WO2011147334A1 - Procédé, dispositif et système pour fournir un service de réseau privé virtuel - Google Patents

Procédé, dispositif et système pour fournir un service de réseau privé virtuel Download PDF

Info

Publication number
WO2011147334A1
WO2011147334A1 PCT/CN2011/075208 CN2011075208W WO2011147334A1 WO 2011147334 A1 WO2011147334 A1 WO 2011147334A1 CN 2011075208 W CN2011075208 W CN 2011075208W WO 2011147334 A1 WO2011147334 A1 WO 2011147334A1
Authority
WO
WIPO (PCT)
Prior art keywords
vpn
request message
parameter
access device
access
Prior art date
Application number
PCT/CN2011/075208
Other languages
English (en)
Chinese (zh)
Inventor
雷文阳
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2011147334A1 publication Critical patent/WO2011147334A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, device, and system for providing a virtual private network service. Background technique
  • Virtual Private Network is defined as a network that provides multiple logical networks on an existing single physical network. These logical networks are isolated from each other, and data traffic in one logical network does not enter another logical network.
  • VPN Virtual Private Network
  • BGP Layer 2 VPN services
  • MPLS Multi-Protocol Label Switching
  • BGP/MPLS Layer 3 VPN services BGP/MPLS Layer 3 VPN services. In the prior art, these services are enabled.
  • the process is as follows: The customer determines the VPN attribute information of the VPN service, including the number of sites, the location of the site, the traffic demand, the bandwidth requirement, etc., by the on-site communication with the basic network operator, and then the departments of the basic network operator (such as planning, network management, and accounting). Coordinating with each other The network planning and accounting schemes of the VPN service determine the VPN configuration parameters of the service provider's edge devices. Then, the network administrators of the basic network operators manually configure the VPN configuration parameters to the service provider edge devices. The network operator will notify the customer that the VPN service has been activated, and the service provider edge device can access the VPN to the customer.
  • Embodiments of the present invention provide a method, device, and system for providing a virtual private network service.
  • a method for providing a virtual private network service including: receiving a request message sent by an access device to access a virtual private network VPN, where the request message carries authentication information;
  • the VPN configuration parameter of the access device is globally allocated, and the VPN configuration parameter is sent to the access device.
  • a method for providing a virtual private network service including: an access device receiving a request message sent by a site to access a virtual private network VPN, where the request message carries authentication information;
  • a backend device comprising: a receiving request message unit, configured to receive a request message sent by an access device to request access to a virtual private network VPN, where the request message carries authentication information; and an authentication unit, configured to perform the authentication according to the The information is used to authenticate the request message; the allocating unit is configured to globally allocate the VPN configuration parameter of the access device after the request message is authenticated;
  • a sending parameter unit configured to send the VPN configuration parameter to the access device.
  • An access device comprising: a receiving unit, configured to receive, by the access device, a request message sent by the station to access the virtual private network VPN, where the request message carries the authentication information;
  • Sending a request message unit configured to send the request message to a backend device
  • a configuration unit configured to receive a VPN configuration parameter sent by the backend device, and perform configuration according to the VPN configuration parameter.
  • a system for providing a virtual private network service comprising: the foregoing back end device and the foregoing access device.
  • the process performed by the backend device is: authenticating the request message for requesting access to the VPN by the site, and assigning the VPN configuration parameter of the access device after the authentication is passed, and transmitting the VPN configuration parameter to the access device. Therefore, the entire process performed by the back-end device does not need to be manually operated, and the configuration parameter can be sent to the access device, so that the access device can quickly access the site to the VPN.
  • Embodiment 1 is a schematic flowchart of Embodiment 1 of a method for providing a virtual private network service according to an embodiment of the present invention
  • Embodiment 2 is a schematic flowchart of Embodiment 2 of a method for providing a virtual private network service according to an embodiment of the present invention
  • Embodiment 3 is a schematic flowchart of Embodiment 3 of a method for providing a virtual private network service according to an embodiment of the present invention
  • Embodiment 4 is a schematic flowchart of Embodiment 4 of a method for providing a virtual private network service according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram showing the logical structure of the fifth embodiment of the backend device in the embodiment of the present invention
  • FIG. 6 is a schematic diagram showing the logical structure of the sixth embodiment of the access device according to the embodiment of the present invention
  • Embodiments of the present invention provide a method for providing a virtual private network service. Embodiments of the present invention also provide corresponding devices and systems. The details are described below separately.
  • Embodiment 1 Referring to FIG. 1 , an embodiment of a method for providing a virtual private network service in an embodiment of the present invention includes:
  • the basic network operator Before the basic network operator provides VPN services to the site, the basic network operator must complete the network connectivity configuration and network tunnel configuration of all access devices in the basic network.
  • the OSPF Open Shortest Path First
  • the access device is configured with an MPLS tunnel
  • the BGP is enabled with the VPN technology.
  • the access device When the site needs to access the VPN, that is, when the site needs to open the VPN service, the access device receives the request message for the site requesting access to the VPN, and the request message carries the authentication information, and the access device sends the request message to the user. End device.
  • the request message is typically sent to the access device through an edge device located at the site. It should be noted that the access device is usually located at the edge of the carrier's basic network. Generally, a customer has multiple sites that require access to the VPN.
  • the backend device After receiving the request message of the site requesting access to the VPN, the backend device authenticates the request message according to the authentication information. .
  • the backend device can allocate the VPN configuration parameter of the access device, and then send the VPN configuration parameter to the access device, so that the access device can follow the Configure the parameters to complete the configuration and add the site to the VPN.
  • the process performed by the backend device is: authenticating the request message for requesting access to the VPN by the site, and assigning the VPN configuration parameter of the access device after the authentication is passed, and transmitting the VPN configuration parameter to the access device, thereby It can be seen that the entire process does not need to be manually operated, and the configuration parameters are automatically sent to the access device, so that the access device joins the site to the VPN.
  • Embodiment 2 Referring to FIG. 2, another embodiment of the method for providing a virtual private network service according to the embodiment of the present invention includes:
  • the basic network operator usually provides a VPLS with private attribute information according to the requirements of the user.
  • the VPLS attribute information includes the VPLS traffic type, the maximum number of sites allowed to access the VPLS, the access bandwidth, and so on.
  • Users can provide VPLS attribute information to the basic network operator in various ways, such as face-to-face communication, phone calls, fax, and so on.
  • the user can provide attribute information to the basic network operator by itself, specifically:
  • the user can send a VPLS service request to the backend device.
  • the VPLS service request carries the VPLS attribute information.
  • the backend device globally assigns a unique identifier to the VPLS attribute information and saves the VPLS attribute information.
  • the VPLS service application message It should be noted that the unique identifier that the backend device globally assigns to the VPLS attribute information is an integer such as 32bits or 64bits.
  • the user can directly send a VPLS service request to the back-end device, so that the back-end device obtains the VPLS attribute information, and the VPLS service request is sent to the front-end device, and then the front-end device sends the VPLS attribute information.
  • the front-end device feeds back to the user a message that the VPLS service request has been accepted, for example,
  • the front-end device can be the user's computer.
  • the user can log in to the VPLS service platform of the VPLS service application to apply for the VPLS service.
  • the user can also input the required VPLS attribute information on the WEB service platform.
  • the back-end device can also provide the user with a VPLS access pass, such as the username and password for connecting to the VPLS.
  • a VPLS access pass such as the username and password for connecting to the VPLS.
  • the username and password for connecting to the VPLS can also be entered by the user on the WEB service platform of the VPLS service application.
  • the username and password for connecting to the VPLS are also carried in the VPLS service request, regardless of the username and password of the VPLS connected to the backend device or the username and password of the VPLS connection provided by the backend device to the user. They are stored in the authentication table, and their identifiers in the authentication table correspond to the identification of the attribute information of the VPLS.
  • the site runs an 802.1x client to send a request message for the site requesting access to the VPLS to the access device, and the request message carries the connection entered by the user using the site on the 802.1x client.
  • VPLS username and password It should be noted that the 802.1x client is usually located on the edge device of the site.
  • the access device acting as the Radius client forwards the request message to the backend device in the form of an AAA authentication packet.
  • the end device uses the AAA server system, and the AAA server authenticates the AAA authentication packet.
  • the 802.1x client is a type of VPN dial-up client.
  • the AAA server parses the username and password of the VPLS connection entered by the user using the site on the 802.1x client from the received AAA authentication data packet, and resolves the username and password of the VPLS connection and the pre-existing authentication of the backend device.
  • the username and password for connecting to the VPLS in the table are authenticated.
  • the back-end device finds the attribute information of the VPLS according to the identifier of the user name and password of the VPLS in the authentication table, and determines whether the attribute information of the VPLS can be authenticated, for example, The end device can check whether the number of sites currently accessing the VPLS has exceeded the maximum number of sites allowed to access the VPLS. Whenever one site successfully accesses the VPLS, the counter in the backend device is incremented by 1. If the data in the counter is No more than allowed The maximum number of sites accessing the VPLS is authenticated by the attribute information of the backend device. If the data in the counter exceeds the maximum number of sites allowed to access the VPLS, the device sends a failure message to the site.
  • the back-end device After the attribute information of the back-end device is authenticated, the back-end device globally allocates the VPLS configuration parameters of the access device. For example, the back-end device globally allocates unique route target parameters (RT, Route Target) and route specifier parameters for the access device. (RD, Route Distinguisher ),
  • RD is an 8-byte number, usually expressed in the form of 100:100, indicating that the first 4 bytes are 100 and the last 4 bytes are 100.
  • Each VPN must have a unique RD, for example, the back end.
  • the device can set the value of the first assigned RD to 100:101 based on 100:100, the value of the second allocated RD to 100:102, and so on. There is also a way to allocate RD:
  • the access device can also preset the base of 100:100. When the backend device allocates RD for the first time, it only assigns a value of 4, and then sends the parameter 4 to the access device. When the device gets 4 plus the base, the RD value is 100:104.
  • the allocation method of RD and RT is the same, and will not be described again.
  • the back-end device can also allocate the VPLS configuration parameters globally after the site successfully applies for the VPLS service. After the attribute information of the back-end device passes the authentication, the back-end device can extract the previously assigned VPLS configuration parameters.
  • the back-end device uses the AAA server system to configure the VPLS configuration parameters (such as the route target parameter and the route specifier parameter) as the packet payload based on the Radius protocol, and sends the configuration to the access device through the Radius protocol, so that the access device can receive these configurations. You can perform the configuration on the access device and add the site to the VPLS to allow the site to access the VPLS through the access device. Since the AAA server system has a charging function, when the site accesses the VPLS, the back-end device can start charging using the AAA server system.
  • the VPLS configuration parameters such as the route target parameter and the route specifier parameter
  • the backend device may use the AAA server system to use the access bandwidth parameter together with the route target parameter and the route specifier parameter as the Radius protocol-based report.
  • the payload is sent to the access device through the Radius protocol.
  • the access device can configure the upper limit bandwidth and limit the network speed on the access of the connected site.
  • the user who uses the site can also modify the attribute information of the VPLS, for example, The user who uses the site logs in to the WEB service platform that modifies the required VPLS attribute information through the computer, and increases the maximum number of access sites or access bandwidth in the attribute information that is allowed to access the VPLS.
  • the backend device receives the modified version sent by the computer. After the attribute information, the modified attribute information is used as the packet payload based on the Radius protocol by the AAA server system, and is sent to the access device through the Radius protocol.
  • the user can provide the required information to the backend device by sending a service request.
  • the attribute information of the VPN improves the efficiency of the VPN service provided by the basic network operator, and the user can change the attribute information at any time during the running of the VPN, thereby increasing the flexibility of the VPN service.
  • the statistical multiplexing ratio enables the basic network operator's basic network to be fully utilized.
  • the method for providing the virtual private network service in the embodiment of the present invention is described above from the perspective of the back-end device.
  • the method for providing the virtual private network service in the embodiment of the present invention is described below from the perspective of the access device.
  • Embodiment 3 Referring to FIG. 3, another embodiment of a method for providing a virtual private network service in the embodiment of the present invention includes:
  • This example takes the VPLS service provided by the basic network operator as an example.
  • the site When a site accesses the VPLS, the site runs an 802.1x client installed on the edge device of the site to send a request message carrying the authentication information to the access device.
  • the access device receives the request message, it is equivalent to Received information about the site requesting access to the VPLS.
  • the access device forwards the request message to the backend device.
  • the backend device may generate a VPLS configuration parameter of the access device: a route target parameter and a route specifier parameter, and will include The packets of the configuration parameters are sent to the carrier edge device.
  • the access device receives the route target parameter and the route specifier parameter sent by the backend device, and the access device allocates the virtual switch instance resource locally, and then configures the received route target parameter and the route specifier parameter to the allocated virtual switch. Instance and join the 802.1x port to the virtual switch instance. At this point, the access device connects the site to the VPLS.
  • the access device may receive the configuration parameters of the VPN from the backend device, according to
  • the configuration parameters are configured to connect the site to the VPN.
  • the entire process does not require the manual operation of the network administrator, which improves the efficiency of the VPN service provided by the basic network operator.
  • the BGP/MPLS Layer 3 VPN service is provided by the basic network operator as an example to describe the interaction process between the back-end device and the access device in a specific application scenario.
  • Embodiment 4 Referring to FIG. 4, another embodiment of a method for providing a virtual private network service in the embodiment of the present invention includes:
  • the user requests to access the virtual private network.
  • the user sends a BGP/MPLS Layer 3 VPN service request to the front-end device.
  • the front-end device sends the BGP/MPLS Layer 3 VPN attribute information to the back-end device.
  • the front-end device After receiving the response from the back-end device, the front-end device sends the request to the user.
  • the feedback has accepted the message of BGP/MPLS Layer 3 VPN service application.
  • the BGP/MPLS Layer 3 VPN attributes must be the same as the VPLS attribute information. However, the BGP/MPLS Layer 3 VPN attributes must carry the access IP address pool information and the loopback IP address pool information.
  • the station sends a request message.
  • the pppoe client installed on the edge device of the site runs a request message to the operator edge device, and the request message carries the user who uses the site.
  • the carrier edge device which is the Radius client, then forwards the request message to the backend device in the form of an AAA authentication packet.
  • the backend device uses the AAA server system, and the AAA server authenticates the AAA authentication packet.
  • the pppoe client is another type of VPN dial-up client.
  • the backend device performs authentication
  • the AAA server parses out the username and password of the BGP/MPLS Layer 3 VPN connected to the pppoe client from the received AAA authentication packet, and resolves the username and password of the BGP/MPLS Layer 3 VPN.
  • the password and the username and password of the BGP/MPLS Layer 3 VPN connected to the authentication table of the pre-existing device are authenticated, and the authentication process is encrypted transmission.
  • the backend device sends configuration parameters.
  • the backend device After passing the authentication, globally allocates the VPN configuration parameters of the access device.
  • the backend device After passing the authentication, globally allocates the VPN configuration parameters of the access device.
  • the backend device globally allocates a route target parameter and a route specifier parameter.
  • the back-end device After the back-end device globally allocates the route target parameter and the route specifier parameter, the back-end device sends the route target parameter and the route specifier parameter to the packet payload based on the Radius protocol through the AAA server system, and sends the packet to the access device through the Radius protocol. Enables the access device to join the BGP/MPLS Layer 3 VPN to the site.
  • the access device is configured according to configuration parameters.
  • the access device After receiving the route target parameter and the route specifier parameter sent by the backend device, the access device allocates the VPN route forwarding table resource locally, and then configures the route target parameter and route specifier parameter of the received BGP/MPLS Layer 3 VPN. To the assigned VPN routing forwarding table, create a ppp interface locally, add the ppp interface to the VPN routing forwarding table, and enable the RIP routing protocol on the ppp interface. The access device connects the site to the BGP/MPLS Layer 3 VPN.
  • the access device sends a message that can access the virtual private network.
  • the access device sends a message to the edge device at the site that can access the VPN.
  • the backend device can automatically send the VPN configuration parameter of the access device to the access device, and the access device can receive the VPN configuration parameter from the backend device, configure according to the VPN configuration parameter, and quickly make the site Accessing the VPN, the entire network operator's entire process of providing virtual private network services does not require manual operation by network administrators, which improves efficiency.
  • the back-end device includes:
  • the receiving request message unit 501 is configured to receive, by the access device, a request message for requesting access to the virtual private network VPN, where the request message carries the authentication information;
  • the authentication unit 502 is configured to authenticate the request message according to the authentication information, where the authentication information may be a username and a password for connecting to the virtual private network, and the authentication unit 502 may use the AAA server system to authenticate the request message according to the username and the password.
  • the allocating unit 503 is configured to globally allocate VPN configuration parameters of the access device after the request message is authenticated;
  • the sending parameter unit 504 is configured to send the VPN configuration parameter to the access device.
  • the service application unit 505 is configured to receive a VPN service request request message, where the VPN service request request message carries VPN attribute information, assigns a unique identifier to the VPN attribute information, and saves the VPN attribute information.
  • the access device in this embodiment may further have the following features:
  • the determining unit 506 is configured to: after the request message passes the authentication, determine whether the site currently accessing the VPN exceeds the maximum number of sites allowed to access the VPN, and if yes, feed back a failure message to the site, and if not, allocate the access device globally
  • the VPN configuration parameter sends the VPN configuration parameters to the access device.
  • the judging unit 506 extracts the maximum number of stations that are allowed to access the VPN from the attribute information of the VPN.
  • the allocating unit 503 can globally allocate the routing target parameter and the routing specifier parameter; the sending parameter unit 504 sets the VPN attribute information, the routing destination, and the routing specifier.
  • the device sends the packet to the access device through the Radius protocol. After receiving the packet from the Radius protocol, the access device allows the site to access the VPN.
  • the access device in the embodiment of the present invention is described below.
  • Embodiment 6 Referring to FIG. 6, an embodiment of the access device in the embodiment of the present invention includes:
  • the receiving unit 601 is configured to receive, by the access device, a request message sent by the station to request access to the virtual private network VPN, where the request message carries the authentication information;
  • the configuration unit 603 is configured to receive the VPN configuration parameter sent by the backend device, and configure according to the VPN configuration parameter.
  • the configuration unit 603 can locally allocate the virtual switch instance resource. Configure the virtual switch instance according to the route target parameter and the route specifier parameter, and then add the 802.1x port to the virtual switch instance.
  • the access device connects the site to the VPN.
  • an embodiment of a system for providing a virtual private network service in the embodiment of the present invention includes:
  • the backend device 701 may be a series of devices that run VPN management management functions, including Web service functions for accepting VPN service requests; including global resource management functions, such as global allocation of VPN configuration parameters (such as globally assigning unique RD/RT parameters). And sending the VPN configuration parameter to the access device 702; and further including an access management function, such as maintaining the number of the uplink site of the VPN, recording the status of the online site; and including the authentication and charging function, authenticating the online site according to the user name and password, Counting traffic to the on-line sites to implement billing functions.
  • VPN management management functions including Web service functions for accepting VPN service requests; including global resource management functions, such as global allocation of VPN configuration parameters (such as globally assigning unique RD/RT parameters). And sending the VPN configuration parameter to the access device 702; and further including an access management function, such as maintaining the number of the uplink site of the VPN, recording the status of the online site; and including the authentication and charging function, authenticating the online site according to the user name and password, Counting traffic to the on-line sites
  • the access device 702 can send a request message for requesting access to the VPN of the sending station to the back end device 701, configure according to the VPN configuration parameter sent by the backend device 701, and connect the station to the VPN.
  • backend device 701 in this embodiment may be the same as the backend device shown in FIG. 5, and the access device 702 in this embodiment may be the same as the access device shown in FIG. I will not repeat them here.
  • the system for providing virtual private network services further includes: a VPN dial-in device 703, and may also include a head-end device 704.
  • the front-end device 704 is configured to run a personal computer device installed with the WEB service platform, and the user uses the front-end device 704 device to perform an application operation of the VPN service.
  • a program instructing related hardware may be stored in a computer readable storage medium, and the storage medium may include: a ROM, a RAM, a magnetic disk or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Les modes de réalisation de la présente invention portent sur un procédé pour fournir un service de réseau privé virtuel, et les modes de réalisation de la présente invention portent également sur un dispositif et un système correspondants. Dans les modes de réalisation de la présente invention, un dispositif dorsal exécute la procédure suivante : authentification d'un message de requête qui demande d'accéder à un réseau privé virtuel (VPN) à partir d'un site, et attribution globale des paramètres de configuration de VPN du dispositif d'accès lorsque l'authentification réussit, et transmet desdits paramètres de configuration de VPN au dispositif d'accès. En conséquence, la procédure entière n'implique aucune opération manuelle, et la distribution automatique des paramètres de configuration au dispositif d'accès est mise en œuvre, si bien que le dispositif d'accès pourrait amener le site à accéder au VPN rapidement.
PCT/CN2011/075208 2010-11-30 2011-06-02 Procédé, dispositif et système pour fournir un service de réseau privé virtuel WO2011147334A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010566397.2 2010-11-30
CN201010566397.2A CN102480403B (zh) 2010-11-30 2010-11-30 提供虚拟私有网业务的方法、设备和系统

Publications (1)

Publication Number Publication Date
WO2011147334A1 true WO2011147334A1 (fr) 2011-12-01

Family

ID=45003331

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/075208 WO2011147334A1 (fr) 2010-11-30 2011-06-02 Procédé, dispositif et système pour fournir un service de réseau privé virtuel

Country Status (2)

Country Link
CN (1) CN102480403B (fr)
WO (1) WO2011147334A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016026124A1 (fr) * 2014-08-21 2016-02-25 华为技术有限公司 Procédé, dispositif et système de commande d'accès au réseau sans fil
WO2022155233A1 (fr) * 2021-01-13 2022-07-21 Cisco Technology, Inc. Travailleur à distance à base d'itinérance ouverte

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102984045B (zh) * 2012-12-05 2019-04-19 网神信息技术(北京)股份有限公司 虚拟专用网的接入方法及虚拟专用网客户端
CN106302428B (zh) * 2016-08-09 2019-09-17 新华三技术有限公司 一种加密级别的自动部署方法和装置
CN107005603A (zh) * 2016-08-30 2017-08-01 深圳前海达闼云端智能科技有限公司 用于ip地址分配的方法、装置、系统和计算机程序产品

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1725723A (zh) * 2005-06-15 2006-01-25 杭州华为三康技术有限公司 提高虚拟专用网用户安全性的方法及系统
CN101159750A (zh) * 2007-11-20 2008-04-09 杭州华三通信技术有限公司 一种身份认证方法和装置
CN101212374A (zh) * 2006-12-29 2008-07-02 北大方正集团有限公司 实现校园网资源远程访问的方法和系统

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8566925B2 (en) * 2006-08-03 2013-10-22 Citrix Systems, Inc. Systems and methods for policy based triggering of client-authentication at directory level granularity

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1725723A (zh) * 2005-06-15 2006-01-25 杭州华为三康技术有限公司 提高虚拟专用网用户安全性的方法及系统
CN101212374A (zh) * 2006-12-29 2008-07-02 北大方正集团有限公司 实现校园网资源远程访问的方法和系统
CN101159750A (zh) * 2007-11-20 2008-04-09 杭州华三通信技术有限公司 一种身份认证方法和装置

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016026124A1 (fr) * 2014-08-21 2016-02-25 华为技术有限公司 Procédé, dispositif et système de commande d'accès au réseau sans fil
US10448317B2 (en) 2014-08-21 2019-10-15 Huawei Technologies Co., Ltd. Wireless network access control method, device, and system
US11184770B2 (en) 2014-08-21 2021-11-23 Huawei Technologies Co., Ltd. Wireless network access control method, device, and system
US11765587B2 (en) 2014-08-21 2023-09-19 Huawei Technologies Co., Ltd. Wireless network access control method, device, and system
WO2022155233A1 (fr) * 2021-01-13 2022-07-21 Cisco Technology, Inc. Travailleur à distance à base d'itinérance ouverte
US11496337B2 (en) 2021-01-13 2022-11-08 Cisco Technology, Inc. Openroaming based remote worker

Also Published As

Publication number Publication date
CN102480403B (zh) 2014-12-10
CN102480403A (zh) 2012-05-30

Similar Documents

Publication Publication Date Title
CN103580980B (zh) 虚拟网络自动发现和自动配置的方法及其装置
EP2040431B1 (fr) Système et procédé pour accès multiservice
US9553846B2 (en) Method and system for realizing virtual network
US20140230044A1 (en) Method and Related Apparatus for Authenticating Access of Virtual Private Cloud
US20130205025A1 (en) Optimized Virtual Private Network Routing Through Multiple Gateways
US10454880B2 (en) IP packet processing method and apparatus, and network system
EP3732833B1 (fr) Permettre des services d'itinérance à large bande
AU2014261983B2 (en) Communication managing method and communication system
EP3493483A1 (fr) Procédé d'accès à large bande virtuel, unité de commande et système
US20130227673A1 (en) Apparatus and method for cloud networking
WO2013007158A1 (fr) Procédé permettant à un nuage privé virtuel d'accéder à un réseau, dispositif côté réseau, et dispositif de centre de données.
CN101711031B (zh) 一种本地转发中的Portal认证方法和接入控制器
WO2017166936A1 (fr) Procédé et dispositif pour mettre en œuvre une gestion d'adresse, et serveur aaa et dispositif de commande de sdn
US9787691B2 (en) Classification of unauthenticated IP users in a layer-2 broadband aggregation network and optimization of session management in a broadband network gateway
CN103166909B (zh) 一种虚拟网络系统的接入方法、装置和系统
WO2011140919A1 (fr) Procédé, dispositif, serveur et système permettant d'accéder à un réseau de vente de services en gros
WO2014029367A1 (fr) Procédé, dispositif et système de configuration dynamique
WO2011120257A1 (fr) Procédé et système pour un contrôle d'admission de ressources d'un réseau domestique
WO2011147334A1 (fr) Procédé, dispositif et système pour fournir un service de réseau privé virtuel
WO2011072583A1 (fr) Procédé d'accès utilisateur, système et serveur d'accès, dispositif d'accès
WO2021031465A1 (fr) Procédé et système d'authentification de dispositif basés sur un réseau sd-wan
WO2013020267A1 (fr) Procédé, système et dispositif d'attribution d'adresse ip
WO2024000975A1 (fr) Système et procédé d'établissement de session, dispositif électronique et support de stockage
CN112738132A (zh) 一种二次认证接入系统及其方法
US20200287868A1 (en) Systems and methods for in-band remote management

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11786106

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11786106

Country of ref document: EP

Kind code of ref document: A1