CN103595711A - Adjusting safety access method and exchanger - Google Patents
Adjusting safety access method and exchanger Download PDFInfo
- Publication number
- CN103595711A CN103595711A CN201310546098.6A CN201310546098A CN103595711A CN 103595711 A CN103595711 A CN 103595711A CN 201310546098 A CN201310546098 A CN 201310546098A CN 103595711 A CN103595711 A CN 103595711A
- Authority
- CN
- China
- Prior art keywords
- dhcp
- list item
- acl
- address
- subscriber equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an adjusting safety access method and an exchanger. The adjusting safety access method comprises the steps that DHCP list items of user equipment in a protocol DHCP binding list are configured according to a dynamic host, ACL list items are issued according to the DHCP list items, and whether the ACL list items are full or not is judged; when the ACL list items are full, an ARP request message is broadcasted; whether an ARP response is received or not is monitored, and if the ARP response is not received, the ACL list items corresponding to an ACL rule of the DHCP list items in a hardware ACL are deleted. According to the adjusting safety access method and the exchanger, the access demands of more sets of DHCP user equipment can be met, and the utilization rate of an exchanger ACL is improved.
Description
Technical field
The present invention relates to computer network data communication technical field, relate in particular to a kind of method and switch of adjusting safety access.
Background technology
DHCP (Dynamic Host Configuration Protocol, dynamic address resolution agreement) be a kind of automatic user assignment IP(Internet Protocol of being, the agreement interconnecting between network) agreement of address and other options (as gateway, domain name system), be widely used in local area network (LAN), DHCP has simplified the deployment of network, has also been easy to the maintenance of network.DHCP SNOOPING is a kind of proprietary protocol of the DHCP of monitoring request process, and it uses in switch, and the user that each is successfully obtained to IP generates a DHCP binding information.
Gratuitous ARP packet is a kind of special ARP message, and the transmitting terminal IP address of carrying in this message and target ip address are all the machine IP addresses, and message source MAC Address is the machine MAC Address, and the target MAC (Media Access Control) address of message is broadcast address.The IP address that equipment is determined miscellaneous equipment by external transmission gratuitous ARP packet whether with the IP address conflict of the machine.When miscellaneous equipment is received after gratuitous ARP packet, if find that the IP address in message is identical with the IP address of oneself, return to an arp reply to the equipment that sends gratuitous ARP packet, inform this IP address of equipment conflict.
ACL(Access Control List, Access Control List (ACL)) be the set of one or more rule, for identifying message flow.The rule here refers to the judgement statement of describing message matching condition, and matching condition can be the source address, destination address, port numbers of message etc.The network equipment identifies specific message according to these rules, and according to predefined strategy, it is processed.
In order to prevent user's access network privately, be convenient to the maintenance and management of network, can implement Access Control Policy in conjunction with DHCP SNOOPING, the main frame that obtains IP by DHCP mode can accesses network, and the main frame of setting up IP illegally will not allow accesses network.This access strategy need to be realized in conjunction with exchange hardware ACL, and each DHCP user need to issue an acl rule that allows accesses network.Due to switching equipment ACL list item finite capacity, therefore, when DHCP binding list item number is greater than the ACL list item number of equipment, the ACL that some DHCP binding list items are corresponding cannot issue, and these DHCP users cannot accesses network.
In the prior art, the ACL list item finite capacity of switching equipment, therefore, when DHCP binding list item number is greater than the number of capacity of ACL list item of equipment, the ACL list item that some DHCP binding list items are corresponding cannot issue, these DHCP subscriber equipmenies just cannot accesses network, and the utilance of Access Control List (ACL) is lower.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of method and switch of adjusting safety access, controls the technical problem of the utilance of list to solve switch-access that above background technology partly mentions.
On the one hand, the embodiment of the present invention provides a kind of method of adjusting safety access, comprising:
According to the DHCP list item of subscriber equipment in dynamic host configuration protocol DHCP binding table, according to described DHCP list item, issue ACL list item, judge that whether described ACL list item is full;
When described ACL list item is expired, broadcast address analysis protocol ARP request message, wherein, the IP address of the transmitting terminal of described ARP request message and the IP address of destination end are the IP address of subscriber equipment described in described DHCP list item, it is the MAC Address of subscriber equipment described in described DHCP list item that MAC Address is controlled in the media interviews of the transmitting terminal of described ARP request message, and the MAC Address of the destination end of described ARP request message is broadcast address;
Monitor and whether receive ARP response, if receive described ARP, respond, described DHCP list item is controlled to the ACL list item that in list ACL, acl rule is corresponding at hardware access and delete.
Preferably, described, according to the DHCP list item of subscriber equipment in dynamic host configuration protocol DHCP binding table, according to described DHCP list item, issue ACL list item, before judging that whether described ACL list item is full, also comprise:
Receive the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, wherein, described DHCP request message comprises that DHCP tries to find out the MAC Address of process, incoming end slogan and virtual LAN VLAN number, and the back message using of described Dynamic Host Configuration Protocol server comprises that DHCP tries to find out IP address, rental period, gateway and the domain name system DNS number of process;
According to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, in DHCP binding table, create DHCP list item;
According to described DHCP list item, generate ACL list item.
Preferably, before the back message using of the DHCP of described reception subscriber equipment request message and Dynamic Host Configuration Protocol server, also comprise:
The monitor function that the DHCP of enabled switch tries to find out;
Issue a DHCP message redirecting to the acl rule of switch CPU, issue the acl rule that an acquiescence does not forward all messages simultaneously.
Preferably, described according to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, in DHCP binding table, create DHCP list item, comprising:
MAC Address in described DHCP request message, access interface and vlan number information are saved in the DHCP list item of binding table of described subscriber equipment;
After receiving the back message using of described Dynamic Host Configuration Protocol server, extract IP address and rental period in described back message using, and described IP address and rental period are added in the DHCP list item of binding table of described subscriber equipment.
Preferably, described ACL list item comprises: IP address, MAC Address, access interface and the vlan number of described subscriber equipment.
Answer in contrast, the embodiment of the present invention provides a kind of switch, comprising:
Judgement entry module, for according to the DHCP list item of dynamic host configuration protocol DHCP binding table subscriber equipment, issues ACL list item according to described DHCP list item, judges that whether described ACL list item is full;
Message request module, for when described ACL list item is expired, broadcast address analysis protocol ARP request message, wherein, the IP address of the transmitting terminal of described ARP request message and the IP address of destination end are the IP address of subscriber equipment described in described DHCP list item, it is the MAC Address of subscriber equipment described in described DHCP list item that MAC Address is controlled in the media interviews of the transmitting terminal of described ARP request message, and the MAC Address of the destination end of described ARP request message is broadcast address;
Monitor and reply module, for monitoring, whether receive ARP response, if receive described ARP, respond, described DHCP list item is controlled to the ACL list item that in list ACL, acl rule is corresponding at hardware access and delete.
Preferably, described switch also comprises:
Receive message module, be used for described according to the DHCP list item of dynamic host configuration protocol DHCP binding table subscriber equipment, according to described DHCP list item, issue ACL list item, before judging that whether described ACL list item is full, receive the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, wherein, described DHCP request message comprises that DHCP tries to find out the MAC Address of process, incoming end slogan and virtual LAN VLAN number, and the back message using of described Dynamic Host Configuration Protocol server comprises that DHCP tries to find out IP address, rental period, gateway and the domain name system DNS number of process;
Create entry module, for according to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, in DHCP binding table, create DHCP list item;
Generating table entry module, for according to described DHCP list item, generates ACL list item.
Preferably, described switch also comprises:
Configuration module, for before receiving the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, the monitor function that the DHCP of enabled switch tries to find out, issue a DHCP message redirecting to the acl rule of switch CPU, issue the acl rule that an acquiescence does not forward all messages simultaneously.
Preferably, described establishment entry module specifically for:
MAC Address in described DHCP request message, access interface and vlan number information are saved in the DHCP list item of binding table of described subscriber equipment;
After receiving the back message using of described Dynamic Host Configuration Protocol server, extract IP address and rental period in described back message using, and described IP address and rental period are added in the DHCP list item of binding table of described subscriber equipment.
Preferably, the ACL list item that described monitoring is replied in module comprises: IP address, MAC Address, access interface and the vlan number of described subscriber equipment.
The embodiment of the present invention provides a kind of method and switch of adjusting safety access, has following features: access requirement that can more DHCP subscriber equipmenies, has improved the utilance that switch-access is controlled list.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only embodiments of the invention, for those of ordinary skills, do not paying under the prerequisite of creative work, other accompanying drawing can also be provided according to the accompanying drawing providing.
Fig. 1 is the applicable network application figure of the embodiment of the present invention;
Fig. 2 is the realization flow figure that first embodiment of the invention provides the method for adjusting safety access;
Fig. 3 is the realization flow figure of the method that accesses safely of adjustment that second embodiment of the invention provides;
Fig. 4 is the structural representation of the device of the switch that provides of third embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
The applicable network environment of the embodiment of the present invention as shown in Figure 1.In network, be provided with switch, it is connected with a plurality of subscriber equipmenies with Dynamic Host Configuration Protocol server respectively.
Embodiment mono-
Fig. 1 is the realization flow figure of the method that accesses safely of adjustment that first embodiment of the invention provides.The switch that the method that the embodiment of the present invention provides can be provided by the embodiment of the present invention in the network environment shown in Fig. 1 is carried out.As shown in Figure 2, a kind of method of adjusting safety access that the embodiment of the present invention one provides comprises:
Step S201, according to the DHCP list item of subscriber equipment in dynamic host configuration protocol DHCP binding table, issues ACL list item according to described DHCP list item, judges that whether described ACL list item is full.
Step 202, when described ACL list item is expired, broadcast address analysis protocol ARP request message.
In step 202, described ARP request message can be gratuitous ARP request message, the IP address of its transmitting terminal and the IP address of destination end are the IP address of subscriber equipment described in described DHCP list item, the MAC Address of the transmitting terminal of described ARP request message is the MAC Address of subscriber equipment described in described DHCP list item, and the MAC Address of the destination end of described ARP request message is broadcast address.Thus, can convey each subscriber equipment that switch is connected and all receive this message, and respond according to protocols having.Because ARP request message is that address based on each list item sends, thus if subscriber equipment is online, will inevitably receive the ARP request message consistent with self address, and need carry out ARP response according to agreement.
Step S203, monitors and whether receives ARP response, if receive described ARP, responds, and described DHCP list item is controlled to the ACL list item that in list ACL, acl rule is corresponding at hardware access and deletes.
Need to describe, switch monitors whether receive ARP response, if receive ARP before described second timer is set duration cut-off, responds, and determines that the subscriber equipment of described DHCP list item is in off-line state.
In step S203, described acl rule be in Access Control List (ACL) for identifying the judgement statement of the matching condition of message flow, described ACL list item can comprise: IP address, MAC Address, access interface and the vlan number of described subscriber equipment.
The method that the adjustment that the present embodiment one provides accesses safely, by monitoring, whether receiving ARP responds, judge that whether the relative user equipment of DHCP list item is in off-line state, and ACL list item corresponding to the subscriber equipment of deleting the DHCP list item under off-line state, can, for subscriber equipment provides ACL list item space, improve the utilance of switch-access control list.In such scheme, can to ACL list item, clear up maintenance in time.Utilized gratuitous ARP request message and ARP thereof to respond, effectively utilized existing message mechanism, without expansion extra equipment and software, so the popularization of technology is convenient, cost is low.
Embodiment bis-
Fig. 3 is that second embodiment of the invention provides a kind of realization flow figure that adjusts the method for safety access.The present embodiment be take embodiment mono-as basis, and hardware environment is identical with embodiment mono-.As shown in Figure 3, the method that the embodiment of the present invention provides comprises:
In embodiments of the present invention, described DHCP request message comprises MAC Address, incoming end slogan and the vlan number of DHCP SNOOPING process, and the back message using of described Dynamic Host Configuration Protocol server comprises IP address, rental period, gateway and the domain name system DNS number of DHCP SNOOPING process.
Step 302 according to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, creates DHCP list item in DHCP binding table.
In embodiments of the present invention, described DHCP list item comprises: MAC Address, access interface, vlan number, IP address and rental period.The constructive process of described DHCP list item: the MAC Address in described DHCP request message, access interface and vlan number information are saved in the DHCP list item of binding table of described subscriber equipment; After receiving the back message using of described Dynamic Host Configuration Protocol server, extract IP address and rental period in described back message using, and described IP address and rental period are added in the DHCP list item of binding table of described subscriber equipment.
Step 303, according to described DHCP list item, generates ACL list item.
Wherein, described DHCP list item comprises: IP address, MAC Address, access interface, vlan number and rental period.Extract IP address, MAC Address, access interface and vlan number in described DHCP list item, generate corresponding ACL list item.After the message that switch is received, while only having list item in message and a subitem in the described ACL list item in switch to match, can forward described message.
Step 304, judges that whether described ACL list item is full, when described ACL list item is expired, and broadcast address analysis protocol ARP request message;
Step S305 monitors whether receive ARP response, if receive described ARP, responds, and described DHCP list item is controlled to the ACL list item that in list ACL, acl rule is corresponding at hardware access and deletes.
The method that the adjustment that the present embodiment provides accesses safely, is the preferred embodiment proposing on the basis of embodiment mono-, reaches identical function, can provide ACL list item space for subscriber equipment, has improved the utilance of switch-access control list.
Further, before the back message using of the DHCP of described reception subscriber equipment request message and Dynamic Host Configuration Protocol server, preferably also comprise: the monitor function that the DHCP of enabled switch tries to find out; Issue a DHCP message redirecting to the acl rule of switch CPU, issue the acl rule that an acquiescence does not forward all messages simultaneously, wherein, described acl rule is for identifying the judgement statement of the matching condition of message flow in Access Control List (ACL).The usefulness of this scheme is to start the safety function of DHCP SNOOPING process, and pre-configured acl rule, makes switch according to the acl rule information that E-Packets targetedly, guarantees the fail safe that switch E-Packets.
Embodiment tri-
Fig. 4 is the structural representation of the device that comprises of switch that third embodiment of the invention provides.As shown in Figure 4, the device that the embodiment of the present invention provides comprises: module 407 is replied in judgement entry module 405, message request module 406 and monitoring.
In such scheme, by judgement entry module 405, carry out broadcast arp request message, and judgement receives ARP response, and then whether the relative user equipment that judges DHCP list item is in off-line state, by monitoring, reply ACL list item corresponding to subscriber equipment that module 407 is deleted the DHCP list item under off-line state, can carry out cleaning in time to the ACL list item of the subscriber equipment of off-line and safeguard, improve the utilance of switch-access control list.Effectively utilized existing message mechanism, without expansion extra equipment and software, so the popularization of technology is convenient, cost is low.
In such scheme, preferably, also comprise: receive message module 402, create entry module 403 and generating table entry module 404.
Wherein, described reception message module 402, for according to first timer timing cycle, according to the DHCP list item of subscriber equipment in DHCP binding table, before broadcast arp request message, receive the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, wherein, described DHCP request message comprises MAC Address, incoming end slogan and the vlan number of DHCPSNOOPING process, and the back message using of described Dynamic Host Configuration Protocol server comprises IP address, rental period, gateway and the domain name system DNS number of DHCP SNOOPING process.Described establishment entry module 403 for according to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, creates DHCP list item in DHCP binding table.Described generating table entry module 404, for according to described DHCP list item, generates ACL list item.
In such scheme, preferably, also comprise: configuration module 401, for before receiving the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, the monitor function of the DHCP SNOOPING of enabled switch, issue a DHCP message redirecting to the acl rule of switch CPU, issue the acl rule that an acquiescence does not forward all messages simultaneously.
Further, described establishment entry module 403 specifically for: the MAC Address in described DHCP request message, access interface and vlan number information are saved in the DHCP list item of binding table of described subscriber equipment; After receiving the back message using of described Dynamic Host Configuration Protocol server, extract IP address and rental period in described back message using, and described IP address and rental period are added in the DHCP list item of binding table of described subscriber equipment.
In embodiments of the present invention, the ACL list item that described monitoring is replied in module 407 can comprise: IP address, MAC Address, access interface and the vlan number of described subscriber equipment.
The method that the switch that the present embodiment provides accesses safely for the adjustment of carrying out any embodiment of the present invention and providing, possesses corresponding functional module, reaches identical technique effect.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on the network that a plurality of calculation elements form, alternatively, they can realize with the executable program code of computer installation, thereby they can be stored in storage device and be carried out by calculation element, or they are made into respectively to each integrated circuit modules, or a plurality of modules in them or step are made into single integrated circuit module to be realized.Like this, the present invention is not restricted to the combination of any specific hardware and software.
These are only the preferred embodiments of the present invention, be not limited to the present invention, to those skilled in the art, the present invention can have various changes and variation.All any modifications of doing, be equal to replacement, improvement etc., within protection scope of the present invention all should be included within spirit of the present invention and principle.
Claims (10)
1. a method of adjusting safety access, is characterized in that, comprising:
According to the DHCP list item of subscriber equipment in dynamic host configuration protocol DHCP binding table, according to described DHCP list item, issue ACL list item, judge that whether described ACL list item is full;
When described ACL list item is expired, broadcast address analysis protocol ARP request message, wherein, the IP address of the transmitting terminal of described ARP request message and the IP address of destination end are the IP address of subscriber equipment described in described DHCP list item, it is the MAC Address of subscriber equipment described in described DHCP list item that MAC Address is controlled in the media interviews of the transmitting terminal of described ARP request message, and the MAC Address of the destination end of described ARP request message is broadcast address;
Monitor and whether receive ARP response, if receive described ARP, respond, described DHCP list item is controlled to the ACL list item that in list ACL, acl rule is corresponding at hardware access and delete.
2. the method that adjustment safety according to claim 1 accesses, it is characterized in that, described, according to the DHCP list item of subscriber equipment in dynamic host configuration protocol DHCP binding table, according to described DHCP list item, issue ACL list item, before judging that whether described ACL list item is full, also comprise:
Receive the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, wherein, described DHCP request message comprises that DHCP tries to find out the MAC Address of process, incoming end slogan and virtual LAN VLAN number, and the back message using of described Dynamic Host Configuration Protocol server comprises that DHCP tries to find out IP address, rental period, gateway and the domain name system DNS number of process;
According to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, in DHCP binding table, create DHCP list item;
According to described DHCP list item, generate ACL list item.
3. the method for adjusting safety access according to claim 2, is characterized in that, before the back message using of the DHCP of described reception subscriber equipment request message and Dynamic Host Configuration Protocol server, also comprises:
The monitor function that the DHCP of enabled switch tries to find out;
Issue a DHCP message redirecting to the acl rule of switch CPU, issue the acl rule that an acquiescence does not forward all messages simultaneously.
4. the method for adjusting safety access according to claim 2, is characterized in that, described according to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, creates DHCP list item in DHCP binding table, comprising:
MAC Address in described DHCP request message, access interface and vlan number information are saved in the DHCP list item of binding table of described subscriber equipment;
After receiving the back message using of described Dynamic Host Configuration Protocol server, extract IP address and rental period in described back message using, and described IP address and rental period are added in the DHCP list item of binding table of described subscriber equipment.
5. the method for adjusting safety access according to claim 1, is characterized in that, described ACL list item comprises: IP address, MAC Address, access interface and the vlan number of described subscriber equipment.
6. a switch, is characterized in that, comprising:
Judgement entry module, for according to the DHCP list item of dynamic host configuration protocol DHCP binding table subscriber equipment, issues ACL list item according to described DHCP list item, judges that whether described ACL list item is full;
Message request module, for when described ACL list item is expired, broadcast address analysis protocol ARP request message, wherein, the IP address of the transmitting terminal of described ARP request message and the IP address of destination end are the IP address of subscriber equipment described in described DHCP list item, it is the MAC Address of subscriber equipment described in described DHCP list item that MAC Address is controlled in the media interviews of the transmitting terminal of described ARP request message, and the MAC Address of the destination end of described ARP request message is broadcast address;
Monitor and reply module, for monitoring, whether receive ARP response, if receive described ARP, respond, described DHCP list item is controlled to the ACL list item that in list ACL, acl rule is corresponding at hardware access and delete.
7. switch according to claim 6, is characterized in that, also comprises:
Receive message module, be used for described according to the DHCP list item of dynamic host configuration protocol DHCP binding table subscriber equipment, according to described DHCP list item, issue ACL list item, before judging that whether described ACL list item is full, receive the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, wherein, described DHCP request message comprises that DHCP tries to find out the MAC Address of process, incoming end slogan and virtual LAN VLAN number, and the back message using of described Dynamic Host Configuration Protocol server comprises that DHCP tries to find out IP address, rental period, gateway and the domain name system DNS number of process;
Create entry module, for according to the DHCP request message of described subscriber equipment and the back message using of described Dynamic Host Configuration Protocol server, in DHCP binding table, create DHCP list item;
Generating table entry module, for according to described DHCP list item, generates ACL list item.
8. switch according to claim 7, is characterized in that, also comprises:
Configuration module, for before receiving the DHCP request message of subscriber equipment and the back message using of Dynamic Host Configuration Protocol server, the monitor function that the DHCP of enabled switch tries to find out, issue a DHCP message redirecting to the acl rule of switch CPU, issue the acl rule that an acquiescence does not forward all messages simultaneously.
9. switch according to claim 7, is characterized in that, described establishment entry module specifically for:
MAC Address in described DHCP request message, access interface and vlan number information are saved in the DHCP list item of binding table of described subscriber equipment;
After receiving the back message using of described Dynamic Host Configuration Protocol server, extract IP address and rental period in described back message using, and described IP address and rental period are added in the DHCP list item of binding table of described subscriber equipment.
10. switch according to claim 6, is characterized in that, the ACL list item that described monitoring is replied in module comprises: IP address, MAC Address, access interface and the vlan number of described subscriber equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310546098.6A CN103595711A (en) | 2013-11-06 | 2013-11-06 | Adjusting safety access method and exchanger |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310546098.6A CN103595711A (en) | 2013-11-06 | 2013-11-06 | Adjusting safety access method and exchanger |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103595711A true CN103595711A (en) | 2014-02-19 |
Family
ID=50085693
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310546098.6A Pending CN103595711A (en) | 2013-11-06 | 2013-11-06 | Adjusting safety access method and exchanger |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103595711A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106034054A (en) * | 2015-03-17 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Redundant access control list ACL rule file detection method and apparatus thereof |
CN108259271A (en) * | 2018-02-01 | 2018-07-06 | 天津天地伟业信息系统集成有限公司 | A kind of method for detecting link state after more network card bindings by ARP |
CN108512714A (en) * | 2017-02-28 | 2018-09-07 | 华为技术有限公司 | A kind of message transmitting method, relevant device and system |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050055573A1 (en) * | 2003-09-10 | 2005-03-10 | Smith Michael R. | Method and apparatus for providing network security using role-based access control |
US20050259654A1 (en) * | 2004-04-08 | 2005-11-24 | Faulk Robert L Jr | Dynamic access control lists |
CN1870627A (en) * | 2005-08-09 | 2006-11-29 | 华为技术有限公司 | Anti-offence method for ARP buffer storage list |
CN1941722A (en) * | 2006-08-29 | 2007-04-04 | 杭州华为三康技术有限公司 | Method and device for maintaining DHCP safety property list by detecting customer terminal |
CN101106512A (en) * | 2007-09-03 | 2008-01-16 | 华为技术有限公司 | A processing method and device for QinQ termination configuration |
CN101179583A (en) * | 2007-12-17 | 2008-05-14 | 杭州华三通信技术有限公司 | Method and equipment preventing user counterfeit internet |
CN101237378A (en) * | 2008-03-11 | 2008-08-06 | 杭州华三通信技术有限公司 | Mapping method and device of virtual LAN |
CN101304372A (en) * | 2008-06-18 | 2008-11-12 | 华为技术有限公司 | Method, equipment and system for collocating access control list |
US20080316982A1 (en) * | 2007-06-20 | 2008-12-25 | Microsoft Corporation | Managing Dense Wireless Access Point Infrastructures in Wireless Local Area Networks |
CN101453447A (en) * | 2007-12-03 | 2009-06-10 | 华为技术有限公司 | Customer aging method for dynamic host configuration protocol DHCP and access equipment |
US20110106947A1 (en) * | 2009-10-30 | 2011-05-05 | Hangzhou H3C Technologies Co., Ltd. | Method and Apparatus for Dual Stack Access |
CN102868605A (en) * | 2012-09-05 | 2013-01-09 | 浙江宇视科技有限公司 | Looped network data protection method and device |
-
2013
- 2013-11-06 CN CN201310546098.6A patent/CN103595711A/en active Pending
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050055573A1 (en) * | 2003-09-10 | 2005-03-10 | Smith Michael R. | Method and apparatus for providing network security using role-based access control |
US20050259654A1 (en) * | 2004-04-08 | 2005-11-24 | Faulk Robert L Jr | Dynamic access control lists |
CN1870627A (en) * | 2005-08-09 | 2006-11-29 | 华为技术有限公司 | Anti-offence method for ARP buffer storage list |
CN1941722A (en) * | 2006-08-29 | 2007-04-04 | 杭州华为三康技术有限公司 | Method and device for maintaining DHCP safety property list by detecting customer terminal |
US20080316982A1 (en) * | 2007-06-20 | 2008-12-25 | Microsoft Corporation | Managing Dense Wireless Access Point Infrastructures in Wireless Local Area Networks |
CN101106512A (en) * | 2007-09-03 | 2008-01-16 | 华为技术有限公司 | A processing method and device for QinQ termination configuration |
CN101453447A (en) * | 2007-12-03 | 2009-06-10 | 华为技术有限公司 | Customer aging method for dynamic host configuration protocol DHCP and access equipment |
CN101179583A (en) * | 2007-12-17 | 2008-05-14 | 杭州华三通信技术有限公司 | Method and equipment preventing user counterfeit internet |
CN101237378A (en) * | 2008-03-11 | 2008-08-06 | 杭州华三通信技术有限公司 | Mapping method and device of virtual LAN |
CN101304372A (en) * | 2008-06-18 | 2008-11-12 | 华为技术有限公司 | Method, equipment and system for collocating access control list |
US20110106947A1 (en) * | 2009-10-30 | 2011-05-05 | Hangzhou H3C Technologies Co., Ltd. | Method and Apparatus for Dual Stack Access |
CN102868605A (en) * | 2012-09-05 | 2013-01-09 | 浙江宇视科技有限公司 | Looped network data protection method and device |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106034054A (en) * | 2015-03-17 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Redundant access control list ACL rule file detection method and apparatus thereof |
CN106034054B (en) * | 2015-03-17 | 2019-07-05 | 阿里巴巴集团控股有限公司 | Redundant access controls list acl rule file test method and device |
CN108512714A (en) * | 2017-02-28 | 2018-09-07 | 华为技术有限公司 | A kind of message transmitting method, relevant device and system |
CN108512714B (en) * | 2017-02-28 | 2021-10-01 | 华为技术有限公司 | Message transmission method, related equipment and system |
CN108259271A (en) * | 2018-02-01 | 2018-07-06 | 天津天地伟业信息系统集成有限公司 | A kind of method for detecting link state after more network card bindings by ARP |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9729501B2 (en) | System and data card for stateless automatic configuration of IPv6 address and method for implementing the same | |
EP2364543B1 (en) | Broadband network access | |
CN101883158B (en) | Method and client for acquiring VLAN (Virtual Local Area Network) IDs (Identifiers) and network protocol addresses | |
EP4240041A1 (en) | Method, apparatus, and edge node controller for allocating edge node | |
CN101179515B (en) | Method and device for inhibiting black hole routing | |
CN103825777A (en) | DMZ server switching method and device | |
WO2012146120A1 (en) | Method for forwarding response packet from dhcp server, forwarding device and system | |
CN102025799A (en) | Method for discovery and automatic configuration for IP address of device | |
CN105959282A (en) | Protection method and device for DHCP attack | |
CN101197811B (en) | Method for improving server reliability in dynamic main unit configuration protocol under proxy mode | |
CN102347903B (en) | Data message forwarding method as well as device and system | |
CN103795581A (en) | Address processing method and address processing device | |
US8291111B1 (en) | Responding to a DHCPLEASEQUERY message | |
CN103595711A (en) | Adjusting safety access method and exchanger | |
CN102917082A (en) | Information push method and system of transit-network address translation | |
CN101729314A (en) | Method and device for recovering dynamic table entries and dynamic host configuration protocol snoopingsnooping equipment | |
WO2017000625A1 (en) | Dynamic host configuration protocol (dhcp) server management method and apparatus | |
CN104869665A (en) | Network connection control method, router and mobile equipment | |
CN104581977B (en) | WLAN user management method, apparatus and system | |
CN107592261A (en) | Message processing method, device and router | |
CN102594808A (en) | System and method for preventing Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) server spoofing | |
CN115174528A (en) | Equipment address control method, device and system | |
CN104468467A (en) | Dynamic host configuration protocol (DHCP) message transmitting method and device | |
CN104283982B (en) | A kind of method that DMZ host automatically points to, system and gateway | |
CN104486252B (en) | A kind of method and device of thin-client access standard client |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140219 |