CN1315285C - A method for detecting access equipment exception and restarting by authentication server - Google Patents
A method for detecting access equipment exception and restarting by authentication server Download PDFInfo
- Publication number
- CN1315285C CN1315285C CNB2003101005004A CN200310100500A CN1315285C CN 1315285 C CN1315285 C CN 1315285C CN B2003101005004 A CNB2003101005004 A CN B2003101005004A CN 200310100500 A CN200310100500 A CN 200310100500A CN 1315285 C CN1315285 C CN 1315285C
- Authority
- CN
- China
- Prior art keywords
- access device
- startup
- user
- authentication
- aaa server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000012545 processing Methods 0.000 claims description 11
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 230000004044 response Effects 0.000 description 12
- 230000005540 biological transmission Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The present invention discloses a method for detecting the restarting of access equipment by an authentication server due to exception. In the method, the starting mark of access equipment is added in an authentication request message transmitted by an authentication server; the starting mark saved by the access equipment on the authentication server is compared with the starting mark in the authentication request message, if the starting marks are the same, the access equipment is normal, and a request user is authenticated; otherwise, the access equipment is restarted after confirmed to have an exception, users relevant to the access equipment are repositioned, the starting mark in the authentication request message is used for updating the starting mark saved on the authentication server, and then the request user is authenticated.
Description
Technical field
The present invention relates to the access device in the communication network, particularly detect the method that access device starts.
Background technology
Along with development of internet technology, the Internet network is increasing, and the user is more and more.Most user is connected on the access device by various access waies, and after the authentication and authorization through authentication, authentication, accounting server (aaa server), the user could real being linked among the Internet.Access device and aaa server have kept the online state information of user simultaneously, are used for the user is chargeed.When equipment takes place to restart unusually, the state information of user on access device all lost, and aaa server is not known the state of equipment, still preserves this these user's online information, has caused the User Status on aaa server and the access device inconsistent.Behind the device start, when the user reuses network, because therefore access device this user's information not need verify this user's identity to aaa server.And aaa server thinks that this user is still online, generally speaking the login that (except the situation of one card for multiple uses) will refusing user's.This shows, if equipment takes place unusual after restarting, do not know situation because of aaa server and will cause a large amount of user identity legal but could not get on to the Net, thereby cause customer complaint.
Processing to the problems referred to above in the prior art mainly contains following two kinds of schemes:
Technical scheme one: aaa server is not done any detection to the abnormal conditions of access device, when equipment takes place to restart unusually, detect back informing network keeper by webmaster, the network manager reinforms the keeper of aaa server, and the aaa server keeper handles the user who inserts from this equipment according to unusual equipment takes place again.There is following shortcoming in this processing mode:
1, processing links is various, reacts very slow.The network manager does not also have enough time to notify the keeper of aaa server probably, has just received a large amount of complaints.
2, troublesome poeration is made mistakes easily.The network manager needs careful inquiry that the unusual access device and the aaa server of this equipment correspondence take place, and notifies corresponding aaa server keeper then; The aaa server keeper need carry out reset operation to corresponding user according to access device.In case certain link goes wrong and mistakenly some normal users resetted, will cause damage to operator.
3, maintenance workload is big, the cost height.This scheme has additionally increased system manager's workload, particularly handles the cost that a large amount of complaints can increase operator greatly.
Technical scheme two: when access device takes place to restart unusually, send one to aaa server and start message, notice aaa server equipment has taken place unusually.Aaa server will send a response message to access device after receiving this message, think that simultaneously this equipment has taken place unusually, will carry out reset processing with this user-dependent user.If access device received the startup response message then entered normal condition, otherwise a period of time do not receive that response message will be retransmitted and start message, will no longer send if also receive after retransmitting several times.Though can there be following shortcoming in this scheme initiatively to the aaa server report when access device takes place to restart unusually:
1, realizes that configuration is complicated, the cost height.Because need to send message, and need to realize retransmission mechanism, so equipment needs the maintain sessions state, need the wait-for-response time-out time in addition, retransmit configuration such as number of times, increased the development and testing maintenance cost.In some three-tier switch, be subject to processing the performance limitations of chip, this function almost can't realize.
2, reliability is not high.Because when starting message dropping, unusual information can not take place by acquisition equipment in aaa server.Though this message has retransmission mechanism, but can not guarantee that aaa server one receives surely.Before equipment received to start response message, if there is the user to login, then this user may be rejected and insert or insert the back by the aaa server erroneous resets simultaneously.
Summary of the invention
The object of the present invention is to provide a kind of method of certificate server detection access device abnormal restarting, to solve in the prior art to inserting detection of complex and the insecure problem that unit exception is restarted.
Realize technical scheme of the present invention:
A kind of certificate server detects the method for access device abnormal restarting, with accessing user terminal to network, by described certificate server user terminal is carried out access authentication by described access device; Described method comprises step:
A, in the authentication request packet that certificate server sends, adding the startup sign of access device;
B, startup sign and the sign of the startup in the authentication request packet that described access device is preserved on certificate server compare, if identical, confirm that then access device is normal, and carry out step D; Otherwise confirm that access device restarts, and carries out step C after taking place unusually;
C, the associated user to described access device carries out reset processing at least, and with the startup sign of preserving on the startup identification renewal certificate server in the authentication request packet;
D, to the request user carry out authentication processing.
Wherein:
Described startup is designated the start-up time of access device; Described access device obtains this equipment current system time as starting sign and preserving when starting.
Described startup is designated a random number that produces when access device starts.
The present invention has following beneficial effect:
1, has the reliability height.Because all comprise the start-up time of access device in each authentication request packet, so as long as aaa server receives that a message just can obtain the information that access device restarts.
2, response in time.Aaa server is received the information that first message identifying after restarting can acquisition equipment restarts, and what promptly need at first to serve meets with a response at first.
3, realize simply.Access device only need write down start-up time, does not need to consider the retransmission mechanism of message; Aaa server does not need to handle extra message yet.
Description of drawings
Fig. 1 is a logic networking schematic diagram;
Fig. 2 is the flow chart that charges in the prior art;
Fig. 3 is a flow chart of the present invention.
Embodiment
Consult shown in Figure 1ly, user terminal is by the access device access network, and access device, aaa server, webmaster link to each other by IP backbone.Communicate by the Radius agreement between access device and the aaa server, realize authentication and charging the user.
Consult shown in Figure 2, the general message flow of Radius agreement following (is example with the narrowband dialing Internet user):
1, the user imports username and password on dialer software, dials then;
2, user terminal connects by ppp protocol and access device;
3, access device sends authentication request (Access-Request) to aaa server;
4, aaa server authenticates the user;
If 4.1 authentication is not passed through, aaa server sends authentication refusal response (Access-Reject) to access device;
If 4.2 authentication is passed through, aaa server sends authentication acceptance response (Access-Accept) to access device;
5, after authentication was passed through, access device sent the beginning message (Acct-Start-Request) that charges to aaa server;
6, aaa server charges and handles the back to access device transmission charging response (Acct-Update-Response);
7, on the user in the network process, access device regularly sends billing update packet (Acct-Update-Request) to aaa server;
8, aaa server charges and handles the back to access device transmission charging response (Acct-Update-Response);
9, the user clicks on dialer software and disconnects when connecting, and dialer software sends PPPDisconnect to access device;
10, access device sends to charge to aaa server and stops message (Acct-Stop-Request);
11, aaa server charges and handles the back to access device transmission charging response (Acct-Stop-Response);
The Radius agreement is a kind of extendible agreement, can add attribute and message arbitrarily, but does not influence original function.
The present invention increases an access device at authentication request packet and stabs attribute start-up time by expansion Radius agreement, inserts access device and start sign in this timestamp attribute.
Access device is obtained the system time of equipment at that time and is kept in the internal memory as the startup sign of equipment when starting, all this time is filled in the device start timestamp attribute in each authentication request packet subsequently.
Also can when access device starts, produce a random number and be kept in the internal memory startup sign, in each authentication request packet subsequently, all this random number be filled in the device start timestamp attribute as equipment.
Aaa server writes down this timestamp when receiving the authentication request packet of access device at first, each authentication request packet of receiving from this equipment all compares with the timestamp of preserving and judges that whether access device is that restarting after unusual taken place subsequently.Aaa server is distinguished different access devices according to the IP address, and the start-up time of equipment is also corresponding with corresponding apparatus IP.
Consult shown in Figure 3ly, be designated example as startup start-up time, concrete processing procedure of the present invention is described as follows with access device:
Step 10: the user initiates to insert request by the input username and password;
Step 20: access device is inserted the start-up time of oneself in the timestamp attribute of authentication request packet, and sends to aaa server;
After step 30:AAA service receives authentication request packet, the start-up time of the access device that obtains preserving according to the IP address of access device, compare the start-up time that this start-up time and access device are filled in the timestamp attribute, if two start-up times are identical, confirm that then access device is normal, and carry out step D; Otherwise confirm that access device restarts after taking place unusually, and carry out step 40;
Step 40: the associated user to this access device operates, as reset processing, and with upgrading the start-up time of preserving on the certificate server start-up time in the authentication request packet timestamp attribute;
Step 50: authentication request is handled according to normal flow.
Because access device is after abnormal restarting, it then at first is to initiate to insert request that the user need surf the Net, therefore can guarantee that aaa server can in time find the situation of access device and make respective handling, occur thereby avoid occurring the legal but situation can't access network of user identity.Certainly, if an authentication request all can not receive, then aaa server does not need the information of restarting of the equipment that obtains yet, because there is not the user to surf the Net.
Claims (4)
1, a kind of certificate server detects the method for access device abnormal restarting, with accessing user terminal to network, by described certificate server user terminal is carried out access authentication by described access device; It is characterized in that described method comprises step:
A, in the authentication request packet that certificate server sends, adding the startup sign of access device;
B, startup sign and the sign of the startup in the authentication request packet that described access device is preserved on certificate server compare, if identical, confirm that then access device is normal, and carry out step D; Otherwise confirm that access device restarts, and carries out step C after taking place unusually;
C, the associated user to described access device carries out reset processing at least, and with the startup sign of preserving on the startup identification renewal certificate server in the authentication request packet;
D, to the request user carry out authentication processing.
2, the method for claim 1 is characterized in that, described startup is designated the start-up time of access device.
3, method as claimed in claim 2 is characterized in that, described access device obtains this equipment current system time as starting sign and preserving when starting.
4, the method for claim 1 is characterized in that, described startup is designated a random number that produces when access device starts.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101005004A CN1315285C (en) | 2003-10-10 | 2003-10-10 | A method for detecting access equipment exception and restarting by authentication server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101005004A CN1315285C (en) | 2003-10-10 | 2003-10-10 | A method for detecting access equipment exception and restarting by authentication server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1606276A CN1606276A (en) | 2005-04-13 |
| CN1315285C true CN1315285C (en) | 2007-05-09 |
Family
ID=34755988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003101005004A Expired - Fee Related CN1315285C (en) | 2003-10-10 | 2003-10-10 | A method for detecting access equipment exception and restarting by authentication server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1315285C (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100433645C (en) * | 2005-07-29 | 2008-11-12 | 杭州华三通信技术有限公司 | Network device management method and network management system |
| CN101971562B (en) * | 2009-03-20 | 2015-03-25 | 华为技术有限公司 | Method, device and system for controlling automatic running process performance |
| CN104808553B (en) * | 2009-03-20 | 2018-10-30 | 华为技术有限公司 | Control method, apparatus and system that automatic running process executes |
| CN106301887B (en) * | 2016-07-26 | 2019-08-23 | 东软集团股份有限公司 | Vertex ticks method and device, node start method and device |
| CN108829533B (en) * | 2018-05-22 | 2022-03-29 | 中国科学技术大学苏州研究院 | Fault tolerance detection method for intelligent computer system |
| CN108768673B (en) * | 2018-08-14 | 2021-01-26 | 新华三技术有限公司 | Method and device for ending charging |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0824841A1 (en) * | 1995-05-12 | 1998-02-25 | Nokia Telecommunications Oy | Checking the access right of a subscriber equipment |
| WO1999017502A1 (en) * | 1997-09-30 | 1999-04-08 | Alcatel | An identification method, a terminal realizing such a method and an access communication network including such a terminal |
| CN1297659A (en) * | 1998-04-14 | 2001-05-30 | 艾利森电话股份有限公司 | Mobile switching center restart recovery procedure |
-
2003
- 2003-10-10 CN CNB2003101005004A patent/CN1315285C/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0824841A1 (en) * | 1995-05-12 | 1998-02-25 | Nokia Telecommunications Oy | Checking the access right of a subscriber equipment |
| WO1999017502A1 (en) * | 1997-09-30 | 1999-04-08 | Alcatel | An identification method, a terminal realizing such a method and an access communication network including such a terminal |
| CN1297659A (en) * | 1998-04-14 | 2001-05-30 | 艾利森电话股份有限公司 | Mobile switching center restart recovery procedure |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1606276A (en) | 2005-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1212716C (en) | Method of sharing subscriber confirming information in different application systems of internet | |
| US20110035496A1 (en) | Automatic hardware failure detection and recovery for distributed max sessions server | |
| WO2014000303A1 (en) | Method for receiving message, and deep packet inspection device and system | |
| CN101032147A (en) | Method for updating a table of correspondence between a logical address and an identification number | |
| CN1758596A (en) | Relay device, authentication server, and authentication method | |
| CN1516495A (en) | Method and device for testing first communication side truth and reliability in communication network | |
| CN1671101A (en) | Access point and method for controlling access point | |
| CN109684155B (en) | Monitoring configuration method, device, equipment and readable storage medium | |
| CN109104475B (en) | Connection recovery method, device and system | |
| CN1647451A (en) | Monitoring of information in a network environment | |
| CN1848883A (en) | Call system, proxy dial server apparatus and proxy dial method for use therewith, and program thereof | |
| US11689564B2 (en) | Method and apparatus for processing data in cleaning device | |
| CN107547321B (en) | Message processing method and device, related electronic equipment and readable storage medium | |
| CN1340940A (en) | Method for dealing inserted-requested message of business in groups | |
| JP2003143250A (en) | Substitute response method | |
| CN1703047A (en) | Virtual private network system, communication terminal, and remote access communication method therefore | |
| US7457875B2 (en) | Access server with function of collecting communication statistics information | |
| CN1315285C (en) | A method for detecting access equipment exception and restarting by authentication server | |
| CN109286506B (en) | Method, system and device for charging flow | |
| US7634655B2 (en) | Efficient hash table protection for data transport protocols | |
| CN1697410A (en) | Quick redialing method for user to log on broadband network | |
| CN1750456A (en) | Cookie-based mechanism providing lightweight authentication of layer-2 frames | |
| CN1245822C (en) | Connection information management system for connecting information used in communication between IC card management | |
| CN1303790C (en) | Method for retransmiting and discarding data packet of authentication service protocol for dialed from remote user | |
| CN112583774A (en) | Method and device for detecting attack flow, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070509 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |