CN110177015A - A kind of method and device of management terminal access network - Google Patents

A kind of method and device of management terminal access network Download PDF

Info

Publication number
CN110177015A
CN110177015A CN201910439656.6A CN201910439656A CN110177015A CN 110177015 A CN110177015 A CN 110177015A CN 201910439656 A CN201910439656 A CN 201910439656A CN 110177015 A CN110177015 A CN 110177015A
Authority
CN
China
Prior art keywords
terminal
bindtype
mark
target
management platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910439656.6A
Other languages
Chinese (zh)
Inventor
成健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201910439656.6A priority Critical patent/CN110177015A/en
Publication of CN110177015A publication Critical patent/CN110177015A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of method that the application proposes management terminal access network, is applied to network management platform.By the networking request for receiving target terminal equipment;It is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;The multiple terminal mark of the target terminal equipment indicated by the target bind type is obtained from the request that networks;The multiple terminal mark that will acquire is matched with the multiple terminal mark in the apparatus bound information of network management platform maintenance;If successful match, the step of then allowing the target terminal access network, makes the network management platform select different terminal iidentifications to carry out matching judgment according to the different bindtypes that administrator selects, thus meets and determine whether terminal is the demand allowed into network termination according to different terminal iidentifications.

Description

A kind of method and device of management terminal access network
Technical field
This application involves field of computer technology more particularly to a kind of method and devices of management terminal access network.
Background technique
Currently, under group's office network environment, such as company, school etc., it will usually there are numerous office terminal needs Access office network.The terminal iidentification of these office terminals is forwarded to authenticating device by multilayer switch, and the authenticating device is logical The authentication mechanism certification for crossing itself allows the equipment to access office network by rear, to access shared resource, internet etc. Information.
Summary of the invention
In view of this, the application provides a kind of method of management terminal access network, it is applied to network management platform, it is described Network management platform maintains the bindtype of terminal device;And apparatus bound information corresponding with the bindtype;Its In, the bindtype indicates the binding relationship between the multiple terminal mark of the terminal device;The apparatus bound information It is identified including the multiple terminal determined by the bindtype;The above method includes:
Receive the networking request of target terminal equipment;
It is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;
A variety of ends of the target terminal equipment indicated by the target bind type are obtained from the request that networks End mark;
A variety of ends in the multiple terminal mark that will acquire, with the apparatus bound information of network management platform maintenance End mark is matched;If successful match, allow the target terminal access network.
In the embodiment shown in the application, the multiple terminal mark that will acquire is tieed up with the network management platform Multiple terminal mark in the apparatus bound information of shield is matched, comprising:
Search the apparatus bound information corresponding with the target terminal equipment safeguarded in the network management platform;
If finding apparatus bound information corresponding with the target terminal equipment, the multiple terminal mark that will acquire Know, is matched with the apparatus bound information found.
In the embodiment shown in the application, the bindtype of all terminal devices of the network management platform maintenance It is all the same;The network management platform maintains the bind type field for indicating the bindtype of all terminal devices;
Determination target bind type corresponding with the target terminal equipment, comprising:
Inquire the bindtype of the bind type field instruction of the network management platform maintenance;
It is corresponding that the bindtype that the bind type field inquired indicates is determined as the target terminal equipment Target bind type.
In the embodiment shown in the application, maintained in the network management platform terminal device terminal iidentification and The corresponding relationship of bindtype;It include the terminal iidentification of target terminal equipment in the target terminal networking request;
Determination target bind type corresponding with the target terminal equipment, comprising:
Corresponding binding in the network management platform is inquired according to the terminal iidentification of target terminal in the request that networks Type;
The bindtype inquired is determined as the corresponding target bind type of the target terminal equipment.
In the embodiment shown in the application, the network management platform is configured for networking mode;Wherein, it is described enter Net mode includes non-blacked mode and blocking mode;
The method also includes:
If the target terminal is unbound terminal device, the networking mode of the network management platform is further determined that; The unbound terminal device includes not safeguarding that the terminal of corresponding apparatus bound information is set in the network management platform It is standby;
If the networking mode is blocking mode, refuse the target terminal access network;
If the networking mode is non-blacked mode, allow the target terminal access network.
In the embodiment shown in the application, the access of networking mode and terminal is maintained in the network management platform Station location marker corresponding relationship;It include the on-position mark of terminal in the request that networks;The determining network management platform Networking mode includes:
It is identified according to the on-position of the terminal in the request that networks and determines networking mode.
In the embodiment shown in the application, the binding logo of the terminal includes: IP address mark, the terminal of terminal MAC mark, terminal on-position mark;
The bindtype includes:
First bindtype, instruction IP address mark are bound with MAC Address mark;
Second bindtype, instruction IP address mark are bound with on-position mark;
Third bindtype, instruction MAC Address mark are bound with on-position mark;
4th bindtype, instruction IP address mark, MAC Address mark and on-position mark are bound.
The application also provides a kind of device of management terminal access network, and described device maintains the binding class of terminal device Type;And apparatus bound information corresponding with the bindtype;Wherein, the bindtype indicates the more of the terminal device Binding relationship between kind terminal iidentification;The apparatus bound information includes the multiple terminal mark determined by the bindtype Know;
Above-mentioned apparatus includes:
Receiving module receives the networking request of target terminal equipment;
Determining module is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;
Module is obtained, obtains the target terminal equipment indicated by the target bind type from networking request Multiple terminal mark;
Matching module, the multiple terminal mark that will acquire, the target terminal with network management platform maintenance Multiple terminal mark in the apparatus bound information of equipment is matched;If successful match, the target terminal is allowed to access Network.
In the embodiment shown in the application, the matching module includes:
Searching module searches the apparatus bound corresponding with the target terminal equipment safeguarded in the network management platform Information;
Matched sub-block will acquire if finding apparatus bound information corresponding with the target terminal equipment Multiple terminal mark, matched with the apparatus bound information found.
In the embodiment shown in the application, the bindtype of all terminal devices of described device maintenance is all the same; Described device maintains the bind type field for indicating the bindtype of all terminal devices;
The determining module includes:
First enquiry module inquires the bindtype of the bind type field instruction of the network management platform maintenance;
First determines submodule, and the bindtype that the bind type field inquired indicates is determined as the target The corresponding target bind type of terminal device.
In the embodiment shown in the application, the terminal iidentification and bindtype of terminal device are maintained in described device Corresponding relationship;It include the terminal iidentification of target terminal equipment in the target terminal networking request;
The determining module includes:
Second enquiry module inquires the network management platform according to the terminal iidentification of target terminal in the request that networks In corresponding bindtype;
Second determines submodule, and the bindtype inquired is determined as to state the corresponding target bind class of target terminal equipment Type.
In the embodiment shown in the application, described device is configured for networking mode;Wherein, the networking mode packet Include non-blacked mode and blocking mode;
It further determines that module, if the target terminal is unbound terminal device, further determines that the network management The networking mode of platform;The unbound terminal device includes not safeguarding that corresponding equipment is tied up in the network management platform Determine the terminal device of information;
If the networking mode is blocking mode, refuse the target terminal access network;
If the networking mode is non-blacked mode, allow the target terminal access network.
In the embodiment shown in the application, the access of networking mode and terminal is maintained in the network management platform Station location marker corresponding relationship;It include the on-position mark of terminal in the request that networks;It is described to further determine that module includes:
It is identified according to the on-position of the terminal in the request that networks and determines networking mode.
In the embodiment shown in the application, the binding logo of the terminal includes: IP address mark, the terminal of terminal MAC mark, terminal on-position mark;
The bindtype includes:
First bindtype, instruction IP address mark are bound with MAC Address mark;
Second bindtype, instruction IP address mark are bound with on-position mark;
Third bindtype, instruction MAC Address mark are bound with on-position mark;
4th bindtype, instruction IP address mark, MAC Address mark and on-position mark are bound.
Known to through the above scheme, on the one hand, since network management platform maintains the bindtype of terminal device.Management Member can select different terminal bindtypes when binding terminal according to different needs.Therefore, when judging network termination to be entered It whether is when allowing into network termination, network management platform can select different ends according to the different bindtypes that administrator selects End mark carries out matching judgment, thus meets and determine whether terminal is the need allowed into network termination according to different terminal iidentifications It asks.
On the other hand, since the interaction of original administrator and interchanger to be converted to the friendship of administrator and network management platform Mutually, so that administrator more intuitively obtains terminal iidentification, the binding of terminal is also instructed by originally passing through to access device Operation is changed to directly use operation of the mouse to network management platform, at the same time it can also select network management platform to show A plurality of end message carries out batch binding, and therefore, administrator's bindings become easy, fast.
Detailed description of the invention
Fig. 1 is a kind of office network networking diagram shown in this specification;
Fig. 2 is a kind of implementation flow chart of management terminal network access method shown in this specification;
Fig. 3 is that a kind of administrator shown in this specification binds end message method flow diagram;
Fig. 4 is a kind of device internal structure chart of management terminal access network shown in this specification.
Specific embodiment
It will explain the exemplary embodiments in detail below, the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application. It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps It may be combined containing one or more associated any or all of project listed.It is also understood that word used herein Language " if ", context is depended on, can be construed to " ... when " or " when ... " or " in response to determination ".
In general, the IP address in order to avoid different terminals clashes, the terminal in network will be assigned different IP address.In order to avoid there is no the terminal for distributing IP address to access network privately, can IP address to terminal and MAC Address into The terminal of row binding, unbound IP address and MAC Address does not allow to access network.
At this point, numerous terminals needs a kind of method that management terminal networks to carry out distinguishing terminal for the ease of unified management Whether it is to allow into network termination, realizes the accessing terminal to network that will allow to network.
In the embodiment shown in the application, a kind of method that management terminal networks is provided.Referring to Figure 1, Fig. 1 is A kind of office network networking diagram shown in this specification.
As shown in Figure 1, entire office network is divided into several areas so that group's office network environment is company as an example Domain.It should be noted that the mode for dividing region can be with different office function divisions, for example, Finance Department, client's clothes Business portion, research and development department etc., are not limited thereto.
In each region, numerous terminal (including allowing into network termination and network termination to be entered) and access device (interchanger) Connection, the access device connect with authenticating device by multilayer switch and (multilayer switch are not shown in the figure).When terminal passes through Authenticating device, which authenticates rear, may have access to internal, external network server.
Above-mentioned interchanger: the network equipment for signal forwarding.
Above-mentioned access device: the nearest interchanger of terminal access.
Above-mentioned authenticating device: the equipment that access terminal eventually arrives at after the interchanger forwarding by multilayer, the equipment are determined Determine whether terminal can access network by certification.
Specifically, this method can be divided into two parts, first part, and authenticating device, which obtains, allows the binding into network termination to believe Breath;Second part, authenticating device determine whether network termination to be entered is to allow into network termination by authentication mechanism.
Wherein, authenticating device obtains the binding information allowed into network termination specifically:
Administrator will obtain the terminal iidentification for the terminal connecting with access device by configuring access device.
After administrator obtains terminal iidentification, need to judge whether the terminal is the terminal for allowing to access network, if it is, The terminal iidentification of the terminal is bundled in access device.
It should be noted that whether equipment allows to network can be determined by administrator, for example, in region 1 shown in Fig. 1 eventually 1- terminal n is held, the terminal x- terminal m in region 2 is the equipment for allowing to network, and network termination to be entered is that authenticating device is needed to judge Whether the equipment that networks is allowed.In addition, above-mentioned terminal iidentification is usually IP information and mac address information.
Certainly, the terminal device of access device connection has very much, and administrator needs to judge one by one whether each terminal is permission The IP address information for allowing the terminal for accessing network and mac address information are formed binding information and tied up by the terminal for accessing network Due in access device.
After completing the terminal iidentification that binding allows network termination in each access device, binding information is passed through into multilayer switch It is forwarded in authenticating device.The authenticating device receives and stores above-mentioned binding information in case verifying whether network termination to be entered is permission The terminal of networking.
After the completion of above-mentioned steps, authenticating device just gets the binding information of all terminals for allowing to access network, that is, sets The binding information of standby 1- equipment n and equipment x- equipment m has been stored in authenticating device.
When needing into network termination access switch (access device), network termination to be entered will send networking to authenticating device and ask It asks.It should be noted that networking request should at least should include the terminal iidentification for including in aforementioned binding information, for example, In the present embodiment, should the networking request include at least IP information and mac address information.
Determine whether network termination to be entered is to allow into network termination specifically:
After authenticating device receives above-mentioned networking request, start authentication mechanism: authenticating device is analyzed in networking request The network termination IP information to be entered and MAC information carried, and with the IP information and mac address information in the binding information that has saved Match, if successful match, determines that being somebody's turn to do network termination to be entered is to allow then to allow to network into network termination;If matching is unsuccessful, determining should be to Entering network termination is not allow then to refuse to network into network termination.
In the embodiment shown in the application, the authentication mechanism in authenticating device is also possible that be analyzed in authenticating device Out after the IP information in networking request and mac address information, whether the equipment is first inquired according to IP information or mac address information Has binding information in authenticating device, if so, the above-mentioned matching judgment of further progress;If nothing, directly determining the equipment is not Allow log equipment, refusal networks.
Through the foregoing embodiment it is found that due to there are authentication mechanism, enable in authenticating device authenticating device make to allow into Network termination accesses network, does not allow to refuse access network into network termination, to realize the management for networking to terminal.
But there are following some problems for above-described embodiment.
On the one hand, since administrator is when binding terminal iidentification, the IP information and MAC Address letter of binding terminal can only be selected Breath, bindtype is more single, thus is judging when whether enter network termination is to allow into network termination, can only be believed according to the IP of terminal Breath and mac address information are matched to obtain as a result, this, which to be unable to satisfy needs, determines terminal according to different terminal iidentifications It whether is the demand allowed into network termination.
On the other hand, since each terminal that binding information needs administrator couple to connect with access device does information one by one Binding, and administrator needs through instruction configuration access device, and therefore, binding information work is troublesome, time-consuming and laborious.
Based on this, a kind of method that the application proposes management terminal access network is applied to network management platform.Above-mentioned net Network manages the platform maintenance bindtype of terminal device;Above-mentioned bindtype is supplied to administrator's selection when binding terminal, Administrator can select different bindtypes according to different business demands, different bindtype instruction terminal equipment it is a variety of Binding relationship between different terminals mark;Binding information is formed after binding between above-mentioned a variety of different terminals marks to be stored in State network management platform.
Fig. 2 is referred to, Fig. 2 is a kind of implementation flow chart of management terminal network access method shown in this specification.
As shown in Fig. 2, the method is applied to network management platform;The described method includes:
S201 receives the networking request of target terminal equipment;
S202 is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;
S203 obtains the more of the target terminal equipment indicated by the target bind type from networking request Kind terminal iidentification;
S204, the multiple terminal that will acquire identify, in the apparatus bound information of network management platform maintenance Multiple terminal mark is matched;If successful match, allow the target terminal access network.
It should be noted that above-mentioned terminal iidentification is the mark for capableing of instruction terminal, for example, IP address, MAC Location, terminal serial number, on-position mark of terminal etc..The multiple terminal of above-mentioned bindtype instruction terminal identifies, administrator It can choose different bindtypes when binding terminal iidentification to be bound.Wherein, bindtype is usually determined by companies needs It is fixed, for example, managing for convenience, it is one fixed IP of each terminal distribution, is can choose at this time by the IP information of terminal It is bound with mac address information;It surfs the Internet when some terminals need to fix position, when terminal cannot be moved at will, then can select Select the port numbers binding of IP information and access device;DHCP (Dynamic Host is used in some network organizings Configuration Protocol, DynamicHost be arranged agreement) configuration protocol, then can choose terminal MAC address information and The on-position mark of terminal is bound;And some pairs of terminal device networkings require high scene, then can choose by IP, mac address information and terminal on-position mark bind together.
Known to through the above scheme, on the one hand, since network management platform maintains the bindtype of terminal device.Management Member can select different terminal bindtypes when binding terminal according to different needs.Therefore, when judging network termination to be entered It whether is when allowing into network termination, network management platform can select different ends according to the different bindtypes that administrator selects End mark carries out matching judgment, thus meets and determine whether terminal is the need allowed into network termination according to different terminal iidentifications It asks.
On the other hand, since the interaction of original administrator and interchanger to be converted to the friendship of administrator and network management platform Mutually, so that administrator more intuitively obtains terminal iidentification, also, to the binding of terminal also by originally being set by instruction to access Standby operation is changed to directly use the operation of mouse or touch screen mode to network management platform, at the same time it can also select network pipe The a plurality of end message that platform is shown carries out batch binding, so that administrator's bindings become easy, fast.
In the embodiment shown in the application, the above method is divided into two parts, first part, in network management platform Middle binding end message;Second part, network management platform determine whether network termination to be entered can access net by authentication mechanism Network.
Wherein, binding end message flow chart of steps refers to Fig. 3, and a kind of administrator shown in this specification of the position Fig. 3 ties up Determine end message method flow diagram.
When administrator binds terminal iidentification, which provides a variety of bindtypes and selects for administrator.It is real Now, the terminal iidentification of terminal is sent to above-mentioned network management platform by S301, interchanger;S302, administrator can be according to industry Business demand selects corresponding bindtype;S303, network management platform can will network right in request according to the bindtype of selection The terminal iidentification answered forms apparatus bound maintenance of information in network management platform.It should be noted that network management platform to The mode that administrator provides bindtype selection has very much, for example, the drop-down menu of selection bindtype is provided, in binding information The frame etc. that can choose bindtype is added afterwards, is not limited thereto.
After administrator completes binding end message in network management platform, terminal is maintained in the network management platform and is set Standby bindtype;And apparatus bound information corresponding with the bindtype;Wherein, described in the bindtype instruction Binding relationship between the multiple terminal mark of terminal device;The apparatus bound information includes being determined by the bindtype Multiple terminal mark;The flow chart for determining whether network termination to be entered can access network is as shown in Figure 2.
When needing into network termination access switch, terminal networking request is sent to above-mentioned network management and put down by interchanger Platform.S201, network management platform receive the networking request of target terminal equipment;S202, above-mentioned network management platform pass through parsing The request that networks determines target bind type corresponding with the terminal;The above-mentioned network management platform of S203 and S204 determines target bind After type, the equipment safeguarded in the terminal iidentification and network management platform of target bind type instruction above-mentioned in the request that networks is tied up Determine the multiple terminal mark matching in information, if successful match, determine should network termination be entered be to allow into network termination, allow into Net.
In the embodiment shown in the application, in order to improve the efficiency that the management terminal of network management platform networks, S204 step specifically can be, and whether maintain apparatus bound corresponding with target terminal equipment in first Network Search management platform Information, if finding apparatus bound information corresponding with the target terminal equipment, the multiple terminal mark that will acquire, It is matched with the apparatus bound information found.
It should be noted that if not finding equipment corresponding with the target terminal equipment in network management platform Binding information is not allow into network termination, directly refuses terminal access net it can be said that the bright terminal is unbound terminal Network.In addition, whether maintaining apparatus bound information corresponding with target terminal equipment in Network Search management platform can pass through Any terminal to network in requesting identifies to search, for example, IP information or mac address information etc., are not limited thereto.
Due to whether maintaining apparatus bound corresponding with target terminal equipment in Network Search management platform first in S204 Information, if finding apparatus bound information corresponding with the target terminal equipment, the multiple terminal mark that will acquire, It is matched with the apparatus bound information found, so that network management platform needs matched apparatus bound information content significantly It reduces, to improve the efficiency that the management terminal of network management platform networks.
In the embodiment shown in the application, the apparatus bound information such as table 1 is maintained in network management platform, In, the corresponding bindtype of terminal binding information is unified.
Table 1
IP information Mac address information The on-position of terminal identifies
1.1.1.1 11-11-11-11-11-11 1-1
1.1.1.1 11-11-11-11-11-11 1-5
2.2.2.2 22-22-22-22-22-22 2-1
2.2.2.2 22-22-22-22-22-22 2-3
As shown in table 1, the number of front represents access device number in the on-position mark of terminal, and back number represents The connecting pin slogan of access device, for example, 1-1 represents No. 1 port of No. 1 access device.
It is also maintained in network management platform such as the bindtype of table 2 table corresponding with binding information, and maintains instruction The bind type field of all terminal bindtypes.
Table 2
When executing S202, network management platform only needs the bind type field of inquiry maintenance, then passes through inquiry maintenance Bindtype table corresponding with binding information it can be learnt that the binding information for the equipment bound in current network management platform belongs to Which kind of bindtype, namely, it is determined that bindtype corresponding with terminal device to be networked
For example, when IP is 1.1.1.1, MAC is that the network termination to be entered of 11-11-11-11-11-11 passes through the 5 of access device 1 When number port access switch, should the networking of network termination to be entered request to be sent to network management platform by multilayer switch.
S201 and S202 passes through the bind type field of inquiry maintenance after network management platform receives networking request It is 3, determines that being somebody's turn to do the corresponding bindtype of terminal device to be networked is 3.Inquiry table 2 is determined to obtain from networking request and is somebody's turn to do The MAC information of terminal and the on-position identification information of terminal, and MAC information and terminal in the information that will acquire and table 1 On-position identification information match.During matched, MAC information can be first matched, show that MAC is 11-11-11-11- The binding information of 11-11 has two, as shown in table 3.The on-position mark of reflexless terminal in the present embodiment should be wait enter again The on-position of network termination is identified as 1-5, therefore matching result is that successfully, that is, can determine that the network termination to be entered is to allow to network eventually End permits it to access network.
Table 3
IP information Mac address information The on-position of terminal identifies
1.1.1.1 11-11-11-11-11-11 1-1
1.1.1.1 11-11-11-11-11-11 1-5
In the embodiment shown in the application, terminal iidentification and the binding of terminal device are maintained in network management platform The mapping table of type, as shown in table 4.
It should be noted that above-mentioned terminal iidentification can be any mark or the combination of mark of instruction terminal, below with Terminal iidentification is for IP information.
Table 4
Terminal iidentification Bindtype
1.1.1.1 1
2.2.2.2 2
3.3.3.3 3
4.4.4.4 4
It is also maintained in network management platform shown in the table corresponding with binding information of bindtype shown in table 2 and table 5 Apparatus bound information table.
Table 5
IP information Mac address information The on-position of terminal identifies
1.1.1.1 11-11-11-11-11-11 1-1
2.2.2.2 22-22-22-22-22-22 2-1
3.3.3.3 33-33-33-33-33-33 3-1
4.4.4.4 44-44-44-44-44-44 4-1
4.4.4.4 44-44-44-44-44-44 2-4
For example, when the network termination to be entered that IP information is 4.4.4.4, mac address information is 44-44-44-44-44-44 passes through No. 3 port access switch of No. 2 access terminals.The terminal sends the request that networks to network management platform by interchanger.
After network management platform receives above-mentioned networking request, by the IP information inquiry table 4 of carrying, inquires and network The corresponding bindtype of terminal IP information is 4, then inquiry table 2, i.e., the determining IP information that the terminal is obtained from networking request, The on-position identification information of MAC information and terminal, and the IP information in the terminal identification information that will acquire and table 5, MAC believe The on-position identification information match of breath and terminal, wherein specific matching process is not described in detail here.When being matched to connecing for terminal Enter station location marker this when, since the present embodiment middle-end slogan is 2-3, and the IP information bound in network management platform is 4.4.4.4 be identified as 4-1 or 2-4 based on being included in of terminal, therefore, it fails to match, that is, determine should network termination be entered be not permit Permitted to refuse equipment networking into network termination.
In the embodiment shown in the application, it is possible to the method for occurring determining bindtype by above-mentioned inquiry table 4 Bindtype corresponding with IP information can not be inquired.For example, passing through 4 nothing of inquiry table when entering network termination IP is 5.5.5.5 Method inquires bindtype corresponding with network termination to be entered, and can directly determine the terminal is unbound terminal, does not allow to access Network.
In actual office network, for example, being usually provided with client rest area in client service department, the area is for mentioning It temporarily surfs the Internet for non-our company personnel, since above-noted persons infrequently access company, in order to control network management platform storage Binding information quantity, it is not necessary that its terminal is bound in network management platform.Therefore, in the embodiment shown in the application In, network management platform is configured for networking mode;Wherein, the networking mode includes non-blacked mode and blocking mode.When When determining that networking mode is non-blacked mode, even if determining that network termination to be entered is unbound terminal or does not allow into network termination, It can permit the accessing terminal to network;If networking mode is blocking mode, determining network termination to be entered is for unbound terminal or not Allow then to refuse the accessing terminal to network into network termination.
In the embodiment shown in the application, the mode for the networking mode that network management platform is configured is determined are as follows: logical It crosses the confirmation networking pattern field safeguarded in inquiry network management platform and determines the networking mode that network management platform is configured.Example Such as, which represents non-blacked mode for 1;The field represents blocking mode for 2.
For example, the field of the confirmation networking mode is tieed up when administrator configurations network management platform is non-blacked mode Shield is 1.It should be noted that administrator configurations network management platform networking mode can be drop-down menu or choose mode etc., It is not limited thereto.
When being confirmed as unbound terminal wait enter network termination or not allowing into network termination, inquires in network management platform and tie up The confirmation networking pattern field of shield, in the present embodiment, which is maintained as 1, that is, determines that networking mode is non-blacked mode.
In the embodiment shown in the application, provides another and determine the networking mould that network management platform is configured The mode of formula: the networking mode for determining that network management platform is configured is identified by the on-position of the terminal in the request that networks.
It should be noted that when configuring entire office network, the different access network area of terminal (is exchanged by administrator Generator terminal slogan) it is corresponding with networking mode.For example, the corresponding switch ports number in client rest area is 4-1 to 4-10, which permits Perhaps non-access terminal networks.Therefore, administrator is corresponding with networking mode 1 (non-blacked mode) by the section inner end slogan.Management It will safeguard out after the completion of member's configuration, in network management platform and closed as the networking mode of table 6 is corresponding with the on-position of terminal mark It is table.
Table 6
The on-position of terminal identifies Networking mode
4-1 to 4-10 1
1-1 to 1-10 2
2-1 to 2-10 2
3-1 to 3-10 2
For example, when IP is that the network termination to be entered that 5.5.5.5, MAC are 55-55-55-55-55-55 passes through No. 4 access terminals No. 3 port access switch.The terminal sends the request that networks to network management platform by interchanger.Network management platform is rung Starting authentication mechanism verifying should be requested in networking, verify and determine that the terminal is unbound terminal.Later, the network management is flat Platform passes through the on-position identification look-up table 6 of the terminal.In the present embodiment, since the on-position of terminal is identified as 4-3, belong to In the range of 4-1 to 4-10, it is thus determined that it is 1 that the on-position of the terminal, which identifies corresponding networking mode, the terminal is determined Corresponding networking mode is non-blacked mode, then allows the accessing terminal to network.
Through the above scheme it is found that the on-position mark due to different terminals corresponds to different networking modes, Some region of terminal in office network may be implemented allows the terminal to access net not binding in network management platform Network.
Corresponding to above method embodiment, the application also provides a kind of device 400 of management terminal access network, described Device 400 maintains the bindtype of terminal device;And apparatus bound information corresponding with the bindtype;Wherein, institute State bindtype indicate the terminal device multiple terminal mark between binding relationship;The apparatus bound information include by The mark of multiple terminal determined by the bindtype;
Fig. 4 is referred to, Fig. 4 is a kind of device internal structure chart of management terminal access network shown in this specification.
Above-mentioned apparatus 400 includes:
Receiving module 410 receives the networking request of target terminal equipment;
Determining module 420 is requested in response to the networking, determines target bind class corresponding with the target terminal equipment Type;
Module 430 is obtained, obtains the target terminal indicated by the target bind type from networking request The multiple terminal of equipment identifies;
Matching module 440, the multiple terminal mark that will acquire are whole with the target of network management platform maintenance Multiple terminal mark in the apparatus bound information of end equipment is matched;If successful match, the target terminal is allowed to connect Enter network.
In the embodiment shown in the application, the matching module 440 includes:
Searching module 441 searches the equipment corresponding with the target terminal equipment safeguarded in the network management platform Binding information;
Matched sub-block 442 will acquire if finding apparatus bound information corresponding with the target terminal equipment The multiple terminal mark arrived, is matched with the apparatus bound information found.
In the embodiment shown in the application, the bindtype for all terminal devices that described device 400 is safeguarded is homogeneous Together;Described device 400 maintains the bind type field for indicating the bindtype of all terminal devices;
The determining module 420 includes:
First enquiry module 421 inquires the bindtype of the bind type field instruction of the network management platform maintenance;
First determines submodule 422, the bindtype that the bind type field inquired indicates is determined as described The corresponding target bind type of target terminal equipment.
In the embodiment shown in the application, terminal iidentification and the binding of terminal device are maintained in described device 400 The corresponding relationship of type;It include the terminal iidentification of target terminal equipment in the target terminal networking request;
The determining module 420 includes:
Second enquiry module inquires the network management platform according to the terminal iidentification of target terminal in the request that networks In corresponding bindtype;
Second determines submodule, and the bindtype inquired is determined as to state the corresponding target bind class of target terminal equipment Type.
In the embodiment shown in the application, described device 400 is configured for networking mode;Wherein, the networking mould Formula includes non-blacked mode and blocking mode;
Described device 400 further include:
It further determines that module, if the target terminal is unbound terminal device, further determines that the network management The networking mode of platform;The unbound terminal device includes not safeguarding that corresponding equipment is tied up in the network management platform Determine the terminal device of information;
If the networking mode is blocking mode, refuse the target terminal access network;
If the networking mode is non-blacked mode, allow the target terminal access network.
In the embodiment shown in the application, the access of networking mode and terminal is maintained in the network management platform Station location marker corresponding relationship;It include the on-position mark of terminal in the request that networks;It is described to further determine that module includes:
It is identified according to the on-position of the terminal in the request that networks and determines networking mode.
In the embodiment shown in the application, the binding logo of the terminal includes: IP address mark, the terminal of terminal MAC mark, terminal on-position mark;
The bindtype includes:
First bindtype, instruction IP address mark are bound with MAC Address mark;
Second bindtype, instruction IP address mark are bound with on-position mark;
Third bindtype, instruction MAC Address mark are bound with on-position mark;
4th bindtype, instruction IP address mark, MAC Address mark and on-position mark are bound.
Known to through the above scheme, on the one hand, since network management platform maintains the bindtype of terminal device.Management Member can select different terminal bindtypes when binding terminal according to different needs.Therefore, when judging network termination to be entered It whether is when allowing into network termination, network management platform can select different ends according to the different bindtypes that administrator selects End mark carries out matching judgment, thus meets and determine whether terminal is the need allowed into network termination according to different terminal iidentifications It asks.
On the other hand, since the interaction of original administrator and interchanger to be converted to the friendship of administrator and network management platform Mutually, so that administrator more intuitively obtains terminal iidentification, the binding of terminal is also instructed by originally passing through to access device Operation is changed to directly use operation of the mouse to network management platform, at the same time it can also select network management platform to show A plurality of end message carries out batch binding, and therefore, administrator's bindings become easy, fast.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.

Claims (14)

1. a kind of method of management terminal access network, is applied to network management platform, which is characterized in that the network management is flat Platform maintains the bindtype of terminal device;And apparatus bound information corresponding with the bindtype;Wherein, described to tie up Determine type indicate the terminal device multiple terminal mark between binding relationship;The apparatus bound information includes by described The mark of multiple terminal determined by bindtype;
The described method includes:
Receive the networking request of target terminal equipment;
It is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;
The multiple terminal mark of the target terminal equipment indicated by the target bind type is obtained from the request that networks Know;
Multiple terminal mark in the multiple terminal mark that will acquire, with the apparatus bound information of network management platform maintenance Knowledge is matched;If successful match, allow the target terminal access network.
2. the method according to claim 1, wherein further include:
Multiple terminal mark in the multiple terminal mark that will acquire, with the apparatus bound information of network management platform maintenance Knowledge is matched, comprising:
Search the apparatus bound information corresponding with the target terminal equipment safeguarded in the network management platform;
If finding apparatus bound information corresponding with the target terminal equipment, the multiple terminal mark that will acquire, It is matched with the apparatus bound information found.
3. the method according to claim 1, wherein all terminal devices of network management platform maintenance Bindtype is all the same;The network management platform maintains the bindtype word for indicating the bindtype of all terminal devices Section;
Determination target bind type corresponding with the target terminal equipment, comprising:
Inquire the bindtype of the bind type field instruction of the network management platform maintenance;
The bindtype that the bind type field inquired indicates is determined as the corresponding target of the target terminal equipment Bindtype.
4. the method according to claim 1, wherein maintaining the end of terminal device in the network management platform The corresponding relationship of end mark and bindtype;It include the terminal iidentification of target terminal equipment in the target terminal networking request;
Determination target bind type corresponding with the target terminal equipment, comprising:
Corresponding bindtype in the network management platform is inquired according to the terminal iidentification of target terminal in the request that networks;
The bindtype inquired is determined as the corresponding target bind type of the target terminal equipment.
5. the method according to claim 1, wherein the network management platform is configured for networking mode;Its In, the networking mode includes non-blacked mode and blocking mode;
The method also includes:
If the target terminal is unbound terminal device, the networking mode of the network management platform is further determined that;It is described Unbound terminal device includes the terminal device for not safeguarding corresponding apparatus bound information in the network management platform;
If the networking mode is blocking mode, refuse the target terminal access network;
If the networking mode is non-blacked mode, allow the target terminal access network.
6. according to the method described in claim 5, it is characterized in that, maintaining networking mode and end in the network management platform The on-position at end identifies corresponding relationship;It include the on-position mark of terminal in the request that networks;The determining network pipe The networking mode of platform includes:
It is identified according to the on-position of the terminal in the request that networks and determines networking mode.
7. the method according to claim 1, wherein the binding logo of the terminal includes: the IP address of terminal Mark, the MAC mark of terminal, the on-position mark of terminal;
The bindtype includes:
First bindtype, instruction IP address mark are bound with MAC Address mark;
Second bindtype, instruction IP address mark are bound with on-position mark;
Third bindtype, instruction MAC Address mark are bound with on-position mark;
4th bindtype, instruction IP address mark, MAC Address mark and on-position mark are bound.
8. a kind of device of management terminal access network, which is characterized in that described device maintains the bindtype of terminal device; And apparatus bound information corresponding with the bindtype;Wherein, the bindtype indicates a variety of of the terminal device Binding relationship between terminal iidentification;The apparatus bound information includes the multiple terminal mark determined by the bindtype Know;
Described device includes:
Receiving module receives the networking request of target terminal equipment;
Determining module is requested in response to the networking, determines target bind type corresponding with the target terminal equipment;
Module is obtained, obtains the more of the target terminal equipment indicated by the target bind type from networking request Kind terminal iidentification;
Matching module, the multiple terminal mark that will acquire, the target terminal equipment with network management platform maintenance Apparatus bound information in multiple terminal mark matched;If successful match, allow the target terminal access network.
9. device according to claim 8, which is characterized in that the matching module includes:
Searching module searches apparatus bound corresponding with the target terminal equipment letter safeguarded in the network management platform Breath;
Matched sub-block, if finding apparatus bound information corresponding with the target terminal equipment, what be will acquire is more Kind terminal iidentification, is matched with the apparatus bound information found.
10. device according to claim 8, which is characterized in that the binding class of all terminal devices of described device maintenance Type is all the same;Described device maintains the bind type field for indicating the bindtype of all terminal devices;
The determining module includes:
First enquiry module inquires the bindtype of the bind type field instruction of the network management platform maintenance;
First determines submodule, and the bindtype that the bind type field inquired indicates is determined as the target terminal The corresponding target bind type of equipment.
11. device according to claim 8, which is characterized in that maintain the terminal iidentification of terminal device in described device With the corresponding relationship of bindtype;It include the terminal iidentification of target terminal equipment in the target terminal networking request;
The determining module includes:
Second enquiry module, it is right in the network management platform to be inquired according to the terminal iidentification of target terminal in the request that networks The bindtype answered;
Second determines submodule, and the bindtype inquired is determined as to state the corresponding target bind type of target terminal equipment.
12. device according to claim 8, which is characterized in that described device is configured for networking mode;Wherein, described Networking mode includes non-blacked mode and blocking mode;
Described device further include:
It further determines that module, if the target terminal is unbound terminal device, further determines that the network management platform Networking mode;The unbound terminal device includes not safeguarding corresponding apparatus bound letter in the network management platform The terminal device of breath;
If the networking mode is blocking mode, refuse the target terminal access network;
If the networking mode is non-blacked mode, allow the target terminal access network.
13. device according to claim 12, which is characterized in that maintained in the network management platform networking mode with The on-position of terminal identifies corresponding relationship;It include the on-position mark of terminal in the request that networks;It is described further true Cover half block includes:
It is identified according to the on-position of the terminal in the request that networks and determines networking mode.
14. device according to claim 7, which is characterized in that the binding logo of the terminal includes: the IP address of terminal Mark, the MAC mark of terminal, the on-position mark of terminal;
The bindtype includes:
First bindtype, instruction IP address mark are bound with MAC Address mark;
Second bindtype, instruction IP address mark are bound with on-position mark;
Third bindtype, instruction MAC Address mark are bound with on-position mark;
4th bindtype, instruction IP address mark, MAC Address mark and on-position mark are bound.
CN201910439656.6A 2019-05-24 2019-05-24 A kind of method and device of management terminal access network Pending CN110177015A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910439656.6A CN110177015A (en) 2019-05-24 2019-05-24 A kind of method and device of management terminal access network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910439656.6A CN110177015A (en) 2019-05-24 2019-05-24 A kind of method and device of management terminal access network

Publications (1)

Publication Number Publication Date
CN110177015A true CN110177015A (en) 2019-08-27

Family

ID=67695675

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910439656.6A Pending CN110177015A (en) 2019-05-24 2019-05-24 A kind of method and device of management terminal access network

Country Status (1)

Country Link
CN (1) CN110177015A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031016A (en) * 2019-11-29 2020-04-17 苏州浪潮智能科技有限公司 Local area network management method, device, equipment and readable storage medium
CN111491351A (en) * 2020-04-28 2020-08-04 国家广播电视总局广播电视科学研究院 Method and system for sensing online of WiFi terminal based on authentication information
CN111885144A (en) * 2020-07-20 2020-11-03 青岛易来智能科技股份有限公司 Equipment binding method and device
CN113163404A (en) * 2021-04-28 2021-07-23 天生桥一级水电开发有限责任公司水力发电厂 Network access authentication method and related equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140082693A1 (en) * 2012-09-14 2014-03-20 Shaun Wackerly Updating security bindings in a network device
CN103716179A (en) * 2011-03-09 2014-04-09 成都勤智数码科技股份有限公司 Telnet/SSH-based network terminal management method
US20170237704A1 (en) * 2016-02-16 2017-08-17 Le Holdings (Beijing) Co., Ltd. Addressing communication method and electronic device based on media access control address
CN108134853A (en) * 2017-12-06 2018-06-08 杭州迪普科技股份有限公司 A kind of method and apparatus of management terminal location information
CN109347784A (en) * 2018-08-10 2019-02-15 锐捷网络股份有限公司 Terminal admittance control method, controller, management and control devices and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103716179A (en) * 2011-03-09 2014-04-09 成都勤智数码科技股份有限公司 Telnet/SSH-based network terminal management method
US20140082693A1 (en) * 2012-09-14 2014-03-20 Shaun Wackerly Updating security bindings in a network device
US20170237704A1 (en) * 2016-02-16 2017-08-17 Le Holdings (Beijing) Co., Ltd. Addressing communication method and electronic device based on media access control address
CN108134853A (en) * 2017-12-06 2018-06-08 杭州迪普科技股份有限公司 A kind of method and apparatus of management terminal location information
CN109347784A (en) * 2018-08-10 2019-02-15 锐捷网络股份有限公司 Terminal admittance control method, controller, management and control devices and system

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031016A (en) * 2019-11-29 2020-04-17 苏州浪潮智能科技有限公司 Local area network management method, device, equipment and readable storage medium
CN111491351A (en) * 2020-04-28 2020-08-04 国家广播电视总局广播电视科学研究院 Method and system for sensing online of WiFi terminal based on authentication information
CN111885144A (en) * 2020-07-20 2020-11-03 青岛易来智能科技股份有限公司 Equipment binding method and device
CN111885144B (en) * 2020-07-20 2022-09-16 青岛易来智能科技股份有限公司 Equipment binding method and device
CN113163404A (en) * 2021-04-28 2021-07-23 天生桥一级水电开发有限责任公司水力发电厂 Network access authentication method and related equipment
CN113163404B (en) * 2021-04-28 2023-04-28 天生桥一级水电开发有限责任公司水力发电厂 Network access authentication method and related equipment

Similar Documents

Publication Publication Date Title
CN110177015A (en) A kind of method and device of management terminal access network
CN101582769B (en) Authority setting method of user access network and equipment
CN101588390B (en) Method for improving centralized authentication service system service viscosity and load equilibrium apparatus
CN103179554B (en) Wireless broadband network connection control method, device and the network equipment
CN108881308A (en) A kind of user terminal and its authentication method, system, medium
CN102075904A (en) Method and device for preventing re-authentication of roaming user
JP4252063B2 (en) User location system
CN103179130A (en) Intranet security unified management platform and management method of management platform
CN105306612A (en) Method for acquiring identifier of terminal in network and management network element
CN109922030A (en) Global network access control system and method based on Android device
KR20160055130A (en) Method and system related to authentication of users for accessing data networks
CN108022100A (en) A kind of cross-certification system and method based on block chain technology
CN106131066A (en) A kind of authentication method and device
CN106686592B (en) Network access method and system with authentication
CN110968848A (en) User-based authority management method and device and computing equipment
CN106453349A (en) An account number login method and apparatus
CN106302303A (en) A kind of for across application user profile transmission log in agreement operation method
CN113595907A (en) Aggregation method and device for issuing routing strategy based on SSLVPN
CN102281189B (en) Service implementation method and device based on private attribute of third-party equipment
CN103475660A (en) Method, device and system for page pushing
CN101742460A (en) Method and system for charging and charging information determination equipment
CN108200039A (en) Unaware authentication and authorization system and method based on dynamic creation temporary account password
CN109379339B (en) Portal authentication method and device
CN110120960A (en) A kind of webpage redirects jump method and its system
CN109788528A (en) Access point and its internet business activating method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190827

RJ01 Rejection of invention patent application after publication