CN108156168A - Broadband cut-in user managing method - Google Patents
Broadband cut-in user managing method Download PDFInfo
- Publication number
- CN108156168A CN108156168A CN201711497405.0A CN201711497405A CN108156168A CN 108156168 A CN108156168 A CN 108156168A CN 201711497405 A CN201711497405 A CN 201711497405A CN 108156168 A CN108156168 A CN 108156168A
- Authority
- CN
- China
- Prior art keywords
- user
- access
- state
- offline
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5053—Lease time; Renewal aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
A kind of method of broadband cut-in user managing, includes the following steps, the first step, is accessed by dynamic application way or static allocation mode;Second step carries out access authentication using WEB authentication modes or automated validation mode;Third walk, access detection, detection accessing user whether break link, IP address rental period whether expire, whether the maximum idle time of user arrives, whether the service time of user arrives;4th step is kept accounts and offline processing, and when user offline, the online hours of user, flow etc. are sent to radius client request and kept accounts, and do offline processing by access system.The present invention can make accessing user pass through the ICP/IP protocol on ETHERNET directly to interconnect, do not need to special access software, and can realize the complete control to accessing user.
Description
Technical field
The present invention relates to INTERNET access fields, BAS Broadband Access Servers(BNAS)On a kind of accessing user manager
Method more particularly to the access mesh portions in INTERNET fields.
Background technology
To BAS Broadband Access Server(BNAS)Access, the prior art mostly use PPPOE user management method.
The access of PPPOE modes, physically client computer connected with BNAS with Ethernet, IP packet is encapsulated in first in PPP frames, PPP
Frame is encapsulated in Ether frame is sent to BNAS again.This access requires client that PPPOE dialing softwares are housed.
Invention content
The purpose of the invention is to propose a kind of broadband cut-in user managing that is novel, not needing to special access software
Method.
The present invention, which solves the technical problem, to be realized by using following technical scheme:
It proposes a kind of method of broadband cut-in user managing, includes the following steps:
The first step is accessed by dynamic application way or static allocation mode;
Dynamic application way accesses, and the mode that client computer is obtained to address on a client is appointed as dynamically distributing, and client computer is only
IP address can just be got by the dhcp relay agent on access server by having;
Static allocation mode accesses, and an appointed IP address is distributed for client computer;
Second step carries out access authentication using WEB authentication modes or automated validation mode;
WEB certifications refer to that user inputs the username and password of oneself by a website, and username and password is sent to by website
Access server(BNAS), certification is responsible for by the radius client on access server;
Automated validation is VLAN, access interface and MAC Address of the access server according to the accessing user obtained automatically, is automatically
User generates username and password, is then delivered to radius client request certification;
Decided whether that client computer is allowed to access according to the authentication result that radius client is sent back to;
Third step access detection;
Access verification is carried out to each packet of user's access;If user by certification, and receive from client or
Data information in the packet of whereabouts client is consistent with the data of user to allow for packet to pass through, and set flux scale for this user
Otherwise will abandons;
The flow mark of accessing user is looked into, if there is flow mark, just removes this mark;If there is no flow mark, just to
User sends out ICMP packets or ARP packets, if not receiving response turns out the already off connection of user, at this moment just under accounting of user
Line carries out offline processing to user;
If receiving response, whether the service time for just looking into user arrives, just offline for accounting of user if service time arrives, right
User carries out offline processing;
If service time does not arrive, whether the maximum standby time for just looking into user arrives, if expired, just under accounting of user
Line carries out offline processing to user;
If the standby time of user does not arrive, whether the IP rental periods for just looking into user arrive, just offline for accounting of user if arrived,
Offline processing is carried out to user;
If the IP rental periods do not arrive, timing assay intervals timer is just reseted;
4th step is kept accounts and offline processing;
When user offline, the online hours of user, flow etc. are sent to radius client request and kept accounts, and do by access system
Offline processing.
Compared with the existing technology compared with " broadband cut-in user managing method " of the invention has technical effect that:
The present invention can make accessing user pass through the ICP/IP protocol on ETHERNET directly to interconnect, do not need to special access software,
And it can realize complete control to accessing user.
Description of the drawings
Fig. 1 is the flow diagram of " broadband cut-in user managing method " of the invention;
Fig. 2 is the dynamic access user status transferring process schematic of the method for the invention;
Fig. 3 is static accessing user's state transition process schematic of the method for the invention;
Fig. 4 is the on-line checking mechanism state transition process schematic of the method for the invention.
Specific embodiment
The present invention proposes a kind of broadband cut-in user managing method, as shown in Figure 1, including the following steps:
The first step accesses.
User can be accessed with two kinds of forms:Dynamic is applied(DHCP)Mode is accessed to be connect with the mode of static allocation IP address
Enter.
If the mode of dynamic application IP address accesses, the mode that client computer is just obtained to address on a client is specified
To dynamically distribute, this client computer must support DHCP protocol, and Dynamic Host Configuration Protocol server and access client computer are by access server
(BNAS)It is isolated, client computer only can just get IP address by the dhcp relay agent on access server.Fig. 1's
Dhcpdiscover refers to whether client computer sends out dhcpdiscover broadcast.
If static allocation IP address mode, just an appointed IP address is distributed for client computer.
Second step access authentication.
Access authentication is divided into two ways:WEB certifications and automated validation.
WEB certifications refer to that user by a portal website, inputs the username and password of oneself, then portal website will
Username and password is sent to access server(BNAS), by the RADIUS on access server(Remote customer dialing authentication system
Remote Authentication Dial In User Service)Client is responsible for certification.
Automated validation is access server according to the number such as VLAN, access interface, MAC Address of the accessing user obtained automatically
According to, when user for the first time access when, a username and password is generated for user automatically, be then delivered to radius client request
Certification, this accessing user must be bound by VLAN, MAC and access interface.
If the user of dynamic access, during subscriber computer is by DHCP protocol application IP address, access service
Device obtains the information of client computer by DHCP relay, establishes access details for access client computer, these data include:The IP of user
Address, MAC Address, VLAN, the port of access server, IP rental periods, turn-on time etc..If user is the user of WEB certifications,
After user obtains IP address, access server only allows user to access portal website within the limited time, does not allow to visit
Ask other IP address.If automated validation, after access server automatically obtains the data of accessing user, certification is just asked.
If the user of static access, access server are just automatically after first IP packet of accessing user is received
User establishes access details.If WEB certifications, allow for user to access portal website within the limited time.If from
Dynamic certification, just automatically generates a user name and password for user, then asks certification.
Decided whether that client computer is allowed to access according to the authentication result that radius client is sent back to.If not allowing to access,
With regard to deleting the access details of the client, recovery system resource, and give back IP address.If certification passes through, certification user is allowed for
Access.
What the user name of automated validation user may be used according to specific needs has:The end of access server number+access
The formation such as slogan+vlan number can also be formed with user's MAC address.
Third step access detection.
Access detection purpose be detect accessing user whether break link, IP address rental period whether expire, user
Whether maximum idle time arrives, whether the service time of user arrives, and the online data of counting user, these data are main
Have:Flow(Byte or packet number), line duration etc..The mode of detection is in a manner that both flow and hair detection packet are combined.
After user's access, each packet to be accessed to user carries out access verification, and verification is mainly according to user's
Access details and current state.If user is received by certification in the packet from client or whereabouts client
Data information(IP address, MAC Address, VLAN, access interface etc.)It is consistent with the data of user that packet is allowed for pass through, and be this
User sets flow mark, otherwise abandons.
Access detection has certain fixed time interval, when being timed to, looks into the flow mark of accessing user first, if there is stream
Amount mark, just removes this mark.If not having flow mark, just ICMP packets or ARP packets are sent out to user(If user is not responding to
ICMP agreements just send out ARP packets, in certain intervals running fire three to five times)Break if not receiving response and turning out user
Connection is opened, it is at this moment just offline for accounting of user, offline processing is carried out to user.
If receiving response, whether the service time for just looking into user arrives, if service time arrives, just under accounting of user
Line carries out offline processing to user.
If service time does not arrive, whether the maximum standby time for just looking into user arrives, and is just accounting of user if expired
It is offline, offline processing is carried out to user.
If the standby time of user does not arrive, whether the IP rental periods for just looking into user arrive, if arrived, just under accounting of user
Line carries out offline processing to user.
If the IP rental periods do not arrive, timing assay intervals timer is just reseted.
In addition, for the user of dynamic access, when receiving DHCPRELEASE packets and DHCPDECLINE packets, show visitor
The confidential active in family is offline, to be also that accounting of user is offline, and offline processing is done to user.
Should not be too big to the setting of assay intervals, best 5 seconds because it be related to user's line duration statistical error and
The timely discovery of user behavior.
4th step is kept accounts and offline processing.
The method of the invention can be realized by several account keeping ways such as duration, flow, chartering, pre-payment.When under user
During line, the online hours of user, flow etc. are sent to radius client request and kept accounts by access system.And do offline processing.Under
Line processing is main to determine to do some the offline post processing work related with user, such as to WEB certifications according to specific configuration
User can be again to the power etc. for accessing portal website in limited time.
When realizing the method used in the present invention, different access states is set for each accessing user, different
Access state controls user using different timed events and action.Following the present invention will be described in detail the method institute
Applicable state transition process.
First example, as shown in Fig. 2, dynamic access user status transferring process.
The User Status of dynamic access user status transferring process is as follows:
Do not access:There is no the data of user in system, for system, at this moment user is in does not have access state.
Access initialization:Enter this state after system receives the DHCP request of subscriber's main station, at this moment set for user
Treat IP address timer, if automated validation user, request radius client is authenticated user.
Without IP:In access init state, if certification by and before having selected rate, there are no with obtaining IP
Location, user are put into this state.
Without IP without rate:In access init state, user is by certification but does not obtain IP address, without selection rate
Before, it is put into this state.Access can be there are one portal website, and user can select short-term note to take mode above,
If there is this user just has such a state.There is no this application, this state will not be entered, because this is according to certification
As a result determine.The result that certification is taken back does not require sorting charge rate, no IP states is just directly entered, if it is desired to which rate is selected just to limit
When access PORTAL WEB(Portal website)Timer.
No certification:In access init state, IP address is obtained, does not obtain authentication result, if WEB certifications are just set
Access PORTAL web timers, automated validation just sets etc. to be certified by timer, and enters this state.At this moment it also to rise
Dynamic timing detection mechanism.
Without rate:Certification passes through, but to select rate, and obtain IP address in portal website, is put into this state.And
PORTAL WEB are accessed when limiting(Portal website)Timer.
Record keeping starts:It initiating to keep accounts for user and starts to wrap, during but without receiving response, being put into this state.And it sets
It waits for keeping accounts and starts timer.
Access:It is begun to respond to or after not certification user obtains IP address when receiving record keeping, is put into this state.This
When user can access system provide service, start to access.
Timed events during dynamic access user status transferring are as follows:
Wait for IP address timers trigger:User access initialization, without IP, without IP without rate state, this timers trigger,
Just subscriber data is deleted, user, which reenters, does not have access state.
Pass through timers trigger etc. to be certified:User is not having authentication state, this timers trigger just deletes subscriber data
It removes, user, which reenters, does not have access state.
Access PORTAL web timers triggers:User no rate, without IP without rate, do not have authentication state, this timing
Device triggers, and just deletes subscriber data, user, which reenters, does not have access state.
It waits for keeping accounts and starts timers trigger:User is in record keeping beginning state, this timers trigger, just by subscriber data
It deletes, user, which reenters, does not have access state.
Action during dynamic access user status transferring is as follows:
Receive DHCPdecline:User access initialization, without IP, without rate without IP states, when receiving DHCPdecline, just
Subscriber data is deleted, user, which reenters, does not have access state.
Receive DHCPrelease:User no certification, without rate, keep accounts start, access state when, when receiving
DHCPrelease just deletes subscriber data, needs the accounting of user kept accounts, and user, which reenters, does not have access state.
Detect that subscriber's main station disconnects:After user obtains IP address, on-line checking mechanism has been begun to, because
This, no certification, without rate, keep accounts start, access state when, when detecting that subscriber's main station disconnects, just by subscriber data
It deletes, needs the accounting of user kept accounts, user, which reenters, does not have access state.
Certification user is actively offline from PORTAL web:When user is in access state, if portal website's offer is offline
Function, user can be offline by this function, and system is accounting of user, and user, which reenters, does not have authentication state.And it resets
PORTAL web timers are accessed in limited time.
The IP rental periods arrive:User no certification, without rate, keep accounts start, access state when, when receiving DHCPrelease, just
Subscriber data is deleted, needs the accounting of user kept accounts, user, which reenters, does not have access state.
The longest inactive time arrives:User no certification, without rate, keep accounts start, access state when, when detecting user
Maximum idle time arrives, and just deletes subscriber data, needs the accounting of user kept accounts, and user, which reenters, does not have access state.
System exception:User no certification, without rate, keep accounts start, access state when, system occurs abnormal, will just use
Family data is deleted, and needs the accounting of user kept accounts, user, which reenters, does not have access state.
The turn-on time of user's selection arrives:When user is in access state, after the turn-on time of user's selection arrives, system
For accounting of user, user reenters no rate state.
Second example, as shown in figure 3, static accessing user's state transition process.
The User Status of static accessing user's state transition process is as follows:
Do not access:There is no the data of user in system, for system, at this moment user is in does not have access state.
Access initialization:This state is put into after not having access state, system to receive first IP packet of Client-initiated.
In this state, if WEB certifications, which are just set, accesses PORTAL web timers, automated validation, which is just set, etc. to be certified passes through timing
Device.At this moment timing detection mechanism is also started.
Without rate:Certification passes through, and to select rate in portal website, is put into this state.And it is accessed when limiting
PORTAL WEB(Portal website)Timer.
Record keeping starts:It initiating to keep accounts for user and starts to wrap, during but without receiving response, being put into this state.And it sets
It waits for keeping accounts and starts timer.
Access:When receive record keeping begin to respond to or not certification user start testing mechanism after, be put into this state.This
When user can access system provide service, start to access.
The timed events of static accessing user's state transition process are as follows:
Pass through timers trigger etc. to be certified:User is not having authentication state, this timers trigger just deletes subscriber data,
User, which reenters, does not have access state.
Access PORTAL web timers triggers:User existsNo rate there is not certificationState, this timers trigger just will
Subscriber data is deleted, and user reentersDo not accessState.
It waits for keeping accounts and starts timers trigger:User existsRecord keeping startsState, this timers trigger, just by subscriber data
It deletes, user reentersDo not accessState.
The action of static accessing user's state transition process is as follows:
Detect that subscriber's main station disconnects:When user is in access initialization, on-line checking mechanism has been begun to, therefore,
No certification, without rate, keep accounts start, access state when, when detecting that subscriber's main station disconnects, just subscriber data is deleted,
The accounting of user kept accounts is needed, user, which reenters, does not have access state.
Certification user is actively offline from PORTAL web:When user is in access state, if portal website's offer is offline
Function, user can be offline by this function, and system is accounting of user, and user, which reenters, does not have authentication state.And it resets
PORTALweb timers are accessed in limited time.
The longest inactive time arrives:User no certification, without rate, keep accounts start, access state when, when detecting user
Maximum idle time arrives, and just deletes subscriber data, needs the accounting of user kept accounts, and user, which reenters, does not have access state.
System exception:User no certification, without rate, keep accounts start, access state when, system occurs abnormal, will just use
Family data is deleted, and needs the accounting of user kept accounts, user, which reenters, does not have access state.
The turn-on time of user's selection arrives:When user is in access state, after the turn-on time of user's selection arrives, system
For accounting of user, user reenters no rate state.
Third example, as shown in figure 4, on-line checking mechanism state transition process.
For accessing user, as long as having had IP address, on-line checking mechanism is just started, on-line checking is carried out to it,
The purpose of detection is to determine whether subscriber's main station is offline, whether maximum idle time arrives, whether the IP rental periods arrive, the maximum service time
Whether arrive.Whether the maximum service time arrives only effective to the user for beginning of having kept accounts.
The state of on-line checking mechanism state transition process is as follows:
On-line checking starts:After subscriber's main station obtains IP address, on-line checking mechanism is just started, is put into this state.
This state will set up a determining subscriber's main station type timer.
Determine user type:When determining subscriber's main station type clocked flip, the on-line checking just state since on-line checking
Move to this state.In this state, detection machine manufacture one it is simple measure, test subscriber's main station whether response IC MP
ECHO, it must send out 3-5 ICMP request to subscriber's main station in time interval that method, which is, if subscriber's main station can be received
ICMP ECHO, then subscriber's main station with regard to response IC MP ask, just subscriber's main station is detected with ICMP later.Otherwise it just uses
ARP invites to be detected subscriber's main station.A timer for waiting for PING responses is set up in this state.
Detect ICMP modes:Testing mechanism is determining user type state, if receive PING response, just set up one
Line detects timer, and into this state, the detection of ICMP modes is started to user.
User's on-line checking(ICMP):Testing mechanism is when detecting ICMP mode states, on-line checking timers trigger, just
Into this state, in this state, user is detected in a manner that flow and ICMP requests are combined.The step of detection
It is as follows:
1)There is flow;Have and turn 2), do not turn 5);
2)Service time to;Less than turn 3), to turn 7);
3)The IP rental periods to;Less than turn 4), to turn 6);
4)On-line checking timer is reseted, and enters detection ICMP mode states;
5)Maximum idle time to;Less than turn 9), to turn 10);
6)If IP rental period timers(Timer when a length of remaining IP rental periods), turn 4);
7)The IP rental periods to;Less than turn 8), to turn 6);
8)Service timer when limiting(Timer when a length of remaining service time), turn 4);
9)3-5 ICMP request is sent out, and set and wait for PING response timing devices to subscriber's main station.Turn 11);
10)Terminate state into on-line checking;
11)Receive PING responses;It receives and turns 12), the triggering of PING response timings device is waited for turn 10);
12)KILL waits for PING response timing devices, turns 4).
Detect ARP modes:Testing mechanism is determining user type state, if waiting for the triggering of PING response timings device, just
An on-line checking timer is set up, into this state, the detection of ARP modes is started to user.
User's on-line checking(ARP):Testing mechanism is when detecting ARP mode states, on-line checking timers trigger, just into
Enter this state, in this state, user is detected in a manner that flow and ARP request are combined.The step of detection, is such as
Under:
1)There is flow;Have and turn 2), do not turn 5);
2)Service time to;Less than turn 3), to turn 7);
3)The IP rental periods to;Less than turn 4), to turn 6);
4)On-line checking timer is reseted, and is enteredDetect ARP modesState;
5)Maximum idle time to;Less than turn 9), to turn 10);
6)If IP rental period timers(Timer when a length of remaining IP rental periods), turn 4);
7)The IP rental periods to;Less than turn 8), to turn 6);
8)Service timer when limiting(Timer when a length of remaining service time), turn 4);
9)3-5 ARP request is sent out to subscriber's main station, and sets and waits for arp response timer.Turn 11);
10)IntoOn-line checking terminatesState;
11)Receive arp response;It receives and turns 12), arp response timers trigger is waited for turn 10);
12)KILL waits for arp response timer, turns 4).
On-line checking terminates:On-line checking mechanism is in detection ICMP modes and detection ARP modes, IP rental periods and in limited time clothes
Business timers trigger, is put into this state.In user's on-line checking(ICMP)With user's on-line checking(ARP)During state, go out
Existing system exception, maximum idle time arrive and wait for PING to respond or wait for arp response timers trigger, also into this shape
State.In this state, notice access system is detected the testing result of user.Access system is according to the configuration of system(Depending on specific
Situation), do corresponding processing.Should keep accounts it is offline just keep accounts it is offline, it should carry out state transition, carry out state moved
It moves, and carries out the setting of state flag bit.
The timed events of on-line checking mechanism state transition process are as follows:
Customer type detects timers trigger:Testing mechanism starts state in on-line checking, this timers trigger, will just detect
The state transition of mechanism is to determining user type state.The purpose for setting up this timer, which is that dynamic is careful in order to prevent, asks address
Subscriber's main station when just obtaining address, is not responding to ICMP requests.If a timer, can after subscriber's main station obtains address,
After a period of time ICMP requests are sent out to it again.
Wait for the triggering of PING response timings device:Testing mechanism is determining user type state, this timers trigger, just will
The state transition of testing mechanism to detection ARP mode states.In user's on-line checking(ICMP)State, just by the shape of testing mechanism
State moves to on-line checking and terminates state.The purpose of this timer be in order to receive response within the regular hour, if
Response is not received within the regular hour, this timer can just trigger, and when a response is received, this timer just " is killed
Fall ", that is, it is deleted.
Wait for arp response timers trigger:Testing mechanism is in user's on-line checking(ARP)State, just by testing mechanism
State transition terminates state to on-line checking.The purpose of this timer is in order to receive response within the regular hour, such as
Fruit does not receive response within the regular hour, this timer can just trigger, when a response is received, this timer just by
" killing " is deleted.
On-line checking timers trigger:Testing mechanism is detecting ICMP mode states, just by the state transition of testing mechanism
To user's on-line checking(ICMP)State.In detection ARP mode states, just the state transition of testing mechanism to user is examined online
It surveys(ARP)State.
The action of on-line checking mechanism state transition process is as follows:
Receive ping response:Testing mechanism is determining user type state, receives PING responses, just by state transition to detection
ICMP mode states.In user's on-line checking(ICMP)During state, PING responses are received, just again by state transition to detection
ICMP mode states.
Receive arp response:Testing mechanism is determining user type state, receives arp response, just by state transition to detection
ARP mode states.In user's on-line checking(ARP)During state, arp response is received, just again by state transition to detection ARP side
Formula state.
There is flow:Testing mechanism is in user's on-line checking(ICMP)State, just by the state transition of testing mechanism to detection
ICMP mode states.In user's on-line checking(ARP)State, just by the state transition of testing mechanism to detection ARP mode states.
Free time arrives:In user's on-line checking(ICMP)Or user's on-line checking(ARP)During state, maximum idle time
It arrives, the state transition of testing mechanism is just terminated into state to on-line checking.
System exception:In user's on-line checking(ICMP)Or user's on-line checking(ARP)During state, there is exception in system,
The state transition of testing mechanism is just terminated into state to on-line checking.
Claims (1)
- A kind of 1. method of broadband cut-in user managing, it is characterised in that include the following steps:The first step is accessed by dynamic application way or static allocation mode;Dynamic application way accesses, and the mode that client computer is obtained to address on a client is appointed as dynamically distributing, and client computer is only IP address can just be got by the dhcp relay agent on access server by having;Static allocation mode accesses, and an appointed IP address is distributed for client computer;Second step carries out access authentication using WEB authentication modes or automated validation mode;WEB certifications refer to that user inputs the username and password of oneself by a website, and username and password is sent to by website Access server(BNAS), certification is responsible for by the radius client on access server;Automated validation is VLAN, access interface and MAC Address of the access server according to the accessing user obtained automatically, is automatically User generates username and password, is then delivered to radius client request certification;Decided whether that client computer is allowed to access according to the authentication result that radius client is sent back to;Third step access detection;Access verification is carried out to each packet of user's access;If user by certification, and receive from client or Data information in the packet of whereabouts client is consistent with the data of user to allow for packet to pass through, and set flux scale for this user Otherwise will abandons;The flow mark of accessing user is looked into, if there is flow mark, just removes this mark;If there is no flow mark, just to User sends out ICMP packets or ARP packets, if not receiving response turns out the already off connection of user, at this moment just under accounting of user Line carries out offline processing to user;If receiving response, whether the service time for just looking into user arrives, just offline for accounting of user if service time arrives, right User carries out offline processing;If service time does not arrive, whether the maximum standby time for just looking into user arrives, if expired, just under accounting of user Line carries out offline processing to user;If the standby time of user does not arrive, whether the IP rental periods for just looking into user arrive, just offline for accounting of user if arrived, Offline processing is carried out to user;If the IP rental periods do not arrive, timing assay intervals timer is just reseted;4th step is kept accounts and offline processing;When user offline, the online hours of user, flow etc. are sent to radius client request and kept accounts, and do by access system Offline processing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711497405.0A CN108156168A (en) | 2017-12-31 | 2017-12-31 | Broadband cut-in user managing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711497405.0A CN108156168A (en) | 2017-12-31 | 2017-12-31 | Broadband cut-in user managing method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108156168A true CN108156168A (en) | 2018-06-12 |
Family
ID=62460669
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711497405.0A Pending CN108156168A (en) | 2017-12-31 | 2017-12-31 | Broadband cut-in user managing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108156168A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1450766A (en) * | 2002-04-10 | 2003-10-22 | 深圳市中兴通讯股份有限公司 | User management method based on dynamic mainframe configuration procotol |
CN1491013A (en) * | 2002-10-14 | 2004-04-21 | 深圳市中兴通讯股份有限公司 | Broadband cut-in user managing method |
CN1523815A (en) * | 2003-02-21 | 2004-08-25 | 北京润汇科技有限公司 | Customer access management system for wideband network |
CN1553674A (en) * | 2003-05-26 | 2004-12-08 | 广东省电信有限公司科学技术研究院 | Method for wideband connection server to obtain port numbers of its uers |
-
2017
- 2017-12-31 CN CN201711497405.0A patent/CN108156168A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1450766A (en) * | 2002-04-10 | 2003-10-22 | 深圳市中兴通讯股份有限公司 | User management method based on dynamic mainframe configuration procotol |
CN1491013A (en) * | 2002-10-14 | 2004-04-21 | 深圳市中兴通讯股份有限公司 | Broadband cut-in user managing method |
CN1523815A (en) * | 2003-02-21 | 2004-08-25 | 北京润汇科技有限公司 | Customer access management system for wideband network |
CN1553674A (en) * | 2003-05-26 | 2004-12-08 | 广东省电信有限公司科学技术研究院 | Method for wideband connection server to obtain port numbers of its uers |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10341243B2 (en) | Systems and methods for providing content and services on a network system | |
AU751475B2 (en) | Method and apparatus to control a client in a communications network | |
US7941544B2 (en) | Session manager for web-based applications | |
US7437552B2 (en) | User authentication system and user authentication method | |
US6738813B1 (en) | System and method for monitoring performance of a server system using otherwise unused processing capacity of user computing devices | |
US8266269B2 (en) | Systems and methods for providing content and services on a network system | |
CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
WO2010013251A1 (en) | Internet control management and accounting in a utility computing environment | |
CN103997479B (en) | A kind of asymmetric services IP Proxy Methods and equipment | |
CN109510878A (en) | A kind of long connection session keeping method and device | |
CN101335652A (en) | Status detection method, apparatus and system of dynamic host configuring protocol | |
CN100409645C (en) | Broadband cut-in user managing method | |
CN101087232B (en) | An access method, system and device based on Ethernet point-to-point protocol | |
CN107277043A (en) | Network admittance control system based on cluster service | |
WO2007137482A1 (en) | Charging method, system and device in interoperability network of global microwave system | |
CN108156168A (en) | Broadband cut-in user managing method | |
JP2003296208A (en) | Server system, service providing method using server system, program for receiving service from server system, and recording medium recorded with the program | |
CN1801703B (en) | Method for broadband network access authentication | |
JP2007310604A (en) | Method for reducing illegal access load of access server | |
CN109698840A (en) | Detect DHCP malicious event method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180612 |
|
RJ01 | Rejection of invention patent application after publication |