WO2015176213A1 - 一种基于mac地址的节点设备接入方法、系统及装置 - Google Patents
一种基于mac地址的节点设备接入方法、系统及装置 Download PDFInfo
- Publication number
- WO2015176213A1 WO2015176213A1 PCT/CN2014/077800 CN2014077800W WO2015176213A1 WO 2015176213 A1 WO2015176213 A1 WO 2015176213A1 CN 2014077800 W CN2014077800 W CN 2014077800W WO 2015176213 A1 WO2015176213 A1 WO 2015176213A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- node device
- mac address
- mac
- network
- timestamp
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
Definitions
- the present invention relates to the field of industrial Ethernet communication technologies, and in particular, to a MAC address-based node device access method, system and device. Background technique
- FIG. 1 is a process of detecting a MAC address conflict when a new node device accesses a network in the prior art, and the process includes the following steps:
- the newly added node device sends a MAC collision detection (ARP) packet to the entire network, where the MAC collision detection packet carries the MAC address information of the newly added node device.
- ARP MAC collision detection
- S102 The other node device that receives the MAC collision detection packet determines whether the MAC address information conflicts with its own MAC address according to the MAC address information carried in the packet. And forward the 4 ⁇ text.
- the PC when a PC connected to the node device E accesses the network, the PC sends a MAC collision detection message to the entire network, and each node device in the network has eight, B, C, D, and E according to The MAC conflict detection packet is detected separately, and it is determined whether the address of the MAC conflict is in conflict with the MAC address carried in the MAC conflict detection packet, that is, whether the two are the same, thereby determining whether to send the MAC address conflict information to the server.
- each node device only receives the MAC conflict sent by the newly added node device.
- the packet When the packet is detected, it can be determined whether the MAC address carried in the MAC conflict detection packet conflicts with its own MAC address. Because only the node device with the MAC address conflict exists in this detection mode, it can determine whether the MAC address conflicts.
- the method of detecting the MAC address when the node device is accessed is a waste of time, and cannot effectively improve the efficiency of MAC address detection. Summary of the invention
- the present invention has been made in order to provide a MAC address based node device access method, system and apparatus that overcomes the above problems or at least partially solves the above problems.
- the embodiment of the invention provides a node device access method based on a MAC address, and the method includes:
- the first node device receives the MAC conflict detection packet sent by the newly added node device, and determines, according to the MAC address of the other node device in the network that is locally stored, the MAC address of the newly added node device and each of the networks in the network Whether the MAC address of the node device conflicts;
- the network address When there is no MAC address in the network that conflicts with the newly joined node device, the network address will be received.
- the timestamp of the MAC conflict detection packet is added to the MAC collision detection packet, and the MAC address of the newly added node device and the timestamp information are locally saved.
- the method further includes: receiving, by the second node device, a MAC collision detection packet forwarded by the first node device;
- the MAC address of other node devices in the network that is stored locally, the MAC address of the newly added node device and the MAC address of each node device in the network it is read are rushed.
- the timestamp carried in the MAC conflict detection packet and the locally saved timestamp are compared according to the saved timestamp information corresponding to the conflicting MAC address. ;
- the timestamp of the MAC conflict detection packet is earlier than the locally saved timestamp, the MAC address of the newly added node device and the timestamp carried by the MAC conflict detection packet are updated, and the local save is performed.
- the timestamp of receiving the MAC conflict detection packet is added to the MAC conflict detection packet, and the newly added node is locally saved. MAC address of the device and the timestamp information.
- the method further includes: the first node device receiving each of the networks Information broadcast by other node devices, where the information carries the MAC address corresponding to each other node device;
- the first node device determines, according to each received information, whether the MAC address carried in the information is the same as its own MAC address;
- the MAC address carried in the information is different from the MAC address of the local device, the MAC address of the other node device is locally saved and the information is forwarded.
- the information is discarded and an alarm is generated.
- the method further includes: the first node device according to the MAC address of other node devices in the locally stored network, according to the set time interval to each other The node device sends a heartbeat detection packet;
- the first node device sends information of the third node device leaving the network in the network, and notifies other node devices in the network to delete the MAC address of the third node device.
- An embodiment of the present invention provides a node device access device based on a MAC address, where the device includes:
- a receiving module configured to receive a MAC conflict detection packet sent by the newly added node device
- a determining module configured to determine, according to a MAC address of another node device in the network that is locally stored, a MAC address of the newly added node device Whether the MAC address of each node device in the network conflicts
- An execution module configured to: when the determining module determines that a MAC address conflicting with the newly added node device exists in the network, stop forwarding the MAC conflict detection packet; when the determining module determines that the network does not conflict with the newly added node device Add the timestamp of the MAC conflict detection packet to the MAC conflict detection packet, and save the MAC address of the newly added node device and the timestamp information locally.
- the receiving module is further configured to receive a MAC conflict detection packet forwarded by another node device, in order to perform the MAC address detection and improve the detection efficiency.
- the determining module is further configured to: according to the MAC address of the other node device in the network that is locally stored, determine whether the MAC address of the newly added node device conflicts with the MAC address of each node device in the network;
- the execution module is further configured to: when the determining module determines that the timestamp carried by the MAC conflict detection packet is earlier than the locally saved timestamp, the MAC address of the newly added node device and the MAC conflict are used. Detecting the timestamp of the packet, and updating the locally saved conflicting MAC address and the corresponding timestamp; when the determining module determines that the timestamp carried by the MAC conflict detection packet is later than the locally saved timestamp, the packet is stopped. MAC collision detection packet.
- the receiving module is further configured to receive information broadcast by each other node device in the network, where the information carries a MAC address corresponding to each other node device, in order to perform the MAC address detection and improve the detection efficiency.
- the determining module is further configured to determine, according to each received information, whether the MAC address carried in the information is the same as its own MAC address;
- the execution module is further configured to: when the determining module determines the MAC address carried in the information and itself When the MAC address is different, the MAC address of the other node device is locally saved and the information is forwarded. When the determining module determines that the MAC address carried in the information is the same as its own MAC address, the information is discarded and the alarm is discarded.
- the device further includes: a detecting module, configured to send to each other node according to a set time interval according to a MAC address of another node device in the locally stored network.
- the device sends a heartbeat detection packet.
- the determining module is further configured to determine whether a response message returned by each other node device is received within the set time interval;
- the execution module is further configured to: when the determining module determines that the response message returned by the third node device is not received, determine that the third node device leaves the network, and locally delete the MAC address of the third node device; Sending information that the third node device leaves the network, and notifying other node devices in the network to delete the MAC address of the third node device.
- An embodiment of the present invention provides a node device access system based on a MAC address, where the system includes: the foregoing device, and a newly added node device that sends a MAC collision detection message to the device.
- An embodiment of the present invention provides a method, a system, and a device for accessing a node device based on a MAC address.
- the first node device receives a MAC collision detection packet sent by the newly added node device, according to the network that is locally saved.
- the MAC address of the other node device in the device determines whether the MAC address conflicts with the MAC address. If there is a conflict, the MAC address detection packet is stopped. If there is no conflict, the MAC address is saved, and the MAC collision detection packet is received. The timestamp is added to the message and forwarded.
- each node device stores the MAC address of another node device in the network in which it resides.
- the device after receiving the MAC conflict detection packet, the device can perform overall judgment according to the situation in the network, thereby improving The access efficiency of the node device, in addition, when the node device detects the MAC address conflict, stops forwarding the MAC conflict detection packet, thereby saving time for other node devices to perform the judgment, and when detecting no conflict, reporting Adding a timestamp in the text can facilitate subsequent MAC address spoofing detection, thereby improving the security of the system.
- FIG. 1 is a process of detecting a MAC address conflict when a new node device accesses a network in the prior art
- FIG. 2 is a schematic diagram of a process of accessing a node device based on a MAC address according to an embodiment of the present invention
- a MAC address-based node device access process diagram is provided:
- FIG. 4 is a schematic diagram of a node device access process based on a MAC address according to Embodiment 2 of the present invention.
- FIG. 5 is a schematic structural diagram of a node device access device based on a MAC address according to an embodiment of the present disclosure
- FIG. 6 is a schematic structural diagram of a node device access system based on a MAC address according to an embodiment of the present invention. detailed description
- a method, system and device for accessing a node device based on a MAC address are provided.
- FIG. 2 is a schematic diagram of a node device access process based on a MAC address according to an embodiment of the present invention, where the process includes the following steps:
- the first node device receives the MAC conflict detection packet sent by the newly added node device.
- the newly added node device sends a MAC collision detection packet to the network to which the newly added node device carries the MAC address of the newly added node device, and the MAC collision detection is performed.
- a packet can also be called an ARP packet.
- Step S202 Determine, according to the MAC address of the other node device in the network that is locally stored, whether the MAC address of the newly added node device conflicts with the MAC address of each node device in the network, and when the judgment result is yes, perform Step S203, otherwise, proceed to step S204.
- the newly added node device may be a legitimate node device, or may be a non-legal node device, or may be a legitimate node device that is impersonated.
- Each node device in the embodiment of the present invention stores a MAC address of another node device in the network in which it resides.
- the node device A stores the MAC addresses of the node devices B, C, D, and E.
- the node device B stores the MAC addresses of the node devices A, C, D, and E.
- the node device C stores the MAC addresses of the node devices A, B, D, and E.
- the node device D stores the node devices eight and B.
- the MAC addresses of C and E, and the node device E stores the MAC addresses of the node devices A, B, C, and D.
- the node device that receives the MAC conflict detection packet may determine, according to the MAC address of each node device in its network that it is stored, whether the newly added MAC address is the same as the MAC address of each node device in the network in which it resides. That is, conflict.
- the first node device may determine that the newly added node device is a non-legal node device. To ensure system security, the first node device The forwarding of the MAC conflict detection packet is stopped.
- the first node device stops forwarding the MAC conflict detection packet: the first node device sends an access control list (ACL) for prohibiting the sending of the MAC conflict detection packet to each port, and sets the ACL in the ACL. Its aging time allows the ACL to be revoked after a set length of time.
- ACL access control list
- S204 Add a timestamp of receiving the MAC conflict detection packet to the MAC conflict check.
- the packet is sent in the test packet, and the MAC address of the newly added node device and the timestamp information are locally saved.
- the first node device determines that the MAC address of the node device of the network that is locally stored does not conflict with the MAC address of the newly added node device, the first node device saves the MAC address of the newly added node device to the local device. .
- the first node device adds the timestamp to the MAC conflict detection packet according to the time when the MAC conflict detection packet is received, and sends the timestamp to the network.
- the other node device so that the other node device determines, according to the timestamp, whether the newly added node device is a fake legal node device. Therefore, the MAC address of the newly added node device corresponding to the first node device saves the timestamp information correspondingly, so as to facilitate the judgment of the subsequent impersonating node device.
- each node device stores the MAC address of another node device in the network in which it resides. Therefore, after receiving the MAC conflict detection packet, the device can perform overall judgment according to the situation in the network, thereby improving The access efficiency of the node device, in addition, when the node device detects the MAC address conflict, the MAC address collision detection is stopped, so that the time for the other node device to perform the judgment can be saved, and when the collision is detected, the report is reported. Adding a timestamp in the text can facilitate subsequent MAC address spoofing detection, thereby improving the security of the system.
- the CPU of the node device that performs the MAC address conflict determination is judged by the CPU of the node device, so that the efficiency of the judgment can be improved, and only one network in the CPU is saved.
- the MAC address of other node devices can be saved without saving on each port of the node device, thereby saving storage space.
- the method further includes:
- the first node device receives information broadcast by each other node device in the network, where the information carries a MAC address corresponding to each other node device;
- the first node device determines, according to each received information, whether the MAC address carried in the information is the same as its own MAC address; When the MAC address carried in the information is different from the MAC address of the local device, the MAC address of the other node device is locally saved and the information is forwarded;
- the information is discarded and an alarm is generated.
- each node device After the network is initialized, or after the network is regularly maintained, in order to ensure that the node devices in the network save the MAC addresses of other node devices in the network, each node device will carry its own MAC address information through its own ring port (logical Broadcast except for blocked ports.
- the node device in the network receives the information sent by the other node device through the ring port, and determines whether the MAC address carried in the information conflicts with its own MAC address. When there is no conflict, the MAC address carried in the information is saved locally.
- FIG. 3 is a schematic diagram of a node device access process based on a MAC address according to Embodiment 1 of the present invention, where the process includes the following steps:
- the first node device receives information broadcast by each other node device in the network, where the information carries a MAC address corresponding to each other node device.
- the first node device determines, according to each received information, whether the MAC address carried in the information is the same as the MAC address of the information. If the determination result is yes, the process proceeds to step S303. Otherwise, the process proceeds to step S304.
- the first node device illuminates the local alarm light, and simultaneously sends an alarm message to the monitoring server.
- the non-ring port only allows the CPU of the node device to which the ARP packet is sent, and prohibits the passage of any other text.
- each node device locally stores other node devices in the network.
- S305 The first node device receives the MAC conflict detection packet sent by the newly added node device.
- S306 Determine according to the MAC address of other node devices in the network that is locally stored. Whether the MAC address of the newly added node device conflicts with the MAC address of each node device in the network in which it is located, and if the determination result is yes, proceed to step S307, otherwise, proceed to step S308.
- S308 Add a timestamp of the MAC conflict detection packet to the MAC conflict detection packet, and locally save the MAC address of the newly added node device and the timestamp information.
- each node device stores the MAC address of another node device in the network in which it resides. Therefore, after receiving the MAC conflict detection packet, the device can perform overall judgment according to the situation in the network, thereby improving Access efficiency of node devices.
- the method further includes:
- the second node device receives the MAC conflict detection packet forwarded by the first node device
- the MAC address of other node devices in the network that is stored locally, the MAC address of the newly added node device and the MAC address of each node device in the network it is read are rushed.
- the timestamp carried in the MAC conflict detection packet and the locally saved timestamp are compared according to the saved timestamp information corresponding to the conflicting MAC address.
- the MAC address of the newly added node device and the timestamp carried by the MAC conflict detection packet are updated, and the local save is performed.
- the timestamp of receiving the MAC conflict detection packet is added to the MAC conflict detection packet, and the newly added node is locally saved. MAC address of the device and the timestamp information.
- the existing node device in the network is saved according to the The MAC address of the other node device determines whether the MAC address of the newly added node device conflicts with the MAC address of the existing node device in the network. When it is determined that there is no conflict, the MAC conflict sent by the newly added node device is received. The time of detecting the message is determined, the timestamp is determined, the timestamp and the MAC address of the newly added device are saved locally, and the timestamp is added to the MAC collision detection message and sent.
- the timestamp is determined according to the time of receiving the MAC collision detection packet sent by the newly added node device, and the timestamp and the timestamp are determined.
- the MAC address of the newly added device is saved locally, and the timestamp is added to the MAC conflict detection packet.
- the node device is impersonated. According to the locally saved timestamp and the MAC conflict detection. The timestamp carried in the packet determines the node device that is impersonating.
- FIG. 4 is a schematic diagram of a node device access process based on a MAC address according to Embodiment 2 of the present invention, where the process includes the following steps:
- the first node device receives the MAC conflict detection packet sent by the newly added node device.
- Step S402 Determine, according to the MAC address of the other node device in the network that is locally stored, whether the MAC address of the newly added node device conflicts with the MAC address of each node device in the network, and when the judgment result is yes, perform Step S403, otherwise, step S404 is performed.
- the ring port of the first node device after receiving the MAC collision detection packet, the ring port of the first node device sends the MAC collision detection packet to the CPU of the first node device, and the CPU determines the MAC address conflict.
- the ACL of the MAC conflict detection packet may be stopped, and the ACL is revoked after being set for 5 minutes.
- S404 Add a timestamp of the MAC conflict detection packet to the MAC conflict detection packet, and locally save the MAC address of the newly added node device and the timestamp information.
- S405 The second node device receives the MAC conflict detection packet forwarded by the first node device.
- Step S406 Determine, according to the MAC address of the other node device in the network that is locally stored, whether the MAC address of the newly added node device conflicts with the MAC address of each node device in the network, and when the judgment result is yes, perform Step S407, otherwise, proceed to step S410.
- Step S407 Determine, according to the saved timestamp information corresponding to the conflicting MAC address, whether the timestamp carried by the MAC conflict detection packet is earlier than a timestamp of the locally saved corresponding MAC address, and when the determination result is yes, perform Step S408, otherwise, proceed to step S409.
- the ring port of the second node device after receiving the MAC conflict detection packet, the ring port of the second node device sends the MAC conflict detection packet to the CPU of the second node device, where the CPU determines the MAC address conflict and determines the timestamp. .
- S408 Update the locally saved conflicting MAC address and the corresponding timestamp by using the MAC address of the newly added node device and the timestamp carried in the MAC conflict detection packet.
- S410 Add a timestamp of the MAC conflict detection packet to the MAC conflict detection packet, and locally save the MAC address of the newly added node device and the timestamp information.
- the MAC address conflict detection packet is stopped, so that the time for the other node device to perform the judgment can be saved, and when the conflict is detected, the time is added to the packet.
- the stamp can facilitate subsequent MAC address spoofing detection, thereby improving the security of the system.
- each node device periodically detects whether other node devices exist.
- the method further includes:
- the first node device sends a heartbeat detection message to each of the other node devices according to the MAC address of the other node devices in the locally stored network;
- the first node device sends information of the third node device leaving the network in the network, and notifies other node devices in the network to delete the MAC address of the third node device.
- each node device in the network sends a heartbeat detection packet to each other node device according to the MAC address of the other node device saved by the node device according to the set time interval, so as to ensure that the other node device further Exist in this network.
- a response packet returned by a certain other node device is received within a set time length, it indicates that the other other node device still exists in the network, and continues to the other node device at the next set time interval.
- the heartbeat detection message is sent continuously.
- the response packet of another node device is not received within the set time length, the other node device has left the network, so as to facilitate the subsequent data.
- the MAC address of the other other node device is deleted locally.
- the set length of time may be determined according to the average duration of communication between the node devices, and the corresponding time length of each of the other node devices may be the same or different.
- FIG. 5 is a schematic structural diagram of a device for accessing a node device based on a MAC address according to an embodiment of the present disclosure, where the device includes:
- the receiving module 51 is configured to receive a MAC conflict detection packet sent by the newly added node device, and the determining module 52 is configured to determine, according to the MAC address of the other node device in the network that is locally stored, the MAC address of the newly added node device. Whether the address conflicts with the MAC address of each node device in its network;
- the executing module 53 is configured to: when the determining module determines that a MAC address conflicting with the newly added node device exists in the network, stop forwarding the MAC conflict detection packet; when the determining module determines that the newly added node device does not exist in the network.
- the conflicting MAC address is received, the timestamp of the MAC conflict detection packet is added to the MAC conflict detection packet, and the MAC address of the newly added node device and the timestamp information are locally saved.
- the receiving module 51 is further configured to receive a MAC conflict detection packet forwarded by another node device;
- the determining module 52 is further configured to: according to the MAC address of the other node device in the network that is locally stored, determine whether the MAC address of the newly added node device conflicts with the MAC address of each node device in the network;
- the executing module 53 is further configured to: when the determining module determines that the timestamp carried by the MAC conflict detection packet is earlier than the locally saved timestamp, the MAC address of the newly added node device and the MAC are used. The timestamp of the conflict detection packet is updated, and the MAC address and the corresponding timestamp of the conflict are locally saved. When the determining module determines that the timestamp carried by the MAC conflict detection packet is later than the locally saved timestamp, the forwarding stops. The MAC collision detection packet.
- the receiving module 51 is further configured to receive information broadcast by each other node device in the network, where the information carries a MAC address corresponding to each other node device;
- the determining module 52 is further configured to: according to each received information, determine whether the MAC address carried in the information is the same as its own MAC address;
- the executing module 53 is further configured to: when the determining module determines that the MAC address carried in the information is different from the MAC address of the information, locally save the MAC address of the other node device and forward the information; when the determining module determines the information, When the carried MAC address is the same as its own MAC address, the information is discarded and an alarm is generated.
- the device also includes:
- the detecting module 54 is configured to send a heartbeat detection message to each other node device according to a set time interval according to a MAC address of another node device in the locally stored network;
- the determining module 52 is further configured to determine whether a response message returned by each of the other node devices is received within the set time interval;
- the executing module 53 is further configured to: when the determining module determines that the response message returned by the third node device is not received, determining that the third node device leaves the network, locally deleting the MAC address of the third node device; Sending information that the third node device leaves the network, and notifying other node devices in the network to delete the MAC address of the third node device.
- FIG. 6 is a schematic structural diagram of a node device access system based on a MAC address according to an embodiment of the present disclosure, where the system includes: a device 61 as shown in FIG. 5, and sending a MAC burst to the device A newly added node device 62 that detects the message.
- An embodiment of the present invention provides a method, a system, and a device for accessing a node device based on a MAC address.
- the first node device receives a MAC collision detection packet sent by the newly added node device, according to the network that is locally saved.
- the MAC address of the other node device in the device determines whether the MAC address conflicts with the MAC address. If there is a conflict, the MAC address detection packet is stopped. If there is no conflict, the MAC address is saved, and the MAC collision detection packet is received. The timestamp is added to the message and forwarded.
- each node device stores the MAC address of another node device in the network in which it resides.
- the device after receiving the MAC conflict detection packet, the device can perform overall judgment according to the situation in the network, thereby improving The access efficiency of the node device, in addition, when the node device detects the MAC address conflict, stops forwarding the MAC conflict detection packet, thereby saving time for other node devices to perform the judgment, and when detecting no conflict, reporting Adding a timestamp in the text can facilitate subsequent MAC address spoofing detection, thereby improving the security of the system.
- modules in the devices of the embodiments can be adaptively changed and that they are disposed in one or more devices different from the embodiment.
- the modules or units or components of the embodiments may be combined into one module or unit or component, and further, they may be divided into a plurality of sub-modules or sub-units or sub-assemblies.
- any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed may be employed. Or combine all the processes or units of the device.
- Each feature disclosed in the specification (including the accompanying claims, the abstract, and the drawings) may be replaced by alternative features that provide the same, equivalent, or similar purpose, unless stated otherwise.
- the various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
- a microprocessor or digital signal processor may be used in practice to implement some or all of some or all of the components in the device and system accessed by the node device in accordance with embodiments of the present invention.
- the invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
- a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, or provided on a carrier signal, or provided in any other form.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
Abstract
一种基于MAC地址的节点设备接入方法、系统及装置,该方法中第一节点设备接收新加入的节点设备发送的MAC冲突检测报文,根据本地保存的其所在网络中的其他节点设备的MAC地址,判断是否与该MAC地址冲突,当冲突时停止转发该报文,不存在冲突时,保存该MAC地址,并将接收该报文的时间戳添加到该报文中并转发。由于在本发明实施例中每个节点设备中保存有其所在网路中其他节点设备的MAC地址,因此在接收到MAC冲突检测报文后,可以根据网络中的情况进行整体判断,从而可以提高节点设备的接入效率,另外,在检测到不冲突时,在报文中添加时间戳可以方便后续的MAC 地址仿冒检测,从而提高了系统的安全性。
Description
一种基于 MAC地址的节点设备接入方法、 系统及装置 技术领域
本发明涉及工业以太网通信技术领域, 尤其涉及一种基于 MAC地址的节 点设备接入方法、 系统及装置。 背景技术
目前工业以太网发展非常迅速, 在各个行业都有了广泛的应用, 从而使 以太网通信在工业自动化领域的地位迅速升高。
图 1为现有技术中新的节点设备接入网络时 MAC地址冲突检测过程,该 过程包括以下步骤:
S101 : 新加入的节点设备向全网发送 MAC冲突检测(ARP )报文, 其中 该 MAC冲突检测报文中携带该新加入的节点设备的 MAC地址信息。
S102:接收到该 MAC冲突检测报文的其他节点设备,根据该报文中携带 的 MAC地址信息, 判断该 MAC地址信息是否与自身的 MAC地址冲突。 并 转发该 4艮文。
S103: 当该其他节点设备检测到该 MAC地址信息与自身的 MAC地址冲 突时, 向服务发送 MAC地址冲突的信息。
具体的如图 2所示, 当连接在节点设备 E上的 PC接入网络时, PC向全 网发送 MAC冲突检测报文, 网络中的每个节点设备八、 B、 C、 D和 E根据 该 MAC冲突检测报文分别进行检测, 判断自身的地址是否与该 MAC冲突检 测报文中携带的 MAC地址冲突, 即判断两者是否相同,从而确定是否向服务 器发送 MAC地址冲突的信息。
上述过程中, 每个节点设备只有接收到新加入的节点设备发送的 MAC冲突
检测报文时, 才能判断该 MAC冲突检测报文中携带的 MAC地址是否与自身的 MAC 地址冲突, 由于此检测方式只有存在 MAC地址冲突的节点设备, 才能判断 MAC 地址是否冲突, 因此现有技术中的节点设备接入时的 MAC地址检测方法, 较浪 费时间, 不能有效的提高 MAC地址检测的效率。 发明内容
鉴于上述问题, 提出了本发明以便提供一种克服上述问题或者至少部分 地解决上述问题的一种基于 MAC地址的节点设备接入方法、 系统及装置。
本发明实施例提供了一种基于 MAC地址的节点设备接入方法,该方法包 括:
第一节点设备接收新加入的节点设备发送的 MAC冲突检测报文; 根据本地保存的其所在网络中其他节点设备的 MAC地址, 判断该新加 入的节点设备的 MAC地址与其所在网络中的每个节点设备的 MAC地址是否 冲突;
当网络中存在与该新加入的节点设备冲突的 MAC地址时, 则停止转发 该 MAC冲突检测艮文;
当网络中不存在与该新加入的节点设备冲突的 MAC地址时,将接收到该
MAC冲突检测报文的时间戳添加到该 MAC冲突检测报文中发送, 并在本地 保存该新加入的节点设备的 MAC地址及该时间戳信息。
为了有效的进行 MAC地址检测, 并提高检测的效率, 所述方法还包括: 第二节点设备接收第一节点设备转发的 MAC冲突检测报文;
根据本地保存的其所在网络中其他节点设备的 MAC地址,判读该新加入 的节点设备的 MAC地址与其所在网络中的每个节点设备的 MAC地址是否冲
·
当网络中存在与该新加入的节点设备冲突的 MAC地址时,根据保存的与 该冲突的 MAC地址对应的时间戳信息, 比较所述 MAC冲突检测报文携带的 时间戳及本地保存的时间戳;
当所述 MAC冲突检测报文携带的时间戳早于本地保存的时间戳时,则釆 用所述新加入的节点设备的 MAC地址及所述 MAC冲突检测报文携带的时间 戳, 更新本地保存的该冲突的 MAC地址及对应时间戳;
当所述 MAC冲突检测报文携带的时间戳晚于本地保存的时间戳时,则停 止转发该 MAC冲突检测艮文;
当网络中不存在与该新加入的节点设备冲突的 MAC地址时, 将接收到 该 MAC冲突检测报文的时间戳添加到该 MAC冲突检测报文中发送, 并在本 地保存该新加入的节点设备的 MAC地址及该时间戳信息。
为了有效的进行 MAC地址检测, 并提高检测的效率, 所述第一节点设备 接收新加入的节点设备发送的 MAC冲突检测报文之前, 所述方法还包括: 第一节点设备接收网络中的每个其他节点设备广播的信息, 其中该信息 中携带对应每个其他节点设备的 MAC地址;
第一节点设备根据接收到的每个信息,判断该信息中携带的 MAC地址是 否与本身的 MAC地址相同;
当该信息中携带的 MAC地址与本身的 MAC地址不同时, 在本地保存该 其他节点设备的 MAC地址并转发该信息;
当该信息中携带的 MAC地址与本身的 MAC地址相同时, 丟弃该信息并 告警。
为了有效的进行 MAC地址检测, 并提高检测的效率, 所述方法还包括: 所述第一节点设备根据本地保存的所在网络内其他节点设备的 MAC 地 址, 按照设定的时间间隔向每个其他节点设备发送心跳检测报文;
判断在设定的时间间隔内是否接收到每个其他节点设备返回的响应报 文;
当未接收到第三节点设备返回的响应报文时, 确定该第三节点设备离开 该网络, 在本地删除第三节点设备的 MAC地址;
所述第一节点设备在网络中发送第三节点设备离开网络的信息, 通知网 络中的其他节点设备删除所述第三节点设备的 MAC地址。
本发明实施例提供了一种基于 MAC地址的节点设备接入装置,所述装置 包括:
接收模块, 用于接收新加入的节点设备发送的 MAC冲突检测报文; 判断模块, 用于根据本地保存的其所在网络中其他节点设备的 MAC 地 址,判断该新加入的节点设备的 MAC地址与其所在网络中的每个节点设备的 MAC地址是否冲突;
执行模块, 用于当判断模块判断网络中存在与该新加入的节点设备冲突 的 MAC地址时, 停止转发该 MAC冲突检测报文; 当判断模块判断网络中不 存在与该新加入的节点设备冲突的 MAC地址时, 将接收到该 MAC冲突检测 报文的时间戳添加到该 MAC冲突检测报文中发送,并在本地保存该新加入的 节点设备的 MAC地址及该时间戳信息。
为了有效的进行 MAC地址检测, 并提高检测的效率, 所述接收模块, 还 用于接收其他节点设备转发的 MAC冲突检测报文;
所述判断模块, 还用于根据本地保存的其所在网络中其他节点设备的 MAC地址, 判读该新加入的节点设备的 MAC地址与其所在网络中的每个节 点设备的 MAC地址是否冲突;
所述执行模块,还用于当判断模块确定所述 MAC冲突检测报文携带的时 间戳早于本地保存的时间戳时,则釆用所述新加入的节点设备的 MAC地址及 所述 MAC冲突检测报文携带的时间戳, 更新本地保存的该冲突的 MAC地址 及对应时间戳;当判断模块确定所述 MAC冲突检测报文携带的时间戳晚于本 地保存的时间戳时, 则停止转发该 MAC冲突检测报文。
为了有效的进行 MAC地址检测, 并提高检测的效率, 所述接收模块, 还 用于接收网络中的每个其他节点设备广播的信息, 其中该信息中携带对应每 个其他节点设备的 MAC地址;
所述判断模块 ,还用于根据接收到的每个信息,判断该信息中携带的 MAC 地址是否与本身的 MAC地址相同;
所述执行模块,还用于当判断模块确定该信息中携带的 MAC地址与本身
的 MAC地址不同时,在本地保存该其他节点设备的 MAC地址并转发该信息; 当判断模块确定该信息中携带的 MAC地址与本身的 MAC地址相同时, 丟弃 该信息并告警。
为了有效的进行 MAC地址检测, 并提高检测的效率, 所述装置还包括: 检测模块, 用于根据本地保存的所在网络内其他节点设备的 MAC地址, 按照设定的时间间隔向每个其他节点设备发送心跳检测报文;
所述判断模块, 还用于判断在设定的时间间隔内是否接收到每个其他节 点设备返回的响应报文;
所述执行模块, 还用于当判断模块确定未接收到第三节点设备返回的响 应报文时,确定该第三节点设备离开该网络,在本地删除第三节点设备的 MAC 地址; 在网络中发送第三节点设备离开网络的信息, 通知网络中的其他节点 设备删除所述第三节点设备的 MAC地址。
本发明实施例提供了一种基于 MAC地址的节点设备接入系统,所述系统 包括: 如上所述装置,及向所述装置发送 MAC冲突检测报文的新加入的节点 设备。
本发明实施例提供了一种基于 MAC地址的节点设备接入方法、系统及装 置, 该方法中第一节点设备接收新加入的节点设备发送的 MAC 冲突检测报 文,根据本地保存的其所在网络中的其他节点设备的 MAC地址, 判断是否与 该 MAC地址冲突, 当冲突时, 则停止转发该 MAC冲突检测报文, 不存在冲 突时, 保存该 MAC地址, 并将接收该 MAC冲突检测报文的时间戳添加到该 报文中并转发。 由于在本发明实施例中每个节点设备中保存有其所在网路中 其他节点设备的 MAC地址, 因此在接收到 MAC冲突检测报文后, 可以根据 网络中的情况进行整体判断, 从而可以提高节点设备的接入效率, 另外, 通 过当节点设备检测到 MAC地址冲突时, 停止转发该 MAC冲突检测报文, 从 而可以节省其他节点设备进行判断的时间, 而在检测到不冲突时, 在报文中 添加时间戳可以方便后续的 MAC地址仿冒检测, 从而提高了系统的安全性。
上述说明仅是本发明技术方案的概述, 为了能够更清楚了解本发明的技
术手段, 而可依照说明书的内容予以实施, 并且为了让本发明的上述和其它 目的、 特征和优点能够更明显易懂, 以下特举本发明的具体实施方式。 附图说明
通过阅读下文优选实施方式的详细描述, 各种其他的优点和益处对于本 领域普通技术人员将变得清楚明了。 附图仅用于示出优选实施方式的目的, 而并不认为是对本发明的限制。 而且在整个附图中, 用相同的参考符号表示 相同的部件。 在附图中:
图 1为现有技术中新的节点设备接入网络时 MAC地址冲突检测过程; 图 2为本发明实施例提供的一种基于 MAC地址的节点设备接入过程图; 图 3为本发明实施例一提供的一种基于 MAC地址的节点设备接入过程 图:
图 4为本发明实施例二提供的一种基于 MAC地址的节点设备接入过程 图;
图 5为本发明实施例提供的一种基于 MAC地址的节点设备接入装置结构 示意图;
图 6为本发明实施例提供的一种基于 MAC地址的节点设备接入系统结构 示意图。 具体实施方式
为了有效的节点设备的接入效率, 并提高系统的安全性, 提供了一种基 于 MAC地址的节点设备接入方法、 系统及装置。
下面将参照附图更详细地描述本公开的示例性实施例。 虽然附图中显示 了本公开的示例性实施例, 然而应当理解, 可以以各种形式实现本公开而不 应被这里阐述的实施例所限制。 相反, 提供这些实施例是为了能够更透彻地 理解本公开, 并且能够将本公开的范围完整的传达给本领域的技术人员。
下面结合说明附图, 对本发明实施例进行说明。
图 2为本发明实施例提供的一种基于 MAC地址的节点设备接入过程图, 该过程包括以下步骤:
S201 : 第一节点设备接收新加入的节点设备发送的 MAC冲突检测报文。 当存在新加入的节点设备时, 该新加入的节点设备向其所接入的网络发 送 MAC冲突检测报文, 该 MAC冲突检测报文中携带该新加入的节点设备的 MAC地址, MAC冲突检测报文又可以称为 ARP报文。
S202: 根据本地保存的其所在网络中其他节点设备的 MAC地址, 判断 该新加入的节点设备的 MAC地址与其所在网络中的每个节点设备的 MAC地 址是否冲突, 当判断结果为是时, 进行步骤 S203 , 否则, 进行步骤 S204。
该新加入的节点设备可能是合法的节点设备, 也可以是非合法的节点设 备, 或者还可能是被冒充的合法的节点设备。
在本发明实施例中的每个节点设备中保存有其所在网络中其他节点设备 的 MAC地址, 如图 1所示, 节点设备 A中保存有节点设备 B、 C、 D、 E的 MAC地址, 节点设备 B中保存有节点设备 A、 C、 D、 E的 MAC地址, 节点 设备 C中保存有节点设备 A、 B、 D、 E的 MAC地址, 节点设备 D中保存有 节点设备八、 B、 C、 E的 MAC地址, 节点设备 E中保存有节点设备 A、 B、 C、 D的 MAC地址。 接收到该 MAC冲突检测报文的节点设备可以根据自身 保存的其所在网络中的每个节点设备的 MAC地址, 判断该新加入的 MAC地 址是否与其所在网络中每个节点设备的 MAC地址相同, 即相冲突。
S203: 停止转发该 MAC冲突检测报文。
当第一节点设备判断该新加入的节点设备与其所在网络中的节点设备 的 MAC地址冲突时, 可以判断该新加入的节点设备为非合法的节点设备, 为 了保证系统安全, 该第一节点设备停止转发该 MAC冲突检测报文。
具体的该第一节点设备停止转发该 MAC冲突检测报文可以是: 第一节 点设备向其各端口下发禁止发送该 MAC冲突检测报文的访问控制表( ACL ), 并在该 ACL中设置其老化时间, 使该 ACL可以在设定的时间长度后被废除。
S204: 将接收到该 MAC冲突检测报文的时间戳添加到该 MAC冲突检
测报文中发送,并在本地保存该新加入的节点设备的 MAC地址及该时间戳信 息。
当该第一节点设备判断本地保存的其所在网络的节点设备的 MAC地址 与新加入的节点设备的 MAC地址不冲突时,该第一节点设备将该新加入的节 点设备的 MAC地址保存到本地。 另外, 在本发明实施例中, 为了保证网络的 安全, 该第一节点设备根据接收到该 MAC冲突检测报文的时间,将该时间戳 添加到该 MAC冲突检测报文中并发送给网络中的其他节点设备,以便其他节 点设备根据该时间戳, 判断该新加入的节点设备是否为冒充的合法的节点设 备。 因此该第一节点设备对应的该新加入的节点设备的 MAC地址,对应的保 存该时间戳信息 , 便于后续的冒充节点设备的判断。
由于在本发明实施例中每个节点设备中保存有其所在网路中其他节点 设备的 MAC地址, 因此在接收到 MAC冲突检测报文后, 可以根据网络中的 情况进行整体判断, 从而可以提高节点设备的接入效率, 另外, 当节点设备 检测到 MAC地址冲突时, 停止转发该 MAC冲突检测 4艮文, 从而可以节省其 他节点设备进行判断的时间, 而在检测到不冲突时, 在报文中添加时间戳可 以方便后续的 MAC地址仿冒检测, 从而提高了系统的安全性。
具体的, 在本发明的上述实施例中, 进行 MAC地址冲突判断的为节点 设备的 CPU, 通过节点设备的 CPU进行判断, 可以提高判断的效率, 并且只 需在 CPU中保存一份其所在网络的其他节点设备的 MAC地址即可, 无需在 节点设备的每个端口保存, 从而节省了存储空间。
在本发明实施例中为了保证每个节点设备保存有其所在网络中其他节 点设备的 MAC地址, 在网络初始化时, 或网络定期的进行维护后, 该方法还 包括:
第一节点设备接收网络中的每个其他节点设备广播的信息, 其中该信息 中携带对应每个其他节点设备的 MAC地址;
第一节点设备根据接收到的每个信息,判断该信息中携带的 MAC地址是 否与本身的 MAC地址相同;
当该信息中携带的 MAC地址与本身的 MAC地址不同时, 在本地保存该 其他节点设备的 MAC地址并转发该信息;
当该信息中携带的 MAC地址与本身的 MAC地址相同时, 丟弃该信息并 告警。
在网络初始化时, 或网络定期的进行维护后, 为了保证网络中的节点设 备保存其所在网络中其他节点设备的 MAC 地址, 每个节点设备将携带自身 MAC地址的信息通过自身的环端口 (逻辑阻塞端口除外)进行广播。 网络中 的节点设备通过环端口接收其他节点设备发送的信息, 判断该信息中携带的 MAC 地址是否与自身的 MAC 地址冲突, 当不冲突时, 将该信息中携带的 MAC地址保存在本地。
图 3为本发明实施例一提供的一种基于 MAC地址的节点设备接入过程 图, 该过程包括以下步骤:
S301 : 第一节点设备接收网络中的每个其他节点设备广播的信息, 其中 该信息中携带对应每个其他节点设备的 MAC地址。
S302:第一节点设备根据接收到的每个信息,判断该信息中携带的 MAC 地址是否与本身的 MAC地址相同, 当判断结果为是时, 进行步骤 S303 , 否 则, 进行步骤 S304。
S303: 丟弃该信息并告警。
具体的该第一节点设备点亮本地告警灯, 并同时向监控服务器发送告警 报文。
S304: 在本地保存该其他节点设备的 MAC地址并转发该信息。
在本发明实施例中非环端口仅允许 ARP报文发送到的节点设备的 CPU, 禁止其他任何 4艮文的通过。
经过上述操作, 每个节点设备在本地保存有网络中其他各节点设备的
MAC地址。
S305:第一节点设备接收新加入的节点设备发送的 MAC冲突检测报文。 S306: 根据本地保存的其所在网络中其他节点设备的 MAC地址, 判断
该新加入的节点设备的 MAC地址与其所在网络中的每个节点设备的 MAC地 址是否冲突, 当判断结果为是时, 进行步骤 S307, 否则, 进行步骤 S308。
S307: 停止转发该 MAC冲突检测报文。
S308: 将接收到该 MAC冲突检测报文的时间戳添加到该 MAC冲突检 测报文中发送,并在本地保存该新加入的节点设备的 MAC地址及该时间戳信 息。
由于在本发明实施例中每个节点设备中保存有其所在网路中其他节点 设备的 MAC地址, 因此在接收到 MAC冲突检测报文后, 可以根据网络中的 情况进行整体判断, 从而可以提高节点设备的接入效率。 所述方法还包括:
第二节点设备接收第一节点设备转发的 MAC冲突检测报文;
根据本地保存的其所在网络中其他节点设备的 MAC地址,判读该新加入 的节点设备的 MAC地址与其所在网络中的每个节点设备的 MAC地址是否冲
·
当网络中存在与该新加入的节点设备冲突的 MAC地址时,根据保存的与 该冲突的 MAC地址对应的时间戳信息, 比较所述 MAC冲突检测报文携带的 时间戳及本地保存的时间戳;
当所述 MAC冲突检测报文携带的时间戳早于本地保存的时间戳时,则釆 用所述新加入的节点设备的 MAC地址及所述 MAC冲突检测报文携带的时间 戳, 更新本地保存的该冲突的 MAC地址及对应时间戳;
当所述 MAC冲突检测报文携带的时间戳晚于本地保存的时间戳时,则停 止转发该 MAC冲突检测艮文;
当网络中不存在与该新加入的节点设备冲突的 MAC地址时, 将接收到 该 MAC冲突检测报文的时间戳添加到该 MAC冲突检测报文中发送, 并在本 地保存该新加入的节点设备的 MAC地址及该时间戳信息。
当网路中的存在新加入的节点设备时, 网络中已有的节点设备根据保存
的其他节点设备的 MAC地址, 判断该新加入的节点设备的 MAC地址否与网 络中已有的节点设备的 MAC地址冲突, 当判断不冲突时,根据接收该新加入 的节点设备发送的 MAC冲突检测 4艮文的时间, 确定时间戳,将该时间戳及该 新加入设备的 MAC地址保存在本地, 并将该时间戳添加到 MAC冲突检测报 文中发送。
当其他节点设备接收到该 MAC冲突检测报文时, 继续判断该 MAC冲 冲突时,根据接收该新加入的节点设备发送的 MAC冲突检测报文的时间, 确 定时间戳,将该时间戳及该新加入设备的 MAC地址保存在本地, 并将该时间 戳添加到 MAC冲突检测报文中发送; 当判断冲突时,说明存在冒充的节点设 备, 此时根据本地保存的时间戳及该 MAC冲突检测报文中携带的时间戳, 确 定冒充的节点设备。
图 4为本发明实施例二提供的一种基于 MAC地址的节点设备接入过程 图, 该过程包括以下步骤:
S401 :第一节点设备接收新加入的节点设备发送的 MAC冲突检测报文。
S402: 根据本地保存的其所在网络中其他节点设备的 MAC地址, 判断 该新加入的节点设备的 MAC地址与其所在网络中的每个节点设备的 MAC地 址是否冲突, 当判断结果为是时, 进行步骤 S403 , 否则, 进行步骤 S404。
具体的, 该第一节点设备的环端口接收到该 MAC冲突检测报文后, 将 该 MAC冲突检测报文发送该第一节点设备的 CPU, 由 CPU进行 MAC地址 冲突的判断。
S403: 停止转发该 MAC冲突检测报文。
例如, 可以是停止发送该 MAC冲突检测报文的 ACL, 并在其中设定 5 分钟后该 ACL被废除。
S404: 将接收到该 MAC冲突检测报文的时间戳添加到该 MAC冲突检 测报文中发送,并在本地保存该新加入的节点设备的 MAC地址及该时间戳信 息。
S405: 第二节点设备接收第一节点设备转发的 MAC冲突检测报文。
S406: 根据本地保存的其所在网络中其他节点设备的 MAC地址, 判断 该新加入的节点设备的 MAC地址与其所在网络中的每个节点设备的 MAC地 址是否冲突, 当判断结果为是时, 进行步骤 S407, 否则, 进行步骤 S410。
S407: 根据保存的与该冲突的 MAC地址对应的时间戳信息, 判断所述 MAC冲突检测报文携带的时间戳是否早于本地保存的对应 MAC地址的时间 戳, 当判断结果为是时, 进行步骤 S408, 否则, 进行步骤 S409。
具体的, 该第二节点设备的环端口接收到该 MAC冲突检测报文后, 将 该 MAC冲突检测报文发送该第二节点设备的 CPU, 由 CPU进行 MAC地址 冲突的判断及时间戳的判断。
S408: 釆用所述新加入的节点设备的 MAC地址及所述 MAC冲突检测 报文携带的时间戳, 更新本地保存的该冲突的 MAC地址及对应时间戳。
S409: 停止转发该 MAC冲突检测报文。
S410: 将接收到该 MAC冲突检测报文的时间戳添加到该 MAC冲突检 测报文中发送,并在本地保存该新加入的节点设备的 MAC地址及该时间戳信 息。
在本发明实施例中当节点设备检测到 MAC 地址冲突时, 停止转发该 MAC冲突检测报文, 从而可以节省其他节点设备进行判断的时间, 而在检测 到不冲突时,在报文中添加时间戳可以方便后续的 MAC地址仿冒检测,从而 提高了系统的安全性。
对于网络中的节点设备, 为了保证后续报文发送的准确, 并便于新的节 点设备的加入, 每个节点设备会定期的检测其他节点设备是否存在, 该方法 具体的还包括:
所述第一节点设备根据本地保存的所在网络内其他节点设备的 MAC 地 址, 按照设定的时间间隔向每个其他节点设备发送心跳检测报文;
判断在设定的时间间隔内是否接收到每个其他节点设备返回的响应报 文;
当未接收到第三节点设备返回的响应报文时, 确定该第三节点设备离开 该网络, 在本地删除第三节点设备的 MAC地址;
所述第一节点设备在网络中发送第三节点设备离开网络的信息, 通知网 络中的其他节点设备删除所述第三节点设备的 MAC地址。
在本发明实施例中网络中的每个节点设备按照设定的时间间隔, 根据自 身保存的其他节点设备的 MAC地址, 向每个其他节点设备发送心跳检测报 文, 以确保其他节点设备的还存在该网络中。 当在设定的时间长度内接收到 某一其他节点设备返回的响应报文时, 说明该某一其他节点设备还存在该网 络中, 在下一设定的时间间隔继续向该某一其他节点设备继续发送心跳检测 报文即可, 当在设定的时间长度内未接收到另一其他节点设备的响应报文时, 则说明该另一其他节点设备已离开该网络, 为了便于后续数据的方法, 并保 证后续其他节点设备接入的准确性, 在本发明实施例中, 在本地删除该另一 其他节点设备的 MAC地址。
其中该设定的时间长度, 可以根据节点设备之间的通信的平均时长来确 定, 对应的与每个其他节点设备的设定的时间长度可以相同, 也可以不同。
图 5为本发明实施例提供的一种基于 MAC地址的节点设备接入装置结构 示意图, 所述装置包括:
接收模块 51 , 用于接收新加入的节点设备发送的 MAC冲突检测报文; 判断模块 52, 用于根据本地保存的其所在网络中其他节点设备的 MAC 地址,判断该新加入的节点设备的 MAC地址与其所在网络中的每个节点设备 的 MAC地址是否冲突;
执行模块 53 , 用于当判断模块判断网络中存在与该新加入的节点设备冲 突的 MAC地址时, 停止转发该 MAC冲突检测报文; 当判断模块判断网络中 不存在与该新加入的节点设备冲突的 MAC地址时, 将接收到该 MAC冲突检 测报文的时间戳添加到该 MAC冲突检测报文中发送,并在本地保存该新加入 的节点设备的 MAC地址及该时间戳信息。
所述接收模块 51 , 还用于接收其他节点设备转发的 MAC冲突检测报文;
所述判断模块 52, 还用于根据本地保存的其所在网络中其他节点设备的 MAC地址, 判读该新加入的节点设备的 MAC地址与其所在网络中的每个节 点设备的 MAC地址是否冲突;
所述执行模块 53 , 还用于当判断模块确定所述 MAC冲突检测报文携带 的时间戳早于本地保存的时间戳时,则釆用所述新加入的节点设备的 MAC地 址及所述 MAC冲突检测报文携带的时间戳, 更新本地保存的该冲突的 MAC 地址及对应时间戳; 当判断模块确定所述 MAC冲突检测报文携带的时间戳晚 于本地保存的时间戳时, 则停止转发该 MAC冲突检测报文。
所述接收模块 51 , 还用于接收网络中的每个其他节点设备广播的信息, 其中该信息中携带对应每个其他节点设备的 MAC地址;
所述判断模块 52, 还用于根据接收到的每个信息, 判断该信息中携带的 MAC地址是否与本身的 MAC地址相同;
所述执行模块 53 , 还用于当判断模块确定该信息中携带的 MAC地址与 本身的 MAC地址不同时, 在本地保存该其他节点设备的 MAC地址并转发该 信息;当判断模块确定该信息中携带的 MAC地址与本身的 MAC地址相同时, 丟弃该信息并告警。
所述装置还包括:
检测模块 54, 用于根据本地保存的所在网络内其他节点设备的 MAC地 址, 按照设定的时间间隔向每个其他节点设备发送心跳检测报文;
所述判断模块 52, 还用于判断在设定的时间间隔内是否接收到每个其他 节点设备返回的响应艮文;
所述执行模块 53 , 还用于当判断模块确定未接收到第三节点设备返回的 响应报文时, 确定该第三节点设备离开该网络, 在本地删除第三节点设备的 MAC地址; 在网络中发送第三节点设备离开网络的信息, 通知网络中的其他 节点设备删除所述第三节点设备的 MAC地址。
图 6为本发明实施例提供的一种基于 MAC地址的节点设备接入系统结构 示意图, 所述系统包括: 如图 5所示的装置 61 , 及向所述装置发送 MAC冲
突检测报文的新加入的节点设备 62。
本发明实施例提供了一种基于 MAC地址的节点设备接入方法、系统及装 置, 该方法中第一节点设备接收新加入的节点设备发送的 MAC 冲突检测报 文,根据本地保存的其所在网络中的其他节点设备的 MAC地址, 判断是否与 该 MAC地址冲突, 当冲突时, 则停止转发该 MAC冲突检测报文, 不存在冲 突时, 保存该 MAC地址, 并将接收该 MAC冲突检测报文的时间戳添加到该 报文中并转发。 由于在本发明实施例中每个节点设备中保存有其所在网路中 其他节点设备的 MAC地址, 因此在接收到 MAC冲突检测报文后, 可以根据 网络中的情况进行整体判断, 从而可以提高节点设备的接入效率, 另外, 通 过当节点设备检测到 MAC地址冲突时, 停止转发该 MAC冲突检测报文, 从 而可以节省其他节点设备进行判断的时间, 而在检测到不冲突时, 在报文中 添加时间戳可以方便后续的 MAC地址仿冒检测, 从而提高了系统的安全性。
在此提供的算法和显示不与任何特定计算机、 虚拟系统或者其它设备固 有相关。 各种通用系统也可以与基于在此的示教一起使用。 根据上面的描述, 构造这类系统所要求的结构是显而易见的。 此外, 本发明也不针对任何特定 编程语言。 应当明白, 可以利用各种编程语言实现在此描述的本发明的内容, 并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。
在此处所提供的说明书中, 说明了大量具体细节。 然而, 能够理解, 本发 明的实施例可以在没有这些具体细节的情况下实践。 在一些实例中, 并未详 细示出公知的方法、 结构和技术, 以便不模糊对本说明书的理解。
类似地,应当理解, 为了精简本公开并帮助理解各个发明方面中的一个或 多个, 在上面对本发明的示例性实施例的描述中, 本发明的各个特征有时被 一起分组到单个实施例、 图、 或者对其的描述中。 然而, 并不应将该公开的 方法解释成反映如下意图: 即所要求保护的本发明要求比在每个权利要求中 所明确记载的特征更多的特征。 更确切地说, 如下面的权利要求书所反映的 那样, 发明方面在于少于前面公开的单个实施例的所有特征。 因此, 遵循具 体实施方式的权利要求书由此明确地并入该具体实施方式, 其中每个权利要
求本身都作为本发明的单独实施例。
本领域那些技术人员可以理解, 可以对实施例中的设备中的模块进行自 适应性地改变并且 ·ί巴它们设置在与该实施例不同的一个或多个设备中。 可以 把实施例中的模块或单元或组件组合成一个模块或单元或组件, 以及此外可 以把它们分成多个子模块或子单元或子组件。 除了这样的特征和 /或过程或者 单元中的至少一些是相互排斥之外, 可以釆用任何组合对本说明书 (包括伴 随的权利要求、 摘要和附图) 中公开的所有特征以及如此公开的任何方法或 者设备的所有过程或单元进行组合。 除非另外明确陈述, 本说明书 (包括伴 随的权利要求、 摘要和附图) 中公开的每个特征可以由提供相同、 等同或相 似目的的替代特征来代替。
此外, 本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它 实施例中所包括的某些特征而不是其它特征, 但是不同实施例的特征的组合 意味着处于本发明的范围之内并且形成不同的实施例。 例如, 在下面的权利 要求书中, 所要求保护的实施例的任意之一都可以以任意的组合方式来使用。
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器 上运行的软件模块实现, 或者以它们的组合实现。 本领域的技术人员应当理 解, 可以在实践中使用微处理器或者数字信号处理器(DSP )来实现根据本发 明实施例的通过节点设备接入装置及系统中的一些或者全部部件的一些或者 全部功能。 本发明还可以实现为用于执行这里所描述的方法的一部分或者全 部的设备或者装置程序 (例如, 计算机程序和计算机程序产品) 。 这样的实 现本发明的程序可以存储在计算机可读介质上, 或者可以具有一个或者多个 信号的形式。 这样的信号可以从因特网网站上下载得到, 或者在载体信号上 提供, 或者以任何其他形式提供。
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并 且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施 例。 在权利要求中, 不应将位于括号之间的任何参考符号构造成对权利要求 的限制。 单词 "包含" 不排除存在未列在权利要求中的元件或步骤。 位于元
件之前的单词 "一" 或 "一个" 不排除存在多个这样的元件。 本发明可以借 助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。 在列 举了若干装置的单元权利要求中, 这些装置中的若干个可以是通过同一个硬 件项来具体体现。 单词第一、 第二、 以及第三等的使用不表示任何顺序。 可 将这些单词解释为名称。
发明的精神和范围。 这样, 倘若本发明的这些修改和变型属于本发明权利要 求及其等同技术的范围之内, 则本发明也意图包含这些改动和变型在内。 脱离本发明实施例的精神和范围。 这样, 倘若本发明实施例的这些修改和变 型属于本发明权利要求及其等同技术的范围之内, 则本发明也意图包含这些 改动和变型在内。
Claims
1、 一种基于 MAC地址的节点设备接入方法, 其特征在于, 该方法包括: 第一节点设备接收新加入的节点设备发送的 MAC冲突检测报文; 根据本地保存的其所在网络中其他节点设备的 MAC地址, 判断该新加 入的节点设备的 MAC地址与其所在网络中的每个节点设备的 MAC地址是否 冲突;
当网络中存在与该新加入的节点设备冲突的 MAC地址时, 则停止转发 该 MAC冲突检测艮文;
当网络中不存在与该新加入的节点设备冲突的 MAC地址时, 将接收到 该 MAC冲突检测报文的时间戳添加到该 MAC冲突检测报文中发送, 并在本 地保存该新加入的节点设备的 MAC地址及该时间戳信息。
2、 如权利要求 1所述的节点设备接入方法, 其特征在于, 所述方法还包 括:
第二节点设备接收第一节点设备转发的 MAC冲突检测报文;
根据本地保存的其所在网络中其他节点设备的 MAC地址,判读该新加入 的节点设备的 MAC地址与其所在网络中的每个节点设备的 MAC地址是否冲
·
当网络中存在与该新加入的节点设备冲突的 MAC地址时,根据保存的与 该冲突的 MAC地址对应的时间戳信息, 比较所述 MAC冲突检测报文携带的 时间戳及本地保存的时间戳;
当所述 MAC冲突检测报文携带的时间戳早于本地保存的时间戳时,则釆 用所述新加入的节点设备的 MAC地址及所述 MAC冲突检测报文携带的时间 戳, 更新本地保存的该冲突的 MAC地址及对应时间戳;
当所述 MAC冲突检测报文携带的时间戳晚于本地保存的时间戳时,则停 止转发该 MAC冲突检测艮文;
当网络中不存在与该新加入的节点设备冲突的 MAC地址时, 将接收到
该 MAC冲突检测报文的时间戳添加到该 MAC冲突检测报文中发送, 并在本 地保存该新加入的节点设备的 MAC地址及该时间戳信息。
3、 如权利要求 1或 2所述的节点设备接入方法, 其特征在于, 所述第一 节点设备接收新加入的节点设备发送的 MAC冲突检测报文之前,所述方法还 包括:
第一节点设备接收网络中的每个其他节点设备广播的信息, 其中该信息 中携带对应每个其他节点设备的 MAC地址;
第一节点设备根据接收到的每个信息,判断该信息中携带的 MAC地址是 否与本身的 MAC地址相同;
当该信息中携带的 MAC地址与本身的 MAC地址不同时, 在本地保存该 其他节点设备的 MAC地址并转发该信息;
当该信息中携带的 MAC地址与本身的 MAC地址相同时, 丟弃该信息并 告警。
4、 如权利要求 1或 2所述的节点设备接入方法, 其特征在于, 所述方法 还包括:
所述第一节点设备根据本地保存的所在网络内其他节点设备的 MAC 地 址, 按照设定的时间间隔向每个其他节点设备发送心跳检测报文;
判断在设定的时间间隔内是否接收到每个其他节点设备返回的响应报 文;
当未接收到第三节点设备返回的响应报文时, 确定该第三节点设备离开 该网络, 在本地删除第三节点设备的 MAC地址;
所述第一节点设备在网络中发送第三节点设备离开网络的信息, 通知网 络中的其他节点设备删除所述第三节点设备的 MAC地址。
5、 如权利要求 1~4任一项所述的节点设备接入方法, 其特征在于, 第一 节点设备和第二节点设备的 CPU进行判断、 比较操作。
6、 一种基于 MAC地址的节点设备接入装置, 其特征在于, 所述装置包 括:
接收模块, 用于接收新加入的节点设备发送的 MAC冲突检测报文; 判断模块, 用于根据本地保存的其所在网络中其他节点设备的 MAC 地 址,判断该新加入的节点设备的 MAC地址与其所在网络中的每个节点设备的 MAC地址是否冲突;
执行模块, 用于当判断模块判断网络中存在与该新加入的节点设备冲突 的 MAC地址时, 停止转发该 MAC冲突检测报文; 当判断模块判断网络中不 存在与该新加入的节点设备冲突的 MAC地址时, 将接收到该 MAC冲突检测 报文的时间戳添加到该 MAC冲突检测报文中发送,并在本地保存该新加入的 节点设备的 MAC地址及该时间戳信息。
7、如权利要求 6所述的节点设备接入装置,其特征在于, 所述接收模块, 还用于接收其他节点设备转发的 MAC冲突检测报文;
所述判断模块, 还用于根据本地保存的其所在网络中其他节点设备的 MAC地址, 判读该新加入的节点设备的 MAC地址与其所在网络中的每个节 点设备的 MAC地址是否冲突;
所述执行模块,还用于当判断模块确定所述 MAC冲突检测报文携带的时 间戳早于本地保存的时间戳时,则釆用所述新加入的节点设备的 MAC地址及 所述 MAC冲突检测报文携带的时间戳, 更新本地保存的该冲突的 MAC地址 及对应时间戳;当判断模块确定所述 MAC冲突检测报文携带的时间戳晚于本 地保存的时间戳时, 则停止转发该 MAC冲突检测报文。
8、 如权利要求 6或 7所述的节点设备接入装置, 其特征在于, 所述接收 模块, 还用于接收网络中的每个其他节点设备广播的信息, 其中该信息中携 带对应每个其他节点设备的 MAC地址;
所述判断模块 ,还用于根据接收到的每个信息,判断该信息中携带的 MAC 地址是否与本身的 MAC地址相同;
所述执行模块,还用于当判断模块确定该信息中携带的 MAC地址与本身 的 MAC地址不同时,在本地保存该其他节点设备的 MAC地址并转发该信息; 当判断模块确定该信息中携带的 MAC地址与本身的 MAC地址相同时, 丟弃
该信息并告警。
9、 如权利要求 6或 7所述的节点设备接入装置, 其特征在于, 所述装置 还包括:
检测模块, 用于根据本地保存的所在网络内其他节点设备的 MAC地址, 按照设定的时间间隔向每个其他节点设备发送心跳检测报文;
所述判断模块, 还用于判断在设定的时间间隔内是否接收到每个其他节 点设备返回的响应报文;
所述执行模块, 还用于当判断模块确定未接收到第三节点设备返回的响 应报文时,确定该第三节点设备离开该网络,在本地删除第三节点设备的 MAC 地址; 在网络中发送第三节点设备离开网络的信息, 通知网络中的其他节点 设备删除所述第三节点设备的 MAC地址。
10、 一种基于 MAC地址的节点设备接入系统, 其特征系统, 所述系统包 括: 如权利要求 6~9任一所述装置,及向所述装置发送 MAC冲突检测报文的 新加入的节点设备。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2014/077800 WO2015176213A1 (zh) | 2014-05-19 | 2014-05-19 | 一种基于mac地址的节点设备接入方法、系统及装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2014/077800 WO2015176213A1 (zh) | 2014-05-19 | 2014-05-19 | 一种基于mac地址的节点设备接入方法、系统及装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015176213A1 true WO2015176213A1 (zh) | 2015-11-26 |
Family
ID=54553171
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/077800 WO2015176213A1 (zh) | 2014-05-19 | 2014-05-19 | 一种基于mac地址的节点设备接入方法、系统及装置 |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2015176213A1 (zh) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080250123A1 (en) * | 2007-04-06 | 2008-10-09 | Samsung Electronics Co. Ltd. | Network switch and method of preventing ip address collision |
CN101507235A (zh) * | 2006-08-24 | 2009-08-12 | 西门子公司 | 用于提供无线网状网的方法和设备 |
CN103051597A (zh) * | 2011-10-14 | 2013-04-17 | 国家纳米技术与工程研究院 | 一种在交换机上实现arp欺骗检测的方法 |
CN104009896A (zh) * | 2014-05-19 | 2014-08-27 | 北京东土科技股份有限公司 | 一种基于mac地址的节点设备接入方法、系统及装置 |
-
2014
- 2014-05-19 WO PCT/CN2014/077800 patent/WO2015176213A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101507235A (zh) * | 2006-08-24 | 2009-08-12 | 西门子公司 | 用于提供无线网状网的方法和设备 |
US20080250123A1 (en) * | 2007-04-06 | 2008-10-09 | Samsung Electronics Co. Ltd. | Network switch and method of preventing ip address collision |
CN103051597A (zh) * | 2011-10-14 | 2013-04-17 | 国家纳米技术与工程研究院 | 一种在交换机上实现arp欺骗检测的方法 |
CN104009896A (zh) * | 2014-05-19 | 2014-08-27 | 北京东土科技股份有限公司 | 一种基于mac地址的节点设备接入方法、系统及装置 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2017372590B2 (en) | Device classification | |
US12001852B2 (en) | Distributed processing system | |
JP5390798B2 (ja) | ネットワーク機器についての早期警告のための方法と装置 | |
WO2014199687A1 (ja) | ネットワーク装置およびネットワークシステム | |
WO2016086763A1 (zh) | 无线访问节点检测方法、无线网络检测系统和服务器 | |
CN103561048A (zh) | 一种确定tcp端口扫描的方法及装置 | |
JP5134141B2 (ja) | 不正アクセス遮断制御方法 | |
WO2019033475A1 (zh) | 自动中继切换方法及相关产品 | |
US20210014249A1 (en) | Packet Transmission Method and Apparatus | |
CN113452594A (zh) | 一种隧道报文的内层报文匹配方法及装置 | |
WO2018113732A1 (zh) | Dns全流量劫持风险的检测方法和装置 | |
CN107465621B (zh) | 一种路由器发现方法、sdn控制器、路由器和网络系统 | |
CN104009896B (zh) | 一种基于mac地址的节点设备接入方法、系统及装置 | |
US20220038476A1 (en) | Systems and methods for secure communication in cloud computing environments | |
WO2015027523A1 (zh) | 一种确定tcp端口扫描的方法及装置 | |
WO2016082614A1 (zh) | 一种组播路由表项处理方法、装置及计算机存储介质 | |
US11283881B1 (en) | Management and protection of internet of things devices | |
WO2015176213A1 (zh) | 一种基于mac地址的节点设备接入方法、系统及装置 | |
CN103986650B (zh) | 一种TRILL网络中nickname冲突的处理方法和装置 | |
CN109067934A (zh) | 一种地址冲突处理方法及装置 | |
US11012296B2 (en) | Handling unsolicited requests from devices | |
WO2014182750A1 (en) | Detecting and managing sleeping computing devices | |
JP7175858B2 (ja) | 情報処理装置および正規通信判定方法 | |
WO2023151696A1 (zh) | 通信方法、通信装置和系统 | |
JP2009100327A (ja) | 無線ネットワークシステム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14892615 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14892615 Country of ref document: EP Kind code of ref document: A1 |