous ssid

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
方蓓: "多种接入方式下的统一身份认证设计与实现", 《CNKI优秀硕士学位论文全文库》 *

Also Published As

Publication number Publication date
CN107454090B (en) 2019-12-27

Similar Documents

Publication Publication Date Title
CN100502335C (en) Communication system, wireless LAN base station controller, and wireless LAN base station device
CN104283791B (en) Three etale topologies in a kind of SDN determine method and apparatus
CN109587160A (en) A kind of data transfer device, device, readable storage medium storing program for executing and industrial equipment
CN105099921B (en) A kind of fastext processing method and device based on user
WO2014142299A1 (en) Communication terminal, communication control apparatus, communication system, communication control method and program
CN104065571B (en) A kind of broadcasting packet processing method, apparatus and system
KR101855742B1 (en) Method and apparatus for destination based packet forwarding control in software defined networking
CN109309624B (en) Flow scheduling method and system, and software defined network controller
CN104243268A (en) Association method and device between virtual extensible local area networks (VXLAN) and tunnel
CN104320502B (en) Terminating gateway IP address distribution method, the method for data transfer, MME and system
CN108882305A (en) A kind of shunt method and device of data packet
CN106789527A (en) The method and system that a kind of private line network is accessed
EP3091693B1 (en) Control method and centralized controller in communication network and wireless communication network system
CN104869125A (en) SDN-based method for dynamically preventing MAC address spoofing
CN103067278B (en) A kind of method for transmission processing of Frame, equipment and system
CN106789725A (en) It is a kind of to realize the methods, devices and systems that flow is redirected
EP2897328B1 (en) Method, system and apparatus for establishing communication link
CN107769978A (en) Management method, system, router and the server that a kind of terminal device networks
JP5164744B2 (en) Communication network system and bandwidth control method for inter-base communication
CN104394075B (en) A kind of method and apparatus of message transmissions
CN106921534A (en) Data traffic monitoring and managing method and device
CN109120657B (en) Service configuration method and node
CN105392171B (en) A kind of message forwarding method and its forwarding unit
CN104601418A (en) Multi-network integration transmission system under multiple one-user-one-vlan binding authentication mechanism outlets
CN107454090A (en) Cable data identification authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200108

Address after: 510663 Shenzhou Road, Guangzhou Science City, Guangzhou economic and Technological Development Zone, Guangdong, 10

Patentee after: COMBA TELECOM SYSTEMS (CHINA) Ltd.

Address before: 510663 Shenzhou Road 10, Guangzhou Science City, Guangzhou economic and Technological Development Zone, Guangzhou, Guangdong

Co-patentee before: COMBA TELECOM SYSTEMS (GUANGZHOU) Ltd.

Patentee before: COMBA TELECOM SYSTEMS (CHINA) Ltd.

Co-patentee before: COMBA TELECOM TECHNOLOGY (GUANGZHOU) Ltd.

Co-patentee before: TIANJIN COMBA TELECOM SYSTEMS Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20191227

Termination date: 20210817