CN104601743A - IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet - Google Patents

IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet Download PDF

Info

Publication number
CN104601743A
CN104601743A CN201510072184.7A CN201510072184A CN104601743A CN 104601743 A CN104601743 A CN 104601743A CN 201510072184 A CN201510072184 A CN 201510072184A CN 104601743 A CN104601743 A CN 104601743A
Authority
CN
China
Prior art keywords
ipoe
address
message
stack
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510072184.7A
Other languages
Chinese (zh)
Inventor
邱元香
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201510072184.7A priority Critical patent/CN104601743A/en
Publication of CN104601743A publication Critical patent/CN104601743A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/503Internet protocol [IP] addresses using an authentication, authorisation and accounting [AAA] protocol, e.g. remote authentication dial-in user service [RADIUS] or Diameter
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/686Types of network addresses using dual-stack hosts, e.g. in Internet protocol version 4 [IPv4]/Internet protocol version 6 [IPv6] networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides an IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet. The IP forwarding IPoE dual-stack user access control method includes that a BRAS (broadband remote access server) receives DHCP (dynamic host configuration protocol) request IP address messages used for triggering a current user, judging whether IPoE conversation corresponding to MAC (medium access control) of an IPoE dual-stack client in the DHCP request IP address messages exists or not when the current user accesses, if yes, processing the currently received DHCP request IP address messages according to states of the IPoE conversation instead of requesting an authentication server to perform user authentication of the DHCP request IP address messages. Accordingly, once authentication and authorization of one IPoE dual-stack user is realized, and the problem of twice independent access of the dual-stack IPoE user is solved.

Description

IP based on ether forwards the two stack user access control method of IPoE and equipment
Technical field
The application relates to the network communications technology, and the IP particularly based on ether forwards (IPoE:IP overEthernet) two stack user access control method and equipment.
Background technology
In IPoE access way, support that two stack IPoE users of IPv4 and IPv6 need to perform IPv4 user's access and IPv6 user's access twice totally access respectively.Wherein, IPv4 user access and IPv6 user access both separate.
And for IPv4 user's access and IPv6 user's access, there are some common technological means in it, such as: when Broadband Remote Access Server (BRAS:Broadband Remote Access Server) receives DHCP (DHCP:Dynamic HostConfiguration Protocol) the IP address requesting message that two stack IPoE user sent by client (being called two stack IPoE client) when performing IPv4 user's access or IPv6 user accesses, the user profile of two stack IPoE user accessing position information that request authentication server carries DHCP request IP address message as remote customer dialing authentication server (RADIUS:Remote Authentication Dial In User Service) and/or two stack IPoE user carries out user authentication, BRAS receives the authentication result that aaa server issues, wherein, authentication result comprises by certification or does not pass through certification, when certification is passed through, the access right of aaa server mandate is also comprised further in authentication result.Here, for IPv4 user's access, DHCP request IP address message is that DHCP finds (Discover) message, and for IPv6 user's access, DHCP request IP address message is DHCP request (Solicit) message.
And because IPv4 user's access of two stack IPoE user and IPv6 user access both separate, this has just occurred carrying out twice identical user authentication to same user in IPoE access way, and, certification by time also to carry out twice identical mandate, increase the burden of BRAS and certificate server, also can extend the on-line time of two stack IPoE user.
Summary of the invention
The IP that this application provides based on ether forwards the two stack user access control method of IPoE and equipment, carries out separately to solve two stack IPoE user the problem that twice access bring.
The technical scheme that the application provides comprises:
IP based on ether forwards the two stack user access control method of IPoE, and the method is applied to Broadband Remote Access Server BRAS, comprising:
Receive the DHCP request IP address message for triggering active user's access from the two stack client of IPoE of trunking transfer; Judge the local IPoE session corresponding with the MAC Address of the two stack client of the described IPoE that described DHCP request IP address message is carried whether having the foundation when user accesses before;
When judging that this locality exists the IPoE session corresponding with described MAC Address, identify the state of described IPoE session;
When the state identifying described IPoE session be certification pass through or online time, described DHCP request IP address message is transmitted to Dynamic Host Configuration Protocol server; When the state identifying described IPoE session is to be certified, wait for, until the state of described IPoE session is updated, when the state after described IPoE session is updated be certification do not pass through time, abandon described DHCP request IP address message, when the state after described IPoE session is updated be certification by time, described DHCP request IP address message is issued Dynamic Host Configuration Protocol server.
IP based on ether forwards the two stack user access control method of IPoE, and the method is applied to trunking, comprising:
Receive the DHCP request IP address message that the two stack client of IPoE sends;
Identify whether described DHCP request IP address message carries the MAC Address of the two stack client of described IPoE;
If so, described DHCP request IP address message is forwarded to Broadband Remote Access Server BRAS;
If not, in described DHCP request IP address message, insert the MAC Address of the two stack client of described IPoE and be forwarded to BRAS.
IP based on ether forwards the two stack user access control equipment of IPoE, and this equipment is applied to Broadband Remote Access Server BRAS, comprising:
Receiving element, for receiving the DHCP request IP address message for triggering active user's access from the two stack client of IPoE of trunking transfer;
Judging unit, for judging the local IPoE session corresponding with the MAC Address of the two stack client of the described IPoE that described DHCP request IP address message is carried whether having the foundation when user accesses before;
Processing unit, for when the judged result of described judging unit is for being, identifies the state of described IPoE session, when the state identifying described IPoE session be certification pass through or online time, described DHCP request IP address message is transmitted to Dynamic Host Configuration Protocol server; When the state identifying described IPoE session is to be certified, wait for, until the state of described IPoE session is updated, when the state after described IPoE session is updated be certification do not pass through time, abandon described DHCP request IP address message, when the state after described IPoE session is updated be certification by time, described DHCP request IP address message is issued Dynamic Host Configuration Protocol server.
IP based on ether forwards the two stack user access control equipment of IPoE, and this equipment is applied to trunking, comprising:
Receiving element, for receiving the DHCP request IP address message that the two stack client of IPoE sends;
Recognition unit, for identifying whether described DHCP request IP address message carries the MAC Address of the two stack client of described IPoE, if, described DHCP request IP address message is forwarded to Broadband Remote Access Server BRAS, if not, in described DHCP request IP address message, insert the MAC Address of the two stack client of described IPoE and be forwarded to BRAS.
As can be seen from the above technical solutions, in the present invention, when BRAS receives the DHCP request IP address message for triggering active user's access, judge the local IPoE session corresponding with the MAC Address of the two stack client of the IPoE that described DHCP request IP address message is carried whether having the foundation when user accesses before, when BRAS judge local there is the IPoE session corresponding with described MAC Address time BRAS depend on the current DHCP request IP address message received of the IPoE Dialog processing corresponding with described MAC Address that this locality exists, the state of the IPoE session corresponding with described MAC Address no matter this locality exists how, BRAS can not carry out user authentication to the current DHCP request IP address message received by repetitive requests certificate server, as long as (mandate depends on authentication result to this achieve the two stack user authentication and authorization of an IPoE, when certification for once time, authorize and also just mean for once), the two stack IPoE user of solution carries out separately the problem that twice access brings, such as ensure the access speed of the two stack user of IPoE and upper linear velocity, reduce the burden of BRAS and certificate server.
Accompanying drawing explanation
Fig. 1 is the flow chart of IPv4 user's access;
Fig. 2 is the flow chart of IPv6 user's access;
Fig. 3 is method flow diagram provided by the invention;
Fig. 4 is message format structure chart provided by the invention;
DHCP request IP address message is provided by the inventionly transmitted to the method flow diagram after Dynamic Host Configuration Protocol server by Fig. 5;
Fig. 6 is embodiment flow chart provided by the invention;
Fig. 7 is device structure schematic diagram provided by the invention;
Fig. 8 is another device structure schematic diagram provided by the invention.
Embodiment
In order to make the object, technical solutions and advantages of the present invention clearly, describe the present invention below in conjunction with the drawings and specific embodiments.
As stated in the Background Art, in IPoE access way, the two stack client of IPoE needs to perform IPv4 user's access and IPv6 user's access twice totally access respectively.For making the application's easy understand, first this twice access is described below:
See the flow chart that Fig. 1, Fig. 1 are IPv4 user's access.As shown in Figure 1, this flow process can comprise the following steps:
Step 101, the two stack client of IPv4 sends DHCP request IP address message.
In IPv4 access, DHCP request IP address message is specially DHCP Discover message, and the subsequent step in this flow process all describes for DHCP Discover message.
Step 102, trunking (Relay) inserts option (Option) 82 in DHCP Discover message, then DHCP Discover message is transferred to BRAS.Wherein include the accessing position information of the two stack client of IPv4 in Option 82, as the port, Vlan etc. of access.
Step 103, BRAS creates an IPoE session according to DHCP Discover message, and the state arranging this IPoE session is to be certified, and sends authentication request to certificate server.Wherein, comprise authentication information in authentication request, this authentication information can be the user profile that above-mentioned accessing position information and/or DHCP Discover message comprise in Client ID option.
Step 104, the authentication information that certificate server carries based on authentication request carries out user authentication, return authentication result.Wherein, when certification is passed through, comprise in authentication result: the information that certification is passed through and authorization privilege; When certification is not passed through, comprise in authentication result: the unsanctioned information of certification.
Step 105, BRAS receives authentication result.If comprised in authentication result: the information that certification is passed through, then the state of IPoE session step 103 created is updated to certification passes through to be certified, and obtains the authorization privilege carried in this authentication result further.And if comprise in authentication result: the unsanctioned information of certification, then the state of IPoE session step 103 created is updated to certification does not pass through to be certified, and abandons DHCP Discover message, and deletes the IPoE session of setting up in step 103.The operation that following step 106 to step 116 performs when being and comprising information that certification passes through in authentication result.
When IPoE session state to be certified be updated to certification do not pass through time, an ageing timer can be set for this IPoE session, the time-out time of ageing timer can be dependent on the silence period after the failure that DHCP specifies, this silence period can ensure that this IPoE session performs when user accesses deleted in the client of authentification failure again.
Step 106, DHCP Discover message is given Dynamic Host Configuration Protocol server by BRAS.
Here, Dynamic Host Configuration Protocol server can comprise the built-in Dynamic Host Configuration Protocol server module of BRAS, can also comprise the Dynamic Host Configuration Protocol server that BRAS is external.
Step 107, Dynamic Host Configuration Protocol server selects an idle IP address, and is carried in DHCP Offer message response to BRAS.
Step 108, DHCP Offer message is sent to trunking by BRAS.
Step 109, trunking by DHCP Offer message repeating to the two stack client of IPv4.
Step 110, the IP address that the two stack client of IPv4 is carried according to the DHCP Offer message received finally selects one as the IP address of this client, and is carried in IP Address Confirmation message and sends to trunking.
As mentioned above, Dynamic Host Configuration Protocol server can comprise the built-in Dynamic Host Configuration Protocol server module of BRAS, can also comprise the Dynamic Host Configuration Protocol server that BRAS is external.Based on this, in this step 110, just may receive multiple DHCP Offer message, and the IP address finally only having a DHCP Offer message to carry is as the IP address of the two stack client of IPv4, based on this, just need the two stack client of IPv4 to select, the IP address of selection, as the IP address etc. of the two stack client of IPv4, is carried in IP Address Confirmation message and sends to trunking by the IP address such as selecting the DHCP Offer message first received to carry.In IPv4 user's access, IP Address Confirmation message is specially DHCPv4Request message, hereafter all describes for DHCPv4Request message.
Step 111, trunking by DHCPv4Request message repeating to BRAS.
Step 112, BRAS gives DHCPv4Request message the Dynamic Host Configuration Protocol server being assigned with the IP address that DHCPv4Request message carries.
Step 113, Dynamic Host Configuration Protocol server determination IP address assignment, responds IP Address Confirmation response message.
In IPv4 user's access, IP Address Confirmation response message is specially DHCPv4Ack message, hereafter all describes for DHCPv4Ack message.
Step 114, BRAS sends to trunking DHCPv4Ack message.
Step 115, the two stack client of IPoE obtains IP address and relative address parameter information according to the DHCPv4Ack message received, and completes IPv4 user's access.
When the two stack client of IPoE completes IPv4 user's access, then mean that the two stack client of IPoE is reached the standard grade.
Step 116, after the two stack client of IPoE is reached the standard grade, the state that BRAS upgrades IPv4 session is online, according to the access to netwoks of the two stack client of the authorization privilege control IPoE obtained in step 105, and start message to trigger the charge on traffic that accounting server starts the two stack client of this IPoE to accounting server such as aaa server transmission charging, simultaneously also to the two stack client terminal start-up on-line condition monitoring of this IPoE, the presence of the two stack client of monitoring IPoE in real time.
So far, flow process shown in Fig. 1 is completed.
See the flow chart that Fig. 2, Fig. 2 are IPv6 user's access.As shown in Figure 2, this flow process can comprise the following steps:
Step 201, the two stack client of IPoE sends DHCP request IP address message.
In IPv6 access, DHCP request IP address message is specially DHCP request (Solicit) message.
Step 202, trunking turns DHCP Solicit message and is packaged into DHCPv6Relay-forw message, and inserts Option18 in DHCPv6Relay-forw message, is then forwarded to BRAS.Wherein include the positional information of access link in Option18, as the port, Vlan etc. of access.
Step 203, BRAS creates an IPoE session according to the DHCPv6Relay-forw message received, and the state arranging this IPoE session is to be certified, and sends authentication request to certificate server.Wherein, in authentication request, comprise authentication information, the user profile that the DHCPv6Relay-forw message that this authentication information can be above-mentioned accessing position information and/or reception comprises in Client ID option.
Step 204, the authentication information that certificate server carries based on authentication request carries out user authentication, return authentication result.Wherein, when certification is passed through, comprise in authentication result: the information that certification is passed through and authorization privilege; When certification is not passed through, comprise in authentication result: the unsanctioned information of certification.
Step 205, BRAS receives authentication result.If comprised in authentication result: the information that certification is passed through, then the state of IPoE session step 203 created is updated to certification passes through to be certified, and obtains the authorization privilege carried in this authentication result further.And if comprise in authentication result: the unsanctioned information of certification, the state of the IPoE session then step 203 created is updated to certification does not pass through to be certified, and abandon the DHCPv6Relay-forw message of reception, delete the IPoE session of setting up in step Solicit.The operation that following step 206 to step 216 performs when being and comprising information that certification passes through in authentication result.
Step 206, the DHCPv6Relay-forw message of reception is given Dynamic Host Configuration Protocol server by BRAS.
Here, Dynamic Host Configuration Protocol server can comprise the built-in Dynamic Host Configuration Protocol server module of BRAS, can also comprise the Dynamic Host Configuration Protocol server that BRAS is external.
Step 207, Dynamic Host Configuration Protocol server selects an idle IP address, and is carried in DHCPv6Realy-reply message response to BRAS.
Step 208, DHCPv6Realy-reply message is sent to trunking by BRAS.
Step 209, DHCPv6Realy-reply message is changed into DHCPv6Advertise message and issues the two stack client of IPoE by trunking.
Step 210, the IP address that the two stack client of IPoE is carried according to the DHCPv6Advertise message received finally selects one as the IP address of this client, and is carried in IP Address Confirmation message and sends to trunking.
As mentioned above, Dynamic Host Configuration Protocol server can comprise the built-in Dynamic Host Configuration Protocol server module of BRAS, can also comprise the Dynamic Host Configuration Protocol server that BRAS is external.Based on this, in this step 210, just may receive multiple DHCPv6Advertise message, and the IP address finally only having a DHCPv6Advertise message to carry is as the IP address of the two stack client of IPoE, based on this, just need the two stack client of IPoE to select, the IP address of selection, as the IP address etc. of the two stack client of IPoE, is carried in IP Address Confirmation message and sends to trunking by the IP address such as selecting the DHCPv6Advertise message first received to carry.In IPv6 user's access, IP Address Confirmation message is specially DHCPv6Request message, hereafter all describes for DHCPv6Request message.
Step 211, trunking turns DHCPv6Request message and is packaged into DHCPv6Relay-forw message and issues BRAS.
Step 212, BRAS gives DHCPv6Relay-forw message the Dynamic Host Configuration Protocol server being assigned with the IP address that DHCPv6Relay-forw message carries.
Step 213, Dynamic Host Configuration Protocol server determination IP address assignment, responds IP Address Confirmation response message.
In IPv6 user's access, IP Address Confirmation response message is specially DHCPv6Relay-Reply message, hereafter all describes for DHCPv6Relay-Reply message.
Step 214, BRAS sends to trunking DHCPv6Relay-Reply message, and trunking is descapsulated into DHCPv6Reply message repeating to the two stack client of IPoE DHCPv6Relay-Reply message.
Step 215, the two stack client of IPoE obtains IP address and relative address parameter information according to the DHCPv6Reply message received, and completes the whole process of IPv6 user's access.
When the two stack client of IPoE completes IPv6 user's access, then mean that the two stack client of IPoE is reached the standard grade.
Step 216, after the two stack client of IPoE is reached the standard grade, the state that BRAS upgrades IPv6 session is online, according to the access to netwoks of the two stack client of the authorization privilege control IPoE obtained in step 205, and start message to trigger the charge on traffic that accounting server starts the two stack client of this IPoE to accounting server such as aaa server transmission charging, simultaneously also to the two stack client terminal start-up on-line condition monitoring of this IPoE, the presence of the two stack client of monitoring IPoE in real time.
So far, flow process shown in Fig. 2 is completed.
Because in IPoE access way, IPv4 user's access and the IPv6 user of the two stack client executing of IPoE access separate, and IPv4 user's access as above and IPv6 user's access process can be found out, all there is user authentication and mandate (step 103 is to the authentication and authorization of step 105, step 203 to the authentication and authorization of step 205) in IPv4 user's access and IPv6 user's access, namely occurred twice user authentication and twice mandate of same IPoE pair of stack client.
And in actual applications, twice above-mentioned user authentication and mandate there is no need completely, only need be once.
Based on this, in order to avoid the problems referred to above, the invention provides method as shown in Figure 3.By the method shown in Fig. 3, IPv4 user's access of two for IPoE stack client and IPv6 user's access can be combined, realize a user authentication and the mandate of the two stack client of same IPoE.
Be method flow diagram provided by the invention see Fig. 3, Fig. 3.As shown in Figure 3, this flow process can comprise the following steps:
Step 301, the two stack client of IPoE sends the DHCP request IP address message for triggering active user's access.
Particularly, based on the description of flow process shown in above-mentioned Fig. 1 and Fig. 2, DHCP request IP address message here can be DHCP Discover message, also can be DHCP Solicit message.
Step 302, trunking receives DHCP request IP address message, identifies whether DHCP request IP address message carries the MAC Address of the two stack client of described IPoE, if so, performs step 303, if not, perform step 304.
According to the message format of RFC definition, message in current IPv4 access procedure such as DHCPDiscover messages etc. are with the MAC Address (carrying in the chaddr field of heading) of client, so, if the DHCP request IP address message that trunking receives is the DHCP Discover message in IPv4 access procedure, the MAC Address that this DHCP Discover message carries the two stack client of described IPoE can be identified, perform step 303.
According to the message format of RFC definition, message in current IPv6 access procedure such as DHCPSolicit messages etc. are without the MAC Address of client, so, if the DHCP request IP address message that trunking receives is the DHCP Solicit message in IPv6 access procedure, the MAC Address that this DHCPSolicit message does not carry the two stack client of described IPoE can be identified, then perform step 304.
Step 303, described DHCP request IP address message is forwarded to BRAS by trunking.Perform step 305 afterwards.
This step 303 performs trunking carries the prerequisite of the MAC Address of the two stack client of IPoE in the DHCP request IP address message identifying reception under.As mentioned above, the DHCP request IP address message received when trunking carries the MAC Address of the two stack client of described IPoE, then mean that the DHCP request IP address message of reception is the DHCP Discover message in IPv4 access procedure.So, described DHCP request IP address message can be forwarded to BRAS according to the description of similar previous step 102 by this step 303.
Step 304, trunking inserts the MAC Address of the two stack client of described IPoE and is forwarded to BRAS in described DHCP request IP address message.Perform step 305 afterwards.
This step 304 performs trunking does not carry the prerequisite of the MAC Address of the two stack client of IPoE in the DHCP request IP address message identifying reception under.As mentioned above, the DHCP request IP address message received when trunking does not carry the MAC Address of the two stack client of described IPoE, then mean that the DHCP request IP address message of reception is the DHCP Solicit message in IPv6 access procedure.So, described DHCP request IP address message can be forwarded to BRAS according to the description of similar previous step 202, repeat no more here insert the MAC Address of the two stack client of described IPoE in described DHCP request IP address message after by this step 304.
As one embodiment of the present of invention, in this step 304, the MAC Address inserting the two stack client of described IPoE in described DHCP request IP address message is specifically as follows: according to the message format of RFC definition, an option (Option) is inserted in described DHCP request IP address message, Fig. 4 shows the form of this Option, wherein, the type (Option-Code) of this option, length (Option-Length), data (Option-Data) observe the message format of RFC definition completely, Option-code is for representing that the message at place carries MAC Address, Option-Length represents the entire length of Option, Option-Data is used for carrying MAC Address.
Step 305, BRAS receives the DHCP request IP address message for triggering active user's access from the two stack client of IPoE of trunking transfer, judge the local IPoE session corresponding with the MAC Address of the two stack client of the IPoE that described DHCP request IP address message is carried whether having the foundation when user accesses before, when BRAS judges that this locality exists the IPoE session corresponding with described MAC Address, perform step 306.
It should be noted that, step 202 based on flow process shown in Fig. 2 describes, and in IPv6 access procedure, trunking also can carry out turning encapsulation to DHCP request IP address message before DHCP request IP address message is forwarded to BRAS, this process is prior art, no longer launches to describe.So, in this step 305, if DHCP request IP address message is IPoE, two stack client sends, then after the DHCP request IP address message that BRAS finally receives turns encapsulation via trunking in IPv6 access procedure; And if DHCP request IP address message is IPoE two stack client sends in IPv4 access procedure, the DHCP request IP address message that BRAS finally receives turns encapsulation without the need to trunking, but no matter DHCP request IP address message turns encapsulation via trunking, still encapsulation is not turned via trunking, on BRAS itself without any impact, BRAS can identify DHCP request IP address message.Therefore, the present invention is in order to merge IPv6 access and IPv4 access as much as possible, and no longer separately highlighting DHCP request IP address message is turn encapsulation via trunking, does not still turn encapsulation via trunking, is all referred to as DHCP request IP address message.
In this step 305, when BRAS judges that this locality exists the IPoE session corresponding with described MAC Address, also user's access has been started before namely representing the two stack client of described IPoE, based on this, current user's access (the DHCP request IP address message of current reception also just means current user's access) just can be processed based on this user access.
And when judging that this locality does not exist the IPoE session corresponding with described MAC Address, still user's access is not carried out before namely meaning the two stack client of described IPoE, based on this, if the DHCP request IP address message that then BRAS receives is DHCP Discover message, just perform to step 116 according to step 103 in flow process similar to Figure 1, if the DHCP request IP address message that BRAS receives is trunking turn to the DHCP Solicit message from the two stack client of IPoE the DHCPv6Relay-forw message be packaged into, just perform to step 216 according to step 203 in flow process similar to Figure 2, here repeat no more.
Step 306, identifies the state of described IPoE session, when the state identifying described IPoE session be certification pass through or online time, described DHCP request IP address message is transmitted to Dynamic Host Configuration Protocol server; When the state identifying described IPoE session is to be certified, wait for, until the state of described IPoE session is updated, when the state after described IPoE session is updated be certification do not pass through time, abandon described DHCP request IP address message, when the state after described IPoE session is updated be certification by time, described DHCP request IP address message is issued Dynamic Host Configuration Protocol server.
This step 306 performs when judging that this locality exists the IPoE session corresponding with described MAC Address, can find out, when judging the IPoE session that local existence is corresponding with described MAC Address, BRAS depends on the local current DHCP request IP address message received of the IPoE Dialog processing corresponding with described MAC Address existed, the state of the IPoE session corresponding with described MAC Address no matter this locality exists how, BRAS can not carry out user authentication to the current DHCP request IP address message received by repetitive requests certificate server, as long as (mandate depends on authentication result to this achieve the two stack user authentication and authorization of an IPoE, when certification for once time, authorize and also just mean for once), ensure that the access speed of the two stack user of IPoE and upper linear velocity, decrease the burden of BRAS and certificate server.
So far, the flow process shown in Fig. 3 is completed.
In the present invention, after in step 306, DHCP request IP address message is transmitted to Dynamic Host Configuration Protocol server by BRAS, can also further flow process shown in Fig. 5.
As shown in Figure 5, this flow process can comprise the following steps:
Step 501, BRAS receives the IP address of Dynamic Host Configuration Protocol server distribution and IP address is sent to the two stack client of described IPoE.
Then above-described, if the above-mentioned DHCP request IP address message that BRAS receives is DHCP Discover message, then the specific implementation of this step 501 can with reference to above-mentioned steps 107 to step 109.And if DHCP request IP address message to be trunking turn to the DHCP Solicit message from the two stack client of IPoE the DHCPv6Relay-forw message be packaged into, then the specific implementation of this step 501 can with reference to above-mentioned steps 207 to step 209.
Step 502, BRAS receives the IP Address Confirmation message that the two stack client of described IPoE returns, and described IP Address Confirmation message carries the IP address as this client that the two stack client of described IPoE is selected.
Then above-described, if the above-mentioned DHCP request IP address message that BRAS receives is DHCP Discover message, then the specific implementation of this step 502 can with reference to above-mentioned steps 110 to step 111.And if DHCP request IP address message to be trunking turn to the DHCP Solicit message from the two stack client of IPoE the DHCPv6Relay-forw message be packaged into, then the specific implementation of this step 502 can with reference to above-mentioned steps 210 to step 211.
Step 503, described IP Address Confirmation message is sent to the Dynamic Host Configuration Protocol server being assigned with the IP address that described IP Address Confirmation message carries by BRAS.
Then above-described, if the above-mentioned DHCP request IP address message that BRAS receives is DHCP Discover message, then the specific implementation of this step 503 can with reference to above-mentioned steps 112.And if DHCP request IP address message to be trunking turn to the DHCP Solicit message from the two stack client of IPoE the DHCPv6Relay-forw message be packaged into, then the specific implementation of this step 503 can with reference to above-mentioned steps 212.
Step 504, BRAS receives the IP Address Confirmation response message that Dynamic Host Configuration Protocol server returns, and is forwarded to the two stack client of described IPoE, completes active user's access.
Then above-described, if the above-mentioned DHCP request IP address message that BRAS receives is DHCP Discover message, then the IP Address Confirmation response message in this step 504 should be DHCPv4Ack message mutually.Wherein, BRAS receives DHCPv4Ack message can with reference to above-mentioned steps 113, and forwarding DHCPv4Ack message can with reference to above-mentioned steps 114 to step 116 to the two stack client of described IPoE.And if above-mentioned DHCP request IP address message to be trunking turn to the DHCP Solicit message from the two stack client of IPoE the DHCPv6Relay-forw message be packaged into, then the IP Address Confirmation response message in this step 504 should be DHCPv6Relay-Reply message mutually.Wherein, BRAS receives DHCPv6Relay-Reply message can with reference to above-mentioned steps 213, and forward DHCPv6Relay-Reply message can with reference to above-mentioned steps 214 to step 216 to the two stack client specific implementation of described IPoE.
Step 505, described in the control of authority that the two stack client of the described IPoE that BRAS foundation records when user accesses before is corresponding, the two stack client of IPoE is in the access to netwoks completing active user's access.
So far, flow process shown in Fig. 5 is completed.
As can be seen from flow process shown in Fig. 5, because carried out user's access before the two stack client of IPoE, so, after completing active user's access, BRAS also no longer starts message to accounting server such as aaa server transmission charging again and carries out charge on traffic to start to the two stack client of this IPoE as flow process shown in Fig. 1 or Fig. 2 describes, and to the two stack client terminal start-up on-line condition monitoring of this IPoE, but perform following steps:
Before continuing to maintain, user has accessed the rear presence detection to the two stack client terminal start-up of IPoE, when the presence detecting the two stack client of described IPoE is off-line, delete the local IPoE session corresponding with described MAC Address existed, and reclaim the authority of the two stack client of described IPoE; And,
The accounting server that before maintenance, user has accessed rear triggering continues the charge on traffic to the two stack client terminal start-up of described IPoE, active user access the flow of rear use and user has accessed rear use before flow merges charging to make described accounting server.
Like this, a presence detection of same pair of stack IPoE client and the primary charging of same pair of stack IPoE client can be ensured.
Below by an embodiment, flow process shown in Fig. 3 and Fig. 5 is described:
Be embodiment flow chart provided by the invention see Fig. 6, Fig. 6.As shown in Figure 6, this flow process can comprise the following steps:
Step 601, the two stack client of IPoE sends the DHCP request IP address message (be specially DHCP Discover message, hereafter describe for DHCP Discover message) for triggering IPv4 user's access.
Step 602, trunking inserts option (Option) 82 in DHCP Discover message, then DHCP Discover message is transferred to BRAS.Wherein include the accessing position information of the two stack client of IPv4 in Option 82, as the port, Vlan etc. of access.
Step 603, BRAS receives DHCP Discover message, judge whether this locality has the IPoE session corresponding with the MAC Address of the IPoE that DHCPDiscover message carries pair of stack client, when judging the local IPoE session not having the MAC Address of stack client two with the IPoE that DHCP Discover message carries corresponding, then complete IPv4 user's access of the two stack client of IPoE according to step 103 to the step 116 of flow process shown in above-mentioned Fig. 1.
The IPv4 user of the two stack client of IPoE has accessed, and means that the two stack client of IPoE is reached the standard grade.
Step 604, after the two stack client of IPoE is reached the standard grade, BRAS can according to the access to netwoks of the two stack client of the authorization privilege control IPoE obtained in IPv4 user's access procedure, and send charging to accounting server such as aaa server and start message, to start to start, charge on traffic is carried out to the two stack client of this IPoE, simultaneously also to the two stack client terminal start-up on-line condition monitoring of this IPoE, the presence of the two stack client of monitoring IPoE in real time.
Step 605, the two stack client of IPoE sends the DHCP request IP address message (be specially DHCP Solicit message, hereafter describe for DHCP Solicit message) for triggering IPv6 user's access.
Step 606, trunking turns DHCP Solicit message and is packaged into DHCPv6Relay-forw message, and in DHCPv6Relay-forw message, insert MAC Address and the Option18 of the two stack client of IPoE, is then forwarded to BRAS.
The MAC Address of the two stack client of IPoE is inserted, as described in step 306 and accompanying drawing 4 in DHCPv6Relay-forw message.
Step 607, BRAS receives DHCPv6Relay-forw message, judge whether this locality has the IPoE session corresponding with the MAC Address of the IPoE that DHCPv6Relay-forw message carries pair of stack client, when judging that there is the IPoE session corresponding with the MAC Address of the IPoE that DHCPv6Relay-forw message carries pair of stack client this locality, identify the state of described IPoE session.
Step 608, when the state identifying described IPoE session be certification pass through or online time, by DHCPv6Relay-forw message repeating to Dynamic Host Configuration Protocol server, complete IPv6 user's access of the two stack client of IPoE afterwards according to step 207 to step 216 in flow process shown in Fig. 2.
Step 609, BRAS after completing IPv6 user's access, according to the IPv6 access to netwoks of authorization privilege the controls IPoE obtained in IPv4 user's access procedure pair stack client.
Step 610, BRAS is when the two stack client of IPoE completes that IPv4 user access, the presence that starts after reaching the standard grade detects IPoE pair of stack client off-line, delete the local IPoE session corresponding with described MAC Address existed, and reclaim the authority of the two stack client of described IPoE.
By step 610, the presence realizing the two stack client of IPoE detects and only needs one, as long as the abnormal off-line of the two stack client of IPoE detected, namely reaching IPv4, IPv6 access to netwoks of the two stack client of same limit IPoE by deleting the local IPoE session corresponding with the MAC Address of the two stack client of IPoE that be that exist, reclaiming the authority of the two stack client of described IPoE.
Step 611, the two stack client of IPoE complete IPv4 user access and after reaching the standard grade the accounting server of startup IPv4 user has been accessed after IPv4 charge on traffic and IPv6 user accessed after ipv6 traffic charging merge.
By step 611, can ensure that BRAS only sends primary charging request to accounting server, and IPv4 and the IPv6 quota that can realize the two stack client of IPoE is allocated flexibly, merges charging.
So far, flow process shown in Fig. 6 is completed.
Above method provided by the invention is described.Below equipment provided by the invention is described:
Be equipment structure chart provided by the invention see Fig. 7, Fig. 7.This equipment is applied to BRAS, and as shown in Figure 7, this equipment can comprise:
Receiving element, for receiving the DHCP request IP address message for triggering active user's access from the two stack client of IPoE of trunking transfer;
Judging unit, for judge local whether have before user access time the IPoE session corresponding with the MAC Address of the two stack client of the described IPoE that described DHCP request IP address message is carried of setting up;
Processing unit, for when the judged result of described judging unit is for being, identifies the state of described IPoE session, when the state identifying described IPoE session be certification pass through or online time, described DHCP request IP address message is transmitted to Dynamic Host Configuration Protocol server; When the state identifying described IPoE session is to be certified, wait for, until the state of described IPoE session is updated, when the state after described IPoE session is updated be certification do not pass through time, abandon described DHCP request IP address message, when the state after described IPoE session is updated be certification by time, DHCP request IP address message is transmitted to Dynamic Host Configuration Protocol server.
Preferably, described processing unit performs following steps after described DHCP request IP address message is transmitted to Dynamic Host Configuration Protocol server further:
Receive the IP address of Dynamic Host Configuration Protocol server distribution and IP address sent to the two stack client of described IPoE;
Receive the IP Address Confirmation message that the two stack client of described IPoE returns, described IP Address Confirmation message carries the IP address as this client that the two stack client of described IPoE is selected; Described IP Address Confirmation message is sent to the Dynamic Host Configuration Protocol server being assigned with the IP address that described IP Address Confirmation message carries;
Receive the IP Address Confirmation response message that Dynamic Host Configuration Protocol server returns, and be forwarded to the two stack client of described IPoE, complete active user's access; According to the two stack client of IPoE described in the control of authority that the described IPoE of record two stack client when user accesses before is corresponding in the access to netwoks completing active user's access.
Preferably, described processing unit continue further to maintain before user access the rear presence detection to the two stack client terminal start-up of IPoE; When the presence detecting the two stack client of described IPoE is off-line, deletes the local IPoE session corresponding with described MAC Address existed, and reclaim the authority of the two stack client of described IPoE; And, the accounting server that before maintenance, user has accessed rear triggering continues the charge on traffic to the two stack client terminal start-up of described IPoE, active user access the flow of rear use and user has accessed rear use before flow merges charging to make described accounting server.
So far, complete the device structure shown in Fig. 7 to describe.
Be another equipment structure chart provided by the invention see Fig. 8, Fig. 8.This equipment is applied to trunking, and as shown in Figure 8, this equipment can comprise:
Receiving element, for receiving the DHCP request IP address message that the two stack client of IPoE sends;
Recognition unit, for identifying whether described DHCP request IP address message carries the MAC Address of the two stack client of described IPoE, if, described DHCP request IP address message is forwarded to Broadband Remote Access Server BRAS, if not, in described DHCP request IP address message, insert the MAC Address of the two stack client of described IPoE and be forwarded to BRAS.
So far, complete the device structure shown in Fig. 8 to describe.
So far, device description provided by the invention is completed.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.

Claims (10)

1. the IP based on ether forwards the two stack user access control method of IPoE, and it is characterized in that, the method is applied to Broadband Remote Access Server BRAS, comprising:
Receive the DHCP request IP address message for triggering active user's access from the two stack client of IPoE of trunking transfer; Judge local whether have before user's IPoE session corresponding with the MAC Address of the two stack client of the described IPoE that described DHCP request IP address message is carried of setting up when accessing;
When judging that this locality exists the IPoE session corresponding with described MAC Address, identify the state of described IPoE session;
When the state identifying described IPoE session be certification pass through or online time, described DHCP request IP address message is transmitted to Dynamic Host Configuration Protocol server; When the state identifying described IPoE session is to be certified, wait for, until the state of described IPoE session is updated, when the state after described IPoE session is updated be certification do not pass through time, abandon described DHCP request IP address message, when the state after described IPoE session is updated be certification by time, described DHCP request IP address message is issued Dynamic Host Configuration Protocol server.
2. method according to claim 1, is characterized in that, after described DHCP request IP address message is issued Dynamic Host Configuration Protocol server, comprises further:
Receive the IP address of Dynamic Host Configuration Protocol server distribution and IP address sent to the two stack client of described IPoE;
Receive the IP Address Confirmation message that the two stack client of described IPoE returns, described IP Address Confirmation message carries the IP address as this client that the two stack client of described IPoE is selected; Described IP Address Confirmation message is sent to the Dynamic Host Configuration Protocol server being assigned with the IP address that described IP Address Confirmation message carries;
Receive the IP Address Confirmation response message that Dynamic Host Configuration Protocol server returns, and be forwarded to the two stack client of described IPoE, complete active user's access; According to the two stack client of IPoE described in the control of authority that the described IPoE of record two stack client when user accesses before is corresponding in the access to netwoks completing active user's access.
3. method according to claim 2, is characterized in that, after completing active user's access, the method comprises further:
Before continuing to maintain, user has accessed the rear presence detection to the two stack client terminal start-up of IPoE;
When the presence detecting the two stack client of described IPoE is off-line, deletes the local IPoE session corresponding with described MAC Address existed, and reclaim the authority of the two stack client of described IPoE.
4. method according to claim 3, is characterized in that, the method comprises further:
The accounting server that before maintenance, user has accessed rear triggering continues the charge on traffic to the two stack client terminal start-up of described IPoE, active user access the flow of rear use and user has accessed rear use before flow merges charging to make described accounting server.
5., according to the arbitrary described method of Claims 1-4, it is characterized in that, when judging that this locality does not exist the IPoE session corresponding with described MAC Address, the method comprises further:
The IPoE session newly-built in this locality and described MAC Address is corresponding, the state arranging newly-built IPoE session is to be certified, request authentication server carries out user authentication to the user related information that described DHCP request IP address message is carried, receive the authentication result that certificate server sends, when authentication result comprises the information not by certification, be that certification is not passed through by the state updating of newly-built IPoE session, abandon described DHCP request IP address message, and delete the local newly-built IPoE session corresponding with described MAC Address; When authentication result comprises the information by certification, perform following steps:
Obtain from described authentication result authorization privilege that described authentication result carries further and be recorded as authority corresponding to stack client two with described IPoE, be that certification is passed through by the state updating of newly-built IPoE session, forward described DHCP request IP address message to Dynamic Host Configuration Protocol server;
Receive the IP address of Dynamic Host Configuration Protocol server distribution and IP address sent to the two stack client of described IPoE;
Receive the IP Address Confirmation message that the two stack client of described IPoE returns, described IP Address Confirmation message carries the IP address as this client that the two stack client of described IPoE is selected; Described IP Address Confirmation message is sent to the Dynamic Host Configuration Protocol server being assigned with the IP address that described IP Address Confirmation message carries; Receive the IP Address Confirmation response message that Dynamic Host Configuration Protocol server returns, and be forwarded to the two stack client of described IPoE;
According to the access to netwoks of the two stack client of the control of authority IPoE that the two stack client of described IPoE is corresponding; The two stack client terminal start-up presence of described IPoE is detected and triggers the charge on traffic that accounting server starts the two stack client of described IPoE.
6. the IP based on ether forwards the two stack user access control method of IPoE, and it is characterized in that, the method is applied to trunking, comprising:
Receive the DHCP request IP address message that the two stack client of IPoE sends;
Identify whether described DHCP request IP address message carries the MAC Address of the two stack client of described IPoE;
If so, described DHCP request IP address message is forwarded to Broadband Remote Access Server BRAS;
If not, in described DHCP request IP address message, insert the MAC Address of the two stack client of described IPoE and be forwarded to BRAS.
7. the IP based on ether forwards the two stack user access control equipment of IPoE, and it is characterized in that, this equipment is applied to Broadband Remote Access Server BRAS, comprising:
Receiving element, for receiving the DHCP request IP address message for triggering active user's access from the two stack client of IPoE of trunking transfer;
Judging unit, for judge local whether have before user access time the IPoE session corresponding with the MAC Address of the two stack client of the described IPoE that described DHCP request IP address message is carried of setting up;
Processing unit, for when the judged result of described judging unit is for being, identifies the state of described IPoE session, when the state identifying described IPoE session be certification pass through or online time, described DHCP request IP address message is transmitted to Dynamic Host Configuration Protocol server; When the state identifying described IPoE session is to be certified, wait for, until the state of described IPoE session is updated, when the state after described IPoE session is updated be certification do not pass through time, abandon described DHCP request IP address message, when the state after described IPoE session is updated be certification by time, DHCP request IP address message is transmitted to Dynamic Host Configuration Protocol server.
8. equipment according to claim 7, is characterized in that, described processing unit performs following steps after described DHCP request IP address message is transmitted to Dynamic Host Configuration Protocol server further:
Receive the IP address of Dynamic Host Configuration Protocol server distribution and IP address sent to the two stack client of described IPoE;
Receive the IP Address Confirmation message that the two stack client of described IPoE returns, described IP Address Confirmation message carries the IP address as this client that the two stack client of described IPoE is selected; Described IP Address Confirmation message is sent to the Dynamic Host Configuration Protocol server being assigned with the IP address that described IP Address Confirmation message carries;
Receive the IP Address Confirmation response message that Dynamic Host Configuration Protocol server returns, and be forwarded to the two stack client of described IPoE, complete active user's access; According to the two stack client of IPoE described in the control of authority that the described IPoE of record two stack client when user accesses before is corresponding in the access to netwoks completing active user's access.
9. the equipment according to claim 7 or 8, is characterized in that, before described processing unit continues to maintain further, user has accessed the rear presence detection to the two stack client terminal start-up of IPoE; When the presence detecting the two stack client of described IPoE is off-line, deletes the local IPoE session corresponding with described MAC Address existed, and reclaim the authority of the two stack client of described IPoE; And, the accounting server that before maintenance, user has accessed rear triggering continues the charge on traffic to the two stack client terminal start-up of described IPoE, active user access the flow of rear use and user has accessed rear use before flow merges charging to make described accounting server.
10. the IP based on ether forwards the two stack user access control equipment of IPoE, and it is characterized in that, this equipment is applied to trunking, comprising:
Receiving element, for receiving the DHCP request IP address message that the two stack client of IPoE sends;
Recognition unit, for identifying whether described DHCP request IP address message carries the MAC Address of the two stack client of described IPoE, if, described DHCP request IP address message is forwarded to Broadband Remote Access Server BRAS, if not, in described DHCP request IP address message, insert the MAC Address of the two stack client of described IPoE and be forwarded to BRAS.
CN201510072184.7A 2015-02-11 2015-02-11 IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet Pending CN104601743A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510072184.7A CN104601743A (en) 2015-02-11 2015-02-11 IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510072184.7A CN104601743A (en) 2015-02-11 2015-02-11 IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet

Publications (1)

Publication Number Publication Date
CN104601743A true CN104601743A (en) 2015-05-06

Family

ID=53127235

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510072184.7A Pending CN104601743A (en) 2015-02-11 2015-02-11 IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet

Country Status (1)

Country Link
CN (1) CN104601743A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105591929A (en) * 2015-10-28 2016-05-18 杭州华三通信技术有限公司 Method and device for authentication in light weight dual-protocol stack networking
CN106357486A (en) * 2016-08-18 2017-01-25 杭州迪普科技有限公司 Access method and device for network users
CN110493632A (en) * 2018-05-14 2019-11-22 中国电信股份有限公司 IPTV method for connecting network and system, user terminal, terminal network management platform
CN110995886A (en) * 2019-12-12 2020-04-10 新华三大数据技术有限公司 Network address management method, device, electronic equipment and medium
CN111064759A (en) * 2018-10-17 2020-04-24 中兴通讯股份有限公司 User online method, device, broadband remote access server and storage medium
CN112822218A (en) * 2021-02-28 2021-05-18 新华三信息安全技术有限公司 Access control method and device
CN113453226A (en) * 2021-06-29 2021-09-28 新华三大数据技术有限公司 Dual-stack user permission authentication method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101692674A (en) * 2009-10-30 2010-04-07 杭州华三通信技术有限公司 Method and equipment for double stack access
CN102325145A (en) * 2011-10-21 2012-01-18 杭州华三通信技术有限公司 Method and equipment for carrying out access control on dual-stack user
CN102404293A (en) * 2010-09-15 2012-04-04 中兴通讯股份有限公司 Dual-stack user managing method and broadband access server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101692674A (en) * 2009-10-30 2010-04-07 杭州华三通信技术有限公司 Method and equipment for double stack access
CN102404293A (en) * 2010-09-15 2012-04-04 中兴通讯股份有限公司 Dual-stack user managing method and broadband access server
CN102325145A (en) * 2011-10-21 2012-01-18 杭州华三通信技术有限公司 Method and equipment for carrying out access control on dual-stack user

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105591929A (en) * 2015-10-28 2016-05-18 杭州华三通信技术有限公司 Method and device for authentication in light weight dual-protocol stack networking
CN106357486A (en) * 2016-08-18 2017-01-25 杭州迪普科技有限公司 Access method and device for network users
CN110493632A (en) * 2018-05-14 2019-11-22 中国电信股份有限公司 IPTV method for connecting network and system, user terminal, terminal network management platform
CN111064759A (en) * 2018-10-17 2020-04-24 中兴通讯股份有限公司 User online method, device, broadband remote access server and storage medium
CN111064759B (en) * 2018-10-17 2023-12-15 中兴通讯股份有限公司 User online method and device, broadband remote access server and storage medium
CN110995886A (en) * 2019-12-12 2020-04-10 新华三大数据技术有限公司 Network address management method, device, electronic equipment and medium
CN112822218A (en) * 2021-02-28 2021-05-18 新华三信息安全技术有限公司 Access control method and device
CN113453226A (en) * 2021-06-29 2021-09-28 新华三大数据技术有限公司 Dual-stack user permission authentication method and device
CN113453226B (en) * 2021-06-29 2023-12-26 新华三大数据技术有限公司 Dual-stack user admission authentication method and device

Similar Documents

Publication Publication Date Title
CN104601743A (en) IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet
EP1876754B1 (en) Method system and server for implementing dhcp address security allocation
RU2556468C2 (en) Terminal access authentication method and customer premise equipment
EP2713583A1 (en) Network address translation for application of subscriber-aware services
EP2169877A1 (en) Processing method and device for qinq termination configuration
EP2615788A1 (en) Method for dual stack user management and broadband access server
KR20020082483A (en) Address acquisition
CN103916491B (en) Dynamic address mapping method and device based on NAT444 architecture
JP2003348116A (en) Address automatic setting system for in-home network
US20120281591A1 (en) Broadband network system and implementation method thereof
US8887237B2 (en) Multimode authentication
KR20080089635A (en) Network charging method, system and device
CN107733764B (en) Method, system and related equipment for establishing virtual extensible local area network tunnel
CN105959188B (en) Method and device for controlling user terminal to be on-line
CN101355489B (en) User management method based on dynamic host configuration protocol prefix proxy
WO2019047611A1 (en) Data transmission method, pnf sdn controller, vnf sdn controller, and system
CN100362800C (en) A method for triggering user terminal online via data message
CN106131177B (en) Message processing method and device
CN112217653B (en) Strategy issuing method, device and system
CN109788528B (en) Access point and method and system for opening internet access service thereof
WO2016192407A1 (en) Domain name system address configuration method and apparatus, and computer storage medium
CN106878479B (en) Address allocation method and device
CN101447976A (en) Method for accessing dynamic IP session, system and device thereof
CN102624707A (en) Method and system for negotiating internet protocol version 6 (IPv6) information
CN105306353A (en) Method, equipment and system for forwarding message

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: Huasan Communication Technology Co., Ltd.

CB02 Change of applicant information
RJ01 Rejection of invention patent application after publication

Application publication date: 20150506

RJ01 Rejection of invention patent application after publication