CN108540588A - MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing - Google Patents
MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN108540588A CN108540588A CN201810214769.1A CN201810214769A CN108540588A CN 108540588 A CN108540588 A CN 108540588A CN 201810214769 A CN201810214769 A CN 201810214769A CN 108540588 A CN108540588 A CN 108540588A
- Authority
- CN
- China
- Prior art keywords
- mac address
- security device
- network security
- address
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/255—Maintenance or indexing of mapping tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/255—Maintenance or indexing of mapping tables
- H04L61/2553—Binding renewal aspects, e.g. using keep-alive messages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/354—Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
Abstract
The embodiment of the invention discloses a kind of MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing, for solving the problems, such as that Network Security Device is difficult to get the physical address of host in time.Present invention method includes:Network Security Device obtains the broadcast packet of destination virtual LAN VLAN by three-layer network switching equipment, and target VLAN is the corresponding VLAN of three-layer network switching equipment;Network Security Device parses broadcast packet to obtain analysis result;Network Security Device analytically obtains the physical address MAC Address of target device in result.
Description
Technical field
The present invention relates to the communications fields, and in particular to MAC Address acquisition methods and system, Network Security Device and readable
Storage medium.
Background technology
Virtual LAN VLAN can cross over multiple terminals and constitute a broadcast domain, can split the network into multiple
VLAN, VLAN correspond to a broadcast domain, and the host under identical VLAN can carry out Layer 2 data exchange, under different VLAN
Host need by three-layer network switching equipment (such as three-tier switch, router) carry out three layer data exchanges, wherein
Two layers and three layers respectively refer to the second layer in OSI open systems interconnection models and third layer.MAC Address is (i.e. physically
Location), for defining the position of the network equipment, there are one MAC Address for each host, correspond to OSI Reference Model
Second layer data link layer, only two-layer equipment and three-layer network switching equipment can just get the MAC Address of host.
Network Security Device can have many applications, for example the addresses MAC can be used to identify one after getting MAC Address
A user surfs the Internet for authentication-exempt, can accomplish system of real name, can also improve user experience;When with short message certification, moreover it is possible to
Save short-message fee;Account and MAC Address binding are done for another example, because MAC Address can identify a terminal, it is possible to
Achieve the effect that dual factors verify so that an account can only log in specific several terminals, to improve account certification
Safety.But since Network Security Device is generally deployed in three layers or more, the MAC of host can not be directly obtained
Address.
To solve the above-mentioned problems, in the prior art, three-tier switch can carry out physics using the broadcast packet got
The study mechanism of address safeguards address mapping table ARP table, and the correspondence of IP address and MAC Address is included in ARP table.Net
Network safety equipment every one section of duration by using the address mapping table ARP table on snmp protocol active obtaining three-tier switch,
To obtain the physical address of host.
When the user connect under three-tier switch is more, being likely to appear in the short time has a large amount of physical address to become
Change and generate, the learning time that three-tier switch carries out physical address is longer;Meanwhile a large amount of address can be recorded in ARP table and is corresponded to
Relationship, Network Security Device are required to that a large amount of durations is expended to obtain ARP table, the original of these two aspects by snmp protocol every time
Because causing Network Security Device to be difficult to get the physical address of host in time, MAC of the Network Security Device to host is constrained
The application of address.
Invention content
A kind of MAC Address acquisition methods and system of present invention offer, Network Security Device and readable storage medium storing program for executing, are used for
Solve the problems, such as that Network Security Device is difficult to get the physical address of host in time.
The one side of the embodiment of the present invention provides a kind of MAC Address acquisition methods, including:
Network Security Device obtains the broadcast packet of destination virtual LAN VLAN by three-layer network switching equipment, described
Target VLAN is the corresponding VLAN of the three-layer network switching equipment;
The Network Security Device is parsed to obtain analysis result to the broadcast packet;
The Network Security Device obtains the physical address MAC Address of target device from the analysis result.
Optionally, the target device is the client of the target VLAN.
Optionally, the Network Security Device parses after obtaining analysis result the broadcast packet, the method
Further include:
The Network Security Device obtains the Internet protocol IP address of the target device from the analysis result;
The Network Security Device carries out the address table to prestore using the MAC Address and IP address of the target device
Update, the address table to prestore are used to record the addresses MAC of client and the corresponding of IP address in the target VLAN and close
System.
Optionally, the target device is the server of the target VLAN.
Optionally, if the broadcast packet for Simple Network Management Protocol DHCP provide packet and DHCP confirm it is arbitrary in packet
One kind, in the Network Security Device after the MAC Address for obtaining target device in the analysis result, the method is also
Including:
The Network Security Device judge the target device MAC Address whether be legal DHCP servers MAC
Address;
If it is not, then the Network Security Device judges that the MAC Address of the target device corresponds to the private DHCP service connect
Device.
Optionally, before Network Security Device obtains the broadcast packet of target VLAN by three-layer network switching equipment, institute
The method of stating further includes:
The Network Security Device constructs Address Resolution Protocol ARP request bag, with the IP of the gateway of request target VLAN
The IP address of location or the equipment outside the target VLAN;
The ARP request packet is broadcasted to the target VLAN;
If the broadcast packet, which is the corresponding ARP of the ARP request packet, returns packet, in the Network Security Device from the solution
After analysing the MAC Address for obtaining target device in result, the method further includes:
The network equipment judge the target device MAC Address whether be legal gateway MAC Address;
If it is not, then the Network Security Device judges that the MAC Address of the target device corresponds to illegal gateway.
The second aspect of the embodiment of the present invention provides a kind of Network Security Device, including:
Broadcast packet acquisition module, the broadcast for obtaining destination virtual LAN VLAN by three-layer network switching equipment
Packet, the target VLAN are the corresponding VLAN of the three-layer network switching equipment;
Parsing module, for being parsed to obtain analysis result to the broadcast packet;
Address acquisition module, the MAC Address for obtaining target device from the analysis result.
Optionally, Network Security Device further includes:
IP address acquisition module, after being parsed to obtain analysis result to broadcast packet in parsing module, analytically
As a result the IP address of target device is obtained in;
Update module, for using target device MAC Address and IP address the address table to prestore is updated, in advance
The address table deposited is used to record the correspondence of the MAC Address of client and IP address in target VLAN.
Optionally, Network Security Device further includes:
First judgment module, the MAC Address for obtaining target device in MAC Address acquisition module analytically result
Later, judge whether the MAC Address of target device is the MAC Address of legal Dynamic Host Configuration Protocol server, sentence if it is not, then triggering first
Cover half block, if so, executing other operations;
First determination module, for judging that the MAC Address of target device corresponds to the private Dynamic Host Configuration Protocol server connect.
Optionally, Network Security Device further includes:
Constructing module, for constructing Address Resolution Protocol ARP request bag, with the IP address of the gateway of request target VLAN
Or the IP address of the equipment outside target VLAN;
Broadcast module is used for target VLAN broadcast ARP request packets;
Second judgment module, the broadcast packet for being got when broadcast packet acquisition module are that the ARP of constructing module construction is asked
When the corresponding ARP of packet being asked to return packet, after the MAC Address that target device is obtained in MAC Address acquisition module analytically result,
Judge whether the MAC Address of target device is the MAC Address of legal gateway, if it is not, the second determination module is then triggered, if so,
Execute other operations;
Second determination module, for judging that the MAC Address of target device is not legal gateway when the second judgment module
When MAC Address, judge that the MAC Address of target device corresponds to illegal gateway.
The third aspect of the embodiment of the present invention provides a kind of Network Security Device, including processor, and the processor is used
The step of any one method that first aspect provides is realized when executing the computer program stored in memory.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, is stored thereon with computer
The step of program, any one method that realization first aspect provides when the computer program is executed by processor.
5th aspect of the embodiment of the present invention provides a kind of MAC Address acquisition system, including three-layer network switching equipment
Any one Network Security Device provided with second aspect;
The three-layer network switching equipment is used to obtain the broadcast packet of target VLAN;
The Network Security Device carries out data connection with the three-layer network switching equipment, for passing through described three layers
The network switching equipment obtains the broadcast packet.
Optionally, it is carried out by Trunk mouthfuls between the Network Security Device and the three-layer network switching equipment straight
Even.
Optionally, it includes multiple three-layer network switching equipment that the MAC Address, which obtains system,;
It further includes multiple broadcast packet agent equipments that the MAC Address, which obtains system, the broadcast packet agent equipment with it is described
Three-layer network switching equipment is direct-connected, the broadcast packet received for obtaining the three-layer network switching equipment, and by the broadcast
Packet passes through routing forwarding to the Network Security Device.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:
In the embodiment of the present invention, Network Security Device can obtain destination virtual local by three-layer network switching equipment
The broadcast packet of VLAN is netted, target VLAN is the corresponding VLAN of three-layer network switching equipment, later can be according to the agreement of broadcast packet
Type parses broadcast packet to obtain analysis result, and broadcast packet is Layer 2 data, usually carries the MAC Address of host, because
Compared to the prior art this MAC Address that target device (host) can be analytically obtained in result needs not move through three layers of friendship
The physical address learning process and use snmp protocol changed planes can be directly obtained target to the acquisition process of ARP table
The physical address of host in VLAN, thus the real-time that Network Security Device obtains the physical address of host is improved, be conducive to
Application of the Network Security Device to the MAC Address of host.
Description of the drawings
Fig. 1 is MAC Address acquisition methods one embodiment schematic diagram of the present invention;
Fig. 2 is another embodiment schematic diagram of MAC Address acquisition methods of the present invention;
Fig. 3 is the basic process schematic diagram of DHCP protocol of the present invention;
Fig. 4 is another embodiment schematic diagram of MAC Address acquisition methods of the present invention;
Fig. 5 is another embodiment schematic diagram of MAC Address acquisition methods of the present invention;
Fig. 6 is inventive network safety equipment one embodiment schematic diagram;
Fig. 7 is another embodiment schematic diagram of inventive network safety equipment;
Fig. 8 is another embodiment schematic diagram of inventive network safety equipment;
Fig. 9 is another embodiment schematic diagram of inventive network safety equipment;
Figure 10 is one hardware embodiment schematic diagram of inventive network safety equipment;
Figure 11 is that MAC Address of the present invention obtains system one embodiment schematic diagram;
Figure 12 is another embodiment schematic diagram of MAC Address acquisition system of the present invention.
Specific implementation mode
An embodiment of the present invention provides a kind of MAC Address acquisition methods and system, Network Security Device and readable storage mediums
Matter, the real-time for obtaining the physical address of host for improving Network Security Device, is conducive to Network Security Device to host
The application of MAC Address.
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
It is the embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, the common skill in this field
The every other embodiment that art personnel are obtained without making creative work, should all belong to protection of the present invention
Range.
Term " first ", " second ", " third " in description and claims of this specification and above-mentioned attached drawing, "
The (if present)s such as four " are for distinguishing similar object, without being used to describe specific sequence or precedence.It should
Understand that the data used in this way can be interchanged in the appropriate case, so that the embodiments described herein can be in addition to herein
Sequence other than diagram or the content of description is implemented.In addition, term " comprising " and " having " and their any deformation, meaning
Figure be to cover it is non-exclusive include, for example, containing the process of series of steps or unit, method, system, product or setting
It is standby those of to be not necessarily limited to clearly to list step or unit, but may include not listing clearly or for these mistakes
The intrinsic other steps of journey, method, product or equipment or unit.
The embodiment of the present invention provides a kind of MAC Address acquisition methods, referring to Fig. 1, MAC Address in the embodiment of the present invention
Acquisition methods one embodiment includes:
101, the broadcast packet of target VLAN is obtained by three-layer network switching equipment;
In destination virtual LAN VLAN, the three-layer network switching equipment of target VLAN can obtain in target VLAN
All broadcast packets, in embodiments of the present invention, what Network Security Device can be direct or indirect be exchanged by the three-layer network
Equipment obtains the broadcast packet in target VLAN.
102, broadcast packet is parsed to obtain analysis result;
It, can be according to the agreement of the broadcast packet got after Network Security Device gets the broadcast packet of target VLAN
Type parses broadcast packet, obtains analysis result.
103, the MAC Address of target device is analytically obtained in result.
Broadcast packet is Layer 2 data, usually carries the MAC Address of host, after Network Security Device is to broadcast Packet analyzing,
The host is referred to as by the MAC Address (i.e. physical address) that host can be analytically obtained in result in embodiments of the present invention
Target device.
In the embodiment of the present invention, Network Security Device obtains the physical address of target device by obtaining broadcast packet, and
The prior art is compared, and the physical address learning process of three-tier switch and the acquisition using snmp protocol to ARP table are needed not move through
Process, can be directly obtained the physical address of host in target VLAN, thus improves Network Security Device and obtain host
Physical address real-time, be conducive to application of the Network Security Device to the MAC Address of host.
The corresponding embodiments of Fig. 1 can be used in different application scenarios, in different application scenarios, target device
It is different, after classifying to common application scenarios, can target device be divided into two major classes accordingly, i.e. target is set
Standby can be the client or service provider in LAN, separately below to suitable for the present invention side under both of these case
Method embodiment is specifically described.
(1) target device is the client of target VLAN
MAC Address is to identify a good mode of host in network level, after getting MAC Address, can have and much answer
With, for example using MAC Address one user of mark, surf the Internet for authentication-exempt, can accomplish system of real name, user can also be improved
Experience.Account and MAC Address binding are done for another example, because MAC can identify a host, it is possible to reach dual factors school
The effect tested, an account can only log in specific several terminals, to improve the safety of account certification.It is above-mentioned to answer
Basis is that the physical address of host and the correspondence of IP address of Network Security Device record are complete, accurate
, when also just needing to increase host newly in a network, the physical address for getting newly-increased host in time is corresponding with its IP address
Relationship, when the IP address of host changes, the corresponding IP address of physical address for the host that timely updates, that is to say, that
Need Network Security Device can quick obtaining to the physical address of host and the correspondence of its IP address.It is provided below one
Kind solution, referring to Fig. 2, another embodiment of MAC Address acquisition methods includes in the embodiment of the present invention:
201, the broadcast packet of target VLAN is obtained by three-layer network switching equipment;
202, broadcast packet is parsed to obtain analysis result;
Step 201 in step 202 respectively embodiment corresponding with Fig. 1 step 101 and step 102 it is identical, herein not
It repeats again.
203, the MAC Address of client is analytically obtained in result;
204, the IP address of client is analytically obtained in result;
Common broadcast packet includes Simple Network Management Protocol DHCP packets and Address Resolution Protocol ARP packet, wherein DHCP
Agreement is used to distribute internet protocol address automatically to the client in LAN, and ARP agreements are that client is obtained by gateway
Take a TCP/IP agreement of the corresponding purpose physical address of purpose IP address.Therefore, visitor is carried in DHCP packets and ARP packets
The MAC Address and IP address at family end after Network Security Device gets DHCP packets or ARP packets, can be obtained analytically in result
To the MAC Address and IP address of client.
(1) if the broadcast packet got is DHCP packets, the client carried in DHCP packets is analytically obtained in result
IP address and MAC Address:
The basic process of DHCP protocol is as shown in figure 3, in the whole process, can be sequentially generated DHCP and find packet (DHCP
Discover messages), DHCP provide packet (DHCP Offer messages), DHCP request bags (DHCP Request messages) and
DHCP confirms packet (DHCPACK messages), and the DHCP packets of these four types are entirely broadcast packet, therefore can be by three-layer network
Switching equipment is got, and then can be got by Network Security Device.In the DHCP packets of above-mentioned four type, DHCP is true
Recognize packet is used to notify client can use the broadcast packet of the IP address for what Dynamic Host Configuration Protocol server was sent out, later dhcp client
It usually can be by the IP address and its network card binding, it is seen then that confirm that the IP address that client is obtained in packet is more accurate from DHCP
Really.Therefore, after Network Security Device parses broadcast packet, however, it is determined that the broadcast packet is that DHCP confirms that packet, network security are set
IP address standby then that client is analytically obtained in result.
Due to when getting DHCP packets, showing that client is that IP address therefore, can not by analyzing DHCP packets
With before client gets IP address, Network Security Device can get the IP address of the client and pair of MAC Address
It should be related to, real-time is more preferable.
(2) if the broadcast packet got be ARP packets, analytically in result obtain ARP packets the party awarding the contract IP address with
MAC Address:
The interactive process of ARP protocol is that client sends an ARP request packet first, and ARP request packet is broadcast packet, is used
To inquire the MAC Address of network opposite end to be visited, then network opposite end can be directed to the ARP request packet and send an ARP times
Packet, feeds back to the client by its MAC Address.Client can access network pair according to the MAC Address got later
End.It is not broadcast packet since ARP returns packet, in embodiments of the present invention, if the broadcast packet that Network Security Device is got
For ARP packets, then the ARP packets are ARP request packet, the party awarding the contract is the client of target VLAN, then the hair of the ARP request packet
The MAC Address and IP address of Bao Fang is the MAC Address and IP address for the client for needing to obtain in the embodiment of the present invention.
205, the address table to prestore is updated using the MAC Address of client and IP address.
Network Security Device is stored with to close for recording the MAC Address of client and the corresponding of IP address in target VLAN
The address table of system after Network Security Device gets MAC Address and the IP address of client, can utilize the MAC of client
Address and IP address are updated the address table to prestore, for example, the MAC Address of client is searched in address table, if looking into not
It arrives, shows that the client is the newly-increased client in target VLAN, the MAC Address of the client and IP address can be written
In address table;If finding, compares the MAC Address corresponding IP address of the client recorded in address table and get
Whether IP address is identical, if differing, can replace corresponding IP address in address table with the IP address got.
In the embodiment of the present invention, Network Security Device is by obtaining broadcast packet, visitor that can be in quick obtaining target VLAN
The IP address and MAC Address at family end can get the object of newly-increased client in time when increasing client newly in target VLAN
The correspondence of address and its IP address is managed, when the IP address of client changes, can timely update the client
The corresponding IP address of physical address, to advantageously ensure that the client recorded in Network Security Device physical address and
The correspondence of IP address is complete, accurate, is conducive to preferably realize the applications such as authentication-exempt online.
(2) target device is the server of target VLAN
There is illegal service provider, or referred to as illegal server, illegal server in LAN sometimes
The order or even menace network safety of LAN can be upset, therefore quickly finds and position illegal server, for safeguarding
Network security and order are of great significance.Common illegal server includes the Dynamic Host Configuration Protocol server and illegal gateway that private connects,
Two kinds of solutions are provided below, are respectively used to find the private Dynamic Host Configuration Protocol server connect and illegal gateway.
(1) it finds and positions the private Dynamic Host Configuration Protocol server connect
Referring to Fig. 4, another embodiment of MAC Address acquisition methods includes in the embodiment of the present invention:
401, the broadcast packet of target VLAN is obtained by three-layer network switching equipment;
402, broadcast packet is parsed to obtain analysis result;
Step 401 in step 402 respectively embodiment corresponding with Fig. 1 step 101 and step 102 it is identical, herein not
It repeats again.
If 403, broadcast packet provides packet for DHCP or DHCP confirms packet, the corresponding Dynamic Host Configuration Protocol server of broadcast packet is obtained
MAC Address;
After Network Security Device parses broadcast packet, if broadcast packet provides packet for DHCP or DHCP confirms packet, net
Network safety equipment can analytically obtain the MAC Address of the corresponding Dynamic Host Configuration Protocol server of DHCP packets in result, it is possible to understand that
It is that the Dynamic Host Configuration Protocol server is the DHCP servers in target VLAN.Specifically, due to Dynamic Host Configuration Protocol server be DHCP provide packet or
DHCP confirms the party awarding the contract of packet, therefore, when broadcast packet is that DHCP provides packet or DHCP and confirms that Network Security Device can be with when wrapping
Obtain the MAC Address of the party awarding the contract of broadcast packet, the as addresses MAC of the corresponding Dynamic Host Configuration Protocol server of the broadcast packet.
404, judge whether MAC Address is the MAC Address of legal Dynamic Host Configuration Protocol server, if it is not, 405 are thened follow the steps, if
It is to then follow the steps 406;
Network Security Device can store or obtain the MAC Address of each legal Dynamic Host Configuration Protocol server in target VLAN,
After analytically getting the MAC Address of Dynamic Host Configuration Protocol server in result, it can be determined that the DHCP clothes analytically got in result
Whether the MAC Address of business device is the MAC Address of legal Dynamic Host Configuration Protocol server, if it is not, 405 are thened follow the steps, if so, executing
Step 406.
405, judgement MAC Address corresponds to the private Dynamic Host Configuration Protocol server connect;
If Network Security Device judges that the MAC Address of the Dynamic Host Configuration Protocol server got in analytically result is not legal
The MAC Address of Dynamic Host Configuration Protocol server then can be determined that the MAC Address got in analytically result corresponds to the private DHCP clothes connect
Business device, can notify network management personnel to find the MAC Address pair according to the correspondence of the addresses MAC and hardware port later
The Dynamic Host Configuration Protocol server that the private answered connects.
406, other operations are executed.
If Network Security Device judges that the MAC Address of the Dynamic Host Configuration Protocol server got in analytically result is legal
The MAC Address of Dynamic Host Configuration Protocol server, then Network Security Device can execute other operations, such as the MAC of judgement Dynamic Host Configuration Protocol server
Location corresponds to legal Dynamic Host Configuration Protocol server.
(2) it finds and positions illegal gateway
The common methods of ARP attacks are that attacker forges gateway, and the MAC Address of mistake is returned using the illegal gateway of forgery
To client, it is held as a hostage so as to cause the data of client.In order to quickly find and position illegal gateway, one kind is provided below
MAC Address acquisition methods, referring to Fig. 5, another embodiment of MAC Address acquisition methods includes in the embodiment of the present invention:
501, ARP request packet is constructed;
Network Security Device can construct ARP request packet according to the unique encodings ID of target VLAN, with request target VLAN
In gateway IP address or the equipment outside target VLAN IP address.In order to receive the ARP of the gateway in target VLAN
Packet is returned, the IP address of the ARP request packet request of construction should correspond to the gateway in target VLAN, or correspond to target
The equipment in other VLAN other than VLAN, in this way, the gateway in target VLAN is after receiving ARP request packet, Ke Yifa
ARP corresponding with ARP request packet is sent to return packet.
502, to target VLAN broadcast ARP request packets;
After Network Security Device constructs ARP request packet, the ARP request packet can be broadcasted to target VLAN.
503, the broadcast packet of destination virtual LAN VLAN is obtained by three-layer network switching equipment;
504, broadcast packet is parsed to obtain analysis result;
Step 503 in step 504 respectively embodiment corresponding with Fig. 1 step 101 and step 102 it is identical, herein not
It repeats again.
If 505, broadcast packet is that the corresponding ARP of ARP request packet returns packet, the MAC Address that ARP returns the corresponding gateway of packet is obtained;
After broadcast Packet analyzing, if the corresponding ARP of ARP request packet that broadcast packet is construction returns packet, then network security is set
It is standby analytically to obtain the MAC Address that the ARP returns packet corresponding gateway in result.Specifically, since gateway is that ARP returns packet
The party awarding the contract, therefore, when broadcast packet is that ARP returns packet, Network Security Device can obtain the MAC Address of the party awarding the contract of broadcast packet,
The as MAC Address of the corresponding gateway of the broadcast packet.
506, judge MAC Address whether be legal gateway MAC Address;
Network Security Device can store or obtain the MAC Address of each legal gateway in target VLAN, analytically
As a result after getting the MAC Address of gateway in, it can be determined that the addresses MAC got whether be legal gateway MAC
Location, if it is not, 507 are thened follow the steps, if so, thening follow the steps 508.
507, judgement MAC Address corresponds to illegal gateway;
If Network Security Device judges that the MAC Address of the gateway got in analytically result is not the MAC of legal gateway
It is illegal then to can be determined that the MAC Address got in analytically result corresponds to, can notify network management people later for address
Member finds the corresponding illegal gateway of the MAC Address according to MAC Address and the correspondence of hardware port.
508, other operations are executed.
If so, Network Security Device can execute other operations, for example judge the MAC Address of gateway corresponding to legal
Gateway.
In order to find illegal gateway, ARP request packet can be constructed in each VLAN, and packet is returned according to the ARP of gateway feedback
The MAC Address that gateway can be obtained, by carrying out pair the MAC Address of legal gateway in the MAC Address got and the Vlan
Than that can find in time and position illegal gateway.
The MAC Address acquisition methods in the embodiment of the present invention are described above, below in the embodiment of the present invention
Network Security Device be described.
Referring to Fig. 6, one embodiment of Network Security Device includes in the embodiment of the present invention:
Broadcast packet acquisition module 601, for obtaining the wide of destination virtual LAN VLAN by three-layer network switching equipment
Packet is broadcast, target VLAN is the corresponding VLAN of three-layer network switching equipment;
Parsing module 602 obtains analysis result for being parsed to broadcast packet;
MAC Address acquisition module 603, the MAC Address for obtaining target device in analytically result.
In the embodiment of the present invention, the broadcast packet acquisition module 601 of Network Security Device is obtained by three-layer network switching equipment
The broadcast packet of destination virtual LAN VLAN, parsing module 602 is taken to parse broadcast packet, later address acquisition module 603
Compared to the prior art the MAC Address that target device is analytically obtained in result needs not move through three-tier switch physically
Location learning process and use snmp protocol can be directly obtained the object of host in target VLAN to the acquisition process of ARP table
Address is managed, thus improves the real-time that Network Security Device obtains the physical address of host, is conducive to Network Security Device pair
The application of the MAC Address of host.
Optionally, in some embodiments of the invention, target device is the client of target VLAN, referring to Fig. 7,
Network Security Device can further include:
IP address acquisition module 604, after being parsed to obtain analysis result to broadcast packet in parsing module 602,
The IP address of target device is analytically obtained in result;
Update module 605, for using target device MAC Address and IP address the address table to prestore is updated,
The address table to prestore is used to record the correspondence of the MAC Address of client and the addresses IP in target VLAN.
Optionally, in some embodiments of the invention, target device is the Dynamic Host Configuration Protocol server of target VLAN, if broadcast
Packet provides any one in packet and DHCP confirmation packets for DHCP, referring to Fig. 8, Network Security Device can also be wrapped further
It includes:
First judgment module 606, for obtaining target device in MAC Address acquisition module 603 analytically result
After MAC Address, judge whether the MAC Address of target device is the MAC Address of legal Dynamic Host Configuration Protocol server, if it is not, then triggering
First determination module 607, if so, executing other operations;
First determination module 607, for judging that the MAC Address of target device corresponds to the private DHCP servers connect.
Optionally, in some embodiments of the invention, target device is the gateway of target VLAN, referring to Fig. 9, net
Network safety equipment can further include:
Constructing module 608, for constructing Address Resolution Protocol ARP request bag, with the IP of the gateway of request target VLAN
The IP address of location or the equipment outside target VLAN;
Broadcast module 609 is used for target VLAN broadcast ARP request packets;
Second judgment module 610, the broadcast packet for being got when broadcast packet acquisition module 601 are 608 structure of constructing module
When the corresponding ARP of ARP request packet made returns packet, target device is obtained in MAC Address acquisition module 603 analytically result
After MAC Address, judge whether the MAC Address of target device is the MAC Address of legal gateway, if it is not, then triggering the second judgement
Module 611, if so, executing other operations;
Second determination module 611, for judging that the MAC Address of target device is not legal net when the second judgment module 610
When the MAC Address of pass, judge that the MAC Address of target device corresponds to illegal gateway.
The Network Security Device in the embodiment of the present invention is described from the angle of modular functionality entity above,
The Network Security Device in the embodiment of the present invention is described from the angle of hardware handles below:
The embodiment of the present invention additionally provides a kind of Network Security Device 10, as shown in Figure 10, for convenience of description, only shows
Go out and do not disclosed with the relevant part of the embodiment of the present invention, particular technique details, has please referred to present invention method portion
Point.
With reference to figure 10, Network Security Device 10 includes at least processor 1001, memory 1002 and is stored in memory
In and the computer program that can run on a processor.Processor realizes that above-mentioned each MAC Address obtains when executing computer program
Take the step in embodiment of the method, such as step 101 shown in FIG. 1 is to 103.Alternatively, reality when processor executes computer program
Each module or the function of unit in existing above-mentioned each device embodiment.In actual use, Network Security Device 10 can be fire prevention
Wall or IDS (intruding detection system) or IPS (intrusion prevention system) or access controller etc..
Illustratively, computer program can be divided into one or more module/units, and one or more module/
Unit is stored in the memory, and is executed by the processor, to complete the present invention.One or more of modules/
Unit can be the series of computation machine program instruction section that can complete specific function, and the instruction segment is for describing the calculating
Implementation procedure of the machine program in the Network Security Device.
It will be understood by those skilled in the art that structure shown in Figure 10 does not constitute the limit to Network Security Device 10
It is fixed, may include either combining certain components or different components arrangement, such as institute than illustrating more or fewer components
It can also includes wired or radio network interface, bus etc. to state Network Security Device.
Alleged processor can be central processing unit (Central Processing Unit, CPU), can also be it
His general processor, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable GateArray, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor
Deng the processor is the control centre of the Network Security Device, utilizes various interfaces and connection whole network safety
The various pieces of equipment.
The memory can be used for storing the computer program and/or module, and the processor is by running or executing
Computer program in the memory and/or module are stored, and calls the data being stored in memory, realizes institute
State the various functions of Network Security Device.The memory can include mainly storing program area and storage data field, wherein deposit
Store up program area can storage program area, (for example sound-playing function, image play the application program needed at least one function
Function etc.) etc.;Storage data field can be stored uses created data (such as audio data, phone directory etc.) according to mobile phone
Deng.Can also include nonvolatile memory in addition, memory may include high-speed random access memory, such as hard disk,
Memory, plug-in type hard disk, intelligent memory card (SmartMedia Card, SMC), secure digital (Secure Digital, SD)
Card, flash card (Flash Card), at least one disk memory, flush memory device or other volatile solid-states
Part.
If the integrated module/unit of the Network Security Device is realized in the form of SFU software functional unit and as only
Vertical product is sold or in use, can be stored in a computer read/write memory medium.Based on this understanding, originally
All or part of flow in above-described embodiment method is realized in invention, can also be instructed by computer program relevant hard
Part is completed, and the computer program can be stored in a computer readable storage medium, which is being handled
When device executes, it can be achieved that the step of above-mentioned each embodiment of the method.Wherein, the computer program includes computer program generation
Code, the computer program code can be source code form, object identification code form, executable file or certain intermediate forms
Deng.The computer-readable medium may include:Any entity or device, note of the computer program code can be carried
Recording medium, USB flash disk, mobile hard disk, magnetic disc, CD, computer storage, read-only memory (ROM, Read-Only Memory),
Random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium
Deng.It should be noted that the content that the computer-readable medium includes can be real according to legislation in jurisdiction and patent
The requirement trampled carries out increase and decrease appropriate, such as in certain jurisdictions, according to legislation and patent practice, computer-readable Jie
Matter does not include electric carrier signal and telecommunication signal.
The method and device embodiment of the present invention is described above, is to what above-described embodiment was based below
System proposes several possible realization methods, so that Network Security Device can obtain target by three-layer network switching equipment
The broadcast packet of VLAN, and then utilize the addresses MAC of broadcast packet acquisition target device.
One embodiment of MAC Address acquisition system includes in the embodiment of the present invention:
Three-layer network switching equipment and Network Security Device;
Three-layer network switching equipment is used to obtain the broadcast packet of corresponding VLAN, and a three-layer network switching equipment is usual
Corresponding to multiple VLAN, the broadcast packet of multiple VLAN can be obtained;
Network Security Device carries out data connection with three-layer network switching equipment, for passing through three-layer network switching equipment
Obtain broadcast packet;
Network Security Device is that the corresponding network security of any one embodiment is set in the corresponding embodiments of Fig. 6 to Fig. 9
It is standby.
1 is please referred to Fig.1, if it includes a three-layer network switching equipment 1101 that MAC Address, which obtains system 1100, then
Network Security Device 1102 can be deployed near three-layer network switching equipment 1101, with three-layer network switching equipment 1101 into
Row is direct-connected, such as the solid line with arrow of overstriking in Figure 11.Although it includes multiple three layers that MAC Address, which obtains system 1100,
The network switching equipment 1101, but the distance between all three-layer network switching equipment 1101 are close, Network Security Device 1102
It can be carried out simultaneously with each three-layer network switching equipment 1101 direct-connected.It, can be by three-layer network about direct-connected concrete mode
The a port of switching equipment 1101 is configured to Trunk mouthfuls of transparent transmission, Network Security Device 1102 and three-layer network switching equipment
It is direct-connected by Trunk mouthfuls of progress between 1101, directly to obtain broadcast packet by three-layer network switching equipment 1101.
If it includes multiple three-layer network switching equipment 1101 that MAC Address, which obtains system 1100, and multiple three-layer networks are handed over
The distance between exchange device 1101 farther out, at this point, Network Security Device 1102 can not simultaneously with each three-layer network switching equipment
1101 progress are direct-connected, also can not just get the broadcast packet on all three-layer network switching equipment 1101.In order to solve above-mentioned ask
Topic, it further includes multiple broadcast packet agent equipments 1103 that MAC Address, which obtains system 1100, broadcast packet agent equipment 1103 and three layers
The network switching equipment direct-connected 1101, the solid line as carried arrow in Figure 12 are received for obtaining three-layer network switching equipment 1101
The broadcast packet arrived, and broadcast packet is forwarded to Network Security Device 1102 by way of routing, as carried arrow in Figure 12
Dotted line.Optionally, Network Security Device 1102 can carry out direct-connected with a three-layer network switching equipment 1101, such as Figure 12
The solid line with arrow of middle overstriking directly acquires the broadcast packet on the three-layer network switching equipment 1101, passes through broadcast packet generation
Reason equipment 1103 indirectly obtains the broadcast packet on other three-layer network switching equipment 1101.In actual use, broadcast packet generation
Reason equipment 1103 can refer to router, or other network equipments with forwarding capability.
It is apparent to those skilled in the art that for convenience and simplicity of description, foregoing description is
System, the specific work process of device and unit can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments, it should be understood that disclosed system, device and method can pass through others
Mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of unit, only one
Kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component can combine or
It is desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed it is mutual it
Between coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, device or unit
It connects, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separated, and be shown as unit
Component may or may not be physical unit, you can be located at a place, or may be distributed over multiple nets
On network unit.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also
It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list
The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
More than, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to aforementioned
Invention is explained in detail for embodiment, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned
Technical solution recorded in each embodiment is modified or equivalent replacement of some of the technical features;And these are repaiied
Change or replaces, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution.
Claims (12)
1. a kind of MAC Address acquisition methods, which is characterized in that including:
Network Security Device obtains the broadcast packet of destination virtual LAN VLAN, the target by three-layer network switching equipment
VLAN is the corresponding VLAN of the three-layer network switching equipment;
The Network Security Device is parsed to obtain analysis result to the broadcast packet;
The Network Security Device obtains the physical address MAC Address of target device from the analysis result.
2. MAC Address acquisition methods according to claim 1, which is characterized in that the target device is the target
The client of VLAN.
3. MAC Address acquisition methods according to claim 2, which is characterized in that the Network Security Device is to described wide
It broadcasts packet to be parsed after obtaining analysis result, the method further includes:
The Network Security Device obtains the internet protocol address of the target device from the analysis result;
The Network Security Device is updated the address table to prestore using the MAC Address and IP address of the target device,
The address table to prestore is for recording the MAC Address of client and the correspondence of IP address in the target VLAN.
4. MAC Address acquisition methods according to claim 1, which is characterized in that the target device is the target
The server of VLAN.
5. MAC Address acquisition methods according to claim 4, which is characterized in that if the broadcast packet is simple network pipe
It manages protocol DHCP and packet and any one in DHCP confirmation packets is provided, obtained from the analysis result in the Network Security Device
After taking the MAC Address of target device, the method further includes:
The Network Security Device judge the target device MAC Address whether be legal Dynamic Host Configuration Protocol server MAC Address;
If it is not, then the Network Security Device judges that the MAC Address of the target device corresponds to the private Dynamic Host Configuration Protocol server connect.
6. MAC Address acquisition methods according to claim 4, which is characterized in that pass through three-layer network in Network Security Device
Before network switching equipment obtains the broadcast packet of target VLAN, the method further includes:
The Network Security Device constructs Address Resolution Protocol ARP request bag, with the IP address of the gateway of request target VLAN or
The IP address of equipment outside target VLAN described in person;
The ARP request packet is broadcasted to the target VLAN;
If the broadcast packet, which is the corresponding ARP of the ARP request packet, returns packet, in the Network Security Device from the analysis result
After the middle MAC Address for obtaining target device, the method further includes:
The network equipment judge the target device MAC Address whether be legal gateway MAC Address;
If it is not, then the Network Security Device judges that the MAC Address of the target device corresponds to illegal gateway.
7. a kind of Network Security Device, which is characterized in that including:
Broadcast packet acquisition module, the broadcast packet for obtaining destination virtual LAN VLAN by three-layer network switching equipment, institute
It is the corresponding VLAN of the three-layer network switching equipment to state target VLAN;
Parsing module, for being parsed to obtain analysis result to the broadcast packet;
Address acquisition module, the MAC Address for obtaining target device from the analysis result.
8. a kind of Network Security Device, including processor, the processor is for executing the computer program stored in memory
The step of any one of Shi Shixian such as claim 1-6 the methods.
9. a kind of computer readable storage medium, is stored thereon with computer program, it is characterised in that:The computer program quilt
It is realized when processor executes such as the step of any one of claim 1-6 the method.
10. a kind of MAC Address obtains system, which is characterized in that including three-layer network switching equipment and net according to any one of claims 8
Network safety equipment;
The three-layer network switching equipment is used to obtain the broadcast packet of target VLAN;
The Network Security Device carries out data connection with the three-layer network switching equipment, is handed over for passing through the three-layer network
Exchange device obtains the broadcast packet.
11. MAC Address according to claim 10 obtains system, which is characterized in that the Network Security Device with it is described
It is direct-connected by Trunk mouthfuls of progress between three-layer network switching equipment.
12. MAC Address according to claim 10 obtains system, which is characterized in that the MAC Address obtains system and includes
Multiple three-layer network switching equipment;
It further includes multiple broadcast packet agent equipments that the MAC Address, which obtains system, the broadcast packet agent equipment with described three layers
The network switching equipment is direct-connected, the broadcast packet received for obtaining the three-layer network switching equipment, and the broadcast packet is led to
It crosses routing and is forwarded to the Network Security Device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810214769.1A CN108540588A (en) | 2018-03-15 | 2018-03-15 | MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810214769.1A CN108540588A (en) | 2018-03-15 | 2018-03-15 | MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108540588A true CN108540588A (en) | 2018-09-14 |
Family
ID=63484015
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810214769.1A Pending CN108540588A (en) | 2018-03-15 | 2018-03-15 | MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108540588A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111683068A (en) * | 2020-05-27 | 2020-09-18 | 深信服科技股份有限公司 | Method for positioning lost host, protection device, network security equipment and medium |
CN112532524A (en) * | 2020-11-24 | 2021-03-19 | 锐捷网络股份有限公司 | Message processing method and device |
CN115277190A (en) * | 2022-07-27 | 2022-11-01 | 北京国领科技有限公司 | Method for realizing neighbor discovery on network by link layer transparent encryption system |
CN115297090A (en) * | 2022-08-03 | 2022-11-04 | 明阳产业技术研究院(沈阳)有限公司 | Address allocation method, device, equipment and medium |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030016624A1 (en) * | 1998-05-04 | 2003-01-23 | Bare Ballard C. | Path recovery on failure in load balancing switch protocols |
CN1411210A (en) * | 2002-03-08 | 2003-04-16 | 华为技术有限公司 | Method of acting address analytic protocol Ethernet Switch in application |
CN1866899A (en) * | 2005-12-30 | 2006-11-22 | 华为技术有限公司 | Aggregation system and method based on virtual LAN stack |
CN101383835A (en) * | 2008-10-21 | 2009-03-11 | 杭州华三通信技术有限公司 | Method and device for implementing server safe isolation |
CN101674306A (en) * | 2009-09-03 | 2010-03-17 | 中兴通讯股份有限公司 | Address resolution protocol message processing method and switch |
CN101808107A (en) * | 2009-02-17 | 2010-08-18 | 华为技术有限公司 | Storage device and user communication method, device and system |
CN103763407A (en) * | 2014-01-28 | 2014-04-30 | 上海斐讯数据通信技术有限公司 | Method for achieving address resolution protocol proxy through two-layer virtual local area network and local area network system |
CN106231002A (en) * | 2016-07-22 | 2016-12-14 | 杭州华三通信技术有限公司 | A kind of method and device safeguarding ARP table |
CN107241461A (en) * | 2017-07-14 | 2017-10-10 | 迈普通信技术股份有限公司 | MAC Address acquisition methods, gateway device, network authentication apparatus and network system |
-
2018
- 2018-03-15 CN CN201810214769.1A patent/CN108540588A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030016624A1 (en) * | 1998-05-04 | 2003-01-23 | Bare Ballard C. | Path recovery on failure in load balancing switch protocols |
CN1411210A (en) * | 2002-03-08 | 2003-04-16 | 华为技术有限公司 | Method of acting address analytic protocol Ethernet Switch in application |
CN1866899A (en) * | 2005-12-30 | 2006-11-22 | 华为技术有限公司 | Aggregation system and method based on virtual LAN stack |
CN101383835A (en) * | 2008-10-21 | 2009-03-11 | 杭州华三通信技术有限公司 | Method and device for implementing server safe isolation |
CN101808107A (en) * | 2009-02-17 | 2010-08-18 | 华为技术有限公司 | Storage device and user communication method, device and system |
CN101674306A (en) * | 2009-09-03 | 2010-03-17 | 中兴通讯股份有限公司 | Address resolution protocol message processing method and switch |
CN103763407A (en) * | 2014-01-28 | 2014-04-30 | 上海斐讯数据通信技术有限公司 | Method for achieving address resolution protocol proxy through two-layer virtual local area network and local area network system |
CN106231002A (en) * | 2016-07-22 | 2016-12-14 | 杭州华三通信技术有限公司 | A kind of method and device safeguarding ARP table |
CN107241461A (en) * | 2017-07-14 | 2017-10-10 | 迈普通信技术股份有限公司 | MAC Address acquisition methods, gateway device, network authentication apparatus and network system |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111683068A (en) * | 2020-05-27 | 2020-09-18 | 深信服科技股份有限公司 | Method for positioning lost host, protection device, network security equipment and medium |
CN112532524A (en) * | 2020-11-24 | 2021-03-19 | 锐捷网络股份有限公司 | Message processing method and device |
CN115277190A (en) * | 2022-07-27 | 2022-11-01 | 北京国领科技有限公司 | Method for realizing neighbor discovery on network by link layer transparent encryption system |
CN115277190B (en) * | 2022-07-27 | 2023-08-15 | 北京国领科技有限公司 | Method for realizing neighbor discovery on network by link layer transparent encryption system |
CN115297090A (en) * | 2022-08-03 | 2022-11-04 | 明阳产业技术研究院(沈阳)有限公司 | Address allocation method, device, equipment and medium |
CN115297090B (en) * | 2022-08-03 | 2024-03-15 | 明阳产业技术研究院(沈阳)有限公司 | Address allocation method, device, equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100505749C (en) | Router and SIP server | |
CN108540588A (en) | MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing | |
CN107332812B (en) | Method and device for realizing network access control | |
CN103905283B (en) | Communication means and device based on expansible VLAN | |
CN104780066B (en) | Determined for the physical pathway of virtual network stream of packets | |
CN102334111B (en) | Providing logical networking functionality for managed computer networks | |
CN101047618B (en) | Method and system for acquiring network route information | |
CN108616490A (en) | A kind of method for network access control, apparatus and system | |
CN107493280A (en) | Method, intelligent gateway and the certificate server of user authentication | |
CN106126402B (en) | The processing method and processing device of accelerator exception | |
CN103067215B (en) | Realize method, application server, network data base and the system of heartbeat mechanism | |
CN103650424A (en) | Implementation method and server of home gateway service function | |
CN108322417A (en) | Processing method, device and system and the safety equipment of network attack | |
CN112272145B (en) | Message processing method, device, equipment and machine readable storage medium | |
CN107404470A (en) | Connection control method and device | |
US8072978B2 (en) | Method for facilitating application server functionality and access node comprising same | |
CN107294797A (en) | Network topology structure recognition methods and system | |
CN110493366A (en) | The method and device of network management is added in a kind of access point | |
CN107438068A (en) | A kind of method and device of preventing ARP aggression | |
Bruno et al. | CCDA 640-864: official Cert guide | |
CN101834864A (en) | Method and device for preventing attack in three-layer virtual private network | |
CN107769939A (en) | Network element management method, webmaster, Gateway Network Element and system in data communication network | |
CN104253798A (en) | Network security monitoring method and system | |
CN107005430A (en) | A kind of communication means based on data link layer, equipment and system | |
CN106533884B (en) | A kind of message transmitting method, convergence device, interchanger and VRRP system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180914 |