CN116566765A

CN116566765A - Network access method, device and storage medium

Info

Publication number: CN116566765A
Application number: CN202310613160.2A
Authority: CN
Inventors: 张龙江; 王元杰; 宋艳芳; 林赏; 王蕾
Original assignee: China United Network Communications Group Co Ltd
Current assignee: China United Network Communications Group Co Ltd
Priority date: 2023-05-26
Filing date: 2023-05-26
Publication date: 2023-08-08

Abstract

The application provides a network access method, a device and a storage medium, relates to the technical field of communication, and is used for solving the technical problem that the user experience is reduced by the existing network access method in the prior art. The network access method comprises the following steps: receiving a network access request sent by a terminal; the network access request includes a target network access address; reading the corresponding relation between the network access address and the resource equipment, and determining the target resource equipment corresponding to the target network access address; when the electronic equipment belongs to a transmission network corresponding to a second network transmission mode, and the target network access address is a network access address corresponding to a first network transmission mode, and the first network transmission mode is a private network transmission mode, a network access request is sent to target resource equipment through a virtual private network VPN tunnel; the VPN tunnel is a direct communication tunnel between the electronic device and the target resource device.

Description

Network access method, device and storage medium

Technical Field

The present disclosure relates to the field of communications technologies, and in particular, to a network access method, device, and storage medium.

Background

For universities, most universities establish their own campus network. The campus network is used for accessing network resources such as library systems, educational administration systems and the like in the universities. When a user accesses the internet through the campus network, the user can only access the network resources in the campus, but cannot access the public network resources. Or when the user surfs the internet through the operator network, the user can only access the public network resources, but cannot access the network resources in the campus.

At present, a user can access network resources in and out of a campus through a near-end manual switching mode, but cannot access network resources in and out of the campus at the same time. The user can also access network resources in and out of the campus simultaneously by using the remote routing agent mode, but the time delay is higher during access, so that the user experience is poor.

Disclosure of Invention

The application provides a network access method, a device and a storage medium, which are used for solving the technical problem that the prior network access method reduces user experience in the prior art.

In order to achieve the above purpose, the present application adopts the following technical scheme:

in a first aspect, a network access method is provided and applied to an electronic device; the network access method comprises the following steps: receiving a network access request sent by a terminal; the network access request includes a target network access address; reading the corresponding relation between the network access address and the resource equipment, and determining the target resource equipment corresponding to the target network access address; the corresponding relation comprises the corresponding relation between the network access address in the first network transmission mode and the resource equipment and the corresponding relation between the network access address in the second network transmission mode and the resource equipment; when the electronic equipment belongs to a transmission network corresponding to a second network transmission mode, and the target network access address is a network access address corresponding to a first network transmission mode, and the first network transmission mode is a private network transmission mode, a network access request is sent to target resource equipment through a virtual private network VPN tunnel; the VPN tunnel is a direct communication tunnel between the electronic device and the target resource device.

Optionally, before receiving the network access request sent by the terminal, the network access method further includes: receiving target domain name information sent by a terminal; reading the corresponding relation between the domain name information and the network transmission mode, determining a target network transmission mode corresponding to the target domain name information, and sending the target domain name information to target domain name resolution equipment corresponding to the target network transmission mode; receiving a target network access address sent by target domain name resolution equipment; the target network access address is obtained by analyzing the target domain name information; and sending the target network access address to the terminal so that the terminal generates a network access request according to the target network access address.

Optionally, before receiving the target domain name information sent by the terminal, the network access method further includes: receiving an Internet Protocol (IP) address application message sent by a terminal, and sending the IP address application message to PORTAL WEB equipment; the IP address application message is used for requesting the private network IP address of the terminal; receiving prompt information generated by PORTAL WEB equipment according to the IP address application message, and sending the prompt information to a terminal; the prompt information is used for prompting the terminal to send authentication information; receiving authentication information sent by a terminal and sending the authentication information to a PORTAL authentication device; the authentication information is used for indicating the PORTAL authentication equipment to send authentication information to the remote user dialing authentication RADIUS equipment and indicating the RADIUS equipment authentication information; and responding to the received authentication confirmation message for indicating that the authentication information is successfully authenticated, determining the private network IP address of the terminal, and sending the private network IP address to the terminal.

Optionally, the method further comprises: receiving a message to be transmitted sent by a terminal; the message to be transmitted comprises a private network IP address of the terminal; according to the corresponding relation between the private network IP address and the public network IP address, determining the public network IP address of the terminal corresponding to the private network IP address of the terminal, and updating the private network IP address of the terminal into the public network IP address of the terminal; in the corresponding relation between the private network IP address and the public network IP address, one public network IP address corresponds to a plurality of private network IP addresses; sending updated message to be transmitted; the updated message to be transmitted comprises the public network IP address of the terminal.

In a second aspect, a network access device is provided and applied to an electronic device; comprising the following steps: the device comprises a receiving unit, a reading unit, a processing unit and a sending unit; the receiving unit is used for receiving the network access request sent by the terminal; the network access request includes a target network access address; the reading unit is used for reading the corresponding relation between the network access address and the resource equipment; the processing unit is used for determining target resource equipment corresponding to the target network access address; the corresponding relation comprises the corresponding relation between the network access address in the first network transmission mode and the resource equipment and the corresponding relation between the network access address in the second network transmission mode and the resource equipment; a sending unit, configured to send a network access request to a target resource device through a VPN tunnel when the electronic device belongs to a transmission network corresponding to the second network transmission mode, the target network access address is a network access address corresponding to the first network transmission mode, and the first network transmission mode is a private network transmission mode; the VPN tunnel is a direct communication tunnel between the electronic device and the target resource device.

Optionally, the receiving unit is further configured to receive target domain name information sent by the terminal; the reading unit is also used for reading the corresponding relation between the domain name information and the network transmission mode; the processing unit is also used for determining a target network transmission mode corresponding to the target domain name information; the sending unit is also used for sending the target domain name information to target domain name resolution equipment corresponding to the target network transmission mode; the receiving unit is also used for receiving the target network access address sent by the target domain name resolution equipment; the target network access address is obtained by analyzing the target domain name information; and the sending unit is also used for sending the target network access address to the terminal so that the terminal generates a network access request according to the target network access address.

Optionally, the receiving unit is further configured to receive an internet protocol IP address application packet sent by the terminal; the sending unit is also used for sending an IP address application message to the PORTAL WEB equipment; the IP address application message is used for requesting the private network IP address of the terminal; the receiving unit is also used for receiving prompt information generated by the PORTAL WEB equipment according to the IP address application message; the sending unit is also used for sending prompt information to the terminal; the prompt information is used for prompting the terminal to send authentication information; the receiving unit is also used for receiving authentication information sent by the terminal; a sending unit, configured to send authentication information to a PORTAL authentication device; the authentication information is used for indicating the PORTAL authentication equipment to send authentication information to the remote user dialing authentication RADIUS equipment and indicating the RADIUS equipment authentication information; the processing unit is also used for responding to the received authentication confirmation message which is used for indicating that the authentication of the authentication information is successful, and determining the private network IP address of the terminal; and the sending unit is also used for sending the private network IP address to the terminal.

Optionally, the receiving unit is further configured to receive a message to be transmitted sent by the terminal; the message to be transmitted comprises a private network IP address of the terminal; the processing unit is further used for determining the public network IP address of the terminal corresponding to the private network IP address of the terminal according to the corresponding relation between the private network IP address and the public network IP address; the processing unit is also used for updating the private network IP address of the terminal into the public network IP address of the terminal; in the corresponding relation between the private network IP address and the public network IP address, one public network IP address corresponds to a plurality of private network IP addresses; the sending unit is also used for sending the updated message to be transmitted; the updated message to be transmitted comprises the public network IP address of the terminal.

In a third aspect, a network access device is provided, comprising a memory and a processor; the memory is used for storing computer execution instructions, and the processor is connected with the memory through a bus; when the network access device is running, the processor executes the computer-executable instructions stored in the memory to cause the network access device to perform the network access method of the first aspect.

The network access device may be a network device or may be a part of a device in a network device, such as a system-on-a-chip in a network device. The system-on-a-chip is configured to support the network device to implement the functions involved in the first aspect and any one of its possible implementations, for example, to obtain, determine, and send data and/or information involved in the network access method described above. The chip system includes a chip, and may also include other discrete devices or circuit structures.

In a fourth aspect, there is provided a computer-readable storage medium comprising computer-executable instructions that, when run on a computer, cause the computer to perform the network access method of the first aspect.

In a fifth aspect, there is also provided a computer program product comprising computer instructions which, when run on a network access device, cause the network access device to perform the network access method of the first aspect as described above.

It should be noted that the above-mentioned computer instructions may be stored in whole or in part on a computer-readable storage medium. The computer readable storage medium may be packaged together with the processor of the network access device or may be packaged separately from the processor of the network access device, which is not limited in the embodiments of the present application.

The description of the second, third, fourth and fifth aspects of the present application may refer to the detailed description of the first aspect.

In the embodiment of the present application, the names of the above network access devices do not limit the devices or functional modules, and in actual implementation, these devices or functional modules may appear under other names. For example, the receiving unit may also be referred to as a receiving module, a receiver, etc. Insofar as the function of each device or function module is similar to the present application, it is within the scope of the claims of the present application and the equivalents thereof.

The technical scheme provided by the application at least brings the following beneficial effects:

based on any one of the above aspects, the present application provides a network access method, which is applied to an electronic device. The network access method comprises the following steps: the electronic device may receive a network access request sent by the terminal. The network access request includes a target network access address. And then, the electronic equipment can read the corresponding relation between the network access address and the resource equipment and determine the target resource equipment corresponding to the target network access address. The corresponding relation comprises a corresponding relation between the network access address in the first network transmission mode and the resource equipment and a corresponding relation between the network access address in the second network transmission mode and the resource equipment. Subsequently, when the electronic device belongs to a transmission network corresponding to the second network transmission mode, and the target network access address is a network access address corresponding to the first network transmission mode, and the first network transmission mode is a private network transmission mode, the electronic device can send a network access request to the target resource device through a virtual private network VPN tunnel. The VPN tunnel is a direct communication tunnel between the electronic equipment and the target resource equipment.

From the above, the electronic device may determine the target resource device corresponding to the target network access address according to the correspondence between the network access address and the resource device, and send the network access request according to the network transmission mode corresponding to the target resource device. Because the corresponding relation comprises the corresponding relation between the network access address in the first network transmission mode and the resource equipment and the corresponding relation between the network access address in the second network transmission mode and the resource equipment, the electronic equipment can access the resource equipment corresponding to the first network transmission mode or the resource equipment corresponding to the second network transmission mode at the same time, network access is not required to be performed in a manual switching mode, and the experience of a user is improved.

In addition, because the VPN tunnel is a direct communication tunnel between the electronic equipment and the target resource equipment, the electronic equipment belonging to the second network transmission mode transmits data to the resource equipment corresponding to the first network transmission mode through the direct communication tunnel at a higher speed, and the transmission time delay of communication service is reduced without passing through a plurality of nodes of a backbone network and an educational network.

The advantages of the first, second, third, fourth and fifth aspects of the present application may be referred to for analysis of the above-mentioned advantages, and are not described here again.

Drawings

Fig. 1 is a schematic structural diagram of a near-end manual switching manner according to an embodiment of the present application;

fig. 2 is a schematic structural diagram of a remote routing proxy manner according to an embodiment of the present application;

fig. 3 is a schematic diagram of an internet long path according to an embodiment of the present application;

fig. 4 is a schematic structural diagram of a network access system according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a network access system according to the second embodiment of the present application;

fig. 6 is a schematic diagram of a terminal accessing a resource device corresponding to a public network through a broadband network according to an embodiment of the present application;

fig. 7 is a schematic diagram of a terminal accessing a resource device corresponding to a campus network through a broadband network according to an embodiment of the present application;

fig. 8 is a schematic hardware structure diagram of a network access device according to an embodiment of the present application;

fig. 9 is a second schematic hardware structure of a network access device according to the embodiment of the present application;

fig. 10 is a flowchart of a network access method according to an embodiment of the present application;

fig. 11 is a schematic flow chart of a terminal accessing a resource device through a broadband network according to an embodiment of the present application;

Fig. 12 is a schematic diagram of a direct communication tunnel according to an embodiment of the present application;

fig. 13 is a second flowchart of a network access method according to an embodiment of the present application;

fig. 14 is a schematic flow chart of a terminal accessing domain name resolution device through a broadband network according to an embodiment of the present application;

fig. 15 is a flowchart third of a network access method according to an embodiment of the present application;

fig. 16 is a schematic flow chart of a terminal acquiring an IP address according to an embodiment of the present application;

fig. 17 is a flowchart of a network access method according to an embodiment of the present application;

fig. 18 is a schematic diagram comparing CGN and NAT according to an embodiment of the present disclosure;

fig. 19 is a flowchart fifth of a network access method according to an embodiment of the present application;

fig. 20 is a schematic diagram of effects brought by applying the network access method provided by the embodiment of the present application;

fig. 21 is a schematic diagram second effect brought by applying the network access method provided in the embodiment of the present application;

fig. 22 is a schematic structural diagram of a network access device according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.

It should be noted that, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.

In order to clearly describe the technical solutions of the embodiments of the present application, in the embodiments of the present application, the terms "first", "second", and the like are used to distinguish the same item or similar items having substantially the same function and effect, and those skilled in the art will understand that the terms "first", "second", and the like are not limited in number and execution order.

Currently, when a user accesses network resources in and out of a campus through a terminal (i.e., a terminal held by the user), the user can access the network resources through a near-end manual switching mode or a far-end routing agent mode.

Fig. 1 shows a schematic diagram of a method structure for network access by means of near-end manual switching. As shown in fig. 1, a terminal 101 may access resource devices outside of a campus through a broadband network of an operator. The network access request initiated by the terminal 101 may pass through a passive optical network (Passive Optical Network, PON) node 102, such as an optical line terminal (Optical Line Terminal, OLT), an optical network unit (Optical Network Unit, ONU), etc. And then the resource equipment outside the campus is accessed through the backbone network finally through the large two-layer switch 103 and the BAS 104. Accordingly, the terminal 111 (e.g., personal computer (Personal Computer, PC), wireless Access Point (AP)) may initiate a network Access request through a campus network provided by a university to Access a resource device in the campus. The network access request sent by terminal 111 may pass through switch 110, BAS109, firewall device 107, and then reach resource device 108 on the campus to cause terminal 111 to access resource device 108 on the campus.

The manner of near-end manual handover refers to that, after the terminal 101 is accessed through the broadband network of the operator, the terminal 101 may access the network resources outside the campus through the broadband network of the operator. Meanwhile, the user may perform an operation of opening the installed virtual private network (Virtual Private Network, VPN) software on the terminal 101. The terminal 101 may establish a VPN tunnel with network resources within the campus in response to an operation of opening VPN software performed by the user. When VPN software is opened, terminal 101 may access network resources within the campus through the VPN tunnel. By adding a VPN tunnel in the four-layer network model, the terminal 101 may access network resources within the campus through the VPN tunnel.

However, when the user wants to access a network resource outside the campus, the user needs to perform an operation of closing VPN software on the terminal 101. Therefore, the terminal 101 may access the network resources in the campus in response to the operation of opening the VPN software performed by the user, and may not access the network resources in the campus and the network resources outside the campus at the same time in response to the operation of closing the VPN software performed by the user, thereby resulting in poor experience of the user.

Fig. 2 shows a schematic diagram of a method structure for network access by means of a remote routing agent. As shown in fig. 2, the remote routing agent means that, after the transport network accessed by the terminal is an operator broadband network, the terminal 201 may open the installed VPN software in response to the operation of opening the VPN software performed by the user, and establish a VPN tunnel with the network resource in the campus. Thereafter, when the terminal 201 accesses a network resource in the campus, the terminal 201 may send a network access request to the egress router 206 in the campus. Subsequently, when the egress router 206 determines that the network access request is data for accessing the network resource in the campus, the egress router 206 sends the network access resource to the resource device 208 in the campus corresponding to the network access request, so that the terminal accesses the network resource in the campus.

Or, when the egress router 206 determines that the network access request is data for accessing a network resource outside the campus, the egress router 206 sends the network access request to the resource device outside the campus corresponding to the network access request, so that the terminal 201 accesses the network resource outside the campus. In this case, the terminal 201 can access both the network resources inside the campus and the network resources outside the campus without closing the VPN software in response to the closing operation of the user.

However, since the VPN tunnel is established based on the internet long path, and the internet long path includes the backbone network and the educational network. Therefore, when the network access request passes through the VPN tunnel, the network access request needs to pass through a plurality of nodes of the backbone network and a plurality of nodes of the educational network, and the transmission delay of the communication service is high.

By way of example, fig. 3 shows a schematic diagram of an internet long path. As shown in fig. 3, after a terminal 301 initiates a network access request, it needs to pass through an operator broadband network, an extra-operator backbone network, an operator country backbone network, and a scientific computer network (Education and Research Network, CERNET) country education network, an intra-provincial education network in the long path of the internet, and finally reach the campus intranet. Therefore, the network access request initiated by the terminal 301 needs to pass through a plurality of nodes, and the transmission delay of the communication service is high.

In view of the above problems, the present application provides a network access method applied to an electronic device. The network access method comprises the following steps: the electronic device may receive a network access request sent by the terminal. The network access request includes a target network access address. And then, the electronic equipment can read the corresponding relation between the network access address and the resource equipment and determine the target resource equipment corresponding to the target network access address. The corresponding relation comprises a corresponding relation between the network access address in the first network transmission mode and the resource equipment and a corresponding relation between the network access address in the second network transmission mode and the resource equipment. Subsequently, when the electronic device belongs to a transmission network corresponding to the second network transmission mode, and the target network access address is a network access address corresponding to the first network transmission mode, and the first network transmission mode is a private network transmission mode, the electronic device can send a network access request to the target resource device through a virtual private network VPN tunnel. The VPN tunnel is a direct communication tunnel between the electronic equipment and the target resource equipment.

The network access method is suitable for a network access system. Fig. 4 shows a structure of the network access system. As shown in fig. 4, the network access system includes: an electronic device 401, a plurality of resource devices 402, and a terminal 403.

The electronic device 401 is communicatively connected to a plurality of resource devices 402 and terminals 403, respectively.

When the transport network to which the electronic device 401 belongs is different from the transport network to which a certain resource device 102 belongs (for example, the transport network to which the electronic device 401 belongs is a public network, and the transport network to which the certain resource device 102 belongs is a campus private network), the electronic device 401 and the resource device 402 are connected by VPN tunnel communication.

In this application, the electronic device 401 is configured to receive a network access request sent by the terminal 403, and forward the network access request sent by the terminal to the plurality of resource devices 402. Accordingly, the resource device 402 is configured to send, after receiving the network access request, a network resource corresponding to the network access request to the electronic device 401. Thereafter, the electronic device 401 forwards the network resource corresponding to the network access request to the terminal 403.

Alternatively, the electronic device 401 may be a broadband access server (broadband access server, BAS), an interworking gateway device, or an electronic device that integrates the BAS and the interworking gateway device, which is not limited in this embodiment of the present application.

Alternatively, the entity devices of the plurality of resource devices 402 may be servers providing network resources for the terminal.

The terminal may be a device that provides voice and/or data connectivity to a user, a handheld device with wireless connectivity, or other processing device connected to a wireless modem. The terminal may communicate with one or more core networks via a radio access network (radio access network, RAN). Terminals may be mobile terminals such as mobile telephones (or "cellular" telephones) and computers with mobile terminals, as well as portable, pocket, hand-held, computer-built-in or car-mounted mobile devices which exchange voice and/or data with radio access networks, e.g. cell phones, tablet computers, notebook computers, netbooks, personal digital assistants (personal digital assistant, PDA).

Alternatively, the server may be one server in a server cluster (including multiple servers), or may be a chip in the server, or may be a system on a chip in the server, or may be implemented by a Virtual Machine (VM) deployed on a physical machine, which is not limited in this embodiment of the present application.

In one implementation, fig. 5 illustrates another architecture of the network access system when the BAS and interworking gateway device are not integrated. Referring to fig. 4, as shown in fig. 5, the network access system includes: terminal 501, ONU502, OLT503, switch 504, BAS505, OLT506, interworking gateway device 507, domain name resolution device 508, port WEB device 509, port authentication device 510, radius device 511, switch 512, BAS513, firewall device 514, resource device 515 in campus, domain name resolution device 516.

The terminal 501, the ONU502, the OLT503, the switch 504, and the BAS505 are sequentially in communication connection, the switch 504 is in communication connection with the OLT506, the OLT506 is in communication connection with the interworking gateway device 507, the BAS505 is respectively in communication connection with the domain name resolution device 508, the port WEB device 509, the port authentication device 510, and the Radius device 511, the interworking gateway device is in communication connection with the switch 512 through a VPN tunnel, the switch 512, the BAS513, the firewall device 514, and the resource device 515 in the campus are sequentially in communication connection, and the BAS513 is in communication connection with the domain name resolution device 516.

In this application, the terminal 501 is configured to initiate a network access request, where the network access request passes through the ONU502, the OLT503, the switch 504, and then reaches the BAS505. When the BAS505 determines that the network access request is data for accessing a resource device outside the campus, the BAS505 sends the network access request to the resource device corresponding to the network access request. When BAS505 determines that the network access request is to access data of a resource device in the campus, BAS505 sends the network access request to switch 504, after which the network access request sequentially passes OLT506, interworking gateway device 507, switch 512, BAS513, firewall device 514, and finally reaches resource device 515 in the campus.

The terminal 501 is further configured to send domain name information, where the domain name information sequentially passes through the ONU502, the OLT503, the switch 504, and the BAS505, and then the BAS505 sends the domain name information to the switch 504, and then the domain name information sequentially passes through the OLT506 and the interworking gateway device 507. When the interworking gateway device 507 determines that the domain name information is domain name information outside the campus, the interworking gateway device 507 sends the domain name information to the OLT506, and then the domain name information sequentially passes through the OLT506, the switch 504, the BAS505, and finally reaches the domain name resolution device 508.

The terminal 501 is further configured to send an internet protocol (Internet Protocol, IP) address application packet, where the IP address application packet sequentially passes through the ONU502, the OLT503, the switch 504, and the BAS505, and then the BAS505 allocates an IP address to the terminal 501 through the port WEB device 509, the port authentication device 510, and the Radius device 511.

Optionally, the VPN tunnel may also be communicatively coupled directly to BAS513 or firewall device 514.

Illustratively, it is assumed that the transport network to which the terminal belongs is a broadband network (which may also be referred to as public network, public network) provided by the operator. Fig. 6 shows a schematic diagram of a terminal accessing a resource device corresponding to a public network through a broadband network. As shown in fig. 6, when a terminal accesses a resource device corresponding to a public network through a broadband network provided by an operator and the electronic device is a BAS, after the terminal 601 initiates a network access request, the network access request needs to pass through an ONU602 and an OLT603 of a metropolitan area network access layer, then reaches a convergence switch 604 of a metropolitan area network convergence layer, and then reaches a BAS605 of the metropolitan area network convergence layer. The BAS605 then sends a network access request to a Core Router (CR) 606 in the Core layer of the metropolitan area network, and the network access request subsequently reaches the target resource device accessed by the terminal 601.

Fig. 7 shows a schematic diagram of a terminal accessing a resource device corresponding to a campus network through a broadband network. As shown in fig. 7, when a terminal accesses a resource device corresponding to a campus network (may also be referred to as a private network or a private network) through a broadband network provided by an operator, and the BAS and the interworking gateway device are not integrated together, after the terminal 701 initiates a network access request, the network access request passes through an ONU702 and an OLT703 of a first metropolitan area network access layer, then reaches a convergence switch 704 of a metropolitan area network convergence layer, and then reaches a BAS705 of the metropolitan area network convergence layer. Then, BAS705 determines that the target resource device corresponding to the network access request initiated by the terminal is a resource device corresponding to the campus network, so BAS705 sends the network access request to aggregation switch 704. Next, the aggregation switch 704 sends a network access request to the interworking gateway device 710 through the OLT708 and the ONU709 of the second metropolitan area network access layer. Subsequently, interworking gateway device 710 sends the network access request to the resource devices (which may include firewall 711 and target resource device 712) of the campus network to which the network access request corresponds. In this way, the terminal can access the resource equipment corresponding to the campus network through the broadband network provided by the operator.

The basic hardware structure of the electronic device 401 includes elements included in the network access apparatus shown in fig. 8 or 9. The hardware configuration of the electronic apparatus 401 will be described below taking the network access device shown in fig. 8 and 9 as an example.

Fig. 8 is a schematic diagram of a hardware structure of a network access device according to an embodiment of the present application. The network access device comprises a processor 21, a memory 22, a communication interface 23, a bus 24. The processor 21, the memory 22 and the communication interface 23 may be connected by a bus 24.

The processor 21 is a control center of the network access device, and may be one processor or a collective name of a plurality of processing elements. For example, the processor 21 may be a general-purpose central processing unit (central processing unit, CPU), or may be another general-purpose processor. Wherein the general purpose processor may be a microprocessor or any conventional processor or the like.

As one example, processor 21 may include one or more CPUs, such as CPU 0 and CPU 1 shown in fig. 6.

Memory 22 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions, or an electrically erasable programmable read-only memory (EEPROM), magnetic disk storage or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.

In a possible implementation, the memory 22 may exist separately from the processor 21, and the memory 22 may be connected to the processor 21 by a bus 24 for storing instructions or program code. The processor 21, when calling and executing instructions or program code stored in the memory 22, is capable of implementing the network access method provided in the embodiments described below.

In the embodiment of the present application, the software program stored in the memory 22 is different for the electronic device 101, so the functions implemented by the electronic device 401 are different. The functions performed with respect to the respective devices will be described in connection with the following flowcharts.

In another possible implementation, the memory 22 may also be integrated with the processor 21.

A communication interface 23 for connecting the network access means with other devices via a communication network, which may be an ethernet, a radio access network, a wireless local area network (wireless local area networks, WLAN) or the like. The communication interface 23 may include a receiving unit for receiving data, and a transmitting unit for transmitting data.

Bus 24 may be an industry standard architecture (industry standard architecture, ISA) bus, an external device interconnect (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 8, but not only one bus or one type of bus.

Fig. 9 shows another hardware structure of the network access device in the embodiment of the present application. As shown in fig. 9, the network access device may include a processor 31 and a communication interface 32. The processor 31 is coupled to a communication interface 32.

The function of the processor 31 may be as described above with reference to the processor 21. The processor 31 also has a memory function and can function as the memory 22.

The communication interface 32 is used to provide data to the processor 31. The communication interface 32 may be an internal interface of the network access device or an external interface (corresponding to the communication interface 23) of the network access device.

It should be noted that the structure shown in fig. 8 (or fig. 9) does not constitute a limitation of the network access device, and the network access device may include more or less components than those shown in fig. 8 (or fig. 9), or may combine some components, or may be arranged in different components.

The network access method provided in the embodiments of the present application is described in detail below with reference to the accompanying drawings.

The network access method provided by the embodiment of the present application is applied to the electronic device 401 in the network access system shown in fig. 4, as shown in fig. 10, and the network access method provided by the embodiment of the present application includes:

S1001, the electronic equipment receives a network access request sent by the terminal.

Wherein the network access request includes the target network access address.

Alternatively, the network access address may be an IP address of the resource device to which the resource requested by the network access request belongs.

Specifically, when the terminal accesses the target network resource, the terminal may send the target network access request to the target resource device corresponding to the target network resource according to the IP address of the target resource device corresponding to the target network resource. Because the target resource device and the terminal are in communication connection through the electronic device, the electronic device can receive the network access request sent by the terminal.

S1002, the electronic equipment reads the corresponding relation between the network access address and the resource equipment, and determines the target resource equipment corresponding to the target network access address.

The corresponding relation comprises a corresponding relation between the network access address in the first network transmission mode and the resource equipment and a corresponding relation between the network access address in the second network transmission mode and the resource equipment.

Specifically, after receiving the network access request, the electronic device may determine the network transmission mode corresponding to the target network access address, and then read the corresponding relation between the network transmission mode and the resource device, and determine the target resource device corresponding to the target network access address, where the network access request carries the target network access address, and the corresponding relation between the network access address in the first network transmission mode and the resource device and the corresponding relation between the network access address in the second network transmission mode and the resource device are stored in the electronic device. Thus, whether the target network access address is an address of the resource device corresponding to the first network transmission mode or an address of the resource device corresponding to the second network transmission mode, the electronic device can access the resource devices corresponding to different network transmission modes according to the corresponding relation between the network access address and the resource device.

Alternatively, one of the first network transmission mode and the second network transmission mode may be a public network (may also be referred to as a public network) transmission mode, and the other may be a private network (may also be referred to as a private network) transmission mode.

For example, it is assumed that one of the first network transmission manner and the second network transmission manner is a broadband network provided by an operator (i.e., a public network in the present application), the other is a campus network provided by a university (i.e., a private network in the present application), and the BAS and the interworking gateway device are not integrated in one electronic device. Fig. 11 shows a schematic flow diagram of a terminal accessing a resource device through a broadband network. As shown in fig. 11, the process of accessing the resource device by the terminal through the broadband network includes:

s1101, the terminal initiates a network access request through a broadband network.

In connection with fig. 10, the description of the terminal initiating the network access request through the broadband network may refer to the description of S1001, which is not described herein.

S1102, the BAS receives a network access request initiated by the terminal.

In connection with fig. 10, the relevant description of the bas receiving the network access request initiated by the terminal may refer to the relevant description of S1001, which is not described herein.

S1103, the BAS determines whether the target resource device corresponding to the target network access address in the network access request is a resource device corresponding to the campus network.

In connection with fig. 10, the description of the bas in determining whether the target resource device corresponding to the target network access address in the network access request is the resource device corresponding to the campus network may refer to the description of S1002, which is not described herein.

S1104, when the target network access address is not the resource device corresponding to the campus network, the BAS determines that the target resource device is the resource device corresponding to the public network. The BAS sends the network access request to the resource equipment corresponding to the public network through the self Internet outlet.

Referring to fig. 10, when the target network access address is not a resource device corresponding to the campus network, the BAS determines that the target resource device is a resource device corresponding to the public network. The relevant description of the BAS for sending the network access request to the resource device corresponding to the public network through the own internet outlet may refer to the relevant description of S1002, which is not described herein again.

S1105, when the target network access address is a resource device corresponding to the campus network, the BAS sends a network access request to the interworking gateway device through the VPN tunnel.

Referring to fig. 10, when the target network access address is a resource device corresponding to the campus network, the relevant description of the BAS for sending the network access request to the interworking gateway device through the VPN tunnel may refer to the relevant description of S1003, which is not described herein.

And S1106, the interworking gateway device sends a network access request to the target resource device through the routing forwarding table.

In connection with fig. 10, the relevant description of the bas receiving the network access request initiated by the terminal may refer to the relevant description of S1003, which is not described herein.

S1107, when the target resource device sends the target resource to the terminal, the interworking gateway device sets a backhaul static route so that the target resource can be sent to the terminal through the BAS.

In connection with fig. 10, when the target resource device sends the target resource to the terminal, the interworking gateway device sets a backhaul static route, so that the related description that the target resource can be sent to the terminal through the BAS can refer to the related description of S1003, which is not described herein again.

In still another alternative, one of the first network transmission mode and the second network transmission mode may be a first private network transmission mode, and the other may be a second private network transmission mode.

The first private network transmission mode is assumed to be a network transmission mode of a first enterprise, and the second private network transmission mode is assumed to be a network transmission mode of a second enterprise. The terminal of the first enterprise can access the resource device corresponding to the second private network transmission mode through the electronic device, and the terminal can access the resource device of the second enterprise.

S1003, when the electronic equipment belongs to a transmission network corresponding to the second network transmission mode, the target network access address is a network access address corresponding to the first network transmission mode, and the first network transmission mode is a private network transmission mode, the electronic equipment sends a network access request to the target resource equipment through a VPN tunnel.

The VPN tunnel is a direct communication tunnel between the electronic equipment and the target resource equipment. The transmission network corresponding to the network transmission mode to which the terminal belongs is the same as the transmission network corresponding to the network transmission mode to which the electronic equipment belongs.

Specifically, when the target network access address is a network access address corresponding to the first network transmission mode, the first network transmission mode is a private network transmission mode, and the electronic device belongs to a transmission network corresponding to the second network transmission mode, the target resource device corresponding to the target network access address belongs to a transmission network corresponding to the first network transmission mode. Because the resource device in the private network transmission mode does not allow the device access in other network transmission modes, and the electronic device and the target resource device are devices in the transmission networks corresponding to different network transmission modes, the electronic device cannot send the network access request from the terminal to the target resource device through the transmission network corresponding to the network transmission mode to which the electronic device belongs.

In this case, since a VPN tunnel is established between the electronic device and the target resource device, and the VPN tunnel is a direct communication tunnel between the electronic device and the target resource device. Thus, the electronic device may send a target network access request to the target resource device through the VPN tunnel with the target resource device.

Alternatively, the VPN tunnel may be established through an optical fiber between the electronic device and the target resource device.

Alternatively, the VPN tunnel may be a VPN tunnel established by a generic routing encapsulation protocol (Generic Routing Encapsulation, GRE), a layer two tunneling protocol (Layer Two Tunnel Protocol, L2 TP), network protocol security (Internet Protocol Security, IPSec), a secure socket layer protocol (Security Socket Layer, SSL), or the like, or may be a multiprotocol label switching (Multi Protocol Label Switching, MPLS) VPN tunnel.

It should be appreciated that when the VPN tunnel is an MPLS VPN tunnel, the manner in which the VPN tunnel is established is relatively simple.

Alternatively, the determining, by the electronic device, the network transmission manner to which the target network access address belongs and sending, by the electronic device, the network access request to the target resource device through the VPN tunnel may be implemented by policy traffic engineering (Traffic Engineering, TE).

The electronic equipment and the target resource equipment are connected through the direct communication tunnel, so that the electronic equipment does not need to pass through a plurality of nodes of the backbone network and the educational network when sending the target network access request to the target resource equipment through the VPN tunnel, and the transmission delay of communication service is reduced.

Correspondingly, when the transmission network corresponding to the network transmission mode to which the target network access address belongs is the same as the transmission network corresponding to the network transmission mode to which the electronic equipment belongs, the target resource equipment accessed by the terminal is the same as the transmission network corresponding to the network transmission mode to which the electronic equipment belongs. In this case, the electronic device sends the network access request to the target resource device through the transmission network corresponding to the network transmission mode to which the electronic device belongs.

By way of example, fig. 12 shows a schematic diagram of a direct communication tunnel. As shown in fig. 12, assuming that the transport network corresponding to the second network transport manner is an operator network, the transport network corresponding to the first network transport manner is a campus network in a campus, and the BAS and the interworking gateway device are not integrated in one electronic device, the starting point of the VPN tunnel may be a BAS1205 in the operator network, and the end point may be a switch 1212 or a firewall device 1214 corresponding to the campus network.

Alternatively, the VPN tunnel may be established through an optical fiber between the BAS and the switch device of the campus network.

Alternatively, the VPN tunnel may be established through an optical fiber between the BAS and a firewall device within the campus network.

It should be noted that, when the BAS and the interworking gateway device are not integrated in one electronic device, the BAS may be used to determine a target resource device corresponding to the target network access address, and the interworking gateway device may determine a target domain name resolution device corresponding to the target domain name information. In this case, the operations that would otherwise be performed by one electronic device are performed by the BAS and the interworking gateway device, respectively. In this way, since one electronic device simultaneously executes the target resource device corresponding to the determination target network access address and the target domain name resolution device corresponding to the determination target domain name information, the electronic device is liable to be blocked due to the large amount of data processed. By executing all operations executed by one electronic device by the BAS and the interworking gateway device respectively, the operations executed by the BAS and the interworking gateway device are fewer and are not easy to block.

In some embodiments, in conjunction with fig. 10, before the electronic device receives the network access request sent by the terminal, as shown in fig. 13, the network access method provided in the embodiments of the present application further includes:

S1301, the electronic equipment receives target domain name information sent by the terminal.

Specifically, before the terminal sends the network access request, the terminal needs to obtain the target network access address through the target domain name information. Thus, the terminal can transmit the target domain name information to the electronic device before transmitting the network access request. Accordingly, the electronic device may receive the target domain name information sent by the terminal, and send the target domain name information to the target domain name resolution device, so that the target domain name resolution device resolves the target domain name information, thereby determining a target network access address corresponding to the target domain name information.

S1302, the electronic equipment reads the corresponding relation between the domain name information and the network transmission mode, determines the target network transmission mode corresponding to the target domain name information, and sends the target domain name information to the target domain name resolution equipment corresponding to the target network transmission mode.

Specifically, because the correspondence between the domain name information and the network transmission mode is stored in the electronic device, the electronic device can read the correspondence between the domain name information and the network transmission mode, and determine the target network transmission mode corresponding to the target domain name information according to the correspondence between the domain name information and the network transmission mode. And then, when the network transmission mode of the electronic equipment is different from the target network transmission mode corresponding to the target domain name information, the electronic equipment can send the target domain name information to the target domain name resolution equipment corresponding to the target network transmission mode according to the VPN tunnel.

Optionally, when the BAS and the interworking gateway device are not integrated, the electronic device reads the correspondence between the domain name information and the network transmission mode, determines a target network transmission mode corresponding to the target domain name information, and sends the target domain name information to the target domain name resolution device corresponding to the target network transmission mode.

Alternatively, one of the first network transmission mode and the second network transmission mode may be a public network transmission mode, and the other may be a private network transmission mode.

By way of example, it is assumed that one of the first network transmission mode and the second network transmission mode is a broadband network provided by an operator, the other is a campus network provided by a university, and the BAS and the interworking gateway device are not integrated in one electronic device. Fig. 14 shows a flow diagram of a terminal accessing a domain name resolution device via a broadband network. As shown in fig. 14, the flow of the terminal accessing the domain name resolution device through the broadband network includes:

s1401, the terminal transmits target domain name information to the BAS.

In connection with fig. 13, the description of the terminal transmitting the target domain name information to the BAS may refer to the description of S1301, which is not described herein.

S1402, after receiving the target domain name information, the BAS sends the target domain name information to the interworking gateway device.

In connection with fig. 13, after the bas receives the target domain name information, the description related to the sending of the target domain name information to the interworking gateway device may refer to the description related to S1302, which is not described herein again.

S1403, after the intercommunication gateway equipment receives the target domain name information, determining whether the target domain name information is the domain name information corresponding to the campus network.

Referring to fig. 13, after the interworking gateway device receives the target domain name information, the description of determining whether the target domain name information is the domain name information corresponding to the campus network may refer to the description of S1302, which is not described herein again.

And S1404, when the target domain name information is the domain name information corresponding to the campus network, the interworking gateway device sends the target domain name information to the domain name resolution device corresponding to the campus network through the VPN tunnel.

Referring to fig. 13, when the target domain name information is domain name information corresponding to the campus network, the related description of sending the target domain name information to the domain name resolution device corresponding to the campus network by the interworking gateway device through the VPN tunnel may refer to the related description of S1302, which is not described herein again.

S1405, when the target domain name information is not the domain name information corresponding to the campus network, the interworking gateway device returns the target domain name information to the BAS through the broadband network, and then the BAS sends the target domain name information to the domain name resolution device corresponding to the public network.

Referring to fig. 13, when the target domain name information is not the domain name information corresponding to the campus network, the interworking gateway device returns the target domain name information to the BAS through the broadband network, and then the BAS sends the related description of the target domain name information to the domain name resolution device corresponding to the public network, which will be described in detail herein.

S1406, the BAS receives the network access address sent by the domain name resolution device, and then sends the network access address to the terminal.

In connection with fig. 13, the bas may refer to the related descriptions of S1303 and S1304 after receiving the network access address sent by the domain name resolution device and then sending the network access address to the terminal, which will not be described herein.

The first private network transmission mode is assumed to be a network transmission mode of a first enterprise, and the second private network transmission mode is assumed to be a network transmission mode of a second enterprise. The electronic device may receive domain name information sent by the terminal of the first enterprise through the transmission network corresponding to the first private network transmission mode, then determine whether the domain name information is domain name information corresponding to the second private network transmission mode of the second enterprise, and if the domain name information is domain name information corresponding to the second private network transmission mode, send the domain name information to the domain name resolution device corresponding to the second private network transmission mode. If the domain name information is not the domain name information corresponding to the second private network transmission mode, the electronic equipment sends the domain name information to the domain name resolution equipment corresponding to the first private network transmission mode.

Alternatively, the domain name resolution device may be a domain name system (Domain Name System, DNS) server.

Optionally, the determining, by the electronic device, the target domain name information and the target network transmission mode, and sending, by the electronic device, the target domain name information to the target domain name resolution device through the VPN tunnel may be implemented by using a policy TE.

Accordingly, when the network transmission mode to which the electronic device belongs is the same as the target network transmission mode corresponding to the target domain name information, the electronic device may send the target domain name information to the target domain name resolution device corresponding to the target network transmission mode according to the transmission network corresponding to the target network transmission mode.

It should be noted that, when the correspondence between the domain name information and the network transmission mode is updated, the electronic device may update the correspondence between the domain name information and the network transmission mode.

Correspondingly, when the corresponding relation between the network access address and the resource equipment is updated, the electronic equipment can update the corresponding relation between the network access address and the resource equipment.

S1303, the electronic device receives the target network access address sent by the target domain name resolution device.

The target network access address is obtained by analyzing the target domain name information.

Specifically, after the electronic device sends the target domain name information to the target domain name resolution device corresponding to the target network transmission mode, the target domain name resolution device resolves the target domain name information to obtain the target network access address. The target domain name resolution device may then send the target network access address to the electronic device, such that the electronic device sends the target network access address to the terminal.

And 1304, the electronic equipment sends the target network access address to the terminal so that the terminal generates a network access request according to the target network access address.

Specifically, after receiving the target network access address sent by the target domain name resolution device, the electronic device may send the target network access address to the terminal. Subsequently, after receiving the target network access address, the terminal can generate a network access request according to the target network access address, so that the terminal can access the target resource device corresponding to the target domain name information according to the network access request.

In some embodiments, as shown in fig. 15 in conjunction with fig. 13, before the electronic device receives the target domain name information sent by the terminal, the terminal needs to perform authentication of the authentication information to obtain a private network IP address. The network access method further comprises the following steps:

S1501, the electronic device receives an Internet Protocol (IP) address application message sent by the terminal, and sends the IP address application message to the PORTAL WEB device.

The IP address application message is used for requesting the private network IP address of the terminal.

Specifically, each terminal needs to acquire an IP address before accessing the resource device corresponding to the network access address, so the terminal may send an IP address application message to the electronic device, so that the terminal acquires an IP address. In this case, the electronic device may receive an IP address application message sent by the terminal. And then, the electronic equipment sends an IP address application message to the PORTAL WEB equipment.

Illustratively, table 1 shows a schematic representation of a message received or forwarded by an electronic device. As shown in table 1, NO is the sequence number of a message (i.e., a network access request, target domain name information, etc.) received or sent by an electronic device, TIME is the TIME when the electronic device receives or sends the message, SOURCE is the SOURCE IP address of the message received or sent by the electronic device (i.e., the IP address of the device that initiates the message, such as the private network IP address of the terminal that initiates the network access request), DESTINATION is the target IP address of the message received or sent by the electronic device (e.g., the target network access address in the application), procoll is the PROTOCOL used by the message, LENGTH is the LENGTH of the message, and INFO is the information in the message. The DNS domain name resolution message is a message of domain name information received by the BAS and a message of domain name information sent by the BAS. The message of the transmission control protocol (Transmission Control Protocol, TCP) connection is a message of the TCP protocol used by the terminal and the target device (e.g., the port WEB device in the present application) captured by the BAS to establish the connection. The messages redirected by the hypertext transfer protocol (Hyper Text Transfer Protocol, HTTP) 302 are messages from the BAS receiving terminal and messages from the forwarding terminal to the PORTAL WEB device.

TABLE 1

/>

S1502, the electronic equipment receives prompt information generated by the PORTAL WEB equipment according to the IP address application message, and sends the prompt information to the terminal.

The prompt information is used for prompting the terminal to send authentication information.

Specifically, after receiving the IP address application message of the terminal, the PORTAL WEB device may send a prompt message to the terminal, so that the terminal sends authentication information to the electronic device.

Alternatively, the prompt information may include a WEB page for prompting the user to perform the input of the authentication information.

Alternatively, the authentication information may be an account number password.

S1503, the electronic equipment receives the authentication information sent by the terminal and sends the authentication information to the PORTAL authentication equipment.

The authentication information is used for indicating the PORTAL authentication equipment to send the authentication information to the remote user dialing authentication RADIUS equipment and indicating the RADIUS equipment to authenticate the authentication information.

Specifically, after receiving the authentication information sent by the terminal, the electronic device forwards the authentication information to the PORTAL WEB device. After that, the PORTAL WEB device transmits authentication information to the PORTAL authentication device. After receiving the authentication information, the PORTAL authentication device may use the PORTAL protocol to perform user datagram protocol (User Datagram Protocol, UDP) encapsulation on the authentication information, and then send the UDP encapsulated authentication information to the electronic device by challenging handshake authentication protocol (Challenge Handshake Authentication Protocol, CHAP) authentication mode. The electronic device may then extract the authentication information from the received UDP encapsulated authentication information and then encapsulate it into a RADIUS message, and send the RADIUS message to the RADIUS device.

Subsequently, the RADIUS device may authenticate the authentication information in the received RADIUS message. After the authentication information is successfully authenticated, the RADIUS equipment sends a PORTAL authentication confirmation message to the PORTAL authentication equipment.

Alternatively, the RADIUS device or the port authentication device may use a two-layer port technique or a three-layer port technique for authenticating the authentication information, which is not limited in the embodiment of the present application.

It should be noted that the two-layer PORTAL technology refers to that the terminal is directly connected to the electronic device in a communication manner or only two layers of devices exist between the terminal and the electronic device. The three-layer PORTAL technology refers to bridging three-layer devices between the terminal and the BAS.

In connection with the above example, table 1 is combined as shown in table 2. Table 2 shows a schematic representation of a message of authentication information transmitted by a terminal. The HTTP message is a message of authentication information sent by the terminal, and userName (for example, account number is test 01) and userPwd (for example, password is test 01) are authentication information in the application.

TABLE 2

Table 3 shows a schematic diagram of a UDP message sent by the PORTAL authentication device. As shown in table 3, the UDP packet is the authentication information encapsulated by UDP in the present application. 50100→2000 is the port number sent by the port authentication device.

TABLE 3 Table 3

Table 4 shows a schematic representation of a RADIUS message sent by an electronic device. As shown in table 4, the RADIUS message is a message sent by the electronic device to the RADIUS device.

TABLE 4 Table 4

S1504, the electronic equipment responds to the received authentication confirmation message for indicating that the authentication information is successfully authenticated, determines the private network IP address of the terminal, and sends the private network IP address to the terminal.

Specifically, after receiving the PORTAL authentication response message, the PORTAL authentication device may generate an authentication confirmation message for indicating that the authentication information authentication is successful. After the electronic equipment receives the authentication confirmation message which is sent by the RADIUS equipment and used for indicating that the authentication information is successfully authenticated, the private network IP address of the terminal can be determined. The electronic device may then send the private network IP address to the terminal.

Optionally, the electronic device determines the private network IP address of the terminal, which may be obtained from a preset IP resource pool, and determines the one IP address as the private network IP address of the terminal.

It should be noted that, before the terminal sends the IP address application message to the electronic device, the terminal may dynamically apply a temporary IP address to a dynamic host configuration protocol (Dynamic Host Configuration Protocol, DHCP) server. The electronic device then accesses certain specific resources, such as pages for which the user entered authentication information, via the temporary IP address. Subsequently, after receiving the private network IP address sent by the electronic equipment, the terminal releases the temporary IP address.

Alternatively, the DHCP server may be an electronic device.

Optionally, the authentication of the authentication information by the terminal may be authenticated by a Point-to-Point Protocol over Ethernet (PPPoE) manner, or may be authenticated by an IP over Ethernet (IPOE) manner, which is not limited in this embodiment of the present application.

In connection with the above example, table 5 shows a schematic representation of an authentication confirmation message. As shown in fig. 5, the HTTP200OK message is an authentication confirmation message used in the present application to indicate that authentication information authentication is successful.

TABLE 5

In connection with fig. 15, fig. 16 shows a flow chart of a terminal acquiring an IP address. Assuming that the electronic device is a BAS, the flow of acquiring the private network IP address by the terminal is as shown in fig. 16:

s1601, the terminal sends an IP address application message to the BAS.

In connection with fig. 11, the description of the terminal sending the IP address application message to the BAS may refer to the description of S1101, which is not described herein.

S1602, the BAS sends an IP address application message to the PORTAL WEB equipment.

In connection with fig. 11, the description of the bas sending the IP address application message to the port WEB device may refer to the description of S1101, which is not described herein.

S1603, the PORTAL WEB device sends prompt information to the BAS.

In connection with fig. 11, the description of the sending of the prompt message to the BAS by the portal WEB device may refer to the description of S1102, which is not described herein.

S1604, the BAS sends a prompt message to the terminal.

In conjunction with fig. 11, the description of the sending of the prompt message by the bas to the terminal may refer to the description of S1102, which is not described herein.

S1605, the terminal transmits authentication information to the BAS.

In connection with fig. 11, the description of the terminal transmitting authentication information to the BAS may refer to the description of S1103, which is not described herein.

S1606, the BAS transmits authentication information to the PORTAL authentication device.

In connection with fig. 11, the description of the bas transmitting authentication information to the PORTAL authentication device may refer to the description of S1103, which is not described herein.

S1607, the PORTAL authentication device sends UDP encapsulated authentication information to the BAS.

In connection with fig. 11, the description of the sending of the UDP encapsulated authentication information by the portal authentication device to the BAS may refer to the description of S1103, which is not described herein.

S1608, the BAS sends a RADIUS message to the RADIUS device.

In connection with fig. 11, the relevant description of the bas sending the RADIUS message to the RADIUS device may refer to the relevant description of S1103, which is not described herein.

S1609, the RADIUS device sends a PORTAL authentication response message to the PORTAL authentication device.

In connection with fig. 11, the description of the radius device sending the port authentication reply message to the port authentication device may refer to the description of S1104, which is not repeated herein.

S1610, the PORTAL authentication device sends an authentication confirmation message for indicating that the authentication information is successful to the PORTAL WEB device.

In connection with fig. 11, the description of the transmission of the authentication confirmation message for indicating that the authentication information is successful by the PORTAL authentication device to the PORTAL WEB device may refer to the description of S1104, which is not repeated herein.

S1611, the BAS determines the private network IP address of the terminal, and sends the private network IP address of the terminal to the terminal.

In connection with fig. 11, the bas determines the private network IP address of the terminal and sends the relevant description of the private network IP address of the terminal to the terminal may refer to the relevant description of S1104, which is not repeated herein.

In some embodiments, in conjunction with fig. 15, as shown in fig. 17, the network access method provided in the embodiment of the present application further includes:

s1701, the electronic equipment receives a message to be transmitted sent by the terminal.

The message to be transmitted comprises a private network IP address of the terminal.

Specifically, when the terminal accesses the resource device corresponding to the network access address, the terminal may send the message to be transmitted to the electronic device. And then, the electronic equipment can receive the message to be transmitted sent by the terminal. When the network transmission mode of the terminal to which the resource equipment corresponding to the message to be transmitted belongs is a private network transmission mode, the terminal accesses the resource equipment corresponding to the message to be transmitted by using the private network IP address. Thus, the message to be transmitted includes the private network IP address of the terminal.

S1702, the electronic equipment determines a public network IP address of the terminal corresponding to the private network IP address of the terminal according to the corresponding relation between the private network IP address and the public network IP address, and updates the private network IP address of the terminal to the public network IP address of the terminal.

In the corresponding relation between the private network IP address and the public network IP address, one public network IP address corresponds to a plurality of private network IP addresses.

Specifically, when the terminal accesses the resource device corresponding to the private network transmission mode, the terminal uses the private network IP address of the terminal to access. However, when the terminal accesses the resource device corresponding to the public network transmission mode, the terminal cannot access the resource device corresponding to the public network transmission mode by using the private network IP address of the terminal. Therefore, the electronic device can determine the public network IP address of the terminal corresponding to the private network IP address of the terminal according to the corresponding relationship between the private network IP address and the public network IP address. And then, the electronic equipment can update the private network IP address of the terminal to the public network IP address of the terminal, so that the terminal can access the resource equipment corresponding to the public network transmission mode by using the public network IP address of the terminal.

It should be noted that, because the number of public network IP addresses is smaller and the number of private network IP addresses is larger, the electronic device may multiplex the public network IP addresses by using Carrier-grade network address translation (CGN) technology, thereby improving the utilization rate of the public network IP addresses.

Wherein the CGN is carrier-level network address translation (Network Address Translation, NAT) such that a plurality of private network IP addresses map to one public network IP address. In this case, the terminal may access the resource device corresponding to the private network transmission mode through the private network IP address of the terminal, or may determine the public network IP address of the terminal through the correspondence between the private network IP address and the public network IP address, so that the terminal may access the resource device corresponding to the public network transmission mode by using the public network IP address.

Fig. 18 shows a schematic diagram of a comparison of CGN and NAT. As shown in fig. 18, the CGN has advantages of large capacity, small performance, high reliability, NAT recording, user manageability, and the like, compared to the conventional NAT.

Correspondingly, when the network transmission mode corresponding to the message to be transmitted is the private network transmission mode, the electronic equipment does not need to update the private network IP address to the public network IP address.

S1703, the electronic equipment sends the updated message to be transmitted.

The updated message to be transmitted comprises the public network IP address of the terminal.

Specifically, when the network transmission mode corresponding to the message to be transmitted is the private network transmission mode, the electronic device updates the message to be transmitted, that is, the electronic device adds the public network IP address corresponding to the private network IP address of the terminal to the message to be transmitted. And then, the electronic equipment sends the updated message to be transmitted, so that the terminal can access the resource equipment corresponding to the public network transmission mode according to the public network IP address corresponding to the private network IP address.

Correspondingly, when the network transmission mode corresponding to the message to be transmitted is the private network transmission mode, the electronic equipment does not update the message to be transmitted and sends the message to be transmitted, so that the terminal can access the resource equipment corresponding to the private network transmission mode according to the private network IP address of the terminal.

In some embodiments, the foregoing is mainly described in detail from each step of the network access method provided in the present application, and the complete flow of the network access method provided in the embodiment of the present application is described below in conjunction with each embodiment described above. As shown in fig. 19, the network access method provided in the embodiment of the present application specifically includes:

s1901, the terminal initiates an IP address application message.

In conjunction with fig. 15, the description of the terminal initiating the IP address application message may refer to the description of S1501, which is not described herein.

S1902, the BAS receives the IP address application message and then sends the IP address application message to the PORTAL WEB equipment.

In conjunction with fig. 15, the relevant description of the bas receiving the IP address application packet and then sending the IP address application packet to the PORTAL WEB device may refer to the relevant description of S1501, which is not described herein again.

And S1903, the PORTAL WEB equipment sends prompt information to the terminal through the BAS.

Referring to fig. 15, the description of the sending of the prompt message by the portal WEB device to the terminal through the BAS may refer to the description of S1502, which is not described herein.

And S1904, the terminal sends authentication information to the PORTAL WEB equipment through the BAS.

Referring to fig. 15, the description of the terminal sending the authentication information to the port WEB device through the BAS may refer to the description of S1503, which is not described herein.

S1905, the PORTAL WEB device transmits authentication information to the PORTAL authentication device.

In connection with fig. 15, the description of the transmission of authentication information by the PORTAL WEB device to the PORTAL authentication device may refer to the description of S1503, and will not be described herein.

S1906, the PORTAL authentication device uses the PORTAL protocol to carry out UDP encapsulation on the authentication information, and then sends the authentication information after UDP encapsulation to the electronic device in a CHAP mode.

Referring to fig. 15, the related description of the authentication information after UDP encapsulation is sent to the electronic device by the CHAP method by using the PORTAL authentication device to perform UDP encapsulation on the authentication information, which will be described in detail herein.

S1907, the BAS extracts authentication information from the authentication information encapsulated by the UDP, encapsulates the authentication information into a RADIUS message, and sends the RADIUS message to the RADIUS equipment.

In connection with fig. 15, the bas extracts authentication information from the UDP encapsulated authentication information, encapsulates the authentication information into a RADIUS message, and sends the RADIUS message to the RADIUS device, which will be described in connection with S1503, and will not be described herein.

S1908, the RADIUS equipment authenticates the authentication information in the received RADIUS message, and after successful authentication, the RADIUS equipment sends a PORTAL authentication response message to the PORTAL authentication equipment.

Referring to fig. 15, the RADIUS device performs authentication on the authentication information in the received RADIUS message, and after the authentication is successful, the description related to the sending of the port authentication response message to the port authentication device may refer to the description related to S1503, which is not described herein again.

S1909, after receiving the PORTAL authentication response message, the PORTAL authentication device sends an authentication confirmation message for indicating successful authentication to the BAS.

In connection with fig. 15, after receiving the port authentication response message, the port authentication device sends a related description of the authentication confirmation message for indicating that authentication is successful to the BAS, reference may be made to the related description of S1503, which is not repeated herein.

S1910, after receiving the authentication confirmation message, the BAS selects an IP address from the IP address resource pool to determine the IP address as the IP address of the terminal, and sends the IP address to the terminal.

In conjunction with fig. 15, after receiving the authentication confirmation message, the bas selects an IP address from the IP address resource pool to determine the IP address as the IP address of the terminal, and sends the IP address to the terminal, which will be described with reference to S1504, and will not be described herein.

S1911, when the terminal accesses the resource equipment, the terminal sends a network access request to the BAS. The BAS then determines whether the IP address of the terminal is a public network IP address.

In connection with fig. 17, a terminal sends a network access request to the BAS when accessing a resource device. The relevant description of the BAS for determining whether the IP address of the terminal is the public network IP address may refer to the relevant description of S1701, which is not described herein.

S1912, when the IP address of the terminal is not the IP address of the public network, the BAS maps the private network IP address to the public network IP address through the CGN.

Referring to fig. 17, when the IP address of the terminal is not the IP address of the public network, the relevant description of mapping the private network IP address to the public network IP address by the BAS through the CGN may refer to the relevant description of S1702, which is not described herein.

S1913, the BAS accesses the resource device through the public network IP address.

In connection with fig. 17, the relevant description of the bas accessing the resource device through the public network IP address may refer to the relevant description of S1702, which is not described herein.

Fig. 20 is a schematic diagram illustrating an effect brought by applying the network access method provided in the embodiment of the present application. As shown in fig. 20, when the present application is applied to a user of a college, it is known from fig. 20 that the growth track of the user of the college is slower from 2017 to 2020 when the network access method provided by the embodiment of the present application is not applied. And after 2021 is applied to the network access method provided by the embodiment of the application, the user of the college grows faster.

The benefit evaluation is carried out according to the average income (Average Revenue Per user, ARPU) value of 50 yuan/month (mobile phone + broadband) of each student package, the daily sustained income increase of students exceeds 2000 households/year, the monthly income increase is 10 ten thousand, and the annual income increase is 120 ten thousand yuan.

Fig. 21 is a schematic diagram illustrating still another effect caused by applying the network access method provided in the embodiment of the present application. As shown in fig. 21, after the network access method provided by the embodiment of the present application is applied, the time delay of surfing the internet for the college user is greatly reduced. The method can optimize the network time delay to reduce by 80% -90%, realize the integration of broadband, intelligent campus low time delay and practical network remodeling, play an exemplary role in the field of universities and provide multiple innovation and large-connection enabling functions.

The foregoing description of the solution provided in the embodiments of the present application has been mainly presented in terms of a method. To achieve the above functions, it includes corresponding hardware structures and/or software modules that perform the respective functions. Those of skill in the art will readily appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

The embodiment of the application may divide the functional modules of the network access device according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated modules may be implemented in hardware or in software functional modules. Optionally, the division of the modules in the embodiments of the present application is schematic, which is merely a logic function division, and other division manners may be actually implemented.

Fig. 22 is a schematic structural diagram of a network access device according to an embodiment of the present application. The network access device may be used to perform the method of network access shown in any one of fig. 10, 13, 15, 17. The network access device shown in fig. 22 includes: a receiving unit 2201, a reading unit 2202, a processing unit 2203, and a transmitting unit 2204;

a receiving unit 2201, configured to receive a network access request sent by a terminal; the network access request includes a target network access address. For example, in connection with fig. 10, the receiving unit 2201 is configured to execute S1001.

And a reading unit 2202, configured to read a correspondence between the network access address and the resource device. For example, in connection with fig. 10, the reading unit 2202 is used to execute S1002.

A processing unit 2203, configured to determine a target resource device corresponding to the target network access address; the corresponding relation comprises the corresponding relation between the network access address in the first network transmission mode and the resource equipment and the corresponding relation between the network access address in the second network transmission mode and the resource equipment. For example, in connection with fig. 10, the processing unit 2203 is configured to execute S1002.

A sending unit 2204, configured to send, when the electronic device belongs to a transmission network corresponding to the second network transmission mode, and the target network access address is a network access address corresponding to the first network transmission mode, and the first network transmission mode is a private network transmission mode, a network access request to the target resource device through a VPN tunnel; the VPN tunnel is a direct communication tunnel between the electronic device and the target resource device. For example, in connection with fig. 10, the transmission unit 2204 is configured to execute S1003.

Optionally, the receiving unit 2201 is further configured to receive target domain name information sent by the terminal. For example, in connection with fig. 13, the receiving unit 2201 is configured to execute S1301.

The reading unit 2202 is further configured to read a correspondence between domain name information and a network transmission mode. For example, in connection with fig. 13, the reading unit 2202 is used to perform S1302.

The processing unit 2203 is further configured to determine a target network transmission mode corresponding to the target domain name information. For example, in connection with fig. 13, the processing unit 2203 is configured to execute S1302.

The sending unit 2204 is further configured to send the target domain name information to a target domain name resolution device corresponding to the target network transmission mode. For example, in connection with fig. 13, the transmission unit 2204 is configured to execute S1302.

The receiving unit 2201 is further configured to receive a target network access address sent by the target domain name resolution device; the target network access address is obtained by analyzing the target domain name information. For example, in connection with fig. 13, the receiving unit 2201 is configured to execute S1303.

The sending unit 2204 is further configured to send the target network access address to the terminal, so that the terminal generates a network access request according to the target network access address. For example, in connection with fig. 13, the transmission unit 2204 is configured to execute S1304.

Optionally, the receiving unit 2201 is further configured to receive an internet protocol IP address application packet sent by the terminal. For example, in connection with fig. 15, the receiving unit 2201 is configured to execute S1501.

The sending unit 2204 is further configured to send an IP address application packet to a PORTAL WEB device; the IP address application message is used for requesting the private network IP address of the terminal. For example, in connection with fig. 15, the transmission unit 2204 is configured to execute S1501.

The receiving unit 2201 is further configured to receive a prompt message generated by the PORTAL WEB device according to the IP address application message. For example, in connection with fig. 15, the receiving unit 2201 is configured to execute S1502.

A sending unit 2204, configured to send a prompt message to a terminal; the prompt information is used for prompting the terminal to send authentication information. For example, in connection with fig. 15, the transmission unit 2204 is configured to execute S1502.

The receiving unit 2201 is further configured to receive authentication information sent by the terminal. For example, in connection with fig. 15, the receiving unit 2201 is configured to execute S1503.

A transmitting unit 2204, configured to transmit authentication information to the PORTAL authentication device; the authentication information is used for indicating the PORTAL authentication device to send authentication information to the remote user dial authentication RADIUS device and indicating the RADIUS device authentication information. For example, in connection with fig. 15, the transmission unit 2204 is configured to execute S1503.

The processing unit 2203 is further configured to determine a private network IP address of the terminal in response to the received authentication confirmation message that indicates that the authentication of the authentication information is successful. For example, in connection with fig. 15, the processing unit 2203 is configured to execute S1504.

The sending unit 2204 is further configured to send the private network IP address to the terminal. For example, in connection with fig. 15, the transmission unit 2204 is configured to execute S1504.

Optionally, the receiving unit 2201 is further configured to receive a message to be transmitted sent by the terminal; the message to be transmitted includes the private network IP address of the terminal. For example, in connection with fig. 17, the receiving unit 2201 is configured to execute S1701.

The processing unit 2203 is further configured to determine, according to the correspondence between the private network IP address and the public network IP address, the public network IP address of the terminal corresponding to the private network IP address of the terminal. For example, in connection with fig. 17, the processing unit 2203 is configured to execute S1702.

The processing unit 2203 is further configured to update a private network IP address of the terminal to a public network IP address of the terminal; in the corresponding relation between the private network IP address and the public network IP address, one public network IP address corresponds to a plurality of private network IP addresses. For example, in connection with fig. 17, the processing unit 2203 is configured to execute S1702.

The sending unit 2204 is further configured to send an updated message to be transmitted; the updated message to be transmitted comprises the public network IP address of the terminal. For example, in connection with fig. 17, the transmission unit 2204 is configured to execute S1703.

The present application also provides a computer-readable storage medium, which includes computer-executable instructions that, when executed on a computer, cause the computer to perform the network access method provided in the above embodiments.

The embodiment of the present application also provides a computer program, which can be directly loaded into a memory and contains software codes, and the computer program can implement the network access method provided in the above embodiment after being loaded and executed by a computer.

Those of skill in the art will appreciate that in one or more of the examples described above, the functions described herein may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer-readable storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.

From the foregoing description of the embodiments, it will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of functional modules is illustrated, and in practical application, the above-described functional allocation may be implemented by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to implement all or part of the functions described above.

In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described embodiments of the apparatus are merely illustrative, and the division of modules or units, for example, is merely a logical function division, and other manners of division are possible when actually implemented. For example, multiple units or components may be combined or may be integrated into another device, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form. The units described as separate parts may or may not be physically separate, and the parts shown as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units. The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or a part contributing to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions for causing a device (may be a single-chip microcomputer, a chip or the like) or a processor (processor) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, etc.

The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions easily conceivable by those skilled in the art within the technical scope of the present application should be covered in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A network access method, which is characterized by being applied to electronic equipment; the network access method comprises the following steps:

receiving a network access request sent by a terminal; the network access request comprises a target network access address;

reading the corresponding relation between the network access address and the resource equipment, and determining the target resource equipment corresponding to the target network access address; the corresponding relation comprises the corresponding relation between the network access address in the first network transmission mode and the resource equipment and the corresponding relation between the network access address in the second network transmission mode and the resource equipment;

when the electronic equipment belongs to a transmission network corresponding to the second network transmission mode, the target network access address is a network access address corresponding to the first network transmission mode, and the first network transmission mode is a private network transmission mode, the network access request is sent to the target resource equipment through a virtual private network VPN tunnel; the VPN tunnel is a direct communication tunnel between the electronic equipment and the target resource equipment.

2. The network access method according to claim 1, wherein before receiving the network access request sent by the terminal, the network access method further comprises:

Receiving target domain name information sent by the terminal;

reading the corresponding relation between the domain name information and the network transmission mode, determining a target network transmission mode corresponding to the target domain name information, and sending the target domain name information to target domain name resolution equipment corresponding to the target network transmission mode;

receiving the target network access address sent by the target domain name resolution equipment; the target network access address is obtained by analyzing the target domain name information;

and sending the target network access address to the terminal so that the terminal generates the network access request according to the target network access address.

3. The network access method according to claim 1 or 2, wherein before receiving the target domain name information sent by the terminal, the network access method further comprises:

receiving an Internet Protocol (IP) address application message sent by the terminal, and sending the IP address application message to PORTAL WEB equipment; the IP address application message is used for requesting the private network IP address of the terminal;

receiving prompt information generated by the PORTAL WEB equipment according to the IP address application message, and sending the prompt information to the terminal; the prompt information is used for prompting the terminal to send authentication information;

Receiving authentication information sent by the terminal and sending the authentication information to a PORTAL authentication device; the authentication information is used for indicating the PORTAL authentication equipment to send the authentication information to the remote user dialing authentication RADIUS equipment and indicating the RADIUS equipment to authenticate the authentication information;

and responding to the received authentication confirmation message for indicating that the authentication information is successfully authenticated, determining the private network IP address of the terminal, and sending the private network IP address to the terminal.

4. A network access method according to claim 3, further comprising:

receiving a message to be transmitted sent by the terminal; the message to be transmitted comprises a private network IP address of the terminal;

according to the corresponding relation between the private network IP address and the public network IP address, determining the public network IP address of the terminal corresponding to the private network IP address of the terminal, and updating the private network IP address of the terminal into the public network IP address of the terminal; in the corresponding relation between the private network IP address and the public network IP address, one public network IP address corresponds to a plurality of private network IP addresses;

sending updated message to be transmitted; the updated message to be transmitted comprises the public network IP address of the terminal.

5. A network access device, characterized by being applied to an electronic apparatus; comprising the following steps: the device comprises a receiving unit, a reading unit, a processing unit and a sending unit;

the receiving unit is used for receiving a network access request sent by the terminal; the network access request comprises a target network access address;

the reading unit is used for reading the corresponding relation between the network access address and the resource equipment;

the processing unit is used for determining target resource equipment corresponding to the target network access address; the corresponding relation comprises the corresponding relation between the network access address in the first network transmission mode and the resource equipment and the corresponding relation between the network access address in the second network transmission mode and the resource equipment;

the sending unit is configured to send, when the electronic device belongs to a transmission network corresponding to the second network transmission mode, and the target network access address is a network access address corresponding to the first network transmission mode, and the first network transmission mode is a private network transmission mode, the network access request to the target resource device through a VPN tunnel; the VPN tunnel is a direct communication tunnel between the electronic equipment and the target resource equipment.

6. The network access device of claim 5, wherein,

the receiving unit is further used for receiving the target domain name information sent by the terminal;

the reading unit is also used for reading the corresponding relation between the domain name information and the network transmission mode;

the processing unit is further used for determining a target network transmission mode corresponding to the target domain name information;

the sending unit is further configured to send the target domain name information to a target domain name resolution device corresponding to the target network transmission mode;

the receiving unit is further configured to receive the target network access address sent by the target domain name resolution device; the target network access address is obtained by analyzing the target domain name information;

the sending unit is further configured to send the target network access address to the terminal, so that the terminal generates the network access request according to the target network access address.

7. The network access device of claim 5 or 6, wherein,

the receiving unit is further configured to receive an Internet Protocol (IP) address application packet sent by the terminal;

the sending unit is further configured to send the IP address application packet to PORTAL WEB equipment; the IP address application message is used for requesting the private network IP address of the terminal;

The receiving unit is further configured to receive a prompt message generated by the PORTAL WEB device according to the IP address application packet;

the sending unit is further used for sending the prompt information to the terminal; the prompt information is used for prompting the terminal to send authentication information;

the receiving unit is further used for receiving authentication information sent by the terminal;

the sending unit is further configured to send the authentication information to a PORTAL authentication device; the authentication information is used for indicating the PORTAL authentication equipment to send the authentication information to the remote user dialing authentication RADIUS equipment and indicating the RADIUS equipment to authenticate the authentication information;

the processing unit is further used for determining a private network IP address of the terminal in response to a received authentication confirmation message which is used for indicating that the authentication of the authentication information is successful;

the sending unit is further configured to send the private network IP address to the terminal.

8. The network access device of claim 7, wherein,

the receiving unit is further used for receiving a message to be transmitted sent by the terminal; the message to be transmitted comprises a private network IP address of the terminal;

the processing unit is further configured to determine a public network IP address of the terminal corresponding to the private network IP address of the terminal according to a correspondence between the private network IP address and the public network IP address;

The processing unit is further configured to update a private network IP address of the terminal to a public network IP address of the terminal; in the corresponding relation between the private network IP address and the public network IP address, one public network IP address corresponds to a plurality of private network IP addresses;

the sending unit is further used for sending the updated message to be transmitted; the updated message to be transmitted comprises the public network IP address of the terminal.

9. A network access device comprising a memory and a processor; the memory is used for storing computer execution instructions, and the processor is connected with the memory through a bus; the processor, when executed by the network access device, executes the computer-executable instructions stored by the memory to cause the network access device to perform the network access method of any one of claims 1-4.

10. A computer readable storage medium comprising computer executable instructions which, when run on a computer, cause the computer to perform the network access method of any of claims 1-4.