CN107888563B - Method and device for determining terminal access position - Google Patents
Method and device for determining terminal access position Download PDFInfo
- Publication number
- CN107888563B CN107888563B CN201710966470.7A CN201710966470A CN107888563B CN 107888563 B CN107888563 B CN 107888563B CN 201710966470 A CN201710966470 A CN 201710966470A CN 107888563 B CN107888563 B CN 107888563B
- Authority
- CN
- China
- Prior art keywords
- access
- determining
- mac
- port
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 238000004590 computer program Methods 0.000 claims description 21
- 230000008859 change Effects 0.000 abstract description 5
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 abstract 1
- 230000000875 corresponding effect Effects 0.000 description 35
- 230000006870 function Effects 0.000 description 7
- 230000000694 effects Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000002860 competitive effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/255—Maintenance or indexing of mapping tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Abstract
The invention discloses a method and a device for determining a terminal access position, which comprise the following steps: scanning an IP table, an MAC table and an ARP table of a core switch, and determining an IP-MAC corresponding relation and a port-MAC corresponding relation of the core switch; circularly acquiring MAC tables of all access switches, matching the ARP tables of the access switches, and determining the connection relation between all terminal equipment and ports of the access switches; and determining the real access positions of all the terminal equipment according to the link states of the ports of the access switch. The method and the device for determining the terminal access position can determine the terminal access position aiming at different terminal equipment or different types of terminal equipment, improve the positioning accuracy, reduce the manual workload, and further sense the dynamic change of the connection relation of the terminal equipment and alarm and forbid ports for illegally accessed equipment.
Description
Technical Field
The present invention relates to the field of computers, and more particularly, to a method and an apparatus for determining a terminal access location.
Background
In the process of enterprise informatization construction, the security and stability of an enterprise network are important. The network is the foundation of information-based construction and is the core competitive load of enterprises, and the network contains a large amount of data and services, and if the data and the services are damaged, changed and leaked, the consequences are very serious. In the prior art, many measures are used to prevent the above situations, including using 802.1x admission in the process of terminal access; port admission is used for ensuring the access validity; and legally accessing resources of enterprises and the like by strictly detecting the compliance of the terminals. However, the basis of all the above is correct identification of the connection relationship between the terminal and the switch, and only by knowing the access position of the terminal definitely, the source can be traced and the access position can be clear at a glance, but the confirmation of the access position at present is manually completed by a network administrator, and accurate automatic identification cannot be achieved.
Aiming at the problem that the access position of a terminal in the prior art can not be automatically and accurately identified, no effective solution is provided at present.
Disclosure of Invention
In view of this, an object of the embodiments of the present invention is to provide a method and an apparatus for determining a terminal access position, which can determine a terminal access position for different terminal devices or different types of terminal devices, improve positioning accuracy, reduce manual workload, and further sense dynamic changes of a connection relationship of the terminal devices, and alarm and disable ports for devices accessing in an illegal manner.
In view of the above object, an aspect of the embodiments of the present invention provides a method for determining a terminal access location, including the following steps:
scanning an IP table, an MAC table and an ARP table of a core switch, and determining an IP-MAC corresponding relation and a port-MAC corresponding relation of the core switch;
circularly acquiring MAC tables of all access switches, matching the ARP tables of the access switches, and determining the connection relation between all terminal equipment and ports of the access switches;
and determining the real access positions of all the terminal equipment according to the link states of the ports of the access switch.
In some embodiments, scanning an IP table, a MAC table, and an ARP table of a core switch, and determining an IP-MAC correspondence and a port-MAC correspondence of the core switch comprises:
scanning an IP table of a core switch and determining an IP range;
actively scanning an IP range and updating an MAC table and an ARP table of a core switch;
scanning an ARP table of a core switch and determining an IP-MAC corresponding relation;
the MAC table of the core switch is scanned and the port-MAC correspondence is determined.
In some embodiments, circularly acquiring the MAC tables of all the access switches and matching the ARP tables of the access switches, and determining the connection relationship between all the terminal devices and the ports of the access switches includes:
circularly acquiring MAC tables of all access switches and updating port-MAC corresponding relations;
and matching the port-MAC corresponding relation with an ARP table of the access switch to obtain the IP-port corresponding relation of all the terminal equipment, and taking the IP-port corresponding relation as the connection relation of all the terminal equipment and the ports of the access switch.
In some embodiments, determining the true access locations of all end devices from the link states of the ports of the access switch comprises:
determining the link state of each port of the Access switch as Access or Trunk;
determining a port with the link state of Access as a real Access position of corresponding terminal equipment;
and determining the port with the link state of Trunk as a suspected access position of the corresponding terminal equipment, and further scanning an access switch directly connected with the Trunk port to determine the real access position of the corresponding terminal equipment.
In some embodiments, the core switch and all access switches turn on SNMP (Simple network management Protocol) services.
In some embodiments, the terminal device is a single device or a hub that is connected to multiple devices simultaneously.
In another aspect of the embodiment of the present invention, an apparatus for determining a terminal access position is also provided, and the method is used.
In another aspect of the embodiments of the present invention, there is also provided a computer device including a memory, at least one processor, and a computer program stored on the memory and executable on the processor, the processor executing the program to perform the method described above.
In another aspect of the embodiments of the present invention, a computer-readable storage medium is further provided, which stores a computer program, and the computer program, when executed by a processor, performs the above-mentioned method.
In another aspect of the embodiments of the present invention, there is also provided a computer program product including a computer program stored on a computer-readable storage medium, the computer program including instructions which, when executed by a computer, cause the computer to perform the above method.
The invention has the following beneficial technical effects: the method and the device for determining the terminal access position provided by the embodiment of the invention can determine the terminal access position aiming at different terminal equipment or different types of terminal equipment by determining the IP-MAC corresponding relation and the port-MAC corresponding relation of the core switch, determining the connection relation between all the terminal equipment and the port of the access switch and determining the real access position of all the terminal equipment, thereby improving the positioning accuracy, reducing the manual workload, and further sensing the dynamic change of the connection relation of the terminal equipment, alarming illegal access equipment and forbidding the port.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a first embodiment of a method for determining an access location of a terminal according to the present invention;
fig. 2 is a schematic flowchart of a method for determining an access location of a terminal according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a network system according to a second embodiment of the method for determining an access location of a terminal provided by the present invention;
fig. 4 is a schematic hardware structure diagram of an embodiment of a computer device for executing the method for determining the access position of the terminal according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
In view of the above object, a first aspect of the embodiments of the present invention proposes a first embodiment of a method for determining a terminal access position for different terminal devices or different types of terminal devices. Fig. 1 is a schematic flow chart illustrating a method for determining an access location of a terminal according to a first embodiment of the present invention.
The method for determining the access position of the terminal comprises the following steps:
step S101, scanning an IP table, an MAC table and an ARP table of a core switch, and determining the IP-MAC corresponding relation and the port-MAC corresponding relation of the core switch;
step S103, circularly acquiring MAC tables of all access switches and matching ARP tables of the access switches, and determining the connection relation between all terminal equipment and ports of the access switches;
step S105, determining the real access positions of all the terminal devices according to the link states of the ports of the access switch.
Optionally, determining the real access location of the terminal device is to determine a link relationship (port) through known terminal device information (for example, MAC) according to a correspondence between IP, MAC, and port, and to reach the terminal device along a link through a virtual address (IP).
In some embodiments, scanning an IP table, a MAC table, and an ARP table of a core switch, and determining an IP-MAC correspondence and a port-MAC correspondence of the core switch comprises:
scanning an IP table of a core switch and determining an IP range;
actively scanning an IP range and updating an MAC table and an ARP table of a core switch;
scanning an ARP table of a core switch and determining an IP-MAC corresponding relation;
the MAC table of the core switch is scanned and the port-MAC correspondence is determined.
In some embodiments, circularly acquiring the MAC tables of all the access switches and matching the ARP tables of the access switches, and determining the connection relationship between all the terminal devices and the ports of the access switches includes:
circularly acquiring MAC tables of all access switches and updating port-MAC corresponding relations;
and matching the port-MAC corresponding relation with an ARP table of the access switch to obtain the IP-port corresponding relation of all the terminal equipment, and taking the IP-port corresponding relation as the connection relation of all the terminal equipment and the ports of the access switch.
In some embodiments, determining the true access locations of all end devices from the link states of the ports of the access switch comprises:
determining the link state of each port of the Access switch as Access or Trunk;
determining a port with the link state of Access as a real Access position of corresponding terminal equipment;
and determining the port with the link state of Trunk as a suspected access position of the corresponding terminal equipment, and further scanning an access switch directly connected with the Trunk port to determine the real access position of the corresponding terminal equipment.
Optionally, the Access switch further scanning the Trunk port to which the Access switch is directly connected may still obtain a new Trunk port, and may continue to scan until the Access port is obtained. The Access port is the true Access location of the device, while the Trunk port is only a point on one available link path of the device. The embodiment of the invention can more accurately position the true position of the equipment by using the Access port as the effective port of the identification equipment.
In some embodiments, the SNMP service is turned on by both the core switch and all access switches.
Optionally, the SNMP service is configured to allow other devices to obtain internal information of the local switch through the protocol. In the invention, the core switch acquires behaviors such as MAC tables of the access switch and the like and needs the support of SNMP service.
In some embodiments, the terminal device is a single device or a hub that is connected to multiple devices simultaneously.
Wherein optionally the hub does not actively interact with the core switch and the access switch due to the inability to perform network management. Hubs are considered to be independent end devices in a network.
It can be seen from the foregoing embodiments that, in the method for determining a terminal access position provided in the embodiments of the present invention, by determining the IP-MAC correspondence and the port-MAC correspondence of the core switch, determining the connection relationships between all terminal devices and the ports of the access switch, and determining the real access positions of all terminal devices, the terminal access position can be determined for different terminal devices or different types of terminal devices, thereby improving positioning accuracy, reducing manual workload, and further sensing the dynamic change violation of the connection relationship of the terminal devices, and alarming the device accessing the terminal device and disabling the port.
The embodiment of the invention also provides a second embodiment of a method for determining the access position of the terminal aiming at different terminal equipment or different types of terminal equipment. Fig. 2 is a schematic flowchart illustrating a second embodiment of the method for determining the access location of the terminal according to the present invention.
As shown in fig. 2, the boundary of the system can be determined by first scanning the IP list of the core switch to determine all subnets of the core switch. After the whole network subnet is obtained, all subnet addresses are scanned in a Ping mode, the IP addresses are confirmed to be alive or not existed, and the MAC table of the access switch can be updated to the latest and latest MAC information. And then, scanning an ARP table of the switch to obtain an IP-MAC corresponding relation, and storing the IP-MAC corresponding relation in a terminal information module for allowing NAC to be accessed. And circularly acquiring an MAC forwarding table of the access switch to update the relationship between the port and the MAC, and searching the IP address of the terminal in an information table of the terminal according to the MAC address to obtain the link relationship between the PC and the access switch. And further acquiring the link state of the port, and accurately confirming that the MAC address is connected to the port only if the port is an Access port, thereby accurately determining the Access position relation of the equipment. If the port is Trunk port, only the suspected access position can be marked. Only an explicit Access port can determine the real Access position of the equipment; the suspected access location may determine that an access switch exists under the port, and may scan the access switch to confirm the true access location relationship. The method can control and bind the flow of the port and accurately control the access position based on the accurate terminal access position.
Fig. 3 shows a schematic diagram of the network system structure of the present embodiment. As shown in fig. 3, the network system includes:
an access control (NAC) responsible for device management and switch management;
the network-manageable switch is used for configuring the SNMP service;
HUB devices (wire connectors) as part of the test;
the terminal is respectively accessed to the switch and the HUB equipment;
external networks, i.e., extranet resources;
and the server area is an intranet server.
The admittance NAC is connected with a core switch, the equipment which survives the whole network is scanned, the outer network and the server are respectively accessed into the core switch, the access switches A and B are respectively connected with Trunk ports Eth0/1 and Eth0/2 of the core switch, the PC1 is connected with an access switch AEth0/2 port, the PC2 and the PC3 are connected with the HUB, and the HUB equipment is connected with an Eth0/2 port of the access switch B.
The admittance NAC scans a Vlan IP table of the core switch through the SNMP; determining the IP range of the whole network; actively scanning all found IP ranges to ensure the integrity of an ARP table and an MAC table of the whole network switch; and scanning the ARP table entry of the core switch through the SNMP to discover all the corresponding IP-MAC relations.
Next, the MAC tables of all the access switches a, B are scanned separately via SNMP. Scanning the Access switch A to obtain (Eth0/2, MAC-PC1) that the Eth0/2 port has the MAC address corresponding to the PC1, and determining that the PC1 is connected with the Eth0/2 port of the Access switch A by matching the ARP table entry and the port state (Access) of the Access switch. Since HUB is not available for network management; the MAC addresses corresponding to the PC2 and the PC3 appear on an Eth0/2 port of the Access switch B, and the Eth0/2 port belongs to an Access port, so that the PC2 and the PC3 are determined to be connected with an Eth0/2 port of the Access switch B.
Combining the whole topological relation; determining Eth0/2 port of terminal PC1 equipment connection switch A; PC2, PC3 connects Eth0/2 port of switch B, the access position as terminal attribute adds to the admittance NAC, do corresponding action according to the tactics.
It can be seen from the foregoing embodiments that, in the terminal access position determining method provided in the embodiments of the present invention, by determining the IP-MAC correspondence and the port-MAC correspondence of the core switch, determining the connection relationships between all terminal devices and the ports of the access switch, and determining the actual access positions of all terminal devices, the terminal access position determination can be performed for different terminal devices or different types of terminal devices, so as to improve the positioning accuracy, reduce the manual workload, and further sense the dynamic change of the connection relationships of the terminal devices, and alert an illegally accessed device and disable the ports.
It should be particularly noted that, the steps in the embodiments of the terminal access location determining method described above can be mutually intersected, replaced, added, or deleted, and therefore, the terminal access location determining method based on these reasonable permutation and combination transformations shall also belong to the scope of the present invention, and shall not limit the scope of the present invention to the described embodiments.
In view of the above object, a second aspect of the embodiments of the present invention proposes a first embodiment of an apparatus capable of determining a terminal access position for different terminal devices or different types of terminal devices. The device for determining the access position of the terminal uses the method for determining the access position of the terminal.
The terminal access position determining device provided by the embodiment of the invention can determine the terminal access position aiming at different terminal equipment or different types of terminal equipment by determining the IP-MAC corresponding relation and the port-MAC corresponding relation of the core switch, determining the connection relation between all the terminal equipment and the ports of the access switch and determining the real access positions of all the terminal equipment, thereby improving the positioning accuracy, reducing the manual workload, and further sensing the dynamic change of the connection relation of the terminal equipment, alarming the illegally accessed equipment and forbidding the ports.
It should be particularly noted that the above-mentioned embodiments of the device for determining the access position of the terminal employ the embodiments of the method for determining the access position of the terminal to specifically describe the working process of each module, and those skilled in the art can easily think that these modules are applied to other embodiments of the method for determining the access position of the terminal. Of course, since the steps of the method for determining the access position of the terminal can be mutually crossed, replaced, added, or deleted, the device for determining the access position of the terminal with these reasonable permutations and combinations should also belong to the scope of the present invention, and should not limit the scope of the present invention to the embodiment.
In view of the above object, a third aspect of the embodiments of the present invention proposes an embodiment of a computer device executing the method for determining the access location of the terminal.
The computer device for executing the method for determining the access position of the terminal comprises a memory, at least one processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the computer program to execute any one of the methods.
Fig. 4 is a schematic hardware structure diagram of an embodiment of a computer device for executing the method for determining the access position of the terminal according to the present invention.
Taking the computer device shown in fig. 4 as an example, the computer device includes a processor 401 and a memory 402, and may further include: an input device 403 and an output device 404.
The processor 401, the memory 402, the input device 403 and the output device 404 may be connected by a bus or other means, and fig. 4 illustrates an example of a connection by a bus.
The memory 402, which is a non-volatile computer-readable storage medium, can be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions/modules corresponding to the method for determining the access position of the terminal in the embodiment of the present application. The processor 401 executes various functional applications of the server and data processing, namely, a method for determining a terminal access position of the above-described method embodiment, by running the nonvolatile software program, instructions and modules stored in the memory 402.
The memory 402 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the determination device of the terminal access location, and the like. Further, the memory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 402 may optionally include memory located remotely from processor 401, which may be connected to local modules via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 403 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the determination device of the access position of the terminal. The output device 404 may include a display device such as a display screen.
Program instructions/modules corresponding to the one or more terminal access location determination methods are stored in the memory 402 and, when executed by the processor 401, perform the terminal access location determination methods of any of the method embodiments described above.
Any embodiment of the computer device executing the method for determining the access position of the terminal can achieve the same or similar effects as any corresponding method embodiment.
In view of the above object, a fourth aspect of the embodiments of the present invention provides a computer-readable storage medium storing computer-executable instructions, where the computer-executable instructions can execute the method for determining the access location of the terminal in any of the above method embodiments and the device/system for determining the access location of the terminal in any of the above device/system embodiments. Embodiments of the computer-readable storage medium may achieve the same or similar effects as any of the aforementioned method and apparatus/system embodiments corresponding thereto.
In view of the above object, a fifth aspect of the embodiments of the present invention proposes a computer program product, which includes a computer program stored on a computer-readable storage medium, the computer program including instructions that, when executed by a computer, cause the computer to execute the method for determining a terminal access position in any of the above method embodiments and the apparatus/system for determining a terminal access position in any of the above apparatus/system embodiments. Embodiments of the computer program product may achieve the same or similar effects as any of the aforementioned method and apparatus/system embodiments corresponding thereto.
Finally, it should be noted that, as will be understood by those skilled in the art, all or part of the processes of the methods of the above embodiments may be implemented by a computer program, which may be stored in a computer-readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like. Embodiments of the computer program may achieve the same or similar effects as any of the preceding method embodiments to which it corresponds.
In addition, the apparatuses, devices and the like disclosed in the embodiments of the present invention may be various electronic terminal devices, such as a mobile phone, a Personal Digital Assistant (PDA), a tablet computer (PAD), a smart television and the like, or may be a large terminal device, such as a server and the like, and therefore the scope of protection disclosed in the embodiments of the present invention should not be limited to a specific type of apparatus, device. The client disclosed in the embodiment of the present invention may be applied to any one of the above electronic terminal devices in the form of electronic hardware, computer software, or a combination of both.
Furthermore, the method disclosed according to an embodiment of the present invention may also be implemented as a computer program executed by a CPU, and the computer program may be stored in a computer-readable storage medium. The computer program, when executed by the CPU, performs the above-described functions defined in the method disclosed in the embodiments of the present invention.
Further, the above method steps and system elements may also be implemented using a controller and a computer readable storage medium for storing a computer program for causing the controller to implement the functions of the above steps or elements.
Further, it should be understood that the computer-readable storage media (e.g., memory) described herein may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory, by way of example and not limitation, nonvolatile memory may include Read Only Memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory volatile memory may include Random Access Memory (RAM), which may serve as external cache memory, by way of example and not limitation, RAM may be available in a variety of forms, such as synchronous RAM (DRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced DRAM (ESDRAM), synchronous link DRAM (S L DRAM, and Direct Rambus RAM (DRRAM).
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as software or hardware depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments of the present invention.
The various illustrative logical blocks, modules, and circuits described in connection with the disclosure herein may be implemented or performed with the following components designed to perform the functions described herein: a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination of these components. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP, and/or any other such configuration.
The steps of a method or algorithm described in connection with the disclosure herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
In one or more exemplary designs, the functions may be implemented in hardware, software, firmware, or any combination thereof.A computer readable medium includes a computer storage medium and a communication medium including any medium that facilitates transfer of a computer program from one location to another.A storage medium may be any available medium that can be accessed by a general purpose or special purpose computer.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a," "an," "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.
The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of an embodiment of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.
Claims (8)
1. A method for determining the access position of a terminal is characterized by comprising the following steps:
scanning an IP table, an MAC table and an ARP table of a core switch, and determining the IP-MAC corresponding relation and the port-MAC corresponding relation of the core switch;
circularly acquiring MAC tables of all the access switches and updating port-MAC corresponding relations;
matching the port-MAC corresponding relation with an ARP table of the access switch to obtain the IP-port corresponding relation of all the terminal equipment, and taking the IP-port corresponding relation as the connection relation of all the terminal equipment and the port of the access switch;
and determining the real Access positions of all the terminal devices according to the link states of the ports of the Access switch, wherein the link states of the ports of the Access switch comprise Access and Trunk.
2. The method of claim 1, wherein scanning the IP table, MAC table, and ARP table of the core switch to determine the IP-MAC and port-MAC correspondence of the core switch comprises:
scanning an IP table of the core switch and determining an IP range;
actively scanning the IP range and updating an MAC table and an ARP table of the core switch;
scanning an ARP table of the core switch and determining an IP-MAC corresponding relation;
and scanning the MAC table of the core switch and determining the corresponding relation of the port and the MAC.
3. The method of claim 1, wherein determining the true access locations of all end devices from the link states of the ports of the access switch comprises:
determining the link state of each port of the Access switch to be Access or Trunk;
determining a port with the link state of Access as a real Access position of corresponding terminal equipment;
and determining the port with the link state of Trunk as a suspected access position of the corresponding terminal equipment, and further scanning the access switch directly connected with the Trunk port to determine the real access position of the corresponding terminal equipment.
4. The method of any of claims 1-3, wherein the core switch and all of the access switches turn on SNMP services.
5. The method according to any one of claims 1 to 3, wherein the terminal device is a single device or a hub connected to a plurality of devices simultaneously.
6. An apparatus for determining the access location of a terminal, characterized in that a method according to any one of claims 1-5 is used.
7. A computer device comprising a memory, at least one processor and a computer program stored on the memory and executable on the processor, characterized in that the processor performs the method according to any of claims 1-5 when executing the program.
8. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, is adapted to carry out the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710966470.7A CN107888563B (en) | 2017-10-17 | 2017-10-17 | Method and device for determining terminal access position |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710966470.7A CN107888563B (en) | 2017-10-17 | 2017-10-17 | Method and device for determining terminal access position |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107888563A CN107888563A (en) | 2018-04-06 |
| CN107888563B true CN107888563B (en) | 2020-07-14 |
Family
ID=61781652
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710966470.7A Active CN107888563B (en) | 2017-10-17 | 2017-10-17 | Method and device for determining terminal access position |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107888563B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110365635B (en) * | 2019-05-23 | 2022-04-26 | 新华三技术有限公司 | Access control method and device for illegal endpoint |
| CN110266546B (en) * | 2019-06-29 | 2022-04-22 | 苏州浪潮智能科技有限公司 | Method, equipment and readable medium for configuring switch port |
| CN112511666A (en) * | 2020-12-14 | 2021-03-16 | 国网辽宁省电力有限公司盘锦供电公司 | Asset positioning method of computer terminal |
| CN114124782B (en) * | 2021-11-24 | 2023-02-28 | 北京鼎兴达信息科技股份有限公司 | Method for determining IP service path of terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110668A (en) * | 2006-07-21 | 2008-01-23 | 中国移动通信集团公司 | Method for tracing to secondary layer switch port |
| CN101272289A (en) * | 2008-05-09 | 2008-09-24 | 中兴通讯股份有限公司 | Method for port line-speed transmitting test data frame and Ethernet switchboard |
| CN103023779A (en) * | 2012-08-13 | 2013-04-03 | 中兴通讯股份有限公司 | Method and device for processing data message |
| CN105024949A (en) * | 2014-04-28 | 2015-11-04 | 国网山西省电力公司电力科学研究院 | Port automatically binding method and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20150113597A (en) * | 2014-03-31 | 2015-10-08 | 한국전자통신연구원 | Method and apparatus for processing arp packet |
-
2017
- 2017-10-17 CN CN201710966470.7A patent/CN107888563B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110668A (en) * | 2006-07-21 | 2008-01-23 | 中国移动通信集团公司 | Method for tracing to secondary layer switch port |
| CN101272289A (en) * | 2008-05-09 | 2008-09-24 | 中兴通讯股份有限公司 | Method for port line-speed transmitting test data frame and Ethernet switchboard |
| CN103023779A (en) * | 2012-08-13 | 2013-04-03 | 中兴通讯股份有限公司 | Method and device for processing data message |
| CN105024949A (en) * | 2014-04-28 | 2015-11-04 | 国网山西省电力公司电力科学研究院 | Port automatically binding method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107888563A (en) | 2018-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107888563B (en) | Method and device for determining terminal access position | |
| EP3522088B1 (en) | Securing blockchain access through a gateway | |
| CN111030892B (en) | Method, equipment and medium for testing network function in BMC NCSI adaptive mode | |
| US10694555B2 (en) | Wireless mesh network formation | |
| CN113238923A (en) | Service behavior tracing method and system based on state machine | |
| CN113821301A (en) | Virtual machine starting method, system, storage medium and equipment | |
| CN110445765B (en) | Data sharing method based on block chain, terminal device and medium | |
| US11228491B1 (en) | System and method for distributed cluster configuration monitoring and management | |
| US20220417039A1 (en) | Manufacturer usage description mud file obtaining method and device | |
| CN111416887A (en) | Address detection method, device, switch and storage medium | |
| US10623421B2 (en) | Detecting IP address theft in data center networks | |
| US8239930B2 (en) | Method for controlling access to a network in a communication system | |
| US11170011B2 (en) | Triggered scanning using provided configuration information | |
| KR101491322B1 (en) | Self-configuring local area network security | |
| CN111858538B (en) | Method, device, equipment and medium for configuring BeeGFS quota by cluster | |
| JP2020511860A (en) | Trigger scan based on data changes available from network | |
| CN110611678B (en) | Method for identifying message and access network equipment | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN111447080B (en) | Private network decentralization control method, device and computer readable storage medium | |
| CN111866005A (en) | ARP spoofing attack defense method, system and device based on block chain | |
| US11909764B1 (en) | Man-in-the-middle interceptor for application security testing | |
| CN103428029B (en) | Search authentication processing method and device | |
| CN113872889B (en) | Network access point switching method and device, electronic equipment and storage medium | |
| US11017064B2 (en) | Authentication using interprogram communication | |
| US20230224330A1 (en) | Malicious dns server detection device and control method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20180406 Assignee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd. Assignor: BEIJING VRV SOFTWARE Corp.,Ltd. Contract record no.: X2022110000035 Denomination of invention: A Method and Device for Determining Terminal Access Location Granted publication date: 20200714 License type: Exclusive License Record date: 20220928 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Method and Device for Determining Terminal Access Location Effective date of registration: 20220930 Granted publication date: 20200714 Pledgee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd. Pledgor: BEIJING VRV SOFTWARE Corp.,Ltd. Registration number: Y2022110000244 |
|
| EC01 | Cancellation of recordation of patent licensing contract | ||
| EC01 | Cancellation of recordation of patent licensing contract |
Assignee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd. Assignor: BEIJING VRV SOFTWARE Corp.,Ltd. Contract record no.: X2022110000035 Date of cancellation: 20240320 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Granted publication date: 20200714 Pledgee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd. Pledgor: BEIJING VRV SOFTWARE Corp.,Ltd. Registration number: Y2022110000244 |