CN115022071A - Network access control method and system of authentication server - Google Patents
Network access control method and system of authentication server Download PDFInfo
- Publication number
- CN115022071A CN115022071A CN202210713798.9A CN202210713798A CN115022071A CN 115022071 A CN115022071 A CN 115022071A CN 202210713798 A CN202210713798 A CN 202210713798A CN 115022071 A CN115022071 A CN 115022071A
- Authority
- CN
- China
- Prior art keywords
- authentication server
- authentication
- main
- standby
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000001514 detection method Methods 0.000 claims abstract description 65
- 230000002159 abnormal effect Effects 0.000 claims abstract description 35
- 238000004590 computer program Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 abstract description 11
- 230000000694 effects Effects 0.000 abstract description 10
- 238000010586 diagram Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 9
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the application provides a network access control method and a network access control system for an authentication server, and relates to the technical field of network communication. The method is applied to access equipment, the authentication server comprises a main authentication server and a standby authentication server, and the method comprises the following steps: acquiring authentication message information sent by terminal equipment; sending the authentication message information to an authentication server which is connected with the access equipment in a pointing way, and executing the following processing to the authentication server by the access equipment: controlling the access equipment to point to the connected authentication server as a main authentication server; detecting the authentication environment of the main authentication server and generating a detection result; judging whether the authentication environment of the main authentication server is abnormal or not according to the detection result, and if so, controlling the access equipment to point to the connected authentication server as a standby authentication server; acquiring authentication feedback information sent by an authentication server; and sending the authentication feedback information to the terminal equipment. The method can realize the technical effect of stability of network access.
Description
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a network access control method and system for an authentication server, an electronic device, and a computer-readable storage medium.
Background
Currently, In 802.1x Authentication of a network admission control system, a terminal device initiates an Extensible Authentication Protocol (EAP) Authentication message to an access device, and the access device sends a Remote Authentication Dial In User Service (RADIUS) RADIUS message to an Authentication server for Authentication. If the authentication is passed, the terminal equipment can access the intranet, and if the authentication is failed, the network cannot be accessed. At present, most schemes adopt two authentication servers as dual-computer hot standby, and the two authentication servers mutually send messages to detect whether the other side is alive or not. In the scheme, the standby machine can replace the host machine to work only when the host machine is down or the network interface fails. And the host cannot trigger the active-standby switching when other exceptions occur, such as core service exception, large-area user authentication failure and the like.
In the dual-computer hot standby mode in the prior art, the standby authentication server can take over the authentication work of the host only under the condition that the main authentication server is down or the network interface is not connected; when the main authentication Server is abnormal in service or authentication state, the Network Access Server (NAS) device cannot sense the abnormality, and the standby authentication Server cannot replace the main authentication Server in time, so that all terminal authentications are still abnormal. When a virtual Internet Protocol (IP) address is switched between a master authentication server and a slave authentication server, the network is unstable, which easily causes that both devices have a virtual IP or do not have a virtual IP, which may seriously affect the authentication environment.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method, a system, an electronic device, and a computer-readable storage medium for controlling network access of an authentication server, which can achieve a technical effect of stability of network access.
In a first aspect, an embodiment of the present application provides a network access control method for an authentication server, which is applied to an access device, where the authentication server includes a main authentication server and a standby authentication server, and the method includes:
acquiring authentication message information sent by terminal equipment;
sending the authentication message information to an authentication server which is connected with the access equipment in a pointing way, wherein the access equipment executes the following processing to the authentication server:
controlling the access equipment to point to a connected authentication server as a main authentication server; detecting the authentication environment of the main authentication server and generating a detection result; judging whether the authentication environment of the main authentication server is abnormal or not according to the detection result, if so, controlling the access equipment to point to the connected authentication server as a standby authentication server;
acquiring authentication feedback information sent by the authentication server;
and sending the authentication feedback information to the terminal equipment.
In the implementation process, the access device is respectively connected with the terminal device and the authentication server, wherein the terminal device is directly controlled by the access device, and whether the terminal device succeeds in authentication and can access the intranet corresponding to the authentication server can be controlled by the access device; therefore, the authentication environment of the main authentication server is detected through the access equipment, whether the authentication environment is abnormal or not is found by the access equipment, and the access equipment is switched to the indirect authentication server when the authentication environment is abnormal, so that the aim of switching the main authentication server and the standby authentication server is fulfilled, and the normal authentication environment can be maintained more efficiently; therefore, the network access control method of the authentication server can achieve the technical effect of stability of network access.
Further, the step of detecting the authentication environment of the master authentication server and generating a detection result includes:
sending detection message information to the main authentication server;
acquiring interface authentication data of the access equipment and detection feedback information returned by the main authentication server;
and generating the detection result according to the interface authentication data and/or the detection feedback information.
In the implementation process, the interface authentication data, namely the authentication data on the access device statistics self interface, and whether the main authentication server is abnormal or not can be quickly judged through the interface authentication data; the access equipment can effectively detect whether the key service and the key interface on the main authentication server are abnormal or not by sending the detection message information to the main authentication server; therefore, the detection result can be generated quickly and effectively through the interface authentication data and/or the detection feedback information.
Further, after the step of generating the detection result, the method further comprises:
and generating serious alarm information when the authentication environment of the main authentication server is judged to be abnormal according to the detection result.
In the implementation process, when the authentication environment of the main authentication server is abnormal, the warning is performed by generating the serious warning information.
Further, before the step of obtaining the authentication message information sent by the terminal device, the method further includes:
and controlling the standby authentication server to copy the data of the main authentication server.
In the implementation process, the data synchronization between the standby authentication server and the main authentication server is realized by copying the data of the main authentication server by the standby authentication server.
Further, the access device is configured with a main authentication domain pointing to the main authentication server and a standby authentication domain pointing to the standby authentication server, the access device points to connect with the main authentication server when the main authentication domain takes effect, and the access device points to connect with the standby authentication server when the standby authentication domain takes effect.
In the implementation process, the access device is respectively directed to the main authentication server and the standby authentication server by configuring two authentication domains, so that the access device can achieve the purpose of switching the authentication servers by rapidly switching the authentication domains.
Further, the authentication message information is EAP message information.
Further, the authentication feedback information is RADIUS message information.
In a second aspect, an embodiment of the present application provides a network access control system for an authentication server, which is applied to an access device, where the authentication server includes a main authentication server and a standby authentication server, and the system includes:
the acquisition module is used for acquiring authentication message information sent by the terminal equipment;
a sending module, configured to send the authentication packet information to an authentication server in directional connection with the access device, where the access device performs the following processing on the authentication server:
the detection module is used for controlling the access equipment to point to the connected authentication server as a main authentication server; detecting the authentication environment of the main authentication server and generating a detection result; judging whether the authentication environment of the main authentication server is abnormal or not according to the detection result, if so, controlling the access equipment to point to the connected authentication server as a standby authentication server;
the acquisition module is further used for acquiring authentication feedback information sent by the authentication server;
the sending module is further configured to send the authentication feedback information to the terminal device.
Further, the detection module is specifically configured to:
sending detection message information to the main authentication server;
acquiring interface authentication data of the access equipment and detection feedback information returned by the main authentication server;
and generating the detection result according to the interface authentication data and/or the detection feedback information.
Further, the detection module is specifically configured to perform one or more of network interface detection, network service detection, and user abnormal authentication detection on the master authentication server, and generate the detection result.
Further, the network access control system of the authentication server further includes:
and the alarm module is used for generating serious alarm information when judging that the authentication environment of the main authentication server is abnormal according to the detection result.
Further, the network access control system of the authentication server further includes:
and the copying module is used for controlling the standby authentication server to synchronously copy the data of the main authentication server.
In a third aspect, an embodiment of the present application provides an electronic device, including: memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method according to any of the first aspect when executing the computer program.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium having instructions stored thereon, which, when executed on a computer, cause the computer to perform the method according to any one of the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product, which when run on a computer, causes the computer to perform the method according to any one of the first aspect.
Additional features and advantages of the disclosure will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the above-described techniques.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a block diagram of a terminal device, an access device, and an authentication server according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of a network access control method of an authentication server according to an embodiment of the present application;
fig. 3 is a schematic flowchart illustrating an authentication environment for detecting a master authentication server according to an embodiment of the present application;
fig. 4 is a block diagram of a network access control system of an authentication server according to an embodiment of the present disclosure;
fig. 5 is a block diagram of a structure of an electronic device provided in this embodiment of the present application and fig. 5.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
The embodiment of the application provides a network access control method, a system, electronic equipment and a computer readable storage medium of an authentication server, which can be applied to access authentication of an intranet terminal accessing a network; in the network access control method of the authentication server, the terminal equipment and the authentication server are respectively connected through the access equipment, wherein the terminal equipment is directly controlled by the access equipment, and whether the terminal equipment succeeds in authentication and can access an intranet corresponding to the authentication server can be controlled by the access equipment; therefore, the authentication environment of the main authentication server is detected through the access equipment, whether the authentication environment is abnormal or not is found by the access equipment, and the access equipment is switched to the indirect authentication server when the authentication environment is abnormal, so that the aim of switching the main authentication server and the standby authentication server is fulfilled, and the normal authentication environment can be maintained more efficiently; therefore, the network access control method of the authentication server can achieve the technical effect of stability of network access.
Referring to fig. 1, fig. 1 is a block diagram of a terminal device, an access device, and an authentication server according to an embodiment of the present disclosure.
Illustratively, if the authentication server fails, all terminal devices fail to authenticate, thereby causing a total outage of the user company. Even if the escape strategy is taken, all terminals are released, which still causes huge loss and potential safety hazard to the company.
Illustratively, as shown in fig. 1, the terminal device 11 is in communication connection with the access device 12, and the access device 12 is in communication connection with a first authentication server 13 and a second authentication server 14 respectively; in the embodiment of the present application, the slave access device 12 detects whether the current authentication server is abnormal, and if the current authentication server is abnormal, another authentication server is selected to take over authentication through the RADIUS authentication domain on the access device 12.
For example, the network access control method of the authentication server provided in the embodiment of the present application may be applied to a company, a hospital, a institution unit, an information center, and other units that place importance on information security, and controls terminal access by deploying a network access system in an intranet, thereby ensuring an environment in which an intranet terminal accesses a network.
Referring to fig. 2, fig. 2 is a schematic flowchart of a network access control method of an authentication server according to an embodiment of the present application, which is applied to an access device, where the authentication server includes a main authentication server and a standby authentication server, and the network access control method of the authentication server includes the following steps:
s100: and acquiring authentication message information sent by the terminal equipment.
Illustratively, the authentication message information sent by the terminal device may be a network access request; in some embodiments, the network access control method of the authentication server is applied to an access authentication process of an internal network, and the terminal device sends a network access request to the access device and the authentication server for authentication, so that the terminal device can access the internal network after the authentication is passed.
S200: sending the authentication message information to an authentication server which is connected with the access equipment in a pointing way, and executing the following processing to the authentication server by the access equipment:
s300: controlling the access equipment to point to the connected authentication server as a main authentication server; detecting the authentication environment of the main authentication server and generating a detection result; and judging whether the authentication environment of the main authentication server is abnormal or not according to the detection result, and if so, controlling the access equipment to point to the connected authentication server as a standby authentication server.
Illustratively, the access device finds whether the authentication environment is abnormal or not, and switches to an indirect authentication server when the authentication environment is abnormal, so that the aim of switching the main authentication server and the standby authentication server is fulfilled, and the normal authentication environment of the authentication server can be maintained more effectively.
S400: acquiring authentication feedback information sent by an authentication server;
s500: and sending the authentication feedback information to the terminal equipment.
Illustratively, the authentication server starts to authenticate whether the terminal device can access after receiving the authentication message information, and returns an authentication result (authentication feedback information) to the terminal device.
In some embodiments, the access device is respectively connected to the terminal device and the authentication server, wherein the terminal device is directly controlled by the access device, and whether the terminal device succeeds in authentication and can access an intranet corresponding to the authentication server can be controlled by the access device; therefore, the authentication environment of the main authentication server is detected through the access equipment, whether the authentication environment is abnormal or not is found by the access equipment, and the access equipment is switched to the indirect authentication server when the authentication environment is abnormal, so that the aim of switching the main authentication server and the standby authentication server is fulfilled, and the normal authentication environment can be maintained more efficiently; therefore, the network access control method of the authentication server can achieve the technical effect of stability of network access.
Referring to fig. 3, fig. 3 is a schematic flowchart illustrating an authentication environment for detecting a master authentication server according to an embodiment of the present disclosure.
Exemplarily, S300: the step of detecting the authentication environment of the main authentication server and generating a detection result comprises the following steps:
s310: sending the detection message information to a main authentication server;
s320: acquiring interface authentication data of access equipment and detection feedback information returned by a main authentication server;
s330: and generating a detection result according to the interface authentication data and/or the detection feedback information.
Illustratively, the interface authentication data, that is, the authentication data on the access device statistics self interface, and whether the master authentication server is abnormal or not can be quickly judged through the interface authentication data; the access equipment can effectively detect whether the key service and the key interface on the main authentication server are abnormal or not by sending the detection message information to the main authentication server; therefore, the detection result can be generated quickly and effectively through the interface authentication data and/or the detection feedback information.
Exemplarily, S330: after the step of generating the detection result, the method further comprises:
s340: and generating serious alarm information when the authentication environment of the main authentication server is judged to be abnormal according to the detection result.
Illustratively, when the authentication environment of the main authentication server is abnormal, the reminding is carried out by generating serious alarm information.
Exemplarily, S100: before the step of obtaining the authentication message information sent by the terminal device, the method further comprises:
and controlling the primary authentication server to copy the data of the primary authentication server.
Illustratively, the data synchronization of the standby authentication server and the main authentication server is realized by copying the data of the main authentication server.
Illustratively, the access device is configured with a main authentication domain pointing to the main authentication server and a standby authentication domain pointing to the standby authentication server, the access device pointing to the connecting main authentication server when the main authentication domain is validated, and the access device pointing to the connecting standby authentication server when the standby authentication domain is validated.
Illustratively, the access device configures two authentication domains to point to the master authentication server and the slave authentication server respectively, so that the access device can achieve the purpose of switching the authentication servers by switching the authentication domains rapidly.
In some embodiments, the authentication domain configured by the access device is a RADIUS authentication domain.
Illustratively, the authentication message information is EAP message information.
Illustratively, the authentication feedback information is RADIUS message information.
In some implementation scenarios, a specific flow example of the network access control method of the authentication server provided in the embodiment of the present application is as follows:
1) under normal conditions, the main authentication domain on the access equipment takes effect, the standby authentication domain does not take effect, namely the main authentication server works, and the standby authentication server does not work;
2) when the access equipment detects that the environment of the main authentication server is abnormal, the standby authentication domain takes effect, the main authentication domain is invalid, and at this time, the standby authentication server works and the main authentication server does not work; meanwhile, the access equipment generates a serious alarm to remind an administrator;
3) the access device detects the authentication environment as follows:
3.1) the access equipment detects the network interface of the authentication server, such as ping packets;
3.2) the access equipment detects services of the main authentication server, such as RADIUS service, online service and redis service; if the service is abnormal, an alarm is generated and the server is switched to the standby authentication server for authentication;
3.3) the access equipment detects that a large number of different users fail to authenticate in a short time, a large number of users authenticate again, or a large number of users are off line emergently, and the access equipment determines that the main authentication server is abnormal; and generating an alarm and switching to a standby authentication server for authentication.
Referring to fig. 4, fig. 4 is a block diagram of a network access control system of an authentication server according to an embodiment of the present application, which is applied to an access device, where the authentication server includes a main authentication server and a standby authentication server, and the network access control system of the authentication server includes:
an obtaining module 100, configured to obtain authentication packet information sent by a terminal device;
a sending module 200, configured to send the authentication packet information to an authentication server in directional connection with an access device, where the access device performs the following processing on the authentication server:
the detection module 300 is configured to control the access device to point to the connected authentication server as a primary authentication server; detecting the authentication environment of the main authentication server and generating a detection result; judging whether the authentication environment of the main authentication server is abnormal or not according to the detection result, and if so, controlling the access equipment to point to the connected authentication server as a standby authentication server;
the obtaining module 100 is further configured to obtain authentication feedback information sent by the authentication server;
the sending module 200 is further configured to send the authentication feedback information to the terminal device.
Illustratively, the detecting module 300 is specifically configured to perform one or more of network interface detection, network service detection, and user abnormal authentication detection on the master authentication server, and generate a detection result.
Further, the detection module 300 is specifically configured to: sending the detection message information to a main authentication server; acquiring interface authentication data of access equipment and detection feedback information returned by a main authentication server; and generating a detection result according to the interface authentication data and/or the detection feedback information.
Illustratively, the network access control system of the authentication server further comprises:
and the alarm module is used for generating serious alarm information when judging that the authentication environment of the main authentication server is abnormal according to the detection result.
Illustratively, the network access control system of the authentication server further includes:
and the copying module is used for controlling the standby authentication server to synchronously copy the data of the main authentication server.
It should be noted that the network access control system of the authentication server shown in fig. 4 corresponds to the method embodiments shown in fig. 1 to fig. 3, and is not described herein again to avoid repetition.
Fig. 5 shows a block diagram of an electronic device according to an embodiment of the present disclosure, where fig. 5 is a block diagram of the electronic device. The electronic device may include a processor 510, a communication interface 520, a memory 530, and at least one communication bus 540. Wherein the communication bus 540 is used for realizing direct connection communication of these components. In this embodiment, the communication interface 520 of the electronic device is used for performing signaling or data communication with other node devices. Processor 510 may be an integrated circuit chip having signal processing capabilities.
The Processor 510 may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor 510 may be any conventional processor or the like.
The Memory 530 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Read Only Memory (EPROM), an electrically Erasable Read Only Memory (EEPROM), and the like. The memory 530 stores computer readable instructions, which when executed by the processor 510, enable the electronic device to perform the steps involved in the method embodiments of fig. 1-3 described above.
Optionally, the electronic device may further include a memory controller, an input output unit.
The memory 530, the memory controller, the processor 510, the peripheral interface, and the input/output unit are electrically connected to each other directly or indirectly, so as to implement data transmission or interaction. For example, these elements may be electrically coupled to each other via one or more communication buses 540. The processor 510 is used to execute executable modules stored in the memory 530, such as software functional modules or computer programs included in the electronic device.
The input and output unit is used for providing a task for a user to create and start an optional time period or preset execution time for the task creation so as to realize the interaction between the user and the server. The input/output unit may be, but is not limited to, a mouse, a keyboard, and the like.
It will be appreciated that the configuration shown in fig. 5 is merely illustrative and that the electronic device may include more or fewer components than shown in fig. 5 or may have a different configuration than shown in fig. 5. The components shown in fig. 5 may be implemented in hardware, software, or a combination thereof.
The embodiment of the present application further provides a storage medium, where the storage medium stores instructions, and when the instructions are run on a computer, when the computer program is executed by a processor, the method in the method embodiment is implemented, and in order to avoid repetition, details are not repeated here.
The present application also provides a computer program product which, when run on a computer, causes the computer to perform the method of the method embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It should be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A network access control method of an authentication server is applied to access equipment, the authentication server comprises a main authentication server and a standby authentication server, and the method comprises the following steps:
acquiring authentication message information sent by terminal equipment;
sending the authentication message information to an authentication server which is connected with the access equipment in a pointing way, wherein the access equipment executes the following processing to the authentication server:
controlling the access equipment to point to a connected authentication server as a main authentication server; detecting the authentication environment of the main authentication server and generating a detection result; judging whether the authentication environment of the main authentication server is abnormal or not according to the detection result, if so, controlling the access equipment to point to the connected authentication server as a standby authentication server;
acquiring authentication feedback information sent by the authentication server;
and sending the authentication feedback information to the terminal equipment.
2. The network access control method of the authentication server according to claim 1, wherein the step of detecting the authentication environment of the master authentication server and generating the detection result includes:
sending detection message information to the main authentication server;
acquiring interface authentication data of the access equipment and detection feedback information returned by the main authentication server;
and generating the detection result according to the interface authentication data and/or the detection feedback information.
3. The network access control method of the authentication server according to claim 2, wherein after the step of generating the detection result, the method further comprises:
and generating serious alarm information when the authentication environment of the main authentication server is judged to be abnormal according to the detection result.
4. The network access control method of the authentication server according to claim 2, wherein before the step of obtaining the authentication packet information sent by the terminal device, the method further comprises:
and controlling the standby authentication server to synchronously copy the data of the main authentication server.
5. The network access control method of the authentication server according to claim 1, wherein the access device is configured with a main authentication domain pointing to the main authentication server and a standby authentication domain pointing to a standby authentication server, the access device points to connect to the main authentication server when the main authentication domain is validated, and the access device points to connect to the standby authentication server when the standby authentication domain is validated.
6. The network access control method of the authentication server according to claim 1, wherein the authentication message information is EAP message information.
7. The network access control method of the authentication server according to claim 1, wherein the authentication feedback information is RADIUS message information.
8. A network access control system of an authentication server, applied to an access device, wherein the authentication server includes a main authentication server and a standby authentication server, the system comprising:
the acquisition module is used for acquiring authentication message information sent by the terminal equipment;
a sending module, configured to send the authentication packet information to an authentication server in directional connection with the access device, where the access device performs the following processing on the authentication server:
the detection module is used for controlling the access equipment to point to the connected authentication server as a main authentication server; detecting the authentication environment of the main authentication server and generating a detection result; judging whether the authentication environment of the main authentication server is abnormal or not according to the detection result, if so, controlling the access equipment to point to the connected authentication server as a standby authentication server;
the acquisition module is further used for acquiring authentication feedback information sent by the authentication server;
the sending module is further configured to send the authentication feedback information to the terminal device.
9. An electronic device, comprising: memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the network access control method of an authentication server according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium having stored thereon instructions which, when run on a computer, cause the computer to execute the network access control method of an authentication server according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210713798.9A CN115022071B (en) | 2022-06-22 | Network access control method and system of authentication server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210713798.9A CN115022071B (en) | 2022-06-22 | Network access control method and system of authentication server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115022071A true CN115022071A (en) | 2022-09-06 |
| CN115022071B CN115022071B (en) | 2024-09-24 |
Family
ID=
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050254651A1 (en) * | 2001-07-24 | 2005-11-17 | Porozni Baryy I | Wireless access system, method, signal, and computer program product |
| KR100888979B1 (en) * | 2008-09-26 | 2009-03-19 | 넷큐브테크놀러지 주식회사 | System and method for managing access to network based on user authentication |
| CN102082733A (en) * | 2011-02-25 | 2011-06-01 | 杭州华三通信技术有限公司 | Portal system and access method thereof |
| US20120042029A1 (en) * | 2007-04-20 | 2012-02-16 | Juniper Networks, Inc. | High-availability remote-authentication dial-in user service |
| CN105430016A (en) * | 2015-12-30 | 2016-03-23 | 迈普通信技术股份有限公司 | Network access authentication method and system |
| US20170373858A1 (en) * | 2016-06-24 | 2017-12-28 | Fujitsu Limited | Cryptographic primitive for user authentication |
| WO2018045798A1 (en) * | 2016-09-12 | 2018-03-15 | 华为技术有限公司 | Network authentication method and related device |
| CN108616393A (en) * | 2018-04-24 | 2018-10-02 | 杭州迪普科技股份有限公司 | A kind of authentication method and device based on ldap server |
| CN109145574A (en) * | 2018-07-26 | 2019-01-04 | 深圳市买买提信息科技有限公司 | Identity identifying method, device, server and storage medium |
| CN111092786A (en) * | 2019-12-12 | 2020-05-01 | 中盈优创资讯科技有限公司 | Network equipment safety authentication service reliability enhancing system |
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050254651A1 (en) * | 2001-07-24 | 2005-11-17 | Porozni Baryy I | Wireless access system, method, signal, and computer program product |
| US20120042029A1 (en) * | 2007-04-20 | 2012-02-16 | Juniper Networks, Inc. | High-availability remote-authentication dial-in user service |
| KR100888979B1 (en) * | 2008-09-26 | 2009-03-19 | 넷큐브테크놀러지 주식회사 | System and method for managing access to network based on user authentication |
| CN102082733A (en) * | 2011-02-25 | 2011-06-01 | 杭州华三通信技术有限公司 | Portal system and access method thereof |
| CN105430016A (en) * | 2015-12-30 | 2016-03-23 | 迈普通信技术股份有限公司 | Network access authentication method and system |
| US20170373858A1 (en) * | 2016-06-24 | 2017-12-28 | Fujitsu Limited | Cryptographic primitive for user authentication |
| WO2018045798A1 (en) * | 2016-09-12 | 2018-03-15 | 华为技术有限公司 | Network authentication method and related device |
| CN108616393A (en) * | 2018-04-24 | 2018-10-02 | 杭州迪普科技股份有限公司 | A kind of authentication method and device based on ldap server |
| CN109145574A (en) * | 2018-07-26 | 2019-01-04 | 深圳市买买提信息科技有限公司 | Identity identifying method, device, server and storage medium |
| CN111092786A (en) * | 2019-12-12 | 2020-05-01 | 中盈优创资讯科技有限公司 | Network equipment safety authentication service reliability enhancing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113489691B (en) | Network access method, network access device, computer readable medium and electronic equipment | |
| Valdes et al. | An architecture for an adaptive intrusion-tolerant server | |
| CN112242924B (en) | Mimic bracket implementation device and method for main/standby mode | |
| CN110163003B (en) | Password management method and device | |
| CN101925880A (en) | Method and apparatus for authentication service application processes during service reallocation in high availability clusters | |
| CN112039894A (en) | Network access control method, device, storage medium and electronic equipment | |
| CN106571968B (en) | Service switching method and system | |
| CN112818307A (en) | User operation processing method, system, device and computer readable storage medium | |
| CN112149066A (en) | Activation verification method and device for software | |
| CN115085993A (en) | Data verification method and device and domain controller | |
| CN117093423B (en) | Data synchronization method and system between trusted DCS terminals, electronic equipment and storage medium | |
| CN111277436A (en) | Equipment state switching method and device, electronic equipment and storage medium | |
| CN112162825A (en) | Equipment configuration method, device, equipment and storage medium | |
| CN111083049A (en) | User table item recovery method and device, electronic equipment and storage medium | |
| US8379858B2 (en) | Generating key information for mutual access among multiple computers | |
| KR101694298B1 (en) | Apparatus for electing a master in redundancy system | |
| RU2647684C2 (en) | Device and method for detecting unauthorized manipulations with the system state of the nuclear plant control unit | |
| CN115022071B (en) | Network access control method and system of authentication server | |
| CN115022071A (en) | Network access control method and system of authentication server | |
| JP2016181074A (en) | Computer terminal, program for same, and computer system | |
| CN113922975A (en) | Security control method, server, terminal, system and storage medium | |
| CN113806825A (en) | Verification method, verification device, storage medium and electronic equipment | |
| Reynolds et al. | On-line intrusion protection by detecting attacks with diversity | |
| JP5152539B2 (en) | User authentication system | |
| JP2004021873A (en) | Internet system monitoring device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |