[go: up one dir, main page]

CN1309213C - Network access anthentication method for improving network management performance - Google Patents

Network access anthentication method for improving network management performance Download PDF

Info

Publication number
CN1309213C
CN1309213C CNB031437710A CN03143771A CN1309213C CN 1309213 C CN1309213 C CN 1309213C CN B031437710 A CNB031437710 A CN B031437710A CN 03143771 A CN03143771 A CN 03143771A CN 1309213 C CN1309213 C CN 1309213C
Authority
CN
China
Prior art keywords
user
network
authentication
access
network access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB031437710A
Other languages
Chinese (zh)
Other versions
CN1581792A (en
Inventor
赵玉博
周剑光
逄焕刚
颜杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhifang Intellectual Property Management Co ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB031437710A priority Critical patent/CN1309213C/en
Publication of CN1581792A publication Critical patent/CN1581792A/en
Application granted granted Critical
Publication of CN1309213C publication Critical patent/CN1309213C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Landscapes

  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及一种提高网络管理性能的网络接入认证方法,该方法为:网络接入设备根据用户接入的物理位置信息自动确定用户帐号和相应的密码,并根据确定的帐号和密码代替用户向认证端发起认证过程,对该用户进行身份认证。因此,本发明的实现可以使用户无需参与认证过程,即不需要用户输入用户名和密码,且不需要用户使用辅助的客户认证端,同时也把这些用户纳入到了可管理用户的范畴,从而方便了服务器、哑终端及不限制网络使用权限用户的身份认证,同时方便了网络运营商对网络接入用户的管理。

Figure 03143771

The invention relates to a network access authentication method for improving network management performance. The method is as follows: the network access device automatically determines the user account and the corresponding password according to the physical location information of the user access, and replaces the user according to the determined account and password. Initiate the authentication process to the authenticator to authenticate the user. Therefore, the implementation of the present invention can make the user not need to participate in the authentication process, that is, the user does not need to input the user name and password, and does not need the user to use the auxiliary client authentication terminal, and also incorporates these users into the category of manageable users, thereby facilitating Identity authentication of servers, dumb terminals, and users who do not limit network usage rights, and at the same time facilitates the management of network access users by network operators.

Figure 03143771

Description

提高网络管理性能的网络接入认证方法Network Access Authentication Method for Improving Network Management Performance

技术领域technical field

本发明涉及网络通信技术领域,尤其涉及一种提高网络管理性能的网络接入认证方法。The invention relates to the technical field of network communication, in particular to a network access authentication method for improving network management performance.

背景技术Background technique

随着宽带网络技术的发展,网络运营商通过网络提供的服务也日益多样化,网络运营商为保证其运营利益,通常需要对接入网络的用户进行网络使用权限的控制,即要求接入网络的用户必需通过身份认证后,才可以正常地使用网络,获得网络运营商提供的各种服务。With the development of broadband network technology, network operators provide increasingly diversified services through the network. In order to ensure their operating interests, network operators usually need to control the network usage rights of users accessing the network, that is, requiring access to the network Users must pass identity authentication before they can use the network normally and obtain various services provided by network operators.

目前所采用的认证方式主要有WEB(环球网)认证方式、802.1认证方式等。其中,基于WEB门户网页的用户身份认证技术被越来越多的网络运营商采用,逐渐成为宽带接入中主要的认证方式。WEB认证是一种基于浏览器的认证方式,在WEB认证方式中,用户通过网页浏览器提交用户身份信息(用户帐号和密码)进行身份认证。Currently adopted authentication methods mainly include WEB (World Wide Web) authentication method, 802.1 authentication method and so on. Among them, the user identity authentication technology based on WEB portal pages is adopted by more and more network operators, and gradually becomes the main authentication method in broadband access. WEB authentication is a browser-based authentication method. In the WEB authentication method, a user submits user identity information (user account number and password) through a web browser for identity authentication.

以WEB认证为例,用户首先通过DHCP(动态主机配置协议)过程获得一个IP地址,此时用户只有有限的网络使用权限,可以访问限定的一些站点,如PORTAL SERVER(门户服务器)和一些广告页面等;然后,用户可以通过浏览器访问PORTAL SERVER,并在门户网页上输入用户帐号(即用户名)和密码进行身份认证,以获得更大的网络使用权限。用户通过身份认证后,PORTAL SERVER则会向用户下发一个页面,为用户提示上线时长、收发字节等信息,并且用户也获得了相应的权限。Taking WEB authentication as an example, the user first obtains an IP address through the DHCP (Dynamic Host Configuration Protocol) process. At this time, the user has only limited network usage rights and can access some limited sites, such as PORTAL SERVER (portal server) and some advertising pages etc.; then, the user can access the PORTAL SERVER through a browser, and enter the user account (ie user name) and password on the portal webpage for identity authentication to obtain greater network usage rights. After the user has passed the identity authentication, PORTAL SERVER will send a page to the user, prompting the user for information such as online time, sending and receiving bytes, and the user has also obtained the corresponding permissions.

其他的认证方式也具有和WEB认证类似的特点,都需要用户进行手工操作,在WEB页面或其他辅助客户端上输入用户帐号和密码,并由用户主动发起认证过程。Other authentication methods also have similar characteristics to WEB authentication, requiring users to perform manual operations, input user account and password on WEB pages or other auxiliary clients, and initiate the authentication process on their own initiative.

然而,在实际的网络环境中,还存在一些特殊的接入网络的用户,包括服务器、哑终端及特权用户等。其中,服务器通常在默认情况下就具有一定的访问/被访问权限,并且服务器在重启过程中不应该需要人为的干预;而哑终端本身只有有限的处理能力,它虽然可以通过DHCP协议获取IP地址,但并不支持通过浏览器或者其他的终端软件发起认证过程;特权用户则是指某些处于特定物理位置的用户,他们获取了IP地址以后不需要发起认证过程就具有部分或者全部的网络使用权限。However, in the actual network environment, there are still some special users accessing the network, including servers, dumb terminals, and privileged users. Among them, the server usually has certain access/access rights by default, and the server should not need human intervention during the restart process; while the dumb terminal itself has only limited processing capabilities, although it can obtain an IP address through the DHCP protocol , but does not support initiating the authentication process through browsers or other terminal software; privileged users refer to certain users in specific physical locations, who have access to some or all of the network without initiating the authentication process after obtaining the IP address authority.

由上面的描述中可以看出,WEB认证等认证方式无法适用于服务器、哑终端及特权用户等特殊用户。但是如果不针对这些特殊用户进行接入网络的身份认证和授权,则无法有效地对这些用户进行有效地控制管理,降低了网络的可管理性和可维护性,这显然与网络运营商希望提高网络可管理性和可维护性的想法相违背。It can be seen from the above description that authentication methods such as WEB authentication cannot be applied to special users such as servers, dumb terminals, and privileged users. However, if these special users are not authenticated and authorized to access the network, these users cannot be effectively controlled and managed, which reduces the manageability and maintainability of the network. The ideas of network manageability and maintainability go against each other.

发明内容Contents of the invention

本发明的目的是提供一种提高网络管理性能的网络接入认证方法,以方便服务器、哑终端及特权用户进行身份认证,从而提高网络的管理性能。The purpose of the present invention is to provide a network access authentication method that improves network management performance, so as to facilitate identity authentication for servers, dumb terminals and privileged users, thereby improving network management performance.

本发明的目的是这样实现的:The purpose of the present invention is achieved like this:

所述的一种提高网络管理性能的网络接入认证方法,包括:A network access authentication method for improving network management performance includes:

网络接入设备确定接入网络的用户,并获取该接入用户的接入信息;The network access device determines the user accessing the network, and obtains the access information of the accessing user;

根据获取的用户的接入信息确定该用户的帐号和密码;Determine the user's account and password according to the obtained user's access information;

网络接入设备根据该用户的帐号和密码发起针对该用户的认证过程,并根据认证结果对该用户的权限进行控制。The network access device initiates an authentication process for the user according to the user's account number and password, and controls the user's authority according to the authentication result.

所述的提高网络管理性能的网络接入认证方法还包括:The network access authentication method for improving network management performance also includes:

在网络接入设备中配置需要由网络接入设备代替发起认证过程的用户的用户信息,所述的用户信息包括:用户的接入端口信息、VLANID(虚拟局域网标识);Configure in the network access device the user information of the user who needs to be replaced by the network access device to initiate the authentication process, and the user information includes: the user's access port information, VLANID (virtual local area network identification);

在网络接入设备中配置根据用户的接入信息生成对应的用户帐号和密码的规则。Configure rules for generating corresponding user accounts and passwords based on user access information on the network access device.

所述的网络接入设备确定接入网络的用户,并获取该接入用户的接入信息进一步包括:The network access device determining the user accessing the network, and obtaining the access information of the accessing user further includes:

用户接入网络后,通过DHCP(动态主机配置协议)过程或人工配置获得IP(互联网协议)地址;After the user accesses the network, the IP (Internet Protocol) address is obtained through the DHCP (Dynamic Host Configuration Protocol) process or manual configuration;

确定该用户是由网络接入设备代替发起认证过程的用户;Determine that the user is replaced by the network access device as the user who initiates the authentication process;

网络接入设备获取该接入用户的接入信息。The network access device obtains the access information of the access user.

所述的获取该接入用户的接入信息为:网络接入设备根据接入用户的物理位置信息获得其接入信息。The acquisition of the access information of the access user is: the network access device obtains the access information of the access user according to the physical location information of the access user.

所述的接入信息为:接入用户的槽位、接入端口、接入的VLANID、MAC(介质访问控制)地址、IP地址及用户报文承载的用户识别信息中的一个或多个。The access information is: one or more of the access user's slot, access port, access VLAN ID, MAC (Media Access Control) address, IP address, and user identification information carried in the user message.

所述的根据获取的用户的接入信息确定该用户的帐号和密码包括:The said determination of the user's account number and password according to the obtained user's access information includes:

在网络接入设备中,根据用户的接入信息和网络接入设备中配置的生成用户帐号的规则生成该用户的帐号;In the network access device, generate the user's account according to the user's access information and the rules for generating user accounts configured in the network access device;

根据生成的用户帐号在网络接入设备中查找并确定与该用户帐号对应的用户密码。Search and determine the user password corresponding to the user account in the network access device according to the generated user account.

所述的根据获取的用户的接入信息确定该用户的帐号和密码包括:在网络接入设备中,根据用户的接入信息和网络接入设备中配置的生成用户帐号和密码的规则自动生成该用户的帐号和密码。The said determining the user's account number and password according to the obtained user's access information includes: in the network access device, automatically generating according to the user's access information and the rules for generating the user account and password configured in the network access device The user's account and password.

所述的网络接入设备根据该用户的帐号和密码发起针对该用户的认证过程,并根据认证结果对该用户的权限进行控制进一步包括:The network access device initiates an authentication process for the user according to the user's account number and password, and controlling the user's authority according to the authentication result further includes:

由网络接入设备根据该处于预连接状态的用户,即未通过认证的网络接入用户的帐号和密码向认证端请求认证,如果认证通过,用户获得规定的网络使用权限,否则,该用户连接状态仍保持为预连接状态,用户无法正常使用网络。The network access device requests authentication from the authentication terminal according to the account number and password of the user in the pre-connection state, that is, the unauthenticated network access user. If the authentication is passed, the user obtains the specified network use authority, otherwise, the user connects The status remains in the pre-connected state, and the user cannot use the network normally.

所述的认证端为:本地认证端或RADIUS(远程)认证服务器。The authentication terminal is: a local authentication terminal or a RADIUS (remote) authentication server.

所述的提高网络管理性能的网络接入认证方法还包括:网络接入设备周期性根据处于预连接状态用户的用户帐号和密码自动发起认证过程。The network access authentication method for improving network management performance further includes: the network access device periodically initiates an authentication process automatically according to the user account and password of the user in the pre-connection state.

由上述技术方案可以看出,本发明所提供的方法使网络接入设备可以根据用户接入的物理位置信息自动生成用户帐号并根据配置得到相应的密码,然后发起认证过程,整个认证过程均由网络接入设备代替用户完成,不需要用户的参与。这样针对于服务器、哑终端以及特权用户等既不需要他们进行手工认证过程,但也把这些用户统一纳入到了可管理用户的范畴,极大的方便了对服务器、哑终端及特权用户的认证、授权以及管理。It can be seen from the above technical solution that the method provided by the present invention enables the network access device to automatically generate a user account according to the physical location information of the user access and obtain the corresponding password according to the configuration, and then initiate the authentication process. The entire authentication process is controlled by The network access device completes instead of the user, without the user's participation. In this way, manual authentication is not required for servers, dumb terminals, and privileged users, but these users are also included in the category of manageable users, which greatly facilitates the authentication of servers, dumb terminals, and privileged users. Authorization and management.

本发明所提供的方法中,用户是否由网络接入设备发起认证过程,以及网络接入设备参与用户身份认证时所需要的密码均可以通过命令行灵活配置,同时,本发明可以对所有接入网络的用户进行身份认证,实现对接入用户的管理,从而提高了网络接入的可管理性和可维护性。In the method provided by the present invention, whether the network access device initiates the authentication process for the user, and the password required for the network access device to participate in user identity authentication can be flexibly configured through the command line. Network users perform identity authentication to manage access users, thereby improving the manageability and maintainability of network access.

附图说明Description of drawings

图1本发明的具体实施方式流程图。Fig. 1 is a flowchart of a specific embodiment of the present invention.

具体实施方式Detailed ways

本发明中,用户既不需要登录到门户网站进行认证,也不需要通过其他辅助客户端进行认证,而是在用户获得IP地址后,由网络接入设备根据用户接入网络的物理位置信息,包括但不限于槽位号、端口号、VLANID(虚拟局域网标识)等自动生成该用户的用户账号和密码,并由网络接入设备代替用户向RADIUS(远程)认证服务器或者本地认证端等发起认证过程,进行身份认证,从而实现针对服务器、哑终端及特权用户等特殊用户的网络接入认证。In the present invention, the user does not need to log in to the portal website for authentication, nor does it need to be authenticated through other auxiliary clients. Instead, after the user obtains the IP address, the network access device uses the physical location information of the user to access the network, Including but not limited to slot number, port number, VLANID (virtual local area network identifier), etc. to automatically generate the user account and password of the user, and the network access device replaces the user to initiate authentication to the RADIUS (remote) authentication server or local authentication terminal, etc. process, and perform identity authentication, so as to realize network access authentication for special users such as servers, dumb terminals, and privileged users.

本发明所述的提高网络管理性能的网络接入认证方法的具体实现方式如图1所示,包括以下步骤:The specific implementation of the network access authentication method for improving network management performance of the present invention is shown in Figure 1, including the following steps:

步骤100:用户接入网络时,确定处于预连接状态的接入网络的用户为需要通过网络接入设备发起认证过程;Step 100: When a user accesses the network, determine that the user accessing the network in the pre-connected state needs to initiate an authentication process through the network access device;

所述的处于预连接状态的用户为:在网络接入设备中,通过DHCP过程或手工配置获得IP地址,但未通过身份认证的接入用户;对于通过DHCP获取IP地址和相关网络参数的用户,因为网络接入设备参与了用户的DHCP过程,所以当发现用户完成了DHCP过程,获得了IP地址时,则确定该用户已经接入了网络,如果用户还没有经过认证从而获得相应的网络使用权限,网络接入设备确定此时的用户处于一种预连接的状态;对于通过手工配置的IP地址和相关的网络参数的用户,网络接入设备需要探测已配置的用户是否接入到网络,当探测到该用户已经接入网络时,如果该用户还未通过认证而获得相应的网络使用权限,则将该用户的状态置为预连接状态;The user in the pre-connection state is: in the network access device, the access user who obtains the IP address through the DHCP process or manual configuration, but has not passed identity authentication; for the user who obtains the IP address and related network parameters through DHCP , because the network access device participates in the user's DHCP process, so when it is found that the user has completed the DHCP process and obtained an IP address, it is determined that the user has connected to the network. If the user has not been authenticated to obtain the corresponding network usage Authorization, the network access device determines that the user is in a pre-connected state at this time; for users with manually configured IP addresses and related network parameters, the network access device needs to detect whether the configured user is connected to the network, When it is detected that the user has already connected to the network, if the user has not passed the authentication and obtained the corresponding network usage authority, then the user's state is set to the pre-connection state;

通常在网络中,既存在需要由用户自己输入用户帐号和密码,并发起认证过程的用户,也存在如服务器、哑终端及特权用户等需要通过网络接入设备发起认证过程的特殊用户,所以,当用户接入网络时,首先需要确定接入用户为需要通过网络接入设备发起认证过程的用户,只有确定为需要通过网络接入设备发起认证过程的用户才继续执行以下步骤,而对于其他接入用户,则仍然按照原有的认证过程进行认证;Usually, in the network, there are not only users who need to enter the user account and password by themselves and initiate the authentication process, but also special users such as servers, dumb terminals, and privileged users who need to initiate the authentication process through network access devices. Therefore, When a user accesses the network, it is first necessary to determine that the access user is the user who needs to initiate the authentication process through the network access device. If the user is logged in, the original authentication process is still used for authentication;

为实现本发明,在网络接入设备中需要预先配置哪些用户需要由网络接入设备发起认证,以便根据接入用户的用户信息,如接入的端口或所属的VLAN等确定用户是否为由网络接入设备发起认证过程的用户。In order to realize the present invention, it is necessary to pre-configure which users need to be authenticated by the network access device in the network access device, so as to determine whether the user is a member of the network according to the user information of the access user, such as the port accessed or the VLAN to which the user belongs. The user whose access device initiates the authentication process.

步骤101:网络接入设备根据接入网络用户的物理位置信息确定该用户的接入信息,所述的接入信息包括但不限于:接入用户的槽位、接入端口、接入的VLANID、MAC(介质访问控制)地址、IP地址及用户报文承载的识别信息等;Step 101: The network access device determines the access information of the user according to the physical location information of the user accessing the network. The access information includes but not limited to: the slot of the access user, the access port, and the access VLAN ID , MAC (Media Access Control) address, IP address, and identification information carried by user packets, etc.;

网络接入设备需要获取的用户的接入信息内容也是预先在网络接入设备中配置,比如可以配置为获取接入用户的接入端口和VLANID,或者配置为获取接入用户的MAC地址等。The content of user access information that the network access device needs to obtain is also pre-configured in the network access device. For example, it can be configured to obtain the access port and VLAN ID of the access user, or to obtain the MAC address of the access user.

步骤102:网络接入设备根据确定的接入信息,按照设定的自动生成用户贴和密码的规则自动生成与该用户对应的用户帐号和密码;Step 102: The network access device automatically generates a user account and password corresponding to the user according to the determined access information and according to the set rules for automatically generating user stickers and passwords;

自动生成用户帐号和密码的规则为根据需要在网络接入设备中预先设置;用户帐号可以根据规则采用为接入信息配置前缀或后缀的方式生成,也可以根据规则选择一个或多个接入信息组合生成;用户的密码可以与用户的帐号同时根据接入信息生成,也可以预先在网络接入设备中配置,每一个可能生成的用户帐号对应一个用户密码,当用户帐号生成后,根据用户帐号索引与其对应的用户密码。The rules for automatically generating user accounts and passwords are pre-set in the network access device according to needs; user accounts can be generated by configuring a prefix or suffix for the access information according to the rules, or one or more access information can be selected according to the rules Combined generation; the user's password can be generated at the same time as the user's account according to the access information, or it can be configured in the network access device in advance. Each user account that may be generated corresponds to a user password. Index and its corresponding user password.

步骤103:网络接入设备代替该用户向认证端发起认证过程,即向认证端发送认证请求报文,报文中携带着该用户的帐号和密码,以进行该接入用户的身份认证,为处于预连接状态的用户获得相应的网络使用权限;Step 103: The network access device initiates an authentication process to the authenticator instead of the user, that is, sends an authentication request message to the authenticator, and the message carries the user's account number and password to perform identity authentication of the access user. Users in the pre-connected state obtain corresponding network usage rights;

所述的认证端包括本地认证端、RADIUS认证服务器或其他认证端。The authentication end includes a local authentication end, a RADIUS authentication server or other authentication ends.

步骤104:根据认证结果确定该接入用户的网络使用权限;Step 104: Determine the access user's network usage authority according to the authentication result;

如果认证通过,则该接入用户进入业务连接状态,获得为其配置的网络使用权限;If the authentication is passed, the access user enters the service connection state and obtains the network usage authority configured for it;

如果未通过认证,则该接入用户仍然保持着预连接状态,认证失败有可能是认证端上没有配置该用户对应的账号信息,或者是网络接入设备上的该用户对应的用户密码配置错误等。If the authentication fails, the access user remains in the pre-connection state. The authentication failure may be due to the fact that the account information corresponding to the user is not configured on the authentication end, or the user password corresponding to the user on the network access device is incorrectly configured. wait.

本发明中为了保证当引起认证失败的原因消除后,该用户还可以再次发起认证过程,并通过身份认证,网络接入设备需要周期性的对处于预连接状态的用户自动发起认证过程,如果仍未通过认证,则继续等待网络接入设备下一个周期针对该用户发起的认证过程,直至该用户通过身份认证。In the present invention, in order to ensure that after the cause of the authentication failure is eliminated, the user can initiate the authentication process again and pass the identity authentication, the network access device needs to periodically initiate the authentication process for the user in the pre-connection state automatically. If the authentication is not passed, continue to wait for the authentication process initiated by the network access device for the user in the next cycle until the user passes the identity authentication.

通过上述本发明具体实现方式的描述可以看出,采用本发明对相应接入用户进行认证的整个过程对接入用户是透明的,用户也无需参与认证过程;当用户接入到网络中时,网络接入设备就会自动代替该用户发起认证过程,即使用了本发明所述的认证方式后,用户的网络使用权限是由网络接入设备进行控制,相对于对用户以不认证的方式接入网络来说,本发明的使用更方便了网络运营商对接入用户的管理控制。It can be seen from the above description of the specific implementation of the present invention that the entire process of authenticating the corresponding access user using the present invention is transparent to the access user, and the user does not need to participate in the authentication process; when the user accesses the network, The network access device will automatically initiate the authentication process instead of the user, that is, after using the authentication method described in the present invention, the user's network usage authority is controlled by the network access device For the access network, the use of the present invention is more convenient for the network operator to manage and control the access users.

Claims (10)

1、一种提高网络管理性能的网络接入认证方法,其特征在于包括:1. A network access authentication method for improving network management performance, characterized in that it comprises: 网络接入设备确定接入网络的用户,并获取该接入用户的接入信息;The network access device determines the user accessing the network, and obtains the access information of the accessing user; 根据获取的用户的接入信息确定该用户的帐号和密码;Determine the user's account and password according to the obtained user's access information; 网络接入设备根据该用户的帐号和密码发起针对该用户的认证过程,并根据认证结果对该用户的权限进行控制。The network access device initiates an authentication process for the user according to the user's account number and password, and controls the user's authority according to the authentication result. 2、根据权利要求1所述的提高网络管理性能的网络接入认证方法,其特征在于该方法还包括:2. The network access authentication method for improving network management performance according to claim 1, characterized in that the method further comprises: 在网络接入设备中配置需要由网络接入设备代替发起认证过程的用户的用户信息,所述的用户信息包括:用户的接入端口信息、虚拟局域网标识VLANID;Configure the user information of the user who needs to be replaced by the network access device to initiate the authentication process in the network access device, and the user information includes: the user's access port information, virtual local area network identification VLANID; 在网络接入设备中配置根据用户的接入信息生成对应的用户帐号和密码的规则。Configure rules for generating corresponding user accounts and passwords based on user access information on the network access device. 3、根据权利要求1或2所述的提高网络管理性能的网络接入认证方法,其特征在于所述的网络接入设备确定接入网络的用户,并获取该接入用户的接入信息进一步包括:3. The network access authentication method for improving network management performance according to claim 1 or 2, characterized in that the network access device determines the user accessing the network, and obtains the access information of the accessing user further include: 用户接入网络后,通过动态主机配置协议DHCP过程或人工配置获得IP地址;After the user accesses the network, the IP address is obtained through the DHCP process of the dynamic host configuration protocol or manual configuration; 确定该用户是由网络接入设备代替发起认证过程的用户;Determine that the user is replaced by the network access device as the user who initiates the authentication process; 网络接入设备获取该接入用户的接入信息。The network access device obtains the access information of the access user. 4、根据权利要求1所述的提高网络管理性能的网络接入认证方法,其特征在于所述的获取该接入用户的接入信息为:网络接入设备根据接入用户的物理位置信息获得其接入信息。4. The network access authentication method for improving network management performance according to claim 1, characterized in that said obtaining the access information of the access user is: the network access device obtains the access information according to the physical location information of the access user its access information. 5、根据权利要求1或4所述的提高网络管理性能的网络接入认证方法,其特征在于所述的接入信息为:接入用户的槽位、接入端口、接入的VLANID、介质访问控制MAC地址、IP地址及用户报文承载的用户识别信息中的一个或多个。5. The network access authentication method for improving network management performance according to claim 1 or 4, characterized in that said access information is: access user slot, access port, access VLANID, medium One or more of the access control MAC address, IP address, and user identification information carried by the user message. 6、根据权利要求1或2所述的提高网络管理性能的网络接入认证方法,其特征在于所述的根据获取的用户的接入信息确定该用户的帐号和密码包括:6. The network access authentication method for improving network management performance according to claim 1 or 2, characterized in that determining the user's account number and password according to the obtained user's access information includes: 在网络接入设备中,根据用户的接入信息和网络接入设备中配置的生成用户帐号的规则生成该用户的帐号;In the network access device, generate the user's account according to the user's access information and the rules for generating user accounts configured in the network access device; 根据生成的用户帐号在网络接入设备中查找并确定与该用户帐号对应的用户密码。Search and determine the user password corresponding to the user account in the network access device according to the generated user account. 7、根据权利要求1所述的提高网络管理性能的网络接入认证方法,其特征在于所述的根据获取的用户的接入信息确定该用户的帐号和密码包括:在网络接入设备中,根据用户的接入信息和网络接入设备中配置的生成用户帐号和密码的规则自动生成该用户的帐号和密码。7. The network access authentication method for improving network management performance according to claim 1, characterized in that determining the user's account number and password according to the obtained user access information includes: in the network access device, Automatically generate the user's account and password according to the user's access information and the rules for generating user account and password configured in the network access device. 8、根据权利要求1所述的提高网络管理性能的网络接入认证方法,其特征在于所述的网络接入设备根据该用户的帐号和密码发起针对该用户的认证过程,并根据认证结果对该用户的权限进行控制进一步包括:8. The network access authentication method for improving network management performance according to claim 1, characterized in that said network access device initiates an authentication process for the user according to the user's account number and password, and performs an authentication process for the user according to the authentication result. The user's permissions are further controlled by: 由网络接入设备根据该处于预连接状态的用户,即未通过认证的网络接入用户的帐号和密码向认证端请求认证,如果认证通过,用户获得规定的网络使用权限,否则,该用户连接状态仍保持为预连接状态,用户无法正常使用网络。The network access device requests authentication from the authentication terminal according to the account number and password of the user in the pre-connection state, that is, the unauthenticated network access user. If the authentication is passed, the user obtains the specified network use authority, otherwise, the user connects The status remains in the pre-connected state, and the user cannot use the network normally. 9、根据权利要求8所述的提高网络管理性能的网络接入认证方法,其特征在于所述的认证端为:本地认证端或远程RADIUS认证服务器。9. The network access authentication method for improving network management performance according to claim 8, characterized in that said authentication end is: a local authentication end or a remote RADIUS authentication server. 10、根据权利要求1或8所述的提高网络管理性能的网络接入认证方法,其特征在于该方法还包括:网络接入设备周期性根据处于预连接状态用户的用户帐号和密码自动发起认证过程。10. The network access authentication method for improving network management performance according to claim 1 or 8, characterized in that the method further includes: the network access device periodically initiates authentication automatically according to the user account and password of the user in the pre-connection state process.
CNB031437710A 2003-08-01 2003-08-01 Network access anthentication method for improving network management performance Expired - Lifetime CN1309213C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB031437710A CN1309213C (en) 2003-08-01 2003-08-01 Network access anthentication method for improving network management performance

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB031437710A CN1309213C (en) 2003-08-01 2003-08-01 Network access anthentication method for improving network management performance

Publications (2)

Publication Number Publication Date
CN1581792A CN1581792A (en) 2005-02-16
CN1309213C true CN1309213C (en) 2007-04-04

Family

ID=34579513

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB031437710A Expired - Lifetime CN1309213C (en) 2003-08-01 2003-08-01 Network access anthentication method for improving network management performance

Country Status (1)

Country Link
CN (1) CN1309213C (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100596059C (en) * 2006-10-27 2010-03-24 华为技术有限公司 Method, system and application of multicast authentication
CN101174952B (en) * 2006-10-31 2010-05-19 中兴通讯股份有限公司 IPTV service automatic authentication method and device
CN101640592A (en) * 2008-07-28 2010-02-03 深圳华为通信技术有限公司 Authentication method, authentication system, terminal and server
EP2708053A4 (en) * 2011-05-13 2014-11-19 Blackberry Ltd Automatic access to network nodes
US8756651B2 (en) * 2011-09-27 2014-06-17 Amazon Technologies, Inc. Policy compliance-based secure data access
CN103249115B (en) * 2013-05-07 2015-12-02 中国联合网络通信集团有限公司 Tactics configuring method and device
CN104468460A (en) * 2013-09-12 2015-03-25 方正宽带网络服务股份有限公司 Automatic authentication apparatus for network access and automatic authentication method for network access
CN104883341B (en) * 2014-02-28 2019-01-25 宇龙计算机通信科技(深圳)有限公司 Application management device, terminal and application management method
CN104462939B (en) * 2014-12-31 2017-11-17 浪潮(北京)电子信息产业有限公司 Encrypted message processing method and system between a kind of clustered node
CN108366010A (en) * 2018-01-15 2018-08-03 华南理工大学 A kind of Email filing system and its data processing method based on cloud storage
CN110677851B (en) * 2019-08-29 2022-12-27 努比亚技术有限公司 Terminal network access method and network access equipment access method
CN110753062B (en) * 2019-10-25 2022-01-04 赛尔网络有限公司 Authentication method, device, system and medium
CN116132163B (en) * 2023-02-10 2024-08-02 南京百敖软件有限公司 Method for realizing device limiting local area network fence by using DHCP protocol

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1346561A (en) * 1999-04-08 2002-04-24 艾利森电话股份有限公司 Mobile internet access
CN1392708A (en) * 2001-06-19 2003-01-22 深圳市中兴通讯股份有限公司 Allocation method of wide band access user
CN1423455A (en) * 2001-11-22 2003-06-11 深圳市中兴通讯股份有限公司上海第二研究所 User authentication management method in Ethernet broadband access system
CN1426199A (en) * 2001-12-13 2003-06-25 华为技术有限公司 Method for managing users in wide hand city network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1346561A (en) * 1999-04-08 2002-04-24 艾利森电话股份有限公司 Mobile internet access
CN1392708A (en) * 2001-06-19 2003-01-22 深圳市中兴通讯股份有限公司 Allocation method of wide band access user
CN1423455A (en) * 2001-11-22 2003-06-11 深圳市中兴通讯股份有限公司上海第二研究所 User authentication management method in Ethernet broadband access system
CN1426199A (en) * 2001-12-13 2003-06-25 华为技术有限公司 Method for managing users in wide hand city network

Also Published As

Publication number Publication date
CN1581792A (en) 2005-02-16

Similar Documents

Publication Publication Date Title
US10116644B1 (en) Network access session detection to provide single-sign on (SSO) functionality for a network access control device
CN1290014C (en) Method and apparatus for serving content from semi-trusted server
CN1152333C (en) Method for realizing portal authentication based on protocols of authentication, charging and authorization
CN1309213C (en) Network access anthentication method for improving network management performance
CN103428211B (en) Network authentication system based on switch and authentication method thereof
WO2022247751A1 (en) Method, system and apparatus for remotely accessing application, device, and storage medium
CN1848729A (en) Method and system for single sign-on in a network
CN1252961C (en) Method for authenticating group broadcast service
CN1142662C (en) Authentication method for supporting network switching in based on different devices at same time
CN112929388B (en) Network identity cross-device application fast authentication method and system, user agent device
CN101110847A (en) Method, system and device for obtaining media access control address
CN101227481A (en) Method and device for IP access based on DHCP protocol
CN1458761A (en) Broadband network access method
CN114944927B (en) Portal authentication-based client-free mutual exclusion access platform
CN1486029A (en) The Method of Realizing EAP Authentication in Network Based on Remote Authentication
CN101084657A (en) Gateway, network configuration, and method for controlling access to web server
CN102340527A (en) Realization method of home portal and home gateway
CN101227477A (en) A method for implementing user terminal access authentication
JP3863441B2 (en) Authentication access control server device, authentication access control method, authentication access control program, and computer-readable recording medium recording the program
CN106302475B (en) Family's Internet service authorization method and server
CN1783780A (en) Method and device for realizing domain authorization and network authority authorization
CN1725687A (en) A security authentication method
CN104936177A (en) An access authentication method and access authentication system
CN1592221A (en) Method for realizing network access control
CN1265579C (en) Method for network access user authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230420

Address after: Room 910, 9th Floor, Building 1, No. 22 Jianguomenwai Street (Saite Building), Chaoyang District, Beijing, 100022

Patentee after: Beijing Zhifang Intellectual Property Management Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right
CX01 Expiry of patent term

Granted publication date: 20070404

CX01 Expiry of patent term