CN108183910A - ONU equipment authentication method, OLT device and ONU equipment Verification System - Google Patents
ONU equipment authentication method, OLT device and ONU equipment Verification System Download PDFInfo
- Publication number
- CN108183910A CN108183910A CN201810001380.9A CN201810001380A CN108183910A CN 108183910 A CN108183910 A CN 108183910A CN 201810001380 A CN201810001380 A CN 201810001380A CN 108183910 A CN108183910 A CN 108183910A
- Authority
- CN
- China
- Prior art keywords
- onu equipment
- dhcp message
- processor
- target
- vlan
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000012795 verification Methods 0.000 title claims abstract description 9
- 238000004891 communication Methods 0.000 claims description 9
- 230000003287 optical effect Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000005538 encapsulation Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000630 rising effect Effects 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention provides a kind of ONU equipment authentication method, OLT device and ONU equipment Verification System, and method is applied to OLT device.Method includes:PON chips receive the first DHCP message that target ONU equipment to be certified is sent, and are sent to processor;Processor obtains the MAC Address of target ONU equipment according to the first DHCP message, and the MAC Address is inserted into the predeterminated position of the first DHCP message, obtains the second DHCP message;Second DHCP message is sent to server by processor, and server is made to be authenticated according to the MAC Address of target ONU equipment to target ONU equipment, and distributes IP address for target ONU equipment by rear in certification.In this way, unified certification can be carried out to the ONU equipment for accessing each OLT device.
Description
Technical field
The present invention relates to field of communication technology, in particular to a kind of ONU equipment authentication method, OLT device and ONU
Device authentication system.
Background technology
In EPON (Ethernet Passive Optical Network, Ethernet passive optical network), need to dock
ONU (Optical Network Unit, the optical network unit) equipment entered is authenticated, when certification by when, which can
Normally to reach the standard grade, otherwise, which can not reach the standard grade.However, existing ONU equipment certification is typically in OLT (Optical
Line Terminal, optical line terminal) it realizes in equipment, it needs to be configured accordingly in every OLT device, using rising
Come more complicated.
Invention content
In view of this, the purpose of the present invention is to provide a kind of ONU equipment authentication method, applied to ONU equipment and clothes
The OLT device of business device communication connection, OLT device includes processor and at least one PON chips, method include:
PON chips receive the first DHCP message that target ONU equipment to be certified is sent, and the first DHCP message is sent
To processor;
Processor obtains the MAC Address of target ONU equipment according to the first DHCP message, and MAC Address is inserted into first
The predeterminated position of DHCP message obtains the second DHCP message;
Second DHCP message is sent to server by processor, makes server according to the MAC Address of target ONU equipment to mesh
Mark ONU equipment is authenticated, and distributes IP address for target ONU equipment by rear in the certification of target ONU equipment.
Another object of the present invention is to provide a kind of OLT device, OLT device is connect with ONU equipment and server communication,
OLT device includes processor and at least one PON chips;
PON chips receive the first DHCP message that target ONU equipment to be certified is sent, and the first DHCP message is sent
To processor;
Processor obtains the MAC Address of target ONU equipment according to the first DHCP message, and MAC Address is inserted into first
The predeterminated position of DHCP message obtains the second DHCP message;
Second DHCP message is sent to server by processor, makes server according to the MAC Address of target ONU equipment to mesh
Mark ONU equipment is authenticated, and distributes IP address for target ONU equipment by rear in the certification of target ONU equipment.
Another object of the present invention is to provide a kind of ONU equipment Verification System, system includes server and the present invention is real
The OLT device of example offer is provided;
Server is used to receive the second DHCP message that the processor of OLT device is sent, from the default of the second DHCP message
Location resolution goes out the MAC Address of target ONU equipment, when the legal MAC Address of configuration includes the MAC Address, determines target
ONU equipment certification passes through, and distributes IP address for target ONU equipment.
ONU equipment authentication method provided in an embodiment of the present invention, OLT device and ONU equipment Verification System, by waiting to recognize
The MAC Address of the ONU equipment is inserted into the DHCP message that the target ONU equipment of card is sent and is sent to server, so that service
Device is authenticated the ONU equipment based on the MAC Address, and distributes IP address for the target ONU equipment by rear in certification.Such as
This, the ONU equipment that can be linked into each OLT device carries out unified certification, from without being recognized in each OLT device again
The configuration of rule is demonstrate,proved, is applied more easy.
Description of the drawings
It in order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range, for those of ordinary skill in the art, without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is a kind of interaction schematic diagram of ONU equipment Verification System provided in an embodiment of the present invention;
Fig. 2 is a kind of connection relationship diagram of OLT device provided in an embodiment of the present invention;
Fig. 3 is a kind of flow diagram of ONU equipment authentication method provided in an embodiment of the present invention;
Fig. 4 is the another flow diagram of ONU equipment authentication method provided in an embodiment of the present invention;
Fig. 5 is the another flow diagram of ONU equipment authentication method provided in an embodiment of the present invention.
Icon:10-ONU device authentication systems;100-OLT equipment;110- processors;120-PON chips;130- exchanges core
Piece;200- servers;300-ONU equipment;400- optical splitters.
Specific embodiment
Purpose, technical scheme and advantage to make the embodiment of the present invention are clearer, below in conjunction with the embodiment of the present invention
In attached drawing, the technical solution in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, instead of all the embodiments.The present invention being usually described and illustrated herein in the accompanying drawings is implemented
The component of example can be configured to arrange and design with a variety of different.
Therefore, below the detailed description of the embodiment of the present invention to providing in the accompanying drawings be not intended to limit it is claimed
The scope of the present invention, but be merely representative of the present invention selected embodiment.Based on the embodiments of the present invention, this field is common
Technical staff's all other embodiments obtained without creative efforts belong to the model that the present invention protects
It encloses.
It should be noted that:Similar label and letter represents similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need to that it is further defined and explained in subsequent attached drawing.
When ONU equipment is linked into OLT device, it is desirable to can normally reach the standard grade, and not have by the legal ONU equipment of certification
There is the ONU equipment authenticated that cannot then reach the standard grade when accessing privately.Therefore, it is necessary to the ONU equipments to access to be authenticated.It is existing
Way is that each OLT device is individually authenticated the ONU equipment that it is connected, however, in practical applications, OLT device is very
It is more, it needs to be configured in each OLT device, cumbersome, it is very inconvenient to use.
Through inventor the study found that ONU equipment to be allowed normally to be reached the standard grade, it is required for by corresponding DHCP (Dynamic Host
Configuration Protocol, dynamic host configuration protocol) server distributes IP address for the ONU equipment, in this way, being somebody's turn to do
ONU equipment can access operator network.And it is ONU equipment distribution IP address, it usually needs realize by DHCP message.
Therefore in the present embodiment, inventor is based on the studies above, selects to carry for the authentication information of certification ONU equipment
In DHCP message and be sent to corresponding Dynamic Host Configuration Protocol server, by the Dynamic Host Configuration Protocol server be based on authentication information to the ONU equipment into
Row certification just distributes IP address by rear in certification for the ONU equipment, so that the ONU equipment can normally reach the standard grade, so as to fulfill
Unified certification to the ONU equipment that each OLT device is connected.
Referring to Fig. 1, Fig. 1 is a kind of connection block diagram of ONU equipment Verification System 10 provided in an embodiment of the present invention.ONU
Device authentication system 10 includes server 200, OLT device 100 and ONU equipment 300, and server 200 and ONU equipment 300 are distinguished
It is communicated to connect with OLT device 100.Wherein, server 200 refers to the Dynamic Host Configuration Protocol server to distribute IP address with ONU equipment 300.
Optionally, OLT device 100 can be communicated to connect with multiple ONU equipments 300.
Referring to Fig. 2, a kind of Fig. 2 connection relationship diagrams of OLT device 100 provided in an embodiment of the present invention, OLT device
100 include processor (Central Processing Unit, CPU) 110 and at least one PON (Passive Optical
Network, passive optical-fiber network) chip 120, each 120 communication link of PON chips is connected at least one ONU equipment 300.
Optionally, ONU equipment 300 can be connected to corresponding PON chips 120 by optical splitter 400.
In the present embodiment, PON chips 120 can be communicated to connect directly with processor 110, can also pass through exchange
(Switch) chip 130 is communicated to connect with processor 110.That is, OLT device 100 can also include exchange chip 130, exchange
Chip 130 is communicatively coupled between at least one PON chips 120 and processor 110, for will be at least one according to forwarding table
The data message that PON chips 120 are sent is forwarded from corresponding port.
Referring to Fig. 3, Fig. 3 is a kind of ONU equipment authentication method provided in an embodiment of the present invention, ONU equipment authentication method
Applied to OLT device 100 shown in Fig. 2.The specific steps of ONU equipment authentication method and flow will be elaborated below.
Step S110, PON chip 120 receives the first DHCP message that target ONU equipment to be certified is sent, and by first
DHCP message is sent to processor 110.
Wherein, target ONU equipment to be certified is the ONU equipment 300 referred to the accession to after OLT device not yet Jing Guo certification.
In the present embodiment, the DHCP Snooping functions of OLT device 100 are opened.
After the DHCP Snooping functions of OLT device 100 are opened, each PON chips 120 in OLT device 100
Processor 110 can will be sent in the DHCP message received.
In the present embodiment, PON chips 120 can will be sent by exchange chip 130 in the first DHCP message received
To processor 110, will directly processor 110 can also be sent in the first DHCP message received.
Wherein, target ONU equipment is sent to the first DHCP message of PON chips 120 and includes PON chips 120 for target
The logical links label (Logical Link Identifier, LLID) of ONU equipment distribution, logical links label and target
The MAC Address of ONU equipment is corresponding.That is, logic-based link indicia can distinguish ONU equipment, it is also possible to obtain phase
Answer the MAC Address of ONU equipment.
Therefore, when the first DHCP message received is directly sent to processor 110 by PON chips 120, processor
110 can also therefrom parse logical links label, and then obtain and go out target ONU equipment according to the logical links label lookup
MAC Address.
When PON chips 120 by exchange chip 130 by processor 110 is sent in the first DHCP message received when, meaning
Taste, which PON chips 120, to be first transmitted to exchange chip 130 by the first DHCP message received.However, PON chips 120 with
The DHCP message transmitted between exchange chip 130 will not carry logical links label, and therefore, processor 110 can not be according to logic
Link indicia determines the MAC Address of target ONU equipment.
In addition, PON chips 120 to exchange chip 130 send the first DHCP message before, can to the first DHCP message into
Row encapsulation, that is, the information of port that PON chips 120 are connect with exchange chip 130 can be added to the report of the first DHCP message
In literary head, so that it is which PON chip 120 is sent, and then accurately that exchange chip 130, which can distinguish the first DHCP message,
The corresponding response message of first DHCP message is sent to PON chips 120.
That is, after above-mentioned encapsulation, processor 110 can only know which PON is the first DHCP messages be by
What chip 120 was sent, can not further distinguish the first DHCP message is which ONU equipment connected by PON chips 120
300 transmissions, the information of target ONU equipment also can not be just got, and then cause server 200 that can not get target ONU
The information of equipment also can not be just authenticated.
Therefore, in the present embodiment, PON chips 120 are configured as the forward-path of DHCP message without exchange core
Piece 130 is forwarded directly to CPU.
Step S120, processor 110 obtain the MAC Address of target ONU equipment according to the first DHCP message, and by MAC
Location is inserted into the predeterminated position of the first DHCP message, obtains the second DHCP message.
In the present embodiment, target ONU equipment is sent to the messages of PON chips 120 and carries mesh (including DHCP message)
The logical links label of ONU equipment is marked, logical links label is corresponding with the MAC Address of target ONU equipment.In PON chips 120
The incidence relation being stored between logical links label and the MAC Address of target ONU equipment.
Therefore, when processor 110 receives the first DHCP message that PON chips 120 directly transmit, it can be parsed
In logical links label, and then determine with the corresponding MAC Address of logical links label, that is, the MAC of target ONU equipment
Address.
Thus, optionally, in step S120, processor 110 obtains the MAC of target ONU equipment according to the first DHCP message
The step of address, can include following sub-step:
The logical links label of target ONU equipment is parsed from the first DHCP message;
The MAC Address for determining target ONU equipment is marked according to logical links.
In the present embodiment, logical links label distributes acquisition by PON chips 120, in detail, target ONU equipment certification
Method can also include the following steps:
PON chips 120 distribute logical links label when detecting that ONU equipment 300 accesses, for ONU equipment 300, will divide
The logical links label matched is associated with the MAC Address of ONU equipment 300 and records.
In the present embodiment, predeterminated position can be any one of the optional parameters domain (options) in DHCP message
Position.Options is a field in DHCP message, which is a variable length field, can include multiple options, example
Such as, DHCP Option 82, DHCP Option 60, DHCP Option 43 etc..Wherein, each option is in options fields
Different location, e.g., DHCP Option 82 are the last one options of options fields.
In the present embodiment, MAC Address can be inserted into any one option of options fields by processor 110.
By taking DHCP Option 82 as an example, DHCP Option 82 are also known as relay agent information option, which can be used for
Record the location information of dhcp client (that is, target ONU equipment).In practical applications, DHCP Snooping equipment or DHCP
Trunking can add this option of DHCP Option 82 in the DHCP message received.
Thus, in step S120, MAC Address is inserted into the predeterminated position of the first DHCP message by processor 110, obtains
The step of two DHCP messages, can be achieved by the steps of:
MAC Address is encapsulated into the relay agent information option of the first DHCP message by processor 110, obtains the 2nd DHCP
Message.
Each option of Options fields includes multiple sub- options, for example, DHCP Option 82 can include circuit
(circuit) ID options, long-range (remote) ID options and the sub- option of link selection etc..Multiple sub- options are according to certain suitable
Sequence arranges, and e.g., circuit ID options are first sub- options of DHCP Option 82.
In the present embodiment, MAC Address can be inserted into any one sub- option of any one option by processor 110
In, as long as the content-defined ONU to send the first DHCP message of the sub- option is set on processor 110 and server 200
The MAC Address of standby 300 (dhcp clients).
Still by taking DHCP Option 82 as an example, MAC Address is encapsulated into the middle subculture of the first DHCP message by processor 110
The step of managing in information option, obtaining the second DHCP message, can be achieved by the steps of:
Processor 110 MAC Address is encapsulated into the relay agent information option of the first DHCP message the sub- options of circuit I D,
In the sub- option of remote ident or the sub- option of link selection, the second DHCP message is obtained.
It should be appreciated that in the present embodiment, the first DHCP message refers to that ONU equipment 300 is sent to PON chips 120
DHCP message, the second DHCP message refer to that being inserted into MAC Address or other can be used for after the authentication information of certification ONU equipment 300
DHCP message.
What deserves to be explained is after being inserted into information in the first DHCP message, it usually needs recalculate CRC in message and (follow
Ring redundancy check) field value, can just obtain the second DHCP message.
Second DHCP message is sent to server 200 by step S130, processor 110, makes server 200 according to target
The MAC Address of ONU equipment is authenticated target ONU equipment, and distributes IP address for target ONU equipment by rear in certification.
After processor 110 obtains the second DHCP message, the second DHCP message can be sent to server by processor 110
200。
After server 200 receives the second DHCP message, parse target ONU from the predeterminated position of the second DHCP message and set
Standby MAC Address, and the legitimacy of target ONU equipment is authenticated according to the MAC Address of target ONU equipment.
In the present embodiment, legal MAC Address can be configured in server 200, it is legal that server 200 can detect
MAC Address in whether include the MAC Address of target ONU equipment, if not including, it is determined that target ONU equipment is illegal, not for
Target ONU equipment distribute IP address, target ONU equipment also just can not access operator network, that is, can not reach the standard grade;If including,
Then determine that target ONU equipment is legal, and distributes IP address for target ONU equipment, that is, target ONU equipment is allowed to reach the standard grade.
In the present embodiment, the second DHCP message includes the first VLAN (Virtual Local Area Network, void
Intend LAN) label (Tag), to characterize the first VLAN where target ONU equipment.After the second DHCP message is obtained,
Second DHCP message can be sent to server 200 by processor 110.
During the second DHCP message is from processor 110 to server 200, the second DHCP message can be along the first VLAN
Corresponding path transmission.That is, it can only be transmitted in the first VLAN.
The label of first VLAN includes the VLAN ID for identifying target ONU equipment, and VLAN ID have 12, Zong Gongke
For distinguishing 4096 VLAN, after two VLAN ID for retaining VLAN0 (being all 0) and VLAN4095 (being all 1) in agreement,
It may be only used for distinguishing 4094 VLAN.In other words, in the case where only including the first VLAN, 4094 may only be distinguished
VLAN。
However, each OLT device 100 is connected with multiple ONU equipments 300, each ONU equipment 300 can be supported respectively again
The different business of kind, needs a large amount of VLAN different users and different business is isolated, 4094 VLAN are far from enough
's.
Therefore, it under certain application scenarios, needs on the basis of the first VLAN, adds the 2nd VLAN, with increase can be with
The VLAN quantity of differentiation.That is, available VLAN quantity is extended using QinQ technologies.In QinQ technologies, usual
One VLAN is referred to as inner VLAN, and the 2nd VLAN is referred to as outside VLAN.
Correspondingly, after the division for carrying out the 2nd VLAN, processor 110 is needed the along the corresponding paths of the 2nd VLAN
Two DHCP messages are sent to server 200, and server 200 can also send out corresponding response message along the corresponding paths of the 2nd VLAN
OLT device 100 is sent to, and then is sent to target ONU equipment.And in repeating process, it needs to carry according in the second DHCP message
The label of the 2nd VLAN determine the 2nd VLAN.If the label of the 2nd VLAN is not carried in the second DHCP message, the 2nd DHCP
Message will be unable to be sent to server 200, also can not just complete certification, distributes and fails so as to cause IP address.
In practical applications, since the realization of QinQ technologies is more complicated, PON chips 120 and 300 chip of ONU equipment without
Method is realized, it usually needs is realized on exchange chip 130.
However, in the present embodiment, in order to ensure processor 110 can parse MAC Address from the first DHCP message,
It needs that PON chips 120 is controlled the first DHCP message directly not to be sent to processor 110 by exchange chip 130, in other words,
There is no the label of the 2nd VLAN in the first DHCP message that processor 110 receives, correspondingly, processor 110 just can not be by
Two DHCP messages are sent to server 200, and response message can not be also sent to target ONU equipment, also just can not by server 200
IP address is distributed for target ONU equipment.
Therefore, before the second DHCP message is sent to server 200, processor 110 also needs to determine that target ONU is set
2nd VLAN at standby place, and the label carrying of the 2nd VLAN is sent to server 200 in the second DHCP message.
As a kind of mode to solve the above problems, as shown in figure 4, after step silo, before step S120, method
It can also include step S140, step S150 and tri- steps of step S160.
Step S140, processor 110 are made according to the PON chips 120 that the first DHCP message determines to connect with target ONU equipment
For target PON chips 120, and the first VLAN according to where the first DHCP message determines target ONU equipment.
During implementation, logical links label of the processor 110 in the second DHCP message determines target ONU equipment, and then
Using the PON chips 120 being connect with target ONU equipment as target PON chips 120.
The label of the first VLAN where target ONU equipment is carried in second DHCP message, parses the label, you can
Determine the first VLAN where target ONU equipment.
Step S150, processor 110 access the port and/or first of exchange chip 130 according to target PON chips 120
VLAN determines the 2nd VLAN where target ONU equipment.
Wherein, the port of the access of target PON chips 120 exchange chip 130 refers to target PON chips 120 and exchange chip
130 connected ports.For ease of description, in the present embodiment, the port that PON chips 120 are accessed to exchange chip 130 is about set to
OLT ports.
Configuration information corresponding with OLT ports is configured in exchange chip 130, which includes the 2nd VLAN's
Division rule.During implementation, can be based on division rule, according to target PON chips 120 access exchange chip 130 port and/or
First VLAN determines the 2nd VLAN where target ONU equipment.
It as a kind of embodiment, can be divided based on port, that is, being connected to the same end of exchange chip 130
The target PON chips 120 of mouth belong to same 2nd VLAN.In this situation, it can be exchanged according to what OLT ports connected
The port numbers of chip 130 determine the 2nd VLAN where target ONU equipment.
As another embodiment, can be divided based on the section of the first VLAN.For example, the first VLAN ranges 1
~1000 target ONU equipment belongs to the 2nd VLAN10, and the first VLAN1001~2000 belong to the 2nd VLAN20.In this feelings
It, can be according to the 2nd VLAN where the first VLAN where target ONU equipment determines target ONU equipment under shape.
As another embodiment, port can be based on and the first VLAN is divided jointly.In detail, for passing through PON
Chip 120 is connected to the ONU equipment 300 of same OLT ports, according to the section belonging to the first VLAN where the ONU equipment 300
Determine the 2nd VLAN where the ONU equipment 300.For example, for all ONU equipments 300, Ruo Qi for being connected to OLT ports 1
One VLAN is then divided into the 2nd VLAN30 in 0-100;For all ONU equipments 300 for being connected to OLT ports 2, if its
First VLAN is divided into the 2nd VLAN40 in 0-100.
Further, it is also possible to target ONU is determined based on the protocol number (ETYPE) carried in the DHCP message for entering OLT ports
2nd VLAN of equipment, for example, PC uses PPPOE (Point to Point over Ethernet, the point pair based on Ethernet
Point communications protocol), STB (Set Top Box, digital video switching box) is using IPoE (IP over Ethernet).
Step S160, the label of the 2nd VLAN is inserted into the first DHCP message by processor 110, so that server 200 can
The second DHCP message is received, and IP address is distributed for target ONU equipment based on the second DHCP message.
Since the second DHCP message is obtained after being inserted into the MAC Address of target ONU equipment in the first DHCP message, because
This, also includes the label of the 2nd VLAN in the second DHCP message.In this way, it can ensure that the second DHCP message along target ONU equipment
The corresponding paths of 2nd VLAN at place are sent to server 200, so that server 200 distributes IP address for target ONU equipment.
As another mode to solve the above problems, as shown in figure 5, before step S130, method can also include
Step S170, tri- steps of step S180 and step S190.
Step S170, processor 110 are made according to the PON chips 120 that the second DHCP message determines to be connected with target ONU equipment
For target PON chips 120, and the first VLAN according to where the second DHCP message determines target ONU equipment.
Wherein, processor 110 obtains the logical links label in the second DHCP message, and is marked and determined according to logical links
Target ONU equipment, and then using the PON chips 120 being connected with target ONU equipment as target PON chips 120.
The label of first VLAN where target ONU equipment is carried in first DHCP message, parsing obtain the label, you can
Determine the first VLAN where target ONU equipment.
Step S180, processor 110 access the port and/or first of exchange chip 130 according to target PON chips 120
VLAN determines the 2nd VLAN where target ONU equipment.
In the present embodiment, the specific implementation principle of step S180 and process are similar to step S150, and details are not described herein.
Step S190, the label of the 2nd VLAN is inserted into the second DHCP message by processor 110, so that server 200 can
The second DHCP message is received, and IP address is distributed for target ONU equipment based on the second DHCP message.
In this way, carrying the label of the 2nd VLAN in the second DHCP message, server 200 can be successfully transmitted to,
Server 200 is made to distribute IP address for target ONU equipment when certification passes through.
To sum up, ONU equipment authentication method provided in an embodiment of the present invention, OLT device 100 and ONU equipment Verification System 10,
By being inserted into the MAC Address of the ONU equipment 300 in the DHCP message of target ONU equipment transmission to be certified and being sent to clothes
Be engaged in device 200 so that server 200 is authenticated the ONU equipment 300 based on the MAC Address, and in certification by rear for the mesh
Mark ONU equipment distribution IP address.In this way, the ONU equipment 300 that can be linked into each OLT device 100 carries out unified certification, from
Configuration without being authenticated rule in each OLT device 100 again, applies more easy.
It these are only the preferred embodiment of the present invention, be not intended to restrict the invention, for those skilled in the art
For member, the invention may be variously modified and varied.Any modification for all within the spirits and principles of the present invention, being made,
Equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (15)
1. a kind of ONU equipment authentication method, which is characterized in that set applied to the OLT being connect with ONU equipment and server communication
Standby, the OLT device includes processor and at least one PON chips, the method includes:
The PON chips receive the first DHCP message that target ONU equipment to be certified is sent, and by first DHCP message
It is sent to the processor;
The processor obtains the MAC Address of the target ONU equipment according to first DHCP message, and by the MAC
Location is inserted into the predeterminated position of first DHCP message, obtains the second DHCP message;
Second DHCP message is sent to the server by the processor, makes the server according to the target ONU
The MAC Address of equipment is authenticated the target ONU equipment, and distributes IP for the target ONU equipment by rear in certification
Address.
2. according to the method described in claim 1, it is characterized in that, the MAC Address is inserted into described by the processor
The predeterminated position of one DHCP message, the step of obtaining the second DHCP message, including:
The MAC Address is inserted into the relay agent information option of first DHCP message by the processor, obtains institute
State the second DHCP message.
3. according to the method described in claim 2, it is characterized in that, the MAC Address is inserted into described by the processor
Step in the relay agent information option of one DHCP message, including:
The MAC Address is inserted into circuit I D of the relay agent information option of first DHCP message by the processor
In the sub- option of option, remote ident or the sub- option of link selection.
4. according to claim 1-3 any one of them methods, which is characterized in that first DHCP message includes the mesh
The logical links label of ONU equipment is marked, the logical links label and the target ONU equipment are stored in the PON chips
MAC Address between incidence relation;
The processor obtains the step of MAC Address of the target ONU equipment according to first DHCP message, including:
The logical links label of the target ONU equipment is parsed from first DHCP message;
The MAC Address for determining the target ONU equipment is marked according to the logical links.
5. according to the method described in claim 4, it is characterized in that, the method further includes:
The PON chips distribute logical links label when detecting ONU equipment access, for the ONU equipment, by the logic of distribution
Link indicia is associated with the MAC Address of the ONU equipment and records.
6. according to claim 1-3 any one of them methods, which is characterized in that the OLT device, which further includes, to be communicatively coupled to
Exchange chip between at least one PON chips and the processor;
After first DHCP message is sent to the processor by the PON chips, the processor obtains second
Before DHCP message, the method further includes:
The PON chips that the processor determines to connect with the target ONU equipment according to first DHCP message are as target
PON chips, and the first VLAN according to where first DHCP message determines the target ONU equipment;
The processor accesses the port of the exchange chip according to the target PON chips and/or the first VLAN is determined
The 2nd VLAN where the target ONU equipment;
The label of 2nd VLAN is inserted into first DHCP message by the processor, so that the server can receive
To second DHCP message, and based on second DHCP message IP address is distributed for the target ONU equipment.
7. according to claim 1-3 any one of them methods, which is characterized in that the OLT device, which further includes, to be communicatively coupled to
Exchange chip between at least one PON chips and the processor;
Before second DHCP message is sent to the server by the processor, the method further includes:
The PON chips that the processor determines to be connected with the target ONU equipment according to second DHCP message are as target
PON chips, and the first VLAN according to where second DHCP message determines the target ONU equipment;
The processor accesses the port of the exchange chip according to the target PON chips and/or the first VLAN is determined
The 2nd VLAN where the target ONU equipment;
The label of 2nd VLAN is inserted into second DHCP message by the processor, so that the server can receive
To second DHCP message, and based on second DHCP message IP address is distributed for the target ONU equipment.
8. a kind of OLT device, which is characterized in that the OLT device is connect with ONU equipment and server communication, the OLT device
Including processor and at least one PON chips;
The PON chips are used to receiving the first DHCP message that target ONU equipment to be certified is sent, and by the first DHCP
Message is sent to the processor;
The processor is used to obtain the MAC Address of the target ONU equipment according to first DHCP message, and by described in
MAC Address is inserted into the predeterminated position of first DHCP message, obtains the second DHCP message;
The processor is additionally operable to second DHCP message being sent to the server, makes the server according to the mesh
The MAC Address of mark ONU equipment is authenticated the target ONU equipment, and is divided in certification by rear for the target ONU equipment
With IP address.
9. OLT device according to claim 8, which is characterized in that the processor is by the way that the MAC Address is inserted into
In the relay agent information option of first DHCP message, second DHCP message is obtained.
10. OLT device according to claim 9, which is characterized in that the processor is by the way that the MAC Address is inserted into
To the sub- options of circuit I D, remote ident subitem or the link selection subitem of the relay agent information option of first DHCP message
In, obtain second DHCP message.
11. according to claim 8-10 any one of them OLT devices, which is characterized in that first DHCP message includes
The logical links of the target ONU equipment marks, and the logical links label and the target are stored in the PON chips
Incidence relation between the MAC Address of ONU equipment;
The processor is marked by parsing the logical links of the target ONU equipment from first DHCP message, so as to
The MAC Address of the target ONU equipment is obtained according to logical links label.
12. OLT device according to claim 11, which is characterized in that the PON chips are detecting ONU equipment access
When, it is additionally operable to distribute logical links label for the ONU equipment, by the logical links label of distribution and the MAC of the ONU equipment
Address is associated and records.
13. according to claim 8-10 any one of them OLT devices, which is characterized in that the OLT device further includes communication link
The exchange chip being connected between at least one PON chips and the processor;
After first DHCP message is sent to the processor by the PON chips, the processor obtains second
Before DHCP message, the processor is additionally operable to determine what is connect with the target ONU equipment according to first DHCP message
PON chips are as target PON chips, and first according to where first DHCP message determines the target ONU equipment
VLAN;
The processor is additionally operable to access the port and/or described first of the exchange chip according to the target PON chips
VLAN determines the 2nd VLAN where the target ONU equipment;
The processor is additionally operable to the label of the 2nd VLAN being inserted into first DHCP message, so that the server energy
Second DHCP message is enough received, and IP address is distributed for the target ONU equipment based on second DHCP message.
14. according to claim 8-10 any one of them OLT devices, which is characterized in that the OLT device further includes communication link
The exchange chip being connected between at least one PON chips and the processor;
Before second DHCP message is sent to the server by the processor, the processor is additionally operable to according to institute
It states the second DHCP message to determine with the PON chips that the target ONU equipment is connect as target PON chips, and according to described
Two DHCP messages determine the first VLAN where the target ONU equipment;
The processor is additionally operable to access the port and/or described first of the exchange chip according to the target PON chips
VLAN determines the 2nd VLAN where the target ONU equipment;
The processor is additionally operable to the label of the 2nd VLAN being inserted into second DHCP message, so that the server energy
Second DHCP message is enough received, and IP address is distributed for the target ONU equipment based on second DHCP message.
15. a kind of ONU equipment Verification System, which is characterized in that the system comprises any one of servers and claim 8-14
The OLT device;
The server is used to receive the second DHCP message that the processor of the OLT device is sent, and is reported from the 2nd DHCP
The predeterminated position of text parses the MAC Address of target ONU equipment, when the legal MAC Address of configuration includes the MAC Address,
It determines that the target ONU equipment certification passes through, and IP address is distributed for the target ONU equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810001380.9A CN108183910B (en) | 2018-01-02 | 2018-01-02 | ONU equipment authentication method, OLT equipment and ONU equipment authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810001380.9A CN108183910B (en) | 2018-01-02 | 2018-01-02 | ONU equipment authentication method, OLT equipment and ONU equipment authentication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108183910A true CN108183910A (en) | 2018-06-19 |
| CN108183910B CN108183910B (en) | 2020-12-08 |
Family
ID=62549814
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810001380.9A Active CN108183910B (en) | 2018-01-02 | 2018-01-02 | ONU equipment authentication method, OLT equipment and ONU equipment authentication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108183910B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101068145A (en) * | 2007-07-05 | 2007-11-07 | 杭州华三通信技术有限公司 | EPON network element configuration method and EPON |
| CN101252587A (en) * | 2008-04-18 | 2008-08-27 | 杭州华三通信技术有限公司 | User terminal access right identifying method and apparatus |
| JP2010199673A (en) * | 2009-02-23 | 2010-09-09 | Fujitsu Telecom Networks Ltd | System and method for authenticating user |
| US20110069953A1 (en) * | 2009-09-23 | 2011-03-24 | Salira Systems, Inc. | Docsis pon |
| CN103685257A (en) * | 2013-12-06 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | DHCP network protection system and method |
| CN105338125A (en) * | 2014-06-25 | 2016-02-17 | 华为技术有限公司 | Message processing method and apparatus |
-
2018
- 2018-01-02 CN CN201810001380.9A patent/CN108183910B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101068145A (en) * | 2007-07-05 | 2007-11-07 | 杭州华三通信技术有限公司 | EPON network element configuration method and EPON |
| CN101252587A (en) * | 2008-04-18 | 2008-08-27 | 杭州华三通信技术有限公司 | User terminal access right identifying method and apparatus |
| JP2010199673A (en) * | 2009-02-23 | 2010-09-09 | Fujitsu Telecom Networks Ltd | System and method for authenticating user |
| US20110069953A1 (en) * | 2009-09-23 | 2011-03-24 | Salira Systems, Inc. | Docsis pon |
| CN103685257A (en) * | 2013-12-06 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | DHCP network protection system and method |
| CN105338125A (en) * | 2014-06-25 | 2016-02-17 | 华为技术有限公司 | Message processing method and apparatus |
Non-Patent Citations (2)
| Title |
|---|
| 彭治湘: ""基于GPON的综合接入网研究及其工程实现"", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
| 郭浩: ""有线电视网络EPON ONU自动认证系统的研究"", 《广播电视信息》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108183910B (en) | 2020-12-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8509115B2 (en) | Multicast control method in Ethernet Passive Optical Network | |
| CN102480399B (en) | Based on multi-service authentication method and the system of IPoE | |
| US8108454B2 (en) | Address assignment in Fibre Channel over Ethernet environments | |
| KR101063080B1 (en) | How to provide Ethernet DSL access multiplexer and dynamic service selection and end-user configuration | |
| US8306025B2 (en) | Method for implementing subscriber port positioning by broadband access equipments | |
| US9755749B2 (en) | ONU, communication system and communication method for ONU | |
| CN101374045B (en) | Method for implementing user port orientation on GPON access equipment | |
| US20140348505A1 (en) | Data over cable service interface specification (docsis) over passive optical network (pon) | |
| EP1748603B2 (en) | A transmission method for message in layer 2 and an access device | |
| CN101459591B (en) | Method for implementing user interface positioning on passive optical network access equipment | |
| KR20050038069A (en) | Vlan aware shared lan emulation method and device with manageable llid in epon | |
| CN103039038A (en) | Method and system for efficient use of a telecommunication network and the connection between the telecommunications network and a customer premises equipment | |
| CN103220276B (en) | A kind of method of network insertion, gateway and system | |
| CN104219122A (en) | Detection method for quickly positioning far-end ONU (optical network unit) loop ports by OLT (optical line terminal) local sides | |
| CN102098278B (en) | Subscriber access method and system as well as access server and device | |
| AU2004237260B2 (en) | A transferring method of subscriber location information in a network communication system | |
| JP2011078135A (en) | Data stream filtering apparatus and method | |
| CN103069750A (en) | Method and system for efficient use of a telecommunications network and the connection between the telecommunications network and a customer premises equipment | |
| CN101141411B (en) | Method for implementing user port location in passive optical network access equipment | |
| CN102487396B (en) | User position determining method and system | |
| KR100915155B1 (en) | Method and Apparatus for Registering Network Information | |
| CN113014554A (en) | Automatic switching method and system for internet access channel, ONU (optical network unit) equipment and OLT (optical line terminal) equipment | |
| US20060126643A1 (en) | Subscriber loop remote control apparatus, subscriber loop remote control method, and subscriber loop remote control program | |
| US9912649B1 (en) | Systems and methods for facilitating communication between an authentication client and an authentication server | |
| CN102833231B (en) | Dynamic Configuration under EoC Mixed cascading pattern |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240625 Address after: Room 301, Block D, Building 1, No. 459 Jianghong Road, Hangzhou City, Zhejiang Province, 310052 Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd. Country or region after: China Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466 Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd. Country or region before: China |