CN1527557A - Method of transmitting 802.1X audit message via bridging device - Google Patents
Method of transmitting 802.1X audit message via bridging device Download PDFInfo
- Publication number
- CN1527557A CN1527557A CNA031049877A CN03104987A CN1527557A CN 1527557 A CN1527557 A CN 1527557A CN A031049877 A CNA031049877 A CN A031049877A CN 03104987 A CN03104987 A CN 03104987A CN 1527557 A CN1527557 A CN 1527557A
- Authority
- CN
- China
- Prior art keywords
- bridging device
- message
- message identifying
- client
- transparent transmission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The present invention discloses one kind of method of transmitting 802.1X audit message via bridging device. When 802.1X client needs audit sends 802.1X audit message via bridging device to the corresponding equipment end, the bridging device first judge whether the presents message is 802.1X audit message after receiving; and transmits the true 802.1X audit message to the next layer of network equipment via the device, or processes the false 802.1X audit message in the processing mode stored in the MAC address of its bottom layer. The method of the present invention makes it possible to develop 802.1X audit service in running network in low equipment cost and running maintenance cost.
Description
Technical field
The present invention relates to a kind of transmission of message identifying, be meant that especially a kind of client by the bridging device transparent transmission 802.1X message identifying between itself and the equipment end, triggers and finish the method for 802.1X authentication.
Background technology
IEEE 802.1X agreement is a kind of access-control protocol based on port (Port based networkaccess control protocol), is a kind of authentication protocol based on ethernet technology.802.1X with other authentication protocol, abundant authentication mode is provided for the user of multiple broadband access methods such as using Asymmetric Digital Subscriber Loop (ADSL) (ADSL), Very-high-speed Digital Subscriber Line road (VDSL), Local Area Network, wireless lan (wlan) with its protocol security, realization characteristic of simple.
The architecture of IEEE 802.1X system and information exchange concern that as shown in Figure 1 the 802.1X system has three entities: FTP client FTP (Supplicant System), equipment end system (AuthenticatorSystem), certificate server system (Authentication Server System).In FTP client FTP, further comprise the client port ontology of states (PAE), in the equipment end system, further comprise service and equipment end port status entity that the equipment end system provides, in the certificate server system, further comprise certificate server; This certificate server links to each other with the port status entity of equipment end, come authentication information between switching equipment end and certificate server by Extensible Authentication Protocol (EAP), the port status entity of client is directly linked on the Local Area Network, the service of equipment end and port status entity are connected on the local area network (LAN) by controlled ports (ControlledPort) and uncontrolled port respectively, and client and equipment end communicate by the authentication protocol between client and equipment end (EAPoL).Wherein, Controlled Port is responsible for Control Network resource and professional visit.
The equipment end system is generally the network equipment of supporting the 802.1X agreement, as shown in Figure 1, there are two empty ports the inside of equipment end system: controlled ports (Controlled Port) and uncontrolled port (Uncontrolled Port), this uncontrolled port is in the diconnected state all the time, be mainly used to transmit the EAPoL protocol frame, can guarantee that client sends the EAPoL protocol frame at any time or accept authentication; And controlled ports only passes through in authentication, promptly just opens under the state of Shou Quaning, is used for delivery network resource and service, that is to say, the authentication not by the time this controlled ports be unauthorized port.That controlled ports can be configured to is bi-direction controlled, only import controlled dual mode, to adapt to the needs of different application environment.Such as: the controlled ports of equipment end system is in unverified, unauthorized state among Fig. 1, the service that this client can't the access means end system provides.
802.1X the verification process in the system is the authentication information that is received client by equipment end, these information is transmitted on the corresponding certificate server to authenticate again.802.1X the EAP authentication mode is used in authentication usually, EAP authentication mode commonly used has MD5, TLS, OTP, SIM or the like.Based on structure shown in Figure 1, be example with the EAP-MD5 authentication mode, referring to shown in Figure 2, wherein, access server is an equipment end, radius server is a certificate server, realizes that the process of 802.1X authentication specifically may further comprise the steps:
Step 201: after having set up physical connection between client and the access server, client sends authentication start message EAPoL-Start to access server, triggers the identifying procedure of 802.1X.Here, if client is a dynamically allocate address, the authentication start message also may be the DHCP request message; If client is the manual configuration address, the authentication start message also may be the ARP request message.
Step 202: after access server is received the authentication start message, send request user name message EAPoL-Request[Identity to client], the request user name.
Step 203: client is responded a response user name message EAPoL-Response[Identity] give access server, comprising user name.
Step 204: access server sends to radius server with the message format of EAPoR (EAP over RADIUS) and inserts request message Access-Request, client is issued the EAPoL-Response[Identity of access server] message transmission gives radius server.
After step 205~the 206:RADIUS server is received user name, produce the ciphering key hallenge of a 128bit; Then, issue an access pin request message of access server Access-Challenge, wherein contain request user cipher message EAP-Request[MD5 Challenge] and Challenge.
Step 207: after access server is received, send out EAP-Request[MD5 Challenge] give client, the Challenge value is issued client, and carry out MD5 to client and address inquires to.
Step 208: client is received EAP-Request[MD5 Challenge] behind the message, obtain Crypted password after user cipher and Challenge value done the MD5 algorithm, at response user cipher message EAPoL-Response[MD5 Challenge] in issue access server.
Step 209: access server is delivered to radius server with Crypted password by the Access-Request message again, is authenticated by radius server.
Step 210:RADIUS server judges according to user profile whether this user is legal, responds authentication success/failure message then to access server.If success is carried consultation parameter and user's related service attribute and is given subscriber authorisation.
Step 211~212: access server is responded authentication success/failure message EAP-Success/EAP-Failure according to authentication result to client, notice authentification of user result.If authentification failure then finishes this flow process; Otherwise, if client be dynamically allocate address carry out address assignment by DHCP, authorize then, follow-up flow process such as charging.
When between client and equipment end, realizing information interaction, according to the 802.1X standard code: when client is known equipment end, use clean culture medium access control (MAC) address of equipment end to send the EAPoL message; When client is not known equipment end, use multicast MAC Address 01-80-C2-00-00-03 group address to send the EAPoL message.And this multicast MAC Address 01-80-C2-00-00-03 belong to defined in the 802.1D standard can not be by the MAC Address of bridge institute relaying, therefore, 802.1X standard recommendation: 802.1X authentication generally realizing on the equipment near the user, promptly before the 802.1X authentication without bridging device.
Figure 3 shows that Ethernet networking mode commonly used, wherein, can adopt the wired ethernet technology, network interface card in every personal computer (PC) links to each other by netting twine with Ethernet switch (LAN Switch), a LAN Switch can connect a plurality of PCs simultaneously, LAN Switch receives in the core net by ethernet line, and said core net can be intranet, metropolitan area network or the like; Also can adopt wireless local area network technology, utilize the wireless network card in every PC to link to each other with WAP (wireless access point) (AP), an AP can connect a plurality of PCs simultaneously, and same, AP also receives in the core net by ethernet line.
Fig. 3 is an instantiation of Ethernet networking, in actual networking, multiple networking structure can be arranged.For the wired connection mode, PC can directly be connected on the LAN Switch, also can pass through equipment cascadings such as HUB, LANSwitch to LAN Switch, can also link to each other with VDSL switch (VDSLSwitch) by VDSL, what wherein transmit in the VDSL circuit is the message of ethernet format.In WLAN (wireless local area network), can use but be not limited to 802.11, wireless ethernet agreement such as 802.11a, 802.11b, 802.11g connects PC and AP, PC also can be connected in the network by adsl equipment.As seen, PC can by but be not limited to mode access networks such as LAN Switch, AP, VDSL, ADSL, and by the certificate server in the network, as radius server, it is carried out the legitimacy authentication, verify whether active user's identity is legal, whether allows its access network.
Based on above-described Ethernet networking structure, press the suggestion of 802.1X standard, the 802.1X authentication just should realize on LAN Switch and AP.User's authentication is no problem fully in realizing small scale network on LAN Switch and AP, but for catenet in large scale, as shown in Figure 4 medium-and-large-sized enterprise network or carrier network, in Fig. 4, PC links to each other with LANSwitch or AP respectively by network interface card or wireless network card, LAN Switch or AP are connected on the access control equipment by ethernet line again, here said access control equipment includes but not limited to have the LAN Switch of subscriber management function, or router, or layer three switch (L3), or BAS Broadband Access Server (BAS) or the like, several access control equipments form edge convergence layer.
In network shown in Figure 4, if realize authentication at all near user's equipment, because the quantity of this kind equipment is too big, equipment cost, operation maintenance expense will be very huge, therefore, generally be in the edge convergence layer of network, to authenticate in such cases.In other words be exactly, for the 802.1X authentication, if in edge convergence layer, carry out the 802.1X authentication, PC among Fig. 4 is equivalent to client, access control equipment in the edge convergence layer is equivalent to equipment end, client need be passed through bridging device to the 802.1X message identifying that equipment end transmits, and according to the regulation of 802.1D and 802.1X standard, the multicast message that is used for authentification of user again can't be through all the ethernet bridging equipment between client and the equipment end, therefore can't be sent on the access control equipment, and then can not trigger 802.1X authentication on the access control equipment, so, the 802.1X authentication business can't be carried out in the existing Operation Network.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method of bridging device transparent transmission 802.1X message identifying, make its can be on all ethernet bridging equipment transparent transmission 802.1X message identifying, and with equipment end that the client bridge joint links to each other on trigger the 802.1X authentication, and then make Operation Network can carry out the 802.1X authentication business, and reduce equipment cost and operation maintenance expense.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of method of bridging device transparent transmission 802.1X message identifying is carried out the 802.1X client of 802.1X authentication and is passed through bridging device when its corresponding equipment end sends the 802.1X message identifying when needs, this method comprises:
After bridging device is received each message, judge whether current message is the 802.1X message identifying earlier, if then bridging device is crossed this equipment with this 802.1X message identifying transparent transmission, is forwarded to next layer network device; Otherwise the processing mode that is provided with in the mac address table of bridging device according to the storage of self bottom is handled current message.
Wherein, described bridging device transparent transmission 802.1X message identifying further comprises: the processing mode that sets in advance in the bridging device bottom mac address table the 01-80-C2-00-00-03 group address that sends the 802.1X message identifying is the current message of transparent transmission; After bridging device is received new message, after judging current message and being the 802.1X message identifying, then according to this message identifying of processing mode transparent transmission that is provided with in the bottom mac address table to next layer network device.
Described bridging device transparent transmission 802.1X message identifying further comprises: preestablish in the bridging device upper layer entity 802.1X message identifying is carried out the transparent transmission processing; After bridging device is received new message, according to the processing mode that is provided with in the bottom mac address table current message being delivered to upper layer entity handles, after upper layer entity was judged current message and is the 802.1X message identifying, then this message identifying of transparent transmission was to next layer network device.
Described bridging device transparent transmission 802.1X message identifying is: the 802.1X client supports transparent transmission, 01-80-C2-00-00-00 to 01-80-C2-00-00-0F group address any one multicast MAC Address in addition with bridging device, sends through the 802.1X message identifying of bridging device to the 802.1X equipment end.Wherein, the 802.1X client can arrive the 802.1X message identifying of 802.1X equipment end with 01-80-C2-00-00-20 through bridging device to any one transmission in the 01-80-C2-00-00-2F group address.
Described bridging device transparent transmission 802.1X message identifying is: the 802.1X client supports the broadcast address mode of transparent transmission to send through the 802.1X message identifying of bridging device to the 802.1X equipment end with bridging device.This method further comprises: the VLAN ID that a control 802.1X message identifying broadcasting area is set in the 802.1X message.This method also can further comprise: in the network under bridging device, adopt Spanning-Tree Protocol (STP) that the transmission of 802.1X message is managed.
Described bridging device transparent transmission 802.1X message identifying is: the 802.1X client sends through the 802.1X message identifying of bridging device to the 802.1X equipment end with the unicast mac address that can cause broadcast mode.
Described bridging device transparent transmission 802.1X message identifying is: before the 802.1X authentication, 802.1X client is obtained the unicast mac address of 802.1X equipment end by protocol interaction, with the unicast mac address that obtained as destination address, the 802.1X client through bridging device to 802.1X equipment end transmission 802.1X message identifying.Wherein, the 802.1X client is obtained the unicast mac address of equipment end alternately by DHCP (DHCP).
This method further comprises: the 802.1X client is by configuration order or switch control or the definite MAC Address that sends the 802.1X message identifying through bridging device to the corresponding equipment end of both combinations.
Therefore, the method of bridging device transparent transmission 802.1X message identifying provided by the present invention, do not know the situation of equipment end at client, by adopting variety of way to change the MAC Address that transmits the 802.1X message identifying, or change having the processing mode that the MAC multicast address transmits the 802.1X message identifying now, make the 802.1X message identifying can be on the bridging device between client and the equipment end transparent transmission, thereby the 802.1X message identifying that client is sent can see through bridging device and trigger and further finish the 802.1X verification process in equipment end, so, can be supported in the existing Operation Network and carry out the 802.1X authentication business, for the user provides more how better, the service that quality is higher.Simultaneously, this method makes the 802.1X authentication realize becoming possibility on edge convergence layer, and then can reduce equipment cost, reduces the operation and the maintenance cost of network.
Description of drawings
Fig. 1 is that the architecture and the information exchange of 802.1X system concerns schematic diagram;
Fig. 2 is the Signalling exchange schematic diagram of EAP-MD5 verification process in the 802.1X system;
Fig. 3 is the structural representation of common small sized Ethernet networking mode;
Fig. 4 is the networking structure schematic diagram of large enterprise's net commonly used or Operation Network;
The flow chart that Fig. 5 realizes for the present invention.
Embodiment
Because at each bridging device, bottom as switch all is provided with mac address table, stipulated in this table should how to handle through the message of different MAC Address transmission, therefore, core concept of the present invention is exactly: do not know in client under the situation of equipment end that the MAC Address that adopts bridging device can do the transparent transmission processing relates to all messages of 802.1X authentication to the equipment end transmission from client.
When certain need carry out the client process bridging device of 802.1X authentication when its corresponding equipment end sends message identifying, can adopt variety of way that the MAC Address of transmission 802.1X message identifying is changed accordingly according to bridging device to the processing procedure of message and the transmission course of 802.1X message identifying.Shown in step 501~step 504 among Fig. 5, basic implementation procedure of the present invention is:
Bridging device receives each through behind the message of self, judges earlier whether this current message is the 802.1X message identifying, if not, then current message is handled according to the processing mode that is provided with in the existing bottom mac address table in the bridging device; Otherwise, in this equipment, current message is done transparent transmission and handle, promptly directly be transmitted to next layer network device, such as: switch directly passes through access control equipment with the 802.1X message identifying.
The present invention is further described in more detail below in conjunction with specific embodiment.
Embodiment one:
At present, bridging device between client and the equipment end, just near user's equipment and all the ethernet bridging equipment between the access control equipment, processing procedure to the 802.1X message identifying is such: after bridging device is received new message, inquire about the mac address table of bottom earlier, provided processing mode in this table for each or every group of destination-mac address, if judging the target group address of this new message is the 01-80-C2-00-00-03 group address, then this new message is handled by the upper layer entity of this equipment, and do not sent down to one deck equipment.
Therefore, present embodiment is the internal processes that changes bridging device, and two kinds of implementations are specifically arranged:
1) configuration in the change bottom mac address table, the processing mode that is about to 01-80-C2-00-00-03 group address correspondence in the table changes the current message of transparent transmission into by the processing of this machine upper layer entity, promptly directly downward one deck device forwards, so, when bridging device receives that new message is inquired about mac address table, will directly this 802.1X message identifying be passed through down one deck equipment according to predetermined process mode in the mac address table.
2) change the processing of entity at the middle and upper levels of current bridging device, specifically be exactly: the 802.1X message identifying of setting in upper layer entity in advance for the 01-80-C2-00-00-03 group address carries out the transparent transmission processing, promptly directly downward one deck device forwards, so, after current bridging device is received new message, the inquiry mac address table, according to predetermined process mode in the table, the upper layer entity that this new message sends to this equipment is handled, and upper layer entity is about to the downward one deck device forwards of this 802.1X message identifying according to setting in advance.
In the present embodiment,, then to close the 802.1X authentication function of this equipment, simultaneously the 802.1X message identifying be passed through down one deck equipment if current bridging device is supported the 802.1X authentication.
Embodiment two:
Because only stipulate in 802.1X and 802.1D standard: the frame that multicast address transmitted between from 01-80-C2-00-00-00 to 01-80-C2-00-00-0F can not be by bridge institute relaying.Therefore, can directly adopt afore mentioned rules multicast address in addition to come transmission client by the 802.1X message identifying of bridging device to equipment end, in selected multicast address, also comprise the group address of 01-80-C2-00-00-20, though also there are particular provisions these addresses in the 802.1D standard to 01-80-C2-00-00-2F.
So, after bridging device is received the 802.1X message identifying, the mac address table of inquiry bottom, the processing mode of finding the MAC Address correspondence of current transmission 802.1X message identifying is downward one deck equipment transparent transmission, then immediately current 802.1X message identifying transparent transmission is crossed this equipment, be transparent on the access control equipment, thereby the 802.1X that triggers on the access control equipment authenticates always, and finish the 802.1X identifying procedure.
Embodiment three:
Because in Ethernet, broadcast address can be crossed all switches by transparent transmission, arrive access control equipment, therefore, the multicast MAC Address of transmission 802.1X message identifying can be changed into the broadcasting MAC Address, after the 802.1X message identifying utilizes the broadcast address transmission like this, user's 802.1X message identifying just can begin by all ethernet bridging equipment from the equipment near the user, be transparent to access control equipment always, thereby the authentication of the 802.1X on the triggering access control equipment, and finish the 802.1X identifying procedure.
In the present embodiment, owing to use broadcast address may form broadcasting packet, may produce broadcast storm.For fear of the generation of broadcast storm, can on the message format basis of 802.1X regulation, increase a VLAN ID (VLAN tag), current 802.1X message identifying is only broadcasted in the VLAN of appointment, and can not be broadcast in the whole Ethernet.In addition, if the network under the bridging device such as having looped network in the network of being made up of switch, then adopts Spanning-Tree Protocol (STP) that the message transmissions in the network is managed, to prevent the 802.1X message loop appears.
Embodiment four:
In Ethernet, Ethernet protocol has regulation: after Ethernet switch is received a unicast mac address message, if find on this switch not information that should the clean culture target MAC (Media Access Control) address is then broadcasted this unicast message to non-the port or non-VLAN.Therefore, such unicast address is regarded as causing the unicast address of broadcasting.
Present embodiment promptly is to adopt this unicast address to come transmission client by the 802.1X message identifying of bridging device to equipment end, can directly set a unicast address that may cause broadcasting and transmit the 802.1X message identifying, also can set one section unicast address scope that may cause broadcasting earlier, at every turn in this scope optional one transmit the 802.1X message identifying.Like this, after switch is received this 802.1X message identifying, check the mac address table of self, find the not information of this unicast mac address, promptly current 802.1X message identifying transparent transmission is crossed this switch with broadcast mode, be transparent to access control equipment always, thereby trigger the 802.1X authentication on the access control equipment, and finish the 802.1X identifying procedure.
Embodiment five:
Since have clear and definite unicast mac address be destination address message directly transparent transmission to destination device, therefore, present embodiment adopts in the pre-configured equipment end of 802.1X client, the mode of access control equipment unicast mac address just, the 802.1X message identifying that client is sent can directly be sent on the equipment end by bridging device, promptly be transparent to access control equipment always, thereby trigger the 802.1X authentication on the access control equipment, and finish the 802.1X identifying procedure.
In the present embodiment, to the configuration of equipment end unicast mac address can by certain protocols having or New Deal before the 802.1X authentication, be configured negotiation, that is to say, mutual before authenticating earlier by the selected agreement of this kind, make client can obtain the MAC Address of equipment end earlier, then, client sends the 802.1X message identifying with the unicast mac address that is obtained as destination address, so just can make the 802.1X message identifying be transparent to access control equipment always, trigger the 802.1X authentication on the access control equipment, and finish the 802.1X identifying procedure, allowed protocol described here includes but not limited to DHCP (DHCP).
Certainly, the unicast mac address of equipment end also can be by configuration order in client in advance by human configuration, then, client sends the 802.1X message identifying with the unicast mac address that configures as destination address again, so just can make the 802.1X message identifying be transparent to access control equipment always, trigger the 802.1X authentication on the access control equipment, and finish the 802.1X identifying procedure.
In actual application, scheme described in above-mentioned five embodiment can be selected arbitrarily a kind of or adopts the combination of multiple scheme according to the networking situation, described scheme combination is meant uses simultaneously different penetration transmission schemes on different bridging devices, or uses different penetration transmission schemes in the 802.1X of same bridging device initial authentication process and re-authentication process.Wherein, every kind of scheme can realize by configuration order or switch control or both combinations.
The above is preferred embodiment of the present invention only, is not to be used for limiting protection scope of the present invention.
Claims (12)
1, a kind of method of bridging device transparent transmission 802.1X message identifying is carried out the 802.1X client of 802.1X authentication and is passed through bridging device when its corresponding equipment end sends the 802.1X message identifying when needs, it is characterized in that this method comprises:
After bridging device is received each message, judge whether current message is the 802.1X message identifying earlier, if then bridging device is crossed this equipment with this 802.1X message identifying transparent transmission, is forwarded to next layer network device; Otherwise the processing mode that is provided with in the mac address table of bridging device according to the storage of self bottom is handled current message.
2, method according to claim 1, it is characterized in that described bridging device transparent transmission 802.1X message identifying further comprises: the processing mode that sets in advance in the bridging device bottom mac address table the 01-80-C2-00-00-03 group address that sends the 802.1X message identifying is the current message of transparent transmission; After bridging device is received new message, after judging current message and being the 802.1X message identifying, then according to this message identifying of processing mode transparent transmission that is provided with in the bottom mac address table to next layer network device.
3, method according to claim 1 is characterized in that, described bridging device transparent transmission 802.1X message identifying further comprises: preestablish in the bridging device upper layer entity 802.1X message identifying is carried out the transparent transmission processing; After bridging device is received new message, according to the processing mode that is provided with in the bottom mac address table current message being delivered to upper layer entity handles, after upper layer entity was judged current message and is the 802.1X message identifying, then this message identifying of transparent transmission was to next layer network device.
4, method according to claim 1, it is characterized in that, described bridging device transparent transmission 802.1X message identifying is: the 802.1X client supports transparent transmission, 01-80-C2-00-00-00 to 01-80-C2-00-00-0F group address any one multicast MAC Address in addition with bridging device, sends through the 802.1X message identifying of bridging device to the 802.1X equipment end.
5, method according to claim 4, it is characterized in that described bridging device transparent transmission 802.1X message identifying is: the 802.1X client arrives the 802.1X message identifying of 802.1X equipment end through bridging device to any one transmission in the 01-80-C2-00-00-2F group address with 01-80-C2-00-00-20.
6, method according to claim 1, it is characterized in that described bridging device transparent transmission 802.1X message identifying is: the 802.1X client supports the broadcast address mode of transparent transmission to send through the 802.1X message identifying of bridging device to the 802.1X equipment end with bridging device.
7, method according to claim 6 is characterized in that this method further comprises: the VLAN ID that a control 802.1X message identifying broadcasting area is set in the 802.1X message.
8, method according to claim 6 is characterized in that this method further comprises: in the network under bridging device, adopt Spanning-Tree Protocol (STP) that the transmission of 802.1X message is managed.
9, method according to claim 1, it is characterized in that described bridging device transparent transmission 802.1X message identifying is: the 802.1X client sends through the 802.1X message identifying of bridging device to the 802.1X equipment end with the unicast mac address that can cause broadcast mode.
10, method according to claim 1, it is characterized in that, described bridging device transparent transmission 802.1X message identifying is: before the 802.1X authentication, 802.1X client is obtained the unicast mac address of 802.1X equipment end by protocol interaction, with the unicast mac address that obtained as destination address, the 802.1X client through bridging device to 802.1X equipment end transmission 802.1X message identifying.
11, method according to claim 10 is characterized in that: the 802.1X client is obtained the unicast mac address of equipment end alternately by DHCP (DHCP).
12, method according to claim 1 is characterized in that this method further comprises: the 802.1X client is by configuration order or switch control or the definite MAC Address that sends the 802.1X message identifying through bridging device to the corresponding equipment end of both combinations.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN03104987A CN100591068C (en) | 2003-03-04 | 2003-03-04 | Method of transmitting 802.1X audit message via bridging device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN03104987A CN100591068C (en) | 2003-03-04 | 2003-03-04 | Method of transmitting 802.1X audit message via bridging device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1527557A true CN1527557A (en) | 2004-09-08 |
| CN100591068C CN100591068C (en) | 2010-02-17 |
Family
ID=34282465
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN03104987A Expired - Lifetime CN100591068C (en) | 2003-03-04 | 2003-03-04 | Method of transmitting 802.1X audit message via bridging device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100591068C (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101848206A (en) * | 2010-04-02 | 2010-09-29 | 北京邮电大学 | Method for supporting 802.1X extensible authentication protocol in edge router |
| CN101534250B (en) * | 2009-04-15 | 2011-04-20 | 杭州华三通信技术有限公司 | Network access control method and access control device |
| CN102137401A (en) * | 2010-12-09 | 2011-07-27 | 华为技术有限公司 | Centralized 802.1X authentication method, device and system of wireless local area network |
| CN102195952A (en) * | 2010-03-17 | 2011-09-21 | 杭州华三通信技术有限公司 | Method and device terminal for triggering 802.1X Authentication |
| CN102244863A (en) * | 2010-05-13 | 2011-11-16 | 华为技术有限公司 | 802.1x-based access authentication method, access equipment and aggregation equipment |
| CN102255892A (en) * | 2011-06-17 | 2011-11-23 | 苏州汉明科技有限公司 | Enterprise network system supporting wireless access and remote access |
| CN102299924A (en) * | 2011-08-22 | 2011-12-28 | 神州数码网络(北京)有限公司 | Information interaction and authentication methods between RADIUS server and 8.2.1x client and RADIUS system |
| CN101702716B (en) * | 2009-11-13 | 2013-06-05 | 中兴通讯股份有限公司 | Method and device for preventing authenticated user from being attacked |
| CN103458405A (en) * | 2012-05-28 | 2013-12-18 | 中国移动通信集团公司 | Method for processing certification information in wireless local area network and related network equipment |
| CN104113463A (en) * | 2014-07-24 | 2014-10-22 | 深圳市共进电子股份有限公司 | Network bridge based data message processing method, device and network bridge |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9924398B2 (en) * | 2015-10-13 | 2018-03-20 | Quanta Computer Inc. | Method for reducing load by filtering out broadcast messages |
-
2003
- 2003-03-04 CN CN03104987A patent/CN100591068C/en not_active Expired - Lifetime
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534250B (en) * | 2009-04-15 | 2011-04-20 | 杭州华三通信技术有限公司 | Network access control method and access control device |
| CN101702716B (en) * | 2009-11-13 | 2013-06-05 | 中兴通讯股份有限公司 | Method and device for preventing authenticated user from being attacked |
| CN102195952A (en) * | 2010-03-17 | 2011-09-21 | 杭州华三通信技术有限公司 | Method and device terminal for triggering 802.1X Authentication |
| CN101848206A (en) * | 2010-04-02 | 2010-09-29 | 北京邮电大学 | Method for supporting 802.1X extensible authentication protocol in edge router |
| CN102244863A (en) * | 2010-05-13 | 2011-11-16 | 华为技术有限公司 | 802.1x-based access authentication method, access equipment and aggregation equipment |
| CN102244863B (en) * | 2010-05-13 | 2015-05-27 | 华为技术有限公司 | 802.1x-based access authentication method, access equipment and aggregation equipment |
| CN102137401A (en) * | 2010-12-09 | 2011-07-27 | 华为技术有限公司 | Centralized 802.1X authentication method, device and system of wireless local area network |
| CN102137401B (en) * | 2010-12-09 | 2018-07-20 | 华为技术有限公司 | WLAN centralization 802.1X authentication methods and device and system |
| US9071968B2 (en) | 2010-12-09 | 2015-06-30 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for centralized 802.1X authentication in wireless local area network |
| CN102255892B (en) * | 2011-06-17 | 2014-03-26 | 苏州汉明科技有限公司 | Enterprise network system supporting wireless access and remote access |
| CN102255892A (en) * | 2011-06-17 | 2011-11-23 | 苏州汉明科技有限公司 | Enterprise network system supporting wireless access and remote access |
| CN102299924A (en) * | 2011-08-22 | 2011-12-28 | 神州数码网络(北京)有限公司 | Information interaction and authentication methods between RADIUS server and 8.2.1x client and RADIUS system |
| CN103458405A (en) * | 2012-05-28 | 2013-12-18 | 中国移动通信集团公司 | Method for processing certification information in wireless local area network and related network equipment |
| CN104113463A (en) * | 2014-07-24 | 2014-10-22 | 深圳市共进电子股份有限公司 | Network bridge based data message processing method, device and network bridge |
| CN104113463B (en) * | 2014-07-24 | 2018-07-31 | 深圳市共进电子股份有限公司 | A kind of data message processing method, device and bridge based on bridge |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100591068C (en) | 2010-02-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2090063B1 (en) | Apparatus and methods for authenticating voice and data devices on the same port | |
| CN100499554C (en) | Network admission control method and network admission control system | |
| US9112909B2 (en) | User and device authentication in broadband networks | |
| US7194622B1 (en) | Network partitioning using encryption | |
| US7644437B2 (en) | Method and apparatus for local area networks | |
| US7389534B1 (en) | Method and apparatus for establishing virtual private network tunnels in a wireless network | |
| EP1670205A1 (en) | Method and apparatuses for pre-authenticating a mobile user to multiple network nodes using a secure authentication advertisement protocol | |
| CN1567868A (en) | Authentication method based on Ethernet authentication system | |
| WO2005024567A2 (en) | Network communication security system, monitoring system and methods | |
| CN1845491A (en) | Access authentication method of 802.1x | |
| US20040168049A1 (en) | Method for encrypting data of an access virtual private network (VPN) | |
| CN101394277A (en) | Method and apparatus for implementing multicast authentication | |
| CN1142662C (en) | Authentication method for supporting network switching in based on different devices at same time | |
| CN100591068C (en) | Method of transmitting 802.1X audit message via bridging device | |
| US20080034407A1 (en) | Apparatus and methods for supporting 802.1X in daisy chained devices | |
| CN1266910C (en) | A method choosing 802.1X authentication mode | |
| US20060002334A1 (en) | WiFi network communication security system and method | |
| CN102271120A (en) | Trusted network access authentication method capable of enhancing security | |
| CN101272379A (en) | Improving method based on IEEE802.1x safety authentication protocol | |
| CN1225870C (en) | Method and apparatus for VLAN based network access control | |
| CN1266889C (en) | Method for management of network access equipment based on 802.1X protocol | |
| CN1265579C (en) | Method for network access user authentication | |
| KR20070102830A (en) | Method for access control in wire and wireless network | |
| CN100486244C (en) | Method for transmitting 802.1X certification message by bridging equipment | |
| CN1602107A (en) | Roaming access method of mobile node in radio IP system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20100217 |