WO2017000565A1 - User access control method and apparatus, relay device and server - Google Patents

User access control method and apparatus, relay device and server Download PDF

Info

Publication number
WO2017000565A1
WO2017000565A1 PCT/CN2016/074271 CN2016074271W WO2017000565A1 WO 2017000565 A1 WO2017000565 A1 WO 2017000565A1 CN 2016074271 W CN2016074271 W CN 2016074271W WO 2017000565 A1 WO2017000565 A1 WO 2017000565A1
Authority
WO
WIPO (PCT)
Prior art keywords
client
dhcp
mac address
network configuration
access information
Prior art date
Application number
PCT/CN2016/074271
Other languages
French (fr)
Chinese (zh)
Inventor
张玉磊
苏清
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017000565A1 publication Critical patent/WO2017000565A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5061Pools of addresses

Definitions

  • the present application relates to a broadband access technology based on an Ethernet protocol of the Internet, for example, a control method, apparatus, relay device, and server for user access.
  • DHCP Dynamic Host Configuration Protocol
  • BOOTP Bootstrap Protocol
  • DHCP is on the Internet Protocol Television (IPTV), NGN (Next Generation Network, Next Generation Network) 3G (the 3th Generation mobile communication technology) Technology), 4G (the 4th Generation mobile communication technology) and other applications in the business.
  • IPTV Internet Protocol Television
  • NGN Next Generation Network, Next Generation Network
  • 3G the 3th Generation mobile communication technology
  • 4G the 4th Generation mobile communication technology
  • IPTV Internet Protocol Television
  • the management user on the DHCP device mainly distinguishes different users by using a User MAC (Medium/Media Access Control) address.
  • Users on the same DHCP relay device/server (relay/server) use the MAC address carried in the DHCP packet to centrally manage users accessing from the same or different paths.
  • the service expands, there are more and more cases where the user MAC address is duplicated.
  • the embodiment of the invention provides a method, a device, a relay device and a server for controlling user access.
  • the access information and the MAC address of the client By combining the access information and the MAC address of the client, the client with the same MAC address can be distinguished and the network configuration information can be allocated. , effectively manage it.
  • the embodiment of the present invention adopts the following technical solutions:
  • a user access control method is applied to a dynamic host configuration protocol DHCP relay device; the control method includes:
  • DHCP server Receiving a DHCP response message fed back by the DHCP server, where the DHCP response message carries network configuration information allocated by the DHCP server to the client;
  • the DHCP response message is then forwarded to the client.
  • control method further includes:
  • the MAC address of the client and the access by the client are used.
  • the information creates a new entry for recording network configuration information allocated by the DHCP server for the client.
  • the encapsulating the MAC address of the client and the access information of the client into a DHCP request message, and forwarding the DHCP request message to the DHCP server includes:
  • the relay agent option is stripped from the DHCP response message, and the stripped DHCP response message is forwarded to the client.
  • obtaining the media access control MAC address of the client and the access information of the client including:
  • a method for controlling user access is applied to a DHCP server; the control method includes:
  • the acquiring the MAC address of the client and the access information of the client include:
  • the allocating network configuration information to the client, and the network configuration information, the MAC address of the client, and the access information of the client are encapsulated into a DHCP response message, including:
  • receiving the DHCP request message including receiving the DHCP request message sent by the client.
  • the allocating network configuration information to the client, and the network configuration information, the MAC address of the client, and the access information of the client are encapsulated into a DHCP response message, including:
  • the record in the corresponding entry matching the client in the preset table is updated.
  • Network configuration information sending the DHCP response message to the client;
  • a new table is created according to the MAC address of the client and the access information of the client. And recording network configuration information allocated by the DHCP server for the client.
  • a control device for user access is applied to a DHCP relay device; the control device includes:
  • the first obtaining module is configured to receive a DHCP request message sent by the client, and obtain a media access control MAC address of the client and access information of the client;
  • the forwarding module is configured to encapsulate the MAC address of the client and the access information of the client into a DHCP request message, and forward the DHCP request message to the DHCP server, and receive the DHCP response fed back by the DHCP server. a packet, the DHCP response packet carrying network configuration information allocated by the DHCP server to the client;
  • the first update module is configured to acquire the network configuration information, the MAC address of the client, and the access information of the client according to the DHCP response packet, and update the preset table to match the client. Corresponding to the network configuration information recorded in the entry, and then forwarding the DHCP response packet to the client.
  • control device further includes:
  • a first creating module configured to: if there is no corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, according to the MAC address and location of the client The client access information is used to create a new entry, and the network configuration information allocated by the DHCP server to the client is recorded.
  • the forwarding module includes:
  • the encapsulating unit is configured to encapsulate the access information of the client as the content of the relay proxy option and the MAC address of the client into the DHCP request message;
  • the forwarding unit is configured to forward the DHCP request message to the DHCP server, and the DHCP server allocates network configuration information to the client, and feeds back a DHCP response message.
  • the first update module includes:
  • An obtaining unit configured to obtain, according to the DHCP response message, the MAC address of the client encapsulated in the DHCP response message and the access information of the client included in the content of the relay agent option;
  • the querying unit is configured to query, according to the MAC address of the client and the access information of the client, the corresponding entry matching the client in the preset record table;
  • An update unit configured to update network configuration information of the client recorded in the corresponding entry according to network configuration information that is allocated by the DHCP server to the client in the DHCP response packet;
  • the stripping unit is configured to strip the relay proxy option from the DHCP response packet, and forward the stripped DHCP response packet to the client.
  • the first obtaining module is configured to obtain, according to the DHCP request packet sent by the client, the media access control MAC address of the client and the access information of the client.
  • a control device for user access is applied to a DHCP server; the control device includes:
  • the second obtaining module is configured to receive the DHCP request message, obtain the media access control MAC address of the client, and the access information of the client;
  • the encapsulating module is configured to allocate network configuration information to the client, and encapsulate the network configuration information, the MAC address of the client, and the access information of the client into a DHCP response message.
  • the second obtaining module is configured to: obtain, according to the DHCP request packet forwarded by the DHCP relay device, the content of the MAC address of the client encapsulated in the DHCP request message and the content of the relay agent option.
  • the access information of the client is configured to: obtain, according to the DHCP request packet forwarded by the DHCP relay device, the content of the MAC address of the client encapsulated in the DHCP request message and the content of the relay agent option. The access information of the client.
  • the encapsulating module is configured to: allocate network configuration information to the client, use the access information of the client as the content of the relay proxy option, and the MAC address of the client and the network.
  • the configuration information is encapsulated into the DHCP response message and fed back to the DHCP relay device.
  • the second obtaining module is configured to: receive a DHCP request packet sent by the client, and obtain a media access control MAC address of the client and access information of the client;
  • the control device further includes:
  • the second update module is configured to: if there is a corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, the update preset table matches the client The network configuration information recorded in the corresponding entry, and then sending the DHCP response message to the client;
  • a second creation module configured to: if the MAC address of the client does not exist in the preset record table, and the corresponding entry of the client access information, according to the MAC address of the client and the client The access information creates a new entry, and records network configuration information allocated by the DHCP server for the client.
  • a computer readable storage medium storing computer executable instructions for performing the methods described above.
  • the MAC address of the client and the client can distinguish between multiple users with the same MAC address, and then assign network configuration information to the access user.
  • the network configuration information allocated by the DHCP server is updated in the matched corresponding entry, and the management and control of users accessing from different access paths and having the same MAC address are implemented.
  • FIG. 1 is a flowchart of a method for controlling user access in an embodiment of the present invention
  • FIG. 2 is a flowchart of forwarding a DHCP request message in the embodiment of the present invention
  • FIG. 3 is a flow chart showing updating network configuration information in an embodiment of the present invention.
  • FIG. 4 is a second flowchart of a method for controlling user access in an embodiment of the present invention.
  • FIG. 5 is a timing diagram showing a control method of user access in an embodiment of the present invention.
  • FIG. 6 is a third flowchart of a method for controlling user access in an embodiment of the present invention.
  • FIG. 7 is a second timing diagram of a method for controlling user access in an embodiment of the present invention.
  • FIG. 8 is a block diagram showing the structure of a control device accessed by a user in an embodiment of the present invention.
  • FIG. 9 is a structural block diagram of a forwarding module according to an embodiment of the present invention.
  • FIG. 10 is a structural block diagram of a first update module in an embodiment of the present invention.
  • Figure 11 is a block diagram showing the structure of a control device for user access in the embodiment of the present invention.
  • FIG. 12 is a third structural block diagram of a control device for user access in an embodiment of the present invention.
  • a method for controlling user access is provided, which is applied to a DHCP relay device in a dynamic host configuration protocol DHCP network including a client, a relay device, and a server that allocates network configuration information.
  • the control method includes:
  • Step S101 Receive a DHCP request packet sent by the client, and obtain a MAC address of the client and access information of the client; the MAC address may be obtained from a DHCP request message, and the access information may also be a DHCP request message. Obtained, if the DHCP request message does not carry the access information, Access information can also be obtained from other messages or configuration information.
  • Step S103 Encapsulate the MAC address of the client and the access information of the client into the DHCP request message, and forward the DHCP request message to the DHCP server, where the DHCP server allocates network configuration information (including information such as an IP address) to the client. And feeding back a DHCP response message to the DHCP relay device;
  • Step S105 Obtain a MAC address of the client according to the DHCP response message, the access information of the client, and the network configuration information allocated by the DHCP server to the client, and update the network configuration recorded in the corresponding entry in the preset table that matches the client.
  • the information is processed and the DHCP response packet is processed and forwarded to the client.
  • the DHCP relay device receives the DHCP request packet sent by the client, obtains the MAC address and the access information of the client, and encapsulates the MAC address and the access information of the client into the DHCP request packet and forwards the packet to the DHCP request packet.
  • the DHCP server also encapsulates the MAC address and access information of the client and the network configuration information allocated to the client into the DHCP response packet, which is based on the MAC address of the client in the preset table. The address and the access information are matched, and the network configuration information allocated by the DHCP server can be updated in the matching corresponding entry.
  • control method in the embodiment of the present invention can distinguish between multiple clients with the same MAC address according to the MAC address and the access information of the client, and obtain the network configuration information allocated by the DHCP server for the client, thereby achieving the corresponding Users with different access paths accessing and the same MAC address are managed and controlled.
  • the new entry is created according to the MAC address of the client and the access information of the client, and the DHCP server is recorded. Network configuration information assigned by the client.
  • the MAC address of the client and the access information of the client are encapsulated into a DHCP request message, and the DHCP request message is forwarded to the DHCP server, and the DHCP server allocates a network to the client.
  • configuring the information and feeding back the DHCP response message to the DHCP relay device including:
  • Step S1031 The client access information is used as the content of the relay agent option, and the MAC address of the client is encapsulated into the DHCP request message;
  • Step S1033 Forward the DHCP request message to the DHCP server, and the DHCP server allocates network configuration information to the client, and feeds back the DHCP response message to the DHCP server.
  • the access information of the client is encapsulated into the DHCP request message by using the relay agent option as a carrier, and the address information of the client is transmitted and recorded on the DHCP relay device and the DHCP server through the relay agent option.
  • the MAC address of the client and the access information of the client are obtained according to the DHCP response message, and the network configuration information recorded in the corresponding entry matching the client in the preset table is updated. Then, the DHCP response packet is processed and forwarded to the client (step S105), including:
  • Step S1051 Obtain, according to the DHCP response packet, the MAC address of the client encapsulated in the DHCP response packet and the access information of the client included in the content of the relay proxy option.
  • Step S1053 Query, according to the MAC address of the client and the access information of the client, the corresponding entry matching the client in the preset record table;
  • Step S1055 Update the network configuration information of the client recorded in the corresponding entry according to the network configuration information allocated by the DHCP server carried in the DHCP response packet to the client.
  • Step S1057 The relay agent option is stripped from the DHCP response message, and the stripped DHCP response message is forwarded to the client.
  • the relay agent After obtaining the response message fed back by the DHCP server, the relay agent obtains the access information of the client according to the MAC address and the relay agent option of the client in the response packet, and matches the MAC address of the client in the preset record table. Corresponding entries matching the address and the access information, and then updating the network configuration information of the client recorded therein, and then the relay agent option is stripped from the response packet and then forwarded to the client, thereby achieving different access Users with the same path access and the same MAC address are managed and controlled.
  • a method for controlling user access is also provided, which is applied to a DHCP server in a dynamic host configuration protocol DHCP network including a client, a relay device, and a server that allocates network configuration information.
  • the control method includes:
  • Step S401 Obtain a MAC address of the client and access information of the client according to the DHCP request packet forwarded by the DHCP relay device.
  • Step S403 Allocating network configuration information to the client, and encapsulating the network configuration information, the MAC address of the client, and the access information of the client into the DHCP response message.
  • the DHCP server will serve the client after receiving the request packet forwarded by the DHCP relay device.
  • the terminal allocates the network configuration information, and encapsulates the MAC address of the client, the access information of the client, and the network configuration information allocated to the client into the response packet. Therefore, the control method in the embodiment of the present invention can be based on the MAC address of the client and The access information is differentiated among multiple clients with the same MAC address, and the network configuration information is allocated to the client, thereby achieving management and control for users accessing different access paths and having the same MAC address.
  • the MAC address of the client and the access information of the client are obtained according to the DHCP request packet forwarded by the DHCP relay device (step S401), which is:
  • the MAC address of the client encapsulated in the DHCP request message and the access information of the client included in the content of the relay agent information option are obtained.
  • the network configuration information is allocated to the client, and the network configuration information, the MAC address of the client, and the access information of the client are encapsulated into a DHCP response message (step S403), which is:
  • the network configuration information is allocated to the client, and the access information of the client is used as the content of the relay agent information option, and the MAC address of the client and the network configuration information are encapsulated into the DHCP response message, and fed back to the DHCP relay device.
  • the relay agent option is a DHCP option 82 option. It can be understood that, in the embodiment of the present invention, the option type of the relay agent option is not limited.
  • a sequence diagram of the DHCP server assigning network configuration information to the client is shown in FIG. 5, wherein the DHCP client is a DHCP client, that is, the client.
  • the DHCP relay is a DHCP relay device; the DHCP server is a DHCP server, and the timing sequence is as follows:
  • Step 501 The DHCP client sends a DHCP discovery (discover) message to the DHCP relay.
  • the DHCP relay receives the DHCPdiscover message, obtains the user access side access information and the user MAC address, and uses the access information as the option 82 option, fills the DHCP discover message, and selects the DHCP server to continue to send the DHCP discover, the MAC.
  • the address can be extracted from the DHCP request message, and the access information can also be extracted from the DHCP request message. If the DHCP request message does not carry the access information, the access information can be extracted from other messages or configuration information. information. ;
  • Step 503 After receiving the DHCP discover, the DHCP server allocates network configuration information to the user, and returns a DHCP offer (offer) message to the DHCP relay.
  • the DHCP offer message carries the network configuration information, the user MAC address, and the DHCP discover message.
  • Option82 information
  • Step 504 The DHCP relay receives the DHCP offer message, obtains the user MAC address, and extracts the access information of the user access side from the option 82, and matches the existing entry in the preset record table according to the access information and the MAC address of the user.
  • the network configuration information assigned by the DHCP server is saved. If there is no matching corresponding entry, a new user entry is created, and the network configuration information allocated by the DHCP server for the user is recorded; the option 82 information in the DHCP offer is stripped and sent to the DHCP client.
  • DHCP offer message
  • Step 505. The DHCP client returns a DHCP request message to the DHCP relay.
  • Step 506 The DHCP relay receives the DHCP Request message, and extracts the user access side access information and the user MAC address from the message, and matches the existing corresponding entry in the preset record table according to the access information and the MAC address of the user. And the access information is used as the option 82 option, filled in the DHCP request message, and sent to the DHCP server;
  • Step 507. After receiving the DHCP request, the DHCP server returns a DHCP acknowledgement (ack) packet to the DHCP relay, and the DHCP ack carries the option 82 information carried in the DHCP request packet.
  • ack DHCP acknowledgement
  • the DHCP relay receives the DHCP ack packet, obtains the user MAC address, and extracts the access information of the user access side from the option 82, and matches the existing correspondence table according to the access information and the MAC address of the user.
  • the item saves the network configuration information assigned by the DHCP server, strips the option 82 information in the DHCP ack, and sends a DHCP ack message to the DHCP client. The process ends.
  • a method for controlling user access is also provided, which is applied to a DHCP server in a DHCP network including a client and a server that allocates an address, as shown in FIG. 6, the control method 600 includes:
  • Step S601 Receive a DHCP request message sent by the client, obtain a MAC address of the client, and access information of the client, and allocate network configuration information to the client, where the MAC address can be obtained from the DHCP request message, where the The incoming information can also be obtained from the DHCP request message. If the DHCP request message does not carry the access information, the access information can also be obtained from other messages or configuration information. ;
  • Step S603 If there is a corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, the network configuration information recorded in the corresponding entry matching the client in the preset table is updated. Then sending a DHCP response message to the client;
  • Step S605 If the MAC address of the client and the corresponding entry of the client's access information do not exist in the preset record table, create a new entry according to the MAC address of the client and the access information of the client, and record the DHCP server as Network configuration information assigned by the client.
  • the DHCP server When the client is directly connected to the DHCP server, the DHCP server directly allocates network configuration information to the client according to the MAC address of the client and its access information, and can distinguish between multiple users with the same MAC address, and then access the network.
  • the user allocates network configuration information to implement management and control of users accessing different access paths and having the same MAC address.
  • the access information of the client may be the virtual local area network (VLAN) VLAN information or the interface information. It is to be understood that, in the embodiment of the present invention, the access information of the client is not limited to the foregoing information.
  • VLAN virtual local area network
  • the timing diagram of the DHCP server assigning network configuration information to the client is shown in Figure 7.
  • the DHCP client is the DHCP client, that is, the client;
  • the DHCP server is the DHCP server.
  • the timing sequence is as follows:
  • Step 701 The DHCP client sends a DHCP discover message to the DHCP server.
  • Step 702 The DHCP server receives the DHCP discover message, and obtains the user access side access information and the user MAC address, and matches the existing entry in the preset record table according to the access information and the user MAC address, if there is no matching entry.
  • the corresponding user entry is created, and the network configuration information assigned by the DHCP server to the user is recorded. If there is a matching corresponding entry, the network configuration information of the corresponding entry in the preset table is updated and allocated to the user. After the network configuration information is recorded, the network configuration information is recorded, and the DHCP offer message is returned.
  • Step 703 The DHCP client returns a DHCP request message to the DHCP server.
  • Step 704 The DHCP server receives the DHCP request packet, and obtains the user access information and the user MAC address.
  • the access information and the MAC address of the user match the existing entries in the preset record table, and the network configuration information allocated by the DHCP server is saved, and The DHCP ack message is returned to the user and the process ends.
  • the DHCP server can obtain the MAC address and the access information from the DHCP request packet. If the DHCP request packet does not carry the access information, the DHCP server can obtain the access information from other packets or configuration information.
  • a control device for user access is also provided.
  • the control device 800 includes:
  • the first obtaining module 801 is configured to receive a DHCP request packet sent by the client, and obtain the MAC address of the client and the access information of the client.
  • the forwarding module 803 is configured to encapsulate the MAC address of the client and the access information of the client into the DHCP request message, and forward the DHCP request message to the DHCP server, and receive the DHCP response message and the DHCP response message fed back by the DHCP server. Carrying a network configuration information assigned by the DHCP server to the client;
  • the first update module 805 is configured to obtain the MAC address of the client and the access information of the client according to the DHCP response message, and update the network configuration information recorded in the corresponding entry in the preset table that matches the client, and then the DHCP The response packet is processed and forwarded to the client.
  • control device further includes:
  • the first creating module is configured to create a new entry according to the MAC address of the client and the access information of the client if the corresponding entry in the preset record table does not match the MAC address of the client and the access information of the client. , record the network configuration information that the DHCP server allocates for the client.
  • the forwarding module 803 includes:
  • the encapsulating unit 8031 is configured to encapsulate the access information of the client as a content of the relay proxy option and the MAC address of the client into the DHCP request message;
  • the forwarding unit 8033 is configured to forward the DHCP request message to the DHCP server, and the DHCP server allocates network configuration information to the client, and feeds back the DHCP response message.
  • the first update module 805 includes:
  • the obtaining unit 8051 is configured to obtain, according to the DHCP response packet, the MAC address of the client encapsulated in the DHCP response packet and the access information of the client included in the content of the relay proxy option;
  • the querying unit 8053 is configured to query, according to the MAC address of the client and the access information of the client, the corresponding entry matching the client in the preset record table;
  • the updating unit 8055 is configured to update the network configuration information of the client recorded in the corresponding entry according to the network configuration information allocated by the DHCP server carried in the DHCP response packet to the client;
  • the stripping unit 8057 is configured to strip the relay agent option from the DHCP response message and forward the stripped DHCP response message to the client.
  • the control device in the embodiment of the present invention can distinguish between multiple clients with the same MAC address according to the MAC address of the client and the access information thereof, and obtain the DHCP server to allocate network configuration information to the client, thereby achieving Manage and control users accessing different access paths and having the same MAC address.
  • a DHCP relay device comprising the above-mentioned control device for user access.
  • the DHCP relay device in the embodiment of the present invention can distinguish between multiple clients with the same MAC address according to the MAC address of the client and the access information thereof, and obtain the DHCP server to allocate network configuration information to the client, thereby achieving Manage and control users accessing different access paths and having the same MAC address.
  • a user access control apparatus is further applied to a DHCP server in a dynamic host configuration protocol DHCP network including a client, a relay device, and a server that allocates network configuration information.
  • the control device 1100 includes:
  • the second obtaining module 1101 is configured to obtain the MAC address of the client and the access information of the client according to the DHCP request packet forwarded by the DHCP relay device.
  • the encapsulating module 1103 is configured to allocate network configuration information to the client, and encapsulate the network configuration information, the MAC address of the client, and the access information of the client into the DHCP response packet.
  • the second obtaining module 1101 is configured to: according to the DHCP request message forwarded by the DHCP relay device, obtain the MAC address of the client encapsulated in the DHCP request message and the access information of the client included in the content of the relay agent option.
  • the encapsulation module 1103 is configured to: allocate network configuration information to the client, and encapsulate the client access information as the content of the relay proxy option with the client's MAC address and network configuration information into the DHCP response packet, and feed back to the DHCP relay. device.
  • the relay agent option is a DHCP option 82 option. It can be understood that, in the embodiment of the present invention, the option type of the relay agent option is not limited.
  • the DHCP server after receiving the request packet forwarded by the DHCP relay device, the DHCP server allocates network configuration information to the client, and encapsulates the MAC address of the client and the access information of the client into the response packet. Therefore, the control device in the embodiment of the present invention can be based on the MAC of the client.
  • the address and its access information are distinguished among multiple clients with the same MAC address, and network configuration information is allocated thereto, thereby achieving management and control for users accessing different access paths and having the same MAC address.
  • a DHCP server including the above-mentioned control device for user access.
  • the DHCP server in the embodiment of the present invention can distinguish between multiple clients with the same MAC address according to the MAC address of the client and its access information, and allocate network configuration information to the access terminal to access the access path from different access paths. Users with the same MAC address are managed and controlled.
  • a user access control apparatus which is applied to a DHCP server in a dynamic host configuration protocol DHCP network including a client and a server that allocates network configuration information, as shown in FIG. 12 .
  • the control device 1200 includes:
  • the third obtaining module 1201 is configured to receive the DHCP request message, obtain the MAC address of the client, and the access information of the client, and allocate network configuration information to the client.
  • the second update module 1203 is configured to: if there is a corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, update the corresponding entry in the preset table that matches the client. Recording network configuration information, and then sending a DHCP response message to the client;
  • the second creating module 1205 is configured to create a new entry according to the MAC address of the client and the access information of the client if the MAC address of the client and the corresponding entry of the client's access information do not exist in the preset record table. And record the network configuration information that the DHCP server allocates for the client.
  • the DHCP server allocates network configuration information to the client directly according to the MAC address of the client and its access information, and can distinguish multiple users with the same MAC address, and then access the user.
  • the allocation of network configuration information enables management and control of users accessing different access paths and having the same MAC address.
  • the access information of the client is the VLAN information or the interface information of the virtual local area network. It is to be understood that, in the embodiment of the present invention, the access information of the client is not limited to the foregoing information.
  • a DHCP server including the above User access control device.
  • the DHCP server in the embodiment of the present invention can directly allocate network configuration information to the client according to the MAC address of the client and the access information thereof, and can distinguish the users with the same MAC address, and then allocate the network configuration information to the access user. It realizes the management and control of users accessing from different access paths and having the same MAC address.
  • the embodiment of the present invention further provides a computer readable storage medium storing computer executable instructions for executing the method described in the foregoing embodiments.
  • the embodiment of the invention further provides a control device comprising a memory and at least one processor, wherein the memory stores instructions executable by the processor, the instructions being used to execute the method described in the above embodiments.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
  • the authentication method by combining the access information and the MAC address of the client, multiple users with the same MAC address can be distinguished, and management of users with the same MAC address accessing from different access paths is realized. And control.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are a user access control method and apparatus, a relay device and a server. The control method comprises: acquiring a media access control (MAC) address of the client and access information about the client; encapsulating the MAC address of the client and the access information about the client into a DHCP request packet, and forwarding the DHCP request packet to a DHCP server; receiving a DHCP response packet fed back by the DHCP server; and according to the DHCP response packet, acquiring the MAC address of the client, the access information about the client and network configuration information, updating the network configuration information recorded in a corresponding table entry matching the client in a pre-set table, and then forwarding the DHCP response packet to the client.

Description

一种用户接入的控制方法、装置、中继设备及服务器User access control method, device, relay device and server 技术领域Technical field
本申请涉及基于以太网的互联网协议的宽带接入技术,例如涉及一种用户接入的控制方法、装置、中继设备及服务器。The present application relates to a broadband access technology based on an Ethernet protocol of the Internet, for example, a control method, apparatus, relay device, and server for user access.
背景技术Background technique
DHCP(Dynamic Host Configuration Protocol,动态主机配置协议)是在BOOTP(Bootstrap Protocol,引导程序协议)协议基础上进行了优化和扩展而产生的一种网络配置协议。DHCP (Dynamic Host Configuration Protocol) is a network configuration protocol that is optimized and extended based on the BOOTP (Bootstrap Protocol) protocol.
随着互联网宽带业务以及移动互联网的不断发展,DHCP在IPTV(Internet Protocol Television,交互式网络电视)、NGN(Next Generation Network,次世代网络)3G(the 3th Generation mobile communication technology,第三代移动通信技术)、4G(the 4th Generation mobile communication technology,第四代移动通信技术)等业务中的广泛应用。目前在DHCP设备上管理用户主要通过用户MAC(Medium/Media Access Control,媒体访问控制)地址来区分不同用户。同一台DHCP中继设备/服务器(relay/server)设备上,通过DHCP报文中携带的MAC地址来集中管理从相同或者不同路径接入的用户。但是随着业务的扩展,出现用户MAC地址重复的情况越来越多,尽管大多情况下,这些相同MAC用户都分布在不同的虚拟局域网中,这样就造成DHCP relay/server无法区分这些不同用户,无法为其动态分配不同地址和配置信息以及有效的管理这些用户。为了更好地开展业务,管理用户,运营商迫切需要寻找一种能够解决重复MAC地址用户接入和管理方法。With the continuous development of Internet broadband services and the mobile Internet, DHCP is on the Internet Protocol Television (IPTV), NGN (Next Generation Network, Next Generation Network) 3G (the 3th Generation mobile communication technology) Technology), 4G (the 4th Generation mobile communication technology) and other applications in the business. At present, the management user on the DHCP device mainly distinguishes different users by using a User MAC (Medium/Media Access Control) address. Users on the same DHCP relay device/server (relay/server) use the MAC address carried in the DHCP packet to centrally manage users accessing from the same or different paths. However, as the service expands, there are more and more cases where the user MAC address is duplicated. Although in most cases, these same MAC users are distributed in different virtual local area networks, which causes the DHCP relay/server to distinguish between these different users. It is not possible to dynamically assign different addresses and configuration information to them and to effectively manage these users. In order to better carry out business and manage users, operators urgently need to find a way to solve user access and management of duplicate MAC addresses.
发明内容Summary of the invention
本发明实施例提供了一种用户接入的控制方法、装置、中继设备及服务器,通过结合客户端的接入信息和MAC地址,能够区分MAC地址相同的客户端,并为其分配网络配置信息,有效地对其进行管理。The embodiment of the invention provides a method, a device, a relay device and a server for controlling user access. By combining the access information and the MAC address of the client, the client with the same MAC address can be distinguished and the network configuration information can be allocated. , effectively manage it.
为了解决上述技术问题,本发明实施例采用如下技术方案: In order to solve the above technical problem, the embodiment of the present invention adopts the following technical solutions:
一种用户接入的控制方法,应用于动态主机配置协议DHCP中继设备;所述控制方法包括:A user access control method is applied to a dynamic host configuration protocol DHCP relay device; the control method includes:
接收客户端发送的DHCP请求报文,获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息;Receiving a DHCP request message sent by the client, acquiring a media access control MAC address of the client, and access information of the client;
将所述客户端的MAC地址及所述客户端的接入信息封装到DHCP请求报文,并将所述DHCP请求报文转发给DHCP服务器;Encapsulating the MAC address of the client and the access information of the client into a DHCP request message, and forwarding the DHCP request message to the DHCP server;
接收所述DHCP服务器反馈的DHCP响应报文,所述DHCP响应报文携带所述DHCP服务器为所述客户端分配的网络配置信息;Receiving a DHCP response message fed back by the DHCP server, where the DHCP response message carries network configuration information allocated by the DHCP server to the client;
根据所述DHCP响应报文获取所述客户端的MAC地址、所述客户端的接入信息以及网络配置信息,更新预设表中与所述客户端相匹配的对应表项中记录的网络配置信息,然后将所述DHCP响应报文转发给所述客户端。Acquiring, according to the DHCP response packet, the MAC address of the client, the access information of the client, and the network configuration information, and updating the network configuration information recorded in the corresponding entry in the preset table that matches the client, The DHCP response message is then forwarded to the client.
可选地,在所述接收客户端发送的DHCP请求报文,获取所述客户端的MAC地址及所述客户端的接入信息之后,所述控制方法还包括:Optionally, after the receiving the DHCP request packet sent by the client, acquiring the MAC address of the client and the access information of the client, the control method further includes:
在所述预设记录表中不存在与所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项的情况下,则根据所述客户端的MAC地址及所述客户端的接入信息创建新表项,用于记录所述DHCP服务器为所述客户端分配的网络配置信息。If there is no corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, the MAC address of the client and the access by the client are used. The information creates a new entry for recording network configuration information allocated by the DHCP server for the client.
可选地,所述将所述客户端的MAC地址及所述客户端的接入信息封装到DHCP请求报文,并将所述DHCP请求报文转发给DHCP服务器,包括:Optionally, the encapsulating the MAC address of the client and the access information of the client into a DHCP request message, and forwarding the DHCP request message to the DHCP server, includes:
将所述客户端的接入信息作为所述中继代理选项的内容与所述客户端的MAC地址封装入所述DHCP请求报文;Encapsulating the access information of the client as the content of the relay proxy option and the MAC address of the client into the DHCP request message;
将所述DHCP请求报文转发给所述DHCP服务器。Forwarding the DHCP request message to the DHCP server.
可选地,所述根据所述DHCP响应报文获取所述客户端的MAC地址及所述客户端的接入信息,更新预设表中与所述客户端相匹配的对应表项中记录的网络配置信息,然后将所述DHCP响应报文转发给所述客户端,包括:Optionally, the obtaining, according to the DHCP response packet, the MAC address of the client and the access information of the client, and updating the network configuration recorded in the corresponding entry in the preset table that matches the client And then forwarding the DHCP response message to the client, including:
根据所述DHCP响应报文,获取所述DHCP响应报文中封装入的所述客户端的MAC地址以及中继代理选项的内容所包含的所述客户端的接入信息;Acquiring, according to the DHCP response packet, the MAC address of the client encapsulated in the DHCP response packet and the access information of the client included in the content of the relay proxy option;
根据所述客户端的MAC地址及所述客户端的接入信息,在所述预设记录表中查询与所述客户端相匹配的对应表项;Querying, according to the MAC address of the client and the access information of the client, a corresponding entry matching the client in the preset record table;
根据所述DHCP响应报文中携带的所述DHCP服务器为所述客户端分配的 网络配置信息,更新所述对应表项中记录的所述客户端的网络配置信息;Assigning to the client according to the DHCP server carried in the DHCP response packet Network configuration information, updating network configuration information of the client recorded in the corresponding entry;
将所述中继代理选项从所述DHCP响应报文中剥离,并将剥离后的所述DHCP响应报文转发给所述客户端。The relay agent option is stripped from the DHCP response message, and the stripped DHCP response message is forwarded to the client.
可选地,获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息,包括:Optionally, obtaining the media access control MAC address of the client and the access information of the client, including:
根据所述DHCP请求报文获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息。Acquiring, according to the DHCP request message, a media access control MAC address of the client and access information of the client.
一种用户接入的控制方法,应用于DHCP服务器;所述控制方法包括:A method for controlling user access is applied to a DHCP server; the control method includes:
接收DHCP请求报文,获取客户端的媒体访问控制MAC地址及所述客户端的接入信息;Receiving a DHCP request message, obtaining a media access control MAC address of the client and access information of the client;
为所述客户端分配网络配置信息,将所述网络配置信息、所述客户端的MAC地址及所述客户端的接入信息封装到DHCP响应报文。Allocating network configuration information to the client, and encapsulating the network configuration information, the MAC address of the client, and the access information of the client into a DHCP response message.
可选地,所述获取客户端的MAC地址及所述客户端的接入信息,包括:Optionally, the acquiring the MAC address of the client and the access information of the client include:
根据DHCP中继设备转发的DHCP请求报文,获取封装入所述DHCP请求报文中客户端的MAC地址以及中继代理选项的内容所包含的所述客户端的接入信息。Obtaining, according to the DHCP request packet forwarded by the DHCP relay device, the MAC address of the client encapsulated in the DHCP request message and the access information of the client included in the content of the relay agent option.
可选地,所述为所述客户端分配网络配置信息,将所述网络配置信息、所述客户端的MAC地址及所述客户端的接入信息封装到DHCP响应报文,包括:Optionally, the allocating network configuration information to the client, and the network configuration information, the MAC address of the client, and the access information of the client are encapsulated into a DHCP response message, including:
为所述客户端分配网络配置信息,将所述客户端的接入信息作为所述中继代理选项的内容与所述客户端的MAC地址以及所述网络配置信息封装入所述DHCP响应报文,并反馈给所述DHCP中继设备。Allocating network configuration information to the client, and encapsulating the access information of the client as the content of the relay proxy option with the MAC address of the client and the network configuration information into the DHCP response packet, and Feedback to the DHCP relay device.
可选地,接收DHCP请求报文,包括接收客户端发送的DHCP请求报文。Optionally, receiving the DHCP request message, including receiving the DHCP request message sent by the client.
可选地,所述为所述客户端分配网络配置信息,将所述网络配置信息、所述客户端的MAC地址及所述客户端的接入信息封装到DHCP响应报文,包括:Optionally, the allocating network configuration information to the client, and the network configuration information, the MAC address of the client, and the access information of the client are encapsulated into a DHCP response message, including:
在预设记录表中存在与所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项的情况下,更新预设表中与所述客户端相匹配的对应表项中记录的网络配置信息,将所述DHCP响应报文发送给所述客户端;If there is a corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, the record in the corresponding entry matching the client in the preset table is updated. Network configuration information, sending the DHCP response message to the client;
在预设记录表中不存在所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项的情况下,根据所述客户端的MAC地址及所述客户端的接入信息创建新表项,并记录所述DHCP服务器为所述客户端分配的网络配置信息。 In the case that the MAC address of the client and the corresponding entry of the client's access information do not exist in the preset record table, a new table is created according to the MAC address of the client and the access information of the client. And recording network configuration information allocated by the DHCP server for the client.
一种用户接入的控制装置,应用于DHCP中继设备;所述控制装置包括:A control device for user access is applied to a DHCP relay device; the control device includes:
第一获取模块,被配置为接收客户端发送的DHCP请求报文,获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息;The first obtaining module is configured to receive a DHCP request message sent by the client, and obtain a media access control MAC address of the client and access information of the client;
转发模块,被配置为将所述客户端的MAC地址及所述客户端的接入信息封装到DHCP请求报文,并将所述DHCP请求报文转发给DHCP服务器,接收所述DHCP服务器反馈的DHCP响应报文,所述DHCP响应报文携带所述DHCP服务器为所述客户端分配的网络配置信息;以及The forwarding module is configured to encapsulate the MAC address of the client and the access information of the client into a DHCP request message, and forward the DHCP request message to the DHCP server, and receive the DHCP response fed back by the DHCP server. a packet, the DHCP response packet carrying network configuration information allocated by the DHCP server to the client;
第一更新模块,被配置为根据所述DHCP响应报文获取所述网络配置信息、所述客户端的MAC地址及所述客户端的接入信息,更新预设表中与所述客户端相匹配的对应表项中记录的网络配置信息,然后将所述DHCP响应报文转发给所述客户端。The first update module is configured to acquire the network configuration information, the MAC address of the client, and the access information of the client according to the DHCP response packet, and update the preset table to match the client. Corresponding to the network configuration information recorded in the entry, and then forwarding the DHCP response packet to the client.
可选地,所述控制装置还包括:Optionally, the control device further includes:
第一创建模块,被配置为若所述预设记录表中不存在与所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项,则根据所述客户端的MAC地址及所述客户端的接入信息创建新表项,记录所述DHCP服务器为所述客户端分配的网络配置信息。a first creating module, configured to: if there is no corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, according to the MAC address and location of the client The client access information is used to create a new entry, and the network configuration information allocated by the DHCP server to the client is recorded.
可选地,所述转发模块包括:Optionally, the forwarding module includes:
封装单元,被配置为将所述客户端的接入信息作为所述中继代理选项的内容与所述客户端的MAC地址封装入所述DHCP请求报文;The encapsulating unit is configured to encapsulate the access information of the client as the content of the relay proxy option and the MAC address of the client into the DHCP request message;
转发单元,被配置为将所述DHCP请求报文转发给所述DHCP服务器,由所述DHCP服务器为所述客户端分配网络配置信息,并反馈DHCP响应报文。The forwarding unit is configured to forward the DHCP request message to the DHCP server, and the DHCP server allocates network configuration information to the client, and feeds back a DHCP response message.
可选地,所述第一更新模块包括:Optionally, the first update module includes:
获取单元,被配置为根据所述DHCP响应报文,获取所述DHCP响应报文中封装入的所述客户端的MAC地址以及中继代理选项的内容所包含的所述客户端的接入信息;An obtaining unit, configured to obtain, according to the DHCP response message, the MAC address of the client encapsulated in the DHCP response message and the access information of the client included in the content of the relay agent option;
查询单元,被配置为根据所述客户端的MAC地址及所述客户端的接入信息,在所述预设记录表中查询与所述客户端相匹配的对应表项;The querying unit is configured to query, according to the MAC address of the client and the access information of the client, the corresponding entry matching the client in the preset record table;
更新单元,被配置为根据所述DHCP响应报文中携带的所述DHCP服务器为所述客户端分配的网络配置信息,更新所述对应表项中记录的所述客户端的网络配置信息; An update unit, configured to update network configuration information of the client recorded in the corresponding entry according to network configuration information that is allocated by the DHCP server to the client in the DHCP response packet;
剥离单元,被配置为将所述中继代理选项从所述DHCP响应报文中剥离,并将剥离后的所述DHCP响应报文转发给所述客户端。The stripping unit is configured to strip the relay proxy option from the DHCP response packet, and forward the stripped DHCP response packet to the client.
可选地,所述第一获取模块是被配置为根据客户端发送的DHCP请求报文,获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息。Optionally, the first obtaining module is configured to obtain, according to the DHCP request packet sent by the client, the media access control MAC address of the client and the access information of the client.
一种用户接入的控制装置,应用于DHCP服务器上;所述控制装置包括:A control device for user access is applied to a DHCP server; the control device includes:
第二获取模块,被配置为接收DHCP请求报文,获取客户端的媒体访问控制MAC地址及所述客户端的接入信息;以及The second obtaining module is configured to receive the DHCP request message, obtain the media access control MAC address of the client, and the access information of the client;
封装模块,被配置为为所述客户端分配网络配置信息,将所述网络配置信息、所述客户端的MAC地址及所述客户端的接入信息封装到DHCP响应报文。The encapsulating module is configured to allocate network configuration information to the client, and encapsulate the network configuration information, the MAC address of the client, and the access information of the client into a DHCP response message.
可选地,所述第二获取模块被配置为:根据DHCP中继设备转发的DHCP请求报文,获取封装入所述DHCP请求报文中客户端的MAC地址以及中继代理选项的内容所包含的所述客户端的接入信息。Optionally, the second obtaining module is configured to: obtain, according to the DHCP request packet forwarded by the DHCP relay device, the content of the MAC address of the client encapsulated in the DHCP request message and the content of the relay agent option. The access information of the client.
可选地,所述封装模块被配置为:为所述客户端分配网络配置信息,将所述客户端的接入信息作为所述中继代理选项的内容与所述客户端的MAC地址以及所述网络配置信息封装入所述DHCP响应报文,并反馈给所述DHCP中继设备。Optionally, the encapsulating module is configured to: allocate network configuration information to the client, use the access information of the client as the content of the relay proxy option, and the MAC address of the client and the network. The configuration information is encapsulated into the DHCP response message and fed back to the DHCP relay device.
可选地,所述第二获取模块被配置为:接收客户端发送的DHCP请求报文,获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息;Optionally, the second obtaining module is configured to: receive a DHCP request packet sent by the client, and obtain a media access control MAC address of the client and access information of the client;
所述控制装置还包括:The control device further includes:
第二更新模块,被配置为若预设记录表中存在与所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项,则更新预设表中与所述客户端相匹配的对应表项中记录的网络配置信息,然后将所述DHCP响应报文发送给所述客户端;The second update module is configured to: if there is a corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, the update preset table matches the client The network configuration information recorded in the corresponding entry, and then sending the DHCP response message to the client;
第二创建模块,被配置为若预设记录表中不存在所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项,则根据所述客户端的MAC地址及所述客户端的接入信息创建新表项,并记录所述DHCP服务器为所述客户端分配的网络配置信息。a second creation module, configured to: if the MAC address of the client does not exist in the preset record table, and the corresponding entry of the client access information, according to the MAC address of the client and the client The access information creates a new entry, and records network configuration information allocated by the DHCP server for the client.
一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上面所述的方法。A computer readable storage medium storing computer executable instructions for performing the methods described above.
在本发明实施例提供的用户接入的控制方法中,通过结合客户端的接入信 息和客户端的MAC地址,可以对MAC地址相同的多个用户进行区分,然后对接入用户分配网络配置信息,通过在预设表中根据客户端的MAC地址及其接入信息进行匹配,可将DHCP服务器分配的网络配置信息在相匹配的对应表项中进行更新,实现了对从不同接入路径接入而MAC地址相同的用户的管理和控制。In the method for controlling user access provided by the embodiment of the present invention, by combining the access letter of the client The MAC address of the client and the client can distinguish between multiple users with the same MAC address, and then assign network configuration information to the access user. By matching in the preset table according to the MAC address of the client and its access information, The network configuration information allocated by the DHCP server is updated in the matched corresponding entry, and the management and control of users accessing from different access paths and having the same MAC address are implemented.
附图概述BRIEF abstract
图1表示本发明实施例中用户接入的控制方法的流程图之一;1 is a flowchart of a method for controlling user access in an embodiment of the present invention;
图2表示本发明实施例中转发DHCP请求报文的流程图;2 is a flowchart of forwarding a DHCP request message in the embodiment of the present invention;
图3表示本发明实施例中更新网络配置信息的流程图;3 is a flow chart showing updating network configuration information in an embodiment of the present invention;
图4表示本发明实施例中用户接入的控制方法的流程图之二;4 is a second flowchart of a method for controlling user access in an embodiment of the present invention;
图5表示本发明实施例中用户接入的控制方法的时序图之一;FIG. 5 is a timing diagram showing a control method of user access in an embodiment of the present invention;
图6表示本发明实施例中用户接入的控制方法的流程图之三;6 is a third flowchart of a method for controlling user access in an embodiment of the present invention;
图7表示本发明实施例中用户接入的控制方法的时序图之二;FIG. 7 is a second timing diagram of a method for controlling user access in an embodiment of the present invention;
图8表示本发明实施例中用户接入的控制装置的结构框图之一;FIG. 8 is a block diagram showing the structure of a control device accessed by a user in an embodiment of the present invention;
图9表示本发明实施例中转发模块的结构框图;FIG. 9 is a structural block diagram of a forwarding module according to an embodiment of the present invention;
图10本发明实施例中第一更新模块的结构框图;10 is a structural block diagram of a first update module in an embodiment of the present invention;
图11表示本发明实施例中用户接入的控制装置的结构框图之二;以及Figure 11 is a block diagram showing the structure of a control device for user access in the embodiment of the present invention;
图12表示本发明实施例中用户接入的控制装置的结构框图之三。FIG. 12 is a third structural block diagram of a control device for user access in an embodiment of the present invention.
本发明的实施方式Embodiments of the invention
下面将结合附图对本发明的实施例进行详细描述。Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
实施例一Embodiment 1
依据本发明实施例的一个方面,提供了一种用户接入的控制方法,应用于包含客户端、中继设备及分配网络配置信息的服务器的动态主机配置协议DHCP网络中的DHCP中继设备上,如图1所示,该控制方法包括:According to an aspect of the embodiments of the present invention, a method for controlling user access is provided, which is applied to a DHCP relay device in a dynamic host configuration protocol DHCP network including a client, a relay device, and a server that allocates network configuration information. As shown in FIG. 1, the control method includes:
步骤S101、接收客户端发送的DHCP请求报文,获取客户端的MAC地址及客户端的接入信息;所述MAC地址可以从DHCP请求报文中获取,所述接入信息也可以从DHCP请求报文中获取,若DHCP请求报文中未携带接入信息, 也可以从其他报文或者配置信息中获取接入信息。Step S101: Receive a DHCP request packet sent by the client, and obtain a MAC address of the client and access information of the client; the MAC address may be obtained from a DHCP request message, and the access information may also be a DHCP request message. Obtained, if the DHCP request message does not carry the access information, Access information can also be obtained from other messages or configuration information.
步骤S103、将客户端的MAC地址及客户端的接入信息封装到DHCP请求报文,并将DHCP请求报文转发给DHCP服务器,由DHCP服务器为客户端分配网络配置信息(例如包括IP地址等信息),并向DHCP中继设备反馈DHCP响应报文;Step S103: Encapsulate the MAC address of the client and the access information of the client into the DHCP request message, and forward the DHCP request message to the DHCP server, where the DHCP server allocates network configuration information (including information such as an IP address) to the client. And feeding back a DHCP response message to the DHCP relay device;
步骤S105、根据DHCP响应报文获取客户端的MAC地址,客户端的接入信息以及DHCP服务器为客户端分配的网络配置信息,更新预设表中与客户端相匹配的对应表项中记录的网络配置信息,将DHCP响应报文进行处理后转发给客户端。Step S105: Obtain a MAC address of the client according to the DHCP response message, the access information of the client, and the network configuration information allocated by the DHCP server to the client, and update the network configuration recorded in the corresponding entry in the preset table that matches the client. The information is processed and the DHCP response packet is processed and forwarded to the client.
在本发明实施例中,DHCP中继设备接收客户端发送的DHCP请求报文,获取客户端的MAC地址及接入信息,并将客户端的MAC地址及接入信息封装入DHCP请求报文中转发给DHCP服务器,DHCP服务器在反馈响应报文时,也会将客户端的MAC地址及接入信息以及为客户端分配的网络配置信息封装入DHCP响应报文中,通过在预设表中根据客户端的MAC地址及接入信息进行匹配,可将DHCP服务器分配的网络配置信息在相匹配的对应表项中进行更新。因此通过本发明实施例中的控制方法能够根据客户端的MAC地址及接入信息在MAC地址相同的多个客户端中进行区分,并获取DHCP服务器为客户端分配的网络配置信息,从而达到对从不同接入路径接入而MAC地址相同的用户进行管理和控制。In the embodiment of the present invention, the DHCP relay device receives the DHCP request packet sent by the client, obtains the MAC address and the access information of the client, and encapsulates the MAC address and the access information of the client into the DHCP request packet and forwards the packet to the DHCP request packet. When the DHCP server feeds back the response packet, the DHCP server also encapsulates the MAC address and access information of the client and the network configuration information allocated to the client into the DHCP response packet, which is based on the MAC address of the client in the preset table. The address and the access information are matched, and the network configuration information allocated by the DHCP server can be updated in the matching corresponding entry. Therefore, the control method in the embodiment of the present invention can distinguish between multiple clients with the same MAC address according to the MAC address and the access information of the client, and obtain the network configuration information allocated by the DHCP server for the client, thereby achieving the corresponding Users with different access paths accessing and the same MAC address are managed and controlled.
其中,当预设记录表中不存在与客户端的MAC地址及客户端的接入信息相匹配的对应表项时,则根据客户端的MAC地址及客户端的接入信息创建新表项,记录DHCP服务器为客户端分配的网络配置信息。If there is no corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, the new entry is created according to the MAC address of the client and the access information of the client, and the DHCP server is recorded. Network configuration information assigned by the client.
如图2所示,在本发明实施例中,将客户端的MAC地址及客户端的接入信息封装到DHCP请求报文,并将DHCP请求报文转发给DHCP服务器,由DHCP服务器为客户端分配网络配置信息,并向DHCP中继设备反馈DHCP响应报文(步骤S103),包括:As shown in FIG. 2, in the embodiment of the present invention, the MAC address of the client and the access information of the client are encapsulated into a DHCP request message, and the DHCP request message is forwarded to the DHCP server, and the DHCP server allocates a network to the client. And configuring the information and feeding back the DHCP response message to the DHCP relay device (step S103), including:
步骤S1031、将客户端的接入信息作为中继代理选项的内容,与客户端的MAC地址封装入DHCP请求报文;Step S1031: The client access information is used as the content of the relay agent option, and the MAC address of the client is encapsulated into the DHCP request message;
步骤S1033、将DHCP请求报文转发给DHCP服务器,由DHCP服务器为客户端分配网络配置信息,并向DHCP服务器反馈DHCP响应报文。 Step S1033: Forward the DHCP request message to the DHCP server, and the DHCP server allocates network configuration information to the client, and feeds back the DHCP response message to the DHCP server.
因此,客户端的接入信息是以中继代理选项为载体被封装入DHCP请求报文中,并通过中继代理选项实现了客户端的地址信息在DHCP中继设备与DHCP服务器上的传输与记录。Therefore, the access information of the client is encapsulated into the DHCP request message by using the relay agent option as a carrier, and the address information of the client is transmitted and recorded on the DHCP relay device and the DHCP server through the relay agent option.
如图3所示,在本发明实施例中,根据DHCP响应报文获取客户端的MAC地址及客户端的接入信息,更新预设表中与客户端相匹配的对应表项中记录的网络配置信息,然后将DHCP响应报文进行处理后转发给客户端(步骤S105),包括:As shown in FIG. 3, in the embodiment of the present invention, the MAC address of the client and the access information of the client are obtained according to the DHCP response message, and the network configuration information recorded in the corresponding entry matching the client in the preset table is updated. Then, the DHCP response packet is processed and forwarded to the client (step S105), including:
步骤S1051、根据DHCP响应报文,获取DHCP响应报文中封装入的客户端的MAC地址以及中继代理选项的内容所包含的客户端的接入信息;Step S1051: Obtain, according to the DHCP response packet, the MAC address of the client encapsulated in the DHCP response packet and the access information of the client included in the content of the relay proxy option.
步骤S1053、根据客户端的MAC地址及客户端的接入信息,在预设记录表中查询与客户端相匹配的对应表项;Step S1053: Query, according to the MAC address of the client and the access information of the client, the corresponding entry matching the client in the preset record table;
步骤S1055、根据DHCP响应报文中携带的DHCP服务器为客户端分配的网络配置信息,更新对应表项中记录的客户端的网络配置信息;Step S1055: Update the network configuration information of the client recorded in the corresponding entry according to the network configuration information allocated by the DHCP server carried in the DHCP response packet to the client.
步骤S1057、将中继代理选项从DHCP响应报文中剥离,并将剥离后的DHCP响应报文转发给客户端。Step S1057: The relay agent option is stripped from the DHCP response message, and the stripped DHCP response message is forwarded to the client.
其中,中继代理在获取DHCP服务器反馈的响应报文后,根据响应报文中携带客户端的MAC地址和中继代理选项获取客户端的接入信息,并在预设记录表中匹配与客户端的MAC地址及接入信息相匹配的对应表项,然后对其中记录的客户端的网络配置信息进行更新,之后将中继代理选项从响应报文中剥离后转发给客户端,从而达到对从不同接入路径接入而MAC地址相同的用户进行管理和控制。After obtaining the response message fed back by the DHCP server, the relay agent obtains the access information of the client according to the MAC address and the relay agent option of the client in the response packet, and matches the MAC address of the client in the preset record table. Corresponding entries matching the address and the access information, and then updating the network configuration information of the client recorded therein, and then the relay agent option is stripped from the response packet and then forwarded to the client, thereby achieving different access Users with the same path access and the same MAC address are managed and controlled.
实施例二Embodiment 2
依据本发明实施例的另一个方面,还提供了一种用户接入的控制方法,应用于包含客户端、中继设备及分配网络配置信息的服务器的动态主机配置协议DHCP网络中的DHCP服务器上,如图4所示,该控制方法包括:According to another aspect of the embodiments of the present invention, a method for controlling user access is also provided, which is applied to a DHCP server in a dynamic host configuration protocol DHCP network including a client, a relay device, and a server that allocates network configuration information. As shown in FIG. 4, the control method includes:
步骤S401、根据DHCP中继设备转发的DHCP请求报文,获取客户端的MAC地址及客户端的接入信息;Step S401: Obtain a MAC address of the client and access information of the client according to the DHCP request packet forwarded by the DHCP relay device.
步骤S403、为客户端分配网络配置信息,将网络配置信息、客户端的MAC地址及客户端的接入信息封装到DHCP响应报文。Step S403: Allocating network configuration information to the client, and encapsulating the network configuration information, the MAC address of the client, and the access information of the client into the DHCP response message.
其中,DHCP服务器在接收DHCP中继设备转发的请求报文后,会为客户 端分配网络配置信息,并将客户端的MAC地址、客户端的接入信息以及为客户端分配的网络配置信息封装入响应报文中,因此本发明实施例中的控制方法能够根据客户端的MAC地址及其接入信息在MAC地址相同的多个客户端中进行区分,并对客户端分配网络配置信息,从而达到对从不同接入路径接入而MAC地址相同的用户进行管理和控制。The DHCP server will serve the client after receiving the request packet forwarded by the DHCP relay device. The terminal allocates the network configuration information, and encapsulates the MAC address of the client, the access information of the client, and the network configuration information allocated to the client into the response packet. Therefore, the control method in the embodiment of the present invention can be based on the MAC address of the client and The access information is differentiated among multiple clients with the same MAC address, and the network configuration information is allocated to the client, thereby achieving management and control for users accessing different access paths and having the same MAC address.
在本发明实施例中,根据DHCP中继设备转发的DHCP请求报文,获取客户端的MAC地址及客户端的接入信息(步骤S401),为:In the embodiment of the present invention, the MAC address of the client and the access information of the client are obtained according to the DHCP request packet forwarded by the DHCP relay device (step S401), which is:
根据DHCP中继设备转发的DHCP请求报文,获取封装入DHCP请求报文中客户端的MAC地址以及中继代理信息选项的内容所包含的客户端的接入信息。According to the DHCP request packet forwarded by the DHCP relay device, the MAC address of the client encapsulated in the DHCP request message and the access information of the client included in the content of the relay agent information option are obtained.
且为客户端分配网络配置信息,将网络配置信息、客户端的MAC地址及客户端的接入信息封装到DHCP响应报文(步骤S403),为:The network configuration information is allocated to the client, and the network configuration information, the MAC address of the client, and the access information of the client are encapsulated into a DHCP response message (step S403), which is:
为客户端分配网络配置信息,将客户端的接入信息作为中继代理信息选项的内容,与客户端的MAC地址以及网络配置信息封装入DHCP响应报文,并反馈给DHCP中继设备。The network configuration information is allocated to the client, and the access information of the client is used as the content of the relay agent information option, and the MAC address of the client and the network configuration information are encapsulated into the DHCP response message, and fed back to the DHCP relay device.
其中,在本发明实施例中,中继代理选项为DHCP option82选项。当然可以理解的是,在本发明实施例中,对中继代理选项的选项类型并不进行限定。In the embodiment of the present invention, the relay agent option is a DHCP option 82 option. It can be understood that, in the embodiment of the present invention, the option type of the relay agent option is not limited.
在包含客户端、中继设备及分配网络配置信息的服务器的DHCP网络中,DHCP服务器为客户端分配网络配置信息的时序图如图5所示,其中,DHCP client为DHCP客户端,即用户端;DHCP relay为DHCP中继设备;DHCP server为DHCP服务器,其时序流程如下:In a DHCP network that includes a client, a relay device, and a server that allocates network configuration information, a sequence diagram of the DHCP server assigning network configuration information to the client is shown in FIG. 5, wherein the DHCP client is a DHCP client, that is, the client. The DHCP relay is a DHCP relay device; the DHCP server is a DHCP server, and the timing sequence is as follows:
步骤501.DHCP client向DHCP relay发送DHCP发现(discover)报文;Step 501: The DHCP client sends a DHCP discovery (discover) message to the DHCP relay.
步骤502.DHCP relay接收DHCPdiscover报文,获取用户接入侧接入信息和用户MAC地址,将接入信息作为option82选项,填充到DHCP discover报文中,选择DHCP server继续发送DHCP discover,所述MAC地址可以从DHCP请求报文中提取,所述接入信息也可以从DHCP请求报文中提取,若DHCP请求报文中未携带接入信息,也可以从其他报文或者配置信息中提取接入信息。;Step 502. The DHCP relay receives the DHCPdiscover message, obtains the user access side access information and the user MAC address, and uses the access information as the option 82 option, fills the DHCP discover message, and selects the DHCP server to continue to send the DHCP discover, the MAC. The address can be extracted from the DHCP request message, and the access information can also be extracted from the DHCP request message. If the DHCP request message does not carry the access information, the access information can be extracted from other messages or configuration information. information. ;
步骤503.DHCP server收到DHCP discover后为用户分配网络配置信息,并且返回DHCP提供(offer)报文给DHCP relay,DHCP offer报文中携带网络配置信息、用户MAC地址以及DHCP discover报文中携带的option82信息; Step 503: After receiving the DHCP discover, the DHCP server allocates network configuration information to the user, and returns a DHCP offer (offer) message to the DHCP relay. The DHCP offer message carries the network configuration information, the user MAC address, and the DHCP discover message. Option82 information;
步骤504.DHCP relay收到DHCP offer报文,获取用户MAC地址,以及从option82选项中提取用户接入侧接入信息,根据用户的接入信息和MAC地址匹配预设记录表中已存在表项,保存DHCP server分配的网络配置信息,如果不存在相匹配的对应表项,则新建用户表项,并记录DHCP服务器为用户分配的网络配置信息;剥离DHCP offer中的option82信息,向DHCP client发送DHCP offer报文;Step 504: The DHCP relay receives the DHCP offer message, obtains the user MAC address, and extracts the access information of the user access side from the option 82, and matches the existing entry in the preset record table according to the access information and the MAC address of the user. The network configuration information assigned by the DHCP server is saved. If there is no matching corresponding entry, a new user entry is created, and the network configuration information allocated by the DHCP server for the user is recorded; the option 82 information in the DHCP offer is stripped and sent to the DHCP client. DHCP offer message;
步骤505.DHCP client向DHCP relay返回DHCP request报文;Step 505. The DHCP client returns a DHCP request message to the DHCP relay.
步骤506.DHCP relay接收DHCP request报文,从该报文中提取用户接入侧接入信息和用户MAC地址,根据用户的接入信息和MAC地址匹配预设记录表中已存在的对应表项,并将接入信息作为option82选项,填充到DHCP request报文中,发送到DHCP server;Step 506: The DHCP relay receives the DHCP Request message, and extracts the user access side access information and the user MAC address from the message, and matches the existing corresponding entry in the preset record table according to the access information and the MAC address of the user. And the access information is used as the option 82 option, filled in the DHCP request message, and sent to the DHCP server;
步骤507.DHCP server收到DHCP request后返回DHCP确认(ack)报文给DHCP relay,DHCP ack中携带DHCP request报文中携带的option82信息;Step 507. After receiving the DHCP request, the DHCP server returns a DHCP acknowledgement (ack) packet to the DHCP relay, and the DHCP ack carries the option 82 information carried in the DHCP request packet.
步骤508.DHCP relay收到DHCP ack报文,获取用户MAC地址,以及从option82选项中提取用户接入侧接入信息,根据用户的接入信息和MAC地址匹配预设记录表中已存在对应表项,保存DHCP server分配的网络配置信息,并且剥离DHCP ack中的option82信息,向DHCP client发送DHCP ack报文,流程结束。Step 508. The DHCP relay receives the DHCP ack packet, obtains the user MAC address, and extracts the access information of the user access side from the option 82, and matches the existing correspondence table according to the access information and the MAC address of the user. The item saves the network configuration information assigned by the DHCP server, strips the option 82 information in the DHCP ack, and sends a DHCP ack message to the DHCP client. The process ends.
实施例三Embodiment 3
依据本发明实施例的另一个方面,还提供了一种用户接入的控制方法,应用于包括客户端及分配地址的服务器的DHCP网络中的DHCP服务器上,如图6所示,该控制方法600包括:According to another aspect of the embodiments of the present invention, a method for controlling user access is also provided, which is applied to a DHCP server in a DHCP network including a client and a server that allocates an address, as shown in FIG. 6, the control method 600 includes:
步骤S601、接收客户端发送的DHCP请求报文,获取客户端的MAC地址及客户端的接入信息,并为客户端分配网络配置信息,所述MAC地址可以从DHCP请求报文中获取,所述接入信息也可以从DHCP请求报文中获取,若DHCP请求报文中未携带接入信息,也可以从其他报文或者配置信息中获取接入信息。;Step S601: Receive a DHCP request message sent by the client, obtain a MAC address of the client, and access information of the client, and allocate network configuration information to the client, where the MAC address can be obtained from the DHCP request message, where the The incoming information can also be obtained from the DHCP request message. If the DHCP request message does not carry the access information, the access information can also be obtained from other messages or configuration information. ;
步骤S603、若预设记录表中存在与客户端的MAC地址及客户端的接入信息相匹配的对应表项,则更新预设表中与客户端相匹配的对应表项中记录的网络配置信息,然后将DHCP响应报文发送给客户端; Step S603: If there is a corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, the network configuration information recorded in the corresponding entry matching the client in the preset table is updated. Then sending a DHCP response message to the client;
步骤S605、若预设记录表中不存在客户端的MAC地址及客户端的接入信息相匹配的对应表项,则根据客户端的MAC地址及客户端的接入信息创建新表项,并记录DHCP服务器为客户端分配的网络配置信息。Step S605: If the MAC address of the client and the corresponding entry of the client's access information do not exist in the preset record table, create a new entry according to the MAC address of the client and the access information of the client, and record the DHCP server as Network configuration information assigned by the client.
当客户端与DHCP服务器直接连接时,则由DHCP服务器根据客户端的MAC地址及其接入信息,直接为客户端分配网络配置信息,可以对多个MAC地址相同的用户进行区分,然后对接入用户分配网络配置信息,实现了对从不同接入路径接入而MAC地址相同的用户的管理和控制。When the client is directly connected to the DHCP server, the DHCP server directly allocates network configuration information to the client according to the MAC address of the client and its access information, and can distinguish between multiple users with the same MAC address, and then access the network. The user allocates network configuration information to implement management and control of users accessing different access paths and having the same MAC address.
其中,在本发明实施例中,客户端的接入信息可以为虚拟局域网VLAN信息或者接口信息,当然可以理解的是,在本发明实施例中,客户端的接入信息并不局限于上述信息。In the embodiment of the present invention, the access information of the client may be the virtual local area network (VLAN) VLAN information or the interface information. It is to be understood that, in the embodiment of the present invention, the access information of the client is not limited to the foregoing information.
在包括客户端及分配地址的服务器的DHCP网络中,DHCP服务器为客户端分配网络配置信息的时序图如图7所示,其中,DHCP client为DHCP客户端,即用户端;DHCP server为DHCP服务器,其时序流程如下:In the DHCP network that includes the client and the server that allocates the address, the timing diagram of the DHCP server assigning network configuration information to the client is shown in Figure 7. The DHCP client is the DHCP client, that is, the client; the DHCP server is the DHCP server. The timing sequence is as follows:
步骤701.DHCP client向DHCP server发送DHCP discover报文;Step 701: The DHCP client sends a DHCP discover message to the DHCP server.
步骤702.DHCP server接收DHCP discover报文,获取用户接入侧接入信息和用户MAC地址,根据接入信息和用户MAC地址匹配预设记录表中已存在对应表项,如果不存在相匹配的对应表项,则新建用户表项,并记录DHCP服务器为用户分配的网络配置信息;如果存在相匹配的对应表项,更新预设表中对应表项记录的网络配置信息,并在为用户分配网络配置信息后,记录网络配置信息,返回DHCP offer报文;Step 702: The DHCP server receives the DHCP discover message, and obtains the user access side access information and the user MAC address, and matches the existing entry in the preset record table according to the access information and the user MAC address, if there is no matching entry. The corresponding user entry is created, and the network configuration information assigned by the DHCP server to the user is recorded. If there is a matching corresponding entry, the network configuration information of the corresponding entry in the preset table is updated and allocated to the user. After the network configuration information is recorded, the network configuration information is recorded, and the DHCP offer message is returned.
步骤703.DHCP client向DHCP server返回DHCP request报文;Step 703: The DHCP client returns a DHCP request message to the DHCP server.
步骤704.DHCP server接收DHCP request报文,获取用户接入信息和用户MAC地址,用户的接入信息和MAC地址匹配预设记录表中已存在表项,保存DHCP server分配的网络配置信息,并且向用户返回DHCP ack报文,流程结束。Step 704: The DHCP server receives the DHCP request packet, and obtains the user access information and the user MAC address. The access information and the MAC address of the user match the existing entries in the preset record table, and the network configuration information allocated by the DHCP server is saved, and The DHCP ack message is returned to the user and the process ends.
DHCP server可以从DHCP请求报文中获取所述MAC地址和所述接入信息,若DHCP请求报文中未携带接入信息,也可以从其他报文或者配置信息中获取接入信息。The DHCP server can obtain the MAC address and the access information from the DHCP request packet. If the DHCP request packet does not carry the access information, the DHCP server can obtain the access information from other packets or configuration information.
实施例四Embodiment 4
依据本发明实施例的另一个方面,还提供了一种用户接入的控制装置,应 用于包含客户端、中继设备及分配网络配置信息的服务器的动态主机配置协议DHCP网络中的DHCP中继设备上,如图8所示,该控制装置800包括:According to another aspect of the embodiments of the present invention, a control device for user access is also provided. For a DHCP relay device in a dynamic host configuration protocol DHCP network including a client, a relay device, and a server that allocates network configuration information, as shown in FIG. 8, the control device 800 includes:
第一获取模块801,被配置为接收客户端发送的DHCP请求报文,获取客户端的MAC地址及客户端的接入信息;The first obtaining module 801 is configured to receive a DHCP request packet sent by the client, and obtain the MAC address of the client and the access information of the client.
转发模块803,被配置为将客户端的MAC地址及客户端的接入信息封装到DHCP请求报文,并将DHCP请求报文转发给DHCP服务器,接收DHCP服务器反馈的DHCP响应报文,DHCP响应报文携带了由DHCP服务器为客户端分配网络配置信息;The forwarding module 803 is configured to encapsulate the MAC address of the client and the access information of the client into the DHCP request message, and forward the DHCP request message to the DHCP server, and receive the DHCP response message and the DHCP response message fed back by the DHCP server. Carrying a network configuration information assigned by the DHCP server to the client;
第一更新模块805,被配置为根据DHCP响应报文获取客户端的MAC地址及客户端的接入信息,更新预设表中与客户端相匹配的对应表项中记录的网络配置信息,然后将DHCP响应报文进行处理后转发给客户端。The first update module 805 is configured to obtain the MAC address of the client and the access information of the client according to the DHCP response message, and update the network configuration information recorded in the corresponding entry in the preset table that matches the client, and then the DHCP The response packet is processed and forwarded to the client.
其中,在本发明实施例中,控制装置还包括:In the embodiment of the present invention, the control device further includes:
第一创建模块,被配置为若预设记录表中不存在与客户端的MAC地址及客户端的接入信息相匹配的对应表项,则根据客户端的MAC地址及客户端的接入信息创建新表项,记录DHCP服务器为客户端分配的网络配置信息。The first creating module is configured to create a new entry according to the MAC address of the client and the access information of the client if the corresponding entry in the preset record table does not match the MAC address of the client and the access information of the client. , record the network configuration information that the DHCP server allocates for the client.
如图9所示,在本发明实施例中,转发模块803包括:As shown in FIG. 9, in the embodiment of the present invention, the forwarding module 803 includes:
封装单元8031,被配置为将客户端的接入信息作为中继代理选项的内容与客户端的MAC地址封装入DHCP请求报文;The encapsulating unit 8031 is configured to encapsulate the access information of the client as a content of the relay proxy option and the MAC address of the client into the DHCP request message;
转发单元8033,被配置为将DHCP请求报文转发给DHCP服务器,由DHCP服务器为客户端分配网络配置信息,并反馈DHCP响应报文。The forwarding unit 8033 is configured to forward the DHCP request message to the DHCP server, and the DHCP server allocates network configuration information to the client, and feeds back the DHCP response message.
如图10所示,在本发明实施例中,第一更新模块805包括:As shown in FIG. 10, in the embodiment of the present invention, the first update module 805 includes:
获取单元8051,被配置为根据DHCP响应报文,获取DHCP响应报文中封装入的客户端的MAC地址以及中继代理选项的内容所包含的客户端的接入信息;The obtaining unit 8051 is configured to obtain, according to the DHCP response packet, the MAC address of the client encapsulated in the DHCP response packet and the access information of the client included in the content of the relay proxy option;
查询单元8053,被配置为根据客户端的MAC地址及客户端的接入信息,在预设记录表中查询与客户端相匹配的对应表项;The querying unit 8053 is configured to query, according to the MAC address of the client and the access information of the client, the corresponding entry matching the client in the preset record table;
更新单元8055,被配置为根据DHCP响应报文中携带的DHCP服务器为客户端分配的网络配置信息,更新对应表项中记录的客户端的网络配置信息;The updating unit 8055 is configured to update the network configuration information of the client recorded in the corresponding entry according to the network configuration information allocated by the DHCP server carried in the DHCP response packet to the client;
剥离单元8057,被配置为将中继代理选项从DHCP响应报文中剥离,并将剥离后的DHCP响应报文转发给客户端。 The stripping unit 8057 is configured to strip the relay agent option from the DHCP response message and forward the stripped DHCP response message to the client.
其中,通过本发明实施例中的控制装置能够根据客户端的MAC地址及其接入信息在MAC地址相同的多个客户端中进行区分,并获取DHCP服务器对客户端分配网络配置信息,从而达到对从不同接入路径接入而MAC地址相同的用户进行管理和控制。The control device in the embodiment of the present invention can distinguish between multiple clients with the same MAC address according to the MAC address of the client and the access information thereof, and obtain the DHCP server to allocate network configuration information to the client, thereby achieving Manage and control users accessing different access paths and having the same MAC address.
实施例五Embodiment 5
依据本发明实施例的另一个方面,还提供了一种DHCP中继设备,包括上述的用户接入的控制装置。According to another aspect of the embodiments of the present invention, there is also provided a DHCP relay device, comprising the above-mentioned control device for user access.
通过本发明实施例中的DHCP中继设备能够根据客户端的MAC地址及其接入信息在多个MAC地址相同的客户端中进行区分,并获取DHCP服务器对客户端分配网络配置信息,从而达到对从不同接入路径接入而MAC地址相同的用户进行管理和控制。The DHCP relay device in the embodiment of the present invention can distinguish between multiple clients with the same MAC address according to the MAC address of the client and the access information thereof, and obtain the DHCP server to allocate network configuration information to the client, thereby achieving Manage and control users accessing different access paths and having the same MAC address.
实施例六Embodiment 6
依据本发明实施例的另一个方面,还提供了一种用户接入的控制装置,应用于包含客户端、中继设备及分配网络配置信息的服务器的动态主机配置协议DHCP网络中的DHCP服务器上,如图11所示,控制装置1100包括:According to another aspect of the embodiments of the present invention, a user access control apparatus is further applied to a DHCP server in a dynamic host configuration protocol DHCP network including a client, a relay device, and a server that allocates network configuration information. As shown in FIG. 11, the control device 1100 includes:
第二获取模块1101,被配置为根据DHCP中继设备转发的DHCP请求报文,获取客户端的MAC地址及客户端的接入信息;The second obtaining module 1101 is configured to obtain the MAC address of the client and the access information of the client according to the DHCP request packet forwarded by the DHCP relay device.
封装模块1103,被配置为为客户端分配网络配置信息,将网络配置信息、客户端的MAC地址及客户端的接入信息封装到DHCP响应报文。The encapsulating module 1103 is configured to allocate network configuration information to the client, and encapsulate the network configuration information, the MAC address of the client, and the access information of the client into the DHCP response packet.
第二获取模块1101被配置为:根据DHCP中继设备转发的DHCP请求报文,获取封装入DHCP请求报文中客户端的MAC地址以及中继代理选项的内容所包含的客户端的接入信息。The second obtaining module 1101 is configured to: according to the DHCP request message forwarded by the DHCP relay device, obtain the MAC address of the client encapsulated in the DHCP request message and the access information of the client included in the content of the relay agent option.
封装模块1103被配置为:为客户端分配网络配置信息,将客户端的接入信息作为中继代理选项的内容与客户端的MAC地址以及网络配置信息封装入DHCP响应报文,并反馈给DHCP中继设备。The encapsulation module 1103 is configured to: allocate network configuration information to the client, and encapsulate the client access information as the content of the relay proxy option with the client's MAC address and network configuration information into the DHCP response packet, and feed back to the DHCP relay. device.
其中,在本发明实施例中,中继代理选项为DHCP option82选项。当然可以理解的是,在本发明实施例中,对中继代理选项的选项类型并不进行限定。In the embodiment of the present invention, the relay agent option is a DHCP option 82 option. It can be understood that, in the embodiment of the present invention, the option type of the relay agent option is not limited.
在本发明实施例中,DHCP服务器在接收DHCP中继设备转发的请求报文后,会为客户端分配网络配置信息,并将客户端的MAC地址及客户端的接入信息封装入响应报文中,因此本发明实施例中的控制装置能够根据客户端的MAC 地址及其接入信息在多个MAC地址相同的客户端中进行区分,并对其分配网络配置信息,从而达到对从不同接入路径接入而MAC地址相同的用户进行管理和控制。In the embodiment of the present invention, after receiving the request packet forwarded by the DHCP relay device, the DHCP server allocates network configuration information to the client, and encapsulates the MAC address of the client and the access information of the client into the response packet. Therefore, the control device in the embodiment of the present invention can be based on the MAC of the client. The address and its access information are distinguished among multiple clients with the same MAC address, and network configuration information is allocated thereto, thereby achieving management and control for users accessing different access paths and having the same MAC address.
实施例七Example 7
依据本发明实施例的另一个方面,还提供了一种DHCP服务器,包括上述的用户接入的控制装置。According to another aspect of the embodiments of the present invention, there is also provided a DHCP server, including the above-mentioned control device for user access.
本发明实施例中的DHCP服务器能够根据客户端的MAC地址及其接入信息在多个MAC地址相同的客户端中进行区分,并对其分配网络配置信息,从而达到对从不同接入路径接入而MAC地址相同的用户进行管理和控制。The DHCP server in the embodiment of the present invention can distinguish between multiple clients with the same MAC address according to the MAC address of the client and its access information, and allocate network configuration information to the access terminal to access the access path from different access paths. Users with the same MAC address are managed and controlled.
实施例八Example eight
依据本发明实施例的另一个方面,还提供了一种用户接入的控制装置,应用于包括客户端及分配网络配置信息的服务器的动态主机配置协议DHCP网络中的DHCP服务器上,如图12所示,控制装置1200包括:According to another aspect of the embodiments of the present invention, there is also provided a user access control apparatus, which is applied to a DHCP server in a dynamic host configuration protocol DHCP network including a client and a server that allocates network configuration information, as shown in FIG. 12 . As shown, the control device 1200 includes:
第三获取模块1201,被配置为接收DHCP请求报文,获取客户端的MAC地址及客户端的接入信息,并为客户端分配网络配置信息;The third obtaining module 1201 is configured to receive the DHCP request message, obtain the MAC address of the client, and the access information of the client, and allocate network configuration information to the client.
第二更新模块1203,被配置为若预设记录表中存在与客户端的MAC地址及客户端的接入信息相匹配的对应表项,则更新预设表中与客户端相匹配的对应表项中记录的网络配置信息,然后将DHCP响应报文发送给客户端;The second update module 1203 is configured to: if there is a corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, update the corresponding entry in the preset table that matches the client. Recording network configuration information, and then sending a DHCP response message to the client;
第二创建模块1205,被配置为若预设记录表中不存在客户端的MAC地址及客户端的接入信息相匹配的对应表项,则根据客户端的MAC地址及客户端的接入信息创建新表项,并记录DHCP服务器为客户端分配的网络配置信息。The second creating module 1205 is configured to create a new entry according to the MAC address of the client and the access information of the client if the MAC address of the client and the corresponding entry of the client's access information do not exist in the preset record table. And record the network configuration information that the DHCP server allocates for the client.
当客户端与DHCP服务器直接连接时,则由DHCP服务器根据客户端的MAC地址及其接入信息,直接客户端分配网络配置信息,可以对MAC地址相同的多个用户进行区分,然后对接入用户分配网络配置信息,实现了对从不同接入路径接入而MAC地址相同的用户的管理和控制。When the client directly connects to the DHCP server, the DHCP server allocates network configuration information to the client directly according to the MAC address of the client and its access information, and can distinguish multiple users with the same MAC address, and then access the user. The allocation of network configuration information enables management and control of users accessing different access paths and having the same MAC address.
其中,在本发明实施例中,客户端的接入信息为虚拟局域网VLAN信息或者接口信息,当然可以理解的是,在本发明实施例中,客户端的接入信息并不局限于上述信息。In the embodiment of the present invention, the access information of the client is the VLAN information or the interface information of the virtual local area network. It is to be understood that, in the embodiment of the present invention, the access information of the client is not limited to the foregoing information.
实施例九Example nine
依据本发明实施例的另一个方面,还提供了一种DHCP服务器,包括上述 的用户接入的控制装置。According to another aspect of the embodiments of the present invention, there is also provided a DHCP server, including the above User access control device.
通过本发明实施例中DHCP服务器,可根据客户端的MAC地址及其接入信息,直接客户端分配网络配置信息,可以对多个MAC地址相同的用户进行区分,然后对接入用户分配网络配置信息,实现了对从不同接入路径接入而MAC地址相同的用户的管理和控制。The DHCP server in the embodiment of the present invention can directly allocate network configuration information to the client according to the MAC address of the client and the access information thereof, and can distinguish the users with the same MAC address, and then allocate the network configuration information to the access user. It realizes the management and control of users accessing from different access paths and having the same MAC address.
以上所述的是本发明实施方式,应当指出对于本技术领域的普通人员来说,在不脱离本发明实施例所述的原理前提下还可以作出改进和润饰,这些改进和润饰也在本发明的保护范围内。The above is an embodiment of the present invention, and it should be noted that those skilled in the art can also make improvements and retouching without departing from the principles described in the embodiments of the present invention. These improvements and retouchings are also in the present invention. Within the scope of protection.
本发明实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上述实施例中所述的方法。The embodiment of the present invention further provides a computer readable storage medium storing computer executable instructions for executing the method described in the foregoing embodiments.
本发明实施例还提供一种控制装置,包括存储器和至少一个处理器,其中,存储器存储有可由处理器执行的指令,所述指令用于执行上述实施例中所述的方法。The embodiment of the invention further provides a control device comprising a memory and at least one processor, wherein the memory stores instructions executable by the processor, the instructions being used to execute the method described in the above embodiments.
本文是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。This document is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。 These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
工业实用性Industrial applicability
在本申请提供的认证方法中,通过结合客户端的接入信息和MAC地址,可以对MAC地址相同的多个用户进行区分,实现了对从不同接入路径接入而MAC地址相同的用户的管理和控制。 In the authentication method provided by the present application, by combining the access information and the MAC address of the client, multiple users with the same MAC address can be distinguished, and management of users with the same MAC address accessing from different access paths is realized. And control.

Claims (20)

  1. 一种用户接入的控制方法,应用于动态主机配置协议DHCP中继设备;所述控制方法包括:A user access control method is applied to a dynamic host configuration protocol DHCP relay device; the control method includes:
    接收客户端发送的DHCP请求报文,获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息;Receiving a DHCP request message sent by the client, acquiring a media access control MAC address of the client, and access information of the client;
    将所述客户端的MAC地址及所述客户端的接入信息封装到DHCP请求报文,并将所述DHCP请求报文转发给DHCP服务器;Encapsulating the MAC address of the client and the access information of the client into a DHCP request message, and forwarding the DHCP request message to the DHCP server;
    接收所述DHCP服务器反馈的DHCP响应报文,所述DHCP响应报文携带所述DHCP服务器为所述客户端分配的网络配置信息;Receiving a DHCP response message fed back by the DHCP server, where the DHCP response message carries network configuration information allocated by the DHCP server to the client;
    根据所述DHCP响应报文获取所述客户端的MAC地址、所述客户端的接入信息以及网络配置信息,更新预设表中与所述客户端相匹配的对应表项中记录的网络配置信息,然后将所述DHCP响应报文转发给所述客户端。Acquiring, according to the DHCP response packet, the MAC address of the client, the access information of the client, and the network configuration information, and updating the network configuration information recorded in the corresponding entry in the preset table that matches the client, The DHCP response message is then forwarded to the client.
  2. 如权利要求1所述的控制方法,其中,在所述接收客户端发送的DHCP请求报文,获取所述客户端的MAC地址及所述客户端的接入信息之后,所述控制方法还包括:The control method according to claim 1, wherein after the receiving the DHCP request message sent by the client, obtaining the MAC address of the client and the access information of the client, the control method further includes:
    在所述预设记录表中不存在与所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项的情况下,则根据所述客户端的MAC地址及所述客户端的接入信息创建新表项,用于记录所述DHCP服务器为所述客户端分配的网络配置信息。If there is no corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, the MAC address of the client and the access by the client are used. The information creates a new entry for recording network configuration information allocated by the DHCP server for the client.
  3. 如权利要求1所述的控制方法,其中,所述将所述客户端的MAC地址及所述客户端的接入信息封装到DHCP请求报文,并将所述DHCP请求报文转发给DHCP服务器,包括:The control method according to claim 1, wherein the encapsulating the MAC address of the client and the access information of the client into a DHCP request message, and forwarding the DHCP request message to a DHCP server, including :
    将所述客户端的接入信息作为所述中继代理选项的内容与所述客户端的MAC地址封装入所述DHCP请求报文;Encapsulating the access information of the client as the content of the relay proxy option and the MAC address of the client into the DHCP request message;
    将所述DHCP请求报文转发给所述DHCP服务器。Forwarding the DHCP request message to the DHCP server.
  4. 如权利要求1所述的控制方法,其中,所述根据所述DHCP响应报文获取所述客户端的MAC地址及所述客户端的接入信息,更新预设表中与所述客户端相匹配的对应表项中记录的网络配置信息,然后将所述DHCP响应报文转发给所述客户端,包括:The control method according to claim 1, wherein the obtaining the MAC address of the client and the access information of the client according to the DHCP response message, and updating the preset table to match the client Corresponding to the network configuration information recorded in the entry, and then forwarding the DHCP response packet to the client, including:
    根据所述DHCP响应报文,获取所述DHCP响应报文中封装入的所述客户 端的MAC地址以及中继代理选项的内容所包含的所述客户端的接入信息;Acquiring the client encapsulated in the DHCP response packet according to the DHCP response packet The MAC address of the end and the access information of the client included in the content of the relay agent option;
    根据所述客户端的MAC地址及所述客户端的接入信息,在所述预设记录表中查询与所述客户端相匹配的对应表项;Querying, according to the MAC address of the client and the access information of the client, a corresponding entry matching the client in the preset record table;
    根据所述DHCP响应报文中携带的所述DHCP服务器为所述客户端分配的网络配置信息,更新所述对应表项中记录的所述客户端的网络配置信息;Updating the network configuration information of the client recorded in the corresponding entry according to the network configuration information that is allocated by the DHCP server to the client in the DHCP response packet;
    将所述中继代理选项从所述DHCP响应报文中剥离,并将剥离后的所述DHCP响应报文转发给所述客户端。The relay agent option is stripped from the DHCP response message, and the stripped DHCP response message is forwarded to the client.
  5. 如权利要求1-4任一项所述的方法,其中,获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息,包括:The method of any one of the preceding claims, wherein obtaining the media access control MAC address of the client and the access information of the client comprises:
    根据所述DHCP请求报文获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息。Acquiring, according to the DHCP request message, a media access control MAC address of the client and access information of the client.
  6. 一种用户接入的控制方法,应用于DHCP服务器;所述控制方法包括:A method for controlling user access is applied to a DHCP server; the control method includes:
    接收DHCP请求报文,获取客户端的媒体访问控制MAC地址及所述客户端的接入信息;Receiving a DHCP request message, obtaining a media access control MAC address of the client and access information of the client;
    为所述客户端分配网络配置信息,将所述网络配置信息、所述客户端的MAC地址及所述客户端的接入信息封装到DHCP响应报文。Allocating network configuration information to the client, and encapsulating the network configuration information, the MAC address of the client, and the access information of the client into a DHCP response message.
  7. 如权利要求6所述的控制方法,其中,所述获取客户端的MAC地址及所述客户端的接入信息,包括:The control method of claim 6, wherein the obtaining the MAC address of the client and the access information of the client comprises:
    根据DHCP中继设备转发的DHCP请求报文,获取封装入所述DHCP请求报文中客户端的MAC地址以及中继代理选项的内容所包含的所述客户端的接入信息。Obtaining, according to the DHCP request packet forwarded by the DHCP relay device, the MAC address of the client encapsulated in the DHCP request message and the access information of the client included in the content of the relay agent option.
  8. 如权利要求6所述的控制方法,其中,所述为所述客户端分配网络配置信息,将所述网络配置信息、所述客户端的MAC地址及所述客户端的接入信息封装到DHCP响应报文,包括:The control method according to claim 6, wherein said allocating network configuration information to said client, and encapsulating said network configuration information, said client's MAC address and said client access information into a DHCP response message Text, including:
    为所述客户端分配网络配置信息,将所述客户端的接入信息作为所述中继代理选项的内容与所述客户端的MAC地址以及所述网络配置信息封装入所述DHCP响应报文,并反馈给所述DHCP中继设备。Allocating network configuration information to the client, and encapsulating the access information of the client as the content of the relay proxy option with the MAC address of the client and the network configuration information into the DHCP response packet, and Feedback to the DHCP relay device.
  9. 如权利要求6所述的控制方法,其中,接收DHCP请求报文,包括:The control method of claim 6, wherein receiving the DHCP request message comprises:
    接收客户端发送的DHCP请求报文。Receive DHCP request packets sent by the client.
  10. 如权利要求6所述的控制方法,其中,所述为所述客户端分配网络配置 信息,将所述网络配置信息、所述客户端的MAC地址及所述客户端的接入信息封装到DHCP响应报文,包括:The control method according to claim 6, wherein said assigning a network configuration to said client The information, the network configuration information, the MAC address of the client, and the access information of the client are encapsulated into a DHCP response message, including:
    在预设记录表中存在与所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项的情况下,更新预设表中与所述客户端相匹配的对应表项中记录的网络配置信息,将所述DHCP响应报文发送给所述客户端;If there is a corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, the record in the corresponding entry matching the client in the preset table is updated. Network configuration information, sending the DHCP response message to the client;
    在预设记录表中不存在所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项的情况下,根据所述客户端的MAC地址及所述客户端的接入信息创建新表项,并记录所述DHCP服务器为所述客户端分配的网络配置信息。In the case that the MAC address of the client and the corresponding entry of the client's access information do not exist in the preset record table, a new table is created according to the MAC address of the client and the access information of the client. And recording network configuration information allocated by the DHCP server for the client.
  11. 一种用户接入的控制装置,应用于DHCP中继设备;所述控制装置包括:A control device for user access is applied to a DHCP relay device; the control device includes:
    第一获取模块,被配置为接收客户端发送的DHCP请求报文,获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息;The first obtaining module is configured to receive a DHCP request message sent by the client, and obtain a media access control MAC address of the client and access information of the client;
    转发模块,被配置为将所述客户端的MAC地址及所述客户端的接入信息封装到DHCP请求报文,并将所述DHCP请求报文转发给DHCP服务器,接收所述DHCP服务器反馈的DHCP响应报文,所述DHCP响应报文携带所述DHCP服务器为所述客户端分配的网络配置信息;以及The forwarding module is configured to encapsulate the MAC address of the client and the access information of the client into a DHCP request message, and forward the DHCP request message to the DHCP server, and receive the DHCP response fed back by the DHCP server. a packet, the DHCP response packet carrying network configuration information allocated by the DHCP server to the client;
    第一更新模块,被配置为根据所述DHCP响应报文获取所述网络配置信息、所述客户端的MAC地址及所述客户端的接入信息,更新预设表中与所述客户端相匹配的对应表项中记录的网络配置信息,然后将所述DHCP响应报文转发给所述客户端。The first update module is configured to acquire the network configuration information, the MAC address of the client, and the access information of the client according to the DHCP response packet, and update the preset table to match the client. Corresponding to the network configuration information recorded in the entry, and then forwarding the DHCP response packet to the client.
  12. 如权利11所述的控制装置,所述控制装置还包括:The control device according to claim 11, wherein the control device further comprises:
    第一创建模块,被配置为若所述预设记录表中不存在与所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项,则根据所述客户端的MAC地址及所述客户端的接入信息创建新表项,记录所述DHCP服务器为所述客户端分配的网络配置信息。a first creating module, configured to: if there is no corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, according to the MAC address and location of the client The client access information is used to create a new entry, and the network configuration information allocated by the DHCP server to the client is recorded.
  13. 如权利要求11所述的控制装置,其中,所述转发模块包括:The control device of claim 11, wherein the forwarding module comprises:
    封装单元,被配置为将所述客户端的接入信息作为所述中继代理选项的内容与所述客户端的MAC地址封装入所述DHCP请求报文;The encapsulating unit is configured to encapsulate the access information of the client as the content of the relay proxy option and the MAC address of the client into the DHCP request message;
    转发单元,被配置为将所述DHCP请求报文转发给所述DHCP服务器,由所述DHCP服务器为所述客户端分配网络配置信息,并反馈DHCP响应报文。The forwarding unit is configured to forward the DHCP request message to the DHCP server, and the DHCP server allocates network configuration information to the client, and feeds back a DHCP response message.
  14. 如权利要求11所述的控制装置,其中,所述第一更新模块包括: The control device of claim 11, wherein the first update module comprises:
    获取单元,被配置为根据所述DHCP响应报文,获取所述DHCP响应报文中封装入的所述客户端的MAC地址以及中继代理选项的内容所包含的所述客户端的接入信息;An obtaining unit, configured to obtain, according to the DHCP response message, the MAC address of the client encapsulated in the DHCP response message and the access information of the client included in the content of the relay agent option;
    查询单元,被配置为根据所述客户端的MAC地址及所述客户端的接入信息,在所述预设记录表中查询与所述客户端相匹配的对应表项;The querying unit is configured to query, according to the MAC address of the client and the access information of the client, the corresponding entry matching the client in the preset record table;
    更新单元,被配置为根据所述DHCP响应报文中携带的所述DHCP服务器为所述客户端分配的网络配置信息,更新所述对应表项中记录的所述客户端的网络配置信息;An update unit, configured to update network configuration information of the client recorded in the corresponding entry according to network configuration information that is allocated by the DHCP server to the client in the DHCP response packet;
    剥离单元,被配置为将所述中继代理选项从所述DHCP响应报文中剥离,并将剥离后的所述DHCP响应报文转发给所述客户端。The stripping unit is configured to strip the relay proxy option from the DHCP response packet, and forward the stripped DHCP response packet to the client.
  15. 如权利要求11-14任一项所述的控制装置,其中,所述第一获取模块是被配置为根据客户端发送的DHCP请求报文,获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息。The control device according to any one of claims 11 to 14, wherein the first obtaining module is configured to acquire a media access control MAC address of the client according to a DHCP request message sent by a client, and Client access information.
  16. 一种用户接入的控制装置,应用于DHCP服务器上;所述控制装置包括:A control device for user access is applied to a DHCP server; the control device includes:
    第二获取模块,被配置为接收DHCP请求报文,获取客户端的媒体访问控制MAC地址及所述客户端的接入信息;以及The second obtaining module is configured to receive the DHCP request message, obtain the media access control MAC address of the client, and the access information of the client;
    封装模块,被配置为为所述客户端分配网络配置信息,将所述网络配置信息、所述客户端的MAC地址及所述客户端的接入信息封装到DHCP响应报文。The encapsulating module is configured to allocate network configuration information to the client, and encapsulate the network configuration information, the MAC address of the client, and the access information of the client into a DHCP response message.
  17. 如权利要求16所述的控制装置,其中,所述第二获取模块被配置为:根据DHCP中继设备转发的DHCP请求报文,获取封装入所述DHCP请求报文中客户端的MAC地址以及中继代理选项的内容所包含的所述客户端的接入信息。The control device according to claim 16, wherein the second obtaining module is configured to: obtain, according to a DHCP request message forwarded by the DHCP relay device, a MAC address of the client encapsulated in the DHCP request message, and The access information of the client included in the content of the proxy option.
  18. 如权利要求16所述的控制装置,其中,所述封装模块被配置为:为所述客户端分配网络配置信息,将所述客户端的接入信息作为所述中继代理选项的内容与所述客户端的MAC地址以及所述网络配置信息封装入所述DHCP响应报文,并反馈给所述DHCP中继设备。The control device according to claim 16, wherein the encapsulation module is configured to: assign network configuration information to the client, and use the access information of the client as the content of the relay agent option and the The MAC address of the client and the network configuration information are encapsulated into the DHCP response message and fed back to the DHCP relay device.
  19. 如权利要求16所述的控制装置,其中,所述第二获取模块被配置为:接收客户端发送的DHCP请求报文,获取所述客户端的媒体访问控制MAC地址及所述客户端的接入信息;The control device according to claim 16, wherein the second obtaining module is configured to: receive a DHCP request message sent by the client, acquire a media access control MAC address of the client, and access information of the client. ;
    所述控制装置还包括: The control device further includes:
    第二更新模块,被配置为若预设记录表中存在与所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项,则更新预设表中与所述客户端相匹配的对应表项中记录的网络配置信息,然后将所述DHCP响应报文发送给所述客户端;The second update module is configured to: if there is a corresponding entry in the preset record table that matches the MAC address of the client and the access information of the client, the update preset table matches the client The network configuration information recorded in the corresponding entry, and then sending the DHCP response message to the client;
    第二创建模块,被配置为若预设记录表中不存在所述客户端的MAC地址及所述客户端的接入信息相匹配的对应表项,则根据所述客户端的MAC地址及所述客户端的接入信息创建新表项,并记录所述DHCP服务器为所述客户端分配的网络配置信息。a second creation module, configured to: if the MAC address of the client does not exist in the preset record table, and the corresponding entry of the client access information, according to the MAC address of the client and the client The access information creates a new entry, and records network configuration information allocated by the DHCP server for the client.
  20. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1-10任一项的方法。 A computer readable storage medium storing computer executable instructions for performing the method of any of claims 1-10.
PCT/CN2016/074271 2015-07-01 2016-02-22 User access control method and apparatus, relay device and server WO2017000565A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510377898.9 2015-07-01
CN201510377898.9A CN106331203B (en) 2015-07-01 2015-07-01 User access control method and device, relay equipment and server

Publications (1)

Publication Number Publication Date
WO2017000565A1 true WO2017000565A1 (en) 2017-01-05

Family

ID=57607715

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/074271 WO2017000565A1 (en) 2015-07-01 2016-02-22 User access control method and apparatus, relay device and server

Country Status (2)

Country Link
CN (1) CN106331203B (en)
WO (1) WO2017000565A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109921935A (en) * 2019-03-12 2019-06-21 北京百度网讯科技有限公司 Method and apparatus for sending information
CN115002071A (en) * 2022-05-25 2022-09-02 深信服科技股份有限公司 Information updating method, device, equipment and readable storage medium
CN115277400A (en) * 2022-07-15 2022-11-01 浪潮思科网络科技有限公司 Terminal network access method, equipment and medium based on campus network environment

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965363B (en) * 2017-05-19 2021-05-04 华为技术有限公司 Method and equipment for processing message
CN113395718B (en) * 2020-03-13 2023-04-07 烽火通信科技股份有限公司 Network performance optimization method and system under condition that main/standby convergence layer equipment transmits back network scene
CN112039737B (en) * 2020-08-26 2021-07-20 珠海格力电器股份有限公司 Equipment network distribution method, equipment control method, terminal equipment and equipment control system
CN114363294B (en) * 2020-09-27 2024-03-15 华为云计算技术有限公司 Management method, device and system of tenant server
CN113285997B (en) * 2021-05-19 2023-05-12 中国农业银行股份有限公司 Data processing method, device, medium and product based on heterogeneous system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1450766A (en) * 2002-04-10 2003-10-22 深圳市中兴通讯股份有限公司 User management method based on dynamic mainframe configuration procotol
CN102082685A (en) * 2009-11-30 2011-06-01 三星电子(中国)研发中心 Network configured method and system of embedded device
CN103441876A (en) * 2013-08-23 2013-12-11 深圳市华讯方舟科技有限公司 Network device management method and system based on DHCP and SNMP
US20150163196A1 (en) * 2013-12-05 2015-06-11 Vmware, Inc. System and method for dynamically configuring a dhcp server in a virtual network environment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101771614B (en) * 2010-01-15 2012-02-15 瑞斯康达科技发展股份有限公司 DHCP route tracing method and DHCP relay equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1450766A (en) * 2002-04-10 2003-10-22 深圳市中兴通讯股份有限公司 User management method based on dynamic mainframe configuration procotol
CN102082685A (en) * 2009-11-30 2011-06-01 三星电子(中国)研发中心 Network configured method and system of embedded device
CN103441876A (en) * 2013-08-23 2013-12-11 深圳市华讯方舟科技有限公司 Network device management method and system based on DHCP and SNMP
US20150163196A1 (en) * 2013-12-05 2015-06-11 Vmware, Inc. System and method for dynamically configuring a dhcp server in a virtual network environment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109921935A (en) * 2019-03-12 2019-06-21 北京百度网讯科技有限公司 Method and apparatus for sending information
CN115002071A (en) * 2022-05-25 2022-09-02 深信服科技股份有限公司 Information updating method, device, equipment and readable storage medium
CN115277400A (en) * 2022-07-15 2022-11-01 浪潮思科网络科技有限公司 Terminal network access method, equipment and medium based on campus network environment

Also Published As

Publication number Publication date
CN106331203B (en) 2021-01-01
CN106331203A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
WO2017000565A1 (en) User access control method and apparatus, relay device and server
CN107733799B (en) Message transmission method and device
CN107733670B (en) Forwarding strategy configuration method and device
US8885649B2 (en) Method, apparatus, and system for implementing private network traversal
US20160294769A1 (en) Communication Method, Apparatus, and System of Virtual Extensible Local Area Network
EP2860882B1 (en) Service processing method, device and system
CN106559292A (en) A kind of broad band access method and device
WO2015081734A1 (en) Sending method for sending arp packet in vxlan, vtep, and vxlan controller
CN104283983A (en) Method and device for allocating IP addresses to virtual machines in software defined network
KR101779917B1 (en) Method, apparatus, program and recording medium for providing media resource
CN112583618B (en) Method, device and computing equipment for providing network service for business
WO2013097067A1 (en) Method, device and system for realizing communication after virtual machine migration
CN106878480B (en) DHCP service process sharing method and device
CN103944867A (en) Dynamic host configuration protocol (DHCP) message processing method, device and system
WO2020181735A1 (en) Method for providing network address translation (nat) service and controller
US20200274948A1 (en) Service flow configuration method and apparatus
WO2014142258A1 (en) Communication system, control device, address allocation method, and program
CN106878481B (en) Method, device and system for acquiring Internet Protocol (IP) address
EP3503484A1 (en) Message transmission method, device and network system
WO2016202016A1 (en) Device management method, apparatus and system
EP3384642A1 (en) Forwarding table compression
CN114422519B (en) Data request processing method and device, electronic equipment and storage medium
WO2016177185A1 (en) Method and apparatus for processing media access control (mac) address
WO2017202034A1 (en) Data packet sending and receiving method and device, and electronic apparatus
CN102833287B (en) The method of visit data resource in distributed file system and distributed file system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16816930

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16816930

Country of ref document: EP

Kind code of ref document: A1