CN108156168A - Broadband cut-in user managing method - Google Patents

Broadband cut-in user managing method Download PDF

Info

Publication number
CN108156168A
CN108156168A CN201711497405.0A CN201711497405A CN108156168A CN 108156168 A CN108156168 A CN 108156168A CN 201711497405 A CN201711497405 A CN 201711497405A CN 108156168 A CN108156168 A CN 108156168A
Authority
CN
China
Prior art keywords
user
access
state
offline
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711497405.0A
Other languages
Chinese (zh)
Inventor
洪立明
任彩玲
陈松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHENZHEN KEYBRIDGE COMMUNICATIONS CO Ltd
Original Assignee
SHENZHEN KEYBRIDGE COMMUNICATIONS CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN KEYBRIDGE COMMUNICATIONS CO Ltd filed Critical SHENZHEN KEYBRIDGE COMMUNICATIONS CO Ltd
Priority to CN201711497405.0A priority Critical patent/CN108156168A/en
Publication of CN108156168A publication Critical patent/CN108156168A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5053Lease time; Renewal aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

A kind of method of broadband cut-in user managing, includes the following steps, the first step, is accessed by dynamic application way or static allocation mode;Second step carries out access authentication using WEB authentication modes or automated validation mode;Third walk, access detection, detection accessing user whether break link, IP address rental period whether expire, whether the maximum idle time of user arrives, whether the service time of user arrives;4th step is kept accounts and offline processing, and when user offline, the online hours of user, flow etc. are sent to radius client request and kept accounts, and do offline processing by access system.The present invention can make accessing user pass through the ICP/IP protocol on ETHERNET directly to interconnect, do not need to special access software, and can realize the complete control to accessing user.

Description

Broadband cut-in user managing method
Technical field
The present invention relates to INTERNET access fields, BAS Broadband Access Servers(BNAS)On a kind of accessing user manager Method more particularly to the access mesh portions in INTERNET fields.
Background technology
To BAS Broadband Access Server(BNAS)Access, the prior art mostly use PPPOE user management method. The access of PPPOE modes, physically client computer connected with BNAS with Ethernet, IP packet is encapsulated in first in PPP frames, PPP Frame is encapsulated in Ether frame is sent to BNAS again.This access requires client that PPPOE dialing softwares are housed.
Invention content
The purpose of the invention is to propose a kind of broadband cut-in user managing that is novel, not needing to special access software Method.
The present invention, which solves the technical problem, to be realized by using following technical scheme:
It proposes a kind of method of broadband cut-in user managing, includes the following steps:
The first step is accessed by dynamic application way or static allocation mode;
Dynamic application way accesses, and the mode that client computer is obtained to address on a client is appointed as dynamically distributing, and client computer is only IP address can just be got by the dhcp relay agent on access server by having;
Static allocation mode accesses, and an appointed IP address is distributed for client computer;
Second step carries out access authentication using WEB authentication modes or automated validation mode;
WEB certifications refer to that user inputs the username and password of oneself by a website, and username and password is sent to by website Access server(BNAS), certification is responsible for by the radius client on access server;
Automated validation is VLAN, access interface and MAC Address of the access server according to the accessing user obtained automatically, is automatically User generates username and password, is then delivered to radius client request certification;
Decided whether that client computer is allowed to access according to the authentication result that radius client is sent back to;
Third step access detection;
Access verification is carried out to each packet of user's access;If user by certification, and receive from client or Data information in the packet of whereabouts client is consistent with the data of user to allow for packet to pass through, and set flux scale for this user Otherwise will abandons;
The flow mark of accessing user is looked into, if there is flow mark, just removes this mark;If there is no flow mark, just to User sends out ICMP packets or ARP packets, if not receiving response turns out the already off connection of user, at this moment just under accounting of user Line carries out offline processing to user;
If receiving response, whether the service time for just looking into user arrives, just offline for accounting of user if service time arrives, right User carries out offline processing;
If service time does not arrive, whether the maximum standby time for just looking into user arrives, if expired, just under accounting of user Line carries out offline processing to user;
If the standby time of user does not arrive, whether the IP rental periods for just looking into user arrive, just offline for accounting of user if arrived, Offline processing is carried out to user;
If the IP rental periods do not arrive, timing assay intervals timer is just reseted;
4th step is kept accounts and offline processing;
When user offline, the online hours of user, flow etc. are sent to radius client request and kept accounts, and do by access system Offline processing.
Compared with the existing technology compared with " broadband cut-in user managing method " of the invention has technical effect that:
The present invention can make accessing user pass through the ICP/IP protocol on ETHERNET directly to interconnect, do not need to special access software, And it can realize complete control to accessing user.
Description of the drawings
Fig. 1 is the flow diagram of " broadband cut-in user managing method " of the invention;
Fig. 2 is the dynamic access user status transferring process schematic of the method for the invention;
Fig. 3 is static accessing user's state transition process schematic of the method for the invention;
Fig. 4 is the on-line checking mechanism state transition process schematic of the method for the invention.
Specific embodiment
The present invention proposes a kind of broadband cut-in user managing method, as shown in Figure 1, including the following steps:
The first step accesses.
User can be accessed with two kinds of forms:Dynamic is applied(DHCP)Mode is accessed to be connect with the mode of static allocation IP address Enter.
If the mode of dynamic application IP address accesses, the mode that client computer is just obtained to address on a client is specified To dynamically distribute, this client computer must support DHCP protocol, and Dynamic Host Configuration Protocol server and access client computer are by access server (BNAS)It is isolated, client computer only can just get IP address by the dhcp relay agent on access server.Fig. 1's Dhcpdiscover refers to whether client computer sends out dhcpdiscover broadcast.
If static allocation IP address mode, just an appointed IP address is distributed for client computer.
Second step access authentication.
Access authentication is divided into two ways:WEB certifications and automated validation.
WEB certifications refer to that user by a portal website, inputs the username and password of oneself, then portal website will Username and password is sent to access server(BNAS), by the RADIUS on access server(Remote customer dialing authentication system Remote Authentication Dial In User Service)Client is responsible for certification.
Automated validation is access server according to the number such as VLAN, access interface, MAC Address of the accessing user obtained automatically According to, when user for the first time access when, a username and password is generated for user automatically, be then delivered to radius client request Certification, this accessing user must be bound by VLAN, MAC and access interface.
If the user of dynamic access, during subscriber computer is by DHCP protocol application IP address, access service Device obtains the information of client computer by DHCP relay, establishes access details for access client computer, these data include:The IP of user Address, MAC Address, VLAN, the port of access server, IP rental periods, turn-on time etc..If user is the user of WEB certifications, After user obtains IP address, access server only allows user to access portal website within the limited time, does not allow to visit Ask other IP address.If automated validation, after access server automatically obtains the data of accessing user, certification is just asked.
If the user of static access, access server are just automatically after first IP packet of accessing user is received User establishes access details.If WEB certifications, allow for user to access portal website within the limited time.If from Dynamic certification, just automatically generates a user name and password for user, then asks certification.
Decided whether that client computer is allowed to access according to the authentication result that radius client is sent back to.If not allowing to access, With regard to deleting the access details of the client, recovery system resource, and give back IP address.If certification passes through, certification user is allowed for Access.
What the user name of automated validation user may be used according to specific needs has:The end of access server number+access The formation such as slogan+vlan number can also be formed with user's MAC address.
Third step access detection.
Access detection purpose be detect accessing user whether break link, IP address rental period whether expire, user Whether maximum idle time arrives, whether the service time of user arrives, and the online data of counting user, these data are main Have:Flow(Byte or packet number), line duration etc..The mode of detection is in a manner that both flow and hair detection packet are combined.
After user's access, each packet to be accessed to user carries out access verification, and verification is mainly according to user's Access details and current state.If user is received by certification in the packet from client or whereabouts client Data information(IP address, MAC Address, VLAN, access interface etc.)It is consistent with the data of user that packet is allowed for pass through, and be this User sets flow mark, otherwise abandons.
Access detection has certain fixed time interval, when being timed to, looks into the flow mark of accessing user first, if there is stream Amount mark, just removes this mark.If not having flow mark, just ICMP packets or ARP packets are sent out to user(If user is not responding to ICMP agreements just send out ARP packets, in certain intervals running fire three to five times)Break if not receiving response and turning out user Connection is opened, it is at this moment just offline for accounting of user, offline processing is carried out to user.
If receiving response, whether the service time for just looking into user arrives, if service time arrives, just under accounting of user Line carries out offline processing to user.
If service time does not arrive, whether the maximum standby time for just looking into user arrives, and is just accounting of user if expired It is offline, offline processing is carried out to user.
If the standby time of user does not arrive, whether the IP rental periods for just looking into user arrive, if arrived, just under accounting of user Line carries out offline processing to user.
If the IP rental periods do not arrive, timing assay intervals timer is just reseted.
In addition, for the user of dynamic access, when receiving DHCPRELEASE packets and DHCPDECLINE packets, show visitor The confidential active in family is offline, to be also that accounting of user is offline, and offline processing is done to user.
Should not be too big to the setting of assay intervals, best 5 seconds because it be related to user's line duration statistical error and The timely discovery of user behavior.
4th step is kept accounts and offline processing.
The method of the invention can be realized by several account keeping ways such as duration, flow, chartering, pre-payment.When under user During line, the online hours of user, flow etc. are sent to radius client request and kept accounts by access system.And do offline processing.Under Line processing is main to determine to do some the offline post processing work related with user, such as to WEB certifications according to specific configuration User can be again to the power etc. for accessing portal website in limited time.
When realizing the method used in the present invention, different access states is set for each accessing user, different Access state controls user using different timed events and action.Following the present invention will be described in detail the method institute Applicable state transition process.
First example, as shown in Fig. 2, dynamic access user status transferring process.
The User Status of dynamic access user status transferring process is as follows:
Do not access:There is no the data of user in system, for system, at this moment user is in does not have access state.
Access initialization:Enter this state after system receives the DHCP request of subscriber's main station, at this moment set for user Treat IP address timer, if automated validation user, request radius client is authenticated user.
Without IP:In access init state, if certification by and before having selected rate, there are no with obtaining IP Location, user are put into this state.
Without IP without rate:In access init state, user is by certification but does not obtain IP address, without selection rate Before, it is put into this state.Access can be there are one portal website, and user can select short-term note to take mode above, If there is this user just has such a state.There is no this application, this state will not be entered, because this is according to certification As a result determine.The result that certification is taken back does not require sorting charge rate, no IP states is just directly entered, if it is desired to which rate is selected just to limit When access PORTAL WEB(Portal website)Timer.
No certification:In access init state, IP address is obtained, does not obtain authentication result, if WEB certifications are just set Access PORTAL web timers, automated validation just sets etc. to be certified by timer, and enters this state.At this moment it also to rise Dynamic timing detection mechanism.
Without rate:Certification passes through, but to select rate, and obtain IP address in portal website, is put into this state.And PORTAL WEB are accessed when limiting(Portal website)Timer.
Record keeping starts:It initiating to keep accounts for user and starts to wrap, during but without receiving response, being put into this state.And it sets It waits for keeping accounts and starts timer.
Access:It is begun to respond to or after not certification user obtains IP address when receiving record keeping, is put into this state.This When user can access system provide service, start to access.
Timed events during dynamic access user status transferring are as follows:
Wait for IP address timers trigger:User access initialization, without IP, without IP without rate state, this timers trigger, Just subscriber data is deleted, user, which reenters, does not have access state.
Pass through timers trigger etc. to be certified:User is not having authentication state, this timers trigger just deletes subscriber data It removes, user, which reenters, does not have access state.
Access PORTAL web timers triggers:User no rate, without IP without rate, do not have authentication state, this timing Device triggers, and just deletes subscriber data, user, which reenters, does not have access state.
It waits for keeping accounts and starts timers trigger:User is in record keeping beginning state, this timers trigger, just by subscriber data It deletes, user, which reenters, does not have access state.
Action during dynamic access user status transferring is as follows:
Receive DHCPdecline:User access initialization, without IP, without rate without IP states, when receiving DHCPdecline, just Subscriber data is deleted, user, which reenters, does not have access state.
Receive DHCPrelease:User no certification, without rate, keep accounts start, access state when, when receiving DHCPrelease just deletes subscriber data, needs the accounting of user kept accounts, and user, which reenters, does not have access state.
Detect that subscriber's main station disconnects:After user obtains IP address, on-line checking mechanism has been begun to, because This, no certification, without rate, keep accounts start, access state when, when detecting that subscriber's main station disconnects, just by subscriber data It deletes, needs the accounting of user kept accounts, user, which reenters, does not have access state.
Certification user is actively offline from PORTAL web:When user is in access state, if portal website's offer is offline Function, user can be offline by this function, and system is accounting of user, and user, which reenters, does not have authentication state.And it resets PORTAL web timers are accessed in limited time.
The IP rental periods arrive:User no certification, without rate, keep accounts start, access state when, when receiving DHCPrelease, just Subscriber data is deleted, needs the accounting of user kept accounts, user, which reenters, does not have access state.
The longest inactive time arrives:User no certification, without rate, keep accounts start, access state when, when detecting user Maximum idle time arrives, and just deletes subscriber data, needs the accounting of user kept accounts, and user, which reenters, does not have access state.
System exception:User no certification, without rate, keep accounts start, access state when, system occurs abnormal, will just use Family data is deleted, and needs the accounting of user kept accounts, user, which reenters, does not have access state.
The turn-on time of user's selection arrives:When user is in access state, after the turn-on time of user's selection arrives, system For accounting of user, user reenters no rate state.
Second example, as shown in figure 3, static accessing user's state transition process.
The User Status of static accessing user's state transition process is as follows:
Do not access:There is no the data of user in system, for system, at this moment user is in does not have access state.
Access initialization:This state is put into after not having access state, system to receive first IP packet of Client-initiated. In this state, if WEB certifications, which are just set, accesses PORTAL web timers, automated validation, which is just set, etc. to be certified passes through timing Device.At this moment timing detection mechanism is also started.
Without rate:Certification passes through, and to select rate in portal website, is put into this state.And it is accessed when limiting PORTAL WEB(Portal website)Timer.
Record keeping starts:It initiating to keep accounts for user and starts to wrap, during but without receiving response, being put into this state.And it sets It waits for keeping accounts and starts timer.
Access:When receive record keeping begin to respond to or not certification user start testing mechanism after, be put into this state.This When user can access system provide service, start to access.
The timed events of static accessing user's state transition process are as follows:
Pass through timers trigger etc. to be certified:User is not having authentication state, this timers trigger just deletes subscriber data, User, which reenters, does not have access state.
Access PORTAL web timers triggers:User existsNo rate there is not certificationState, this timers trigger just will Subscriber data is deleted, and user reentersDo not accessState.
It waits for keeping accounts and starts timers trigger:User existsRecord keeping startsState, this timers trigger, just by subscriber data It deletes, user reentersDo not accessState.
The action of static accessing user's state transition process is as follows:
Detect that subscriber's main station disconnects:When user is in access initialization, on-line checking mechanism has been begun to, therefore, No certification, without rate, keep accounts start, access state when, when detecting that subscriber's main station disconnects, just subscriber data is deleted, The accounting of user kept accounts is needed, user, which reenters, does not have access state.
Certification user is actively offline from PORTAL web:When user is in access state, if portal website's offer is offline Function, user can be offline by this function, and system is accounting of user, and user, which reenters, does not have authentication state.And it resets PORTALweb timers are accessed in limited time.
The longest inactive time arrives:User no certification, without rate, keep accounts start, access state when, when detecting user Maximum idle time arrives, and just deletes subscriber data, needs the accounting of user kept accounts, and user, which reenters, does not have access state.
System exception:User no certification, without rate, keep accounts start, access state when, system occurs abnormal, will just use Family data is deleted, and needs the accounting of user kept accounts, user, which reenters, does not have access state.
The turn-on time of user's selection arrives:When user is in access state, after the turn-on time of user's selection arrives, system For accounting of user, user reenters no rate state.
Third example, as shown in figure 4, on-line checking mechanism state transition process.
For accessing user, as long as having had IP address, on-line checking mechanism is just started, on-line checking is carried out to it, The purpose of detection is to determine whether subscriber's main station is offline, whether maximum idle time arrives, whether the IP rental periods arrive, the maximum service time Whether arrive.Whether the maximum service time arrives only effective to the user for beginning of having kept accounts.
The state of on-line checking mechanism state transition process is as follows:
On-line checking starts:After subscriber's main station obtains IP address, on-line checking mechanism is just started, is put into this state. This state will set up a determining subscriber's main station type timer.
Determine user type:When determining subscriber's main station type clocked flip, the on-line checking just state since on-line checking Move to this state.In this state, detection machine manufacture one it is simple measure, test subscriber's main station whether response IC MP ECHO, it must send out 3-5 ICMP request to subscriber's main station in time interval that method, which is, if subscriber's main station can be received ICMP ECHO, then subscriber's main station with regard to response IC MP ask, just subscriber's main station is detected with ICMP later.Otherwise it just uses ARP invites to be detected subscriber's main station.A timer for waiting for PING responses is set up in this state.
Detect ICMP modes:Testing mechanism is determining user type state, if receive PING response, just set up one Line detects timer, and into this state, the detection of ICMP modes is started to user.
User's on-line checking(ICMP):Testing mechanism is when detecting ICMP mode states, on-line checking timers trigger, just Into this state, in this state, user is detected in a manner that flow and ICMP requests are combined.The step of detection It is as follows:
1)There is flow;Have and turn 2), do not turn 5);
2)Service time to;Less than turn 3), to turn 7);
3)The IP rental periods to;Less than turn 4), to turn 6);
4)On-line checking timer is reseted, and enters detection ICMP mode states;
5)Maximum idle time to;Less than turn 9), to turn 10);
6)If IP rental period timers(Timer when a length of remaining IP rental periods), turn 4);
7)The IP rental periods to;Less than turn 8), to turn 6);
8)Service timer when limiting(Timer when a length of remaining service time), turn 4);
9)3-5 ICMP request is sent out, and set and wait for PING response timing devices to subscriber's main station.Turn 11);
10)Terminate state into on-line checking;
11)Receive PING responses;It receives and turns 12), the triggering of PING response timings device is waited for turn 10);
12)KILL waits for PING response timing devices, turns 4).
Detect ARP modes:Testing mechanism is determining user type state, if waiting for the triggering of PING response timings device, just An on-line checking timer is set up, into this state, the detection of ARP modes is started to user.
User's on-line checking(ARP):Testing mechanism is when detecting ARP mode states, on-line checking timers trigger, just into Enter this state, in this state, user is detected in a manner that flow and ARP request are combined.The step of detection, is such as Under:
1)There is flow;Have and turn 2), do not turn 5);
2)Service time to;Less than turn 3), to turn 7);
3)The IP rental periods to;Less than turn 4), to turn 6);
4)On-line checking timer is reseted, and is enteredDetect ARP modesState;
5)Maximum idle time to;Less than turn 9), to turn 10);
6)If IP rental period timers(Timer when a length of remaining IP rental periods), turn 4);
7)The IP rental periods to;Less than turn 8), to turn 6);
8)Service timer when limiting(Timer when a length of remaining service time), turn 4);
9)3-5 ARP request is sent out to subscriber's main station, and sets and waits for arp response timer.Turn 11);
10)IntoOn-line checking terminatesState;
11)Receive arp response;It receives and turns 12), arp response timers trigger is waited for turn 10);
12)KILL waits for arp response timer, turns 4).
On-line checking terminates:On-line checking mechanism is in detection ICMP modes and detection ARP modes, IP rental periods and in limited time clothes Business timers trigger, is put into this state.In user's on-line checking(ICMP)With user's on-line checking(ARP)During state, go out Existing system exception, maximum idle time arrive and wait for PING to respond or wait for arp response timers trigger, also into this shape State.In this state, notice access system is detected the testing result of user.Access system is according to the configuration of system(Depending on specific Situation), do corresponding processing.Should keep accounts it is offline just keep accounts it is offline, it should carry out state transition, carry out state moved It moves, and carries out the setting of state flag bit.
The timed events of on-line checking mechanism state transition process are as follows:
Customer type detects timers trigger:Testing mechanism starts state in on-line checking, this timers trigger, will just detect The state transition of mechanism is to determining user type state.The purpose for setting up this timer, which is that dynamic is careful in order to prevent, asks address Subscriber's main station when just obtaining address, is not responding to ICMP requests.If a timer, can after subscriber's main station obtains address, After a period of time ICMP requests are sent out to it again.
Wait for the triggering of PING response timings device:Testing mechanism is determining user type state, this timers trigger, just will The state transition of testing mechanism to detection ARP mode states.In user's on-line checking(ICMP)State, just by the shape of testing mechanism State moves to on-line checking and terminates state.The purpose of this timer be in order to receive response within the regular hour, if Response is not received within the regular hour, this timer can just trigger, and when a response is received, this timer just " is killed Fall ", that is, it is deleted.
Wait for arp response timers trigger:Testing mechanism is in user's on-line checking(ARP)State, just by testing mechanism State transition terminates state to on-line checking.The purpose of this timer is in order to receive response within the regular hour, such as Fruit does not receive response within the regular hour, this timer can just trigger, when a response is received, this timer just by " killing " is deleted.
On-line checking timers trigger:Testing mechanism is detecting ICMP mode states, just by the state transition of testing mechanism To user's on-line checking(ICMP)State.In detection ARP mode states, just the state transition of testing mechanism to user is examined online It surveys(ARP)State.
The action of on-line checking mechanism state transition process is as follows:
Receive ping response:Testing mechanism is determining user type state, receives PING responses, just by state transition to detection ICMP mode states.In user's on-line checking(ICMP)During state, PING responses are received, just again by state transition to detection ICMP mode states.
Receive arp response:Testing mechanism is determining user type state, receives arp response, just by state transition to detection ARP mode states.In user's on-line checking(ARP)During state, arp response is received, just again by state transition to detection ARP side Formula state.
There is flow:Testing mechanism is in user's on-line checking(ICMP)State, just by the state transition of testing mechanism to detection ICMP mode states.In user's on-line checking(ARP)State, just by the state transition of testing mechanism to detection ARP mode states.
Free time arrives:In user's on-line checking(ICMP)Or user's on-line checking(ARP)During state, maximum idle time It arrives, the state transition of testing mechanism is just terminated into state to on-line checking.
System exception:In user's on-line checking(ICMP)Or user's on-line checking(ARP)During state, there is exception in system, The state transition of testing mechanism is just terminated into state to on-line checking.

Claims (1)

  1. A kind of 1. method of broadband cut-in user managing, it is characterised in that include the following steps:
    The first step is accessed by dynamic application way or static allocation mode;
    Dynamic application way accesses, and the mode that client computer is obtained to address on a client is appointed as dynamically distributing, and client computer is only IP address can just be got by the dhcp relay agent on access server by having;
    Static allocation mode accesses, and an appointed IP address is distributed for client computer;
    Second step carries out access authentication using WEB authentication modes or automated validation mode;
    WEB certifications refer to that user inputs the username and password of oneself by a website, and username and password is sent to by website Access server(BNAS), certification is responsible for by the radius client on access server;
    Automated validation is VLAN, access interface and MAC Address of the access server according to the accessing user obtained automatically, is automatically User generates username and password, is then delivered to radius client request certification;
    Decided whether that client computer is allowed to access according to the authentication result that radius client is sent back to;
    Third step access detection;
    Access verification is carried out to each packet of user's access;If user by certification, and receive from client or Data information in the packet of whereabouts client is consistent with the data of user to allow for packet to pass through, and set flux scale for this user Otherwise will abandons;
    The flow mark of accessing user is looked into, if there is flow mark, just removes this mark;If there is no flow mark, just to User sends out ICMP packets or ARP packets, if not receiving response turns out the already off connection of user, at this moment just under accounting of user Line carries out offline processing to user;
    If receiving response, whether the service time for just looking into user arrives, just offline for accounting of user if service time arrives, right User carries out offline processing;
    If service time does not arrive, whether the maximum standby time for just looking into user arrives, if expired, just under accounting of user Line carries out offline processing to user;
    If the standby time of user does not arrive, whether the IP rental periods for just looking into user arrive, just offline for accounting of user if arrived, Offline processing is carried out to user;
    If the IP rental periods do not arrive, timing assay intervals timer is just reseted;
    4th step is kept accounts and offline processing;
    When user offline, the online hours of user, flow etc. are sent to radius client request and kept accounts, and do by access system Offline processing.
CN201711497405.0A 2017-12-31 2017-12-31 Broadband cut-in user managing method Pending CN108156168A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711497405.0A CN108156168A (en) 2017-12-31 2017-12-31 Broadband cut-in user managing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711497405.0A CN108156168A (en) 2017-12-31 2017-12-31 Broadband cut-in user managing method

Publications (1)

Publication Number Publication Date
CN108156168A true CN108156168A (en) 2018-06-12

Family

ID=62460669

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711497405.0A Pending CN108156168A (en) 2017-12-31 2017-12-31 Broadband cut-in user managing method

Country Status (1)

Country Link
CN (1) CN108156168A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1450766A (en) * 2002-04-10 2003-10-22 深圳市中兴通讯股份有限公司 User management method based on dynamic mainframe configuration procotol
CN1491013A (en) * 2002-10-14 2004-04-21 深圳市中兴通讯股份有限公司 Broadband cut-in user managing method
CN1523815A (en) * 2003-02-21 2004-08-25 北京润汇科技有限公司 Customer access management system for wideband network
CN1553674A (en) * 2003-05-26 2004-12-08 广东省电信有限公司科学技术研究院 Method for wideband connection server to obtain port numbers of its uers

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1450766A (en) * 2002-04-10 2003-10-22 深圳市中兴通讯股份有限公司 User management method based on dynamic mainframe configuration procotol
CN1491013A (en) * 2002-10-14 2004-04-21 深圳市中兴通讯股份有限公司 Broadband cut-in user managing method
CN1523815A (en) * 2003-02-21 2004-08-25 北京润汇科技有限公司 Customer access management system for wideband network
CN1553674A (en) * 2003-05-26 2004-12-08 广东省电信有限公司科学技术研究院 Method for wideband connection server to obtain port numbers of its uers

Similar Documents

Publication Publication Date Title
US10341243B2 (en) Systems and methods for providing content and services on a network system
AU751475B2 (en) Method and apparatus to control a client in a communications network
US7941544B2 (en) Session manager for web-based applications
US7437552B2 (en) User authentication system and user authentication method
US6738813B1 (en) System and method for monitoring performance of a server system using otherwise unused processing capacity of user computing devices
US8266269B2 (en) Systems and methods for providing content and services on a network system
CN102739684B (en) Portal authentication method based on virtual IP address, and server thereof
WO2010013251A1 (en) Internet control management and accounting in a utility computing environment
CN103997479B (en) A kind of asymmetric services IP Proxy Methods and equipment
CN109510878A (en) A kind of long connection session keeping method and device
CN101335652A (en) Status detection method, apparatus and system of dynamic host configuring protocol
CN100409645C (en) Broadband cut-in user managing method
CN101087232B (en) An access method, system and device based on Ethernet point-to-point protocol
CN107277043A (en) Network admittance control system based on cluster service
WO2007137482A1 (en) Charging method, system and device in interoperability network of global microwave system
CN108156168A (en) Broadband cut-in user managing method
JP2003296208A (en) Server system, service providing method using server system, program for receiving service from server system, and recording medium recorded with the program
CN1801703B (en) Method for broadband network access authentication
JP2007310604A (en) Method for reducing illegal access load of access server
CN109698840A (en) Detect DHCP malicious event method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180612

RJ01 Rejection of invention patent application after publication