CN112235148B - VLAN configuration detection method, VLAN configuration detection device, electronic equipment and storage medium - Google Patents

VLAN configuration detection method, VLAN configuration detection device, electronic equipment and storage medium Download PDF

Info

Publication number
CN112235148B
CN112235148B CN202011127818.1A CN202011127818A CN112235148B CN 112235148 B CN112235148 B CN 112235148B CN 202011127818 A CN202011127818 A CN 202011127818A CN 112235148 B CN112235148 B CN 112235148B
Authority
CN
China
Prior art keywords
vlan
opposite
port
configuration
detected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011127818.1A
Other languages
Chinese (zh)
Other versions
CN112235148A (en
Inventor
朱鹏飞
宋熊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Securities Co Ltd
Original Assignee
Ping An Securities Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Securities Co Ltd filed Critical Ping An Securities Co Ltd
Priority to CN202011127818.1A priority Critical patent/CN112235148B/en
Publication of CN112235148A publication Critical patent/CN112235148A/en
Application granted granted Critical
Publication of CN112235148B publication Critical patent/CN112235148B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0866Checking the configuration
    • H04L41/0869Validating the configuration within one network element
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks

Abstract

The invention relates to the technical field of security detection, and provides a VLAN configuration detection method, a VLAN configuration detection device, electronic equipment and a storage medium. The method can analyze the message sent by the opposite-end exchanger which is detected by the target physical network card to determine the port number and VLAN ID list of the port, acquire the VLAN ID to be detected on the target physical network card and the VLAN ID list to match through an API interface, determine the target VLAN ID when the VLAN ID to be detected is not matched with the VLAN ID list, realize preliminary detection, log in the opposite-end exchanger by a read-only account corresponding to the target physical network card and inquire VLAN ID configuration information of the connection port of the opposite-end exchanger, and determine configuration without errors when determining that the data frame of the target VLAN ID is allowed to pass through the connection port, thereby realizing secondary detection, further improving the accuracy of detection results, effectively improving the obstacle removing efficiency and providing powerful technical support for daily inspection. The present invention also relates to blockchain techniques, where VLAN ID configuration information may be stored on the blockchain.

Description

VLAN configuration detection method, VLAN configuration detection device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of security detection technologies, and in particular, to a VLAN configuration detection method and apparatus, an electronic device, and a storage medium.
Background
In the prior art, the related interface configuration sent by the switch is generally monitored directly to judge the accuracy of the switch interface configuration.
However, the detection mode has the phenomenon of missed judgment and the phenomenon of misjudgment, so that the misjudgment rate is improved.
Disclosure of Invention
In view of the foregoing, it is necessary to provide a VLAN configuration detection method, apparatus, electronic device, and storage medium, which can automatically perform secondary detection of VLAN configuration of an opposite-end switch, thereby improving accuracy of detection results, effectively improving obstacle removal efficiency, and providing a powerful technical support for daily inspection.
A VLAN configuration detection method, the VLAN configuration detection method comprising:
monitoring a message sent by an opposite-end switch through a target physical network card;
analyzing the message to obtain port information of the port of the opposite-end switch, and determining the port number of the port and a VLAN ID list of the port from the port information;
acquiring a VLAN ID to be detected configured on the target physical network card through an API interface;
Matching the obtained VLAN ID to be detected with the VLAN ID list;
when the VLAN ID to be detected is not matched with the VLAN ID list, determining the VLAN ID to be detected as a target VLAN ID;
logging in the opposite-end switch by using a read-only account corresponding to the target physical network card, and inquiring a connection port of the opposite-end switch and VLAN ID configuration information of the connection port by using the read-only account;
when the VLAN ID configuration information determines that the data frame of the target VLAN ID is allowed to pass through the connection port, the VLAN configuration of the opposite-end switch is determined to be correct.
According to a preferred embodiment of the present invention, the interception of the message sent by the peer switch through the target physical network card includes:
and intercepting the message sent by the opposite-end switch through the target physical network card by adopting a CDP protocol or an LLDP protocol.
According to a preferred embodiment of the present invention, the VLAN configuration detection method further includes:
and when the VLAN ID to be detected is detected to be matched with the VLAN ID list, determining that the VLAN configuration of the opposite-end switch is correct.
According to a preferred embodiment of the present invention, the logging in the peer switch with the read-only account corresponding to the target physical network card includes:
Acquiring the IP address of the opposite-end switch from the port information;
and accessing the IP address by using a read-only account corresponding to the target physical network card by adopting an SSH protocol, and logging in the opposite-end switch from the port.
According to a preferred embodiment of the present invention, the VLAN configuration detection method further includes:
when the VLAN ID configuration information determines that the data frame of the target VLAN ID is not allowed to pass through the connection port, determining that the VLAN configuration of the opposite-end switch is wrong;
generating alarm information representing that VLAN configuration of the opposite-end switch is wrong;
acquiring a contact way of a designated terminal;
reporting the alarm information to the appointed terminal based on the contact information;
when receiving the temporary authorization right fed back by the appointed terminal based on the alarm information, determining a time window according to the temporary authorization right;
and updating VLAN configuration of the opposite-end switch in the time window.
According to a preferred embodiment of the present invention, when the VLAN configuration of the peer switch is a mismatch, the VLAN configuration detection method further includes:
determining a first VLAN ID of the data frame in the opposite-end switch without passing through the connection port according to the temporary authorization authority;
Replacing the first VLAN ID with the destination VLAN ID.
According to a preferred embodiment of the present invention, when the VLAN configuration of the peer switch is missed, the VLAN configuration detection method further includes:
adding the VLAN ID of the target VLAN to the VLAN ID configuration information of the connection port, and storing the VLAN ID configuration information on a blockchain.
A VLAN configuration detection device, the VLAN configuration detection device comprising:
the interception unit is used for intercepting the message sent by the opposite-end switch through the target physical network card;
the analyzing unit is used for analyzing the message to obtain the port information of the port of the opposite-end switch, and determining the port number of the port and the VLAN ID list of the port from the port information;
the acquisition unit is used for acquiring the VLAN ID to be detected configured on the target physical network card through an API interface;
the matching unit is used for matching the obtained VLAN ID to be detected with the VLAN ID list;
a determining unit, configured to determine the VLAN ID to be detected as a target VLAN ID when it is detected that the VLAN ID to be detected does not match the VLAN ID list;
the login unit is used for logging in the opposite-end switch by using a read-only account corresponding to the target physical network card, and inquiring a connection port of the opposite-end switch and VLAN ID configuration information of the connection port by using the read-only account;
The determining unit is further configured to determine that VLAN configuration of the peer switch is correct when it is determined from the VLAN ID configuration information that the data frame of the target VLAN ID is allowed to pass through the connection port.
According to a preferred embodiment of the invention, the interception unit is specifically configured to:
and intercepting the message sent by the opposite-end switch through the target physical network card by adopting a CDP protocol or an LLDP protocol.
According to a preferred embodiment of the present invention, the determining unit is further configured to determine that the VLAN configuration of the peer switch is correct when it is detected that the VLAN ID to be detected matches the VLAN ID list.
According to a preferred embodiment of the present invention, the logging unit logging in the peer switch with a read-only account corresponding to the target physical network card includes:
acquiring the IP address of the opposite-end switch from the port information;
and accessing the IP address by using a read-only account corresponding to the target physical network card by adopting an SSH protocol, and logging in the opposite-end switch from the port.
According to a preferred embodiment of the present invention, the determining unit is further configured to determine that the VLAN configuration of the peer switch is wrong when it is determined from the VLAN ID configuration information that the data frame of the target VLAN ID is not allowed to pass through the connection port;
The VLAN configuration detection apparatus further includes:
the generating unit is used for generating alarm information representing that VLAN configuration of the opposite-end switch is wrong;
the acquisition unit is also used for acquiring the contact way of the appointed terminal;
the reporting unit is used for reporting the alarm information to the appointed terminal based on the contact information;
the determining unit is further used for determining a time window according to the temporary authorization right when the temporary authorization right fed back by the appointed terminal based on the alarm information is received;
and the updating unit is used for updating the VLAN configuration of the opposite-end switch in the time window.
According to a preferred embodiment of the present invention, the determining unit is further configured to determine, according to the temporary authorization authority, that the data frame in the peer switch does not need to pass through the first VLAN ID of the connection port when the VLAN configuration of the peer switch is a mismatch;
the VLAN configuration detection apparatus further includes:
and a replacing unit, configured to replace the first VLAN ID with the target VLAN ID.
According to a preferred embodiment of the present invention, the VLAN configuration detection apparatus further includes:
and the adding unit is used for adding the target VLAN ID to the VLAN ID configuration information of the connection port when the VLAN configuration of the opposite-end switch is missed, and storing the VLAN ID configuration information on a blockchain.
An electronic device, the electronic device comprising:
a memory storing at least one instruction; a kind of electronic device with high-pressure air-conditioning system
And the processor executes the instructions stored in the memory to realize the VLAN configuration detection method.
A computer-readable storage medium having stored therein at least one instruction for execution by a processor in an electronic device to implement the VLAN configuration detection method.
According to the technical scheme, the method and the device can analyze the message sent by the opposite-end exchanger and detected by the target physical network card, obtain port information of the opposite-end exchanger port, determine the port number of the port and the VLAN ID list of the port from the port information, acquire the VLAN ID to be detected configured on the target physical network card through an API interface, match the acquired VLAN ID to be detected with the VLAN ID list, determine the VLAN ID to be detected as the target VLAN ID when the VLAN ID to be detected is not matched with the VLAN ID list, log in the opposite-end exchanger by a read-only account corresponding to the target physical network card, inquire the connection port of the opposite-end exchanger by the read-only account, and determine VLAN ID configuration information of the connection port, and determine the configuration of the opposite-end exchanger when a data frame allowing the VLAN ID to pass through the connection port from the VLAN ID configuration information, so that the VLAN configuration of the opposite-end exchanger is not mistakenly detected, thereby realizing the detection of the VLAN configuration of the opposite-end exchanger, improving the detection efficiency and the daily detection accuracy, and further improving the daily detection efficiency.
Drawings
Fig. 1 is a flow chart of a preferred embodiment of the VLAN configuration detection method of the present invention.
Fig. 2 is a functional block diagram of a preferred embodiment of the VLAN configuration detection device of the present invention.
Fig. 3 is a schematic structural diagram of an electronic device implementing a preferred embodiment of the VLAN configuration detection method according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a flowchart of a VLAN configuration detection method according to a preferred embodiment of the present invention. The order of the steps in the flowchart may be changed and some steps may be omitted according to various needs.
The VLAN configuration detection method is applied to one or more electronic devices, wherein the electronic devices are devices capable of automatically performing numerical calculation and/or information processing according to preset or stored instructions, and the hardware of the electronic devices comprises, but is not limited to, microprocessors, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable gate arrays (Field-Programmable Gate Array, FPGA), digital processors (Digital Signal Processor, DSP), embedded devices and the like.
The electronic device may be any electronic product that can interact with a user in a human-computer manner, such as a personal computer, tablet computer, smart phone, personal digital assistant (Personal Digital Assistant, PDA), game console, interactive internet protocol television (Internet Protocol Television, IPTV), smart wearable device, etc.
The electronic device may also include a network device and/or a user device. Wherein the network device includes, but is not limited to, a single network server, a server group composed of a plurality of network servers, or a Cloud based Cloud Computing (Cloud Computing) composed of a large number of hosts or network servers.
The network in which the electronic device is located includes, but is not limited to, the internet, a wide area network, a metropolitan area network, a local area network, a virtual private network (Virtual Private Network, VPN), and the like.
S10, the message sent by the opposite-end exchanger is intercepted through the target physical network card.
The host can support a plurality of physical network cards.
And the target physical network card refers to a physical network card which needs to be detected currently in the plurality of physical network cards.
Specifically, the electronic device interception of the message sent by the opposite-end switch through the target physical network card includes:
The electronic equipment adopts CDP protocol (Cisco Discovery Protocol ) or LLDP protocol (Link Layer Discovery Protocol, link layer discovery protocol), and simultaneously, the electronic equipment combines the protocols and listens for the message sent by the opposite-end switch through the target physical network card.
S11, analyzing the message to obtain port information of the port of the opposite-end switch, and determining the port number of the port and a VLAN ID (Virtual Local Area Network Identity Document, virtual local area network) list of the port from the port information.
In at least one embodiment of the present invention, the electronic device may parse the packet according to the LLDP protocol.
In at least one embodiment of the present invention, the LLDP protocol is an industry standard protocol (IEEE 802.1 ab), and only depends on an operating system of the host machine to support parsing of a packet received on each physical network card, and can parse out information such as a management IP, a switch name, a port number of a switch port, and a VLAN ID list forwarded by a corresponding port of a peer switch connected to each physical network card.
And the VLAN ID list stores VLAN IDs forwarded by the opposite-end switch through the corresponding ports of the opposite-end switch.
S12, all VLAN IDs configured on the target physical network card are acquired through an API interface (Application Programming Interface, application program interface).
And all VLAN IDs configured on the target physical network card are VLAN IDs which need to be put through by the opposite-end switch.
And S13, matching the obtained VLAN ID to be detected with the VLAN ID list.
In at least one embodiment of the present invention, the electronic device may query the VLAN ID list for each of the obtained VLAN IDs.
By the implementation mode, the obtained VLAN IDs are matched with the VLAN IDs in the VLAN ID list one by one.
And S14, when the VLAN ID to be detected is detected to be unmatched with the VLAN ID list, determining the VLAN ID to be detected as a target VLAN ID.
It will be appreciated that when it is detected that the VLAN ID to be detected does not match the VLAN ID list, indicating that the VLAN ID to be configured is not configured, there may be a mismatch or mismatching phenomenon.
In at least one embodiment of the present invention, the VLAN configuration detection method further includes:
and when the VLAN ID to be detected is detected to be matched with the VLAN ID list, determining that the VLAN configuration of the opposite-end switch is correct.
It can be understood that when the VLAN ID to be detected is detected to be matched with the VLAN ID list, it indicates that the VLAN IDs to be configured are configured, and no mismatch or mismatching exists.
By the implementation mode, the VLAN configuration of the opposite-end switch can be initially detected.
S15, logging in the opposite-end switch by using a read-only account corresponding to the target physical network card, and inquiring a connection port of the opposite-end switch and VLAN ID configuration information of the connection port by using the read-only account.
It should be noted that, all the opposite-end switches of the host machine need to be configured with account numbers with read-only rights, only for querying the VLAN ID configuration information of all the ports of the corresponding opposite-end switch, without having modification rights, so as to ensure the operation security.
In at least one embodiment of the present invention, the logging in the peer switch with the read-only account corresponding to the target physical network card includes:
the electronic equipment acquires the IP address of the opposite-end switch from the port information;
further, an SSH protocol (Secure Shell) is adopted, the IP address is accessed by a read-only account corresponding to the target physical network card, and the opposite-end switch is logged in from the port.
Through the implementation manner, the electronic device can log on the opposite-end switch in a read-only manner, and further obtain VLAN ID configuration information of the connection port of the opposite-end switch.
S16, when the data frame allowing the target VLAN ID to pass through the connection port is determined from the VLAN ID configuration information, the VLAN configuration of the opposite-end switch is determined to be correct.
It will be appreciated that when it is determined from the VLAN ID configuration information that the data frame of the destination VLAN ID is allowed to pass through the connection port, the destination VLAN ID is indicated as being put through by the opposite-end switch, and therefore, it can be determined that the VLAN configuration of the opposite-end switch is correct, except that false detection is generated when preliminary detection is performed because the destination VLAN ID is not recorded in the VLAN ID list.
Through the implementation mode, the electronic equipment can realize the secondary detection of the VLAN configuration of the opposite-end switch, and through the secondary detection of the VLAN configuration of the opposite-end switch, the accuracy of a detection result is effectively improved, the obstacle removing efficiency is effectively improved, and a powerful technical support is provided for daily inspection.
In at least one embodiment of the present invention, the VLAN configuration detection method further includes:
When the VLAN ID configuration information determines that the data frame of the target VLAN ID is not allowed to pass through the connection port, the electronic equipment determines that the VLAN configuration of the opposite-end switch is wrong;
the electronic equipment further generates alarming information representing that VLAN configuration of the opposite-end switch is wrong;
acquiring a contact way of a designated terminal;
further, the electronic equipment reports the alarm information to the appointed terminal based on the contact way;
when receiving the temporary authorization right fed back by the appointed terminal based on the alarm information, determining a time window according to the temporary authorization right;
still further, the electronic device updates the VLAN configuration of the peer switch within the time window.
Specifically, the alarm information can be reported to the appointed terminal in the form of report mail, and the invention is not limited.
Through the embodiment, once the missing or mismatching on the port of the opposite-end switch is detected, alarm information is timely reported to the terminal equipment of staff such as a network manager in a mail report mode and the like, the system account number has the authority of the modifiable configuration of the manager through the temporary authorization of the network manager, and the VLAN configuration of the opposite-end switch is updated after the network manager confirms and authorizes the system account number for safety consideration, so that potential safety hazards caused by direct operation under the condition that the network manager does not know the situation are avoided.
Specifically, when the VLAN configuration of the peer switch is a mismatch, the VLAN configuration detection method further includes:
determining a first VLAN ID of the data frame in the opposite-end switch without passing through the connection port according to the temporary authorization authority;
further, the electronic device replaces the first VLAN ID with the target VLAN ID.
Through the implementation mode, when the VLAN configuration of the opposite-end switch has a mismatch phenomenon, the electronic equipment can correct the VLAN ID with the mismatch in time, so that the normal execution of the system is prevented from being influenced.
Further, when the VLAN configuration of the peer switch is missed, the VLAN configuration detection method further includes:
and the electronic equipment adds the target VLAN ID to VLAN ID configuration information of the connection port and stores the VLAN ID configuration information on a blockchain.
By storing the VLAN ID configuration information on the blockchain, the data can be effectively prevented from being tampered, and the safety of the system is further improved.
Through the implementation manner, when the VLAN configuration of the opposite-end switch has the miss-matching phenomenon, the electronic equipment can timely supplement the missed VLAN ID, so that the normal execution of the system is prevented from being influenced.
In this embodiment, by updating the VLAN configuration of the peer switch, not only stability and security of the cloud platform are effectively improved, but also faults can be removed in time when network interruption is caused by migration or events such as HA (High Availability ) and the like, so that robustness of the system is further improved.
According to the technical scheme, the method and the device can analyze the message sent by the opposite-end exchanger and detected by the target physical network card, obtain port information of the opposite-end exchanger port, determine the port number of the port and the VLAN ID list of the port from the port information, acquire the VLAN ID to be detected configured on the target physical network card through an API interface, match the acquired VLAN ID to be detected with the VLAN ID list, determine the VLAN ID to be detected as the target VLAN ID when the VLAN ID to be detected is not matched with the VLAN ID list, log in the opposite-end exchanger by a read-only account corresponding to the target physical network card, inquire the connection port of the opposite-end exchanger by the read-only account, and determine VLAN ID configuration information of the connection port, and determine the configuration of the opposite-end exchanger when a data frame allowing the VLAN ID to pass through the connection port from the VLAN ID configuration information, so that the VLAN configuration of the opposite-end exchanger is not mistakenly detected, thereby realizing the detection of the VLAN configuration of the opposite-end exchanger, improving the detection efficiency and the daily detection accuracy, and further improving the daily detection efficiency.
Fig. 2 is a functional block diagram of a preferred embodiment of the VLAN configuration detection device of the present invention. The VLAN configuration detection device 11 includes a interception unit 110, an analysis unit 111, an acquisition unit 112, a matching unit 113, a determination unit 114, a login unit 115, a generation unit 116, a reporting unit 117, an update unit 118, a replacement unit 119, and an addition unit 120. The module/unit referred to in the present invention refers to a series of computer program segments capable of being executed by the processor 13 and of performing a fixed function, which are stored in the memory 12. In the present embodiment, the functions of the respective modules/units will be described in detail in the following embodiments.
The interception unit 110 intercepts a message sent by the opposite-end switch through the target physical network card.
The host can support a plurality of physical network cards.
And the target physical network card refers to a physical network card which needs to be detected currently in the plurality of physical network cards.
Specifically, the interception unit 110 intercepts, through the target physical network card, a message sent by the peer switch, where the message includes:
the interception unit 110 adopts CDP protocol (Cisco Discovery Protocol ) or LLDP protocol (Link Layer Discovery Protocol, link layer discovery protocol), and at the same time, the interception unit 110 combines the above protocols and intercepts the message sent by the peer switch through the target physical network card.
The parsing unit 111 parses the message to obtain port information of the port of the opposite-end switch, and determines a port number of the port and a VLAN ID (Virtual Local Area Network Identity Document, virtual local area network) list of the port from the port information.
In at least one embodiment of the present invention, the parsing unit 111 may parse the message according to the LLDP protocol.
In at least one embodiment of the present invention, the LLDP protocol is an industry standard protocol (IEEE 802.1 ab), and only depends on an operating system of the host machine to support parsing of a packet received on each physical network card, and can parse out information such as a management IP, a switch name, a port number of a switch port, and a VLAN ID list forwarded by a corresponding port of a peer switch connected to each physical network card.
And the VLAN ID list stores VLAN IDs forwarded by the opposite-end switch through the corresponding ports of the opposite-end switch.
The acquiring unit 112 acquires all VLAN IDs configured on the target physical network card through an API interface (Application Programming Interface, application program interface).
And all VLAN IDs configured on the target physical network card are VLAN IDs which need to be put through by the opposite-end switch.
The matching unit 113 matches the acquired VLAN ID to be detected with the VLAN ID list.
In at least one embodiment of the present invention, the matching unit 113 may query the VLAN ID list for each of the acquired VLAN IDs, respectively.
By the implementation mode, the obtained VLAN IDs are matched with the VLAN IDs in the VLAN ID list one by one.
When detecting that the VLAN ID to be detected does not match the VLAN ID list, the determination unit 114 determines the VLAN ID to be detected as a target VLAN ID.
It will be appreciated that when it is detected that the VLAN ID to be detected does not match the VLAN ID list, indicating that the VLAN ID to be configured is not configured, there may be a mismatch or mismatching phenomenon.
In at least one embodiment of the present invention, the determining unit 114 determines that the VLAN configuration of the peer switch is correct when it is detected that the VLAN ID to be detected matches the VLAN ID list.
It can be understood that when the VLAN ID to be detected is detected to be matched with the VLAN ID list, it indicates that the VLAN IDs to be configured are configured, and no mismatch or mismatching exists.
By the implementation mode, the VLAN configuration of the opposite-end switch can be initially detected.
The login unit 115 logs in the opposite-end switch with a read-only account corresponding to the target physical network card, and queries a connection port of the opposite-end switch and VLAN ID configuration information of the connection port with the read-only account.
It should be noted that, all the opposite-end switches of the host machine need to be configured with account numbers with read-only rights, only for querying the VLAN ID configuration information of all the ports of the corresponding opposite-end switch, without having modification rights, so as to ensure the operation security.
In at least one embodiment of the present invention, the login unit 115 logs in the peer switch with a read-only account corresponding to the target physical network card includes:
the login unit 115 obtains the IP address of the opposite-end switch from the port information;
further, the login unit 115 uses SSH protocol (Secure Shell protocol), accesses the IP address with a read-only account corresponding to the target physical network card, and logs in the peer switch from the port.
Through the above embodiment, the login unit 115 may log in to the peer switch in a read-only manner, and further obtain VLAN ID configuration information of a connection port of the peer switch.
When it is determined from the VLAN ID configuration information that the data frame of the target VLAN ID is allowed to pass through the connection port, the determination unit 114 determines that the VLAN configuration of the peer switch is correct.
It will be appreciated that when it is determined from the VLAN ID configuration information that the data frame of the destination VLAN ID is allowed to pass through the connection port, the destination VLAN ID is indicated as being put through by the opposite-end switch, and therefore, it can be determined that the VLAN configuration of the opposite-end switch is correct, except that false detection is generated when preliminary detection is performed because the destination VLAN ID is not recorded in the VLAN ID list.
Through the implementation mode, the VLAN configuration of the opposite-end switch can be detected secondarily, the accuracy of a detection result is effectively improved through the VLAN configuration of the opposite-end switch secondarily, the obstacle removing efficiency is further effectively improved, and a powerful technical support is provided for daily inspection.
In at least one embodiment of the present invention, when it is determined from the VLAN ID configuration information that the data frame of the target VLAN ID is not allowed to pass through the connection port, the determination unit 114 determines that the VLAN configuration of the peer switch is wrong;
Further, the generating unit 116 generates alarm information indicating that the VLAN configuration of the opposite-end switch is incorrect;
the acquiring unit 112 acquires a contact way of a specified terminal;
further, the reporting unit 117 reports the alarm information to the specified terminal based on the contact information;
when receiving the temporary authorization right fed back by the designated terminal based on the alarm information, the determining unit 114 determines a time window according to the temporary authorization right;
further, the updating unit 118 updates the VLAN configuration of the peer switch within the time window.
Specifically, the alarm information can be reported to the appointed terminal in the form of report mail, and the invention is not limited.
Through the embodiment, once the missing or mismatching on the port of the opposite-end switch is detected, alarm information is timely reported to the terminal equipment of staff such as a network manager in a mail report mode and the like, the system account number has the authority of the modifiable configuration of the manager through the temporary authorization of the network manager, and the VLAN configuration of the opposite-end switch is updated after the network manager confirms and authorizes the system account number for safety consideration, so that potential safety hazards caused by direct operation under the condition that the network manager does not know the situation are avoided.
Specifically, when the VLAN of the peer switch is configured as a mismatch, the determining unit 114 determines that the data frame in the peer switch does not need to pass through the first VLAN ID of the connection port according to the temporary authorization authority;
further, the replacement unit 119 replaces the first VLAN ID with the target VLAN ID.
Through the above embodiment, the replacing unit 119 can correct the misconfigured VLAN ID in time when the VLAN configuration of the opposite-end switch has a mismatch phenomenon, so as to avoid affecting the normal execution of the system.
Further, when the VLAN configuration of the counterpart switch is missed, the adding unit 120 adds the target VLAN ID to the VLAN ID configuration information of the connection port, and stores the VLAN ID configuration information on a blockchain.
By storing the VLAN ID configuration information on the blockchain, the data can be effectively prevented from being tampered, and the safety of the system is further improved.
Through the above embodiment, the adding unit 120 may timely supplement the missed VLAN ID when the VLAN configuration of the peer switch has a missed configuration phenomenon, so as to avoid affecting the normal execution of the system.
In this embodiment, by updating the VLAN configuration of the peer switch, not only stability and security of the cloud platform are effectively improved, but also faults can be removed in time when network interruption is caused by migration or events such as HA (High Availability ) and the like, so that robustness of the system is further improved.
According to the technical scheme, the method and the device can analyze the message sent by the opposite-end exchanger and detected by the target physical network card, obtain port information of the opposite-end exchanger port, determine the port number of the port and the VLAN ID list of the port from the port information, acquire the VLAN ID to be detected configured on the target physical network card through an API interface, match the acquired VLAN ID to be detected with the VLAN ID list, determine the VLAN ID to be detected as the target VLAN ID when the VLAN ID to be detected is not matched with the VLAN ID list, log in the opposite-end exchanger by a read-only account corresponding to the target physical network card, inquire the connection port of the opposite-end exchanger by the read-only account, and determine VLAN ID configuration information of the connection port, and determine the configuration of the opposite-end exchanger when a data frame allowing the VLAN ID to pass through the connection port from the VLAN ID configuration information, so that the VLAN configuration of the opposite-end exchanger is not mistakenly detected, thereby realizing the detection of the VLAN configuration of the opposite-end exchanger, improving the detection efficiency and the daily detection accuracy, and further improving the daily detection efficiency.
Fig. 3 is a schematic structural diagram of an electronic device according to a preferred embodiment of the present invention for implementing VLAN configuration detection method.
The electronic device 1 may comprise a memory 12, a processor 13 and a bus, and may further comprise a computer program, such as a VLAN configuration detection program, stored in the memory 12 and executable on the processor 13.
It will be appreciated by those skilled in the art that the schematic diagram is merely an example of the electronic device 1 and does not constitute a limitation of the electronic device 1, the electronic device 1 may be a bus type structure, a star type structure, the electronic device 1 may further comprise more or less other hardware or software than illustrated, or a different arrangement of components, for example, the electronic device 1 may further comprise an input-output device, a network access device, etc.
It should be noted that the electronic device 1 is only used as an example, and other electronic products that may be present in the present invention or may be present in the future are also included in the scope of the present invention by way of reference.
The memory 12 includes at least one type of readable storage medium including flash memory, a removable hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 12 may in some embodiments be an internal storage unit of the electronic device 1, such as a mobile hard disk of the electronic device 1. The memory 12 may in other embodiments also be an external storage device of the electronic device 1, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device 1. Further, the memory 12 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 12 may be used not only for storing application software installed in the electronic device 1 and various types of data, such as codes of VLAN configuration detection programs, but also for temporarily storing data that has been output or is to be output.
The processor 13 may be comprised of integrated circuits in some embodiments, for example, a single packaged integrated circuit, or may be comprised of multiple integrated circuits packaged with the same or different functions, including one or more central processing units (Central Processing unit, CPU), microprocessors, digital processing chips, graphics processors, a combination of various control chips, and the like. The processor 13 is a Control Unit (Control Unit) of the electronic device 1, connects the respective components of the entire electronic device 1 using various interfaces and lines, and executes various functions of the electronic device 1 and processes data by running or executing programs or modules stored in the memory 12 (for example, executing a VLAN configuration detection program or the like), and calling data stored in the memory 12.
The processor 13 executes the operating system of the electronic device 1 and various types of applications installed. The processor 13 executes the application program to implement the steps in the above-described respective VLAN configuration detection method embodiments, for example, the steps shown in fig. 1: s10, S11, S12, S13, S14, S15, and S16.
Alternatively, the processor 13 may implement the functions of the modules/units in the above-described device embodiments when executing the computer program, for example:
Monitoring a message sent by an opposite-end switch through a target physical network card;
analyzing the message to obtain port information of the port of the opposite-end switch, and determining the port number of the port and a VLAN ID list of the port from the port information;
acquiring a VLAN ID to be detected configured on the target physical network card through an API interface;
matching the obtained VLAN ID to be detected with the VLAN ID list;
when the VLAN ID to be detected is not matched with the VLAN ID list, determining the VLAN ID to be detected as a target VLAN ID;
logging in the opposite-end switch by using a read-only account corresponding to the target physical network card, and inquiring a connection port of the opposite-end switch and VLAN ID configuration information of the connection port by using the read-only account;
when the VLAN ID configuration information determines that the data frame of the target VLAN ID is allowed to pass through the connection port, the VLAN configuration of the opposite-end switch is determined to be correct.
Illustratively, the computer program may be partitioned into one or more modules/units that are stored in the memory 12 and executed by the processor 13 to complete the present invention. The one or more modules/units may be a series of instruction segments of a computer program capable of performing a specific function for describing the execution of the computer program in the electronic device 1. For example, the computer program may be divided into a listening unit 110, an parsing unit 111, an acquisition unit 112, a matching unit 113, a determining unit 114, a login unit 115, a generating unit 116, a reporting unit 117, an updating unit 118, a replacing unit 119, an adding unit 120.
The integrated units implemented in the form of software functional modules described above may be stored in a computer readable storage medium. The software functional module is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a computer device, or a network device, etc.) or a processor (processor) to execute portions of the VLAN configuration detection method according to the embodiments of the present invention.
The integrated modules/units of the electronic device 1 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as separate products. Based on this understanding, the present invention may also be implemented by a computer program for instructing a relevant hardware device to implement all or part of the procedures of the above-mentioned embodiment method, where the computer program may be stored in a computer readable storage medium and the computer program may be executed by a processor to implement the steps of each of the above-mentioned method embodiments.
Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
Further, the computer-usable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created from the use of blockchain nodes, and the like.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
The bus may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one arrow is shown in FIG. 3, but only one bus or one type of bus is not shown. The bus is arranged to enable a connection communication between the memory 12 and at least one processor 13 or the like.
Although not shown, the electronic device 1 may further comprise a power source (such as a battery) for powering the various components, which may preferably be logically connected to the at least one processor 13 via a power management means, so as to perform functions such as charge management, discharge management, and power consumption management via the power management means. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device 1 may further include various sensors, bluetooth modules, wi-Fi modules, etc., which will not be described herein.
Further, the electronic device 1 may also comprise a network interface, optionally the network interface may comprise a wired interface and/or a wireless interface (e.g. WI-FI interface, bluetooth interface, etc.), typically used for establishing a communication connection between the electronic device 1 and other electronic devices.
The electronic device 1 may optionally further comprise a user interface, which may be a Display, an input unit, such as a Keyboard (Keyboard), or a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device 1 and for displaying a visual user interface.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
Fig. 3 shows only an electronic device 1 with components 12-13, it being understood by a person skilled in the art that the structure shown in fig. 3 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or may combine certain components, or a different arrangement of components.
In connection with fig. 1, the memory 12 in the electronic device 1 stores a plurality of instructions to implement a VLAN configuration detection method, the processor 13 being executable to implement:
monitoring a message sent by an opposite-end switch through a target physical network card;
analyzing the message to obtain port information of the port of the opposite-end switch, and determining the port number of the port and a VLAN ID list of the port from the port information;
acquiring a VLAN ID to be detected configured on the target physical network card through an API interface;
matching the obtained VLAN ID to be detected with the VLAN ID list;
when the VLAN ID to be detected is not matched with the VLAN ID list, determining the VLAN ID to be detected as a target VLAN ID;
Logging in the opposite-end switch by using a read-only account corresponding to the target physical network card, and inquiring a connection port of the opposite-end switch and VLAN ID configuration information of the connection port by using the read-only account;
when the VLAN ID configuration information determines that the data frame of the target VLAN ID is allowed to pass through the connection port, the VLAN configuration of the opposite-end switch is determined to be correct.
Specifically, the specific implementation method of the above instructions by the processor 13 may refer to the description of the relevant steps in the corresponding embodiment of fig. 1, which is not repeated herein.
In the several embodiments provided in the present invention, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.

Claims (10)

1. The VLAN configuration detection method is characterized by comprising the following steps:
monitoring a message sent by an opposite-end switch through a target physical network card;
analyzing the message to obtain port information of the port of the opposite-end switch, and determining the port number of the port and a VLAN ID list of the port from the port information;
acquiring a VLAN ID to be detected configured on the target physical network card through an API interface;
matching the obtained VLAN ID to be detected with the VLAN ID list;
when the VLAN ID to be detected is not matched with the VLAN ID list, determining the VLAN ID to be detected as a target VLAN ID;
logging in the opposite-end switch by using a read-only account corresponding to the target physical network card, and inquiring a connection port of the opposite-end switch and VLAN ID configuration information of the connection port by using the read-only account;
And when the data frame of the target VLANID is allowed to pass through the connection port, determining that the VLAN configuration of the opposite-end switch is correct.
2. The VLAN configuration detection method of claim 1, wherein the listening, by the target physical network card, for the message sent by the peer switch comprises:
and intercepting the message sent by the opposite-end switch through the target physical network card by adopting a CDP protocol or an LLDP protocol.
3. The VLAN configuration detection method of claim 1, wherein the VLAN configuration detection method further comprises:
and when the VLAN ID to be detected is detected to be matched with the VLAN ID list, determining that the VLAN configuration of the opposite-end switch is correct.
4. The VLAN configuration detection method of claim 1, wherein logging in the peer switch with a read-only account corresponding to the target physical network card comprises:
acquiring the IP address of the opposite-end switch from the port information;
and accessing the IP address by using a read-only account corresponding to the target physical network card by adopting an SSH protocol, and logging in the opposite-end switch from the port.
5. The VLAN configuration detection method of claim 1, wherein the VLAN configuration detection method further comprises:
When the data frame of the target VLANID is not allowed to pass through the connection port, determining that VLAN configuration of the opposite-end switch is wrong;
generating alarm information representing that VLAN configuration of the opposite-end switch is wrong;
acquiring a contact way of a designated terminal;
reporting the alarm information to the appointed terminal based on the contact information;
when receiving the temporary authorization right fed back by the appointed terminal based on the alarm information, determining a time window according to the temporary authorization right;
and updating VLAN configuration of the opposite-end switch in the time window.
6. The VLAN configuration detection method of claim 5, wherein when the VLAN configuration of the peer switch is a mismatch, the VLAN configuration detection method further comprises:
determining that the data frame in the opposite-end switch does not need to pass through the first VLANID of the connection port according to the temporary authorization authority;
replacing the first VLAN ID with the destination VLAN ID.
7. The VLAN configuration detection method of claim 1, wherein when the VLAN configuration of the peer switch is missed, the VLAN configuration detection method further comprises:
Adding the target VLANID to the VLANID configuration information of the connection port, and storing the VLAN ID configuration information on a blockchain.
8. A VLAN configuration detection device, comprising:
the interception unit is used for intercepting the message sent by the opposite-end switch through the target physical network card;
the analyzing unit is used for analyzing the message to obtain the port information of the port of the opposite-end switch, and determining the port number of the port and the VLAN ID list of the port from the port information;
the acquisition unit is used for acquiring the VLANID to be detected configured on the target physical network card through an API interface;
the matching unit is used for matching the obtained VLANID to be detected with the VLANID list;
a determining unit, configured to determine, when the VLAN ID to be detected is detected to be not matched with the VLAN ID list, the VLAN ID to be detected as a target VLAN ID;
the login unit is used for logging in the opposite-end switch by using a read-only account corresponding to the target physical network card, and inquiring a connection port of the opposite-end switch and VLAN ID configuration information of the connection port by using the read-only account;
The determining unit is further configured to determine that VLAN configuration of the peer switch is correct when it is determined from the VLAN ID configuration information that the data frame of the target VLAN ID is allowed to pass through the connection port.
9. An electronic device, the electronic device comprising:
a memory storing at least one instruction; a kind of electronic device with high-pressure air-conditioning system
A processor executing instructions stored in the memory to implement the VLAN configuration detection method of any one of claims 1 to 7.
10. A computer-readable storage medium, characterized by: the computer-readable storage medium has stored therein at least one instruction that is executed by a processor in an electronic device to implement the VLAN configuration detection method of any one of claims 1 to 7.
CN202011127818.1A 2020-10-20 2020-10-20 VLAN configuration detection method, VLAN configuration detection device, electronic equipment and storage medium Active CN112235148B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011127818.1A CN112235148B (en) 2020-10-20 2020-10-20 VLAN configuration detection method, VLAN configuration detection device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011127818.1A CN112235148B (en) 2020-10-20 2020-10-20 VLAN configuration detection method, VLAN configuration detection device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112235148A CN112235148A (en) 2021-01-15
CN112235148B true CN112235148B (en) 2023-10-10

Family

ID=74119006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011127818.1A Active CN112235148B (en) 2020-10-20 2020-10-20 VLAN configuration detection method, VLAN configuration detection device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112235148B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008060958A (en) * 2006-08-31 2008-03-13 Nec Corp Vlan communication range specification system, data preparation method, and data preparation program
CN107094091A (en) * 2017-03-30 2017-08-25 国电南瑞科技股份有限公司 A kind of intelligent substation station level network configuration method of calibration and system
WO2018127024A1 (en) * 2017-01-03 2018-07-12 中兴通讯股份有限公司 Error correction method, device based on network port transmission and network port transmission equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9559898B2 (en) * 2014-12-19 2017-01-31 Vmware, Inc. Automatically configuring data center networks with neighbor discovery protocol support
CN107666428B (en) * 2016-07-28 2020-03-06 新华三技术有限公司 Method and device for detecting silent equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008060958A (en) * 2006-08-31 2008-03-13 Nec Corp Vlan communication range specification system, data preparation method, and data preparation program
WO2018127024A1 (en) * 2017-01-03 2018-07-12 中兴通讯股份有限公司 Error correction method, device based on network port transmission and network port transmission equipment
CN107094091A (en) * 2017-03-30 2017-08-25 国电南瑞科技股份有限公司 A kind of intelligent substation station level network configuration method of calibration and system

Also Published As

Publication number Publication date
CN112235148A (en) 2021-01-15

Similar Documents

Publication Publication Date Title
CN111901327B (en) Cloud network vulnerability mining method and device, electronic equipment and medium
CN111262851A (en) DDOS attack detection method and device, electronic equipment and storage medium
CN113328872B (en) Fault repairing method, device and storage medium
CN112015663B (en) Test data recording method, device, equipment and medium
WO2020015115A1 (en) Fault alarm method and terminal device
CN114268508B (en) Internet of things equipment security access method, device, equipment and medium
CN103975331B (en) It is incorporated with the safe data center's infrastructure management system for being managed infrastructure equipment
CN114301670B (en) Terminal authentication method, device, equipment and medium based on IPV6 address
CN116405332B (en) Service request method, device, equipment and medium based on Nginx gateway
CN112235148B (en) VLAN configuration detection method, VLAN configuration detection device, electronic equipment and storage medium
JP2017211806A (en) Communication monitoring method, security management system, and program
CN114185502A (en) Log printing method, device, equipment and medium based on production line environment
CN114385453A (en) Database cluster exception handling method, device, equipment and medium
CN113206878A (en) Multi-terminal cluster networking communication control method and device, server and cluster networking
CN108848093B (en) Route calculation unit and network node device
CN116414366B (en) Middleware interface generation method, device, equipment and medium
CN116886452B (en) Method and system for judging host computer collapse
CN114978954B (en) Network isolation validity verification method, device, equipment and storage medium
CN117316359B (en) Blood detection process tracking method, device, equipment and medium
CN114513398B (en) Network equipment alarm processing method, device, equipment and storage medium
CN116760835B (en) Distributed storage method, device and medium
CN116934263B (en) Product batch admittance method, device, equipment and medium
CN114826753B (en) Full-flow intrusion detection method, device, equipment and medium based on rule characteristics
CN116418896B (en) Task execution method, device, equipment and medium based on timer
US20230126851A1 (en) Verifying data sources using attestation based methods

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant