CN1484426A - Method for reacquiring 802.1 X customer terminal IP address - Google Patents
Method for reacquiring 802.1 X customer terminal IP address Download PDFInfo
- Publication number
- CN1484426A CN1484426A CNA021306591A CN02130659A CN1484426A CN 1484426 A CN1484426 A CN 1484426A CN A021306591 A CNA021306591 A CN A021306591A CN 02130659 A CN02130659 A CN 02130659A CN 1484426 A CN1484426 A CN 1484426A
- Authority
- CN
- China
- Prior art keywords
- address
- client
- dhcp
- user
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
This invention relates to a recapture method for 802.1Xcustomer end IP address which is combination method of 802.1Xand DHCD customer ends. It is under the success state of certification to actively trigger DHCP customer end to recapture IP address and release IP address after the user is off-line. The process is carried out by 802.1Xcustomer end to look for net card list of the user computer to find out the selected net card to call WINDOWS API function to recapture IP address to the net card. In operation, working under different operation system calls slightly different WINDOWS API functions which are equal to run Wincfg under WINDOWS98/ME operation system or inconfig/renew under WINDOWS2000.
Description
Technical field
The present invention relates to a kind of cable broadband access technology, relate to the associated methods of a kind of 802.1X client and dhcp client or rather.
Background technology
802.1X be the access to netwoks control protocol of formally passing through by the ieee standard tissue June calendar year 2001 based on port.
The local area network (LAN) of IEEE 802 lan protocols definition does not provide access authentication, and in general, as long as user's energy access to LAN control appliance, as LAN switch (Lan Switch), the user just can visit equipment or the resource in the local area network (LAN).But for insert as telecommunications, applied environments such as office building local area network (LAN) and mobile office, the equipment supplier wishes and can user's access be controlled and be disposed, and has produced 802.1X access control demand for this reason, 802.1X authentication that Here it is.
Based on the network insertion of port control is that physics at the network equipment inserts level and authenticates and control inserting client, and physics herein inserts the port that level refers to Ethernet exchange or broadband access equipment.If the subscriber equipment that is connected on this generic port can be by authentication, just can accesses network interior resource; If can not pass through authentication, then can't the interior resource of accesses network.
IEEE 802.1X has defined the network insertion control protocol based on port, and its middle port can be a physical port, also can be logic port.The typical application mode has: a physical port of Ethernet switch connects a client computer; The WLAN (wireless local area network) access way of IEEE 802.11 definition.
The architecture of 802.1X shown in Fig. 1 is made up of three entities, is client (SupplicantSystem) 11, equipment end (Authenticator System) 12 and certificate server system (Authentication Server System) 13.802.1X equipment end part 12 need in User Access Layer equipment, realize; 802.1X client 11 generally be installed among the user PC; 802.1X certificate server system 13 generally to reside in charging, the authentication of operator intracardiac in (AAA) with mandate.
802.1X client 11 and equipment end 12 between in operation on the Local Area Network by the EAPOL agreement (authentication protocol between client and equipment end) of IEEE 802.1X definition, 124 of service entities (Services offered by Authenticator ' the s System) 123 that provides by the equipment end system of the client port ontology of states (the Supplicant PAE) 111 of client 11 and equipment end 12 and equipment end port status entities (Authenticator PAE) specifically are provided; 13 same operation Extensible Authentication Protocols (EAP) of equipment end 12 and certificate server system are at equipment end port status entity (the Authenticator PAE) 124 of equipment end 12 and 131 exchange authentication information of certificate server of certificate server system 13.
There are controlled ports (Controlled Port) 121 and uncontrolled port (Uncontrolled Port) 122 in equipment end 12 inside.Controlled ports 121 is responsible for Control Network resource and professional visit, controlled ports 121 is only just opened under the state that authentication is passed through, be used for delivery network resource and information on services, the arrow indication is that port is uncommitted by (Port Unauthorized) state among the figure, controlled ports 121 can be configured to bi-direction controlled and only imports controlled dual mode, to adapt to different applied environments; Uncontrolled port one 22 is in the diconnected state all the time, is mainly used to transmit the EAPOL protocol frame, can guarantee to receive at any time and send the EAPOL protocol frame.
802.1X can run feature for Ethernet switch has brought.The port by authentification of user can not use, and can automatic dynamic dispose and the accesses network resource by the port that authenticates, and this is the characteristic that is different from the traditional ethernet switch.
Insert under the environment at cable broadband, need convenient easy-to-use 802.1X client software.The WINDOWS XP operating system of U.S. Microsoft company has realized the client software of IEEE 802.1X-2001 agreement, the main range of application of 802.1X client software under this operating system is a wireless lan (wlan), between 802.1X client and DHCP (DHCP:Dynamic Host ConfigurationProtocol is used to realize the dynamic IP addressing distribution) client, directly do not concern.Because dhcp client was understood repeatedly acquisition request IP address at one minute in the clock time, and surpass and no longer to send request message after 1 minute, therefore the 802.1X client software application will produced such problem in the cable broadband access network time: because subscriber equipment is not (wireless terminal is a registration of starting shooting) of registering starting shooting, it also is regular not surfing the Net immediately after user's start, could obtain network ip address by dhcp client if require the user must finish the 802.1X authentication in one minute in start, the cable broadband access network of operation like this, can cause great inconvenience to the user, the user just need import winipcfg in order line in this case, professional very strong order line such as ipconfig is operated, and is not easy to the use of domestic consumer.
In addition, the 802.1X client software that present WINDOWS XP is provided can not provide the automatic release of IP address when user offline, promptly behind user offline, also taking the IP address always, in the applied environment very in short supply of IP address, this problem all is disadvantageous to operator with to the client, on the one hand cause the waste of IP address, the IP address that operator had can not fully be utilized, and also can distribute less than the IP address or address conflict is arranged and can not get service because of the user on the other hand.
In sum, WINDOWS XP operating system has realized the IEEE 802.1X-2001 agreement of standard, but does not directly concern between 802.1X client software under the XP operating system and dhcp client.User's one start, dhcp client can be sent DHCP request IP address message automatically, and this moment, the DHCP message of transmission can be dropped after equipment end triggers the 802.1X authentication because 802.1X does not begin authentication as yet.In one minute, dhcp client has retransmission mechanism, no longer sends any message above dhcp client after a minute.That is to say that the user must finish the input and the authentication of usemame/password in start in back one minute, this its application under radio local network environment is feasible, but is in-problem in the cable broadband access network.Can not behind user offline, provide IP address releasing mechanism exactly in addition.
Summary of the invention
The objective of the invention is to design a kind of 802.1X client ip address acquisition methods again, is a kind of associated methods of 802.1X client and dhcp client, to strengthen the ease for use of 802.1X client software in the cable broadband access network.
The technical scheme that realizes the object of the invention is: a kind of 802.1X client ip address is acquisition methods again, it is characterized in that comprising: under the authentication success state, initiatively trigger DHCP (DHCP) client and carry out IP address acquisition process again at the 802.1X client software; With behind user offline, initiatively discharge the process of the IP address that is obtained.
Described IP address acquisition process again is by the network interface card tabulation of 802.1X client software traversal place subscriber computer, finds user-selected network interface card, calls the WINDOWS api function again, carries out obtaining at the IP address of network interface card again.
Described DHCP (DHCP) client that initiatively triggers is carried out IP address acquisition process again, triggers immediately after authentication is passed through and at the subscriber equipment running background at the 802.1X client software.
Handle as configurable default option described IP address acquisition process again.
After also being included in the renewal process success that the IP address obtains again, allow user's online; After the renewal process of obtaining again in the IP address is failed, provide prompting by the 802.1X client software.
Obtaining again of described IP address is to adopt to comprise that the RFC standard agreement of dynamic host allocation protocol (DHCP) carries out; Message switching action between subscriber computer and dynamic host allocation protocol (DHCP) server is handled in the thread of newly opening up, or is handled in not influencing the existing thread of user interface.
The described IP address that initiatively discharges, be by the 802.1X client behind user offline, initiatively send the release message, discharge the IP address that obtains by authentication.
Method of the present invention, be to allow the 802.1X client software under the authentication success state, initiatively trigger dhcp client, carry out the IP address and obtain reallocation in other words again, on the 802.1X client software, increase IP address releasing mechanism with passing through, be used to guarantee that the IP address behind user offline can be discharged timely.
After 802.1X client software enters successfully (Success) state, initiatively trigger IP address renewal process immediately, with after discharging (Release), send DHCP Release message at user offline, the IP address that release gets access to by authentication, in wired broadband network, save the IP address, solved the problem that the IP address depletes very soon.The inventive method is when implementing, the WINDOWS api function that calls under different operating system is can be slightly different, from function be equivalent to carry out one time under the WINDOWS 98/ME operating system the Wincfg order or the ipconfig/renew order under WINDOWS 2000 operating systems.
Description of drawings
Fig. 1 is the architectural block diagram of 802.1X;
Fig. 2 is a 802.1X client software when operating on the standard PC, the message sequence chart under 802.1X client software authentication success situation.
Embodiment
Referring to Fig. 2, the 802.1X client software operates on the standard PC, and operating system can be WINDOWS98/WINDOWS NT/WINDOWS 2000/WINDOWS XP.802.1X client software verification process that carries out between user shown in Fig. 2,802.1X client software state machine (can be called for short client) and the equipment end and the message sequence under the authentication success situation.At first, 802.1X client software state machine initialization.
Step 1, the user logins the 802.1X client;
Step 2, the 802.1X client is received the message that the user logins, and sends EAPOL to equipment end and starts (EAPOL-Start, the authentication protocol between client and equipment end) message, initiates one time the 802.1X verification process, is in connection status:
After step 3, equipment end are received the EAPOL-Start message that client sends, send EAPOL identify label request (EAPOL-Request[Identity]), the identify label-user name of requesting client to the 802.1X client;
Step 4, client is received the EAPOL-Request[Identity that equipment end is sent] behind the message, by to equipment end loopback EAPOL identity response message (EAPOL-Response[Identity]), user name is issued equipment end, the random number that this moment, 802.1X client awaits receiving equipment end sent, be referred to as magic number (encrypt by the md5 encryption algorithm then, guarantee the fail safe of user cipher in the circuit transmission), this moment, client entered into waiting facilities end evil spirit number state;
Step 5, equipment end is received the response message EAPOL-Response[Identity that client is sent] behind the message, carrying out MD5 to client addresses inquires to, send EAPOL request/MD5 query messages EAPOL-Request[MD5Challenge] message, contain the needed random number of 802.1X client encrypt user password in the message message;
Step 6,802.1X client is received the EAPOL-Request[MD5 Challenge that equipment end is sent] behind the message, send EAPOL to equipment end to reply/the MD5 password (EAPOL-Response[MD5] message), comprise the password after the encryption in this message, the 802.1X client of this moment enters the authentication result state of waiting for;
Step 7, equipment end authenticates username and password by the certificate server that the Radius message sends to far-end, perhaps carry out local authentication on access device, if authentication success sends to client with the EAPOL-Success message;
802.1X client software enters under the Success state at authentication success, when initiatively triggering IP address renewal process, under different operating system, the WINDOWS api function that calls is slightly different, from function be equivalent to carry out one time under the WINDOWS 98/ME operating system the Wincfg order or the ipconfig/renew order under WINDOWS 2000 operating systems.
Detailed process is: client software travels through the network interface card tabulation of this computer, finds user-selected network interface card, calls the Windows api function then, begins obtaining again of IP address at this network interface card.
The IP address what obtain employing is the standard agreement of RFC, comprise: dynamic host allocation protocol (DHCPDinamic Host Configuration Protocol), because the situation that server is unavailable, the address obtains failure might appear in the message switching between this process need PC and the Dynamic Host Configuration Protocol server.In this case, because the DHCP request message that PC sends can not get responding, can cause 3 times overtime repeating transmission just can prove an abortion, the thread that calls this WINDOWS api function will be in long blocked state, if this thread is the interface main thread of application program, to cause the mouse of user in the short time and the situation that keyboard action can not get responding, thereby influence the friendly interface of application program.Therefore, should open up the action that new thread is used to upgrade the IP address, or this action is put in the thread that does not influence user interface handles.
It is after authentication is passed through that 802.1X the IP address of client software obtains again, trigger immediately, and at running background.The process of upgrading is transparent to the user, as long as upgrade successfully, the user just can surf the Net, and has failed if upgrade, and client software will provide suitable prompting, allow the user attempt again, or get in touch with provider.
In addition, be not all 802.1X when using networking, all need to authenticate by after carry out obtaining once more of IP address, under some applied environments, the IP address may be that fixed allocation is good, and the process that only need authenticate.Therefore should consider obtaining again of IP address but option that give tacit consent to configurable as realized.
Method of the present invention proves and can realize goal of the invention through trying out on the 802.1X client software, has strengthened the ease for use of 802.1X client software in wired broadband network, and realizes simply, reliably having improved operating efficiency.
Claims (7)
1. 802.1X client ip address acquisition methods again is characterized in that comprising:, initiatively trigger DHCP (DHCP) client and carry out IP address acquisition process again under the authentication success state at the 802.1X client software; With behind user offline, initiatively discharge the process of the IP address that is obtained.
2. a kind of 802.1X client ip address according to claim 1 is acquisition methods again, it is characterized in that: described IP address acquisition process again is to be tabulated by the network interface card of 802.1X client software traversal place subscriber computer, find user-selected network interface card, call the WINDOWS api function again, carry out obtaining again at the IP address of network interface card.
3. a kind of 802.1X client ip address according to claim 1 is acquisition methods again, it is characterized in that: described DHCP (DHCP) client that initiatively triggers is carried out IP address acquisition process again, triggers immediately after authentication is passed through and at the subscriber equipment running background at the 802.1X client software.
4. a kind of 802.1X client ip address according to claim 1 is acquisition methods again, it is characterized in that: handle as configurable default option described IP address acquisition process again.
5. a kind of 802.1X client ip address according to claim 1 is acquisition methods again, it is characterized in that: after also being included in the renewal process success that the IP address obtains again, allow user's online; After the renewal process of obtaining again in the IP address is failed, provide prompting by the 802.1X client software.
6. a kind of 802.1X client ip address according to claim 1 is acquisition methods again, it is characterized in that: obtaining again of described IP address is to adopt to comprise that the RFC standard agreement of dynamic host allocation protocol (DHCP) carries out; The action of message switching between subscriber computer and dynamic host allocation protocol (DHCP) server is placed in the thread of newly opening up and handles, or is placed in the existing thread that does not influence user interface and handles.
7. a kind of 802.1X client ip address according to claim 1 is acquisition methods again, it is characterized in that: the described IP address that initiatively discharges, be by the 802.1X client behind user offline, initiatively send the release message, discharge the IP address that obtains by authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN02130659.1A CN1266919C (en) | 2002-09-16 | 2002-09-16 | Method for reacquiring 802.1 X customer terminal IP address |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN02130659.1A CN1266919C (en) | 2002-09-16 | 2002-09-16 | Method for reacquiring 802.1 X customer terminal IP address |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1484426A true CN1484426A (en) | 2004-03-24 |
| CN1266919C CN1266919C (en) | 2006-07-26 |
Family
ID=34144554
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN02130659.1A Expired - Lifetime CN1266919C (en) | 2002-09-16 | 2002-09-16 | Method for reacquiring 802.1 X customer terminal IP address |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1266919C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1835514B (en) * | 2006-03-31 | 2010-05-12 | 北京润汇科技有限公司 | Management method of broadband access of DHCP customer's terminal mode |
| CN101795449B (en) * | 2010-01-07 | 2013-04-17 | 杭州华三通信技术有限公司 | Wireless network terminal access control method and device thereof |
| CN104683490A (en) * | 2013-11-27 | 2015-06-03 | 华为技术有限公司 | Internet protocol address recovery method and internet protocol address recovery device |
| CN103747115B (en) * | 2013-12-30 | 2017-08-01 | 武汉邮电科学研究院 | Virtual machine IP address based on Microsoft Loopback Adapter finds method |
-
2002
- 2002-09-16 CN CN02130659.1A patent/CN1266919C/en not_active Expired - Lifetime
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1835514B (en) * | 2006-03-31 | 2010-05-12 | 北京润汇科技有限公司 | Management method of broadband access of DHCP customer's terminal mode |
| CN101795449B (en) * | 2010-01-07 | 2013-04-17 | 杭州华三通信技术有限公司 | Wireless network terminal access control method and device thereof |
| CN104683490A (en) * | 2013-11-27 | 2015-06-03 | 华为技术有限公司 | Internet protocol address recovery method and internet protocol address recovery device |
| CN104683490B (en) * | 2013-11-27 | 2018-05-04 | 华为技术有限公司 | The recovery method and device of Internet protocol address |
| CN103747115B (en) * | 2013-12-30 | 2017-08-01 | 武汉邮电科学研究院 | Virtual machine IP address based on Microsoft Loopback Adapter finds method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1266919C (en) | 2006-07-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4347335B2 (en) | Network relay program, network relay device, communication system, and network relay method | |
| US6393484B1 (en) | System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks | |
| CN101465856B (en) | Method and system for controlling user access | |
| US7876772B2 (en) | System, method and apparatus for providing multiple access modes in a data communications network | |
| US20040255154A1 (en) | Multiple tiered network security system, method and apparatus | |
| US8516604B2 (en) | Method and apparatus for managing a user | |
| US20110170696A1 (en) | System and method for secure access | |
| US20050044273A1 (en) | Dynamic change of MAC address | |
| US7926100B2 (en) | Method for preventing unauthorized connection in network system | |
| US20070234054A1 (en) | System and method of network equipment remote access authentication in a communications network | |
| CN1567868A (en) | Authentication method based on Ethernet authentication system | |
| US8751647B1 (en) | Method and apparatus for network login authorization | |
| CN101697550A (en) | Method and system for controlling access authority of double-protocol-stack network | |
| CN1266910C (en) | A method choosing 802.1X authentication mode | |
| CN1266919C (en) | Method for reacquiring 802.1 X customer terminal IP address | |
| CN1235382C (en) | A client authentication method based on 802.1X protocol | |
| WO2007060016A2 (en) | Self provisioning token | |
| CN1265579C (en) | Method for network access user authentication | |
| CN1225870C (en) | Method and apparatus for VLAN based network access control | |
| CN1266889C (en) | Method for management of network access equipment based on 802.1X protocol | |
| KR20070102830A (en) | Method for access control in wire and wireless network | |
| CN1494258A (en) | Safety management method of network comprehensive switch on equipment | |
| US20230239283A1 (en) | Destination-based policy selection and authentication | |
| CN103973678A (en) | Access control method for terminal computer | |
| CN1277396C (en) | Re-auditting method in 802.1X audit system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20060726 |