CN114531279A - Private network access method, server and storage medium - Google Patents
Private network access method, server and storage medium Download PDFInfo
- Publication number
- CN114531279A CN114531279A CN202210086094.3A CN202210086094A CN114531279A CN 114531279 A CN114531279 A CN 114531279A CN 202210086094 A CN202210086094 A CN 202210086094A CN 114531279 A CN114531279 A CN 114531279A
- Authority
- CN
- China
- Prior art keywords
- private network
- terminal equipment
- identifier
- server
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000013507 mapping Methods 0.000 claims abstract description 84
- 238000012545 processing Methods 0.000 claims description 12
- 238000012217 deletion Methods 0.000 claims description 7
- 230000037430 deletion Effects 0.000 claims description 7
- 238000004891 communication Methods 0.000 abstract description 14
- 230000006870 function Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 10
- 238000013461 design Methods 0.000 description 8
- 230000004044 response Effects 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a private network access method, a server and a storage medium, relates to the technical field of network communication, and aims to enable the access position of terminal equipment to be more flexible. The method comprises the following steps: responding to an access request of the terminal equipment, and acquiring an equipment identifier of the terminal equipment; and according to the equipment identifier of the terminal equipment, determining a target private network identifier corresponding to the terminal equipment from a first mapping relation comprising the equipment identifier and the private network identifier, and accessing the terminal equipment to a private network corresponding to the target private network identifier.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a private network access method, a server, and a storage medium.
Background
In some communication scenarios, for a large campus or venue where multiple enterprises reside, a private network access system is usually configured in the campus or venue in order to allow different enterprise users to access their own private networks. Specifically, the private network access system includes a plurality of private networks and wired or wireless access points configured for each private network. After the enterprise user connects the terminal device to the configured access point, the server determines the private network corresponding to the access point according to the port number of the access point after receiving an access request sent by the terminal device through the access point, and accesses the terminal device to the private network corresponding to the access point.
However, since the locations of access points configured by different enterprises are fixed, enterprise users can only access their private networks through the fixed access points in a fixed area. In some cases, if an enterprise user changes office location or connects a terminal device to another access point, the private network where the enterprise user is located cannot be accessed, and thus the flexibility of enterprise office in a campus or a venue is low.
Disclosure of Invention
The invention provides a private network access method, a server and a storage medium, which are used for enabling the access position of terminal equipment to be more flexible.
In order to achieve the purpose, the invention adopts the following technical scheme:
in a first aspect, a private network access method is applied to a private network access system, where the private network access system includes multiple private networks, and the method includes: responding to an access request of the terminal equipment, and acquiring an equipment identifier of the terminal equipment; and according to the equipment identifier of the terminal equipment, determining a target private network identifier corresponding to the terminal equipment from a first mapping relation comprising the equipment identifier and the private network identifier, and accessing the terminal equipment to a private network corresponding to the target private network identifier.
Optionally, in a case that the device identifier of the terminal device does not exist in the first mapping relationship, the method further includes: sending a preset authentication page to the terminal equipment; the authentication page is used for acquiring account information of the terminal equipment; and according to the account information of the terminal equipment, determining a target private network identifier corresponding to the terminal equipment from a second mapping relation comprising the account information and the private network identifier, and accessing the terminal equipment to the private network corresponding to the target private network identifier.
Optionally, after determining the target private network identifier corresponding to the terminal device from the second mapping relationship including the account information and the private network identifier, the method further includes: and updating the first mapping relation according to the equipment identifier of the terminal equipment and the target private network identifier corresponding to the terminal equipment.
Optionally, the method further includes: acquiring indication information sent by the terminal equipment through the authentication page, wherein the indication information is used for indicating deletion and/or addition of equipment identification; and deleting and/or adding the equipment identification in the first mapping relation according to the indication information.
Optionally, the method further includes: and under the condition that the account information of the terminal equipment does not exist in the second mapping relation, accessing the terminal equipment into the public network.
In a second aspect, a server is provided, which is applied to a private network access system, wherein the private network access system includes a plurality of private networks, and the server includes an obtaining unit, a determining unit, and an access unit; the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for responding to an access request of the terminal equipment and acquiring the equipment identification of the terminal equipment; the determining unit is used for determining a target private network identifier corresponding to the terminal equipment from a first mapping relation comprising the equipment identifier and the private network identifier according to the equipment identifier of the terminal equipment; and the access unit is used for accessing the terminal equipment to the private network corresponding to the target private network identifier.
Optionally, in the case that the device identifier of the terminal device does not exist in the first mapping relationship, the determining unit is further configured to: sending a preset authentication page to the terminal equipment; the authentication page is used for acquiring account information of the terminal equipment; and according to the account information of the terminal equipment, determining a target private network identifier corresponding to the terminal equipment from a second mapping relation comprising the account information and the private network identifier, and accessing the terminal equipment to the private network corresponding to the target private network identifier.
Optionally, the determining unit is specifically configured to: and updating the first mapping relation according to the equipment identifier of the terminal equipment and the target private network identifier corresponding to the terminal equipment.
Optionally, the obtaining unit is further configured to: acquiring indication information sent by the terminal equipment through the authentication page, wherein the indication information is used for indicating deletion and/or addition of equipment identification; the server further comprises a processing unit; the processing unit is used for deleting and/or adding the equipment identifier in the first mapping relation according to the indication information.
Optionally, the access unit is further configured to: and under the condition that the account information of the terminal equipment does not exist in the second mapping relation, accessing the terminal equipment into the public network.
In a third aspect, there is provided a computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computer, cause the computer to perform the private network access method as in the first aspect.
In a fourth aspect, a server is provided, comprising: a processor and a memory; the memory is used for storing one or more programs, and the one or more programs include computer execution instructions, and when the server runs, the processor executes the computer execution instructions stored by the memory, so that the server executes the private network access method of the first aspect.
The technical scheme provided by the invention at least has the following beneficial effects: responding to an access request of the terminal equipment, and acquiring an equipment identifier of the terminal equipment by the server; further, the server determines a target private network identifier corresponding to the terminal device from a mapping relation including the device identifier and the private network identifier according to the device identifier of the terminal device, and accesses the terminal device to a private network corresponding to the target private network identifier. Compared with the prior art that the access port of the terminal equipment is used as an access basis and the terminal equipment is accessed to the private network corresponding to the access port, the access method and the access device are not limited by the limitation of the access port, so that the access position is more flexible.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a private network access system according to an embodiment of the present invention;
fig. 2 is a first flowchart illustrating a private network access method according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating an effect of private network access according to an embodiment of the present invention;
fig. 4 is a second flowchart illustrating a private network access method according to an embodiment of the present invention;
fig. 5 is a third schematic flowchart of a private network access method according to an embodiment of the present invention;
fig. 6 is a fourth schematic flowchart of a private network access method according to an embodiment of the present invention;
fig. 7 is a fifth flowchart of a private network access method according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a server according to an embodiment of the present invention
Fig. 9 is a schematic structural diagram of a server according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that in the embodiments of the present invention, words such as "exemplary" or "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described as "exemplary" or "e.g.," an embodiment of the present invention is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
It should be noted that, in the embodiments of the present invention, "of", "corresponding" and "corresponding" may be sometimes used in combination, and it should be noted that, when the difference is not emphasized, the intended meaning is consistent.
For the convenience of clearly describing the technical solutions of the embodiments of the present invention, in the embodiments of the present invention, the words "first", "second", and the like are used for distinguishing the same items or similar items with basically the same functions and actions, and those skilled in the art can understand that the words "first", "second", and the like are not limited in number or execution order.
The private network access method provided by the embodiment of the invention can be suitable for a private network access system, and the private network access system is used for improving the access flexibility of the terminal equipment. Fig. 1 shows a schematic structural diagram of the private network access system. As shown in fig. 1, the private network access system 10 includes a terminal device 11, a network interface 12, a switch 13, and a server 14. Wherein, the terminal device 11 is connected with the network interface 12; the network interface 12 is connected with a switch 13; the switch 13 is connected to a server 14.
Private network access system 10 includes a plurality of private networks, the identities of which are stored in server 14.
The terminal device 11 is an electronic device with a network access function, such as a mobile phone, a tablet computer, a Personal Computer (PC), a Personal Digital Assistant (PDA), a smart watch, a netbook, a wearable electronic device, and the like.
The network interface 12 may be a wired interface or a wireless interface.
The switch 13 is connected to one or more network interfaces 12.
The server 14 is a network device having terminal device authentication and private network access functions, for example, the server 14 may be a network controller, a Dynamic Host Configuration Protocol (DHCP) server, a wireless controller, and the like, and the server 11 may also be a combination of one or more of the above devices.
The server 14 is configured to obtain, through the switch 13, a device identifier of the terminal device in response to the access request of the terminal device.
The server 14 is further configured to determine, according to the device identifier of the terminal device, a target private network identifier corresponding to the terminal device from a mapping relationship including the device identifier and the private network identifier, and access the terminal device to a private network corresponding to the target private network identifier.
Fig. 2 is a flow diagram illustrating a private network access method, according to some example embodiments. In some embodiments, the private network access method described above may be applied to a server as shown in fig. 1 or other similar devices.
As shown in fig. 2, the private network access method provided in the embodiment of the present invention includes the following steps S201 to S204.
S201, the terminal equipment sends an access request to a server.
As a possible implementation manner, after the terminal device accesses the private network access system through the wired network interface, an access request is sent to the server through the switch connected to the wired network interface.
It should be noted that the access request is used to trigger the server to perform access authentication on the terminal device, and to access the terminal device to the corresponding private network according to the authentication result. The access request may be a message of various protocol types.
In practical application, the wired network interface may be any wired access network port in the private network access system.
Illustratively, in the case that the terminal device accesses the private network access system through the wired network interface, the switch adds a DHCP message to a remote authentication in user service (RADIUS) message by sending the DHCP message to a switch connected to the wired network interface, and sends the RADIUS message to the server.
As another possible implementation manner, after the terminal device accesses the private network access system through the wireless network interface, an access request is sent to the server through the switch connected to the wireless network interface.
In practical applications, the wireless network interface may be any one of wireless access network ports in a private network access system, for example, the wireless network interface may be a Service Set Identifier (SSID) network interface.
For example, when the terminal device accesses the private network access system through the wireless network interface, the switch adds an Address Resolution Protocol (ARP) packet to the RADIUS packet by sending the ARP packet to the switch connected to the wireless network interface, and sends the RADIUS packet to the server.
S202, the server obtains the equipment identification of the terminal equipment.
As a possible implementation manner, after receiving the access request sent by the terminal device, the server responds to the access request of the terminal device, and obtains the device identifier of the terminal device from the access request.
It should be noted that the device identifier is used to reflect the identity information of the terminal device, for example, the device identifier may be a media access control address (MAC) identifier of the terminal device.
Illustratively, after receiving the RADIUS message, the server parses the RADIUS message to obtain an access request of the terminal device, and obtains the MAC identifier of the terminal device from the access request.
S203, the server determines a target private network identifier corresponding to the terminal device from the first mapping relation including the device identifier and the private network identifier according to the device identifier of the terminal device.
As a possible implementation manner, the server queries, according to the obtained device identifier of the terminal device, a private network identifier corresponding to the device identifier from a first mapping relationship including the device identifier and the private network identifier. Further, the server determines the inquired private network identifier as a target private network identifier corresponding to the terminal device.
It should be noted that the first mapping relationship is stored in the server by the operation and maintenance staff in advance.
In practical application, the first mapping relationship may be a mapping list or a mapping model, and the form of the first mapping relationship is not limited in the embodiment of the present invention.
As shown in table one, a representation is shown when the first mapping relationship is a mapping list.
Table one: first mapping relation
| Device A | |
| Device B | |
| Device C | Private network 2 |
| Device D | Private network 3 |
| Device E | Private network 4 |
For example, in the first table, if the device identifier of the terminal device is device a, the server queries the private network identifier corresponding to device a from the first table, obtains a private network identifier 1, and determines private network 1 as the target private network identifier of the terminal device.
And S204, the server accesses the terminal equipment to the private network corresponding to the target private network identifier.
As a possible implementation manner, after determining the target private network identifier corresponding to the terminal device, the server authorizes the private network corresponding to the target private network identifier for the terminal device, and accesses the terminal device into the private network corresponding to the target private network identifier.
Illustratively, the target private network is identified as private network 1, and the corresponding private network is Virtual Local Area Network (VLAN)1, then the server will authorize VLAN1 for the end device and access the end device to VLAN 1.
As another possible implementation manner, after determining the target private network identifier corresponding to the terminal device, the server authorizes the private network corresponding to the target private network identifier for the terminal device, and sends configuration information of the private network corresponding to the target private network identifier to the switch, so that the terminal device is accessed to the private network corresponding to the target private network identifier.
Illustratively, if the target private network identifier is private network 1 and the corresponding configuration information is VLAN-1, the server sends the configuration information VLAN-1 to the switch; correspondingly, the switch accesses the terminal equipment into the VLAN-1 private network according to the configuration information VLAN-1.
Exemplarily, as shown in fig. 3, a schematic diagram illustrating an effect of each terminal device accessing a private network according to the above method in different venues is shown. Wherein, the device a is accessed to the private network 2 through the network interface 1 in the venue 1, the device B is accessed to the private network 1 through the network interface 2 in the venue 2, and the device C is accessed to the private network 2 through the network interface 3 in the venue 3.
In one design, in order to access the terminal device to the private network corresponding to the target private network identifier under the condition that the device identifier of the terminal device does not exist in the first mapping relationship, as shown in fig. 4, the private network access method provided in the embodiment of the present invention further includes, after the above step S202, the following steps S301 to S303:
s301, the server sends a preset authentication page to the terminal device.
The authentication page is used for acquiring account information of the terminal equipment.
As a possible implementation manner, in response to an authentication request of the terminal device, the server sends a preset authentication page to the terminal device.
In some embodiments, for a terminal device that initiates an access request for the first time, since the first mapping relationship does not have a device identifier of the terminal device, the server directly sends an authentication page to the terminal device after receiving the access request of the terminal device.
In other embodiments, in a case that the device identifier of the terminal device does not exist in the first mapping relationship, the server sends a message of access failure to the terminal device. And after receiving the access failure message, the terminal equipment responds to the internet access operation of the account to generate an authentication request.
In practical applications, the authentication request may be generated by the terminal device in response to the internet access operation of the account. The internet access operation includes inputting an internet protocol address (IP) into the terminal device by the account. For example, the account inputs an IP address of the server in a browser of the terminal device, and the terminal device generates a hypertext transfer protocol (HTTP) request in response to the IP address, where the HTTP request is an authentication request.
It should be noted that the authentication page is set in the server in advance by the operation and maintenance staff, for example, the authentication page may be a world wide Web (Web) page.
The account information is used for reflecting the account identity of the terminal device, and for example, the account information may be an account number of an account and a password.
Illustratively, the server generates the Web page to the terminal device in response to an HTTP request from the terminal device.
Correspondingly, after receiving the authentication page, the terminal device displays the authentication page to the account. After the account information is input into the authentication page, the terminal equipment sends the account information to the server.
S302, the server determines a target private network identifier corresponding to the terminal device from a second mapping relation comprising the account information and the private network identifier according to the account information of the terminal device.
As a possible implementation manner, the server queries, according to the acquired account information of the terminal device, a private network identifier corresponding to the account information from a second mapping relationship including the account information and the private network identifier, and determines the queried private network identifier as a target private network identifier corresponding to the terminal device.
It should be noted that the second mapping relationship is stored in the server by the operation and maintenance staff in advance. The second mapping relationship and the first mapping relationship may be in the same mapping relationship or in two independent mapping relationships.
In practical application, the second mapping relationship may be a mapping list or a mapping model, and the form of the second mapping relationship is not limited in the embodiment of the present invention.
In the case where the first mapping relationship and the second mapping relationship are two independent mapping relationships, as shown in table two, a representation when the second mapping relationship is a mapping list is shown.
Table two: a form of the second mapping relation
| |
|
|
| Account 2 | Cipher 2 | Private network 2 |
| Account number 3 | Code 3 | Private network 3 |
| Account 4 | Password 4 | Private network 4 |
For example, in the table two, if the account information of the terminal device corresponds to the account number 1 and the password 1, the server queries the private network identifier corresponding to the account number 1 and the password 1 from the table two, obtains the private network identifier as the private network 1, and determines the private network 1 as the target private network identifier of the terminal device.
In the case that the first mapping relationship and the second mapping relationship are in the same mapping relationship, as shown in table three, an expression form when the second mapping relationship is a mapping list is shown.
Table three: another form of the second mapping relationship
For example, in the table two, if the account information of the terminal device corresponds to the account number 1 and the password 1, the server queries the private network identifier corresponding to the account number 1 and the password 1 from the table two, obtains the private network identifier as the private network 1, and determines the private network 1 as the target private network identifier of the terminal device.
S303, the server accesses the terminal equipment to the private network corresponding to the target private network identification.
For a specific implementation of this step, reference may be made to the above S204, which is not described herein again.
It can be understood that, in this case, in order to not be limited to the access port, the server obtains the user information of the terminal by sending the authentication page to the terminal, and then the server authenticates the terminal according to the user information and the second mapping relationship, so that the private network access is more flexible.
In a design, the terminal device can be accessed to the private network more conveniently next time, as shown in fig. 5, the private network access method provided in the embodiment of the present invention further includes, after the step S302, the following step S401:
s401, the server updates the first mapping relation according to the equipment identification of the terminal equipment and the target private network identification corresponding to the terminal equipment.
As a possible implementation manner, after determining a target private network identifier corresponding to the terminal device from the second mapping relationship including the account information and the private network identifier, the server adds the identifier of the terminal device to the first mapping relationship, so that the identifier of the terminal device corresponds to the target private network identifier.
Illustratively, the server determines that the target private network identifier is the private network 1 and the device identifier of the terminal device is the device D according to the account number 1 and the password 1.
Illustratively, as shown in table three, the first mapping relationship before updating. The device identifiers corresponding to the private network 1 are device a, device B, and device C. After receiving the access request of the terminal device with the device identifier of device D, the server cannot query the private network corresponding to the device in table three, and therefore the server sends an authentication page to the terminal device. After the server obtains that the account information of the terminal device is account 1 and password 1, a private network identifier 1 corresponding to the account information is inquired in table three. Further, the server adds the identifier of the terminal device (i.e., device D) to the device identifier corresponding to the private network 1 in table three to obtain the updated first mapping relationship, i.e., table four.
Table four: updated first mapping relationship
It can be understood that the server adds the device identifier of the terminal device to the first mapping relationship by updating the first mapping relationship, so that when the terminal device is accessed to the private network next time, the server can directly perform access authentication according to the device identifier of the terminal device, and the account information of the terminal device does not need to be acquired again, so that the access process is faster.
In a design, a terminal device may access a private network more conveniently, as shown in fig. 6, the private network access method provided in the embodiment of the present invention further includes, after the above S301, the following S501-S502:
s501, the server acquires the indication information sent by the terminal equipment through the authentication page.
Wherein the indication information is used for indicating deletion and/or addition of the device identification.
It should be noted that the indication information is information input by the account in the authentication page, and includes a terminal identifier and an operation identifier corresponding to the terminal identifier (for example, a deletion operation or an addition operation). After the account inputs the indication information in the authentication page, the terminal equipment sends the indication information to the server.
As a possible implementation manner, after the server sends the authentication page to the terminal device, the server receives the indication information sent by the terminal device.
S502, the server deletes and/or adds the equipment identification in the first mapping relation according to the indication information.
As a possible implementation manner, after receiving the indication information sent by the terminal device, the server determines the terminal identifier and the operation identifier corresponding to the terminal identifier in the indication information, and deletes and/or adds the device identifier in the first mapping relationship according to the terminal identifier and the operation identifier corresponding to the terminal identifier.
It can be understood that the account can perform access setting on other terminal devices on the device terminal by deleting and/or adding the device identifier, so that the access of other terminal devices is more flexible.
In one design, in a case that account information of the terminal device does not exist in the second mapping relationship, in order to enable the terminal device to access the internet, as shown in fig. 7, the private network access method according to the embodiment of the present invention further includes, after the step S302, the following step S601:
s601, the server accesses the terminal equipment to the public network.
As a possible implementation manner, under the condition that the account information of the terminal device does not exist in the second mapping relationship, the server sends a short message verification request to the terminal device to obtain a short message verification code of the terminal device; further, after the server obtains the short message verification code of the terminal device, the terminal device is accessed to the public network.
The above embodiments mainly describe the scheme provided by the embodiments of the present invention from the perspective of apparatuses (devices). It is understood that, in order to implement the above method, the device or apparatus includes hardware structures and/or software modules corresponding to the execution of each method flow, and the hardware structures and/or software modules corresponding to the execution of each method flow may constitute a material information determination device. Those of skill in the art will readily appreciate that the present invention can be implemented in hardware or a combination of hardware and computer software, in conjunction with the exemplary algorithm steps described in connection with the embodiments disclosed herein. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The embodiments of the present invention may perform the division of the functional modules on the apparatuses or devices according to the above method examples, for example, the apparatuses or devices may divide the functional modules corresponding to the functions, or may integrate two or more functions into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, the division of the modules in the embodiment of the present invention is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
Fig. 8 shows a possible structure diagram of the server in the case of dividing the functional modules according to the respective functions. As shown in fig. 8, the server 70 according to the embodiment of the present invention includes an obtaining unit 701, a determining unit 702, and an accessing unit 703.
An obtaining unit 701, configured to obtain a device identifier of a terminal device in response to an access request of the terminal device.
A determining unit 702, configured to determine, according to the device identifier of the terminal device, a target private network identifier corresponding to the terminal device from the first mapping relationship that includes the device identifier and the private network identifier.
An accessing unit 703 is configured to access the terminal device to a private network corresponding to the target private network identifier.
Optionally, in the case that the device identifier of the terminal device does not exist in the first mapping relationship, the determining unit 702 is further configured to: sending a preset authentication page to the terminal equipment; the authentication page is used for acquiring account information of the terminal equipment; and according to the account information of the terminal equipment, determining a target private network identifier corresponding to the terminal equipment from a second mapping relation comprising the account information and the private network identifier, and accessing the terminal equipment to the private network corresponding to the target private network identifier.
Optionally, the determining unit 702 is specifically configured to: and updating the first mapping relation according to the equipment identifier of the terminal equipment and the target private network identifier corresponding to the terminal equipment.
Optionally, the obtaining unit 701 is further configured to: and acquiring indication information sent by the terminal equipment through the authentication page, wherein the indication information is used for indicating deletion and/or addition of the equipment identifier.
Optionally, the server 70 further comprises a processing unit 704; the processing unit 704 is configured to delete and/or add the device identifier in the first mapping relationship according to the indication information.
Optionally, the access unit 703 is further configured to: and under the condition that the account information of the terminal equipment does not exist in the second mapping relation, accessing the terminal equipment into the public network.
In the case of implementing the functions of the integrated modules in the form of hardware, the embodiment of the present invention provides a possible structural schematic diagram of the server involved in the above embodiments. As shown in fig. 9, a server 80 is used to make the access location of the terminal device more flexible, for example, to perform the private network access method shown in fig. 2. The server 80 includes a processor 801, a memory 802, and a bus 803. The processor 801 and the memory 802 may be connected by a bus 803.
The processor 801 is a control center of the user equipment, and may be a single processor or a collective term for a plurality of processing elements. For example, the processor 801 may be a Central Processing Unit (CPU), other general-purpose processors, or the like. Wherein a general purpose processor may be a microprocessor or any conventional processor or the like.
For one embodiment, processor 801 may include one or more CPUs, such as CPU 0 and CPU 1 shown in FIG. 9.
The memory 802 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that may store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that may store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
As a possible implementation, the memory 802 may exist separately from the processor 801, and the memory 802 may be connected to the processor 801 via the bus 803 for storing instructions or program code. The map plotting method provided by the embodiments of the present invention can be implemented when the processor 801 calls and executes instructions or program codes stored in the memory 802.
In another possible implementation, the memory 802 may also be integrated with the processor 801.
The bus 803 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 9, but this does not indicate only one bus or one type of bus.
It is to be noted that the configuration shown in fig. 9 does not constitute a limitation of the server 80. In addition to the components shown in FIG. 9, the server 80 may include more or fewer components than shown, or some components may be combined, or a different arrangement of components.
As an example, in conjunction with fig. 8, the functions implemented by the acquisition unit 701, the determination unit 702, the access unit 703, and the processing unit 704 in the server are the same as the functions of the processor 801 in fig. 9.
Optionally, as shown in fig. 9, the server 80 provided in the embodiment of the present invention may further include a communication interface 804.
A communication interface 804 for connecting with other devices through a communication network. The communication network may be an ethernet network, a radio access network, a Wireless Local Area Network (WLAN), etc. The communication interface 804 may include an acquisition unit for receiving data and a transmission unit for transmitting data.
In one design, in the server provided in the embodiment of the present invention, the communication interface may be further integrated in the processor.
Fig. 10 shows another hardware configuration of the server in the embodiment of the present invention. As shown in fig. 10, server 90 may include a processor 901 and a communication interface 902. Processor 901 is coupled to a communication interface 902.
The functions of the processor 901 may refer to the description of the processor 901 above. The processor 901 also has a memory function, and the function of the memory 802 described above can be referred to.
The communication interface 902 is used to provide data to the processor 901. The communication interface 902 may be an internal interface of the server or an external interface of the server (corresponding to the communication interface 804).
It should be noted that the configuration shown in fig. 10 does not constitute a limitation on the server 90, and that the server 90 may include more or less components than those shown in fig. 10, or combine some components, or a different arrangement of components than those shown in fig. 10.
Through the above description of the embodiments, those skilled in the art may clearly understand that, for convenience and simplicity of description, only the division of each functional unit is illustrated. In practical applications, the above function allocation can be performed by different functional units according to needs, that is, the internal structure of the device is divided into different functional units to perform all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.
The embodiment of the present invention further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed by a computer, the computer executes each step in the method flow shown in the above method embodiment.
Embodiments of the present invention provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform the private network access method of the above-described method embodiments.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, and a hard disk. Random Access Memory (RAM), Read-Only Memory (ROM), Erasable Programmable Read-Only Memory (EPROM), registers, a hard disk, optical fiber, a portable Compact disk Read-Only Memory (CD-ROM), optical storage devices, magnetic storage devices, or any other form of computer-readable storage medium known in the art, in any suitable combination of the above, or any other form of computer-readable storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuit (ASIC). In embodiments of the invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The above description is only an embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions within the technical scope of the present invention are intended to be covered by the scope of the present invention.
Claims (12)
1. A private network access method is applied to a private network access system, the private network access system comprises a plurality of private networks, and the method comprises the following steps:
responding to an access request of terminal equipment, and acquiring an equipment identifier of the terminal equipment;
and according to the equipment identifier of the terminal equipment, determining a target private network identifier corresponding to the terminal equipment from a first mapping relation comprising the equipment identifier and the private network identifier, and accessing the terminal equipment to a private network corresponding to the target private network identifier.
2. The private network access method according to claim 1, wherein in a case that the device identifier of the terminal device does not exist in the first mapping relationship, the method further comprises:
sending a preset authentication page to the terminal equipment; the authentication page is used for acquiring account information of the terminal equipment;
and according to the account information of the terminal equipment, determining a target private network identifier corresponding to the terminal equipment from a second mapping relation comprising the account information and the private network identifier, and accessing the terminal equipment to a private network corresponding to the target private network identifier.
3. The private network access method according to claim 2, wherein after determining the target private network identifier corresponding to the terminal device from the second mapping relationship including the account information and the private network identifier, the method further comprises:
and updating the first mapping relation according to the equipment identifier of the terminal equipment and the target private network identifier corresponding to the terminal equipment.
4. The private network access method according to claim 2 or 3, wherein the method further comprises:
acquiring indication information sent by the terminal equipment through the authentication page, wherein the indication information is used for indicating deletion and/or addition of equipment identification;
and deleting and/or adding the equipment identifier in the first mapping relation according to the indication information.
5. The private network access method of claim 2, further comprising:
and under the condition that the account information of the terminal equipment does not exist in the second mapping relation, accessing the terminal equipment to a public network.
6. A server is characterized in that the server is applied to a private network access system, the private network access system comprises a plurality of private networks, and the server comprises an acquisition unit, a determination unit and an access unit;
the acquiring unit is used for responding to an access request of the terminal equipment and acquiring the equipment identifier of the terminal equipment;
the determining unit is configured to determine, according to the device identifier of the terminal device, a target private network identifier corresponding to the terminal device from a first mapping relationship including the device identifier and the private network identifier;
and the access unit is used for accessing the terminal equipment to the private network corresponding to the target private network identifier.
7. The server according to claim 6, wherein in a case that the device identifier of the terminal device does not exist in the first mapping relationship, the determining unit is further configured to:
sending a preset authentication page to the terminal equipment; the authentication page is used for acquiring account information of the terminal equipment;
and according to the account information of the terminal equipment, determining a target private network identifier corresponding to the terminal equipment from a second mapping relation comprising the account information and the private network identifier, and accessing the terminal equipment to a private network corresponding to the target private network identifier.
8. The server according to claim 7, wherein the determining unit is specifically configured to:
and updating the first mapping relation according to the equipment identifier of the terminal equipment and the target private network identifier corresponding to the terminal equipment.
9. The server according to claim 7 or 8, wherein the obtaining unit is further configured to:
acquiring indication information sent by the terminal equipment through the authentication page, wherein the indication information is used for indicating deletion and/or addition of equipment identification;
the server further comprises a processing unit; the processing unit is configured to delete and/or add a device identifier in the first mapping relationship according to the indication information.
10. The server of claim 7, wherein the access unit is further configured to:
and under the condition that the account information of the terminal equipment does not exist in the second mapping relation, accessing the terminal equipment to a public network.
11. A computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computer, cause the computer to perform the private network access method of any one of claims 1-5.
12. A server, comprising: a processor and a memory; wherein the memory is configured to store one or more programs, the one or more programs including computer-executable instructions, which when executed by the server, are executed by the processor to cause the server to perform the private network access method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210086094.3A CN114531279B (en) | 2022-01-25 | 2022-01-25 | Private network access method, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210086094.3A CN114531279B (en) | 2022-01-25 | 2022-01-25 | Private network access method, server and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114531279A true CN114531279A (en) | 2022-05-24 |
| CN114531279B CN114531279B (en) | 2023-12-22 |
Family
ID=81623584
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210086094.3A Active CN114531279B (en) | 2022-01-25 | 2022-01-25 | Private network access method, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114531279B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114900793A (en) * | 2022-06-14 | 2022-08-12 | 中国联合网络通信集团有限公司 | Communication method, apparatus and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160019598A1 (en) * | 2014-07-17 | 2016-01-21 | David Harrison | Targeted advertising and attribution across multiple screens based on playing games on a game console through a television |
| WO2017167249A1 (en) * | 2016-04-01 | 2017-10-05 | 中兴通讯股份有限公司 | Private network access method, device and system |
| CN109561430A (en) * | 2017-09-26 | 2019-04-02 | 大唐移动通信设备有限公司 | A kind of implementation method and equipment of public network user access private network |
| CN113098834A (en) * | 2020-01-08 | 2021-07-09 | 钉钉控股(开曼)有限公司 | Access control method, device, equipment and system |
| CN113825225A (en) * | 2021-09-10 | 2021-12-21 | 阿里巴巴达摩院(杭州)科技有限公司 | Roaming registration method of private network, AMF network element, equipment and system |
-
2022
- 2022-01-25 CN CN202210086094.3A patent/CN114531279B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160019598A1 (en) * | 2014-07-17 | 2016-01-21 | David Harrison | Targeted advertising and attribution across multiple screens based on playing games on a game console through a television |
| WO2017167249A1 (en) * | 2016-04-01 | 2017-10-05 | 中兴通讯股份有限公司 | Private network access method, device and system |
| CN109561430A (en) * | 2017-09-26 | 2019-04-02 | 大唐移动通信设备有限公司 | A kind of implementation method and equipment of public network user access private network |
| CN113098834A (en) * | 2020-01-08 | 2021-07-09 | 钉钉控股(开曼)有限公司 | Access control method, device, equipment and system |
| CN113825225A (en) * | 2021-09-10 | 2021-12-21 | 阿里巴巴达摩院(杭州)科技有限公司 | Roaming registration method of private network, AMF network element, equipment and system |
Non-Patent Citations (1)
| Title |
|---|
| 张立军;泥瑾;: "基于SDN的智能园区交换网络解决方案", 中国新通信, no. 22 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114900793A (en) * | 2022-06-14 | 2022-08-12 | 中国联合网络通信集团有限公司 | Communication method, apparatus and storage medium |
| CN114900793B (en) * | 2022-06-14 | 2024-03-15 | 中国联合网络通信集团有限公司 | Communication method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114531279B (en) | 2023-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9979497B2 (en) | Audio playing method and apparatus based on Bluetooth connection | |
| MX2014009070A (en) | Characteristic information acquisition method, device and network equipment. | |
| RU2651159C1 (en) | Method and device for marking unknown number | |
| CN113242331B (en) | Different types of address conversion method, device, computer equipment and storage medium | |
| WO2023193687A1 (en) | Shared memory access method and apparatus, device, and storage medium | |
| CN114531279B (en) | Private network access method, server and storage medium | |
| CN104065674A (en) | Terminal device and information processing method | |
| CN116566764A (en) | Configuration method and device for accessing virtual private network | |
| CN113115400B (en) | Communication method and device | |
| JP2017118248A (en) | Device, method and program for name resolution | |
| CN113365272B (en) | Method and system for preventing network from being rubbed | |
| CN111447080B (en) | Private network decentralization control method, device and computer readable storage medium | |
| CN113746909A (en) | Network connection method, device, electronic equipment and computer readable storage medium | |
| CN113490249A (en) | Method and device for determining transmission path | |
| CN110401952B (en) | Authentication method and related equipment | |
| JP2017142717A (en) | Communication system | |
| CN110830513A (en) | Cloud engine, method for remotely accessing application, system thereof and storage medium | |
| CN110941412A (en) | Method, system and terminal for realizing multi-terminal animation co-browsing based on imaging | |
| JP6776689B2 (en) | Information processing equipment, security systems and programs | |
| CN115021939B (en) | Identity authentication method, device, equipment and storage medium | |
| CN116846609A (en) | Access control method, device, equipment and storage medium | |
| US11163537B1 (en) | Tiered application pattern | |
| US11601422B2 (en) | Communication node, multi-hop network, equipment validity check method, and program | |
| CN113873053A (en) | Domain name changing method and device | |
| CN105939516A (en) | User authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |