CN115987701B - Management method and device of access equipment, terminal equipment and medium - Google Patents
Management method and device of access equipment, terminal equipment and medium Download PDFInfo
- Publication number
- CN115987701B CN115987701B CN202310267626.8A CN202310267626A CN115987701B CN 115987701 B CN115987701 B CN 115987701B CN 202310267626 A CN202310267626 A CN 202310267626A CN 115987701 B CN115987701 B CN 115987701B
- Authority
- CN
- China
- Prior art keywords
- access
- charging
- equipment
- quota
- access equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a management method, a device, a terminal device and a medium of access equipment, wherein the method comprises the following steps: when the access equipment is in a network access state, corresponding charging quota is distributed for the access equipment; determining a first charging scheme matched with the access equipment according to the network access parameters of the access equipment; deducting the charging quota according to the first charging scheme; and when the charging quota is totally deducted, forcing the access equipment to be disconnected. The invention manages the access equipment by deducting the charging amount of the access equipment, thereby improving the network security.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for managing access devices, a terminal device, and a computer readable storage medium.
Background
The existing network access technology is mainly an 802.1x authentication mode, which comprises two modes of user name and password and MAC (Media Access Control ) bypass authentication, wherein the MAC bypass authentication mode is commonly applied to a dummy terminal (such as a printer) accessing to a network, for example, the dummy device performs authentication login at a server side by taking an MAC address as an account number and a password.
However, the existing MAC bypass authentication method generally has the problem of low security. For example, an attacker may modify the MAC address of a device to gain easy access to the network; the same device is allowed to access at a plurality of places by using the MAC address of the device, so that conditions are provided for repeated access of illegal devices, and illegal devices cannot be forced to be off line and the like. The above situation may threaten network security.
Therefore, it is a very necessary matter how to manage the devices accessing the network, and further improve the network security.
Disclosure of Invention
The invention mainly aims to provide a management method, a device, a terminal device and a computer readable storage medium of access equipment, aiming to manage the access equipment in a manner of deducting the charging amount of the access equipment so as to improve network security.
To achieve the above object, the present invention provides a method for managing an access device, the method comprising the steps of:
when the access equipment is in a network access state, corresponding charging quota is distributed for the access equipment;
determining a first charging scheme matched with the access equipment according to the network access parameters of the access equipment;
deducting the charging quota according to the first charging scheme;
and when the charging quota is totally deducted, forcing the access equipment to be disconnected.
Optionally, the step of receiving a shortcut operation instruction includes:
receiving a shortcut operation instruction triggered by a user at a terminal device to execute a shortcut operation confirmation, wherein the shortcut operation comprises: one or more of double clicking, covering the screen, and panning.
Optionally, after the step of allocating a corresponding charging quota for the access device, the method further includes:
collecting the whole equipment information of the access equipment in real time, and judging whether the access equipment is in a normal access state according to the whole equipment information;
if the access equipment is in a normal access state, recharging the charging quota according to a preset recharging period, so that the access equipment is forced to be disconnected when the recharged charging quota is totally deducted.
Optionally, after the step of allocating a corresponding charging quota for the access device, the method further includes:
detecting whether the access equipment is accessed repeatedly at a plurality of places;
if the repeated access of the access equipment at a plurality of places is detected, a second charging scheme is determined based on the first charging scheme, and the charging quota is deducted according to the second charging scheme, wherein the charging quota deduction speed of the second charging scheme is greater than the charging quota deduction speed of the first charging scheme.
Optionally, before the step of forcing the access device to be offline, the method further includes:
monitoring the residual quota of the charging quota of the access equipment according to a preset monitoring period;
and if the residual amount is monitored to be in a depletion state, executing the step of forcing the access equipment to be disconnected.
Optionally, the network access parameters include: the method comprises the steps of determining a first charging scheme matched with the access equipment according to the network access parameters of the access equipment, wherein the first charging scheme comprises the following steps:
a first charging scheme is determined that matches the access device based on at least one of the device type, the traffic type, and the access address of the access device.
Optionally, before the step of allocating a corresponding charging quota for the access device, the method further includes:
acquiring an authentication request triggered by the access equipment, and searching corresponding authentication information according to the authentication request;
and determining whether the access equipment has network access authority according to the authentication information, and determining that the access equipment is in a network access state when the access equipment has the network access authority.
Optionally, after the step of determining whether the access device is in a normal access state, the method further includes:
if the access equipment is judged to be in other access states except the normal access state, the charging quota is not recharged any more, and the access equipment is forced to be disconnected when the charging quota is completely deducted.
In order to achieve the above object, the present invention further provides a management apparatus for an access device, the management apparatus for an access device including:
the quota allocation module is used for allocating corresponding charging quota for the access equipment when the access equipment is in a network access state;
the scheme determining module is used for determining a first charging scheme matched with the access equipment according to the network access parameters of the access equipment;
the quota deduction module is used for deducting the charging quota according to the first charging scheme;
and the forced offline module is used for forcing the access equipment to be offline when the charging quota is totally deducted.
In order to achieve the above object, the present invention also provides a terminal device including a memory, a processor, and a management program of an access device stored on the memory and executable on the processor, the management program of the access device implementing the steps of the management method of an access device as described above when executed by the processor.
In addition, to achieve the above object, the present invention also proposes a computer-readable storage medium having stored thereon a management program of an access device, which when executed by a processor, implements the steps of the management method of an access device as described above.
To achieve the above object, the present invention also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method of managing an access device as described above.
The invention provides a management method, a device, a terminal device, a computer readable storage medium and a computer program product of access equipment, which are used for receiving a shortcut operation instruction and jumping to a preset interface of the terminal device according to the shortcut operation instruction; receiving a function interface jump instruction based on the preset interface, and jumping to a corresponding function interface according to the function interface jump instruction; and receiving a shortcut function definition instruction corresponding to the shortcut operation instruction based on the function interface, and customizing the shortcut function of the terminal equipment according to the shortcut function definition instruction.
Compared with any access of equipment in a network in the prior art, in the invention, corresponding charging quota and corresponding charging scheme are allocated for each access equipment, and then the charging quota of the access equipment is deducted according to the corresponding charging scheme, and after the charging quota is completely deducted, the access equipment is directly forced to be disconnected. Therefore, the invention matches the corresponding charging scheme for the access equipment according to the network access parameters of the access equipment, deducts the charging quota of the access equipment according to the charging scheme, forces the access equipment to be disconnected when the charging quota is completely deducted, and realizes the targeted management of the access equipment in a charging mode, so that the access equipment cannot access the network at will, and further, the network security is ensured.
Drawings
FIG. 1 is a schematic diagram of a hardware operating environment according to an embodiment of the present invention;
fig. 2 is a flow chart of an embodiment of a method for managing access devices according to the present invention;
FIG. 3 is a schematic diagram of an internal device of a system for managing an access device according to the present invention;
fig. 4 is a schematic functional block diagram of an embodiment of a management apparatus of an access device according to the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic device structure of a hardware running environment according to an embodiment of the present invention.
The terminal equipment in the embodiment of the invention can be a mobile phone, a tablet personal computer, a server, other network equipment and the like, and can be used for targeted management of access equipment.
As shown in fig. 1, the terminal device may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a stable memory (non-volatile memory), such as a disk memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
It will be appreciated by those skilled in the art that the device structure shown in fig. 1 does not constitute a limitation of the management device of the access device, and may include more or fewer components than shown, or may combine certain components, or may have a different arrangement of components.
As shown in fig. 1, a management program of an operation, a network communication module, a user interface module, and an access device may be included in a memory 1005 as a kind of computer storage medium. Operations are programs that manage and control device hardware and software resources, supporting the running of hypervisors and other software or programs for the access devices. In the device shown in fig. 1, the user interface 1003 is mainly used for data communication with the client; the network interface 1004 is mainly used for establishing communication connection with a server; and the processor 1001 may be configured to invoke a hypervisor of the access device stored in the memory 1005 and perform the following operations:
when the access equipment is in a network access state, corresponding charging quota is distributed for the access equipment;
determining a first charging scheme matched with the access equipment according to the network access parameters of the access equipment;
deducting the charging quota according to the first charging scheme;
and when the charging quota is totally deducted, forcing the access equipment to be disconnected.
Further, after the step of allocating a corresponding charging quota for the access device, the processor 1001 may be configured to invoke a management program of the access device stored in the memory 1005, and perform the following operations:
collecting the whole equipment information of the access equipment in real time, and judging whether the access equipment is in a normal access state according to the whole equipment information;
if the access equipment is in a normal access state, recharging the charging quota according to a preset recharging period, so that the access equipment is forced to be disconnected when the recharged charging quota is totally deducted.
Further, after the step of allocating a corresponding charging quota for the access device, the processor 1001 may be configured to invoke a management program of the access device stored in the memory 1005, and perform the following operations:
detecting whether the access equipment is accessed repeatedly at a plurality of places;
if the repeated access of the access equipment at a plurality of places is detected, a second charging scheme is determined based on the first charging scheme, and the charging quota is deducted according to the second charging scheme, wherein the charging quota deduction speed of the second charging scheme is greater than the charging quota deduction speed of the first charging scheme.
Further, before the step of forcing the access device to be disconnected, the processor 1001 may be configured to invoke a management program of the access device stored in the memory 1005, and perform the following operations:
monitoring the residual quota of the charging quota of the access equipment according to a preset monitoring period;
and if the residual amount is monitored to be in a depletion state, executing the step of forcing the access equipment to be disconnected.
Further, the network access parameters include: the device type, traffic type, and access address, the processor 1001 may be configured to invoke a hypervisor of the access device stored in the memory 1005 and perform the following operations:
a first charging scheme is determined that matches the access device based on at least one of the device type, the traffic type, and the access address of the access device.
Further, before the step of allocating a corresponding charging quota for the access device, the processor 1001 may be configured to invoke a management program of the access device stored in the memory 1005, and perform the following operations:
acquiring an authentication request triggered by the access equipment, and searching corresponding authentication information according to the authentication request;
and determining whether the access equipment has network access authority according to the authentication information, and determining that the access equipment is in a network access state when the access equipment has the network access authority.
Further, after the step of determining whether the access device is in a normal access state, the processor 1001 may be configured to invoke a management program of the access device stored in the memory 1005, and perform the following operations:
if the access equipment is judged to be in other access states except the normal access state, the charging quota is not recharged any more, and the access equipment is forced to be disconnected when the charging quota is completely deducted.
In order to manage the devices accessing the network, and avoid the problems that the devices can access the network at random, the same device can access at a plurality of places, illegal devices cannot be removed, and the like, the invention provides a management method of the access device, which is applied to a management system of the access device, as shown in fig. 2, wherein the management system at least comprises an AAA (Authentication verification, authorization and Accounting) server, a switch, a flow acquisition device and an asset identification device.
Referring to fig. 3, fig. 3 is a flowchart illustrating a first embodiment of a management method of an access device according to the present invention.
The embodiments of the present invention provide embodiments of a method of managing access devices, it being noted that although a logical sequence is illustrated in the flow chart, in some cases the steps illustrated or described may be performed in a different order than that illustrated herein.
Based on the above management system, the management method of the access device in this embodiment specifically includes:
step S10, when the access equipment is in a network access state, corresponding charging quota is allocated to the access equipment;
when the terminal equipment detects that the access equipment is in a network access state (namely the equipment normally accesses the network), corresponding charging quota is allocated to the access equipment.
In this embodiment, as shown in fig. 2, the access device may be a dummy terminal device, where the dummy terminal device has a function of inputting and outputting characters, and has no processor or hard disk, and needs to be connected to a host through a serial interface, so that all tasks are completed by the host, such as a printer.
In an embodiment, according to the above description, as shown in fig. 2, at least an AAA server, a switch, a traffic collection device, and an asset identification device are included in the management system of the access device. On the basis, when the AAA server detects that the access equipment is in the network access state, the corresponding accounting quota is allocated to the access equipment.
Step S20, determining a first charging scheme matched with the access equipment according to the network access parameters of the access equipment;
after the terminal device allocates a corresponding charging quota for the access device, the corresponding charging scheme (i.e. the first charging scheme) is further matched for the access device through the flow acquisition device in fig. 2 according to the network access parameter of the access device.
It should be noted that, in this embodiment, when the access device accesses the network, a charging scheme corresponding to the device type, the traffic type of the initiated traffic, and the network access parameters such as the destination address accessed by the device are allocated and matched to each access device. The access device in this embodiment may be generally divided into a normal access device and an abnormal access device, specifically, for example, when the access device accesses the management system through a port of a switch matched with the access device, if the access device is a printer, the access device may access the management system through a 9100 port of a local area network, and at this time, the access device may be considered to be an access device that accesses normally. However, if the access device connected to the port is a notebook computer, the accessed notebook computer is an access device with abnormal access. The essence of this definition is that the flow consumption and network protocol generated by the ports are different, for example, for the 9100 ports, if a printer is connected, the flow consumption is relatively low (flow of printing protocol, etc.), if the device connected to the ports is a notebook computer, the flow generated at this time is greatly improved. Thus, each access device may be assigned a matching billing scheme based on the differences in network access parameters such as the device type, the traffic type of the traffic it originated from, and the destination address it accesses.
Through the scheme, the normal access device and the abnormal access device can be distinguished and managed.
Step S30, deducting the charging quota according to the first charging scheme;
after determining a first charging scheme corresponding to the access equipment, the terminal equipment deducts the charging quota of the access equipment through the AAA server according to the first charging scheme.
It should be noted that, in this embodiment, by adopting a charging scheme matched with each access device to deduct the charging quota of the access device, normal deduction of the charging quota of the access device with normal access and quick deduction of the charging quota of the access device with abnormal access can be achieved, so that after the charging quota is completely deducted, the device is forced to be disconnected.
Step S40, when the charging quota is totally deducted, the access equipment is forced to be disconnected.
After the terminal equipment deducts the accounting quota of the access equipment through the AAA server, the terminal equipment forces the access equipment to be off line.
In this embodiment, according to the above description, the normal deduction of the charging quota of the access device with normal access and the rapid deduction of the charging quota of the access device with abnormal access can be performed, so that the charging quota of the access device with abnormal access can be forced to be disconnected when all the charging quota of the access device with abnormal access is deducted. By the charging mode, the access equipment with normal access and abnormal access can be identified, and the access equipment with abnormal access is managed, so that the threat of the equipment to network security is avoided.
In this embodiment, when the terminal device detects that the access device is in the network access state (i.e., the device normally accesses the network), a corresponding accounting quota is allocated to the access device through the AAA server. After the terminal equipment distributes corresponding charging quota for the access equipment, the corresponding first charging scheme is further matched for the access equipment through the AAA server. After determining a first charging scheme corresponding to the access equipment, the terminal equipment deducts the charging quota of the access equipment through the AAA server according to the first charging scheme. After the terminal equipment deducts the accounting quota of the access equipment through the AAA server, the terminal equipment forces the access equipment to be off line.
Compared with any access of the devices in the network in the prior art, the method and the device allocate corresponding charging quota and corresponding charging scheme for each access device, further deduct the charging quota of the access device according to the corresponding charging scheme, and directly force the access device to be disconnected after the charging quota is completely deducted. Therefore, the invention matches the corresponding charging scheme for each access device according to the network access parameters of each access device, deducts the charging quota of the access device according to the charging scheme, forces the access device to be off line when the charging quota is completely deducted, and realizes the corresponding management of the access device in a charging mode, so that the access device can not access the network at will, and further, the network security is ensured.
Further, based on the first embodiment of the method for managing an access device of the present invention, a second embodiment of the management of an access device of the present invention is presented.
In this embodiment, after "allocate a corresponding charging quota to the access device" in the above step S10, the method may further include:
step S50, collecting the whole equipment information of the access equipment in real time, and judging whether the access equipment is in a normal access state according to the whole equipment information;
step S60, if the access equipment is in a normal access state, recharging the charging quota according to a preset recharging period, so as to force the access equipment to be disconnected when the recharged charging quota is totally deducted.
It should be noted that, in this embodiment, according to the above description, as shown in fig. 2, the method for managing an access device in this embodiment is applied to a management system of an access device, and on this basis, the normal access state in this embodiment may specifically be: the access device accesses the management system through the port of the switch matched with the access device, for example, if the access device is a printer, the access device can access the management system through the 9100 port of the local area network, and at this time, the access device can be considered to be in a normal access state. However, if the access device accesses the network through another port, the access device is in an abnormal access state.
On the basis, the terminal equipment collects the equipment integral information of the access equipment in real time through the asset identification equipment in fig. 2, wherein the equipment integral information at least comprises: device fingerprint information (e.g., MAC address, open port, service information, etc. of the access device), switch network information, switch port on-line/off-line change status, etc. Further, according to the whole information of the equipment, judging whether the access equipment is in a normal access state or not; if the access device is judged to be in the normal access state, the current access device is the normally accessed access device.
In an embodiment, before the device integral information of the access device is collected in real time through the asset identification device, the AAA server may inform the asset identification device to identify the access device accessing the network (or autonomously identify the access device by the asset identification device), so that the asset identification device records and stores the device integral information of the access device, thereby realizing the close management and control of the access device.
Furthermore, when the access device is judged to be in the normal access state, in order to avoid the forced offline of the access device which is normally accessed, as shown in fig. 2, the terminal device needs to recharge the charging quota through the AAA server according to a preset recharging period. The preset recharging period may be flexibly set, for example, the preset recharging period in this embodiment may be set to 1 hour, and the charging quota will be recharged every 1 hour. It can be understood that the recharging content in this embodiment may be "time", for example, "120 minutes" for recharging the access device, or "flow", which is not specifically limited in this embodiment.
On the basis, the terminal equipment can deduct the charging quota according to the access time length or the consumption flow of the access equipment, and the access equipment is forced to be disconnected when the charging quota is completely deducted.
It can be understood that, in this embodiment, for a normally accessed access device, the charging quota allocated to the access device may be used for the next recharging period, and the situation that the charging quota is totally deducted will not occur, that is, the device can be continuously online; for the access equipment with abnormal access, the charging quota is deducted before the next recharging period, or the charging quota is not recharged, so that the access equipment is forced to be disconnected when the access equipment is completely deducted. In this way, the embodiment realizes targeted management of the access device.
Further, after the step S50, the method may further include:
step S70, if the access equipment is judged to be in other access states except the normal access state, the charging quota is not recharged any more, and the access equipment is forced to be disconnected when the charging quota is totally deducted.
If the terminal equipment judges that the access equipment is in other access states except the normal access state, namely, in the abnormal access state through the asset identification equipment, the charging quota of the access equipment is not charged any more, and when the charging quota is totally deducted, the access equipment is forced to be disconnected.
Further, after the step S10 "allocate a corresponding billing quota to the access device", the method may further include:
step S80, detecting whether the access equipment is accessed repeatedly at a plurality of places;
step S90, if the repeated access of the access equipment at a plurality of places is detected, a second charging scheme is determined based on the first charging scheme, and the charging quota is deducted according to the second charging scheme, wherein the charging quota deduction speed of the second charging scheme is greater than the charging quota deduction speed of the first charging scheme.
In order to avoid that the MAC address of the device can be accessed at a plurality of places (i.e. cross-region repeated access), which causes a threat to network security by a possible illegal device, the terminal device may detect, through the AAA server, whether the access device is repeatedly accessed at a plurality of places after allocating a corresponding accounting quota to the access device. If the access equipment is detected to confirm repeated access at a plurality of places, the medium-order equipment matches a corresponding charging scheme (namely a second charging scheme) for the medium-order equipment, and deducts the charging quota of the access equipment according to the charging scheme.
It can be understood that when the access device is detected as a cross-domain repeated access, which means that the device is an access device with abnormal access, in order to take the access device off line as soon as possible, the charging quota of the access device is deducted by using a second charging scheme, where the charging quota deduction speed of the second charging scheme is greater than the charging quota deduction speed of the first charging scheme, for example, before the next recharging period arrives, if the charging quota of the access device needs to be completely deducted by using the first charging scheme, the charging quota of the access device needs to be completely deducted by using a time period that is less than 1 hour, for example, 30 minutes, and the like. In this way, the embodiment improves the offline speed of the access device with abnormal access, realizes the targeted management of the access device, and further improves the network security.
Further, before "forcing the access device to be off line" in step S40, the method further includes:
step A, monitoring the residual quota of the charging quota of the access equipment according to a preset monitoring period;
and step B, if the residual amount is monitored to be in a depletion state, executing the step of forcing the access equipment to be disconnected.
When the terminal equipment deducts the accounting quota according to the first accounting scheme, the terminal equipment monitors the residual quota of the accounting quota according to a preset monitoring period by an AAA server, and after the residual quota of the accounting quota is monitored to be 0 (namely, a depletion state), the access equipment is forced to be disconnected.
It may be understood that, in this embodiment, if the remaining quota of the accounting quota is monitored to be 0, which means that the device is an access device with abnormal access, the AAA server is not used to recharge the accounting quota, so that the device is forced to be disconnected.
Further, the step S20 of determining the first charging scheme matched with the access device according to the network access parameter of the access device may include:
step S201, determining a first charging scheme matched with the access device according to at least one of the device type, the traffic type and the access address of the access device.
The network access parameters of the access device include, but are not limited to, device type, traffic type and access address, so that the terminal device will determine a charging scheme (first charging scheme) matching the access device through the traffic collection device.
Further, the accounting scheme may be sent to the AAA server for the AAA server to deduct the accounting quota for the access device according to the accounting scheme.
Further, the step S10, before "allocating a corresponding billing quota to the access device", further includes:
step C, acquiring an authentication request triggered by the access equipment, and searching corresponding authentication information according to the authentication request;
and D, determining whether the access equipment has network access rights according to the authentication information, and determining that the access equipment is in a network access state when the access equipment has the network access rights.
In this embodiment, the applicable scenario may specifically be that the access device sends the authentication request to the AAA server through 802.1x or MAC address bypass authentication.
And the AAA server searches and acquires authentication information in the authentication request after receiving the authentication request, queries whether the access equipment has network access rights according to the authentication information, determines that the access equipment is in a network access state when the access equipment is queried to have the network access rights, and does not allow the equipment to access a network if not.
In this embodiment, the terminal device will collect the device integral information of the access device in real time through the asset identification device, and determine whether the access device is in a normal access state according to the device integral information; if the access equipment is judged to be in a normal access state, recharging the charging quota through the AAA server according to a preset recharging period. If the access equipment is judged to be in other access states except the normal access state, the charging quota of the access equipment is not charged any more, and when the charging quota is totally deducted, the access equipment is forced to be off line. The terminal device can pass through the AAA server, and after the corresponding charging quota is allocated to the access device, the terminal device can detect whether the access device is repeatedly accessed at a plurality of places. If the access equipment is detected to confirm repeated access at a plurality of places, the medium-order equipment matches a corresponding charging scheme (namely a second charging scheme) for the medium-order equipment, and deducts the charging quota of the access equipment according to the charging scheme. When the terminal equipment deducts the accounting quota according to the first accounting scheme, checking the residual quota of the accounting quota through the AAA server according to a preset monitoring period, and after the residual quota of the accounting quota is monitored to be 0 (namely, a depletion state), forcing the access equipment to be disconnected.
In the invention, the equipment integral information of the access equipment is obtained through the asset identification equipment, the access equipment is recharged, the network access parameters of the access equipment are obtained through the flow acquisition equipment, the corresponding billing quota and billing scheme are matched for the access equipment through the AAA server, and the billing is carried out, so that the management of the access equipment is realized together, and the network security is ensured. In addition, the invention can accelerate the complete deduction of the charging quota of the access equipment with abnormal access and force the access equipment to be disconnected, thereby avoiding the potential threat of illegal equipment to network security.
In addition, an embodiment of the present invention further provides a management apparatus for an access device, referring to fig. 4, where the management apparatus for an access device includes:
the quota allocation module 10 is configured to allocate a corresponding charging quota to an access device when the access device is in a network access state;
a scheme determining module 20, configured to determine a first charging scheme matched with the access device according to a network access parameter of the access device;
a quota deduction module 30, configured to deduct the charging quota according to the first charging scheme;
and the forced offline module 40 is configured to force the access device to be offline when the accounting quota is totally deducted.
Further, the management apparatus of the access device further includes:
the access state judging module is used for collecting the whole equipment information of the access equipment in real time and judging whether the access equipment is in a normal access state according to the whole equipment information;
and the charging quota recharging module is used for recharging the charging quota according to a preset recharging period if the access equipment is in a normal access state, so that the access equipment is forced to be disconnected when the recharged charging quota is completely deducted.
Further, the management apparatus of the access device further includes:
the repeated access detection module is used for detecting whether the access equipment is repeatedly accessed at a plurality of places;
and the charging allocation deduction module is used for determining a second charging scheme based on the first charging scheme and deducting the charging quota according to the second charging scheme if the repeated access of the access equipment at a plurality of places is detected, wherein the charging quota deduction speed of the second charging scheme is greater than that of the first charging scheme.
Further, the management apparatus of the access device further includes:
the residual amount monitoring module is used for monitoring the residual amount of the charging quota of the access equipment according to a preset monitoring period;
and the forced offline execution module is used for executing the step of forcing the access equipment to be offline if the residual amount is monitored to be in a depletion state.
Further, the network access parameters include: device type, traffic type and access address, the scheme determination module 20 includes:
and the charging scheme determining unit is used for determining a first charging scheme matched with the access equipment according to at least one of the equipment type, the traffic type and the access address of the access equipment.
Further, the management apparatus of the access device further includes:
the authentication information searching module is used for acquiring an authentication request triggered by the access equipment and searching corresponding authentication information according to the authentication request;
and the access state determining module is used for determining whether the access equipment has network access authority according to the authentication information, and determining that the access equipment is in a network access state when the access equipment has the network access authority.
Further, the management apparatus of the access device further includes:
and the recharging stopping module is used for stopping recharging the charging quota if judging that the access equipment is in other access states except the normal access state, and forcing the access equipment to be disconnected when the charging quota is completely deducted.
The expansion content of the specific implementation mode of the management system of the access device is basically the same as that of each embodiment of the management method of the access device, and is not described in detail herein.
In addition, the embodiment of the invention also provides a computer readable storage medium, wherein the storage medium stores a management program of the access device, and the management program of the access device realizes the steps of the management method of the access device when being executed by a processor.
Embodiments of the management device and the computer readable storage medium of the access device of the present invention may refer to embodiments of the management method of the access device of the present invention, and are not described herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising several instructions for causing a terminal device (which may be a smart phone, a tablet computer, a server or other network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
Claims (9)
1. A method for managing an access device, the method comprising:
when the access equipment is in a network access state, corresponding charging quota is distributed for the access equipment;
determining a first charging scheme matched with the access equipment according to the network access parameters of the access equipment;
deducting the charging quota according to the first charging scheme;
forcing the access device to be offline when the billing quota is fully deducted;
after the step of allocating the corresponding charging quota for the access device, the method further includes:
detecting whether the access equipment is accessed repeatedly at a plurality of places;
if the repeated access of the access equipment at a plurality of places is detected, a second charging scheme is determined, and the charging quota is deducted according to the second charging scheme, wherein the charging quota deduction speed of the second charging scheme is greater than the charging quota deduction speed of the first charging scheme.
2. The method of managing access devices of claim 1, further comprising, after the step of allocating a corresponding billing quota for the access device:
collecting the whole equipment information of the access equipment in real time, and judging whether the access equipment is in a normal access state according to the whole equipment information;
if the access equipment is in a normal access state, recharging the charging quota according to a preset recharging period, so that the access equipment is forced to be disconnected when the recharged charging quota is totally deducted.
3. The method of managing access devices of claim 1, further comprising, prior to the step of forcing the access devices to be offline:
monitoring the residual quota of the charging quota of the access equipment according to a preset monitoring period;
and if the residual amount is monitored to be in a depletion state, executing the step of forcing the access equipment to be disconnected.
4. The method of managing access devices of claim 1, wherein the network access parameters comprise: the method comprises the steps of determining a first charging scheme matched with the access equipment according to the network access parameters of the access equipment, wherein the first charging scheme comprises the following steps:
a first charging scheme is determined that matches the access device based on at least one of the device type, the traffic type, and the access address of the access device.
5. The method of managing access devices of claim 1, further comprising, prior to the step of assigning corresponding billing quotas for the access devices:
acquiring an authentication request triggered by the access equipment, and searching corresponding authentication information according to the authentication request;
and determining whether the access equipment has the network access authority according to the authentication information, and determining that the access equipment is in a network access state when the access equipment has the network access authority.
6. The method for managing access devices according to claim 2, further comprising, after said step of determining whether said access device is in a normal access state:
if the access equipment is judged to be in other access states except the normal access state, the charging quota is not recharged any more, and the access equipment is forced to be disconnected when the charging quota is completely deducted.
7. An apparatus for managing an access device, the apparatus comprising:
the quota allocation module is used for allocating corresponding charging quota for the access equipment when the access equipment is in a network access state;
the scheme determining module is used for determining a first charging scheme matched with the access equipment according to the network access parameters of the access equipment;
the quota deduction module is used for deducting the charging quota according to the first charging scheme;
the forced offline module is used for forcing the access equipment to be offline when the charging quota is totally deducted;
the management device of the access equipment further comprises:
the repeated access detection module is used for detecting whether the access equipment is repeatedly accessed at a plurality of places;
and the charging allocation deduction module is used for determining a second charging scheme based on the first charging scheme and deducting the charging quota according to the second charging scheme if the repeated access of the access equipment at a plurality of places is detected, wherein the charging quota deduction speed of the second charging scheme is greater than that of the first charging scheme.
8. A terminal device, characterized in that it comprises a memory, a processor and a management program of an access device stored on the memory and executable on the processor, which when executed by the processor implements the steps of the management method of an access device according to any of claims 1 to 6.
9. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a management program of an access device, which when executed by a processor, implements the steps of the access device management method according to any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310267626.8A CN115987701B (en) | 2023-03-20 | 2023-03-20 | Management method and device of access equipment, terminal equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310267626.8A CN115987701B (en) | 2023-03-20 | 2023-03-20 | Management method and device of access equipment, terminal equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115987701A CN115987701A (en) | 2023-04-18 |
| CN115987701B true CN115987701B (en) | 2023-06-02 |
Family
ID=85968589
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310267626.8A Active CN115987701B (en) | 2023-03-20 | 2023-03-20 | Management method and device of access equipment, terminal equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115987701B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113014427A (en) * | 2021-02-22 | 2021-06-22 | 深信服科技股份有限公司 | Network management method and apparatus, and storage medium |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1214577C (en) * | 2002-05-16 | 2005-08-10 | 华为技术有限公司 | Method for AAA server control access device on Internet protocol network |
| CN1564522A (en) * | 2004-03-31 | 2005-01-12 | 港湾网络有限公司 | Fast re-dialling method when abnormal off-line of dialling user |
| CN100365983C (en) * | 2005-11-29 | 2008-01-30 | 华为技术有限公司 | Method for realizing packet data prepayment service |
| CN100561927C (en) * | 2006-01-12 | 2009-11-18 | 中兴通讯股份有限公司 | A kind of remote dial access service authentication protocol and charging method |
| CN101312473B (en) * | 2007-05-25 | 2011-12-07 | 中兴通讯股份有限公司 | Method realizing pre-payment charging sheme type switching |
| CN101141305B (en) * | 2007-10-08 | 2010-11-24 | 福建星网锐捷网络有限公司 | Network security defensive system, method and security management server |
| CN101442793B (en) * | 2008-12-30 | 2010-09-29 | 杭州华三通信技术有限公司 | Access method, apparatus and system for wireless network |
| CN102083036A (en) * | 2009-11-30 | 2011-06-01 | 华为技术有限公司 | Processing method for mobile terminal to enter or leave idle mode and device and system for same |
| CN102340758B (en) * | 2011-09-26 | 2015-05-27 | 华为技术有限公司 | Charging method, device and system, and authentication device |
| EP2798865B1 (en) * | 2011-12-27 | 2017-11-01 | Telefonaktiebolaget LM Ericsson (publ) | Method and apparatus for controlling charging in a communication network |
| CN103517248A (en) * | 2013-08-14 | 2014-01-15 | 华为软件技术有限公司 | Control treatment method and device for network budget |
| CN104980292B (en) * | 2014-04-02 | 2018-11-30 | 中国电信股份有限公司 | User's online information management method and system |
| CN106714129B (en) * | 2015-11-16 | 2020-04-03 | 华为技术有限公司 | Roaming charging method, related device and online charging system |
| CN106910267A (en) * | 2017-01-05 | 2017-06-30 | 深圳市多度科技有限公司 | A kind of intelligent access control system and its application method |
| CN115296926B (en) * | 2022-09-27 | 2022-12-27 | 杭州安恒信息技术股份有限公司 | Network flow management and control method, device, equipment and medium |
-
2023
- 2023-03-20 CN CN202310267626.8A patent/CN115987701B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113014427A (en) * | 2021-02-22 | 2021-06-22 | 深信服科技股份有限公司 | Network management method and apparatus, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115987701A (en) | 2023-04-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108494703B (en) | Access frequency control method, device and storage medium | |
| CN109076063B (en) | Protecting dynamic and short-term virtual machine instances in a cloud environment | |
| CN102624677B (en) | Method and server for monitoring network user behavior | |
| CN100583114C (en) | System and method for remote security enablement | |
| CN110941844B (en) | Authentication method, system, electronic equipment and readable storage medium | |
| RU2710860C1 (en) | Method for limiting the scope of automatic selection of a virtual protection machine | |
| CN103368904A (en) | Mobile terminal, and system and method for suspicious behavior detection and judgment | |
| US8694993B1 (en) | Virtualization platform for secured communications between a user device and an application server | |
| CN111079091A (en) | Software security management method and device, terminal and server | |
| US20120331521A1 (en) | System and method for application centric cloud management | |
| CN106656985B (en) | Backup account login method, device and system | |
| CN106357807A (en) | Data processing method, device and system | |
| CN114244568B (en) | Security access control method, device and equipment based on terminal access behavior | |
| CN114978697A (en) | Network information system endogenous security defense method, device, equipment and medium | |
| CN115987701B (en) | Management method and device of access equipment, terminal equipment and medium | |
| CN105979519A (en) | Method and device for controlling network access through charging state | |
| CN110351345B (en) | Method and device for processing service request | |
| CN111813627A (en) | Application auditing method, device, terminal, system and readable storage medium | |
| CN114969834B (en) | Page authority control method, device, storage medium and equipment | |
| US20130073729A1 (en) | User terminal, and method and apparatus for controlling the software management thereof | |
| CN114327757B (en) | Network target range tool delivery method, device, equipment and readable storage medium | |
| EP3243313B1 (en) | System and method for monitoring a computer system using machine interpretable code | |
| CN117319212B (en) | Multi-tenant isolated password resource automatic scheduling system and method in cloud environment | |
| EP3672290B1 (en) | Cellular behaviour manager | |
| CN112367347B (en) | Encryption equipment access method, device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |