TWI273793B - Method for retrieving real-time network configuration parameters and lease time definition - Google Patents

Method for retrieving real-time network configuration parameters and lease time definition Download PDF

Info

Publication number
TWI273793B
TWI273793B TW94103076A TW94103076A TWI273793B TW I273793 B TWI273793 B TW I273793B TW 94103076 A TW94103076 A TW 94103076A TW 94103076 A TW94103076 A TW 94103076A TW I273793 B TWI273793 B TW I273793B
Authority
TW
Taiwan
Prior art keywords
network
user
network configuration
time
protocol
Prior art date
Application number
TW94103076A
Other languages
Chinese (zh)
Other versions
TW200629797A (en
Inventor
Wu-Sheng Huang
Original Assignee
Huang Jie Yi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huang Jie Yi filed Critical Huang Jie Yi
Priority to TW94103076A priority Critical patent/TWI273793B/en
Publication of TW200629797A publication Critical patent/TW200629797A/en
Application granted granted Critical
Publication of TWI273793B publication Critical patent/TWI273793B/en

Links

Landscapes

  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a method for retrieving real-time network configuration parameters and lease time definition. The network configuration protocol used in the conventional TCP/IP (transmission control protocol/Internet protocol) is a DHCP (dynamic host configuration protocol), and a lease time scheme is also employed to retrieve the allocated network configuration parameter. The lease time is a period of specific time. However, the conventional DHCP is unable to retrieve the network configuration parameters of the subscriber immediately when the user is off line. Therefore, the present invention discloses a method for retrieving network configuration parameters and lease time definition in real time, which can retrieve the network configuration parameters allocated to the subscriber when the user is off line. When the user is connected to the network next time, the user will be notified to enable the DHCP again so that the efficiency of using network configuration parameter resources can be effectively enhanced.

Description

1273793九、發明說明: 贤、才:Tr.·1273793 IX. Description of the invention: Xian, Cai: Tr.·

【發明所屬之技術領域】 本發明係為一種即時式網路組態參數 時間定義之方法,用以改進TCP/IP的鮮^收及其租j ΓΠΗΓΡΛ^ “士 又運的動您主機配置協定 的方法。良月日守間(Lease Time)作為回收網路組態參數 【先前技術】[Technical Field] The present invention is a method for real-time network configuration parameter time definition, which is used to improve the TCP/IP fresh-receiving and renting ΓΠΗΓΡΛ^ Method. Lease Time as a recovery network configuration parameter [prior art]

刖在TCP/IP網路上普遍使用的網路組態參數配置 ,^為動態主機配置協定(DHCP: Dynamic Host mgum 1 Qn Pr。t⑽1),對於已配置網路組態參數的回 一式^該動態主機配置協定(以下簡稱DHCP)是藉由定義 a /月%間參數(Lease Time)來告知該用戶端此網路組態 芩數的有效期。网路Network configuration parameter configuration commonly used on TCP/IP networks, ^ is the dynamic host configuration protocol (DHCP: Dynamic Host mgum 1 Qn Pr.t(10)1), for the configured network configuration parameters. The Host Configuration Protocol (hereafter referred to as DHCP) informs the client of the validity period of this network configuration parameter by defining the a/month % parameter (Lease Time).

當用戶端向DHCP伺服器要求配置網路組態參數時, 诎^^服器、除了配置網路組態參數給該用戶端之外,同時 ,會告知該用戶其網路組態參數的有效期,這個有效期就 =租期時間的參數定義,租期時間的長短沒有標準…般 是由網路管理者來定義袓期時間。 〜△ DHCP協定之所以使用租期時間來進行已配置網路組 T 的回收機制,是因為MCP協定無法 掌握用戶端設備 離、f的狀況,也就是卵協定中並沒有規定該用戶端 =線時必須先行告知該DHcp伺服器其離線的訊息,故 伺服器無法主動的偵測DHCp用戶端是否都還在線上 on line),所以Dj|Cp伺服器也就無法掌握及得知用戶的 1273793 離線狀況,因此也就無法做 L·」…;;;::::: 的網路組態參數,所以只能使$〖生的回收配置給該用戶 路組態參數的有效期。 用租期時間來限制該用戶網 由於DHCP協定使用袓期 、 組態參數的方法,所以勢必合:间來作為回收已配置網路 -、配置給用戶的組態幾個問題: 將使得組態參數資源的使用效率卩在用戶離線時回收, 二、 無法完整紀錄用戶係氐, 的有效期内,用戶可以任意次、、路的狀況,因為在租期 不需要重新配置網路組態參=文的登入及離線所在網路, 三、 租期並無法作為計 時限之内’並不代表用戶都在使用上考’因為在租期的 四、 租期時間長短沒有標準, 網路組態參數在配置資源上沒長的租期時間會使得 使得用戶端不斷發出延長袓期時二:要t短的袓期時間會 以下首先利用第一圖來頡 、 意圖’接著藉由第二圖來說明1、二:構示 的流程動作,而第三圖則說明了羽^ 置協疋(MCP) 期時間(Lease Time)來回收已配白0 協f如何利用租 進-步說明習知連接認證機制做為用戶端的J後 控制(Access Control)方法。 子取 ',首,請參考第-圖,係為習知區域網路架構示意圖, 首先由複數個用戶端通訊設備10利用有線(Wired)連接的 方式與網路交換器(Network Switch)16連接,或者利用無 線的方式與無線基地台(Wireless Access P〇int)i8連 1273793 4 * J 0 ¥月曰修(更)正替換頁 接’不管是上述的網路交換器或是無線基地台,基本上都 是提供用戶端設備與區域網路之間的實體連接,因此以下 通稱兩者為網路接取设備(Network Access Device);路由 為(Router) 12則用來提供跨網段的路由功能;由於區域網 路的拓樸圖(Network Topology)可大可小,故以網際網路 2〇來表示從路由器12到伺服器之間所經過的路徑 (PATH),DHCP伺服器14主要提供DHCP服務的功能。 請苓考第二圖係為習知用戶端經由DHCP伺服器取得 網路組態參數以及租期時間之方法流程圖,首先用戶端通 訊設備10啟動DHCP組態配置要求(si〇〇),並送出一個_When the client requests the configuration of the network configuration parameters from the DHCP server, the server, in addition to configuring the network configuration parameters to the user terminal, also informs the user of the validity period of the network configuration parameters. This validity period = the definition of the parameter of the lease time, the length of the lease period has no standard... It is the network administrator who defines the flood time. ~△ The reason why the DHCP protocol uses the lease time to perform the recovery mechanism of the configured network group T is because the MCP agreement cannot grasp the status of the client device and the f, that is, the client does not specify the client=line. The DHcp server must be notified of the offline message first, so the server cannot actively detect whether the DHCp client is still online (on line), so the Dj|Cp server cannot grasp and know the user's 1273793 offline. The situation, therefore, can not do the network configuration parameters of L·"...;;;:::::, so only the raw recycling configuration can be given to the validity period of the user route configuration parameters. The lease time is used to limit the user network's use of the flood protocol and configuration parameters due to the DHCP protocol, so it is bound to be: as a recovery of the configured network - configuration configured for the user several problems: will make the configuration The efficiency of the use of parameter resources is recovered when the user is offline. Second, the user system cannot be completely recorded. During the validity period, the user can have any status, and the status of the road, because the network configuration does not need to be reconfigured during the lease period. The login and offline network, third, the lease period can not be used within the time limit 'does not mean that the user is using the test' because because of the lease term, the lease time is not standard, the network configuration parameters are There is no long lease time on the configuration resource, which will cause the user to continuously issue an extended period. Secondly, the short period of time to be t will be the first to use the first picture, and the intention is to use the second picture to illustrate. 2: The flow of the process is constructed, and the third diagram illustrates the time of the MCP period (Lease Time) to recover the allocated white 0. How to use the lease-step to explain the custom connection authentication mechanism do J of control after the UE (Access Control) method. Sub-taken, first, please refer to the figure - diagram, which is a schematic diagram of the conventional regional network architecture. First, a plurality of client-side communication devices 10 are connected to the network switch 16 by means of a wired (Wired) connection. , or wirelessly connected to the wireless base station (Wireless Access P〇int) i8 12737793 4 * J 0 ¥月曰修(more) is replacing the page connection' whether it is the above network switch or wireless base station, Basically, the physical connection between the client device and the local area network is provided. Therefore, the following are generally referred to as Network Access Device; the route is (Router) 12 is used to provide cross-network segments. Routing function; Since the topology of the local area network (Network Topology) can be large or small, the Internet (2) is used to indicate the path (PATH) that passes between the router 12 and the server. The DHCP server 14 is mainly Provides the functionality of a DHCP service. Please refer to the second figure as a flow chart of the method for obtaining the network configuration parameters and the lease time by the custom client via the DHCP server. First, the client communication device 10 starts the DHCP configuration configuration request (si〇〇), and Send a _

DHCP 探索(DHCPDISCOVER)封包至 DHCP 伺服器 14,該 DHCP 探索封包係用來尋找可用的DHCP伺服器。 在階層式網路架構(Hierarchical Network Architecture)中,DHCP伺服器通常不會與用戶端設備位 於同一網段(SUBNET),這時必須透過路由器(R〇uter)12來The DHCP Discover (DHCPDISCOVER) packet is sent to the DHCP server 14, which is used to find available DHCP servers. In the Hierarchical Network Architecture, the DHCP server is usually not in the same network segment as the client device (SUBNET). In this case, it must be through the router (R〇uter)12.

執行 DHCP 探索封包(DHCP Discover Packet)轉送(DHCP RELAY)的工作,用戶端設備送出的dhcp探索封包被路由器 所接收,並加入路由器位址等轉送(RELAY)的資訊後,根據鲁Perform DHCP Discover Packet forwarding (DHCP RELAY). The dhcp discovery packet sent by the client device is received by the router and added to the router address and other information (RELAY).

路由器本身的設定内容直接把DHCP探索封包傳送給DHCP 伺服器。 备DHCP伺服器14收到路由器12送來的DHCP探索封 包後,DHCP伺服器會執行一組態決定機制(81〇2),然後根The setting content of the router itself directly transmits the DHCP discovery packet to the DHCP server. After the DHCP server 14 receives the DHCP discovery packet sent by the router 12, the DHCP server performs a configuration decision mechanism (81〇2), and then roots.

據^p探索封包内容的資訊,決定要配置(Αιι。如)給用 戶鈿β又備的網路組態參數及租期時間,而決定網路組態參 數的依據可以是該用戶端設備的媒體存取控制位址(MAC 7 1273793According to the information of the content of the package, it is decided to configure (Αιι.ru) to the user to configure the network configuration parameters and the lease time, and the basis for determining the network configuration parameters may be the user equipment. Media Access Control Address (MAC 7 1273793

'ά address)、電腦名稱或是使用隨機的方1··^^^;^;...」 當DHCP祠服器的組態決定機制決定要配置給用戶端 設備的網路後,便送出_個赃 0簡)封㈣路提供封㈣提供網路组 態翏數給用戶端設備作參考,#路由器丨2收到此封包,便 再次轉送給用戶端設備1〇。 該用戶端設備1G收到·提供封包後,會查驗 提供封包裡面所包含的組態參數内容(幻〇4),當用戶端設 備決疋接文此網路組恶芩數並要求DHCP伺服器14實際配 置此網路組悲參數時(S1 〇6),再送出DHCP需求(DHCP REQUEST)封包,此封包會被路由器12所接收到並轉送到 DHCP伺服器14。 DHCP伺服器14收到DHCP需求封包後,組態決定機制 判斷用戶端設備是否接受此網路組態參數(sl〇8),當判斷 為是時’此時組態決定機制才會真正配置此組態參數給該 用戶端設備(S110),且送出DHCP確認(DHCPACK)封包給路 由器,路由器再轉送至用戶端設備,在此該DHCP確認封包 的主要作用,是用來確定DHCP伺服器已配置該網路參數給籲 用戶端設備。 用戶端設備10收到DHCP確認的封包,便可以確定 DHCP伺服器14已經配置該網路組態參數,此時用戶端設 備總算取得了網路組態參數以及租期時間,可以開始進行 啟始化(Initialization)工作(S112)。啟始化工作主要是 獲得該用戶的網路組態參數及租期時間並設定網際網路傳 輸協定堆疊(TCP/IP STACK),網路組態參數包括了該用戶 1273793 端的網路位址(IP)、網路遮罩(3仙麗7職从)、路由器位址 (ROUTER IP)、網域名稱服務主機的位址⑽s Ip)、微軟名 柄解析主機位址(WINS IP)等相關網路組態參數,當用戶端 設備完成了啟始化工作,才可以使用網際網路傳輪協定之 通吼協定與網路上的其他設備進行通訊。 明茶考第二圖為習知DHCp協定利用租期時間的方式 Γπ回:已配置網路組態參數的方法流程圖,首先該用戶端 ⑼二DHCP協定來取得其網路組態參數及租期時間 新日士 η /㈣戶端對此網路組態參數的使用時間等於更 更新時二==以要求-新的租期時間’-般 封包戶端Μ會等待該DHCM司服器14的回覆 的組期時門(S2=到=覆封包時,該用戶便可得到-新 ^ i i'J fa1 'bmw'# T2), :;重新、、邦疋時間(Rebinding Time ; 以雇播時間為7/8的租期時間,此時該用戶端 1袓期=⑽8重)新綁定封包’向 定封用:端會等待任—DHCP伺服器回覆重新綁 包,’女果5亥用戶端一直沒收到回覆的封 於繼續,此網路組態參數直到使用時間等 放畢亚在到達租期時間時,該用戶端10必須 原有網路組態參數並重新開始DHCP啟始化協定 1273793 , 被屯二. (S214),請芩考標準網路協定文件rfc 213卜RFC 。 目前由於網路安全的需要,有些網路交換器16以及 热線基地台18 ’本身會具備有連接認證功能(Port-based Ac:e,s Control;),也就是它們會針對連接的用戶端進行身 刀…立的工作’唯有通過身分驗證的程序之後,與用戶端 ⑨備連接的該連接埠才會開放給用戶端設備使用 ,如此可 加強用戶端與區域網路連接的安全性,標準的連接認證協 定有802. lx龄,相關的網路文件資料請參考標準網路協 夢 疋文件(RFC 2865、RFC 3579、RFC 3580)。 抓明同4芩考第一圖的區域網路架構示意圖,當接取交 換器16或無線基地台18具備有連接認證功能日寺,會針對 所,接的用戶端1G進行身分認證卫作,另外再搭配認證饲 服為22來集中式的驗證用戶端身分,該認證飼服器α負 責存放用戶帳號資料庫及驗證用戶的身分,例如執行遠程'ά address), computer name or use random party 1··^^^;^;..." When the configuration mechanism of the DHCP server determines the network to be configured for the client device, it is sent out _ 赃 简 简 ) 封 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四 四After the client device 1G receives and provides the packet, it checks the content of the configuration parameter contained in the packet (phantom 4), and the client device determines the number of network packets and requests the DHCP server. 14 When the network group sorrow parameter is actually configured (S1 〇 6), a DHCP request (DHCP REQUEST) packet is sent, and the packet is received by the router 12 and forwarded to the DHCP server 14. After the DHCP server 14 receives the DHCP request packet, the configuration decision mechanism determines whether the client device accepts the network configuration parameter (sl〇8). When the determination is yes, the configuration decision mechanism will actually configure this. The configuration parameters are sent to the client device (S110), and a DHCP acknowledgement (DHCPACK) packet is sent to the router, and the router forwards the packet to the client device. Here, the main function of the DHCP acknowledgement packet is to determine that the DHCP server is configured. This network parameter is given to the client device. The client device 10 receives the DHCP acknowledged packet, and can determine that the DHCP server 14 has configured the network configuration parameter. At this time, the user equipment finally obtains the network configuration parameter and the lease time, and can start the start. Initialization work (S112). The initialization work mainly obtains the user's network configuration parameters and lease time and sets up the Internet transport protocol stack (TCP/IP STACK). The network configuration parameters include the network address of the user's 1273793 ( IP), network mask (3 Xianli 7 job), router address (ROUTER IP), domain name service host address (10) s Ip), Microsoft name resolution host address (WINS IP) and other related networks The road configuration parameters, when the client device completes the initialization work, can communicate with other devices on the network using the overnight protocol of the Internet Protocol. The second picture of the Ming tea test is the traditional DHCp agreement to use the lease time method Γπ回: the flow chart of the method of configuring the network configuration parameters, first the user (9) two DHCP protocol to obtain its network configuration parameters and rent The time of the new Nisko η / (four) households use this network configuration parameters equal to the time of the second update == to the request - the new lease time '-like the package client will wait for the DHCM server 14 The reply of the group period door (S2 = to = when the package is wrapped, the user can get - new ^ i i'J fa1 'bmw' # T2), :; re, time, (Rebinding Time; The broadcast time is 7/8 lease time. At this time, the client 1 cycle = (10) 8 heavy) The new binding packet is used for the fixed seal: the terminal will wait for the DHCP server to reply and re-bundle the package. The client has not received the reply from the client. The network configuration parameters are up to the time of use. When the lease time is reached, the client 10 must have the original network configuration parameters and restart the DHCP start. Protocol 1273793, 屯二. (S214), please refer to the standard network agreement document rfc 213 卜 RFC. At present, due to the need of network security, some network switches 16 and hotline base stations 18' themselves have connection authentication functions (Port-based Ac: e, s Control;), that is, they will be directed to the connected client. After the process of verifying the identity, the connection with the client 9 is opened to the client device, which enhances the security of the client and the local area network connection. The standard connection authentication protocol is 802. lx age. For related network files, please refer to the standard network protocol (RFC 2865, RFC 3579, RFC 3580). The schematic diagram of the regional network architecture of the first picture of the same test is taken. When the access switch 16 or the wireless base station 18 has the connection authentication function, the temple will be authenticated for the user 1G. In addition, the certified feeding service is 22 to centrally verify the user identity. The authentication feeding device α is responsible for storing the user account database and verifying the identity of the user, for example, performing remote operation.

Remote Access Dial-In User Service)協定的認證伺服器(Authenticati〇nServer),哼 認證伺服器22最後將驗證後的結果通知網路交換器16 ^ 擊無線基地台18,以決定是否開啟該連接埠。 網路父換為16或無線基地台18等網路接取設備除了 利用認證伺服器22來幫忙驗證用戶端身份之外,也會將用 戶端登入及離線等訊息紀錄傳送到計帳伺服器 (Accounting Server) 24,例如執行遠程訪問撥入用戶月: 務(RADIUS: Remote Access Dial-ln User Service)協定 的計帳饲服器(Accounting Server)就是用來記錄用戶端 的連線及離線情形,並可做為將來計費上的來考;請灸考 1273793Remote Authentication Dial-In User Service) The authentication server (Authenticati〇nServer), the authentication server 22 finally notifies the network switch 16 of the result of the verification to the wireless base station 18 to determine whether to open the connection. . The network access device, such as the network parent switch to 16 or the wireless base station 18, in addition to using the authentication server 22 to help verify the identity of the client, also transmits the message records such as the user login and offline to the accounting server ( Accounting Server) 24, for example, the accounting access server (RADIUS: Remote Access Dial-ln User Service) agreement accounting server (Accounting Server) is used to record the connection and offline situation of the client, and Can be used as a test for future billing; please moxibustion 1273793

[T 標準網路協定文件RFC 2865以及RFC 2866 —、、vr、口以上的DHCP協定以及連接埠存取控制習知技 術^7 戶欲上網日守,該用戶端10須先經由該認證伺服器 22認證許可後,_戶端設備所連結 才會開放給制戶端㈣,财來制戶端設備 ί啟始灿1職14轉轉組g錢及__,並完[T standard network protocol file RFC 2865 and RFC 2866 —, vr, DHCP protocol above port and port access control technology ^7 users want to access the Internet, the client 10 must first pass the authentication server 22 After the certification is granted, the connection to the _ terminal device will be open to the system terminal (4), and the financial system to the terminal device ί 启 灿 灿 1 1 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14

合將而料,具树接認證功㈣網路接取設備 s二戶離線訊息發送至計帳飼服器(Ac_ting 的網路組態參數回收動作則是依照 == 爾決定,並不是在卿㈣時,便立即 L發明内容】 ^監於前述動態主機配置協定⑽cp)利用 題,二本二參數’而引起的-些問 租期時間定義之方法。 试轉组態參數回收及其 觸_DHepπ透過連接認證的離線訊息紀錄來作為 線用戶的網路組態參數,最二二:=值來找出該離 _動作’使得該 1273793 机 :'歉: 租期時間所規定的有效期咖 義之=達ί即時式網路組態參數回收及其租期時間定 :::2發明使用的方法包括執行-特定網路連接認 =:、:路接取設備用來驗證用戶端身分以及偵測用 戶如雜崎形;騎―狀好 Γ己來傳送用戶端離線訊息到參i 电能It Γ紋機制;執行—動態主機配置協定的網路 器,係負責配置用戶端網路組參數以及 在用戶雜時’回收該用戶所配置的網路組態來數。 【實施方式】 為了冑貴審查委員能更進—步瞭解本發明為達成 ^目的所採取之技術、方法及功效,請參閱以下有關本 2明之詳細說明與附圖,相信本發明之目的、特徵與特點, 田可由此得一深入且具體之瞭解,然而所附圖式僅提供參 考與說明之用,並非用來對本發明加以限制者。 本發明主要是取代了習知動態主機配置協定(DHCp) 利用袓期時間(Lease time)來回收已配置網路組態參數的 方法’而是另外藉由執行在網路接取設備上的連接認證機 制來認證以及偵測所連接用戶端的狀況,並在該用戶離線 時’該網路接取設備利用用戶離線訊息傳送機制來通知該 網路組態參數配置伺服器,而在該網路組態參數配置伺脈 器收到該用戶離線訊息之後,利用用戶特徵值的方式來比 對以及解除該網路組態參數的配置。 1273793In the same way, with the tree connection authentication function (4) the network access device s two offline messages are sent to the accounting feed device (Ac_ting network configuration parameter recovery action is determined according to == er, not in Qing (D), immediately L invention content] ^ In the aforementioned dynamic host configuration agreement (10) cp) use the problem, the two two parameters 'cause' - some of the time period definition method. Trial transfer configuration parameter recovery and offline _DHepπ through the connection authentication offline message record as the line user's network configuration parameters, the most two: = value to find out the _ action 'make the 1273793 machine: 'apology : Validity period specified by the lease time = up to the instant network configuration parameter recovery and its lease time:::2 The method used by the invention includes execution-specific network connection recognition =:,: road access The device is used to verify the identity of the user and to detect the user, such as a miscellaneous shape; the ride is a good way to transmit the offline message of the client to the power of it; the network device that executes the dynamic host configuration protocol is responsible for Configure the client network group parameters and 'reclaim the network configuration configured by the user when the user is in trouble. [Embodiment] In order to further understand the techniques, methods, and effects of the present invention in order to achieve the objectives, please refer to the following detailed description and drawings regarding the present invention. The features and features of the invention are to be construed as illustrative and not restrictive. The present invention primarily replaces the conventional Dynamic Host Configuration Protocol (DHCp) method of recovering configured network configuration parameters using Lease time', but additionally by performing a connection on the network access device. An authentication mechanism to authenticate and detect the status of the connected client, and when the user is offline, the network access device utilizes the user offline messaging mechanism to notify the network configuration parameter configuration server, and in the network group After receiving the offline message of the user, the state parameter configuration server uses the user characteristic value to compare and unconfigure the network configuration parameter. 1273793

运i‘. 4 1。 ^---1 年月日修(更)正替換頁IYun i'. 4 1. ^---1 Year, month, repair (more), replacement page I

DHCP :i配置給魄 :?’便即時回收所配置的網路組態參數,同 『參數資源的可用性,以及更準麵紀錚=:網f組 配置及使用情形。 、、罔路組恶芩數的 收及:發明之即時式網路組態參數回 端設備離®,本發卿、當複數個用戶 路組二態參數配顺^ =網路環境’因為無論在IPv4或IPv 境^, 其即時式網路組態參數回收的方式皆可採, 方法來達成回收網路組態參數的目的。 % 0的 ==,標準化的8G21x連接認證機制作為實施 ^ °Λ~用戶端設備連接到一能執行用戶連接句蛾 的網路接取設備⑽〇),該些網路接取設備可以 = 線連接方式_路交換器⑽切他switeh),或是使用益 線連接方式的無線基地台(Wireless Access以“仂。…、 當該些用戶端設備連接到該網路接取設備時, 接取設備會_連接認證機騎制戶端進 = 作(S302),該些用戶端設備必須成功通過身分驗證=, 該網路接取設備上的該連接埠才會開放給用戶端使 準化的連接認證機制為802· lx協定,此標準協定主1 ^ 義了網路接取設備對於其連接埠的存取控制方式以及=二 端身分認證之方法,當連接的該用戶端成功通過了身分驗 13 序之後,该網路接取設備此時才會開放該連接埠的存 給該用戶端,標準的802 1x協定參考文件為 WU579、RFC3580 及 RFC3748。 另外網路接取設備也可以使用網頁登入認證 巷eb Login)的方式來提供連接認證機制的其他選擇,因為 才下準的802· 1χ連接認證協定在運作時,必須用戶端及網路 接取設備同時執行802· lx協定的軟體,為了避免用戶端設 備^法執行8〇21χ協定軟體,就無法進行用戶端身分認證 的情況,這時就可以利用網路接取設備支援網頁登入認證 =eb-l0gin)的方式來同樣達到用戶端身份認證的目的,此# 日守用戶端只要透過網頁來進行身分認證即可。 — 上述之連接認證機制係利用802· lx的可擴展認證協 疋(EAP : Extensible Authentication Protocol)送出身分 認證資料至該網路接取設備,該網路接取設備再將收到的 可擴展認證協定(ΕΑΡ)資料轉送給認證伺服器來做用戶端 身分驗證工作,而執行於該網路接取設備與該認證伺服器 之間的網路通訊協定,可以利用標準化的遠程訪問撥入用 戶服務(RADIUS)、終端存取控制器存取控制系統(TACAS)⑩ 或是輕量目錄存取協定(LDAP)等機制來達成。 標準化的遠程訪問撥入用戶服務(RADIUS)、終端存取 控制器存取控制系統(TACAS)或是輕量目錄存取協定(LDAP) 等主要是提供統一的用戶端身分驗證工作,並將驗証之後 的結果通知網路接取設備,所以執行遠程訪問撥入用戶服 務(RADIUS)、終端存取控制器存取控制系統(TACAS)或是輕 量目錄存取協定(LDAP)程式的伺服器一般又可稱為認證伺 1273793 . 服器。 I» Ά,Ll 月;日修(更)正替换: 涊證伺服态的主要工作是負責用戶端的身分驗證工 作,並將驗證後的結果通知該網路接取交換器,當該用戶 鈿成功的通過身分驗證,認證伺服器會透過與網路接取設 備之間的網路通訊協定來通知用戶驗證成功的訊息,接下 來網路接取交換器才會將與該用户端連接的該連接埠開 啟,允許該用戶端使用該連接埠。 而在用戶端成功通過身分驗證,認證伺服器也會記錄 下網路連接認證協定封包所包含的用戶資訊,包括了該用 戶的媒體存取控制位址(MAC address)、該用戶所登入的網· 路接取設備位址(IP address)以及網路接取設備上的埠號 (port number)等。 當该些用戶端成功通過網路接取設備的連接認證機 制’該網路接取設備上的該連接琿也已進入開啟狀態,用 戶端設備此時再利用動態主機配置協定(DHCP)來取得所需 要的網路組態參數。 該用戶端必須對該網路組態參數配置伺服器要求網 路組態參數的配置(S304),此用戶端取得其網路組態參數_ 的流程請參考第二圖。一旦用戶端設備取得了網路組態參 數並完成TCP/1P堆疊(TCP/1P STACK)的啟始化工作,便可 以使用TCP/IP網際網路通訊協定與其他網路設備進行通 訊,直到該用戶端離線為止。 用戶端離線的原因有很多種,例如用戶端主動登出網 路(Logout)、用戶端重新開機(Reboot)、網路埠關閉(port Failure)、網路埠重新開啟(Port Reinitial)、重新認證 1273 7Q2 ί—4; 19 I年月 d(更)正替·: .................. 〜 〜W.〜w〜y*. .m... 錯誤(Re-authentication Failure)等等。 所以當用戶端一旦發生離線的情形,該網路接取設備 必須能偵測(Monitor)並判斷該用戶端的離線原因 (S306) ’由於用戶端與網路接取設備之間在一開始便執行 了連接認證機制,例如802. 1χ、網頁登入機制 (Web-Login),所以該連接認證機制此時便可以發揮其掌握 $戶端的連線及離線狀態的功能,在用戶端離線狀況發生 的同時’可以立即判斷出該用戶離線的原因及狀態訊息, 鲁請參考標準網路協定文件RFC 3580中對於離線用戶的原因 代碼說明(Termination Code)。 當該網路接取設備上所執行的連接認證機制偵測並 判斷該用戶發生了離線情形,而且產生了離線原因代碼 (Termination Code)之後,該網路接取設備必須送出用戶 離線訊息至網路組態參數配置伺服器(S308),標準化的用 戶每隹線§fl息通知方式可以透過遠程訪問撥入用戶服務的計 帳協定(RADIUS Accounting Protocol)或是終端存取控制 ⑩ 器存取控制系統的計帳協定(TACAS Accounting Protocol) 等來完成,請參考標準網路協定文件(RFC 3579)對於籲 802· lx以及遠程訪問撥入用戶服務的計帳協定(RADIUS Accounting Protocol)的定義及描述,在用戶端發生離線 的現象之後,遠程訪問撥入用戶服務的計帳協定會利用計 帳協定封包(Accounting-request packet)送出該用戶離 線 δίΐ息(Acct-Terminate-Cause Attributes)。 利用遠程訪問撥入用戶服務的計帳協定(RADIUS Accounting Protocol)或是終端存取控制器存取控制系統的 16 1273793 r ^ t, ·. 一 計帳協定(TACAS Accounting Protocol)雖可以取得較為完 整的用戶離線訊息,不過也可以利用較為普遍的簡易網路 管理協定(SNMP : Simple Network Management Protocol)或 是系統日誌協定(SYSLOG Protocol)來送出用戶離線訊息 紀錄;請參考網路標準協定文件(RFC 3164、RFC 3411、 RFC 3413) 〇 本發明採用的實施方式係以遠程訪問撥入用戶服務 的計帳協定(RADIUS Accounting Protocol)來做說明。當 利用802· lx協定來偵測及判斷該用戶端離線狀態 (S306),再接著利用遠程訪問撥入用戶服務的計帳協定來· 傳送該用戶離線訊息至該網路組態參數配置伺服器 (S308),此時該網路組態配置伺服器必須配合執行遠程訪 問撥入用戶服務的計帳協定的伺服器端(RADIUS Accounting Server)程式,主要目的是接收該離線用戶的 sfL息封包(Accounting-request packet)。 請參考第五圖,當該網路組態參數配置伺服器透過執 行计帳協定(Account i ng Pro toco 1)接受到該離線訊息封 包(山ACC〇Unting-reqUest packet) (S31〇A),接下來將該用癱 戶&所配置的網路組態參數從網路組態參數配置資料庫中 移除或是讓此網路組態參數可以釋放(Release)出來。 由於網路組態參數伺服器是利用動態主機配置協定 (DHCP)來配置用戶端的網路組態參數,所以當網路組態參 數配^伺服裔接收到計帳訊息封包以及其中的該用戶離線 汛心日守,便必須從該用戶離線訊息中定義一用戶特徵值 (S310B)’此用戶特徵值必須同時存在於該用戶的離線訊息 /ηDHCP: i is configured for 魄:?’ to instantly reclaim the configured network configuration parameters, as well as “the availability of parameter resources, and more accurate 铮 =: network f group configuration and usage. ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In IPv4 or IPv environment, the method of real-time network configuration parameter recovery can be adopted to achieve the purpose of recycling network configuration parameters. % 0 ==, the standardized 8G21x connection authentication mechanism is implemented as a ^^Λ~ client device connected to a network access device (10) that can perform user connection moths, these network access devices can = line Connection mode _ way switch (10) cut him switeh), or wireless base station using the benefit line connection (Wireless Access to "仂...., when the client devices are connected to the network access device, access The device will connect to the authentication machine to perform the authentication (S302), and the user devices must successfully pass the identity verification =, the connection on the network access device will be opened to the user to be standardized. The connection authentication mechanism is the 802·lx protocol. The standard protocol masters the access control method of the network access device for its connection port and the method of the second-end identity authentication. When the connected user successfully passes the identity After the 13th sequence, the network access device will open the connection to the client at this time. The standard 802 1x protocol reference files are WU579, RFC3580 and RFC3748. In addition, the network access device can also use the webpage. Login confirmation The way to provide connection authentication mechanism, because the 802. 1 connection authentication protocol is only required, the client and the network access device must simultaneously execute the 802·lx protocol software, in order to avoid If the client device implements the 8〇21χ protocol software, the user identity authentication cannot be performed. In this case, the network access device supports the webpage login authentication=eb-l0gin) to achieve the same user identity authentication. The purpose of this #日守客户端 is to perform identity authentication through the webpage. — The above connection authentication mechanism uses the 802·lx Extensible Authentication Protocol (EAP) to send identity authentication data to the network. Receiving the device, the network access device forwards the received extensible authentication protocol (ΕΑΡ) data to the authentication server for the user identity verification work, and executes the network access device and the authentication server. Network protocol between the two, can be accessed using standardized remote access dial-in user service (RADIUS), terminal access controller Systematic System (TACAS) 10 or Lightweight Directory Access Protocol (LDAP), etc. Standardized Remote Access Dial-In User Service (RADIUS), Terminal Access Controller Access Control System (TACAS) or lightweight Directory Access Protocol (LDAP) and the like mainly provide unified user identity authentication work, and notify the network access device of the result after verification, so the remote access dial-in user service (RADIUS) and the terminal access controller are executed. The server that takes control system (TACAS) or Lightweight Directory Access Protocol (LDAP) program is generally called authentication server 1273793. I» Ά, Ll month; Japanese repair (more) is replacing: The main work of the 伺服 伺服 servo state is responsible for the identity verification work of the client, and informs the network to accept the switch after the verification, when the user succeeds Through the identity verification, the authentication server notifies the user of the successful message through the network communication protocol with the network access device, and then the network access switch will connect the connection with the client.埠Open to allow the client to use the port. After the user successfully passes the identity verification, the authentication server also records the user information included in the network connection authentication protocol packet, including the user's media access control address (MAC address), and the network to which the user is logged in. · The device picks up the IP address and the port number on the network access device. When the user terminals successfully pass the connection authentication mechanism of the network access device, the connection port on the network access device has also been turned on, and the client device uses the dynamic host configuration protocol (DHCP) to obtain the device. The required network configuration parameters. The client must configure the configuration parameters of the network configuration parameters (S304) for the network configuration parameters. Please refer to the second figure for the procedure for the client to obtain its network configuration parameters. Once the client device has obtained the network configuration parameters and completed the initialization of the TCP/1P stack (TCP/1P STACK), it can communicate with other network devices using the TCP/IP Internet Protocol until the The client is offline. There are many reasons why the client can be offline. For example, the client actively logs out (Logout), the client reboots (Reboot), the network fails (port failure), the network reopens (Port Reinitial), and re-authenticates. 1273 7Q2 ί—4; 19 I year month d (more) positive replacement: .................. ~ ~W.~w~y*. .m.. . Re-authentication Failure and so on. Therefore, when the user terminal is offline, the network access device must be able to detect (Monitor) and determine the offline reason of the client (S306) 'because the client and the network access device are executed at the beginning The connection authentication mechanism, such as 802.1 χ, Web-Login, so the connection authentication mechanism can now play its role of mastering the connection and offline status of the account, while the offline status of the user occurs. 'You can immediately determine the cause and status message of the user offline. Please refer to the Termination Code for offline users in the standard network agreement file RFC 3580. After the connection authentication mechanism performed on the network access device detects and determines that the user has an offline situation and generates an offline reason code (Termination Code), the network access device must send the user offline message to the network. The road configuration parameter configuration server (S308), the standardized user per-line §fl notice mode can be dialed into the user service RADIUS Accounting Protocol or the terminal access control 10 device access control through remote access The system's TACAS Accounting Protocol is completed. Please refer to the standard network agreement document (RFC 3579) for the definition and description of the RADIUS accounting protocol for 802·lx and remote access dial-in user services. After the offline phenomenon occurs on the user side, the remote access dialing user service billing agreement uses the accounting-request packet to send the user offline ACL (Acct-Terminate-Cause Attributes). Using the remote access dial-in user service RADIUS Accounting Protocol or the terminal access controller access control system 16 1273793 r ^ t, · A TACAS Accounting Protocol can be more complete Users offline messages, but can also use the more common Simple Network Management Protocol (SNMP: Simple Network Management Protocol) or syslog protocol (SYSLOG Protocol) to send users offline message records; please refer to the network standard agreement file (RFC) 3164, RFC 3411, RFC 3413) The embodiment adopted by the present invention is described by remote access to a RADIUS Accounting Protocol. When the 802·lx protocol is used to detect and judge the offline status of the client (S306), and then the remote access is used to dial the user service accounting protocol to transmit the user offline message to the network configuration parameter configuration server. (S308), at this time, the network configuration configuration server must cooperate with the RADIUS Accounting Server program for remotely accessing the accounting agreement of the dial-in user service, and the main purpose is to receive the sfL information packet of the offline user ( Accounting-request packet). Please refer to the fifth figure. When the network configuration parameter configuration server receives the offline message packet (S31〇A) through the implementation of the accounting protocol (Account i ng Pro toco 1), Next, remove the network configuration parameters configured by Seto & from the network configuration parameter configuration database or let the network configuration parameters be released. Since the network configuration parameter server uses Dynamic Host Configuration Protocol (DHCP) to configure the network configuration parameters of the client, when the network configuration parameter is configured, the server receives the accounting message packet and the user is offline. If you are obedient, you must define a user feature value from the user's offline message (S310B) 'This user feature value must exist in the user's offline message / η

I D 17 1咖3 封包,也必須存在於網路組態參數配置伺服器的網路組態 參數配置資料庫中,在本發明中主要是採用用戶端的媒體 存取控制位址(Media Access Control Address : MAC)來定 義此用戶特徵值。 用戶特徵值定義也可以是複合式的組合,利用使用電 腦名稱或用戶名稱加上媒體存取控制位址等,但最主要的 是’此用戶特徵值必須能同時在用戶離線訊息内容中存 在,以及在網路組態參數配置資料庫中找到。 • 該網路組態參數配置伺服器從該用戶離線封包中取馨 得該離線用户端的用戶特徵值,接下來便是利用此用戶特 徵值作為索引鑰匙(Index Key),用來搜尋比對網路組態參 數配置伺服器的網路組態參數資料庫上的紀錄(S310C),由 於網路組態參數資料庫上的配置資訊也必須同時存在此用 戶特徵值,所以可以利用此方法來找到該離線用戶所配置 的網路組態參數。 但如果使用簡易網路管理協定(SNMP)或是系統日誌協 φ 定(SYSL0G)來傳送用戶離線訊息封包,會造成在該封包上找 不到該用戶特徵值的問題,不過在該封包上卻記錄了該離線春 用戶的網路接取設備位址(IP address)以及琿號(Port number) 的貧訊,這時可以利用一開始的網路連接認證協定的用戶紀 錄貧訊,將網路接取設備位址以及琿號來對應得到該用戶的 特徵值,例如該用戶的媒體存取控制位址(MACaddress)等。 當比對搜尋到位於網路組態參數配置表上的該離線 用戶網路組悲荼數配置紀錄之後,網路組態參數配置伺服 器再把該筆紀錄從用戶配置表中移除或是進行釋放的動作 18 Μ 1273793 ,鲁: (^ 1 Π Λ ·〜— , ,如此就完成了該用戶網路組態灸 態參數回收的目的(S312)。此便了以達到即時式的網路組 在第四圖及第五圖的即時式網路纟且能 法說明中,各流程所執行的機制及協定收之方 台伺服器上,也就是將認證飼服哭^同0守執行於單 Γ例如心 明的各機制或動作可以分散至乡纟健 ^ 本發 驟及流程則依照第四圖所示的說明。 4丁,但其步 標準的DHCP租期時間所定義 動態主機配置協以_)文件RF= =,^間,請參考 了 t配置網路組態參數的有效期,但由於表 即打式回收網路組態參數的作 X月所如出的 ACRfc ::已配置網路組態參數的有效期不再是 禮是一次性的租期時間。 t間,而應 數不再是以—二M 網路組態參 有效,所以本發明提出一種g =用期間内為 當該用戶端從該網路組態參數舰器得到其網路組 19 Η. 1273793 : · .·· 上:..r_.二‘ .ί,·— 十… :芩數及包含此特殊值的租期時間,該用戶端可以明確知 這其所得到的租期時間為一次性的,而不再是代表一段日^ 間,一旦離線後,其網路組態參數會即時被網路組態表I 配置飼服器所回收,而下次該用戶端再次登入網路時,該 用戶端除了必須成功通過網路接取設備的連線認證機制^ 外,也必須重新啟始新的DHCP要求程序。 雖然本發明提出即時式網路組態參數回收袓 f義來配合即時式網路組態參數回收之方法,但不代“ 義不能與本發明之即時式網路組態參 m方法來配合運作,其原因是目前的DHCP用戶端會在 母久連接網路時,都會主動的發出DHCP確認 曰 己置伺,認其網路組態參數是否正確 ::戶:移動_,而使得之前所 已經不適用於新的地點了。 、、、心多數 所以目前的DHCP用戶端在重新連 網路組態參數配置飼服器確認其網路板能^ =疋會向 而此時如果網路組態參數配置伺服器, 法,而已經即時性的回收該用戶用本發明之方 以利用DHCP的訊息封包告知該用還是可 組態參數,例如發出一動態主機配放棄其售有的網路 (DHCP NACK packet),並且要求該罝賜定之拒絕訊息封包 DHCP組態要求動作。 ^用戶端重新啟始一新的 不過雖然目前的標準租期時% 發明之即時性網路組態參數回收I疋義還是可以配合本 去來執行,但是用戶端 20 % 萃‘月1修(更)正替換 間,是屬月:遏其所獲得的網路組態參數的租期時 1二;時_ 一次性的’所以本發明另外定義 本的而非一段時間的租期時間定義。 袓期時敗㈣式纟_ _參數回收及其 可以記錄儲存於光磾二=體:行方式來達成,該軟體 儲存媒體等。、$贿制、㈣切存雜、磁碟式 眘^上已針對本發明之具體實施例作-詳細說明,上說、 實際環境Ξ相=2= ’ f知本技術者當可針對用戶 想法者,皆應仍屬: 義之態錄时及其軸時間定 參數資源的更主對於網路組態 升,亦達到了即時式用官理工作得以大大的提 明在網路通訊產業:確實芩數回收的目的。本發 少性,實已符合專利^明2度的新穎性、實用性及進 申請之。僅請貴審杳委申請要件’並依法具文 矣感德便。 科審查,並祈早日賜准專利, 【圖式簡單說明】 第〆圖係為習知區域網路架構. 第二==til機配置蚊⑽⑻流程圖說明; #ί圖;、白且d蚪間方法執行網路組態參數回收的流 1273793 ir 修(更替迠 第四圖係為本發明之即時性網路組態參數回收方法流程 圖;及 第五圖係為網路組態參數回收動作的進階說明。 【主要元件符號說明】 用戶端通訊設備 10 路由器 12 DHCP伺服器 14 接取交換器 16 無線基地台 18 網際網路 20 認證伺服器 22 計帳伺服器 24 麯 22The ID 17 1 coffee 3 packet must also exist in the network configuration parameter configuration database of the network configuration parameter configuration server. In the present invention, the media access control address of the user terminal is mainly used (Media Access Control Address). : MAC) to define this user feature value. The user feature value definition can also be a composite combination, using a computer name or a user name plus a media access control address, etc., but the most important thing is that the user feature value must be present in the user's offline message content at the same time. And found in the network configuration parameter configuration database. • The network configuration parameter configuration server takes the user characteristic value of the offline user from the offline packet of the user, and then uses the user feature value as an index key to search the comparison network. The path configuration parameter configures the record on the network configuration parameter database of the server (S310C). Since the configuration information on the network configuration parameter database must also have this user feature value, this method can be used to find The network configuration parameters configured by this offline user. However, if you use Simple Network Management Protocol (SNMP) or System Log Counseling (SYSL0G) to transmit the user's offline message packet, the user's feature value will not be found on the packet, but on the packet. Recording the Internet access device address (IP address) and port number of the offline spring user, you can use the initial network connection authentication protocol user record poor information, connect the network The device address and the nickname are taken to obtain the feature value of the user, such as the media access control address (MAC address) of the user. After the comparison finds the offline user network group sorrow configuration record on the network configuration parameter configuration table, the network configuration parameter configuration server removes the record from the user configuration table or The release action 18 Μ 1273793, Lu: (^ 1 Π Λ · ~ - , , thus completed the purpose of the user network configuration moxibustion parameter recovery (S312). This is to achieve an instant network In the instant network description of the fourth and fifth diagrams, the mechanism and the protocol executed by each process are executed on the server. The mechanisms or actions of a single Γ Γ 心 分散 分散 分散 分散 ^ ^ ^ ^ ^ ^ ^ ^ ^ 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 4 4 4 In the _) file RF==, ^, please refer to the validity period of the t configuration network configuration parameters, but because the table is the type of the recovery network configuration parameters for the X month as the ACRfc:: configured network The validity period of the road configuration parameter is no longer a one-time lease time. t, and the number is no longer valid with the -2 M network configuration parameters, so the present invention proposes a g = during the period when the client obtains its network group from the network configuration parameter ship. 273. 1273793 : · .·· On: ..r_.二' . . . , 十 ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... It is one-time, and no longer represents a period of time. Once offline, its network configuration parameters will be immediately recovered by the network configuration table I configuration server, and the next time the user logs in again. In addition to the connection authentication mechanism of the device, the client must restart the new DHCP request procedure. Although the present invention proposes a method for real-time network configuration parameter recovery 配合f to match the real-time network configuration parameter recovery, it does not mean that it cannot cooperate with the instant network configuration method of the present invention. The reason is that the current DHCP client will actively send a DHCP confirmation when the mother is connected to the network for a long time, and confirm that the network configuration parameters are correct: User: Mobile_, and the previous It does not apply to new locations. Most of the current DHCP clients are reconnecting the network configuration parameters to configure the feeder to confirm that the network board can be ^^疋The parameter configuration server, method, and the instant recovery of the user using the party of the invention to use the DHCP message packet to inform the configurable parameter, such as issuing a dynamic host with abandoning the network it sold (DHCP) NACK packet), and requires the acknowledgment of the acknowledgment message packet DHCP configuration request action. ^ The client restarts a new one, although the current standard lease period Can be used in conjunction with the implementation, but the client 20% extract 'month 1 repair (more) positive replacement room, is the month: to suppress the lease of the network configuration parameters obtained by the company 1 2; Therefore, the present invention additionally defines the definition of the lease time rather than a period of time. The period of time is defeated (four) type 纟 _ _ parameter recovery and its record can be stored in the light 磾 two = body: line way to achieve, the software storage The media, etc., the bribe system, the (four) cut-and-storage, and the disc-type caution have been made for the specific embodiment of the present invention - a detailed description, the actual environment = phase = 2 = ' f know the technology can be For the user's idea, it should still be: The righteousness of the record and its axis time parameter resources are more important for the network configuration, and it also achieves the instant use of the official work can be greatly clarified in the network communication industry. : The purpose of recycling is indeed. The nature of this issue is small, and it has already met the novelty, practicability and application of the patent. 2 Please apply for the requirements of the review committee only. Review, and pray for patents as soon as possible, [Simple diagram] The first map is a habit Know the regional network architecture. The second == til machine configuration mosquito (10) (8) flow chart description; #ί图;, white and d蚪 method to perform network configuration parameter recovery flow 1273793 ir repair (replace the fourth picture is The flow chart of the instant network configuration parameter recovery method of the present invention; and the fifth figure is an advanced description of the network configuration parameter recovery action. [Main component symbol description] User terminal communication device 10 Router 12 DHCP server 14 Access switch 16 wireless base station 18 internet 20 authentication server 22 accounting server 24 song 22

Claims (1)

12737931273793 ΜΜ 十、申請專利範圍: 1.,種即時式網路組態參數回收之方法,係由複數個用戶 端設備透過一網路組悲爹數配置伺服器以取得並回收 其網路組態參數的方法,該方法包括: 執行-特定祕賴賴機,係錄侧路接取設 備用來驗證該些用戶端身分以及偵_㈣戶端 離線的機制; 執行-較用戶齡減傳顧制,係触網路接取 設備用來傳送該些用戶端離線訊息的機制; 執行-動態主機配置協定的網路組g參數配㈣服 器,係負責配置該些用戶⑨網路纟讀參數以及在該 些用戶離糾’回收該,戶端所配置賴路組態 參數;以及X. Patent application scope: 1. A method for real-time network configuration parameter recovery, which is obtained by a plurality of user equipments through a network group sorrow number configuration server to obtain and recover network configuration parameters. The method comprises the following steps: performing a specific secret-receiving device, and using a system for verifying the user identity and detecting the offline status of the user terminal; The network access device is configured to transmit the offline information of the user terminals; the network group g parameter (four) server that executes the dynamic host configuration protocol is configured to configure the user 9 network read parameters and Some users are away from the rectification, and the configuration parameters configured by the client are configured; 當該網路組態參數配置伺服器收_麵戶端_ 線訊息之後’湘一用戶特徵值的方絲比對賴 路組態參數㈣庫’找㈣聽、_戶顧的網路 、组態翏數之後’再將之進行回收之動作。 專利第!項所述之即時式網路組態參數回收 之方法,係可應用於IPv4或㈣的網路環境。 專利範圍第i項所述之即時式網㈣態參數回收 ’其中該些纟鹏接取設備料網路交換器或無線 專利範圍第丨項所述之即時式網路组態參數回收 =,其中該特定網路連接認證機制係為網路連接蜂 存取控制協定⑽2.1x)UMh^(Web_1〇gin) 23 1273793 機制。 攀 爵修(更;正替換頁 5·如申請專利範圍第1項所述之即時式網路組態參數回收 之方法’其中該特定用戶離線訊息傳送機制係為傳送離 線用戶的用戶特徵值給該網路組態配置伺服器。When the network configuration parameter configuration server receives the _ _ _ _ line message after the 'Xiangyi user eigenvalue of the square wire than the Lai road configuration parameters (four) library 'to find (four) listen, _ household network, group After the state number, the action of recycling it again. Patent number! The method for real-time network configuration parameter recovery described in the item can be applied to the IPv4 or (4) network environment. The instant type network (four) state parameter recovery mentioned in item i of the patent scope 'the instant network configuration parameter recovery of the equipment exchange network device or the wireless patent scope item =, wherein The specific network connection authentication mechanism is a network connection bee access control protocol (10) 2.1x) UMH^(Web_1〇gin) 23 1273793 mechanism.攀爵修 (more; is replacing the method of instant network configuration parameter recovery as described in claim 1 of the patent application scope), wherein the specific user offline message transmission mechanism is to transmit the user characteristic value of the offline user to The network configuration configures the server. 6·如申請專利範圍第1項所述之即時式網路組態參數回收 之方法,其中該特定用戶離線訊息傳送機制係為遠程訪 問撥入用戶服務的計帳協定(RADIUS ACCOUNTING ptotocol)或是終端存取控制器存取控制系統(tacas ACCOUNTING PROTOCOL)。 7·如申請專利範圍帛1項戶斤述之即時式網路組態參數回收參 ,方法,其中特定用戶離線訊息傳送機制係為簡易網路 管理協定(Simple Network Management Pr〇t〇c〇1)或是系 統日諸協定(SYSLOG Pr0t0C0l),並配合網路連接認證機 制來得到該用戶特徵值。 8. 如申請專職圍第丨項所述之㈣式網路組態參數回收6. The method for real-time network configuration parameter recovery as described in claim 1, wherein the specific user offline messaging mechanism is a remote access dial-in user service accounting protocol (RADIUS ACCOUNTING ptotocol) or Terminal access controller access control system (tacas ACCOUNTING PROTOCOL). 7. If the scope of the patent application is 帛1, the real-time network configuration parameter recovery parameter is described, and the specific user offline message transmission mechanism is a simple network management protocol (Simple Network Management Pr〇t〇c〇1) ) or the system day agreement (SYSLOG Pr0t0C0l), and the network connection authentication mechanism to obtain the user feature value. 8. If you apply for the (4) network configuration parameter recovery described in the full-time sub-paragraph 其中該動態主機配置協定機制係為動態主機配 置協疋(Dynamic Host ConfigUrati〇n Pr〇t〇c〇i)。 9. :二:專=圍第!項所述之即時式網路組態 =法,其中該用戶特徵值係為至少—個用戶端參數所 10. 如申請專利範圍第i項所述之即 收之方法,其中所執行的機制,可以2、:, 回 上來執行,或是分散於多台伺服器來g於单台祠服器 11. 如申請專利範圍第i項所述之 τ。 收之方法,係细—軟體程式達成者Χ。姆組態參數回 24 一‘ -一.’· ..............’ 1273793 手月圖 _ j 12.如申請專利範圍第10項所述之即時式網路組態參數回 收之方法,其中該軟體程式係儲存於一儲存媒體内。 13. 如申請專利範圍第11項所述之即時式網路組態參數回 收之方法,其中該儲存媒體係為光碟儲存媒體、快閃式 儲存媒體或是磁碟式儲存媒體。 14. 一種即時式網路組態參數回收租期時間定義之方法,係 為複數個用戶端用來判斷所取得的網路組態參數的有 效期,當租期時間等於一特定值,表示該用戶端所取得 的網路組態參數的有效期為本次的使用期間内有效。The dynamic host configuration protocol mechanism is Dynamic Host ConfigUrati〇n Pr〇t〇c〇i. 9. : Two: Special = Wai! The instant network configuration=method described in the item, wherein the user characteristic value is at least one client parameter. 10. The method according to claim i, wherein the implemented mechanism, Can be 2,:, back up to execute, or spread across multiple servers to g to a single server 11. As described in the scope of claim i. The method of receiving is the fine-software program achiever. M configuration parameters back to 24 a '-a.'. ..............' 1273793 hand-month diagram _ j 12. The instant-type network as described in claim 10 A method of configuring parameter recovery, wherein the software program is stored in a storage medium. 13. The method of real-time network configuration parameter recovery according to claim 11, wherein the storage medium is a disc storage medium, a flash storage medium or a disk storage medium. 14. A method for real-time network configuration parameter recovery lease time definition, which is used by a plurality of users to determine the validity period of the obtained network configuration parameter, and when the lease time is equal to a specific value, the user is represented. The validity period of the network configuration parameters obtained by the terminal is valid for the current usage period. 25 Ϊ273793 ^9? 47TS ~ 年1月日修(更)正替換頁 七、指定代表圖: (一) 本案指定代表圖為:第(四)圖。 (二) 本代表圖之元件符號簡單說明: (本代表圖係為流程圖故無元件代表符號) 1 八、本案若有化學式時,請揭示最能顯示發明特徵的化學式:·25 Ϊ 273793 ^ 9? 47TS ~ January 1st (more) replacement page VII. Designated representative map: (1) The representative representative of the case is: (4). (2) A brief description of the symbol of the representative figure: (This representative figure is a flow chart, so there is no component symbol.) 1. If there is a chemical formula in this case, please disclose the chemical formula that best shows the characteristics of the invention:
TW94103076A 2005-02-01 2005-02-01 Method for retrieving real-time network configuration parameters and lease time definition TWI273793B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW94103076A TWI273793B (en) 2005-02-01 2005-02-01 Method for retrieving real-time network configuration parameters and lease time definition

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW94103076A TWI273793B (en) 2005-02-01 2005-02-01 Method for retrieving real-time network configuration parameters and lease time definition

Publications (2)

Publication Number Publication Date
TW200629797A TW200629797A (en) 2006-08-16
TWI273793B true TWI273793B (en) 2007-02-11

Family

ID=38621662

Family Applications (1)

Application Number Title Priority Date Filing Date
TW94103076A TWI273793B (en) 2005-02-01 2005-02-01 Method for retrieving real-time network configuration parameters and lease time definition

Country Status (1)

Country Link
TW (1) TWI273793B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104519145A (en) * 2013-09-26 2015-04-15 华为技术有限公司 An address resource managing method, system and DHCP server
CN105991782A (en) * 2015-02-04 2016-10-05 北京神州泰岳软件股份有限公司 IP address management method and apparatus

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104519145A (en) * 2013-09-26 2015-04-15 华为技术有限公司 An address resource managing method, system and DHCP server
CN105991782A (en) * 2015-02-04 2016-10-05 北京神州泰岳软件股份有限公司 IP address management method and apparatus
CN105991782B (en) * 2015-02-04 2019-05-21 北京神州泰岳软件股份有限公司 A kind of method and apparatus of management IP address

Also Published As

Publication number Publication date
TW200629797A (en) 2006-08-16

Similar Documents

Publication Publication Date Title
EP2136508B1 (en) A method and system for network access
Droms et al. Dynamic host configuration protocol for IPv6 (DHCPv6)
CN101127600B (en) A method for user access authentication
US7680878B2 (en) Apparatus, method and computer software products for controlling a home terminal
WO2004032421A1 (en) A method for adding devices to management system
US20120324567A1 (en) Method and Apparatus for Home Network Discovery
CN101395852B (en) Method and system for implementing configuration management of devices in network
WO2004051927A1 (en) Method and system for cluster managing of network facilities
WO2008138242A1 (en) Management method, apparatus and system of session connection
CN101471936A (en) Method, device and system for establishing IP conversation
US8769623B2 (en) Grouping multiple network addresses of a subscriber into a single communication session
CN106301847B (en) Access point interface configuration recovery method and device and home gateway
CN101656712B (en) Method for recovering IP session, network system and network edge device
CN103067337A (en) Identity federation method, identity federation intrusion detection & prevention system (IdP), identity federation service provider (SP) and identity federation system
CN106686592B (en) Network access method and system with authentication
WO2009079895A1 (en) Method for allocating a secondary ip address based on dhcp access authentication
WO2019237683A1 (en) Protocol packet, and method for managing virtual client terminal device
Bound et al. RFC3315: Dynamic host configuration protocol for IPv6 (DHCPv6)
WO2010000157A1 (en) Configuration method, device and system for access device
JP2001326696A (en) Method for controlling access
WO2010111922A1 (en) Method and apparatus for obtaining address of video transmission management server
JP2010283553A (en) Network management method based on kind of equipment, network management device, program
JP4028421B2 (en) Voice communication gate device address management method, management device, and program
TWI273793B (en) Method for retrieving real-time network configuration parameters and lease time definition
WO2009079896A1 (en) User access authentication method based on dynamic host configuration protocol