CN1223155C - Method for realizing 802.1 X communication based on group management - Google Patents
Method for realizing 802.1 X communication based on group management Download PDFInfo
- Publication number
- CN1223155C CN1223155C CNB021430713A CN02143071A CN1223155C CN 1223155 C CN1223155 C CN 1223155C CN B021430713 A CNB021430713 A CN B021430713A CN 02143071 A CN02143071 A CN 02143071A CN 1223155 C CN1223155 C CN 1223155C
- Authority
- CN
- China
- Prior art keywords
- switch
- message
- client
- certificate server
- command switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Abstract
The present invention discloses an 802.1X communication realization method based on cluster management. An 802.1X client end is communicated with an 802.1X authentication server through an 802.1X device end. The present invention has the key point that multiple 802.1X device ends are divided into a cluster in advance; one 802.1X device end in the cluster is set as a command exchanger of the cluster; other 802.1X device ends are all member exchangers. When the 802.1X client end is communicated with the 802.1X authentication server, the 802.1X client end firstly sends a message to the member exchanger connected with the 802.1X client end; the member exchanger then sends the information to the 802.1X authentication server through the command exchanger. Returned information after processed by the 802.1X authentication server is likewise sent to the 802.1X client end via the member exchangers connected with the command exchanger and a destination 802.1X client end. The method can manage 802.1X device ends at an RADIUS client end in a centralized mode, and can enlarge the access number of the 802.1X client end and save the resources of public network IP addresses.
Description
Technical field
The present invention relates to the communication technology of 802.1X, be meant a kind of 802.1X communication implementation method especially based on cluster management.
Background technology
At present, insert in the environment at cable broadband, usually between access device and certificate server, carry out the 802.1X authentication, the dial-in customer is served remote authentication server (RADIUS), is the client (Client) of RADIUS as the access device that authenticates access unit (Authenticator).
So-called 802.1X agreement is the access to netwoks control protocol based on port that Institute of Electrical and Electric Engineers in June calendar year 2001 (IEEE) standardization body formally passes through.IEEE 802.1X has defined the network insertion control protocol based on port, and wherein, port can be a physical port, also can be logic port.The typical application mode has: a physical port of Ethernet switch connects a client computer.
Network insertion control based on port, be to insert level at the physics of the network equipment to authenticate and control to inserting client, physics herein inserts the port that level is meant Ethernet exchange or broadband access equipment, if the subscriber equipment that is connected on this generic port can just can have access to the resource in the network by authentication; If can not pass through authentication, then can't the interior resource of accesses network.
IEEE 802.11, are also referred to as IEEE 802 LAN, definition be the WLAN (wireless local area network) access way, this access way does not provide access authentication, in general, as long as user's energy access to LAN control appliance, as LanSwitch, the user just can visit equipment or the resource in the local area network (LAN).But for application such as telecommunications access, office building, local area network (LAN) and mobile offices, the equipment supplier wishes and can user's access be controlled and be disposed, and has produced 802.1X access control demand for this reason.
The architecture of IEEE 802.1X as shown in Figure 1, the 802.1X system has three entities: FTP client FTP (Supplicant System), equipment end (Authenticator System), certificate server system (Authentication Server System).Further comprise the client port ontology of states (PAE) in client, further comprise service and the equipment end port status entity that the equipment end system provides, in the certificate server system, further comprise certificate server in equipment end; This certificate server links to each other with the port status entity of equipment end, come authentication information between switching equipment end and certificate server by Extensible Authentication Protocol (EAP), the port status entity of client is directly linked on the Local Area Network, the service of equipment end and port status entity are connected on the local area network (LAN) by controlled ports (Controlled Port) and uncontrolled port respectively, and client and equipment end communicate by the authentication protocol between client and equipment end (EAPOL).Wherein, Controlled Port is responsible for Control Network resource and professional visit.
Generally, need realize the equipment end system (AuthenticatorSystem) of 802.1X at User Access Layer equipment; 802.1X FTP client FTP be installed among the user PC; 802.1X the certificate server system reside in the AAA center of operator, this AAA is meant charging (Account), authentication (Authentication) and mandate (Authorization).
As shown in Figure 1, there are controlled ports (Controlled Port) and uncontrolled port (Uncontrolled Port) in the inside of equipment end system, this uncontrolled port is in the diconnected state all the time, is mainly used to transmit the EAPOL protocol frame, can guarantee to receive at any time and send the EAPOL protocol frame; And controlled ports is only just opened under the state that authentication is passed through, be used for delivery network resource and service, that is to say, the authentication not by the time this controlled ports be unauthorized port, that controlled ports can be configured to is bi-direction controlled, only import controlled dual mode, to adapt to the needs of different application environment.
Utilization 802.1X agreement in Ethernet can provide not the port by authentification of user not use, and the port by authentication can the automatic dynamic configuration and the function of accesses network resource, to be different from the characteristic of traditional ethernet switch.
But in existing access environment, there is following problem in the 802.1X Verification System:
1) as the access device of authentication access unit (Authenticator), the dial-in customer being served remote authentication (RADIUS) server, is radius client (Client).Because its network site is lower, the access node number is numerous, and too disperses, management Internet protocol (IP) address and media interviews control (MAC) address that operator need write down every equipment are used for management, so, management is inconvenience very, and the workload of the updating apparatus of on-site maintenance simultaneously is too big.
2) a lot of two layers of access device do not have public network IP address, can't be as the radius client of radius server.
3) because many radius servers are restricted to the access number of RADIUS Client, so for the low capacity access device, can't finish jumbo user under, the equipment access number condition of limited little at single-machine capacity inserts, thereby give low capacity, the distributing access model has brought very big restriction.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of 802.1X communication implementation method based on cluster management, it can be managed concentratedly the 802.1X equipment end of RADIUS Client, and enlarge the access number of 802.1X client, save public network IP address resources.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of 802.1X communication implementation method based on cluster management, 802.1X client communicates by 802.1X equipment end and 802.1X certificate server, key is: according to cluster management protocol an above 802.1X equipment end is divided into a cluster, set divide that any one 802.1X equipment end is unique command switch of communicating by letter with the 802.1X certificate server in the described cluster in the cluster, and be provided with that all the other 802.1X equipment end are the member switch that is connected between 802.1X client and the command switch in the described cluster;
When 802.1X client and 802.1X certificate server communicate, 802.1X client sends to message on the member switch that is attached thereto earlier, this member switch sends to the 802.1X certificate server with the command switch of information by cluster under self again; 802.1X the return messages after certificate server is handled send to purpose 802.1X client via the command switch of cluster under the purpose 802.1X member switch that client connects, the member switch that purpose 802.1X client connects equally.
Communicating by letter between described 802.1X client and the 802.1X certificate server further comprises the 802.1X authentication, and this verification process comprises at least:
The message that the a1.802.1X client will authenticate is delivered on the member switch that is attached thereto, this member switch sends to message identifying on the command switch of cluster under self again and handles, described command switch is discerned the message of receiving and change, and sends to then on the 802.1X certificate server to authenticate;
The message that the b1.802.1X certificate server returns, arrive described command switch earlier, after of the identification and conversion of described command switch to message, be distributed on the corresponding target member switch, this purpose member switch returns authentication result corresponding target 802.1X client again.
Wherein, step a1 further comprises:
802.1X client sends initiation message earlier to the member switch that is attached thereto, this member switch is received the request message of back to 802.1X client transmission tape identification, and the 802.1X client is responded response message; Send the request message of band cryptographic challenge value after this member switch is received again to the 802.1X client, the 802.1X client is responded response message; This member switch to 802.1X client authentication after, the command switch of cluster sends authentication request packet under self, comprising the message that will authenticate, sign, MD5-inquiry value and MD5 password.Behind authentication success, this method comprises that further setting current port status is licensing status.
Communicating by letter between described 802.1X client and the 802.1X certificate server further comprises the 802.1X communication charge, and this charging process comprises:
A2. the member switch that will charge command switch of cluster under self sends the beginning message that charges, and handles after described command switch is received, issues the 802.1X certificate server then;
After the b2.802.1X certificate server is received the charging request message that described command switch sends, send out for described command switch to charge the beginning back message using;
C2. after described command switch is received the charging request back message using that the 802.1X certificate server sends, discern and conversion process and determine the purpose member switch, send to this purpose member switch then;
D2. after this purpose member switch is received the charging request back message using of described command switch forwarding, the fixed interval time, send the Intermediate Charging ICH message to described command switch, described command switch is handled after receiving this Intermediate Charging ICH request message, issues the 802.1X certificate server then;
After the e2.802.1X certificate server is received the next Intermediate Charging ICH message of described command switch, send out the Intermediate Charging ICH back message using for described command switch;
F2. every fixed interval is after the time, repeating step d2 and step e2.
Communicating by letter between described 802.1X client and the 802.1X certificate server comprises that further the 802.1X client rolls off the production line, and this time line process may further comprise the steps:
The a3.802.1X client is given the report from a liner literary composition to the member switch that is attached thereto, and after this member switch was received, the command switch of cluster sent to charge and stops message under self;
B3. described command switch receives that the charging that member switch is sent stops message, issues the 802.1X certificate server after handling; 802.1X after certificate server receives that charging that described command switch is sent stops message, send out for described command switch and charge to stop back message using;
C3. after described command switch receives that charging that the 802.1X certificate server is sent stops back message using, discern and conversion process and determine the purpose member switch, issue this purpose member switch then;
D3. after this purpose member switch receives that charging that described command switch is transmitted stops back message using, the state of this port is made as unauthorized state by the 802.1X agreement.
By such scheme as can be seen, key of the present invention is: in the 802.1X authentication system, utilize cluster management protocol, it is a cluster that one group of switch is incorporated into, command switch in the cluster is acted on behalf of as a 802.1X, and member switch communicates by command switch and far-end radius server as the 802.1X agency as the 802.1X equipment end, thereby the number of RADIUSClient on the minimizing radius server increases the number of users that radius server can insert.
Therefore, the 802.1X communication implementation method based on cluster management provided by the present invention in the communication system of 802.1X, realizes the 802.1X agency based on cluster management, and it has following advantage and characteristics:
1) owing to divided cluster, each cluster by a 802.1X equipment end as the command switch in the cluster, act on behalf of communicating by letter between all the other all 802.1X equipment end and the 802.1X certificate server, therefore, has only the 802.1X equipment end contact with foreign countries of minority, only take a small amount of public network IP address, thereby saved the IP address resource of public network.
2) for the two-layer equipment that does not have public network IP address, but the application cluster management agreement, with its member switch, with the RADIUS Client of its command switch as certificate server as command switch.
3) because in whole 802.1X communication process, when communicating by letter with the 802.1X certificate server as the 802.1X equipment end of command switch, it is radius client as radius server, therefore, made things convenient for the maintenance of network, reduced to safeguard workload as the 802.1X equipment end of RADIUS Client.
4) though have only command switch with radius server is direct-connected, but in fact also can connect several 802.1X equipment end below the command switch, thereby enlarge the actual access of the client number that radius client is inserted the conditional radius server of number as member switch.
5) allow concrete application and realize between loose coupling, management equipment does not need to understand the realization details of concrete managed devices.And, can collect the topological structure under the arbitrary networking.
Description of drawings
Fig. 1 is the architectural schematic of IEEE 802.1X;
Fig. 2 is the practical application topologic network figure of cluster;
Fig. 3 is the composition structural representation of cluster member;
Fig. 4 is the networking structure schematic diagram that the present invention is based on the 802.1X Proxy Method realization of cluster management;
Fig. 5 is the message flow chart that the present invention is based on the 802.1X Proxy Method realization of cluster management.
Embodiment
The present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
In some local area network (LAN)s; usually can comprise a large amount of network equipments but have a spot of public network IP address; for convenience to the unified management of the network equipment and the resource occupation of minimizing IP address; propose to have a kind of method of cluster management at present; its purpose mainly is with less public network IP address; manage relatively large low side devices, simultaneously for the user provides unified network management interface, to make things convenient for the user to equipment unified management and maintenance.
As shown in Figure 2, the main contents of this cluster management scheme concentrate in together some equipment exactly, constitute a cluster in logic, then by a control point in the cluster, just an equipment in the cluster is finished the centralized management to other equipment control stream and partial service control flows.Wherein, management flow comprises the SNMP webmaster at least, load, and the daily record alarm, order line, WEB webmaster etc., professional control flows is meant RADIUS authentication agreement etc.
Figure 3 shows that the role that each part is taken in the cluster, as shown in Figure 3, comprise four class switches in each cluster at least:
Command switch: the order line switch is by operator's appointment, as external unique node of management, finishes converging and distribute various control flows in cluster.
Backup switch: backup switch is as the backup of command switch, and when command switch lost efficacy, auto-update became command switch new in the cluster.
Candidate switch: candidate switch is relative cluster, is meant the switch that does not also add cluster, and the initial identity of all switches all is a candidate switch.
Member switch: member switch is meant the switch that adds cluster, and candidate switch promptly becomes member switch after adding cluster.In cluster, member switch can directly link to each other with command switch, or with other member switch cascade, by upper level member switch and command switch intercommunication.
The realization that each management maintenance that cluster provides the outside is used comprises the loading, daily record, alarm report of SNMP webmaster, order line, program and data etc., all need be transmitted to member switch to the message of application protocol by command switch.Agency's forwarding to these application protocols in the cluster management realizes by the network address translation (nat) mode, this method and the method development amount by comparison of acting as agent for every kind of application separately are less, and standard N AT helps realizing transmitting the processing expenditure that processing alleviates command switch by hardware.
Because cluster is formed structure and management agreement by maturation, the present invention promptly adopts the thought of cluster management, as shown in Figure 4, the switch of a part of 802.1X equipment end is divided into a group, promptly constitute a cluster, application cluster management agreement on this group 802.1X equipment end.In this cluster, specifying a 802.1X equipment end is command switch, and as the agency of 802.1X, this command switch links to each other with the 802.1X certificate server by IP network; Other 802.1X equipment end in will organizing simultaneously is appointed as member switch, and as the 802.1X certificate server, all member switch connect a plurality of 802.1X clients respectively to these member switch with command switch.
Based on above-mentioned networking structure, the 802.1X client becomes to the process that the 802.1X certificate server authenticates: the message that the 802.1X client will authenticate is delivered on the member switch that is attached thereto; This member switch sends to message identifying on the command switch and handles; Command switch is handled the message of receiving and change, and sends to certificate server then and gets on to authenticate.The message that certificate server returns at first arrives command switch, and command switch with message identification, conversion, is distributed on the corresponding target member switch more then, and this member switch returns authentication result corresponding target 802.1X client again.
In said process, the certificate server that command switch itself is seen is exactly real external certificate server, and the certificate server that member's switch is seen is virtual certificate server, is actually a 802.1X equipment end of being appointed as command switch.After incorporating one group of switch into a cluster, concerning certificate server, its RADIUS Client is this switch of command switch.So, just solved the problem that low capacity, the access of distributing multiple spot consume the radius server client resource.
For the candidate switch that does not become member switch in the cluster, the certificate server that it is seen is still real external certificate server, and it can carry out normal 802.1X authentication, but it must exist as a client of radius server.After candidate switch adding cluster becomes member switch, the certificate server that it is seen just switches to command switch by original external certificate server, equally, after member's switch withdrawed from cluster, the certificate server that it is seen also switched to real external certificate server by original command switch.Whether switch adds startup that cluster do not influence 802.1X authentication and closes.
In the 802.1X networking structure shown in Figure 4, detailed communication process comprises the steps: as shown in Figure 5 between 802.1X client and the 802.1X certificate server
1) at first, a 802.1X equipment end is set at command switch,, connects 802.1X certificate server and all member switch, i.e. other 802.1X equipment end as the 802.1X agency.
2) the 802.1X client is being delivered to message identifying the 802.1X equipment end, because the 802.1X equipment end simultaneously is again the member switch in this cluster, so press the cluster management scheme, the 802.1X equipment end can be delivered to message the command switch processing of getting on.
Specifically as shown in Figure 5,802.1X sending EAPOL-earlier, client starts (Start) message to the member switch that is attached thereto, member switch is received the request message EAPOL-request/sign (Request/Identity) of back to 802.1X client transmission tape identification, and the 802.1X client is responded response message EAPOL-response/identity (Response/Identity); Send the request message EAPOL-request/inquiry value (Request/MD5 Challenge) of band cryptographic challenge value after member switch is received again to the 802.1X client, the 802.1X client is responded response message EAPOL-response/inquiry value (Response/MD5 Challenge).802.1X equipment end, promptly member's switch to 802.1X client authentication after, to command switch, promptly 802.1X agency sends authentication request packet, comprising the message that will authenticate, sign, MD5-inquiry value and MD5 password.
3) after command switch is received the authentication request packet that member switch sends here, in the RADIUS of command switch module, carry out processing such as network address translation, then, send out authentication request packet and give radius server, comprising the message that will authenticate, sign, MD5-inquiry value and MD5 password.
4) the radius server message identifying that switch is sent that receives orders after checking, is sent out the authentication back message using to command switch, comprising the authorization message or the authentication failure message of authentication success.This command switch is here as the radius client of radius server.
5) after command switch is received the authentication back message using that radius server sends, in its RADIUS module, discern and change, after determining send to which member switch, be about to authentication success or failed message and issue this purpose member switch, wherein can comprise authorization message.
6) after the purpose member switch receives orders the authentication back message using that switch transmits, deliver to 802.1X agreement control module, the EAPoL message is issued the 802.1X client, wherein comprise success or failure information by the RADIUS module.Simultaneously, port status is made as authorizes (Authorized).
So far, the complete 802.1X verification process based on cluster management just is through with.This process is made as command switch and member switch with the 802.1X equipment end respectively, and the command switch in this cluster is acted on behalf of as 802.1X, finishes the 802.1X client to the authentication operation between the 802.1X certificate server.
After 802.1X verification process finishes, 802.1X client just begins normal communication process, in whole communication process, member switch, command switch and radius server also will be finished billing operation, its process and prior art are basic identical, have just increased one deck 802.1X agency between 802.1X equipment end and radius server.Its implementation procedure is as shown in Figure 5:
1) the 802.1X equipment end that will charge, be that member's switch is acted on behalf of to 802.1X, promptly command switch sends the beginning message that charges, after command switch is received this charging request message, in the RADIUS module, carry out issuing radius server after network address translation etc. handles.
2) after radius server receives orders the charging request message that switch sends, send out the beginning back message using that charges to command switch.This command switch is here as the radius client of radius server.
3) after command switch is received the charging request back message using that radius server sends, in the RADIUS module, discern and conversion process, after determining issue which member switch, send to this purpose member switch.
4) Dui Ying purpose member switch receives orders behind the charging request back message using that switch turns over, certain interval of time, send the Intermediate Charging ICH message to command switch, after command switch is received this charging request message, in the RADIUS module, carry out processing such as network address translation, issue radius server.
5) after radius server receives orders the Intermediate Charging ICH message of switch, send out the Intermediate Charging ICH back message using to command switch.This command switch is here as the radius client of radius server.
6) between at regular intervals the section after, repeating step 10) and 11).
When the 802.1X client user was rolled off the production line, the 802.1X communication process may further comprise the steps:
1) the 802.1X client is sent the message EAPoL-Logoff that rolls off the production line to the member switch that is attached thereto, and this member switch receives that EAPoL-Logoff that the 802.1X client is sent rolls off the production line behind the message, sends to charge to command switch to stop message.
2) after command switch receives that charging that member switch is sent stops request message, in the RADIUS module, handle, issue radius server; Radius server receives orders after charging that switch sends stops message, sends out to charge to command switch to stop back message using.
3) after command switch receives that charging that radius server is sent stops back message using, in the RADIUS module, discern and conversion process, after determining issue which member switch, issue this purpose member switch.
4) Dui Ying purpose member switch receives orders after charging that switch turns over stops back message using, by the control of 802.1X agreement, the state of this port is made as unauthorized (Unauthorized).
In a word, the above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (6)
1, a kind of 802.1X communication implementation method based on cluster management, 802.1X client communicates by 802.1X equipment end and 802.1X certificate server, it is characterized in that: an above 802.1X equipment end is divided into a cluster according to cluster management protocol, set divide that any one 802.1X equipment end is unique command switch of communicating by letter with the 802.1X certificate server in the described cluster in the cluster, and be provided with that all the other 802.1X equipment end are the member switch that is connected between 802.1X client and the command switch in the described cluster;
When 802.1X client and 802.1X certificate server communicate, 802.1X client sends to message on the member switch that is attached thereto earlier, this member switch sends to the 802.1X certificate server with the command switch of information by cluster under self again; 802.1X the return messages after certificate server is handled send to purpose 802.1X client via the command switch of cluster under the purpose 802.1X member switch that client connects, the member switch that purpose 802.1X client connects equally.
2, implementation method according to claim 1 is characterized in that: communicating by letter between described 802.1X client and the 802.1X certificate server further comprises the 802.1X authentication, and this verification process comprises at least:
The message that the a1.802.1X client will authenticate is delivered on the member switch that is attached thereto, this member switch sends to message identifying on the command switch of cluster under self again and handles, described command switch is discerned the message of receiving and change, and sends to then on the 802.1X certificate server to authenticate;
The message that the b1.802.1X certificate server returns, arrive described command switch earlier, after of the identification and conversion of described command switch to message, be distributed on the corresponding target member switch, this purpose member switch returns authentication result corresponding target 802.1X client again.
3, implementation method according to claim 2 is characterized in that step a1 further comprises:
802.1X client sends initiation message earlier to the member switch that is attached thereto, this member switch is received the request message of back to 802.1X client transmission tape identification, and the 802.1X client is responded response message; Send the request message of band cryptographic challenge value after this member switch is received again to the 802.1X client, the 802.1X client is responded response message; This member switch to 802.1X client authentication after, the command switch of cluster sends authentication request packet under self, comprising the message that will authenticate, sign, MD5-inquiry value and MD5 password.
4, implementation method according to claim 2 is characterized in that: behind the authentication success, this method comprises that further setting current port status is licensing status.
5, implementation method according to claim 1 is characterized in that: communicating by letter between described 802.1X client and the 802.1X certificate server further comprises the 802.1X communication charge, and this charging process comprises:
A2. the member switch that will charge command switch of cluster under self sends the beginning message that charges, and handles after described command switch is received, issues the 802.1X certificate server then;
After the b2.802.1X certificate server is received the charging request message that described command switch sends, send out for described command switch to charge the beginning back message using;
C2. after described command switch is received the charging request back message using that the 802.1X certificate server sends, discern and conversion process and determine the purpose member switch, send to this purpose member switch then;
D2. after this purpose member switch is received the charging request back message using of described command switch forwarding, the fixed interval time, send the Intermediate Charging ICH message to described command switch, described command switch is handled after receiving this Intermediate Charging ICH request message, issues the 802.1X certificate server then;
After the e2.802.1X certificate server is received the next Intermediate Charging ICH message of described command switch, send out the Intermediate Charging ICH back message using for described command switch;
F2. every fixed interval is after the time, repeating step d2 and step e2.
6, implementation method according to claim 1 is characterized in that: communicating by letter between described 802.1X client and the 802.1X certificate server comprises that further the 802.1X client rolls off the production line, and this time line process may further comprise the steps:
The a3.802.1X client is given the report from a liner literary composition to the member switch that is attached thereto, and after this member switch was received, the command switch of cluster sent to charge and stops message under self;
B3. described command switch receives that the charging that member switch is sent stops message, issues the 802.1X certificate server after handling; 802.1X after certificate server receives that charging that described command switch is sent stops message, send out for described command switch and charge to stop back message using;
C3. after described command switch receives that charging that the 802.1X certificate server is sent stops back message using, discern and conversion process and determine the purpose member switch, issue this purpose member switch then;
D3. after this purpose member switch receives that charging that described command switch is transmitted stops back message using, the state of this port is made as unauthorized state by the 802.1X agreement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021430713A CN1223155C (en) | 2002-09-20 | 2002-09-20 | Method for realizing 802.1 X communication based on group management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021430713A CN1223155C (en) | 2002-09-20 | 2002-09-20 | Method for realizing 802.1 X communication based on group management |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1484412A CN1484412A (en) | 2004-03-24 |
| CN1223155C true CN1223155C (en) | 2005-10-12 |
Family
ID=34148183
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB021430713A Expired - Lifetime CN1223155C (en) | 2002-09-20 | 2002-09-20 | Method for realizing 802.1 X communication based on group management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1223155C (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100375427C (en) * | 2005-11-25 | 2008-03-12 | 杭州华三通信技术有限公司 | Cluster device batch file transmitting method and file transmission device |
| US20090150665A1 (en) * | 2007-12-07 | 2009-06-11 | Futurewei Technologies, Inc. | Interworking 802.1 AF Devices with 802.1X Authenticator |
| CN101621749B (en) * | 2009-07-27 | 2011-07-27 | 普天信息技术研究院有限公司 | Digital clustering communication system and implementation method of clustering services |
| CN101621417B (en) * | 2009-08-11 | 2012-01-11 | 中兴通讯股份有限公司 | Method and exchanger for managing member machine of colony |
| CN101674201B (en) * | 2009-10-30 | 2012-05-30 | 迈普通信技术股份有限公司 | Method for actively triggering active standby switch of Ethernet switch clustering |
| CN102244863B (en) * | 2010-05-13 | 2015-05-27 | 华为技术有限公司 | 802.1x-based access authentication method, access equipment and aggregation equipment |
| CN106332078B (en) * | 2015-06-26 | 2020-05-05 | 中兴通讯股份有限公司 | dot1x user authentication system, method and device |
| CN108076459B (en) * | 2016-11-08 | 2021-02-12 | 北京华为数字技术有限公司 | Network access control method, related equipment and system |
-
2002
- 2002-09-20 CN CNB021430713A patent/CN1223155C/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| CN1484412A (en) | 2004-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1192574C (en) | Controlled group broadcasting system and its realizing method | |
| CN101465856B (en) | Method and system for controlling user access | |
| CN1166124C (en) | Equipment peer-to-peer connection method in realizing dynamic network connection in home network | |
| CN100397835C (en) | Restricted WLAN access for unknown wireless terminal | |
| EP2624525A1 (en) | Method, apparatus and virtual private network system for issuing routing information | |
| CN1213567C (en) | Concentrated network equipment managing method | |
| CN101110847B (en) | Method, device and system for obtaining medium access control address | |
| US20050041602A1 (en) | Methods and apparatus for providing high speed connectivity to a hotel environment | |
| CN1265580C (en) | Identification and business management for network user | |
| KR100879148B1 (en) | Method and system for iptv service authentication and service quality | |
| CN101212374A (en) | Method and system for remote access to campus network resources | |
| CN1553691A (en) | High-capacity wide-band inserting method and system | |
| US8611358B2 (en) | Mobile network traffic management | |
| CN101951325A (en) | Network terminal configuration system based on automatic discovery and configuration method thereof | |
| CN101087236B (en) | VPN access method and device | |
| CN101197785A (en) | MAC authentication method and apparatus | |
| CN101237332A (en) | Billing method, billing system and traffic statistical device | |
| CN1905504A (en) | Method for implementing virtual LAN based on WAPI system in WLAN | |
| CN1567868A (en) | Authentication method based on Ethernet authentication system | |
| CN103069750B (en) | The method and system of the connection for being efficiently used between communication network and this communication network and customer rs premise equipment | |
| CN1223155C (en) | Method for realizing 802.1 X communication based on group management | |
| CN103139772A (en) | Method for processing terminal accessed to local area network and method and device for used data statistic | |
| CN101599834B (en) | Method for identification and deployment and management equipment thereof | |
| CN101166093A (en) | An authentication method and system | |
| US20090271852A1 (en) | System and Method for Distributing Enduring Credentials in an Untrusted Network Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term |
Granted publication date: 20051012 |
|
| CX01 | Expiry of patent term |