CN110177015A - A kind of method and device of management terminal access network - Google Patents
A kind of method and device of management terminal access network Download PDFInfo
- Publication number
- CN110177015A CN110177015A CN201910439656.6A CN201910439656A CN110177015A CN 110177015 A CN110177015 A CN 110177015A CN 201910439656 A CN201910439656 A CN 201910439656A CN 110177015 A CN110177015 A CN 110177015A
- Authority
- CN
- China
- Prior art keywords
- terminal
- bindtype
- mark
- target
- management platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/52—Network services specially adapted for the location of the user terminal
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of method that the application proposes management terminal access network, is applied to network management platform.By the networking request for receiving target terminal equipment;It is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;The multiple terminal mark of the target terminal equipment indicated by the target bind type is obtained from the request that networks;The multiple terminal mark that will acquire is matched with the multiple terminal mark in the apparatus bound information of network management platform maintenance;If successful match, the step of then allowing the target terminal access network, makes the network management platform select different terminal iidentifications to carry out matching judgment according to the different bindtypes that administrator selects, thus meets and determine whether terminal is the demand allowed into network termination according to different terminal iidentifications.
Description
Technical field
This application involves field of computer technology more particularly to a kind of method and devices of management terminal access network.
Background technique
Currently, under group's office network environment, such as company, school etc., it will usually there are numerous office terminal needs
Access office network.The terminal iidentification of these office terminals is forwarded to authenticating device by multilayer switch, and the authenticating device is logical
The authentication mechanism certification for crossing itself allows the equipment to access office network by rear, to access shared resource, internet etc.
Information.
Summary of the invention
In view of this, the application provides a kind of method of management terminal access network, it is applied to network management platform, it is described
Network management platform maintains the bindtype of terminal device;And apparatus bound information corresponding with the bindtype;Its
In, the bindtype indicates the binding relationship between the multiple terminal mark of the terminal device;The apparatus bound information
It is identified including the multiple terminal determined by the bindtype;The above method includes:
Receive the networking request of target terminal equipment;
It is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;
A variety of ends of the target terminal equipment indicated by the target bind type are obtained from the request that networks
End mark;
A variety of ends in the multiple terminal mark that will acquire, with the apparatus bound information of network management platform maintenance
End mark is matched;If successful match, allow the target terminal access network.
In the embodiment shown in the application, the multiple terminal mark that will acquire is tieed up with the network management platform
Multiple terminal mark in the apparatus bound information of shield is matched, comprising:
Search the apparatus bound information corresponding with the target terminal equipment safeguarded in the network management platform;
If finding apparatus bound information corresponding with the target terminal equipment, the multiple terminal mark that will acquire
Know, is matched with the apparatus bound information found.
In the embodiment shown in the application, the bindtype of all terminal devices of the network management platform maintenance
It is all the same;The network management platform maintains the bind type field for indicating the bindtype of all terminal devices;
Determination target bind type corresponding with the target terminal equipment, comprising:
Inquire the bindtype of the bind type field instruction of the network management platform maintenance;
It is corresponding that the bindtype that the bind type field inquired indicates is determined as the target terminal equipment
Target bind type.
In the embodiment shown in the application, maintained in the network management platform terminal device terminal iidentification and
The corresponding relationship of bindtype;It include the terminal iidentification of target terminal equipment in the target terminal networking request;
Determination target bind type corresponding with the target terminal equipment, comprising:
Corresponding binding in the network management platform is inquired according to the terminal iidentification of target terminal in the request that networks
Type;
The bindtype inquired is determined as the corresponding target bind type of the target terminal equipment.
In the embodiment shown in the application, the network management platform is configured for networking mode;Wherein, it is described enter
Net mode includes non-blacked mode and blocking mode;
The method also includes:
If the target terminal is unbound terminal device, the networking mode of the network management platform is further determined that;
The unbound terminal device includes not safeguarding that the terminal of corresponding apparatus bound information is set in the network management platform
It is standby;
If the networking mode is blocking mode, refuse the target terminal access network;
If the networking mode is non-blacked mode, allow the target terminal access network.
In the embodiment shown in the application, the access of networking mode and terminal is maintained in the network management platform
Station location marker corresponding relationship;It include the on-position mark of terminal in the request that networks;The determining network management platform
Networking mode includes:
It is identified according to the on-position of the terminal in the request that networks and determines networking mode.
In the embodiment shown in the application, the binding logo of the terminal includes: IP address mark, the terminal of terminal
MAC mark, terminal on-position mark;
The bindtype includes:
First bindtype, instruction IP address mark are bound with MAC Address mark;
Second bindtype, instruction IP address mark are bound with on-position mark;
Third bindtype, instruction MAC Address mark are bound with on-position mark;
4th bindtype, instruction IP address mark, MAC Address mark and on-position mark are bound.
The application also provides a kind of device of management terminal access network, and described device maintains the binding class of terminal device
Type;And apparatus bound information corresponding with the bindtype;Wherein, the bindtype indicates the more of the terminal device
Binding relationship between kind terminal iidentification;The apparatus bound information includes the multiple terminal mark determined by the bindtype
Know;
Above-mentioned apparatus includes:
Receiving module receives the networking request of target terminal equipment;
Determining module is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;
Module is obtained, obtains the target terminal equipment indicated by the target bind type from networking request
Multiple terminal mark;
Matching module, the multiple terminal mark that will acquire, the target terminal with network management platform maintenance
Multiple terminal mark in the apparatus bound information of equipment is matched;If successful match, the target terminal is allowed to access
Network.
In the embodiment shown in the application, the matching module includes:
Searching module searches the apparatus bound corresponding with the target terminal equipment safeguarded in the network management platform
Information;
Matched sub-block will acquire if finding apparatus bound information corresponding with the target terminal equipment
Multiple terminal mark, matched with the apparatus bound information found.
In the embodiment shown in the application, the bindtype of all terminal devices of described device maintenance is all the same;
Described device maintains the bind type field for indicating the bindtype of all terminal devices;
The determining module includes:
First enquiry module inquires the bindtype of the bind type field instruction of the network management platform maintenance;
First determines submodule, and the bindtype that the bind type field inquired indicates is determined as the target
The corresponding target bind type of terminal device.
In the embodiment shown in the application, the terminal iidentification and bindtype of terminal device are maintained in described device
Corresponding relationship;It include the terminal iidentification of target terminal equipment in the target terminal networking request;
The determining module includes:
Second enquiry module inquires the network management platform according to the terminal iidentification of target terminal in the request that networks
In corresponding bindtype;
Second determines submodule, and the bindtype inquired is determined as to state the corresponding target bind class of target terminal equipment
Type.
In the embodiment shown in the application, described device is configured for networking mode;Wherein, the networking mode packet
Include non-blacked mode and blocking mode;
It further determines that module, if the target terminal is unbound terminal device, further determines that the network management
The networking mode of platform;The unbound terminal device includes not safeguarding that corresponding equipment is tied up in the network management platform
Determine the terminal device of information;
If the networking mode is blocking mode, refuse the target terminal access network;
If the networking mode is non-blacked mode, allow the target terminal access network.
In the embodiment shown in the application, the access of networking mode and terminal is maintained in the network management platform
Station location marker corresponding relationship;It include the on-position mark of terminal in the request that networks;It is described to further determine that module includes:
It is identified according to the on-position of the terminal in the request that networks and determines networking mode.
In the embodiment shown in the application, the binding logo of the terminal includes: IP address mark, the terminal of terminal
MAC mark, terminal on-position mark;
The bindtype includes:
First bindtype, instruction IP address mark are bound with MAC Address mark;
Second bindtype, instruction IP address mark are bound with on-position mark;
Third bindtype, instruction MAC Address mark are bound with on-position mark;
4th bindtype, instruction IP address mark, MAC Address mark and on-position mark are bound.
Known to through the above scheme, on the one hand, since network management platform maintains the bindtype of terminal device.Management
Member can select different terminal bindtypes when binding terminal according to different needs.Therefore, when judging network termination to be entered
It whether is when allowing into network termination, network management platform can select different ends according to the different bindtypes that administrator selects
End mark carries out matching judgment, thus meets and determine whether terminal is the need allowed into network termination according to different terminal iidentifications
It asks.
On the other hand, since the interaction of original administrator and interchanger to be converted to the friendship of administrator and network management platform
Mutually, so that administrator more intuitively obtains terminal iidentification, the binding of terminal is also instructed by originally passing through to access device
Operation is changed to directly use operation of the mouse to network management platform, at the same time it can also select network management platform to show
A plurality of end message carries out batch binding, and therefore, administrator's bindings become easy, fast.
Detailed description of the invention
Fig. 1 is a kind of office network networking diagram shown in this specification;
Fig. 2 is a kind of implementation flow chart of management terminal network access method shown in this specification;
Fig. 3 is that a kind of administrator shown in this specification binds end message method flow diagram;
Fig. 4 is a kind of device internal structure chart of management terminal access network shown in this specification.
Specific embodiment
It will explain the exemplary embodiments in detail below, the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application.
It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority
Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps
It may be combined containing one or more associated any or all of project listed.It is also understood that word used herein
Language " if ", context is depended on, can be construed to " ... when " or " when ... " or " in response to determination ".
In general, the IP address in order to avoid different terminals clashes, the terminal in network will be assigned different
IP address.In order to avoid there is no the terminal for distributing IP address to access network privately, can IP address to terminal and MAC Address into
The terminal of row binding, unbound IP address and MAC Address does not allow to access network.
At this point, numerous terminals needs a kind of method that management terminal networks to carry out distinguishing terminal for the ease of unified management
Whether it is to allow into network termination, realizes the accessing terminal to network that will allow to network.
In the embodiment shown in the application, a kind of method that management terminal networks is provided.Referring to Figure 1, Fig. 1 is
A kind of office network networking diagram shown in this specification.
As shown in Figure 1, entire office network is divided into several areas so that group's office network environment is company as an example
Domain.It should be noted that the mode for dividing region can be with different office function divisions, for example, Finance Department, client's clothes
Business portion, research and development department etc., are not limited thereto.
In each region, numerous terminal (including allowing into network termination and network termination to be entered) and access device (interchanger)
Connection, the access device connect with authenticating device by multilayer switch and (multilayer switch are not shown in the figure).When terminal passes through
Authenticating device, which authenticates rear, may have access to internal, external network server.
Above-mentioned interchanger: the network equipment for signal forwarding.
Above-mentioned access device: the nearest interchanger of terminal access.
Above-mentioned authenticating device: the equipment that access terminal eventually arrives at after the interchanger forwarding by multilayer, the equipment are determined
Determine whether terminal can access network by certification.
Specifically, this method can be divided into two parts, first part, and authenticating device, which obtains, allows the binding into network termination to believe
Breath;Second part, authenticating device determine whether network termination to be entered is to allow into network termination by authentication mechanism.
Wherein, authenticating device obtains the binding information allowed into network termination specifically:
Administrator will obtain the terminal iidentification for the terminal connecting with access device by configuring access device.
After administrator obtains terminal iidentification, need to judge whether the terminal is the terminal for allowing to access network, if it is,
The terminal iidentification of the terminal is bundled in access device.
It should be noted that whether equipment allows to network can be determined by administrator, for example, in region 1 shown in Fig. 1 eventually
1- terminal n is held, the terminal x- terminal m in region 2 is the equipment for allowing to network, and network termination to be entered is that authenticating device is needed to judge
Whether the equipment that networks is allowed.In addition, above-mentioned terminal iidentification is usually IP information and mac address information.
Certainly, the terminal device of access device connection has very much, and administrator needs to judge one by one whether each terminal is permission
The IP address information for allowing the terminal for accessing network and mac address information are formed binding information and tied up by the terminal for accessing network
Due in access device.
After completing the terminal iidentification that binding allows network termination in each access device, binding information is passed through into multilayer switch
It is forwarded in authenticating device.The authenticating device receives and stores above-mentioned binding information in case verifying whether network termination to be entered is permission
The terminal of networking.
After the completion of above-mentioned steps, authenticating device just gets the binding information of all terminals for allowing to access network, that is, sets
The binding information of standby 1- equipment n and equipment x- equipment m has been stored in authenticating device.
When needing into network termination access switch (access device), network termination to be entered will send networking to authenticating device and ask
It asks.It should be noted that networking request should at least should include the terminal iidentification for including in aforementioned binding information, for example,
In the present embodiment, should the networking request include at least IP information and mac address information.
Determine whether network termination to be entered is to allow into network termination specifically:
After authenticating device receives above-mentioned networking request, start authentication mechanism: authenticating device is analyzed in networking request
The network termination IP information to be entered and MAC information carried, and with the IP information and mac address information in the binding information that has saved
Match, if successful match, determines that being somebody's turn to do network termination to be entered is to allow then to allow to network into network termination;If matching is unsuccessful, determining should be to
Entering network termination is not allow then to refuse to network into network termination.
In the embodiment shown in the application, the authentication mechanism in authenticating device is also possible that be analyzed in authenticating device
Out after the IP information in networking request and mac address information, whether the equipment is first inquired according to IP information or mac address information
Has binding information in authenticating device, if so, the above-mentioned matching judgment of further progress;If nothing, directly determining the equipment is not
Allow log equipment, refusal networks.
Through the foregoing embodiment it is found that due to there are authentication mechanism, enable in authenticating device authenticating device make to allow into
Network termination accesses network, does not allow to refuse access network into network termination, to realize the management for networking to terminal.
But there are following some problems for above-described embodiment.
On the one hand, since administrator is when binding terminal iidentification, the IP information and MAC Address letter of binding terminal can only be selected
Breath, bindtype is more single, thus is judging when whether enter network termination is to allow into network termination, can only be believed according to the IP of terminal
Breath and mac address information are matched to obtain as a result, this, which to be unable to satisfy needs, determines terminal according to different terminal iidentifications
It whether is the demand allowed into network termination.
On the other hand, since each terminal that binding information needs administrator couple to connect with access device does information one by one
Binding, and administrator needs through instruction configuration access device, and therefore, binding information work is troublesome, time-consuming and laborious.
Based on this, a kind of method that the application proposes management terminal access network is applied to network management platform.Above-mentioned net
Network manages the platform maintenance bindtype of terminal device;Above-mentioned bindtype is supplied to administrator's selection when binding terminal,
Administrator can select different bindtypes according to different business demands, different bindtype instruction terminal equipment it is a variety of
Binding relationship between different terminals mark;Binding information is formed after binding between above-mentioned a variety of different terminals marks to be stored in
State network management platform.
Fig. 2 is referred to, Fig. 2 is a kind of implementation flow chart of management terminal network access method shown in this specification.
As shown in Fig. 2, the method is applied to network management platform;The described method includes:
S201 receives the networking request of target terminal equipment;
S202 is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;
S203 obtains the more of the target terminal equipment indicated by the target bind type from networking request
Kind terminal iidentification;
S204, the multiple terminal that will acquire identify, in the apparatus bound information of network management platform maintenance
Multiple terminal mark is matched;If successful match, allow the target terminal access network.
It should be noted that above-mentioned terminal iidentification is the mark for capableing of instruction terminal, for example, IP address, MAC
Location, terminal serial number, on-position mark of terminal etc..The multiple terminal of above-mentioned bindtype instruction terminal identifies, administrator
It can choose different bindtypes when binding terminal iidentification to be bound.Wherein, bindtype is usually determined by companies needs
It is fixed, for example, managing for convenience, it is one fixed IP of each terminal distribution, is can choose at this time by the IP information of terminal
It is bound with mac address information;It surfs the Internet when some terminals need to fix position, when terminal cannot be moved at will, then can select
Select the port numbers binding of IP information and access device;DHCP (Dynamic Host is used in some network organizings
Configuration Protocol, DynamicHost be arranged agreement) configuration protocol, then can choose terminal MAC address information and
The on-position mark of terminal is bound;And some pairs of terminal device networkings require high scene, then can choose by
IP, mac address information and terminal on-position mark bind together.
Known to through the above scheme, on the one hand, since network management platform maintains the bindtype of terminal device.Management
Member can select different terminal bindtypes when binding terminal according to different needs.Therefore, when judging network termination to be entered
It whether is when allowing into network termination, network management platform can select different ends according to the different bindtypes that administrator selects
End mark carries out matching judgment, thus meets and determine whether terminal is the need allowed into network termination according to different terminal iidentifications
It asks.
On the other hand, since the interaction of original administrator and interchanger to be converted to the friendship of administrator and network management platform
Mutually, so that administrator more intuitively obtains terminal iidentification, also, to the binding of terminal also by originally being set by instruction to access
Standby operation is changed to directly use the operation of mouse or touch screen mode to network management platform, at the same time it can also select network pipe
The a plurality of end message that platform is shown carries out batch binding, so that administrator's bindings become easy, fast.
In the embodiment shown in the application, the above method is divided into two parts, first part, in network management platform
Middle binding end message;Second part, network management platform determine whether network termination to be entered can access net by authentication mechanism
Network.
Wherein, binding end message flow chart of steps refers to Fig. 3, and a kind of administrator shown in this specification of the position Fig. 3 ties up
Determine end message method flow diagram.
When administrator binds terminal iidentification, which provides a variety of bindtypes and selects for administrator.It is real
Now, the terminal iidentification of terminal is sent to above-mentioned network management platform by S301, interchanger;S302, administrator can be according to industry
Business demand selects corresponding bindtype;S303, network management platform can will network right in request according to the bindtype of selection
The terminal iidentification answered forms apparatus bound maintenance of information in network management platform.It should be noted that network management platform to
The mode that administrator provides bindtype selection has very much, for example, the drop-down menu of selection bindtype is provided, in binding information
The frame etc. that can choose bindtype is added afterwards, is not limited thereto.
After administrator completes binding end message in network management platform, terminal is maintained in the network management platform and is set
Standby bindtype;And apparatus bound information corresponding with the bindtype;Wherein, described in the bindtype instruction
Binding relationship between the multiple terminal mark of terminal device;The apparatus bound information includes being determined by the bindtype
Multiple terminal mark;The flow chart for determining whether network termination to be entered can access network is as shown in Figure 2.
When needing into network termination access switch, terminal networking request is sent to above-mentioned network management and put down by interchanger
Platform.S201, network management platform receive the networking request of target terminal equipment;S202, above-mentioned network management platform pass through parsing
The request that networks determines target bind type corresponding with the terminal;The above-mentioned network management platform of S203 and S204 determines target bind
After type, the equipment safeguarded in the terminal iidentification and network management platform of target bind type instruction above-mentioned in the request that networks is tied up
Determine the multiple terminal mark matching in information, if successful match, determine should network termination be entered be to allow into network termination, allow into
Net.
In the embodiment shown in the application, in order to improve the efficiency that the management terminal of network management platform networks,
S204 step specifically can be, and whether maintain apparatus bound corresponding with target terminal equipment in first Network Search management platform
Information, if finding apparatus bound information corresponding with the target terminal equipment, the multiple terminal mark that will acquire,
It is matched with the apparatus bound information found.
It should be noted that if not finding equipment corresponding with the target terminal equipment in network management platform
Binding information is not allow into network termination, directly refuses terminal access net it can be said that the bright terminal is unbound terminal
Network.In addition, whether maintaining apparatus bound information corresponding with target terminal equipment in Network Search management platform can pass through
Any terminal to network in requesting identifies to search, for example, IP information or mac address information etc., are not limited thereto.
Due to whether maintaining apparatus bound corresponding with target terminal equipment in Network Search management platform first in S204
Information, if finding apparatus bound information corresponding with the target terminal equipment, the multiple terminal mark that will acquire,
It is matched with the apparatus bound information found, so that network management platform needs matched apparatus bound information content significantly
It reduces, to improve the efficiency that the management terminal of network management platform networks.
In the embodiment shown in the application, the apparatus bound information such as table 1 is maintained in network management platform,
In, the corresponding bindtype of terminal binding information is unified.
Table 1
IP information | Mac address information | The on-position of terminal identifies |
1.1.1.1 | 11-11-11-11-11-11 | 1-1 |
1.1.1.1 | 11-11-11-11-11-11 | 1-5 |
2.2.2.2 | 22-22-22-22-22-22 | 2-1 |
2.2.2.2 | 22-22-22-22-22-22 | 2-3 |
As shown in table 1, the number of front represents access device number in the on-position mark of terminal, and back number represents
The connecting pin slogan of access device, for example, 1-1 represents No. 1 port of No. 1 access device.
It is also maintained in network management platform such as the bindtype of table 2 table corresponding with binding information, and maintains instruction
The bind type field of all terminal bindtypes.
Table 2
When executing S202, network management platform only needs the bind type field of inquiry maintenance, then passes through inquiry maintenance
Bindtype table corresponding with binding information it can be learnt that the binding information for the equipment bound in current network management platform belongs to
Which kind of bindtype, namely, it is determined that bindtype corresponding with terminal device to be networked
For example, when IP is 1.1.1.1, MAC is that the network termination to be entered of 11-11-11-11-11-11 passes through the 5 of access device 1
When number port access switch, should the networking of network termination to be entered request to be sent to network management platform by multilayer switch.
S201 and S202 passes through the bind type field of inquiry maintenance after network management platform receives networking request
It is 3, determines that being somebody's turn to do the corresponding bindtype of terminal device to be networked is 3.Inquiry table 2 is determined to obtain from networking request and is somebody's turn to do
The MAC information of terminal and the on-position identification information of terminal, and MAC information and terminal in the information that will acquire and table 1
On-position identification information match.During matched, MAC information can be first matched, show that MAC is 11-11-11-11-
The binding information of 11-11 has two, as shown in table 3.The on-position mark of reflexless terminal in the present embodiment should be wait enter again
The on-position of network termination is identified as 1-5, therefore matching result is that successfully, that is, can determine that the network termination to be entered is to allow to network eventually
End permits it to access network.
Table 3
IP information | Mac address information | The on-position of terminal identifies |
1.1.1.1 | 11-11-11-11-11-11 | 1-1 |
1.1.1.1 | 11-11-11-11-11-11 | 1-5 |
In the embodiment shown in the application, terminal iidentification and the binding of terminal device are maintained in network management platform
The mapping table of type, as shown in table 4.
It should be noted that above-mentioned terminal iidentification can be any mark or the combination of mark of instruction terminal, below with
Terminal iidentification is for IP information.
Table 4
Terminal iidentification | Bindtype |
1.1.1.1 | 1 |
2.2.2.2 | 2 |
3.3.3.3 | 3 |
4.4.4.4 | 4 |
It is also maintained in network management platform shown in the table corresponding with binding information of bindtype shown in table 2 and table 5
Apparatus bound information table.
Table 5
IP information | Mac address information | The on-position of terminal identifies |
1.1.1.1 | 11-11-11-11-11-11 | 1-1 |
2.2.2.2 | 22-22-22-22-22-22 | 2-1 |
3.3.3.3 | 33-33-33-33-33-33 | 3-1 |
4.4.4.4 | 44-44-44-44-44-44 | 4-1 |
4.4.4.4 | 44-44-44-44-44-44 | 2-4 |
For example, when the network termination to be entered that IP information is 4.4.4.4, mac address information is 44-44-44-44-44-44 passes through
No. 3 port access switch of No. 2 access terminals.The terminal sends the request that networks to network management platform by interchanger.
After network management platform receives above-mentioned networking request, by the IP information inquiry table 4 of carrying, inquires and network
The corresponding bindtype of terminal IP information is 4, then inquiry table 2, i.e., the determining IP information that the terminal is obtained from networking request,
The on-position identification information of MAC information and terminal, and the IP information in the terminal identification information that will acquire and table 5, MAC believe
The on-position identification information match of breath and terminal, wherein specific matching process is not described in detail here.When being matched to connecing for terminal
Enter station location marker this when, since the present embodiment middle-end slogan is 2-3, and the IP information bound in network management platform is
4.4.4.4 be identified as 4-1 or 2-4 based on being included in of terminal, therefore, it fails to match, that is, determine should network termination be entered be not permit
Permitted to refuse equipment networking into network termination.
In the embodiment shown in the application, it is possible to the method for occurring determining bindtype by above-mentioned inquiry table 4
Bindtype corresponding with IP information can not be inquired.For example, passing through 4 nothing of inquiry table when entering network termination IP is 5.5.5.5
Method inquires bindtype corresponding with network termination to be entered, and can directly determine the terminal is unbound terminal, does not allow to access
Network.
In actual office network, for example, being usually provided with client rest area in client service department, the area is for mentioning
It temporarily surfs the Internet for non-our company personnel, since above-noted persons infrequently access company, in order to control network management platform storage
Binding information quantity, it is not necessary that its terminal is bound in network management platform.Therefore, in the embodiment shown in the application
In, network management platform is configured for networking mode;Wherein, the networking mode includes non-blacked mode and blocking mode.When
When determining that networking mode is non-blacked mode, even if determining that network termination to be entered is unbound terminal or does not allow into network termination,
It can permit the accessing terminal to network;If networking mode is blocking mode, determining network termination to be entered is for unbound terminal or not
Allow then to refuse the accessing terminal to network into network termination.
In the embodiment shown in the application, the mode for the networking mode that network management platform is configured is determined are as follows: logical
It crosses the confirmation networking pattern field safeguarded in inquiry network management platform and determines the networking mode that network management platform is configured.Example
Such as, which represents non-blacked mode for 1;The field represents blocking mode for 2.
For example, the field of the confirmation networking mode is tieed up when administrator configurations network management platform is non-blacked mode
Shield is 1.It should be noted that administrator configurations network management platform networking mode can be drop-down menu or choose mode etc.,
It is not limited thereto.
When being confirmed as unbound terminal wait enter network termination or not allowing into network termination, inquires in network management platform and tie up
The confirmation networking pattern field of shield, in the present embodiment, which is maintained as 1, that is, determines that networking mode is non-blacked mode.
In the embodiment shown in the application, provides another and determine the networking mould that network management platform is configured
The mode of formula: the networking mode for determining that network management platform is configured is identified by the on-position of the terminal in the request that networks.
It should be noted that when configuring entire office network, the different access network area of terminal (is exchanged by administrator
Generator terminal slogan) it is corresponding with networking mode.For example, the corresponding switch ports number in client rest area is 4-1 to 4-10, which permits
Perhaps non-access terminal networks.Therefore, administrator is corresponding with networking mode 1 (non-blacked mode) by the section inner end slogan.Management
It will safeguard out after the completion of member's configuration, in network management platform and closed as the networking mode of table 6 is corresponding with the on-position of terminal mark
It is table.
Table 6
The on-position of terminal identifies | Networking mode |
4-1 to 4-10 | 1 |
1-1 to 1-10 | 2 |
2-1 to 2-10 | 2 |
3-1 to 3-10 | 2 |
For example, when IP is that the network termination to be entered that 5.5.5.5, MAC are 55-55-55-55-55-55 passes through No. 4 access terminals
No. 3 port access switch.The terminal sends the request that networks to network management platform by interchanger.Network management platform is rung
Starting authentication mechanism verifying should be requested in networking, verify and determine that the terminal is unbound terminal.Later, the network management is flat
Platform passes through the on-position identification look-up table 6 of the terminal.In the present embodiment, since the on-position of terminal is identified as 4-3, belong to
In the range of 4-1 to 4-10, it is thus determined that it is 1 that the on-position of the terminal, which identifies corresponding networking mode, the terminal is determined
Corresponding networking mode is non-blacked mode, then allows the accessing terminal to network.
Through the above scheme it is found that the on-position mark due to different terminals corresponds to different networking modes,
Some region of terminal in office network may be implemented allows the terminal to access net not binding in network management platform
Network.
Corresponding to above method embodiment, the application also provides a kind of device 400 of management terminal access network, described
Device 400 maintains the bindtype of terminal device;And apparatus bound information corresponding with the bindtype;Wherein, institute
State bindtype indicate the terminal device multiple terminal mark between binding relationship;The apparatus bound information include by
The mark of multiple terminal determined by the bindtype;
Fig. 4 is referred to, Fig. 4 is a kind of device internal structure chart of management terminal access network shown in this specification.
Above-mentioned apparatus 400 includes:
Receiving module 410 receives the networking request of target terminal equipment;
Determining module 420 is requested in response to the networking, determines target bind class corresponding with the target terminal equipment
Type;
Module 430 is obtained, obtains the target terminal indicated by the target bind type from networking request
The multiple terminal of equipment identifies;
Matching module 440, the multiple terminal mark that will acquire are whole with the target of network management platform maintenance
Multiple terminal mark in the apparatus bound information of end equipment is matched;If successful match, the target terminal is allowed to connect
Enter network.
In the embodiment shown in the application, the matching module 440 includes:
Searching module 441 searches the equipment corresponding with the target terminal equipment safeguarded in the network management platform
Binding information;
Matched sub-block 442 will acquire if finding apparatus bound information corresponding with the target terminal equipment
The multiple terminal mark arrived, is matched with the apparatus bound information found.
In the embodiment shown in the application, the bindtype for all terminal devices that described device 400 is safeguarded is homogeneous
Together;Described device 400 maintains the bind type field for indicating the bindtype of all terminal devices;
The determining module 420 includes:
First enquiry module 421 inquires the bindtype of the bind type field instruction of the network management platform maintenance;
First determines submodule 422, the bindtype that the bind type field inquired indicates is determined as described
The corresponding target bind type of target terminal equipment.
In the embodiment shown in the application, terminal iidentification and the binding of terminal device are maintained in described device 400
The corresponding relationship of type;It include the terminal iidentification of target terminal equipment in the target terminal networking request;
The determining module 420 includes:
Second enquiry module inquires the network management platform according to the terminal iidentification of target terminal in the request that networks
In corresponding bindtype;
Second determines submodule, and the bindtype inquired is determined as to state the corresponding target bind class of target terminal equipment
Type.
In the embodiment shown in the application, described device 400 is configured for networking mode;Wherein, the networking mould
Formula includes non-blacked mode and blocking mode;
Described device 400 further include:
It further determines that module, if the target terminal is unbound terminal device, further determines that the network management
The networking mode of platform;The unbound terminal device includes not safeguarding that corresponding equipment is tied up in the network management platform
Determine the terminal device of information;
If the networking mode is blocking mode, refuse the target terminal access network;
If the networking mode is non-blacked mode, allow the target terminal access network.
In the embodiment shown in the application, the access of networking mode and terminal is maintained in the network management platform
Station location marker corresponding relationship;It include the on-position mark of terminal in the request that networks;It is described to further determine that module includes:
It is identified according to the on-position of the terminal in the request that networks and determines networking mode.
In the embodiment shown in the application, the binding logo of the terminal includes: IP address mark, the terminal of terminal
MAC mark, terminal on-position mark;
The bindtype includes:
First bindtype, instruction IP address mark are bound with MAC Address mark;
Second bindtype, instruction IP address mark are bound with on-position mark;
Third bindtype, instruction MAC Address mark are bound with on-position mark;
4th bindtype, instruction IP address mark, MAC Address mark and on-position mark are bound.
Known to through the above scheme, on the one hand, since network management platform maintains the bindtype of terminal device.Management
Member can select different terminal bindtypes when binding terminal according to different needs.Therefore, when judging network termination to be entered
It whether is when allowing into network termination, network management platform can select different ends according to the different bindtypes that administrator selects
End mark carries out matching judgment, thus meets and determine whether terminal is the need allowed into network termination according to different terminal iidentifications
It asks.
On the other hand, since the interaction of original administrator and interchanger to be converted to the friendship of administrator and network management platform
Mutually, so that administrator more intuitively obtains terminal iidentification, the binding of terminal is also instructed by originally passing through to access device
Operation is changed to directly use operation of the mouse to network management platform, at the same time it can also select network management platform to show
A plurality of end message carries out batch binding, and therefore, administrator's bindings become easy, fast.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application
Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.
Claims (14)
1. a kind of method of management terminal access network, is applied to network management platform, which is characterized in that the network management is flat
Platform maintains the bindtype of terminal device;And apparatus bound information corresponding with the bindtype;Wherein, described to tie up
Determine type indicate the terminal device multiple terminal mark between binding relationship;The apparatus bound information includes by described
The mark of multiple terminal determined by bindtype;
The described method includes:
Receive the networking request of target terminal equipment;
It is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;
The multiple terminal mark of the target terminal equipment indicated by the target bind type is obtained from the request that networks
Know;
Multiple terminal mark in the multiple terminal mark that will acquire, with the apparatus bound information of network management platform maintenance
Knowledge is matched;If successful match, allow the target terminal access network.
2. the method according to claim 1, wherein further include:
Multiple terminal mark in the multiple terminal mark that will acquire, with the apparatus bound information of network management platform maintenance
Knowledge is matched, comprising:
Search the apparatus bound information corresponding with the target terminal equipment safeguarded in the network management platform;
If finding apparatus bound information corresponding with the target terminal equipment, the multiple terminal mark that will acquire,
It is matched with the apparatus bound information found.
3. the method according to claim 1, wherein all terminal devices of network management platform maintenance
Bindtype is all the same;The network management platform maintains the bindtype word for indicating the bindtype of all terminal devices
Section;
Determination target bind type corresponding with the target terminal equipment, comprising:
Inquire the bindtype of the bind type field instruction of the network management platform maintenance;
The bindtype that the bind type field inquired indicates is determined as the corresponding target of the target terminal equipment
Bindtype.
4. the method according to claim 1, wherein maintaining the end of terminal device in the network management platform
The corresponding relationship of end mark and bindtype;It include the terminal iidentification of target terminal equipment in the target terminal networking request;
Determination target bind type corresponding with the target terminal equipment, comprising:
Corresponding bindtype in the network management platform is inquired according to the terminal iidentification of target terminal in the request that networks;
The bindtype inquired is determined as the corresponding target bind type of the target terminal equipment.
5. the method according to claim 1, wherein the network management platform is configured for networking mode;Its
In, the networking mode includes non-blacked mode and blocking mode;
The method also includes:
If the target terminal is unbound terminal device, the networking mode of the network management platform is further determined that;It is described
Unbound terminal device includes the terminal device for not safeguarding corresponding apparatus bound information in the network management platform;
If the networking mode is blocking mode, refuse the target terminal access network;
If the networking mode is non-blacked mode, allow the target terminal access network.
6. according to the method described in claim 5, it is characterized in that, maintaining networking mode and end in the network management platform
The on-position at end identifies corresponding relationship;It include the on-position mark of terminal in the request that networks;The determining network pipe
The networking mode of platform includes:
It is identified according to the on-position of the terminal in the request that networks and determines networking mode.
7. the method according to claim 1, wherein the binding logo of the terminal includes: the IP address of terminal
Mark, the MAC mark of terminal, the on-position mark of terminal;
The bindtype includes:
First bindtype, instruction IP address mark are bound with MAC Address mark;
Second bindtype, instruction IP address mark are bound with on-position mark;
Third bindtype, instruction MAC Address mark are bound with on-position mark;
4th bindtype, instruction IP address mark, MAC Address mark and on-position mark are bound.
8. a kind of device of management terminal access network, which is characterized in that described device maintains the bindtype of terminal device;
And apparatus bound information corresponding with the bindtype;Wherein, the bindtype indicates a variety of of the terminal device
Binding relationship between terminal iidentification;The apparatus bound information includes the multiple terminal mark determined by the bindtype
Know;
Described device includes:
Receiving module receives the networking request of target terminal equipment;
Determining module is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;
Module is obtained, obtains the more of the target terminal equipment indicated by the target bind type from networking request
Kind terminal iidentification;
Matching module, the multiple terminal mark that will acquire, the target terminal equipment with network management platform maintenance
Apparatus bound information in multiple terminal mark matched;If successful match, allow the target terminal access network.
9. device according to claim 8, which is characterized in that the matching module includes:
Searching module searches apparatus bound corresponding with the target terminal equipment letter safeguarded in the network management platform
Breath;
Matched sub-block, if finding apparatus bound information corresponding with the target terminal equipment, what be will acquire is more
Kind terminal iidentification, is matched with the apparatus bound information found.
10. device according to claim 8, which is characterized in that the binding class of all terminal devices of described device maintenance
Type is all the same;Described device maintains the bind type field for indicating the bindtype of all terminal devices;
The determining module includes:
First enquiry module inquires the bindtype of the bind type field instruction of the network management platform maintenance;
First determines submodule, and the bindtype that the bind type field inquired indicates is determined as the target terminal
The corresponding target bind type of equipment.
11. device according to claim 8, which is characterized in that maintain the terminal iidentification of terminal device in described device
With the corresponding relationship of bindtype;It include the terminal iidentification of target terminal equipment in the target terminal networking request;
The determining module includes:
Second enquiry module, it is right in the network management platform to be inquired according to the terminal iidentification of target terminal in the request that networks
The bindtype answered;
Second determines submodule, and the bindtype inquired is determined as to state the corresponding target bind type of target terminal equipment.
12. device according to claim 8, which is characterized in that described device is configured for networking mode;Wherein, described
Networking mode includes non-blacked mode and blocking mode;
Described device further include:
It further determines that module, if the target terminal is unbound terminal device, further determines that the network management platform
Networking mode;The unbound terminal device includes not safeguarding corresponding apparatus bound letter in the network management platform
The terminal device of breath;
If the networking mode is blocking mode, refuse the target terminal access network;
If the networking mode is non-blacked mode, allow the target terminal access network.
13. device according to claim 12, which is characterized in that maintained in the network management platform networking mode with
The on-position of terminal identifies corresponding relationship;It include the on-position mark of terminal in the request that networks;It is described further true
Cover half block includes:
It is identified according to the on-position of the terminal in the request that networks and determines networking mode.
14. device according to claim 7, which is characterized in that the binding logo of the terminal includes: the IP address of terminal
Mark, the MAC mark of terminal, the on-position mark of terminal;
The bindtype includes:
First bindtype, instruction IP address mark are bound with MAC Address mark;
Second bindtype, instruction IP address mark are bound with on-position mark;
Third bindtype, instruction MAC Address mark are bound with on-position mark;
4th bindtype, instruction IP address mark, MAC Address mark and on-position mark are bound.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910439656.6A CN110177015A (en) | 2019-05-24 | 2019-05-24 | A kind of method and device of management terminal access network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910439656.6A CN110177015A (en) | 2019-05-24 | 2019-05-24 | A kind of method and device of management terminal access network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110177015A true CN110177015A (en) | 2019-08-27 |
Family
ID=67695675
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910439656.6A Pending CN110177015A (en) | 2019-05-24 | 2019-05-24 | A kind of method and device of management terminal access network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110177015A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111031016A (en) * | 2019-11-29 | 2020-04-17 | 苏州浪潮智能科技有限公司 | Local area network management method, device, equipment and readable storage medium |
CN111491351A (en) * | 2020-04-28 | 2020-08-04 | 国家广播电视总局广播电视科学研究院 | Method and system for sensing online of WiFi terminal based on authentication information |
CN111885144A (en) * | 2020-07-20 | 2020-11-03 | 青岛易来智能科技股份有限公司 | Equipment binding method and device |
CN113163404A (en) * | 2021-04-28 | 2021-07-23 | 天生桥一级水电开发有限责任公司水力发电厂 | Network access authentication method and related equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140082693A1 (en) * | 2012-09-14 | 2014-03-20 | Shaun Wackerly | Updating security bindings in a network device |
CN103716179A (en) * | 2011-03-09 | 2014-04-09 | 成都勤智数码科技股份有限公司 | Telnet/SSH-based network terminal management method |
US20170237704A1 (en) * | 2016-02-16 | 2017-08-17 | Le Holdings (Beijing) Co., Ltd. | Addressing communication method and electronic device based on media access control address |
CN108134853A (en) * | 2017-12-06 | 2018-06-08 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of management terminal location information |
CN109347784A (en) * | 2018-08-10 | 2019-02-15 | 锐捷网络股份有限公司 | Terminal admittance control method, controller, management and control devices and system |
-
2019
- 2019-05-24 CN CN201910439656.6A patent/CN110177015A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103716179A (en) * | 2011-03-09 | 2014-04-09 | 成都勤智数码科技股份有限公司 | Telnet/SSH-based network terminal management method |
US20140082693A1 (en) * | 2012-09-14 | 2014-03-20 | Shaun Wackerly | Updating security bindings in a network device |
US20170237704A1 (en) * | 2016-02-16 | 2017-08-17 | Le Holdings (Beijing) Co., Ltd. | Addressing communication method and electronic device based on media access control address |
CN108134853A (en) * | 2017-12-06 | 2018-06-08 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of management terminal location information |
CN109347784A (en) * | 2018-08-10 | 2019-02-15 | 锐捷网络股份有限公司 | Terminal admittance control method, controller, management and control devices and system |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111031016A (en) * | 2019-11-29 | 2020-04-17 | 苏州浪潮智能科技有限公司 | Local area network management method, device, equipment and readable storage medium |
CN111491351A (en) * | 2020-04-28 | 2020-08-04 | 国家广播电视总局广播电视科学研究院 | Method and system for sensing online of WiFi terminal based on authentication information |
CN111885144A (en) * | 2020-07-20 | 2020-11-03 | 青岛易来智能科技股份有限公司 | Equipment binding method and device |
CN111885144B (en) * | 2020-07-20 | 2022-09-16 | 青岛易来智能科技股份有限公司 | Equipment binding method and device |
CN113163404A (en) * | 2021-04-28 | 2021-07-23 | 天生桥一级水电开发有限责任公司水力发电厂 | Network access authentication method and related equipment |
CN113163404B (en) * | 2021-04-28 | 2023-04-28 | 天生桥一级水电开发有限责任公司水力发电厂 | Network access authentication method and related equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110177015A (en) | A kind of method and device of management terminal access network | |
CN101582769B (en) | Authority setting method of user access network and equipment | |
CN101588390B (en) | Method for improving centralized authentication service system service viscosity and load equilibrium apparatus | |
CN103179554B (en) | Wireless broadband network connection control method, device and the network equipment | |
CN108881308A (en) | A kind of user terminal and its authentication method, system, medium | |
CN102075904A (en) | Method and device for preventing re-authentication of roaming user | |
JP4252063B2 (en) | User location system | |
CN103179130A (en) | Intranet security unified management platform and management method of management platform | |
CN105306612A (en) | Method for acquiring identifier of terminal in network and management network element | |
CN109922030A (en) | Global network access control system and method based on Android device | |
KR20160055130A (en) | Method and system related to authentication of users for accessing data networks | |
CN108022100A (en) | A kind of cross-certification system and method based on block chain technology | |
CN106131066A (en) | A kind of authentication method and device | |
CN106686592B (en) | Network access method and system with authentication | |
CN110968848A (en) | User-based authority management method and device and computing equipment | |
CN106453349A (en) | An account number login method and apparatus | |
CN106302303A (en) | A kind of for across application user profile transmission log in agreement operation method | |
CN113595907A (en) | Aggregation method and device for issuing routing strategy based on SSLVPN | |
CN102281189B (en) | Service implementation method and device based on private attribute of third-party equipment | |
CN103475660A (en) | Method, device and system for page pushing | |
CN101742460A (en) | Method and system for charging and charging information determination equipment | |
CN108200039A (en) | Unaware authentication and authorization system and method based on dynamic creation temporary account password | |
CN109379339B (en) | Portal authentication method and device | |
CN110120960A (en) | A kind of webpage redirects jump method and its system | |
CN109788528A (en) | Access point and its internet business activating method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190827 |
|
RJ01 | Rejection of invention patent application after publication |