WO2017076146A1 - Network access authentication method and system - Google Patents

Network access authentication method and system Download PDF

Info

Publication number
WO2017076146A1
WO2017076146A1 PCT/CN2016/101364 CN2016101364W WO2017076146A1 WO 2017076146 A1 WO2017076146 A1 WO 2017076146A1 CN 2016101364 W CN2016101364 W CN 2016101364W WO 2017076146 A1 WO2017076146 A1 WO 2017076146A1
Authority
WO
WIPO (PCT)
Prior art keywords
network access
network
optical
authentication
terminal
Prior art date
Application number
PCT/CN2016/101364
Other languages
French (fr)
Chinese (zh)
Inventor
刘玉喜
Original Assignee
上海斐讯数据通信技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海斐讯数据通信技术有限公司 filed Critical 上海斐讯数据通信技术有限公司
Publication of WO2017076146A1 publication Critical patent/WO2017076146A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • H04Q11/0067Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to the field of network access technologies, and specifically to a network access authentication method and system.
  • PON Passive Optical Network
  • a passive optical network includes an optical line terminal (OLT) installed at the central control station, and a set of optical network units (ONUs, optical network units) installed in the user premises.
  • An optical distribution network (ODN) between the OLT and the ONU includes an optical fiber and a passive optical splitter or coupler.
  • GPON Gigabit-Capable Passive Optical Network
  • OLT optical line terminal
  • ONU optical network unit
  • the device consists of an ODN (Optical Distribution Network) consisting of a single mode fiber (SM fiber) and a passive splitter (Splitter) and a network management system.
  • ODN Optical Distribution Network
  • Portal authentication is also commonly referred to as web authentication or network access authentication.
  • Portal authentication websites are generally referred to as portal websites.
  • the device forces the user to log in to a specific site, and the user can access the service for free.
  • users need to use other information on the Internet, they must be authenticated on the portal.
  • Internet resources can only be used after the authentication is passed. Users can actively access the known Portal authentication website and enter the user name and password for authentication. This method of starting Portal authentication is called active authentication.
  • active authentication Conversely, if a user attempts to access other external networks through HTTP, the Portal authentication website will be forced to access the portal authentication process. This method is called mandatory authentication.
  • the prior art performs Portal authentication on a WLAN (Wireless Local Area Networks). However, as technology advances and needs, it is a trend to do Portal in a home PON system.
  • the present invention aims to provide a network access authentication method and system for solving the problem that network access authentication cannot be implemented in a passive optical network system in the prior art.
  • the present invention provides a network access authentication method for performing network access authentication in a passive optical network system, where the network access authentication method includes: an optical network in a passive optical network system When receiving the network access request sent by the network access terminal, the unit sends the network access request to the optical line terminal in the passive optical network system; the optical line terminal sends the optical network terminal to the optical network according to the received network access request.
  • the unit pushes a network access authentication page for performing network access authentication; the optical network unit feeds back the received network access authentication page to the network access terminal, so that the network access terminal performs authentication according to the network access
  • the page performs network access authentication; the optical line terminal acquires a network access authentication result of the network access terminal, and feeds back the network access authentication result to the optical network unit; the optical network unit according to the received network Accessing the authentication result to determine whether to allow the network access terminal to perform network ask.
  • the network access authentication method further includes: when the optical network unit receives the network access authentication result that the authentication succeeds, the optical network unit stores the network access authentication result.
  • the optical network unit in the passive optical network system when receiving the network access request sent by the network access terminal, sends the network access request to the optical line terminal in the passive optical network system, and specifically includes: When the optical network unit receives the network access request sent by the network access terminal, the optical network unit determines whether the network access terminal is a network access terminal with successful network access authentication, and the network access terminal is not successfully authenticated by the network access terminal. When the network accesses the terminal, the network access request is sent to the optical line terminal in the passive optical network system.
  • the optical network unit and the optical line terminal communicate through an optical network unit management control interface.
  • the present invention further provides an optical network unit, configured to perform network access authentication in a passive optical network system
  • the optical network unit includes: a network access terminal request receiving module, configured to receive a network access terminal to send a network access request; a request sending module, connected to the network access terminal request receiving module, configured to send the network access request to an optical line terminal in a passive optical network system; and an authentication page receiving module, configured to The optical line terminal in the passive optical network system receives a network access authentication page for performing network access authentication; the authentication page feedback module is connected to the authentication page receiving module, and is configured to receive the received network access authentication page.
  • the network access control module is configured to receive and receive a receiving network from the optical line terminal in the passive optical network system Accessing the authentication result and determining whether based on the network access authentication result Xu the network access network access terminals.
  • the optical network unit further includes: a storage module, configured to receive the network access authentication after successful authentication The network access authentication result is stored when the result is verified.
  • the optical network unit further includes: a determining module, connected to the storage module, configured to determine, when receiving the network access request sent by the network access terminal, whether the network access terminal is a network with successful network access authentication And accessing the terminal; when the network access terminal is not a network access terminal with successful network access authentication, the request sending module sends the network access request to an optical line terminal in the passive optical network system.
  • a determining module connected to the storage module, configured to determine, when receiving the network access request sent by the network access terminal, whether the network access terminal is a network with successful network access authentication And accessing the terminal; when the network access terminal is not a network access terminal with successful network access authentication, the request sending module sends the network access request to an optical line terminal in the passive optical network system.
  • the present invention also provides an optical line terminal for performing network access authentication in a passive optical network system, the optical line terminal comprising: a network access request receiving module, for using a passive optical network system
  • the optical network unit receives the network access request
  • the authentication page pushing module is connected to the network access request receiving module, and is configured to push, according to the received network access request, the network access for network access authentication to the optical network unit.
  • an authentication result receiving feedback module configured to receive a network access authentication result from the network access terminal, and feed back the network access authentication result to the optical network unit.
  • the present invention also provides a network access authentication system for performing network access authentication in a passive optical network system, the network access authentication system including the optical network unit as described above and the light as described above Line terminal.
  • the optical network unit and the optical line terminal communicate through an optical network unit management control interface.
  • a network access authentication method and system of the present invention has the following beneficial effects:
  • the invention sends the network access request sent by the network access terminal to the optical line terminal through the optical network unit, and the network access authentication page for performing network access authentication is pushed by the optical line terminal, and the network access authentication result of the network access terminal is fed back to the optical network.
  • the unit, the optical network unit determines whether to allow the network access terminal to perform network access according to the received network access authentication result, and achieves the purpose of implementing network access authentication in the passive optical network system, and the invention can quickly implement network access authentication ( Portal authentication process, and the optical network unit accesses the end user to access the Internet by quickly notifying the network.
  • FIG. 1 is a schematic flowchart diagram of a network access authentication method according to the present invention.
  • FIG. 2 is a schematic diagram showing a specific implementation of a network access authentication method according to the present invention.
  • FIG. 3 is a schematic structural diagram of a network access authentication system according to the present invention.
  • FIG. 4 is a schematic view showing the structure of an optical network unit of the present invention.
  • Figure 5 shows a preferred schematic diagram of the optical network unit of the present invention.
  • Fig. 6 is a view showing the structure of an optical line terminal of the present invention.
  • the purpose of this embodiment is to provide a network access authentication method and system for solving the problem that network access authentication cannot be implemented in a passive optical network system in the prior art.
  • the network access authentication method and system of the present embodiment are described in detail below, and the network access authentication method and system of the present embodiment can be understood by those skilled in the art without any creative work.
  • This embodiment provides a network access authentication method for performing network access authentication in a passive optical network system. Specifically, as shown in FIG. 1, the network access authentication method includes the following steps.
  • Step S11 The optical network unit in the passive optical network system sends the network access request to the optical line terminal in the passive optical network system when receiving the network access request sent by the network access terminal.
  • Step S12 The optical line terminal pushes a network access authentication page for performing network access authentication to the optical network unit according to the received network access request.
  • Step S13 the optical network unit feeds back the received network access authentication page to the network access terminal, So that the network access terminal performs network access authentication according to the network access authentication page.
  • Step S14 The optical line terminal acquires a network access authentication result of the network access terminal, and feeds back the network access authentication result to the optical network unit.
  • Step S15 The optical network unit determines, according to the received network access authentication result, whether the network access terminal is allowed to perform network access.
  • Steps S11 to S15 will be described in detail below.
  • This embodiment provides a network access authentication method for performing network access authentication in a GPON (Gigabit-Capable Passive Optical Network).
  • the network access authentication is Portal authentication. .
  • Step S11 The optical network unit (ONU, Optical Network Unit) in the passive optical network system receives the network access request sent by the network access terminal (the terminal of the network accessible terminal such as the user computer or the mobile phone) The access request is sent to an optical line terminal (OLT, Optical Line Terminal) in the passive optical network system.
  • OLT optical line terminal
  • the ONU obtains the request through the Http message of the ONU, and the optical network unit is also responsible for reporting the user's online request to the optical line terminal, and the ONU passes the OMCI protocol.
  • the user's MAC address is sent to the OLT.
  • the optical network unit and the optical line terminal communicate through an optical network unit management control interface (OMCI, ONU Management and Control Interface). That is, the communication between the optical network unit and the optical line terminal is based on the OMCI protocol Portal message format defined by the OMCI.
  • the OMCI (the ONU Management and Control Interface) is a protocol for information exchange between the OLT and the ONT defined in the GPON standard. It is used for management of the ONT by the OLT in the GPON network, including configuration management. Fault management, performance management, and security management.
  • the OMCI protocol runs on the GEM connection between the OLT controller and the ONT controller, which is established during the initialization of the ONT.
  • the optical network unit in the passive optical network system sends the network access request to the optical fiber in the passive optical network system when receiving the network access request sent by the network access terminal.
  • the line terminal specifically includes: when the optical network unit receives the network access request sent by the network access terminal, the optical network unit determines whether the network access terminal is a network access terminal with successful network access authentication and accesses the network access terminal. When the terminal is not a network access terminal with successful network access authentication, the network access request is sent to the optical line terminal in the passive optical network system.
  • the OMCI message reported by the ONU to the OLT may be specifically referred to as follows, but is not limited to the examples presented below.
  • Defining a portal receive management entity where the attributes of the receive authentication service management entity include:
  • Managed Entity ID This attribute provides a unique number for each instance of the receiving authentication management entity; the receiving authentication management entity has only one instance, its number is 0; (R) , (mandatory), (2 bytes).
  • MAC list table This attribute identifies the table of user MAC addresses reported by the ONU Portal authentication. The default is NULL (empty); (6*N bytes)
  • Portal up Managed entity ID indicates the instance id number reported by the portal;
  • Portal MAC num the number of user MAC addresses reported by the ONU Portal authentication;
  • Portal MAC list table the table of the user MAC address reported by the ONU Portal authentication. The default is NULL (empty).
  • the ONU notifies the OLT of the MAC address that requires Portal authentication to the OLT to manage the Portal authentication of the user.
  • Step S12 The optical line terminal pushes a network access authentication page for performing network access authentication to the optical network unit according to the received network access request. That is, when the OLT receives the Internet access request message, the OLT pushes the Portal authentication page to the ONU, that is, the optical line terminal pushes the Portal page to the optical network unit.
  • the information OMCI message sent by the optical line terminal to the portal may be specifically referred to as follows, but is not limited to the examples presented below.
  • Defining a portal receive management entity where the attributes of the receive authentication service management entity include:
  • Managed Entity ID This attribute provides a unique number for each instance of the receiving authentication management entity; the receiving authentication management entity has only one instance, its number is 0; (R) , (mandatory), (2 bytes).
  • MAC list table This attribute identifies the table of user MAC addresses reported by the ONU Portal authentication. The default is NULL (empty); (6*N bytes)
  • Portal up Managed entity ID indicates the instance id number reported by the portal;
  • Portal MAC num ONU Portal The number of the user's MAC address that is reported by the authentication.
  • Portal MAC list table The table of the user MAC address reported by the ONU Portal authentication. The default is NULL.
  • Step S13 The optical network unit feeds back the received network access authentication page to the network access terminal, so that the network access terminal performs network access authentication according to the network access authentication page.
  • the network access terminal receives the network access authentication page from the optical network unit, and performs network access authentication according to the network access authentication page. That is, when the user receives the network access authentication page, the authentication can be implemented. If the authentication is passed, the OLT Portal service will notify the authentication result, and the OLT will notify the ONU of the authentication result of the network access terminal through the OMCI protocol.
  • Step S14 The optical line terminal acquires a network access authentication result of the network access terminal, and feeds back the network access authentication result to the optical network unit. If the network access authentication of the network access terminal passes, the Portal service of the OLT notifies the OLT of the authentication result, and the OLT notifies the ONU of the authentication result of the network access terminal by using the OMCI protocol.
  • Step S15 The optical network unit determines, according to the received network access authentication result, whether the network access terminal is allowed to perform network access. That is, if the network access terminal passes the authentication, the ONU releases the network access terminal, so that the user can access the terminal through the network.
  • the network access authentication method further includes: when the optical network unit receives the network access authentication result that the authentication succeeds, the optical network unit stores the network access authentication result. That is, if the network access terminal passes the authentication, the ONU releases the network access terminal, so that the user can access the terminal through the network access terminal, and the ONU saves the authentication information of the network access terminal, so that the user can next time. No authentication is required when accessing the network through the network access terminal.
  • the ONU when the user sends an Internet access request, the ONU obtains the request from the ONU to determine whether the user has passed the Portal authentication. If the portal authentication is performed before, the user is allowed to access the Internet directly. After the portal authentication is performed, the ONU sends the user's MAC address to the OLT through the OMCI protocol. When the OLT receives the Internet access request packet, the OLT pushes the Portal authentication page to the ONU. The ONU sends the Portal authentication page to the user Http according to the user MAC address. When the portal authentication page is received, the authentication can be implemented. If the authentication succeeds, the OLT obtains the authentication result. The OLT notifies the ONU of the authentication result of the user through the OMCI protocol. If the authentication is released to the user through the ONU, the user can access the Internet and save the ONU. Authentication information so that users do not need to authenticate again next time.
  • the embodiment provides a network access authentication system for passive use.
  • the network access authentication is performed in the GPON (Gigabit-Capable Passive Optical Network).
  • the network access authentication is Portal authentication.
  • the network access authentication system 1 includes an optical network unit 11 and an optical line terminal 12, wherein in the embodiment, the optical network unit 11 and the optical line terminal 12 pass between
  • the optical network unit 11 manages an interface (OMCI, ONU Management and Control Interface) for communication. That is, the communication between the optical network unit 11 and the optical line terminal 12 is based on the OMCI protocol Portal message format defined by the OMCI.
  • the OMCI (the ONU Management and Control Interface) is a protocol for information exchange between the OLT and the ONT defined in the GPON standard, and is used for management of the ONT by the OLT in the GPON network, including configuration management. , fault management, performance management and security management.
  • the OMCI protocol runs on the GEM connection between the OLT controller and the ONT controller, which is established during the initialization of the ONT.
  • optical network unit 11 and the optical line terminal 12 will be described in detail below.
  • the optical network unit is configured to perform network access authentication in a passive optical network system.
  • the optical network unit 11 is responsible for reporting the online request of the user, and saving the user who has already obtained the Portal authentication. Portl's certification results are fed back to the user.
  • the optical network unit 11 includes: a network access terminal request receiving mode 111 block, a request sending module 112, an authentication page receiving module 113, and an authentication page feedback module. 114 and a network access control module 115.
  • the network access terminal requests a receiving mode 111 block for receiving a network access request sent by a network access terminal; the network access terminal requests a receiving mode 111 block for accessing a terminal (a user terminal computer, a mobile phone, etc., a network accessible terminal) ) Receive network access requests.
  • the request sending module 112 is connected to the network access terminal request receiving module 111 for transmitting the network access request to an optical line terminal 12 (OLT) in the passive optical network system.
  • OLT optical line terminal 12
  • the network access terminal when the user sends an Internet access request, the network access terminal requests the receiving mode 111 block obtaining request by using the Http message of the ONU, and the request sending module 112 is responsible for reporting the user's online request to In the optical line terminal 12, the request sending module 112 transmits the MAC address of the user to the OLT through the OMCI protocol.
  • the OMCI message reported by the request sending module 112 to the OLT may be specifically referred to as follows, but is not limited to the example presented below.
  • Defining a portal receive management entity where the attributes of the receive authentication service management entity include:
  • Managed Entity ID This attribute is each instance of the receiving authentication management entity. (Instance) provides a unique number; the receiving authentication management entity has only one instance, its number is 0; (R), (mandatory), (2 bytes).
  • MAC list table This attribute identifies the table of user MAC addresses reported by the ONU Portal authentication. The default is NULL (empty); (6*N bytes)
  • Portal up Managed entity ID indicates the instance id number reported by the portal;
  • Portal MAC num the number of user MAC addresses reported by the ONU Portal authentication;
  • Portal MAC list table the table of the user MAC address reported by the ONU Portal authentication. The default is NULL (empty).
  • the ONU notifies the OLT of the MAC address that requires Portal authentication to the OLT to manage the Portal authentication of the user.
  • the authentication page receiving module 113 is configured to receive a network access authentication page for performing network access authentication from the optical line terminal 12 in the passive optical network system;
  • the authentication page feedback module 114 is connected to the authentication page receiving module 113, and is configured to feed back the received network access authentication page to the network access terminal, so that the network access terminal performs authentication according to the network access The page performs network access authentication.
  • the network access terminal receives the network access authentication page from the optical network unit 11, and performs network access authentication according to the network access authentication page. That is, when the user receives the network access authentication page, the authentication can be implemented. If the authentication is passed, the OLT Portal service will notify the authentication result, and the OLT will notify the ONU of the authentication result of the network access terminal through the OMCI protocol.
  • the network access control module is configured to receive a network access authentication result from the optical line terminal 12 in the passive optical network system and determine whether to allow the network access terminal to perform network access according to the network access authentication result. That is, if the network access terminal is authenticated, the network access control mode controls the ONU to release the network access terminal, so that the user can access the terminal through the network.
  • the optical network unit 11 further includes: a storage module 116 and a judging module 117.
  • the storage module 116 is configured to store the network access authentication result when receiving the network access authentication result that the authentication succeeds. That is, if the network access terminal passes the authentication, the ONU releases the network access terminal, so that the user can access the terminal through the network access terminal, and the ONU saves the authentication information of the network access terminal, so that the user can next time. No authentication is required when accessing the network through the network access terminal.
  • the determining module 117 is connected to the storage module 116, and is configured to determine, when the network access terminal requests the receiving mode 111 block to receive the network access request sent by the network access terminal, whether the network access terminal is successfully authenticated by the network access terminal.
  • the network access terminal when the network access terminal is not a network access terminal with successful network access authentication, the request sending module 112 sends the network access request to the optical line terminal 12 in the passive optical network system.
  • the optical line terminal 12 is configured to perform network access authentication in a passive optical network system.
  • the optical line terminal 12 is responsible for constructing a portal authentication page, and is responsible for managing the reported user of the optical network unit 11 to the optical network unit 11onu.
  • the portal authentication page is pushed, and the authenticated user information is sent to the optical network unit 11.
  • the optical line terminal 12 includes: a network access request receiving module 121, an authentication page pushing module 122, and an authentication result receiving feedback module 123.
  • the network access request receiving module 121 is configured to receive a network access request from the optical network unit 11 in the passive optical network system.
  • the authentication page pushing module 122 is connected to the network access request receiving module 121, and is configured to push a network access authentication page for performing network access authentication to the optical network unit 11 according to the received network access request. That is, when the network access request receiving module 121 in the OLT receives the Internet access request message, the authentication page pushing module 122 pushes the Portal authentication page to the ONU, that is, the optical line terminal 12 pushes the Portal to the optical network unit 11. page.
  • the information OMCI message sent by the authentication page pushing module 122 to the portal may be specifically referred to as follows, but is not limited to the examples presented below.
  • the portal information set by the authentication page pushing module 122 to the ONU is defined, including the portal website and the authenticated user MAC. details as follows:
  • Defining a portal receive management entity where the attributes of the receive authentication service management entity include:
  • Managed Entity ID This attribute provides a unique number for each instance of the receiving authentication management entity; the receiving authentication management entity has only one instance, its number is 0; (R) , (mandatory), (2 bytes).
  • MAC list table This attribute identifies the table of user MAC addresses reported by the ONU Portal authentication. The default is NULL (empty); (6*N bytes)
  • Portal up Managed entity ID indicates the instance id number reported by the portal;
  • Portal MAC num the number of user MAC addresses reported by the ONU Portal authentication;
  • Portal MAC list table the table of the user MAC address reported by the ONU Portal authentication. The default is NULL (empty).
  • the authentication result receiving feedback module 123 is configured to receive a network access authentication result from the network access terminal and feed back the network access authentication result to the optical network unit 11. If the network access authentication of the network access terminal passes, the Portal service of the OLT notifies the OLT of the authentication result, and the OLT notifies the ONU of the authentication result of the network access terminal by using the OMCI protocol.
  • the network access terminal in the ONU requests the receiving mode 111 block acquisition request through the Http message of the ONU, and the determining module 117 determines whether the user has passed the Portal authentication. If the portal authentication is performed, the network access control module 115 directly allows the user to access the Internet. If the portal authentication has not been performed, the request sending module 112 in the ONU sends the MAC address of the user to the OLT through the OMCI protocol.
  • the authentication page pushing module 122 pushes the Portal authentication page to the ONU, and the authentication page receiving module 113 in the ONU receives the Portal authentication page, and the authentication page feedback module
  • the gateway authentication page is sent to the user Http according to the user MAC address.
  • the network access terminal for example, a computer
  • the authentication can be implemented. If the authentication is passed, the authentication result in the OLT receives the feedback.
  • the module 123 obtains the authentication result, and the authentication result receiving feedback module 123 notifies by the OMCI protocol.
  • the ONU authenticates the user. If the authentication is released to the user through the network access control module 115 in the ONU, the user can access the Internet.
  • the storage module 116 in the ONU saves the authentication information so that the user does not need to perform authentication again next time.
  • the present invention transmits a network access request sent by a network access terminal to an optical line terminal through an optical network unit, and the network access authentication page for performing network access authentication is pushed by the optical line terminal and the network access authentication of the network access terminal is performed.
  • the result is fed back to the optical network unit, and the optical network unit determines whether to allow the network access terminal to perform network access according to the received network access authentication result, so as to achieve the purpose of implementing network access authentication in the passive optical network system, the present invention can be fast
  • the network access authentication (Portal authentication) process is implemented, and the optical network unit accesses the terminal user to access the Internet by quickly notifying the network. Therefore, the present invention effectively overcomes various shortcomings in the prior art and has high industrial utilization value.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a network access authentication method and system, for use in network access authentication in a passive optical network system. The method comprises: when a network access request transmitted from a network access terminal is received, an optical network unit transmits the network access request to an optical line terminal; the optical line terminal pushes, according to the received network access request, to the optical network unit, a network access authentication page; the optical network unit feeds back the received network access authentication page to the network access terminal to enable the network access terminal to perform network access authentication according to the network access authentication page; the network access terminal feeds back a network access authentication result to the optical network unit; and the optical network unit determines, according to the received network access authentication result, whether to grant network access to the network access terminal. The invention can quickly achieve portal authentication in a passive optical network system, and an optical network unit can notify that a user of a network access terminal would like to access a network.

Description

一种网络访问认证方法及系统Network access authentication method and system
本申请要求2015年11月05日提交的申请号为:201510745079.5、发明名称为“一种网络访问认证方法及系统”的中国专利申请的优先权,其全部内容合并在此。The present application claims priority to Chinese Patent Application No. 2015 No. No. No. No. No. No. No. No. No. No. No. No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No
技术领域Technical field
本发明涉及网络通信技术领域,特别是涉及网络设访问技术领域,具体为一种网络访问认证方法及系统。The present invention relates to the field of network communication technologies, and in particular, to the field of network access technologies, and specifically to a network access authentication method and system.
背景技术Background technique
PON(Passive Optical Network:无源光纤网络)是指光配线网中不含有任何电子器件及电子电源等无源器件组成,不需要贵重的有源电子设备。一个无源光网络包括一个安装于中心控制站的光线路终端(OLT,Optical Line Terminal),以及一批配套的安装于用户场所的光网络单元(ONU,Optical Network Unit)。在OLT与ONU之间的光配线网(ODN,Optical Distribution Network))包含了光纤以及无源分光器或者耦合器。PON网络的突出优点是消除了户外的有源设备,所有的信号处理功能均在交换机和用户宅内设备完成。PON (Passive Optical Network) means that the optical distribution network does not contain any passive components such as electronic components and electronic power supplies, and does not require expensive active electronic equipment. A passive optical network includes an optical line terminal (OLT) installed at the central control station, and a set of optical network units (ONUs, optical network units) installed in the user premises. An optical distribution network (ODN) between the OLT and the ONU includes an optical fiber and a passive optical splitter or coupler. The outstanding advantage of the PON network is the elimination of outdoor active devices, all signal processing functions are done in the switch and in the user's home equipment.
GPON(Gigabit-Capable Passive Optical Network:无源光接入系统)是基于ITU-TG.984.x标准的最新一代宽带无源光综合接入标准,具有高带宽,高效率,大覆盖范围,用户接口丰富等众多优点,被大多数运营商视为实现接入网业务宽带化,综合化改造的理想技术。基于GPON技术的设备基本结构与已有的PON类似,也是包括局端的OLT(光线路终端)和用户端的ONU(光网络单元),连接在OLT(光线路终端)ONU(光网络单元)之间的设备由单模光纤(SM fiber)和无源分光器(Splitter)组成的ODN(光分配网络)以及网管系统组成。GPON (Gigabit-Capable Passive Optical Network) is the latest generation of broadband passive optical integrated access standard based on ITU-TG.984.x standard, with high bandwidth, high efficiency, large coverage, and users. The interface is rich and many other advantages, and is regarded by most operators as an ideal technology for achieving broadband and integrated transformation of access network services. The basic structure of the device based on GPON technology is similar to that of the existing PON, and is also an OLT (optical line terminal) including the central office and an ONU (optical network unit) at the user end, and is connected between the OLT (optical line terminal) ONU (optical network unit). The device consists of an ODN (Optical Distribution Network) consisting of a single mode fiber (SM fiber) and a passive splitter (Splitter) and a network management system.
Portal认证通常也称为Web认证或网络访问认证,一般将Portal认证网站称为门户网站。未认证用户上网时,设备强制用户登录到特定站点,用户可以免费访问其中的服务。当用户需要使用互联网中的其它信息时,必须在门户网站进行认证,只有认证通过后才可以使用互联网资源。用户可以主动访问已知的Portal认证网站,输入用户名和密码进行认证,这种开始Portal认证的方式称作主动认证。反之,如果用户试图通过HTTP访问其他外网,将被强制访问Portal认证网站,从而开始Portal认证过程,这种方式称作强制认证。现有技术都在WLAN(Wireless Local Area Networks:无线局域网络)上做Portal认证,然而随着技术发展和需要,在家庭PON系统中做Portal已经是趋势。 Portal authentication is also commonly referred to as web authentication or network access authentication. Portal authentication websites are generally referred to as portal websites. When an unauthenticated user accesses the Internet, the device forces the user to log in to a specific site, and the user can access the service for free. When users need to use other information on the Internet, they must be authenticated on the portal. Internet resources can only be used after the authentication is passed. Users can actively access the known Portal authentication website and enter the user name and password for authentication. This method of starting Portal authentication is called active authentication. Conversely, if a user attempts to access other external networks through HTTP, the Portal authentication website will be forced to access the portal authentication process. This method is called mandatory authentication. The prior art performs Portal authentication on a WLAN (Wireless Local Area Networks). However, as technology advances and needs, it is a trend to do Portal in a home PON system.
发明内容Summary of the invention
鉴于以上所述现有技术的缺点,本发明的目的在于提供一种网络访问认证方法及系统,用于解决现有技术中无法在无源光纤网络系统中实现网络访问认证的问题。In view of the above-mentioned shortcomings of the prior art, the present invention aims to provide a network access authentication method and system for solving the problem that network access authentication cannot be implemented in a passive optical network system in the prior art.
为实现上述目的及其他相关目的,本发明提供一种网络访问认证方法,用于在无源光纤网络系统中进行网络访问认证,所述网络访问认证方法包括:无源光纤网络系统中的光网络单元在接收到网络访问终端发送的网络访问请求时,将所述网络访问请求发送到无源光纤网络系统中的光线路终端;所述光线路终端根据接收到的网络访问请求向所述光网络单元推送用于进行网络访问认证的网络访问认证页面;所述光网络单元将接收到的所述网络访问认证页面反馈至所述网络访问终端,以使所述网络访问终端根据所述网络访问认证页面进行网络访问认证;所述光线路终端获取所述网络访问终端的网络访问认证结果并将所述网络访问认证结果反馈至所述光网络单元;所述光网络单元根据接收到的所述网络访问认证结果确定是否允许所述网络访问终端进行网络访问。To achieve the above and other related objects, the present invention provides a network access authentication method for performing network access authentication in a passive optical network system, where the network access authentication method includes: an optical network in a passive optical network system When receiving the network access request sent by the network access terminal, the unit sends the network access request to the optical line terminal in the passive optical network system; the optical line terminal sends the optical network terminal to the optical network according to the received network access request. The unit pushes a network access authentication page for performing network access authentication; the optical network unit feeds back the received network access authentication page to the network access terminal, so that the network access terminal performs authentication according to the network access The page performs network access authentication; the optical line terminal acquires a network access authentication result of the network access terminal, and feeds back the network access authentication result to the optical network unit; the optical network unit according to the received network Accessing the authentication result to determine whether to allow the network access terminal to perform network ask.
优选地,所述网络访问认证方法还包括:所述光网络单元在接收到认证成功的所述网络访问认证结果时,所述光网络单元存储所述网络访问认证结果。Preferably, the network access authentication method further includes: when the optical network unit receives the network access authentication result that the authentication succeeds, the optical network unit stores the network access authentication result.
优选地,所述无源光纤网络系统中的光网络单元在接收到网络访问终端发送的网络访问请求时,将所述网络访问请求发送到无源光纤网络系统中的光线路终端具体包括:所述光网络单元在接收到网络访问终端发送的网络访问请求时,所述光网络单元判断所述网络访问终端是否是网络访问认证成功的网络访问终端且在所述网络访问终端不是网络访问认证成功的网络访问终端时,将所述网络访问请求发送到无源光纤网络系统中的光线路终端。Preferably, when receiving the network access request sent by the network access terminal, the optical network unit in the passive optical network system sends the network access request to the optical line terminal in the passive optical network system, and specifically includes: When the optical network unit receives the network access request sent by the network access terminal, the optical network unit determines whether the network access terminal is a network access terminal with successful network access authentication, and the network access terminal is not successfully authenticated by the network access terminal. When the network accesses the terminal, the network access request is sent to the optical line terminal in the passive optical network system.
优选地,所述光网络单元和所述光线路终端之间通过光网络单元管理控制接口进行通信。Preferably, the optical network unit and the optical line terminal communicate through an optical network unit management control interface.
为实现上述目的,本发明还提供一种光网络单元,用于在无源光纤网络系统中进行网络访问认证,所述光网络单元包括:网络访问终端请求接收模块,用于接收网络访问终端发送的网络访问请求;请求发送模块,与所述网络访问终端请求接收模块相连,用于将所述网络访问请求发送到无源光纤网络系统中的光线路终端;认证页面接收模块,用于从所述无源光纤网络系统中的光线路终端接收用于进行网络访问认证的网络访问认证页面;认证页面反馈模块,与所述认证页面接收模块相连,用于将接收到的所述网络访问认证页面反馈至所述网络访问终端,以使所述网络访问终端根据所述网络访问认证页面进行网络访问认证;网络访问控制模块,用于从所述无源光纤网络系统中的光线路终端接收接收网络访问认证结果并根据所述网络访问认证结果确定是否允许所述网络访问终端进行网络访问。To achieve the above object, the present invention further provides an optical network unit, configured to perform network access authentication in a passive optical network system, where the optical network unit includes: a network access terminal request receiving module, configured to receive a network access terminal to send a network access request; a request sending module, connected to the network access terminal request receiving module, configured to send the network access request to an optical line terminal in a passive optical network system; and an authentication page receiving module, configured to The optical line terminal in the passive optical network system receives a network access authentication page for performing network access authentication; the authentication page feedback module is connected to the authentication page receiving module, and is configured to receive the received network access authentication page. Feedbacking to the network access terminal, so that the network access terminal performs network access authentication according to the network access authentication page; and the network access control module is configured to receive and receive a receiving network from the optical line terminal in the passive optical network system Accessing the authentication result and determining whether based on the network access authentication result Xu the network access network access terminals.
优选地,所述光网络单元还包括:存储模块,用于在接收到认证成功的所述网络访问认 证结果时存储所述网络访问认证结果。Preferably, the optical network unit further includes: a storage module, configured to receive the network access authentication after successful authentication The network access authentication result is stored when the result is verified.
优选地,所述光网络单元还包括:判断模块,与所述存储模块相连,用于在接收到网络访问终端发送的网络访问请求时,判断所述网络访问终端是否是网络访问认证成功的网络访问终端;在所述网络访问终端不是网络访问认证成功的网络访问终端时,所述请求发送模块将所述网络访问请求发送到无源光纤网络系统中的光线路终端。Preferably, the optical network unit further includes: a determining module, connected to the storage module, configured to determine, when receiving the network access request sent by the network access terminal, whether the network access terminal is a network with successful network access authentication And accessing the terminal; when the network access terminal is not a network access terminal with successful network access authentication, the request sending module sends the network access request to an optical line terminal in the passive optical network system.
为实现上述目的,本发明还提供一种光线路终端,用于在无源光纤网络系统中进行网络访问认证,所述光线路终端包括:网络访问请求接收模块,用于从无源光纤网络系统中的光网络单元接收网络访问请求;认证页面推送模块,与所述网络访问请求接收模块相连,用于根据接收到的网络访问请求向所述光网络单元推送用于进行网络访问认证的网络访问认证页面;认证结果接收反馈模块,用于从所述网络访问终端接收网络访问认证结果并并将所述网络访问认证结果反馈至所述光网络单元。To achieve the above object, the present invention also provides an optical line terminal for performing network access authentication in a passive optical network system, the optical line terminal comprising: a network access request receiving module, for using a passive optical network system The optical network unit receives the network access request, and the authentication page pushing module is connected to the network access request receiving module, and is configured to push, according to the received network access request, the network access for network access authentication to the optical network unit. And an authentication result receiving feedback module, configured to receive a network access authentication result from the network access terminal, and feed back the network access authentication result to the optical network unit.
为实现上述目的,本发明还提供一种网络访问认证系统,用于在无源光纤网络系统中进行网络访问认证,所述网络访问认证系统包括如上所述的光网络单元和如上所述的光线路终端。To achieve the above object, the present invention also provides a network access authentication system for performing network access authentication in a passive optical network system, the network access authentication system including the optical network unit as described above and the light as described above Line terminal.
优选地,所述光网络单元和所述光线路终端之间通过光网络单元管理控制接口进行通信。Preferably, the optical network unit and the optical line terminal communicate through an optical network unit management control interface.
如上所述,本发明的一种网络访问认证方法及系统,具有以下有益效果:As described above, a network access authentication method and system of the present invention has the following beneficial effects:
本发明通过光网络单元将网络访问终端发送的网络访问请求发送到光线路终端,由光线路终端推送用于进行网络访问认证的网络访问认证页面并网络访问终端的网络访问认证结果反馈至光网络单元,由光网络单元根据接收到所述网络访问认证结果确定是否允许网络访问终端进行网络访问,达到在无源光纤网络系统中实现网络访问认证的目的,本发明可以快速的实现网络访问认证(Portal认证)过程,并且光网络单元以快速通知网络访问终端用户上网。The invention sends the network access request sent by the network access terminal to the optical line terminal through the optical network unit, and the network access authentication page for performing network access authentication is pushed by the optical line terminal, and the network access authentication result of the network access terminal is fed back to the optical network. The unit, the optical network unit determines whether to allow the network access terminal to perform network access according to the received network access authentication result, and achieves the purpose of implementing network access authentication in the passive optical network system, and the invention can quickly implement network access authentication ( Portal authentication process, and the optical network unit accesses the end user to access the Internet by quickly notifying the network.
附图说明DRAWINGS
图1显示为本发明的网络访问认证方法的流程示意图。FIG. 1 is a schematic flowchart diagram of a network access authentication method according to the present invention.
图2显示为本发明的网络访问认证方法的具体实施示意图。FIG. 2 is a schematic diagram showing a specific implementation of a network access authentication method according to the present invention.
图3显示为本发明的网络访问认证系统的结构示意图。FIG. 3 is a schematic structural diagram of a network access authentication system according to the present invention.
图4显示为本发明的光网络单元的结构示意图。4 is a schematic view showing the structure of an optical network unit of the present invention.
图5显示为本发明的光网络单元的一种优选结构示意图。Figure 5 shows a preferred schematic diagram of the optical network unit of the present invention.
图6显示为本发明的光线路终端的结构示意图。Fig. 6 is a view showing the structure of an optical line terminal of the present invention.
元件标号说明 Component label description
1        网络访问认证系统1 Network access authentication system
11       光网络单元11 optical network unit
111      网络访问终端请求接收模111 network access terminal request receiving mode
112      请求发送模块112 request to send module
113      认证页面接收模块113 authentication page receiving module
114      认证页面反馈模块114 Certification Page Feedback Module
115      网络访问控制模块115 Network Access Control Module
116      存储模块116 storage module
117      判断模块117 judgment module
12       光线路终端12 optical line terminal
121      网络访问请求接收模块121 Network Access Request Receiving Module
122      认证页面推送模块122 Authentication Page Push Module
123      认证结果接收反馈模块123 authentication result receiving feedback module
S11~S15 步骤S11~S15 steps
具体实施方式detailed description
以下通过特定的具体实例说明本发明的实施方式,本领域技术人员可由本说明书所揭露的内容轻易地了解本发明的其他优点与功效。本发明还可以通过另外不同的具体实施方式加以实施或应用,本说明书中的各项细节也可以基于不同观点与应用,在没有背离本发明的精神下进行各种修饰或改变。The embodiments of the present invention are described below by way of specific examples, and those skilled in the art can readily understand other advantages and effects of the present invention from the disclosure of the present disclosure. The present invention may be embodied or applied in various other specific embodiments, and various modifications and changes can be made without departing from the spirit and scope of the invention.
本实施例的目的在于提供一种网络访问认证方法及系统,用于解决现有技术中无法在无源光纤网络系统中实现网络访问认证的问题。以下将详细阐述本实施例的一种网络访问认证方法及系统的原理及实施方式,使本领域技术人员不需要创造性劳动即可理解本实施例的一种网络访问认证方法及系统。The purpose of this embodiment is to provide a network access authentication method and system for solving the problem that network access authentication cannot be implemented in a passive optical network system in the prior art. The network access authentication method and system of the present embodiment are described in detail below, and the network access authentication method and system of the present embodiment can be understood by those skilled in the art without any creative work.
本实施例提供一种网络访问认证方法,用于在无源光纤网络系统中进行网络访问认证,具体地,如图1所示,所述网络访问认证方法包括以下步骤。This embodiment provides a network access authentication method for performing network access authentication in a passive optical network system. Specifically, as shown in FIG. 1, the network access authentication method includes the following steps.
步骤S11,无源光纤网络系统中的光网络单元在接收到网络访问终端发送的网络访问请求时,将所述网络访问请求发送到无源光纤网络系统中的光线路终端。Step S11: The optical network unit in the passive optical network system sends the network access request to the optical line terminal in the passive optical network system when receiving the network access request sent by the network access terminal.
步骤S12,所述光线路终端根据接收到的网络访问请求向所述光网络单元推送用于进行网络访问认证的网络访问认证页面。Step S12: The optical line terminal pushes a network access authentication page for performing network access authentication to the optical network unit according to the received network access request.
步骤S13,所述光网络单元将接收到的所述网络访问认证页面反馈至所述网络访问终端, 以使所述网络访问终端根据所述网络访问认证页面进行网络访问认证。Step S13, the optical network unit feeds back the received network access authentication page to the network access terminal, So that the network access terminal performs network access authentication according to the network access authentication page.
步骤S14,所述光线路终端获取所述网络访问终端的网络访问认证结果并将所述网络访问认证结果反馈至所述光网络单元。Step S14: The optical line terminal acquires a network access authentication result of the network access terminal, and feeds back the network access authentication result to the optical network unit.
步骤S15,所述光网络单元根据接收到的所述网络访问认证结果确定是否允许所述网络访问终端进行网络访问。Step S15: The optical network unit determines, according to the received network access authentication result, whether the network access terminal is allowed to perform network access.
以下对步骤S11至步骤S15进行详细说明。Steps S11 to S15 will be described in detail below.
本实施例提供一种网络访问认证方法,用于在无源光纤网络系统(GPON,Gigabit-Capable Passive Optical Network中进行网络访问认证,其中在本实施例中,所述网络访问认证即为Portal认证。This embodiment provides a network access authentication method for performing network access authentication in a GPON (Gigabit-Capable Passive Optical Network). In this embodiment, the network access authentication is Portal authentication. .
步骤S11,无源光纤网络系统中的光网络单元(ONU,Optical Network Unit)在接收到网络访问终端(用户端电脑、手机等可访问网络的终端)发送的网络访问请求时,将所述网络访问请求发送到无源光纤网络系统中的光线路终端(OLT,Optical Line Terminal)。也就说说,在步骤S11中,当用户发送上网请求时,通过ONU的Http报文,由ONU获取请求,光网络单元同时负责上报用户的上网请求到光线路终端中,ONU通过OMCI协议将用户的MAC地址发送到OLT。Step S11: The optical network unit (ONU, Optical Network Unit) in the passive optical network system receives the network access request sent by the network access terminal (the terminal of the network accessible terminal such as the user computer or the mobile phone) The access request is sent to an optical line terminal (OLT, Optical Line Terminal) in the passive optical network system. In other words, in step S11, when the user sends an online request, the ONU obtains the request through the Http message of the ONU, and the optical network unit is also responsible for reporting the user's online request to the optical line terminal, and the ONU passes the OMCI protocol. The user's MAC address is sent to the OLT.
在本实施例中,所述光网络单元和所述光线路终端之间通过光网络单元管理控制接口(OMCI,ONU Management and Control Interface)进行通信。即所述光网络单元和所述光线路终端之间的通信是基于OMCI定义的OMCI协议Portal报文格式。OMCI(光网络单元管理控制接口,即ONU Management and Control Interface)是GPON标准中定义的一种OLT与ONT之间信息交互的协议,用于在GPON网络中OLT对ONT的管理,包括配置管理、故障管理、性能管理和安全管理等。OMCI协议在OLT控制器和ONT控制器之间的GEM连接上运行,该连接在ONT初始化时建立。In this embodiment, the optical network unit and the optical line terminal communicate through an optical network unit management control interface (OMCI, ONU Management and Control Interface). That is, the communication between the optical network unit and the optical line terminal is based on the OMCI protocol Portal message format defined by the OMCI. The OMCI (the ONU Management and Control Interface) is a protocol for information exchange between the OLT and the ONT defined in the GPON standard. It is used for management of the ONT by the OLT in the GPON network, including configuration management. Fault management, performance management, and security management. The OMCI protocol runs on the GEM connection between the OLT controller and the ONT controller, which is established during the initialization of the ONT.
具体地,在本实施例中,所述无源光纤网络系统中的光网络单元在接收到网络访问终端发送的网络访问请求时,将所述网络访问请求发送到无源光纤网络系统中的光线路终端具体包括:所述光网络单元在接收到网络访问终端发送的网络访问请求时,所述光网络单元判断所述网络访问终端是否是网络访问认证成功的网络访问终端且在所述网络访问终端不是网络访问认证成功的网络访问终端时,将所述网络访问请求发送到无源光纤网络系统中的光线路终端。Specifically, in this embodiment, the optical network unit in the passive optical network system sends the network access request to the optical fiber in the passive optical network system when receiving the network access request sent by the network access terminal. The line terminal specifically includes: when the optical network unit receives the network access request sent by the network access terminal, the optical network unit determines whether the network access terminal is a network access terminal with successful network access authentication and accesses the network access terminal. When the terminal is not a network access terminal with successful network access authentication, the network access request is sent to the optical line terminal in the passive optical network system.
在本实施例中,ONU上报OLT的OMCI报文具体可参考如下,但并不限于如下所呈现的示例。 In this embodiment, the OMCI message reported by the ONU to the OLT may be specifically referred to as follows, but is not limited to the examples presented below.
定义接收认证服务(Portal receive)管理实体,其中,所述接收认证服务管理实体的属性包括:Defining a portal receive management entity, where the attributes of the receive authentication service management entity include:
1)管理实体标识(Managed Entity ID):该属性为所述接收认证管理实体的每一个实例(Instance)提供唯一的编号;所述接收认证管理实体只有一个实例,其编号为0;(R)、(强制)、(2个字节)。1) Managed Entity ID: This attribute provides a unique number for each instance of the receiving authentication management entity; the receiving authentication management entity has only one instance, its number is 0; (R) , (mandatory), (2 bytes).
2)ONU Portal的mac个数(Portal MAC num):该属性标识认证上报的用户MAC地址的个数;(R&W)、(强制)、(6个字节)。2) The number of MAC addresses of the ONU Portal (Portal MAC num): This attribute identifies the number of user MAC addresses reported by the authentication; (R&W), (mandatory), (6 bytes).
3)用户MAC地址的表(MAC list table):该属性标识ONU Portal认证上报的用户MAC地址的表,默认为NULL(空);(6*N个字节)3) MAC list table: This attribute identifies the table of user MAC addresses reported by the ONU Portal authentication. The default is NULL (empty); (6*N bytes)
4)Portal up Managed entity ID:标示Portal上报的实例id号;Portal MAC num:ONU Portal认证上报的用户MAC地址的个数;Portal MAC list table:ONU Portal认证上报的用户MAC地址的表,默认为NULL(空)。4) Portal up Managed entity ID: indicates the instance id number reported by the portal; Portal MAC num: the number of user MAC addresses reported by the ONU Portal authentication; Portal MAC list table: the table of the user MAC address reported by the ONU Portal authentication. The default is NULL (empty).
ONU通过上述实例将需要Portal认证的MAC地址通知给OLT从而,达到OLT对用户的Portal认证管理。The ONU notifies the OLT of the MAC address that requires Portal authentication to the OLT to manage the Portal authentication of the user.
步骤S12,所述光线路终端根据接收到的网络访问请求向所述光网络单元推送用于进行网络访问认证的网络访问认证页面。即OLT接收到上网请求报文时,向ONU推送Portal认证页面,也就是,所述光线路终端向光网络单元推送Portal页面。Step S12: The optical line terminal pushes a network access authentication page for performing network access authentication to the optical network unit according to the received network access request. That is, when the OLT receives the Internet access request message, the OLT pushes the Portal authentication page to the ONU, that is, the optical line terminal pushes the Portal page to the optical network unit.
所述光线路终端发送Portal的信息OMCI报文具体可参考如下,但并不限于如下所呈现的示例。The information OMCI message sent by the optical line terminal to the portal may be specifically referred to as follows, but is not limited to the examples presented below.
定义OLT设置给ONU的Portal信息,包括Portal网站和认证的用户MAC等。具体如下:Define the Portal information that the OLT sets to the ONU, including the Portal website and the authenticated user MAC. details as follows:
定义接收认证服务(Portal receive)管理实体,其中,所述接收认证服务管理实体的属性包括:Defining a portal receive management entity, where the attributes of the receive authentication service management entity include:
1)管理实体标识(Managed Entity ID):该属性为所述接收认证管理实体的每一个实例(Instance)提供唯一的编号;所述接收认证管理实体只有一个实例,其编号为0;(R)、(强制)、(2个字节)。1) Managed Entity ID: This attribute provides a unique number for each instance of the receiving authentication management entity; the receiving authentication management entity has only one instance, its number is 0; (R) , (mandatory), (2 bytes).
2)ONU Portal的mac个数(Portal MAC num):该属性标识认证上报的用户MAC地址的个数;(R&W)、(强制)、(6个字节)。2) The number of MAC addresses of the ONU Portal (Portal MAC num): This attribute identifies the number of user MAC addresses reported by the authentication; (R&W), (mandatory), (6 bytes).
3)用户MAC地址的表(MAC list table):该属性标识ONU Portal认证上报的用户MAC地址的表,默认为NULL(空);(6*N个字节)3) MAC list table: This attribute identifies the table of user MAC addresses reported by the ONU Portal authentication. The default is NULL (empty); (6*N bytes)
4)Portal up Managed entity ID:标示Portal上报的实例id号;Portal MAC num:ONU Portal 认证上报的用户MAC地址的个数;Portal MAC list table:ONU Portal认证上报的用户MAC地址的表,默认为NULL(空)。4) Portal up Managed entity ID: indicates the instance id number reported by the portal; Portal MAC num: ONU Portal The number of the user's MAC address that is reported by the authentication. Portal MAC list table: The table of the user MAC address reported by the ONU Portal authentication. The default is NULL.
步骤S13,所述光网络单元将接收到的所述网络访问认证页面反馈至所述网络访问终端,以使所述网络访问终端根据所述网络访问认证页面进行网络访问认证。Step S13: The optical network unit feeds back the received network access authentication page to the network access terminal, so that the network access terminal performs network access authentication according to the network access authentication page.
所述网络访问终端从所述光网络单元接收所述网络访问认证页面,并根据所述网络访问认证页面进行网络访问认证。也就是,当用户接收到网络访问认证页面时,可以实现认证,如果认证通过,OLT的Portal服务会告知认证结果,通过OLT通过OMCI协议通知ONU此网络访问终端的认证结果。The network access terminal receives the network access authentication page from the optical network unit, and performs network access authentication according to the network access authentication page. That is, when the user receives the network access authentication page, the authentication can be implemented. If the authentication is passed, the OLT Portal service will notify the authentication result, and the OLT will notify the ONU of the authentication result of the network access terminal through the OMCI protocol.
步骤S14,所述光线路终端获取所述网络访问终端的网络访问认证结果并将所述网络访问认证结果反馈至所述光网络单元。如果所述网络访问终端的网络访问认证通过,OLT的Portal服务会告知OLT认证结果,OLT通过OMCI协议通知ONU此网络访问终端的认证结果。Step S14: The optical line terminal acquires a network access authentication result of the network access terminal, and feeds back the network access authentication result to the optical network unit. If the network access authentication of the network access terminal passes, the Portal service of the OLT notifies the OLT of the authentication result, and the OLT notifies the ONU of the authentication result of the network access terminal by using the OMCI protocol.
步骤S15,所述光网络单元根据接收到的所述网络访问认证结果确定是否允许所述网络访问终端进行网络访问。即如果所述网络访问终端认证通过,ONU对此所述网络访问终端放行,从而用户可以通过所述网络访问终端上网。Step S15: The optical network unit determines, according to the received network access authentication result, whether the network access terminal is allowed to perform network access. That is, if the network access terminal passes the authentication, the ONU releases the network access terminal, so that the user can access the terminal through the network.
此外,在本实施例中,所述网络访问认证方法还包括:所述光网络单元在接收到认证成功的所述网络访问认证结果时,所述光网络单元存储所述网络访问认证结果。也就是说,如果所述网络访问终端认证通过,ONU对此所述网络访问终端放行,从而用户可以通过所述网络访问终端上网,ONU并保存所述网络访问终端的认证信息,以便用户下次通过所述网络访问终端访问网络时不需要再进行认证。In addition, in this embodiment, the network access authentication method further includes: when the optical network unit receives the network access authentication result that the authentication succeeds, the optical network unit stores the network access authentication result. That is, if the network access terminal passes the authentication, the ONU releases the network access terminal, so that the user can access the terminal through the network access terminal, and the ONU saves the authentication information of the network access terminal, so that the user can next time. No authentication is required when accessing the network through the network access terminal.
为使本领域技术人员进一步理解本实施例的网络访问认证方法,以下对本实施例的网络访问认证方法的实施过程进行进一步说明。To further understand the network access authentication method of this embodiment, the implementation process of the network access authentication method of this embodiment is further described below.
如图2所示,当用户发送上网请求时,通过ONU的Http报文,由ONU获取请求,判断该用户是否已经经过Portal认证,若之前经过Portal认证,则直接允许该用户上网,若还没有经过Portal认证,ONU通过OMCI协议将用户的MAC地址发送到OLT,OLT接收到上网请求报文时,向ONU推送Portal认证页面,ONU根据用户MAC地址在向用户Http发送此Portal认证页面,当用户接收到此Portal认证页面时,可以实现认证,如果认证通过,OLT获取认证结果,OLT通过OMCI协议通知ONU此用户的认证结果,如果认证通过ONU对此用户放行,从而用户可以上网,ONU并保存认证信息,以便用户下次不需要再进行认证。As shown in Figure 2, when the user sends an Internet access request, the ONU obtains the request from the ONU to determine whether the user has passed the Portal authentication. If the portal authentication is performed before, the user is allowed to access the Internet directly. After the portal authentication is performed, the ONU sends the user's MAC address to the OLT through the OMCI protocol. When the OLT receives the Internet access request packet, the OLT pushes the Portal authentication page to the ONU. The ONU sends the Portal authentication page to the user Http according to the user MAC address. When the portal authentication page is received, the authentication can be implemented. If the authentication succeeds, the OLT obtains the authentication result. The OLT notifies the ONU of the authentication result of the user through the OMCI protocol. If the authentication is released to the user through the ONU, the user can access the Internet and save the ONU. Authentication information so that users do not need to authenticate again next time.
为实现上述网络访问认证方法,本实施例对应提供一种网络访问认证系统,用于在无源 光纤网络系统(GPON,Gigabit-Capable Passive Optical Network中进行网络访问认证,其中在本实施例中,所述网络访问认证即为Portal认证。To implement the foregoing network access authentication method, the embodiment provides a network access authentication system for passive use. The network access authentication is performed in the GPON (Gigabit-Capable Passive Optical Network). In this embodiment, the network access authentication is Portal authentication.
具体地,如图3所示,所述网络访问认证系统1包括光网络单元11和光线路终端12,其中,在本实施例中,所述光网络单元11和所述光线路终端12之间通过光网络单元11管理控制接口(OMCI,ONU Management and Control Interface)进行通信。即所述光网络单元11和所述光线路终端12之间的通信是基于OMCI定义的OMCI协议Portal报文格式。OMCI(光网络单元11管理控制接口,即ONU Management and Control Interface)是GPON标准中定义的一种OLT与ONT之间信息交互的协议,用于在GPON网络中OLT对ONT的管理,包括配置管理、故障管理、性能管理和安全管理等。OMCI协议在OLT控制器和ONT控制器之间的GEM连接上运行,该连接在ONT初始化时建立。Specifically, as shown in FIG. 3, the network access authentication system 1 includes an optical network unit 11 and an optical line terminal 12, wherein in the embodiment, the optical network unit 11 and the optical line terminal 12 pass between The optical network unit 11 manages an interface (OMCI, ONU Management and Control Interface) for communication. That is, the communication between the optical network unit 11 and the optical line terminal 12 is based on the OMCI protocol Portal message format defined by the OMCI. The OMCI (the ONU Management and Control Interface) is a protocol for information exchange between the OLT and the ONT defined in the GPON standard, and is used for management of the ONT by the OLT in the GPON network, including configuration management. , fault management, performance management and security management. The OMCI protocol runs on the GEM connection between the OLT controller and the ONT controller, which is established during the initialization of the ONT.
以下对所述光网络单元11和所述光线路终端12进行详细说明。The optical network unit 11 and the optical line terminal 12 will be described in detail below.
所述光网络单元11(ONU,Optical Network Unit),用于在无源光纤网络系统中进行网络访问认证,所述光网络单元11负责上报用户的上网请求,以及保存已经Portal认证的用户,将Portl的认证结果反馈给用户。The optical network unit (ONU) is configured to perform network access authentication in a passive optical network system. The optical network unit 11 is responsible for reporting the online request of the user, and saving the user who has already obtained the Portal authentication. Portl's certification results are fed back to the user.
具体地,在本实施例中,如图3和图4所示,所述光网络单元11包括:网络访问终端请求接收模111块,请求发送模块112,认证页面接收模块113,认证页面反馈模块114以及网络访问控制模块115。Specifically, in this embodiment, as shown in FIG. 3 and FIG. 4, the optical network unit 11 includes: a network access terminal request receiving mode 111 block, a request sending module 112, an authentication page receiving module 113, and an authentication page feedback module. 114 and a network access control module 115.
所述网络访问终端请求接收模111块用于接收网络访问终端发送的网络访问请求;所述网络访问终端请求接收模111块用于从网络访问终端(用户端电脑、手机等可访问网络的终端)接收网络访问请求。所述请求发送模块112与所述网络访问终端请求接收模111块相连,用于将所述网络访问请求发送到无源光纤网络系统中的光线路终端12(OLT,Optical Line Terminal)。The network access terminal requests a receiving mode 111 block for receiving a network access request sent by a network access terminal; the network access terminal requests a receiving mode 111 block for accessing a terminal (a user terminal computer, a mobile phone, etc., a network accessible terminal) ) Receive network access requests. The request sending module 112 is connected to the network access terminal request receiving module 111 for transmitting the network access request to an optical line terminal 12 (OLT) in the passive optical network system.
具体地,在本实施例中,当用户发送上网请求时,通过ONU的Http报文,由所述网络访问终端请求接收模111块获取请求,所述请求发送模块112负责上报用户的上网请求到光线路终端12中,所述请求发送模块112通过OMCI协议将用户的MAC地址发送到OLT。Specifically, in this embodiment, when the user sends an Internet access request, the network access terminal requests the receiving mode 111 block obtaining request by using the Http message of the ONU, and the request sending module 112 is responsible for reporting the user's online request to In the optical line terminal 12, the request sending module 112 transmits the MAC address of the user to the OLT through the OMCI protocol.
在本实施例中,所述请求发送模块112上报OLT的OMCI报文具体可参考如下,但并不限于如下所呈现的示例。In this embodiment, the OMCI message reported by the request sending module 112 to the OLT may be specifically referred to as follows, but is not limited to the example presented below.
定义接收认证服务(Portal receive)管理实体,其中,所述接收认证服务管理实体的属性包括:Defining a portal receive management entity, where the attributes of the receive authentication service management entity include:
1)管理实体标识(Managed Entity ID):该属性为所述接收认证管理实体的每一个实例 (Instance)提供唯一的编号;所述接收认证管理实体只有一个实例,其编号为0;(R)、(强制)、(2个字节)。1) Managed Entity ID: This attribute is each instance of the receiving authentication management entity. (Instance) provides a unique number; the receiving authentication management entity has only one instance, its number is 0; (R), (mandatory), (2 bytes).
2)ONU Portal的mac个数(Portal MAC num):该属性标识认证上报的用户MAC地址的个数;(R&W)、(强制)、(6个字节)。2) The number of MAC addresses of the ONU Portal (Portal MAC num): This attribute identifies the number of user MAC addresses reported by the authentication; (R&W), (mandatory), (6 bytes).
3)用户MAC地址的表(MAC list table):该属性标识ONU Portal认证上报的用户MAC地址的表,默认为NULL(空);(6*N个字节)3) MAC list table: This attribute identifies the table of user MAC addresses reported by the ONU Portal authentication. The default is NULL (empty); (6*N bytes)
4)Portal up Managed entity ID:标示Portal上报的实例id号;Portal MAC num:ONU Portal认证上报的用户MAC地址的个数;Portal MAC list table:ONU Portal认证上报的用户MAC地址的表,默认为NULL(空)。4) Portal up Managed entity ID: indicates the instance id number reported by the portal; Portal MAC num: the number of user MAC addresses reported by the ONU Portal authentication; Portal MAC list table: the table of the user MAC address reported by the ONU Portal authentication. The default is NULL (empty).
ONU通过上述实例将需要Portal认证的MAC地址通知给OLT从而,达到OLT对用户的Portal认证管理。The ONU notifies the OLT of the MAC address that requires Portal authentication to the OLT to manage the Portal authentication of the user.
所述认证页面接收模块113用于从所述无源光纤网络系统中的光线路终端12接收用于进行网络访问认证的网络访问认证页面;The authentication page receiving module 113 is configured to receive a network access authentication page for performing network access authentication from the optical line terminal 12 in the passive optical network system;
所述认证页面反馈模块114与所述认证页面接收模块113相连,用于将接收到的所述网络访问认证页面反馈至所述网络访问终端,以使所述网络访问终端根据所述网络访问认证页面进行网络访问认证。The authentication page feedback module 114 is connected to the authentication page receiving module 113, and is configured to feed back the received network access authentication page to the network access terminal, so that the network access terminal performs authentication according to the network access The page performs network access authentication.
所述网络访问终端从所述光网络单元11接收所述网络访问认证页面,并根据所述网络访问认证页面进行网络访问认证。也就是,当用户接收到网络访问认证页面时,可以实现认证,如果认证通过,OLT的Portal服务会告知认证结果,通过OLT通过OMCI协议通知ONU此网络访问终端的认证结果。The network access terminal receives the network access authentication page from the optical network unit 11, and performs network access authentication according to the network access authentication page. That is, when the user receives the network access authentication page, the authentication can be implemented. If the authentication is passed, the OLT Portal service will notify the authentication result, and the OLT will notify the ONU of the authentication result of the network access terminal through the OMCI protocol.
所述网络访问控制模用于从所述无源光纤网络系统中的光线路终端12接收接收网络访问认证结果并根据所述网络访问认证结果确定是否允许所述网络访问终端进行网络访问。即如果所述网络访问终端认证通过,所述网络访问控制模控制ONU对此所述网络访问终端放行,从而用户可以通过所述网络访问终端上网。The network access control module is configured to receive a network access authentication result from the optical line terminal 12 in the passive optical network system and determine whether to allow the network access terminal to perform network access according to the network access authentication result. That is, if the network access terminal is authenticated, the network access control mode controls the ONU to release the network access terminal, so that the user can access the terminal through the network.
此外,在本实施例中,图5所示,所述光网络单元11还包括:存储模块116和判断模块117。In addition, in this embodiment, as shown in FIG. 5, the optical network unit 11 further includes: a storage module 116 and a judging module 117.
所述存储模块116用于在接收到认证成功的所述网络访问认证结果时存储所述网络访问认证结果。也就是说,如果所述网络访问终端认证通过,ONU对此所述网络访问终端放行,从而用户可以通过所述网络访问终端上网,ONU并保存所述网络访问终端的认证信息,以便用户下次通过所述网络访问终端访问网络时不需要再进行认证。 The storage module 116 is configured to store the network access authentication result when receiving the network access authentication result that the authentication succeeds. That is, if the network access terminal passes the authentication, the ONU releases the network access terminal, so that the user can access the terminal through the network access terminal, and the ONU saves the authentication information of the network access terminal, so that the user can next time. No authentication is required when accessing the network through the network access terminal.
所述判断模块117与所述存储模块116相连,用于在所述网络访问终端请求接收模111块接收到网络访问终端发送的网络访问请求时,判断所述网络访问终端是否是网络访问认证成功的网络访问终端;在所述网络访问终端不是网络访问认证成功的网络访问终端时,所述请求发送模块112将所述网络访问请求发送到无源光纤网络系统中的光线路终端12。The determining module 117 is connected to the storage module 116, and is configured to determine, when the network access terminal requests the receiving mode 111 block to receive the network access request sent by the network access terminal, whether the network access terminal is successfully authenticated by the network access terminal. The network access terminal; when the network access terminal is not a network access terminal with successful network access authentication, the request sending module 112 sends the network access request to the optical line terminal 12 in the passive optical network system.
所述光线路终端12用于在无源光纤网络系统中进行网络访问认证,所述光线路终端12负责portal认证页面的构建,负责将光网络单元11的上报用户进行管理,向光网络单元11onu推送portal认证页面,向光网络单元11发送已经认证的用户信息。The optical line terminal 12 is configured to perform network access authentication in a passive optical network system. The optical line terminal 12 is responsible for constructing a portal authentication page, and is responsible for managing the reported user of the optical network unit 11 to the optical network unit 11onu. The portal authentication page is pushed, and the authenticated user information is sent to the optical network unit 11.
具体地,在本实施例中,如图3和图6所示,所述光线路终端12包括:网络访问请求接收模块121,认证页面推送模块122和认证结果接收反馈模块123。Specifically, in the embodiment, as shown in FIG. 3 and FIG. 6, the optical line terminal 12 includes: a network access request receiving module 121, an authentication page pushing module 122, and an authentication result receiving feedback module 123.
所述网络访问请求接收模块121用于从无源光纤网络系统中的光网络单元11接收网络访问请求。所述认证页面推送模块122与所述网络访问请求接收模块121相连,用于根据接收到的网络访问请求向所述光网络单元11推送用于进行网络访问认证的网络访问认证页面。即OLT中的所述网络访问请求接收模块121接收到上网请求报文时,所述认证页面推送模块122向ONU推送Portal认证页面,也就是,所述光线路终端12向光网络单元11推送Portal页面。The network access request receiving module 121 is configured to receive a network access request from the optical network unit 11 in the passive optical network system. The authentication page pushing module 122 is connected to the network access request receiving module 121, and is configured to push a network access authentication page for performing network access authentication to the optical network unit 11 according to the received network access request. That is, when the network access request receiving module 121 in the OLT receives the Internet access request message, the authentication page pushing module 122 pushes the Portal authentication page to the ONU, that is, the optical line terminal 12 pushes the Portal to the optical network unit 11. page.
所述认证页面推送模块122发送Portal的信息OMCI报文具体可参考如下,但并不限于如下所呈现的示例。The information OMCI message sent by the authentication page pushing module 122 to the portal may be specifically referred to as follows, but is not limited to the examples presented below.
定义所述认证页面推送模块122设置给ONU的Portal信息,包括Portal网站和认证的用户MAC等。具体如下:The portal information set by the authentication page pushing module 122 to the ONU is defined, including the portal website and the authenticated user MAC. details as follows:
定义接收认证服务(Portal receive)管理实体,其中,所述接收认证服务管理实体的属性包括:Defining a portal receive management entity, where the attributes of the receive authentication service management entity include:
1)管理实体标识(Managed Entity ID):该属性为所述接收认证管理实体的每一个实例(Instance)提供唯一的编号;所述接收认证管理实体只有一个实例,其编号为0;(R)、(强制)、(2个字节)。1) Managed Entity ID: This attribute provides a unique number for each instance of the receiving authentication management entity; the receiving authentication management entity has only one instance, its number is 0; (R) , (mandatory), (2 bytes).
2)ONU Portal的mac个数(Portal MAC num):该属性标识认证上报的用户MAC地址的个数;(R&W)、(强制)、(6个字节)。2) The number of MAC addresses of the ONU Portal (Portal MAC num): This attribute identifies the number of user MAC addresses reported by the authentication; (R&W), (mandatory), (6 bytes).
3)用户MAC地址的表(MAC list table):该属性标识ONU Portal认证上报的用户MAC地址的表,默认为NULL(空);(6*N个字节)3) MAC list table: This attribute identifies the table of user MAC addresses reported by the ONU Portal authentication. The default is NULL (empty); (6*N bytes)
4)Portal up Managed entity ID:标示Portal上报的实例id号;Portal MAC num:ONU Portal认证上报的用户MAC地址的个数;Portal MAC list table:ONU Portal认证上报的用户MAC地址的表,默认为NULL(空)。 4) Portal up Managed entity ID: indicates the instance id number reported by the portal; Portal MAC num: the number of user MAC addresses reported by the ONU Portal authentication; Portal MAC list table: the table of the user MAC address reported by the ONU Portal authentication. The default is NULL (empty).
所述认证结果接收反馈模块123用于从所述网络访问终端接收网络访问认证结果并并将所述网络访问认证结果反馈至所述光网络单元11。如果所述网络访问终端的网络访问认证通过,OLT的Portal服务会告知OLT认证结果,OLT通过OMCI协议通知ONU此网络访问终端的认证结果。The authentication result receiving feedback module 123 is configured to receive a network access authentication result from the network access terminal and feed back the network access authentication result to the optical network unit 11. If the network access authentication of the network access terminal passes, the Portal service of the OLT notifies the OLT of the authentication result, and the OLT notifies the ONU of the authentication result of the network access terminal by using the OMCI protocol.
为使本领域技术人员进一步理解本实施例的网络访问认证系统1,以下对本实施例的网络访问认证系统1中的光网络单元11和光线路终端12的交互过程进行进一步说明。In order to further understand the network access authentication system 1 of the present embodiment, the interaction process between the optical network unit 11 and the optical line terminal 12 in the network access authentication system 1 of the present embodiment is further described below.
如图2所示,当用户发送上网请求时,通过ONU的Http报文,由ONU中的网络访问终端请求接收模111块获取请求,由所述判断模块117判断该用户是否已经经过Portal认证,若之前经过Portal认证,则所述网络访问控制模块115直接允许该用户上网,若还没有经过Portal认证,ONU中的请求发送模块112通过OMCI协议将用户的MAC地址发送到OLT,OLT中的网络访问请求接收模块121接收到上网请求报文后,所述认证页面推送模块122向ONU推送Portal认证页面,ONU中的认证页面接收模块113接收所述Portal认证页面,并由所述认证页面反馈模块114根据用户MAC地址在向用户Http发送此Portal认证页面,当用户所使用的网络访问终端(例如电脑)接收到此Portal认证页面时,可以实现认证,如果认证通过,OLT中的认证结果接收反馈模块123获取认证结果,同时所述认证结果接收反馈模块123通过OMCI协议通知ONU此用户的认证结果,如果认证通过ONU中的网络访问控制模块115对此用户放行,从而用户可以上网,ONU中的存储模块116保存认证信息,以便用户下次不需要再进行认证。As shown in FIG. 2, when the user sends an Internet access request, the network access terminal in the ONU requests the receiving mode 111 block acquisition request through the Http message of the ONU, and the determining module 117 determines whether the user has passed the Portal authentication. If the portal authentication is performed, the network access control module 115 directly allows the user to access the Internet. If the portal authentication has not been performed, the request sending module 112 in the ONU sends the MAC address of the user to the OLT through the OMCI protocol. After the access request receiving module 121 receives the Internet access request message, the authentication page pushing module 122 pushes the Portal authentication page to the ONU, and the authentication page receiving module 113 in the ONU receives the Portal authentication page, and the authentication page feedback module The gateway authentication page is sent to the user Http according to the user MAC address. When the network access terminal (for example, a computer) used by the user receives the portal authentication page, the authentication can be implemented. If the authentication is passed, the authentication result in the OLT receives the feedback. The module 123 obtains the authentication result, and the authentication result receiving feedback module 123 notifies by the OMCI protocol. The ONU authenticates the user. If the authentication is released to the user through the network access control module 115 in the ONU, the user can access the Internet. The storage module 116 in the ONU saves the authentication information so that the user does not need to perform authentication again next time.
综上所述,本发明通过光网络单元将网络访问终端发送的网络访问请求发送到光线路终端,由光线路终端推送用于进行网络访问认证的网络访问认证页面并网络访问终端的网络访问认证结果反馈至光网络单元,由光网络单元根据接收到所述网络访问认证结果确定是否允许网络访问终端进行网络访问,达到在无源光纤网络系统中实现网络访问认证的目的,本发明可以快速的实现网络访问认证(Portal认证)过程,并且光网络单元以快速通知网络访问终端用户上网。所以,本发明有效克服了现有技术中的种种缺点而具高度产业利用价值。In summary, the present invention transmits a network access request sent by a network access terminal to an optical line terminal through an optical network unit, and the network access authentication page for performing network access authentication is pushed by the optical line terminal and the network access authentication of the network access terminal is performed. The result is fed back to the optical network unit, and the optical network unit determines whether to allow the network access terminal to perform network access according to the received network access authentication result, so as to achieve the purpose of implementing network access authentication in the passive optical network system, the present invention can be fast The network access authentication (Portal authentication) process is implemented, and the optical network unit accesses the terminal user to access the Internet by quickly notifying the network. Therefore, the present invention effectively overcomes various shortcomings in the prior art and has high industrial utilization value.
上述实施例仅例示性说明本发明的原理及其功效,而非用于限制本发明。任何熟悉此技术的人士皆可在不违背本发明的精神及范畴下,对上述实施例进行修饰或改变。因此,举凡所属技术领域中具有通常知识者在未脱离本发明所揭示的精神与技术思想下所完成的一切等效修饰或改变,仍应由本发明的权利要求所涵盖。 The above-described embodiments are merely illustrative of the principles of the invention and its effects, and are not intended to limit the invention. Modifications or variations of the above-described embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, all equivalent modifications or changes made by those skilled in the art without departing from the spirit and scope of the invention will be covered by the appended claims.

Claims (10)

  1. 一种网络访问认证方法,用于在无源光纤网络系统中进行网络访问认证,其特征在于:所述网络访问认证方法包括:A network access authentication method for performing network access authentication in a passive optical network system, wherein the network access authentication method includes:
    无源光纤网络系统中的光网络单元在接收到网络访问终端发送的网络访问请求时,将所述网络访问请求发送到无源光纤网络系统中的光线路终端;The optical network unit in the passive optical network system sends the network access request to the optical line terminal in the passive optical network system when receiving the network access request sent by the network access terminal;
    所述光线路终端根据接收到的网络访问请求向所述光网络单元推送用于进行网络访问认证的网络访问认证页面;The optical line terminal pushes a network access authentication page for performing network access authentication to the optical network unit according to the received network access request;
    所述光网络单元将接收到的所述网络访问认证页面反馈至所述网络访问终端,以使所述网络访问终端根据所述网络访问认证页面进行网络访问认证;The optical network unit feeds back the received network access authentication page to the network access terminal, so that the network access terminal performs network access authentication according to the network access authentication page;
    所述光线路终端获取所述网络访问终端的网络访问认证结果并将所述网络访问认证结果反馈至所述光网络单元;Obtaining, by the optical line terminal, a network access authentication result of the network access terminal, and feeding back the network access authentication result to the optical network unit;
    所述光网络单元根据接收到的所述网络访问认证结果确定是否允许所述网络访问终端进行网络访问。The optical network unit determines, according to the received network access authentication result, whether the network access terminal is allowed to perform network access.
  2. 根据权利要求1所述的网络访问认证方法,其特征在于:所述网络访问认证方法还包括:所述光网络单元在接收到认证成功的所述网络访问认证结果时,所述光网络单元存储所述网络访问认证结果。The network access authentication method according to claim 1, wherein the network access authentication method further comprises: when the optical network unit receives the network access authentication result that the authentication is successful, the optical network unit stores The network accesses the authentication result.
  3. 根据权利要求1或2所述的网络访问认证方法,其特征在于:所述无源光纤网络系统中的光网络单元在接收到网络访问终端发送的网络访问请求时,将所述网络访问请求发送到无源光纤网络系统中的光线路终端具体包括:所述光网络单元在接收到网络访问终端发送的网络访问请求时,所述光网络单元判断所述网络访问终端是否是网络访问认证成功的网络访问终端且在所述网络访问终端不是网络访问认证成功的网络访问终端时,将所述网络访问请求发送到无源光纤网络系统中的光线路终端。The network access authentication method according to claim 1 or 2, wherein the optical network unit in the passive optical network system sends the network access request when receiving a network access request sent by the network access terminal The optical line terminal in the passive optical network system specifically includes: when the optical network unit receives the network access request sent by the network access terminal, the optical network unit determines whether the network access terminal is successful in network access authentication. The network access terminal sends the network access request to the optical line terminal in the passive optical network system when the network access terminal is not a network access terminal with successful network access authentication.
  4. 根据权利要求1所述的网络访问认证方法,其特征在于:所述光网络单元和所述光线路终端之间通过光网络单元管理控制接口进行通信。The network access authentication method according to claim 1, wherein the optical network unit and the optical line terminal communicate with each other through an optical network unit management control interface.
  5. 一种光网络单元,用于在无源光纤网络系统中进行网络访问认证,其特征在于:所述光网络单元包括:An optical network unit is configured to perform network access authentication in a passive optical network system, where the optical network unit includes:
    网络访问终端请求接收模块,用于接收网络访问终端发送的网络访问请求;a network access terminal request receiving module, configured to receive a network access request sent by the network access terminal;
    请求发送模块,与所述网络访问终端请求接收模块相连,用于将所述网络访问请求发 送到无源光纤网络系统中的光线路终端;a request sending module, connected to the network access terminal request receiving module, configured to send the network access request An optical line terminal that is sent to a passive optical network system;
    认证页面接收模块,用于从所述无源光纤网络系统中的光线路终端接收用于进行网络访问认证的网络访问认证页面;An authentication page receiving module, configured to receive, from an optical line terminal in the passive optical network system, a network access authentication page for performing network access authentication;
    认证页面反馈模块,与所述认证页面接收模块相连,用于将接收到的所述网络访问认证页面反馈至所述网络访问终端,以使所述网络访问终端根据所述网络访问认证页面进行网络访问认证;The authentication page feedback module is connected to the authentication page receiving module, and is configured to feed back the received network access authentication page to the network access terminal, so that the network access terminal performs network according to the network access authentication page. Access authentication
    网络访问控制模块,用于从所述无源光纤网络系统中的光线路终端接收接收网络访问认证结果并根据所述网络访问认证结果确定是否允许所述网络访问终端进行网络访问。And a network access control module, configured to receive a network access authentication result from the optical line terminal in the passive optical network system, and determine whether to allow the network access terminal to perform network access according to the network access authentication result.
  6. 根据权利要求5所述的光网络单元,其特征在于:所述光网络单元还包括:The optical network unit according to claim 5, wherein the optical network unit further comprises:
    存储模块,用于在接收到认证成功的所述网络访问认证结果时存储所述网络访问认证结果。And a storage module, configured to store the network access authentication result when receiving the network access authentication result that is successfully authenticated.
  7. 根据权利要求6所述的光网络单元,其特征在于:所述光网络单元还包括:The optical network unit according to claim 6, wherein the optical network unit further comprises:
    判断模块,与所述存储模块相连,用于在接收到网络访问终端发送的网络访问请求时,判断所述网络访问终端是否是网络访问认证成功的网络访问终端;The determining module is connected to the storage module, and is configured to determine, when receiving the network access request sent by the network access terminal, whether the network access terminal is a network access terminal with successful network access authentication;
    在所述网络访问终端不是网络访问认证成功的网络访问终端时,所述请求发送模块将所述网络访问请求发送到无源光纤网络系统中的光线路终端。When the network access terminal is not a network access terminal with successful network access authentication, the request sending module sends the network access request to an optical line terminal in the passive optical network system.
  8. 一种光线路终端,用于在无源光纤网络系统中进行网络访问认证,其特征在于:所述光线路终端包括:An optical line terminal for performing network access authentication in a passive optical network system, wherein the optical line terminal comprises:
    网络访问请求接收模块,用于从无源光纤网络系统中的光网络单元接收网络访问请求;a network access request receiving module, configured to receive a network access request from an optical network unit in the passive optical network system;
    认证页面推送模块,与所述网络访问请求接收模块相连,用于根据接收到的网络访问请求向所述光网络单元推送用于进行网络访问认证的网络访问认证页面;The authentication page pushing module is connected to the network access request receiving module, and is configured to push, to the optical network unit, a network access authentication page for performing network access authentication according to the received network access request;
    认证结果接收反馈模块,用于从所述网络访问终端接收网络访问认证结果并并将所述网络访问认证结果反馈至所述光网络单元。The authentication result receiving feedback module is configured to receive a network access authentication result from the network access terminal and feed back the network access authentication result to the optical network unit.
  9. 一种网络访问认证系统,用于在无源光纤网络系统中进行网络访问认证,其特征在于:所述网络访问认证系统包括如权利要求5至权利要求7中任一权利要求所述的光网络单元和如权利要求8中所述的光线路终端。 A network access authentication system for performing network access authentication in a passive optical network system, characterized in that the network access authentication system comprises the optical network according to any one of claims 5 to 7. A unit and an optical line terminal as claimed in claim 8.
  10. 根据权利要求9所述的网络访问认证系统,其特征在于:所述光网络单元和所述光线路终端之间通过光网络单元管理控制接口进行通信。 The network access authentication system according to claim 9, wherein the optical network unit and the optical line terminal communicate with each other through an optical network unit management control interface.
PCT/CN2016/101364 2015-11-05 2016-09-30 Network access authentication method and system WO2017076146A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510745079.5 2015-11-05
CN201510745079.5A CN105407093B (en) 2015-11-05 2015-11-05 A kind of network access au-thentication method and system

Publications (1)

Publication Number Publication Date
WO2017076146A1 true WO2017076146A1 (en) 2017-05-11

Family

ID=55472348

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/101364 WO2017076146A1 (en) 2015-11-05 2016-09-30 Network access authentication method and system

Country Status (2)

Country Link
CN (1) CN105407093B (en)
WO (1) WO2017076146A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112969204A (en) * 2021-02-26 2021-06-15 维沃移动通信有限公司 Cell data transmission method and device and electronic equipment
CN113014554A (en) * 2021-02-07 2021-06-22 博为科技有限公司 Automatic switching method and system for internet access channel, ONU (optical network unit) equipment and OLT (optical line terminal) equipment

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105407093B (en) * 2015-11-05 2019-09-13 上海斐讯数据通信技术有限公司 A kind of network access au-thentication method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1917448A (en) * 2006-09-06 2007-02-21 华为技术有限公司 Method for managing optical network with no source
CN101141448A (en) * 2007-09-28 2008-03-12 西安大唐电信有限公司 Method for implementing IEEE802.1x user port authentication in ethernet passive optical network
WO2008040256A1 (en) * 2006-09-29 2008-04-10 Huawei Technologies Co., Ltd. A user authentication method, apparatus and system for passive optical network
CN105187261A (en) * 2015-10-20 2015-12-23 上海斐讯数据通信技术有限公司 Ethernet passive optical network access authentication method and system
CN105407093A (en) * 2015-11-05 2016-03-16 上海斐讯数据通信技术有限公司 Network access authentication method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100675836B1 (en) * 2004-12-10 2007-01-29 한국전자통신연구원 Authentication method for a link protection in EPON

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1917448A (en) * 2006-09-06 2007-02-21 华为技术有限公司 Method for managing optical network with no source
WO2008040256A1 (en) * 2006-09-29 2008-04-10 Huawei Technologies Co., Ltd. A user authentication method, apparatus and system for passive optical network
CN101141448A (en) * 2007-09-28 2008-03-12 西安大唐电信有限公司 Method for implementing IEEE802.1x user port authentication in ethernet passive optical network
CN105187261A (en) * 2015-10-20 2015-12-23 上海斐讯数据通信技术有限公司 Ethernet passive optical network access authentication method and system
CN105407093A (en) * 2015-11-05 2016-03-16 上海斐讯数据通信技术有限公司 Network access authentication method and system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113014554A (en) * 2021-02-07 2021-06-22 博为科技有限公司 Automatic switching method and system for internet access channel, ONU (optical network unit) equipment and OLT (optical line terminal) equipment
CN113014554B (en) * 2021-02-07 2023-06-13 博为科技有限公司 Automatic switching method and system for internet surfing channels, ONU (optical network Unit) equipment and OLT (optical line terminal) equipment
CN112969204A (en) * 2021-02-26 2021-06-15 维沃移动通信有限公司 Cell data transmission method and device and electronic equipment
CN112969204B (en) * 2021-02-26 2022-12-02 维沃移动通信有限公司 Cell data transmission method and device and electronic equipment

Also Published As

Publication number Publication date
CN105407093B (en) 2019-09-13
CN105407093A (en) 2016-03-16

Similar Documents

Publication Publication Date Title
KR101325790B1 (en) Distributed authentication functionality
EP3154222B1 (en) Service configuration data processing method and apparatus
CN102571353B (en) The method of verifying legitimacy of home gateway in passive optical network
US20140019757A1 (en) Authentication method and system
US9998211B2 (en) Protection switching method, system, and apparatus for passive optical network
US10601830B2 (en) Method, device and system for obtaining local domain name
WO2011127731A1 (en) Registration activation method and system for optical network unit
WO2017076146A1 (en) Network access authentication method and system
CN101127598A (en) A method and system for 802.1x authentication in passive optical network
WO2016191942A1 (en) Optical network unit authentication method, optical line terminal and optical network unit
WO2016169260A1 (en) Authentication and registration method, device and system for optical access module
EP3883257B1 (en) Data communication and communication management method based on distributed processing unit (dpu) and dpu
WO2017005163A1 (en) Wireless communication-based security authentication device
CN103595712A (en) Method, device and system for Web authentication
US8495371B2 (en) Network device authentication
WO2013082813A1 (en) Bandwidth resource management method, system, and device
WO2015123807A1 (en) Method, apparatus and system for obtaining configuration file
CN113014554A (en) Automatic switching method and system for internet access channel, ONU (optical network unit) equipment and OLT (optical line terminal) equipment
WO2017077760A1 (en) Station-side device, information management device, terminal authentication method and information management method
WO2014101084A1 (en) Authentication method, device and system
CN112689210B (en) Configuration system and method for accessing terminal equipment to EPON (Ethernet Passive optical network)
KR100606095B1 (en) Transmission method and apparatus of a secure key after user authentication in a ethernet passive optical network system
CN106961348B (en) User terminal management method and system
JP2010130341A (en) Ge-pon system
KR101477647B1 (en) System and Method for Device Management using Notification Message

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16861414

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16861414

Country of ref document: EP

Kind code of ref document: A1