CN1464715A - Address allocation and service method based on multi-internet service provider - Google Patents
Address allocation and service method based on multi-internet service provider Download PDFInfo
- Publication number
- CN1464715A CN1464715A CN 02123509 CN02123509A CN1464715A CN 1464715 A CN1464715 A CN 1464715A CN 02123509 CN02123509 CN 02123509 CN 02123509 A CN02123509 A CN 02123509A CN 1464715 A CN1464715 A CN 1464715A
- Authority
- CN
- China
- Prior art keywords
- user
- address
- internet service
- isp
- service provider
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses an address assigning and servicing process based on multi internet service providers wherein the access device stores the domain names of each ISP, the verification, authorization and charging method used by the ISP, and the address pool of the ISP. When the user proceeds internet connection, the user authentication information is first obtained, the user corresponding ISP is to be found according to the authentication information, and the ISP verification server proceeds authentication and authorization for the user, if a user passes the authentication, the ISP will assign it an address, allowing it to use the network resources, at the same time the ISP charging server corresponding to the user is used to perform charging operation for the user. By using the method of the invention, the address assignment of the different ISP and the AAA strategy used can be combined.
Description
Technical field
The present invention relates to address assignment and the service method of the network access equipment service provider Network Based (ISP, Internet service provider) in the network system.
Background technology
Common broadband access equipment along with the development of network application, in actual networking is used, requires some catenet equipment to provide broadband inserting service for a plurality of ISP just for single ISP provides broadband inserting service.In the process that user network inserts,, use long-range checking, mandate, accounting server to finish usually to user's checking, mandate, billing operation.Access device and data in server adopt remote user dialing authentication protocol (RADIUS, Remote AuthenticationDial In User Service) agreement support alternately.Radius protocol adopts client, server mode, need be to user rs authentication, mandate, charging (AAA, Authentication, Authorization, andAccounting) access device running client program, respective user information is mail to special-purpose radius server equipment need be the time to user rs authentication, mandate, charging, radius server finishes checking, authorize or charging after the result is returned to client, client is controlled the service to the user thus.In the database of radius server, need to preserve validated user information like this and be used for user rs authentication; Need recording user to use network condition simultaneously, charge.Each ISP has the registered user of oneself, will the user who use own resource be chargeed simultaneously, so each ISP uses radius server separately usually.This just requires the user at access device lateral areas branch different I SP, and the user of different I SP is used different address distribution, AAA Policy and radius server.
Because each ISP has address space separately to distribute the address for it inserts the user usually, separately radius server and using method are arranged, AAA Policy is separately arranged, and address assignment and service method based on an ISP that therefore present network access equipment provides can not be united the address assignment of different I SP and the AAA Policy of use.
Summary of the invention
The object of the present invention is to provide a kind of address assignment and the service method that the AAA Policy of the address assignment of different I SP and use can be united based on many ISP.
For achieving the above object, address assignment and service method based on many Internet Service Providers provided by the invention comprise:
A. on access device, preserve each Internet Service Provider's (ISP) domain name, checking, mandate, charging method and this network service provider's that this Internet Service Provider uses address pool is preserved checking, authorization server, accounting server information in described checking, mandate, the charging method;
B. when the user carries out network insertion, at first obtain user's authentication information, search the Internet Service Provider of this user's correspondence,, this user is handled as non-Internet Service Provider's user, if find, then if do not find according to described authentication information
C. use the Internet Service Provider's of this user's correspondence authentication server that this user is authenticated, authorizes, after authentication is passed through, for this user distributes the address, allow this user to use Internet resources, use the Internet Service Provider's of this user's correspondence accounting server that this user is carried out billing operation simultaneously.
Because the present invention preserves each Internet Service Provider (ISP) on access device domain name, the checking that this ISP uses, authorize, the address pool of charging method and this ISP, like this, when user access network, can use separately checking respectively according to different users, authorize, (AAA) server that charges is verified, authorize and charging, effective means are provided for carrying out address assignment in equipment this locality under many ISP situation, being about to address pool is configured under each ISP, make each ISP can use the address of oneself to distribute the address respectively as the user, like this, even because some ISP use privately owned address, and possible different I SP has address conflict, also can not produce any problem, so the present invention can unite the address assignment of different I SP and the AAA Policy of use preferably.
Description of drawings
Fig. 1 is the embodiment flow chart of the inventive method;
Fig. 2 uses network configuration exemplary plot of the present invention.
Embodiment
The present invention is described in further detail below in conjunction with accompanying drawing.
In user's network insertion, can use domain name to distinguish different ISP, be the user when inserting the use type as the user name of " username@isp-name ", wherein ISP name isp-name is used for ISP of unique identification and user name username is a user name of really representing user identity, can verify the user of logging in network, authorize, charges with it.
Fig. 1 is the embodiment flow chart of the inventive method.According to Fig. 1, at first need by configuration, on access device, preserve the domain name of each ISP, checking, mandate, charging (AAA) method and address pool that this ISP uses.Each address pool is one section continuous IP address, and an ISP can have a plurality of address pool.In checking, mandate, charging method, preserve radius authentication, authorization server, accounting server information.
Based on above-mentioned configuration, when the user when step 1 is carried out network insertion, access device at first obtains user's authentication information, with the ISP user different according to this data separation; Access device is searched the Internet Service Provider (ISP) of this user's correspondence according to described authentication information in step 2 then, user name for type such as username@isp-name, check that whether ISP name isp-name has the corresponding ISP of configuration, just thinks ISP user if having.If therefore do not find corresponding ISP, in step 4 this user is handled as the user of non-ISP, if find, then in step 3, from access device, read AAA method, the ISP parameter of this ISP, from the AAA method, read radius authentication, authorization server group and the accounting server group of use again, all these are recorded in this user's data structure.According to these user is carried out AAA later on.That is to say, use in this step this user's correspondence ISP authentication server to this user authenticate, Authorized operation, therefore after step 3, then judge at step 5 access device whether this user's authentication is passed through, if do not pass through, then at this user's logging in network of step 6 refusal, otherwise after authentication is passed through, distribute the address in step 7 for this user, allow this user to use Internet resources, use the ISP accounting server of this user's correspondence that this user is carried out billing operation in step 8 at last.
Pair can't determine that in step 4 user of ISP can adopt one of following method to handle:
1, directly refusing user's login;
2, use a good default AAA Policy of configured in advance to be this user's service;
3, only this user of mark is not ISP user, searches the AAA Policy that this user uses according to other differentiating methods then.
Select 3 in this example.Above-mentioned steps 3,7,8 uses the radius server or the server group of appointment identical with common AAA process to the process that the user verifies, authorizes, charges.Wherein the radius server group refers to a plurality of radius servers, is respectively applied for backup.
When step 7 is distributed the address for ISP user, can adopt one of following method:
1, be that the user distributes the address by radius server, this address is to be got by radius server with radius server checking, mandate the time, and it is local by attribute notice of response as radius authentication.Therefore for distributing the address, the user finishes by radius server fully.
2, by radius server given pool number, this address number also be with radius server to user rs authentication, get by radius server when authorizing.Use under the ISP particular address pond to distribute the address as the user in this locality.The method is applicable to the address of distributing different address fields at different user.
3, specify different address pool number in this locality according to the different login interface of user, use under the ISP particular address pond to distribute the address as the user.Such as the user who logins on the same Ethernet interface being used an address pool.
4, distribute the address successively from the address pool that ISP disposes down, each address pool is used as broad as long, the different address field of only convenient expression.
Above-mentioned several method can both be embodied as ISP user and distribute the address.But when not having private pool, can only using method 1.This method requires very high to radius server, can't realize distributing at different I SP user the function of address under the unsupported situation of radius server.
Priority when in this example, distributing the address for the user is 1,2,3,4.If promptly started the address allocation function of radius server, then do not distribute in this locality, distribute by radius server, otherwise using method 2.If radius server is given pool number or address pool number not configuration under ISP not, then using method 3.If not given pool number or address pool number not configuration under ISP under the interface of user login, then using method 4.
Fig. 2 uses network configuration exemplary plot of the present invention.Among Fig. 2, an access device is connected with the router of 3 ISP, is that 3 ISP provide support, and the user is when logon, and the server that the domain name that access device uses according to the user is sought the ISP of this domain name correspondence is its service.
Claims (8)
1, a kind of address assignment and service method based on many Internet Service Providers comprise:
A. on access device, preserve each Internet Service Provider's (ISP) domain name, checking, mandate, charging method and this network service provider's that this Internet Service Provider uses address pool is preserved checking, authorization server, accounting server information in described checking, mandate, the charging method;
B. when the user carries out network insertion, at first obtain user's authentication information, search the Internet Service Provider of this user's correspondence,, this user is handled as non-Internet Service Provider's user, if find, then if do not find according to described authentication information
C. use the Internet Service Provider's of this user's correspondence authentication server that this user is authenticated, authorizes, after authentication is passed through, for this user distributes the address, allow this user to use Internet resources, use the Internet Service Provider's of this user's correspondence accounting server that this user is carried out billing operation simultaneously.
2, address assignment and service method based on many Internet Service Providers according to claim 1 is characterized in that: in step b, when not finding the Internet Service Provider of user's correspondence, refuse this user's logging in network.
3, address assignment and service method based on many Internet Service Providers according to claim 1, it is characterized in that: in step b, when not finding the Internet Service Provider of user's correspondence, use good default checking, mandate, a charging policy of configured in advance to be this user's service.
4, address assignment and service method based on many Internet Service Providers according to claim 1, it is characterized in that: in step b, when not finding the Internet Service Provider of user's correspondence, this user of mark is not Internet Service Provider user, distinguish according to additive method again, thus the checking, mandate, the charging policy that find this user to use.
5, according to claim 1,2,3 or 4 described address assignment and service method based on many Internet Service Providers, it is characterized in that: step c is described to be finished by the Internet Service Provider's of this user's correspondence checking, authorization server for the user distributes the address.
6, according to claim 1,2,3 or 4 described address assignment and service method based on many Internet Service Providers, it is characterized in that: step c is described for the user distributes the address by the Internet Service Provider's of this user's correspondence checking, authorization server given pool number, distributes the address in this locality for the user then.
7, according to claim 1,2,3 or 4 described address assignment and service method based on many Internet Service Providers, it is characterized in that: step c described for the user distribute the address by this locality according to different user's login interface given pool number, distribute the address in this locality for the user then.
8, according to claim 1,2,3 or 4 described address assignment and service method based on many Internet Service Providers, it is characterized in that: step c is described to distribute the address for the user distributes the address successively from the address pool of Internet Service Provider's configuration of this user's correspondence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02123509 CN1231031C (en) | 2002-06-28 | 2002-06-28 | Address allocation and service method based on multi-internet service provider |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02123509 CN1231031C (en) | 2002-06-28 | 2002-06-28 | Address allocation and service method based on multi-internet service provider |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1464715A true CN1464715A (en) | 2003-12-31 |
| CN1231031C CN1231031C (en) | 2005-12-07 |
Family
ID=29743558
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02123509 Expired - Lifetime CN1231031C (en) | 2002-06-28 | 2002-06-28 | Address allocation and service method based on multi-internet service provider |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1231031C (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007022689A1 (en) * | 2005-08-23 | 2007-03-01 | Huawei Technologies Co., Ltd. | Method for implementing the network service provider realm name discovery and the device thereof |
| CN100344094C (en) * | 2004-09-01 | 2007-10-17 | 华为技术有限公司 | Method for realizing authority charging to multi address user in IPv6 network |
| CN100373879C (en) * | 2004-09-16 | 2008-03-05 | 上海贝尔阿尔卡特股份有限公司 | Wideband access net with three layer access point and its IP address distributing method |
| WO2008025276A1 (en) * | 2006-08-25 | 2008-03-06 | Huawei Technologies Co., Ltd. | Method and system for discovering the access of the call control system |
| CN100399749C (en) * | 2004-08-26 | 2008-07-02 | 国际商业机器公司 | Methods and systems for user authorization levels in aggregated systems |
| CN100428674C (en) * | 2005-12-02 | 2008-10-22 | 华为技术有限公司 | Charging method taken part in by entities of intercommunication under scene of network intercommunication |
| CN1652535B (en) * | 2004-02-03 | 2010-06-23 | 华为技术有限公司 | Method for managing network layer address |
| CN101141492B (en) * | 2005-04-29 | 2014-11-05 | 华为技术有限公司 | Method and system for implementing DHCP address safety allocation |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067307B (en) * | 2013-01-23 | 2016-09-28 | 华北石油通信公司 | A kind of broad band access method and system |
-
2002
- 2002-06-28 CN CN 02123509 patent/CN1231031C/en not_active Expired - Lifetime
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1652535B (en) * | 2004-02-03 | 2010-06-23 | 华为技术有限公司 | Method for managing network layer address |
| CN100399749C (en) * | 2004-08-26 | 2008-07-02 | 国际商业机器公司 | Methods and systems for user authorization levels in aggregated systems |
| CN100344094C (en) * | 2004-09-01 | 2007-10-17 | 华为技术有限公司 | Method for realizing authority charging to multi address user in IPv6 network |
| US8813217B2 (en) | 2004-09-01 | 2014-08-19 | Huawei Technologies Co., Ltd. | Method and system for authorizing and charging host with multiple addresses in IPv6 network |
| CN100373879C (en) * | 2004-09-16 | 2008-03-05 | 上海贝尔阿尔卡特股份有限公司 | Wideband access net with three layer access point and its IP address distributing method |
| CN101141492B (en) * | 2005-04-29 | 2014-11-05 | 华为技术有限公司 | Method and system for implementing DHCP address safety allocation |
| WO2007022689A1 (en) * | 2005-08-23 | 2007-03-01 | Huawei Technologies Co., Ltd. | Method for implementing the network service provider realm name discovery and the device thereof |
| CN100454865C (en) * | 2005-08-23 | 2009-01-21 | 华为技术有限公司 | Method for realizing network service provider domain name discovery |
| CN100428674C (en) * | 2005-12-02 | 2008-10-22 | 华为技术有限公司 | Charging method taken part in by entities of intercommunication under scene of network intercommunication |
| WO2008025276A1 (en) * | 2006-08-25 | 2008-03-06 | Huawei Technologies Co., Ltd. | Method and system for discovering the access of the call control system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1231031C (en) | 2005-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9391969B2 (en) | Dynamic radius | |
| CN100337229C (en) | Network verifying, authorizing and accounting system and method | |
| JP4291213B2 (en) | Authentication method, authentication system, authentication proxy server, network access authentication server, program, and recording medium | |
| US7313611B1 (en) | Automated provisioning system | |
| AU779137B2 (en) | Systems and methods for providing dynamic network authorization, authentication and accounting | |
| US7194554B1 (en) | Systems and methods for providing dynamic network authorization authentication and accounting | |
| US10116628B2 (en) | Server-paid internet access service | |
| KR20180022999A (en) | Authorization processing method and apparatus | |
| CN103188104A (en) | Method and device for analyzing user behaviors | |
| CN1252961C (en) | Method for authenticating group broadcast service | |
| CN1889577A (en) | IP address distributing method based on DHCP extended attribute | |
| CN1231031C (en) | Address allocation and service method based on multi-internet service provider | |
| US20090089409A1 (en) | Network service provider-assisted authentication | |
| CN1874226A (en) | Terminal access method and system | |
| US8272039B2 (en) | Pass-through hijack avoidance technique for cascaded authentication | |
| CN1309213C (en) | Network access anthentication method for improving network management performance | |
| CN1553341A (en) | Network address distributing method based on customer terminal | |
| WO2002035797A9 (en) | Systems and methods for providing dynamic network authorization, authentication and accounting | |
| CN1505345A (en) | A method for accessing user forced access identification server | |
| CN1298145C (en) | Control device and method for realizing broad band connecting server multiple business united interface | |
| CN1265579C (en) | Method for network access user authentication | |
| Cisco | Common Configurations | |
| Cisco | Common Configurations | |
| Cisco | Common Configurations | |
| Cisco | Common Configurations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term |
Granted publication date: 20051207 |
|
| CX01 | Expiry of patent term |