CN108540588A - MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing - Google Patents

MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing Download PDF

Info

Publication number
CN108540588A
CN108540588A CN201810214769.1A CN201810214769A CN108540588A CN 108540588 A CN108540588 A CN 108540588A CN 201810214769 A CN201810214769 A CN 201810214769A CN 108540588 A CN108540588 A CN 108540588A
Authority
CN
China
Prior art keywords
mac address
security device
network security
address
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810214769.1A
Other languages
Chinese (zh)
Inventor
袁义金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN201810214769.1A priority Critical patent/CN108540588A/en
Publication of CN108540588A publication Critical patent/CN108540588A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/255Maintenance or indexing of mapping tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/255Maintenance or indexing of mapping tables
    • H04L61/2553Binding renewal aspects, e.g. using keep-alive messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/354Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]

Abstract

The embodiment of the invention discloses a kind of MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing, for solving the problems, such as that Network Security Device is difficult to get the physical address of host in time.Present invention method includes:Network Security Device obtains the broadcast packet of destination virtual LAN VLAN by three-layer network switching equipment, and target VLAN is the corresponding VLAN of three-layer network switching equipment;Network Security Device parses broadcast packet to obtain analysis result;Network Security Device analytically obtains the physical address MAC Address of target device in result.

Description

MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing
Technical field
The present invention relates to the communications fields, and in particular to MAC Address acquisition methods and system, Network Security Device and readable Storage medium.
Background technology
Virtual LAN VLAN can cross over multiple terminals and constitute a broadcast domain, can split the network into multiple VLAN, VLAN correspond to a broadcast domain, and the host under identical VLAN can carry out Layer 2 data exchange, under different VLAN Host need by three-layer network switching equipment (such as three-tier switch, router) carry out three layer data exchanges, wherein Two layers and three layers respectively refer to the second layer in OSI open systems interconnection models and third layer.MAC Address is (i.e. physically Location), for defining the position of the network equipment, there are one MAC Address for each host, correspond to OSI Reference Model Second layer data link layer, only two-layer equipment and three-layer network switching equipment can just get the MAC Address of host.
Network Security Device can have many applications, for example the addresses MAC can be used to identify one after getting MAC Address A user surfs the Internet for authentication-exempt, can accomplish system of real name, can also improve user experience;When with short message certification, moreover it is possible to Save short-message fee;Account and MAC Address binding are done for another example, because MAC Address can identify a terminal, it is possible to Achieve the effect that dual factors verify so that an account can only log in specific several terminals, to improve account certification Safety.But since Network Security Device is generally deployed in three layers or more, the MAC of host can not be directly obtained Address.
To solve the above-mentioned problems, in the prior art, three-tier switch can carry out physics using the broadcast packet got The study mechanism of address safeguards address mapping table ARP table, and the correspondence of IP address and MAC Address is included in ARP table.Net Network safety equipment every one section of duration by using the address mapping table ARP table on snmp protocol active obtaining three-tier switch, To obtain the physical address of host.
When the user connect under three-tier switch is more, being likely to appear in the short time has a large amount of physical address to become Change and generate, the learning time that three-tier switch carries out physical address is longer;Meanwhile a large amount of address can be recorded in ARP table and is corresponded to Relationship, Network Security Device are required to that a large amount of durations is expended to obtain ARP table, the original of these two aspects by snmp protocol every time Because causing Network Security Device to be difficult to get the physical address of host in time, MAC of the Network Security Device to host is constrained The application of address.
Invention content
A kind of MAC Address acquisition methods and system of present invention offer, Network Security Device and readable storage medium storing program for executing, are used for Solve the problems, such as that Network Security Device is difficult to get the physical address of host in time.
The one side of the embodiment of the present invention provides a kind of MAC Address acquisition methods, including:
Network Security Device obtains the broadcast packet of destination virtual LAN VLAN by three-layer network switching equipment, described Target VLAN is the corresponding VLAN of the three-layer network switching equipment;
The Network Security Device is parsed to obtain analysis result to the broadcast packet;
The Network Security Device obtains the physical address MAC Address of target device from the analysis result.
Optionally, the target device is the client of the target VLAN.
Optionally, the Network Security Device parses after obtaining analysis result the broadcast packet, the method Further include:
The Network Security Device obtains the Internet protocol IP address of the target device from the analysis result;
The Network Security Device carries out the address table to prestore using the MAC Address and IP address of the target device Update, the address table to prestore are used to record the addresses MAC of client and the corresponding of IP address in the target VLAN and close System.
Optionally, the target device is the server of the target VLAN.
Optionally, if the broadcast packet for Simple Network Management Protocol DHCP provide packet and DHCP confirm it is arbitrary in packet One kind, in the Network Security Device after the MAC Address for obtaining target device in the analysis result, the method is also Including:
The Network Security Device judge the target device MAC Address whether be legal DHCP servers MAC Address;
If it is not, then the Network Security Device judges that the MAC Address of the target device corresponds to the private DHCP service connect Device.
Optionally, before Network Security Device obtains the broadcast packet of target VLAN by three-layer network switching equipment, institute The method of stating further includes:
The Network Security Device constructs Address Resolution Protocol ARP request bag, with the IP of the gateway of request target VLAN The IP address of location or the equipment outside the target VLAN;
The ARP request packet is broadcasted to the target VLAN;
If the broadcast packet, which is the corresponding ARP of the ARP request packet, returns packet, in the Network Security Device from the solution After analysing the MAC Address for obtaining target device in result, the method further includes:
The network equipment judge the target device MAC Address whether be legal gateway MAC Address;
If it is not, then the Network Security Device judges that the MAC Address of the target device corresponds to illegal gateway.
The second aspect of the embodiment of the present invention provides a kind of Network Security Device, including:
Broadcast packet acquisition module, the broadcast for obtaining destination virtual LAN VLAN by three-layer network switching equipment Packet, the target VLAN are the corresponding VLAN of the three-layer network switching equipment;
Parsing module, for being parsed to obtain analysis result to the broadcast packet;
Address acquisition module, the MAC Address for obtaining target device from the analysis result.
Optionally, Network Security Device further includes:
IP address acquisition module, after being parsed to obtain analysis result to broadcast packet in parsing module, analytically As a result the IP address of target device is obtained in;
Update module, for using target device MAC Address and IP address the address table to prestore is updated, in advance The address table deposited is used to record the correspondence of the MAC Address of client and IP address in target VLAN.
Optionally, Network Security Device further includes:
First judgment module, the MAC Address for obtaining target device in MAC Address acquisition module analytically result Later, judge whether the MAC Address of target device is the MAC Address of legal Dynamic Host Configuration Protocol server, sentence if it is not, then triggering first Cover half block, if so, executing other operations;
First determination module, for judging that the MAC Address of target device corresponds to the private Dynamic Host Configuration Protocol server connect.
Optionally, Network Security Device further includes:
Constructing module, for constructing Address Resolution Protocol ARP request bag, with the IP address of the gateway of request target VLAN Or the IP address of the equipment outside target VLAN;
Broadcast module is used for target VLAN broadcast ARP request packets;
Second judgment module, the broadcast packet for being got when broadcast packet acquisition module are that the ARP of constructing module construction is asked When the corresponding ARP of packet being asked to return packet, after the MAC Address that target device is obtained in MAC Address acquisition module analytically result, Judge whether the MAC Address of target device is the MAC Address of legal gateway, if it is not, the second determination module is then triggered, if so, Execute other operations;
Second determination module, for judging that the MAC Address of target device is not legal gateway when the second judgment module When MAC Address, judge that the MAC Address of target device corresponds to illegal gateway.
The third aspect of the embodiment of the present invention provides a kind of Network Security Device, including processor, and the processor is used The step of any one method that first aspect provides is realized when executing the computer program stored in memory.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, is stored thereon with computer The step of program, any one method that realization first aspect provides when the computer program is executed by processor.
5th aspect of the embodiment of the present invention provides a kind of MAC Address acquisition system, including three-layer network switching equipment Any one Network Security Device provided with second aspect;
The three-layer network switching equipment is used to obtain the broadcast packet of target VLAN;
The Network Security Device carries out data connection with the three-layer network switching equipment, for passing through described three layers The network switching equipment obtains the broadcast packet.
Optionally, it is carried out by Trunk mouthfuls between the Network Security Device and the three-layer network switching equipment straight Even.
Optionally, it includes multiple three-layer network switching equipment that the MAC Address, which obtains system,;
It further includes multiple broadcast packet agent equipments that the MAC Address, which obtains system, the broadcast packet agent equipment with it is described Three-layer network switching equipment is direct-connected, the broadcast packet received for obtaining the three-layer network switching equipment, and by the broadcast Packet passes through routing forwarding to the Network Security Device.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:
In the embodiment of the present invention, Network Security Device can obtain destination virtual local by three-layer network switching equipment The broadcast packet of VLAN is netted, target VLAN is the corresponding VLAN of three-layer network switching equipment, later can be according to the agreement of broadcast packet Type parses broadcast packet to obtain analysis result, and broadcast packet is Layer 2 data, usually carries the MAC Address of host, because Compared to the prior art this MAC Address that target device (host) can be analytically obtained in result needs not move through three layers of friendship The physical address learning process and use snmp protocol changed planes can be directly obtained target to the acquisition process of ARP table The physical address of host in VLAN, thus the real-time that Network Security Device obtains the physical address of host is improved, be conducive to Application of the Network Security Device to the MAC Address of host.
Description of the drawings
Fig. 1 is MAC Address acquisition methods one embodiment schematic diagram of the present invention;
Fig. 2 is another embodiment schematic diagram of MAC Address acquisition methods of the present invention;
Fig. 3 is the basic process schematic diagram of DHCP protocol of the present invention;
Fig. 4 is another embodiment schematic diagram of MAC Address acquisition methods of the present invention;
Fig. 5 is another embodiment schematic diagram of MAC Address acquisition methods of the present invention;
Fig. 6 is inventive network safety equipment one embodiment schematic diagram;
Fig. 7 is another embodiment schematic diagram of inventive network safety equipment;
Fig. 8 is another embodiment schematic diagram of inventive network safety equipment;
Fig. 9 is another embodiment schematic diagram of inventive network safety equipment;
Figure 10 is one hardware embodiment schematic diagram of inventive network safety equipment;
Figure 11 is that MAC Address of the present invention obtains system one embodiment schematic diagram;
Figure 12 is another embodiment schematic diagram of MAC Address acquisition system of the present invention.
Specific implementation mode
An embodiment of the present invention provides a kind of MAC Address acquisition methods and system, Network Security Device and readable storage mediums Matter, the real-time for obtaining the physical address of host for improving Network Security Device, is conducive to Network Security Device to host The application of MAC Address.
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only It is the embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, the common skill in this field The every other embodiment that art personnel are obtained without making creative work, should all belong to protection of the present invention Range.
Term " first ", " second ", " third " in description and claims of this specification and above-mentioned attached drawing, " The (if present)s such as four " are for distinguishing similar object, without being used to describe specific sequence or precedence.It should Understand that the data used in this way can be interchanged in the appropriate case, so that the embodiments described herein can be in addition to herein Sequence other than diagram or the content of description is implemented.In addition, term " comprising " and " having " and their any deformation, meaning Figure be to cover it is non-exclusive include, for example, containing the process of series of steps or unit, method, system, product or setting It is standby those of to be not necessarily limited to clearly to list step or unit, but may include not listing clearly or for these mistakes The intrinsic other steps of journey, method, product or equipment or unit.
The embodiment of the present invention provides a kind of MAC Address acquisition methods, referring to Fig. 1, MAC Address in the embodiment of the present invention Acquisition methods one embodiment includes:
101, the broadcast packet of target VLAN is obtained by three-layer network switching equipment;
In destination virtual LAN VLAN, the three-layer network switching equipment of target VLAN can obtain in target VLAN All broadcast packets, in embodiments of the present invention, what Network Security Device can be direct or indirect be exchanged by the three-layer network Equipment obtains the broadcast packet in target VLAN.
102, broadcast packet is parsed to obtain analysis result;
It, can be according to the agreement of the broadcast packet got after Network Security Device gets the broadcast packet of target VLAN Type parses broadcast packet, obtains analysis result.
103, the MAC Address of target device is analytically obtained in result.
Broadcast packet is Layer 2 data, usually carries the MAC Address of host, after Network Security Device is to broadcast Packet analyzing, The host is referred to as by the MAC Address (i.e. physical address) that host can be analytically obtained in result in embodiments of the present invention Target device.
In the embodiment of the present invention, Network Security Device obtains the physical address of target device by obtaining broadcast packet, and The prior art is compared, and the physical address learning process of three-tier switch and the acquisition using snmp protocol to ARP table are needed not move through Process, can be directly obtained the physical address of host in target VLAN, thus improves Network Security Device and obtain host Physical address real-time, be conducive to application of the Network Security Device to the MAC Address of host.
The corresponding embodiments of Fig. 1 can be used in different application scenarios, in different application scenarios, target device It is different, after classifying to common application scenarios, can target device be divided into two major classes accordingly, i.e. target is set Standby can be the client or service provider in LAN, separately below to suitable for the present invention side under both of these case Method embodiment is specifically described.
(1) target device is the client of target VLAN
MAC Address is to identify a good mode of host in network level, after getting MAC Address, can have and much answer With, for example using MAC Address one user of mark, surf the Internet for authentication-exempt, can accomplish system of real name, user can also be improved Experience.Account and MAC Address binding are done for another example, because MAC can identify a host, it is possible to reach dual factors school The effect tested, an account can only log in specific several terminals, to improve the safety of account certification.It is above-mentioned to answer Basis is that the physical address of host and the correspondence of IP address of Network Security Device record are complete, accurate , when also just needing to increase host newly in a network, the physical address for getting newly-increased host in time is corresponding with its IP address Relationship, when the IP address of host changes, the corresponding IP address of physical address for the host that timely updates, that is to say, that Need Network Security Device can quick obtaining to the physical address of host and the correspondence of its IP address.It is provided below one Kind solution, referring to Fig. 2, another embodiment of MAC Address acquisition methods includes in the embodiment of the present invention:
201, the broadcast packet of target VLAN is obtained by three-layer network switching equipment;
202, broadcast packet is parsed to obtain analysis result;
Step 201 in step 202 respectively embodiment corresponding with Fig. 1 step 101 and step 102 it is identical, herein not It repeats again.
203, the MAC Address of client is analytically obtained in result;
204, the IP address of client is analytically obtained in result;
Common broadcast packet includes Simple Network Management Protocol DHCP packets and Address Resolution Protocol ARP packet, wherein DHCP Agreement is used to distribute internet protocol address automatically to the client in LAN, and ARP agreements are that client is obtained by gateway Take a TCP/IP agreement of the corresponding purpose physical address of purpose IP address.Therefore, visitor is carried in DHCP packets and ARP packets The MAC Address and IP address at family end after Network Security Device gets DHCP packets or ARP packets, can be obtained analytically in result To the MAC Address and IP address of client.
(1) if the broadcast packet got is DHCP packets, the client carried in DHCP packets is analytically obtained in result IP address and MAC Address:
The basic process of DHCP protocol is as shown in figure 3, in the whole process, can be sequentially generated DHCP and find packet (DHCP Discover messages), DHCP provide packet (DHCP Offer messages), DHCP request bags (DHCP Request messages) and DHCP confirms packet (DHCPACK messages), and the DHCP packets of these four types are entirely broadcast packet, therefore can be by three-layer network Switching equipment is got, and then can be got by Network Security Device.In the DHCP packets of above-mentioned four type, DHCP is true Recognize packet is used to notify client can use the broadcast packet of the IP address for what Dynamic Host Configuration Protocol server was sent out, later dhcp client It usually can be by the IP address and its network card binding, it is seen then that confirm that the IP address that client is obtained in packet is more accurate from DHCP Really.Therefore, after Network Security Device parses broadcast packet, however, it is determined that the broadcast packet is that DHCP confirms that packet, network security are set IP address standby then that client is analytically obtained in result.
Due to when getting DHCP packets, showing that client is that IP address therefore, can not by analyzing DHCP packets With before client gets IP address, Network Security Device can get the IP address of the client and pair of MAC Address It should be related to, real-time is more preferable.
(2) if the broadcast packet got be ARP packets, analytically in result obtain ARP packets the party awarding the contract IP address with MAC Address:
The interactive process of ARP protocol is that client sends an ARP request packet first, and ARP request packet is broadcast packet, is used To inquire the MAC Address of network opposite end to be visited, then network opposite end can be directed to the ARP request packet and send an ARP times Packet, feeds back to the client by its MAC Address.Client can access network pair according to the MAC Address got later End.It is not broadcast packet since ARP returns packet, in embodiments of the present invention, if the broadcast packet that Network Security Device is got For ARP packets, then the ARP packets are ARP request packet, the party awarding the contract is the client of target VLAN, then the hair of the ARP request packet The MAC Address and IP address of Bao Fang is the MAC Address and IP address for the client for needing to obtain in the embodiment of the present invention.
205, the address table to prestore is updated using the MAC Address of client and IP address.
Network Security Device is stored with to close for recording the MAC Address of client and the corresponding of IP address in target VLAN The address table of system after Network Security Device gets MAC Address and the IP address of client, can utilize the MAC of client Address and IP address are updated the address table to prestore, for example, the MAC Address of client is searched in address table, if looking into not It arrives, shows that the client is the newly-increased client in target VLAN, the MAC Address of the client and IP address can be written In address table;If finding, compares the MAC Address corresponding IP address of the client recorded in address table and get Whether IP address is identical, if differing, can replace corresponding IP address in address table with the IP address got.
In the embodiment of the present invention, Network Security Device is by obtaining broadcast packet, visitor that can be in quick obtaining target VLAN The IP address and MAC Address at family end can get the object of newly-increased client in time when increasing client newly in target VLAN The correspondence of address and its IP address is managed, when the IP address of client changes, can timely update the client The corresponding IP address of physical address, to advantageously ensure that the client recorded in Network Security Device physical address and The correspondence of IP address is complete, accurate, is conducive to preferably realize the applications such as authentication-exempt online.
(2) target device is the server of target VLAN
There is illegal service provider, or referred to as illegal server, illegal server in LAN sometimes The order or even menace network safety of LAN can be upset, therefore quickly finds and position illegal server, for safeguarding Network security and order are of great significance.Common illegal server includes the Dynamic Host Configuration Protocol server and illegal gateway that private connects, Two kinds of solutions are provided below, are respectively used to find the private Dynamic Host Configuration Protocol server connect and illegal gateway.
(1) it finds and positions the private Dynamic Host Configuration Protocol server connect
Referring to Fig. 4, another embodiment of MAC Address acquisition methods includes in the embodiment of the present invention:
401, the broadcast packet of target VLAN is obtained by three-layer network switching equipment;
402, broadcast packet is parsed to obtain analysis result;
Step 401 in step 402 respectively embodiment corresponding with Fig. 1 step 101 and step 102 it is identical, herein not It repeats again.
If 403, broadcast packet provides packet for DHCP or DHCP confirms packet, the corresponding Dynamic Host Configuration Protocol server of broadcast packet is obtained MAC Address;
After Network Security Device parses broadcast packet, if broadcast packet provides packet for DHCP or DHCP confirms packet, net Network safety equipment can analytically obtain the MAC Address of the corresponding Dynamic Host Configuration Protocol server of DHCP packets in result, it is possible to understand that It is that the Dynamic Host Configuration Protocol server is the DHCP servers in target VLAN.Specifically, due to Dynamic Host Configuration Protocol server be DHCP provide packet or DHCP confirms the party awarding the contract of packet, therefore, when broadcast packet is that DHCP provides packet or DHCP and confirms that Network Security Device can be with when wrapping Obtain the MAC Address of the party awarding the contract of broadcast packet, the as addresses MAC of the corresponding Dynamic Host Configuration Protocol server of the broadcast packet.
404, judge whether MAC Address is the MAC Address of legal Dynamic Host Configuration Protocol server, if it is not, 405 are thened follow the steps, if It is to then follow the steps 406;
Network Security Device can store or obtain the MAC Address of each legal Dynamic Host Configuration Protocol server in target VLAN, After analytically getting the MAC Address of Dynamic Host Configuration Protocol server in result, it can be determined that the DHCP clothes analytically got in result Whether the MAC Address of business device is the MAC Address of legal Dynamic Host Configuration Protocol server, if it is not, 405 are thened follow the steps, if so, executing Step 406.
405, judgement MAC Address corresponds to the private Dynamic Host Configuration Protocol server connect;
If Network Security Device judges that the MAC Address of the Dynamic Host Configuration Protocol server got in analytically result is not legal The MAC Address of Dynamic Host Configuration Protocol server then can be determined that the MAC Address got in analytically result corresponds to the private DHCP clothes connect Business device, can notify network management personnel to find the MAC Address pair according to the correspondence of the addresses MAC and hardware port later The Dynamic Host Configuration Protocol server that the private answered connects.
406, other operations are executed.
If Network Security Device judges that the MAC Address of the Dynamic Host Configuration Protocol server got in analytically result is legal The MAC Address of Dynamic Host Configuration Protocol server, then Network Security Device can execute other operations, such as the MAC of judgement Dynamic Host Configuration Protocol server Location corresponds to legal Dynamic Host Configuration Protocol server.
(2) it finds and positions illegal gateway
The common methods of ARP attacks are that attacker forges gateway, and the MAC Address of mistake is returned using the illegal gateway of forgery To client, it is held as a hostage so as to cause the data of client.In order to quickly find and position illegal gateway, one kind is provided below MAC Address acquisition methods, referring to Fig. 5, another embodiment of MAC Address acquisition methods includes in the embodiment of the present invention:
501, ARP request packet is constructed;
Network Security Device can construct ARP request packet according to the unique encodings ID of target VLAN, with request target VLAN In gateway IP address or the equipment outside target VLAN IP address.In order to receive the ARP of the gateway in target VLAN Packet is returned, the IP address of the ARP request packet request of construction should correspond to the gateway in target VLAN, or correspond to target The equipment in other VLAN other than VLAN, in this way, the gateway in target VLAN is after receiving ARP request packet, Ke Yifa ARP corresponding with ARP request packet is sent to return packet.
502, to target VLAN broadcast ARP request packets;
After Network Security Device constructs ARP request packet, the ARP request packet can be broadcasted to target VLAN.
503, the broadcast packet of destination virtual LAN VLAN is obtained by three-layer network switching equipment;
504, broadcast packet is parsed to obtain analysis result;
Step 503 in step 504 respectively embodiment corresponding with Fig. 1 step 101 and step 102 it is identical, herein not It repeats again.
If 505, broadcast packet is that the corresponding ARP of ARP request packet returns packet, the MAC Address that ARP returns the corresponding gateway of packet is obtained;
After broadcast Packet analyzing, if the corresponding ARP of ARP request packet that broadcast packet is construction returns packet, then network security is set It is standby analytically to obtain the MAC Address that the ARP returns packet corresponding gateway in result.Specifically, since gateway is that ARP returns packet The party awarding the contract, therefore, when broadcast packet is that ARP returns packet, Network Security Device can obtain the MAC Address of the party awarding the contract of broadcast packet, The as MAC Address of the corresponding gateway of the broadcast packet.
506, judge MAC Address whether be legal gateway MAC Address;
Network Security Device can store or obtain the MAC Address of each legal gateway in target VLAN, analytically As a result after getting the MAC Address of gateway in, it can be determined that the addresses MAC got whether be legal gateway MAC Location, if it is not, 507 are thened follow the steps, if so, thening follow the steps 508.
507, judgement MAC Address corresponds to illegal gateway;
If Network Security Device judges that the MAC Address of the gateway got in analytically result is not the MAC of legal gateway It is illegal then to can be determined that the MAC Address got in analytically result corresponds to, can notify network management people later for address Member finds the corresponding illegal gateway of the MAC Address according to MAC Address and the correspondence of hardware port.
508, other operations are executed.
If so, Network Security Device can execute other operations, for example judge the MAC Address of gateway corresponding to legal Gateway.
In order to find illegal gateway, ARP request packet can be constructed in each VLAN, and packet is returned according to the ARP of gateway feedback The MAC Address that gateway can be obtained, by carrying out pair the MAC Address of legal gateway in the MAC Address got and the Vlan Than that can find in time and position illegal gateway.
The MAC Address acquisition methods in the embodiment of the present invention are described above, below in the embodiment of the present invention Network Security Device be described.
Referring to Fig. 6, one embodiment of Network Security Device includes in the embodiment of the present invention:
Broadcast packet acquisition module 601, for obtaining the wide of destination virtual LAN VLAN by three-layer network switching equipment Packet is broadcast, target VLAN is the corresponding VLAN of three-layer network switching equipment;
Parsing module 602 obtains analysis result for being parsed to broadcast packet;
MAC Address acquisition module 603, the MAC Address for obtaining target device in analytically result.
In the embodiment of the present invention, the broadcast packet acquisition module 601 of Network Security Device is obtained by three-layer network switching equipment The broadcast packet of destination virtual LAN VLAN, parsing module 602 is taken to parse broadcast packet, later address acquisition module 603 Compared to the prior art the MAC Address that target device is analytically obtained in result needs not move through three-tier switch physically Location learning process and use snmp protocol can be directly obtained the object of host in target VLAN to the acquisition process of ARP table Address is managed, thus improves the real-time that Network Security Device obtains the physical address of host, is conducive to Network Security Device pair The application of the MAC Address of host.
Optionally, in some embodiments of the invention, target device is the client of target VLAN, referring to Fig. 7, Network Security Device can further include:
IP address acquisition module 604, after being parsed to obtain analysis result to broadcast packet in parsing module 602, The IP address of target device is analytically obtained in result;
Update module 605, for using target device MAC Address and IP address the address table to prestore is updated, The address table to prestore is used to record the correspondence of the MAC Address of client and the addresses IP in target VLAN.
Optionally, in some embodiments of the invention, target device is the Dynamic Host Configuration Protocol server of target VLAN, if broadcast Packet provides any one in packet and DHCP confirmation packets for DHCP, referring to Fig. 8, Network Security Device can also be wrapped further It includes:
First judgment module 606, for obtaining target device in MAC Address acquisition module 603 analytically result After MAC Address, judge whether the MAC Address of target device is the MAC Address of legal Dynamic Host Configuration Protocol server, if it is not, then triggering First determination module 607, if so, executing other operations;
First determination module 607, for judging that the MAC Address of target device corresponds to the private DHCP servers connect.
Optionally, in some embodiments of the invention, target device is the gateway of target VLAN, referring to Fig. 9, net Network safety equipment can further include:
Constructing module 608, for constructing Address Resolution Protocol ARP request bag, with the IP of the gateway of request target VLAN The IP address of location or the equipment outside target VLAN;
Broadcast module 609 is used for target VLAN broadcast ARP request packets;
Second judgment module 610, the broadcast packet for being got when broadcast packet acquisition module 601 are 608 structure of constructing module When the corresponding ARP of ARP request packet made returns packet, target device is obtained in MAC Address acquisition module 603 analytically result After MAC Address, judge whether the MAC Address of target device is the MAC Address of legal gateway, if it is not, then triggering the second judgement Module 611, if so, executing other operations;
Second determination module 611, for judging that the MAC Address of target device is not legal net when the second judgment module 610 When the MAC Address of pass, judge that the MAC Address of target device corresponds to illegal gateway.
The Network Security Device in the embodiment of the present invention is described from the angle of modular functionality entity above, The Network Security Device in the embodiment of the present invention is described from the angle of hardware handles below:
The embodiment of the present invention additionally provides a kind of Network Security Device 10, as shown in Figure 10, for convenience of description, only shows Go out and do not disclosed with the relevant part of the embodiment of the present invention, particular technique details, has please referred to present invention method portion Point.
With reference to figure 10, Network Security Device 10 includes at least processor 1001, memory 1002 and is stored in memory In and the computer program that can run on a processor.Processor realizes that above-mentioned each MAC Address obtains when executing computer program Take the step in embodiment of the method, such as step 101 shown in FIG. 1 is to 103.Alternatively, reality when processor executes computer program Each module or the function of unit in existing above-mentioned each device embodiment.In actual use, Network Security Device 10 can be fire prevention Wall or IDS (intruding detection system) or IPS (intrusion prevention system) or access controller etc..
Illustratively, computer program can be divided into one or more module/units, and one or more module/ Unit is stored in the memory, and is executed by the processor, to complete the present invention.One or more of modules/ Unit can be the series of computation machine program instruction section that can complete specific function, and the instruction segment is for describing the calculating Implementation procedure of the machine program in the Network Security Device.
It will be understood by those skilled in the art that structure shown in Figure 10 does not constitute the limit to Network Security Device 10 It is fixed, may include either combining certain components or different components arrangement, such as institute than illustrating more or fewer components It can also includes wired or radio network interface, bus etc. to state Network Security Device.
Alleged processor can be central processing unit (Central Processing Unit, CPU), can also be it His general processor, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable GateArray, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor Deng the processor is the control centre of the Network Security Device, utilizes various interfaces and connection whole network safety The various pieces of equipment.
The memory can be used for storing the computer program and/or module, and the processor is by running or executing Computer program in the memory and/or module are stored, and calls the data being stored in memory, realizes institute State the various functions of Network Security Device.The memory can include mainly storing program area and storage data field, wherein deposit Store up program area can storage program area, (for example sound-playing function, image play the application program needed at least one function Function etc.) etc.;Storage data field can be stored uses created data (such as audio data, phone directory etc.) according to mobile phone Deng.Can also include nonvolatile memory in addition, memory may include high-speed random access memory, such as hard disk, Memory, plug-in type hard disk, intelligent memory card (SmartMedia Card, SMC), secure digital (Secure Digital, SD) Card, flash card (Flash Card), at least one disk memory, flush memory device or other volatile solid-states Part.
If the integrated module/unit of the Network Security Device is realized in the form of SFU software functional unit and as only Vertical product is sold or in use, can be stored in a computer read/write memory medium.Based on this understanding, originally All or part of flow in above-described embodiment method is realized in invention, can also be instructed by computer program relevant hard Part is completed, and the computer program can be stored in a computer readable storage medium, which is being handled When device executes, it can be achieved that the step of above-mentioned each embodiment of the method.Wherein, the computer program includes computer program generation Code, the computer program code can be source code form, object identification code form, executable file or certain intermediate forms Deng.The computer-readable medium may include:Any entity or device, note of the computer program code can be carried Recording medium, USB flash disk, mobile hard disk, magnetic disc, CD, computer storage, read-only memory (ROM, Read-Only Memory), Random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium Deng.It should be noted that the content that the computer-readable medium includes can be real according to legislation in jurisdiction and patent The requirement trampled carries out increase and decrease appropriate, such as in certain jurisdictions, according to legislation and patent practice, computer-readable Jie Matter does not include electric carrier signal and telecommunication signal.
The method and device embodiment of the present invention is described above, is to what above-described embodiment was based below System proposes several possible realization methods, so that Network Security Device can obtain target by three-layer network switching equipment The broadcast packet of VLAN, and then utilize the addresses MAC of broadcast packet acquisition target device.
One embodiment of MAC Address acquisition system includes in the embodiment of the present invention:
Three-layer network switching equipment and Network Security Device;
Three-layer network switching equipment is used to obtain the broadcast packet of corresponding VLAN, and a three-layer network switching equipment is usual Corresponding to multiple VLAN, the broadcast packet of multiple VLAN can be obtained;
Network Security Device carries out data connection with three-layer network switching equipment, for passing through three-layer network switching equipment Obtain broadcast packet;
Network Security Device is that the corresponding network security of any one embodiment is set in the corresponding embodiments of Fig. 6 to Fig. 9 It is standby.
1 is please referred to Fig.1, if it includes a three-layer network switching equipment 1101 that MAC Address, which obtains system 1100, then Network Security Device 1102 can be deployed near three-layer network switching equipment 1101, with three-layer network switching equipment 1101 into Row is direct-connected, such as the solid line with arrow of overstriking in Figure 11.Although it includes multiple three layers that MAC Address, which obtains system 1100, The network switching equipment 1101, but the distance between all three-layer network switching equipment 1101 are close, Network Security Device 1102 It can be carried out simultaneously with each three-layer network switching equipment 1101 direct-connected.It, can be by three-layer network about direct-connected concrete mode The a port of switching equipment 1101 is configured to Trunk mouthfuls of transparent transmission, Network Security Device 1102 and three-layer network switching equipment It is direct-connected by Trunk mouthfuls of progress between 1101, directly to obtain broadcast packet by three-layer network switching equipment 1101.
If it includes multiple three-layer network switching equipment 1101 that MAC Address, which obtains system 1100, and multiple three-layer networks are handed over The distance between exchange device 1101 farther out, at this point, Network Security Device 1102 can not simultaneously with each three-layer network switching equipment 1101 progress are direct-connected, also can not just get the broadcast packet on all three-layer network switching equipment 1101.In order to solve above-mentioned ask Topic, it further includes multiple broadcast packet agent equipments 1103 that MAC Address, which obtains system 1100, broadcast packet agent equipment 1103 and three layers The network switching equipment direct-connected 1101, the solid line as carried arrow in Figure 12 are received for obtaining three-layer network switching equipment 1101 The broadcast packet arrived, and broadcast packet is forwarded to Network Security Device 1102 by way of routing, as carried arrow in Figure 12 Dotted line.Optionally, Network Security Device 1102 can carry out direct-connected with a three-layer network switching equipment 1101, such as Figure 12 The solid line with arrow of middle overstriking directly acquires the broadcast packet on the three-layer network switching equipment 1101, passes through broadcast packet generation Reason equipment 1103 indirectly obtains the broadcast packet on other three-layer network switching equipment 1101.In actual use, broadcast packet generation Reason equipment 1103 can refer to router, or other network equipments with forwarding capability.
It is apparent to those skilled in the art that for convenience and simplicity of description, foregoing description is System, the specific work process of device and unit can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments, it should be understood that disclosed system, device and method can pass through others Mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of unit, only one Kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component can combine or It is desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed it is mutual it Between coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, device or unit It connects, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separated, and be shown as unit Component may or may not be physical unit, you can be located at a place, or may be distributed over multiple nets On network unit.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme 's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
More than, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to aforementioned Invention is explained in detail for embodiment, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned Technical solution recorded in each embodiment is modified or equivalent replacement of some of the technical features;And these are repaiied Change or replaces, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution.

Claims (12)

1. a kind of MAC Address acquisition methods, which is characterized in that including:
Network Security Device obtains the broadcast packet of destination virtual LAN VLAN, the target by three-layer network switching equipment VLAN is the corresponding VLAN of the three-layer network switching equipment;
The Network Security Device is parsed to obtain analysis result to the broadcast packet;
The Network Security Device obtains the physical address MAC Address of target device from the analysis result.
2. MAC Address acquisition methods according to claim 1, which is characterized in that the target device is the target The client of VLAN.
3. MAC Address acquisition methods according to claim 2, which is characterized in that the Network Security Device is to described wide It broadcasts packet to be parsed after obtaining analysis result, the method further includes:
The Network Security Device obtains the internet protocol address of the target device from the analysis result;
The Network Security Device is updated the address table to prestore using the MAC Address and IP address of the target device, The address table to prestore is for recording the MAC Address of client and the correspondence of IP address in the target VLAN.
4. MAC Address acquisition methods according to claim 1, which is characterized in that the target device is the target The server of VLAN.
5. MAC Address acquisition methods according to claim 4, which is characterized in that if the broadcast packet is simple network pipe It manages protocol DHCP and packet and any one in DHCP confirmation packets is provided, obtained from the analysis result in the Network Security Device After taking the MAC Address of target device, the method further includes:
The Network Security Device judge the target device MAC Address whether be legal Dynamic Host Configuration Protocol server MAC Address;
If it is not, then the Network Security Device judges that the MAC Address of the target device corresponds to the private Dynamic Host Configuration Protocol server connect.
6. MAC Address acquisition methods according to claim 4, which is characterized in that pass through three-layer network in Network Security Device Before network switching equipment obtains the broadcast packet of target VLAN, the method further includes:
The Network Security Device constructs Address Resolution Protocol ARP request bag, with the IP address of the gateway of request target VLAN or The IP address of equipment outside target VLAN described in person;
The ARP request packet is broadcasted to the target VLAN;
If the broadcast packet, which is the corresponding ARP of the ARP request packet, returns packet, in the Network Security Device from the analysis result After the middle MAC Address for obtaining target device, the method further includes:
The network equipment judge the target device MAC Address whether be legal gateway MAC Address;
If it is not, then the Network Security Device judges that the MAC Address of the target device corresponds to illegal gateway.
7. a kind of Network Security Device, which is characterized in that including:
Broadcast packet acquisition module, the broadcast packet for obtaining destination virtual LAN VLAN by three-layer network switching equipment, institute It is the corresponding VLAN of the three-layer network switching equipment to state target VLAN;
Parsing module, for being parsed to obtain analysis result to the broadcast packet;
Address acquisition module, the MAC Address for obtaining target device from the analysis result.
8. a kind of Network Security Device, including processor, the processor is for executing the computer program stored in memory The step of any one of Shi Shixian such as claim 1-6 the methods.
9. a kind of computer readable storage medium, is stored thereon with computer program, it is characterised in that:The computer program quilt It is realized when processor executes such as the step of any one of claim 1-6 the method.
10. a kind of MAC Address obtains system, which is characterized in that including three-layer network switching equipment and net according to any one of claims 8 Network safety equipment;
The three-layer network switching equipment is used to obtain the broadcast packet of target VLAN;
The Network Security Device carries out data connection with the three-layer network switching equipment, is handed over for passing through the three-layer network Exchange device obtains the broadcast packet.
11. MAC Address according to claim 10 obtains system, which is characterized in that the Network Security Device with it is described It is direct-connected by Trunk mouthfuls of progress between three-layer network switching equipment.
12. MAC Address according to claim 10 obtains system, which is characterized in that the MAC Address obtains system and includes Multiple three-layer network switching equipment;
It further includes multiple broadcast packet agent equipments that the MAC Address, which obtains system, the broadcast packet agent equipment with described three layers The network switching equipment is direct-connected, the broadcast packet received for obtaining the three-layer network switching equipment, and the broadcast packet is led to It crosses routing and is forwarded to the Network Security Device.
CN201810214769.1A 2018-03-15 2018-03-15 MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing Pending CN108540588A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810214769.1A CN108540588A (en) 2018-03-15 2018-03-15 MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810214769.1A CN108540588A (en) 2018-03-15 2018-03-15 MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing

Publications (1)

Publication Number Publication Date
CN108540588A true CN108540588A (en) 2018-09-14

Family

ID=63484015

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810214769.1A Pending CN108540588A (en) 2018-03-15 2018-03-15 MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing

Country Status (1)

Country Link
CN (1) CN108540588A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111683068A (en) * 2020-05-27 2020-09-18 深信服科技股份有限公司 Method for positioning lost host, protection device, network security equipment and medium
CN112532524A (en) * 2020-11-24 2021-03-19 锐捷网络股份有限公司 Message processing method and device
CN115277190A (en) * 2022-07-27 2022-11-01 北京国领科技有限公司 Method for realizing neighbor discovery on network by link layer transparent encryption system
CN115297090A (en) * 2022-08-03 2022-11-04 明阳产业技术研究院(沈阳)有限公司 Address allocation method, device, equipment and medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030016624A1 (en) * 1998-05-04 2003-01-23 Bare Ballard C. Path recovery on failure in load balancing switch protocols
CN1411210A (en) * 2002-03-08 2003-04-16 华为技术有限公司 Method of acting address analytic protocol Ethernet Switch in application
CN1866899A (en) * 2005-12-30 2006-11-22 华为技术有限公司 Aggregation system and method based on virtual LAN stack
CN101383835A (en) * 2008-10-21 2009-03-11 杭州华三通信技术有限公司 Method and device for implementing server safe isolation
CN101674306A (en) * 2009-09-03 2010-03-17 中兴通讯股份有限公司 Address resolution protocol message processing method and switch
CN101808107A (en) * 2009-02-17 2010-08-18 华为技术有限公司 Storage device and user communication method, device and system
CN103763407A (en) * 2014-01-28 2014-04-30 上海斐讯数据通信技术有限公司 Method for achieving address resolution protocol proxy through two-layer virtual local area network and local area network system
CN106231002A (en) * 2016-07-22 2016-12-14 杭州华三通信技术有限公司 A kind of method and device safeguarding ARP table
CN107241461A (en) * 2017-07-14 2017-10-10 迈普通信技术股份有限公司 MAC Address acquisition methods, gateway device, network authentication apparatus and network system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030016624A1 (en) * 1998-05-04 2003-01-23 Bare Ballard C. Path recovery on failure in load balancing switch protocols
CN1411210A (en) * 2002-03-08 2003-04-16 华为技术有限公司 Method of acting address analytic protocol Ethernet Switch in application
CN1866899A (en) * 2005-12-30 2006-11-22 华为技术有限公司 Aggregation system and method based on virtual LAN stack
CN101383835A (en) * 2008-10-21 2009-03-11 杭州华三通信技术有限公司 Method and device for implementing server safe isolation
CN101808107A (en) * 2009-02-17 2010-08-18 华为技术有限公司 Storage device and user communication method, device and system
CN101674306A (en) * 2009-09-03 2010-03-17 中兴通讯股份有限公司 Address resolution protocol message processing method and switch
CN103763407A (en) * 2014-01-28 2014-04-30 上海斐讯数据通信技术有限公司 Method for achieving address resolution protocol proxy through two-layer virtual local area network and local area network system
CN106231002A (en) * 2016-07-22 2016-12-14 杭州华三通信技术有限公司 A kind of method and device safeguarding ARP table
CN107241461A (en) * 2017-07-14 2017-10-10 迈普通信技术股份有限公司 MAC Address acquisition methods, gateway device, network authentication apparatus and network system

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111683068A (en) * 2020-05-27 2020-09-18 深信服科技股份有限公司 Method for positioning lost host, protection device, network security equipment and medium
CN112532524A (en) * 2020-11-24 2021-03-19 锐捷网络股份有限公司 Message processing method and device
CN115277190A (en) * 2022-07-27 2022-11-01 北京国领科技有限公司 Method for realizing neighbor discovery on network by link layer transparent encryption system
CN115277190B (en) * 2022-07-27 2023-08-15 北京国领科技有限公司 Method for realizing neighbor discovery on network by link layer transparent encryption system
CN115297090A (en) * 2022-08-03 2022-11-04 明阳产业技术研究院(沈阳)有限公司 Address allocation method, device, equipment and medium
CN115297090B (en) * 2022-08-03 2024-03-15 明阳产业技术研究院(沈阳)有限公司 Address allocation method, device, equipment and medium

Similar Documents

Publication Publication Date Title
CN100505749C (en) Router and SIP server
CN108540588A (en) MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing
CN107332812B (en) Method and device for realizing network access control
CN103905283B (en) Communication means and device based on expansible VLAN
CN104780066B (en) Determined for the physical pathway of virtual network stream of packets
CN102334111B (en) Providing logical networking functionality for managed computer networks
CN101047618B (en) Method and system for acquiring network route information
CN108616490A (en) A kind of method for network access control, apparatus and system
CN107493280A (en) Method, intelligent gateway and the certificate server of user authentication
CN106126402B (en) The processing method and processing device of accelerator exception
CN103067215B (en) Realize method, application server, network data base and the system of heartbeat mechanism
CN103650424A (en) Implementation method and server of home gateway service function
CN108322417A (en) Processing method, device and system and the safety equipment of network attack
CN112272145B (en) Message processing method, device, equipment and machine readable storage medium
CN107404470A (en) Connection control method and device
US8072978B2 (en) Method for facilitating application server functionality and access node comprising same
CN107294797A (en) Network topology structure recognition methods and system
CN110493366A (en) The method and device of network management is added in a kind of access point
CN107438068A (en) A kind of method and device of preventing ARP aggression
Bruno et al. CCDA 640-864: official Cert guide
CN101834864A (en) Method and device for preventing attack in three-layer virtual private network
CN107769939A (en) Network element management method, webmaster, Gateway Network Element and system in data communication network
CN104253798A (en) Network security monitoring method and system
CN107005430A (en) A kind of communication means based on data link layer, equipment and system
CN106533884B (en) A kind of message transmitting method, convergence device, interchanger and VRRP system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180914