CN102594938B - Portal secondary address authentication method and device - Google Patents
Portal secondary address authentication method and device Download PDFInfo
- Publication number
- CN102594938B CN102594938B CN201210032667.0A CN201210032667A CN102594938B CN 102594938 B CN102594938 B CN 102594938B CN 201210032667 A CN201210032667 A CN 201210032667A CN 102594938 B CN102594938 B CN 102594938B
- Authority
- CN
- China
- Prior art keywords
- address
- dhcp
- message
- client
- host configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides Portal secondary address authentication method and device.The method is applied to the network access equipment with DHCP relay relay function, in the method, network access equipment intercepts and captures the DHCP renewed treaty message that client sends, and when the authentication state of this client user is by certification, revise described DHCP renewed treaty message, make to carry public network gateway address in DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server to trigger Dynamic Host Configuration Protocol server transmission DHCP NAK message to client, after client receives DHCP NAK message, discharge the current IP address used and again apply for IP address.
Description
Technical field
The present invention relates to the network communications technology, particularly Portal secondary address authentication method and device.
Background technology
Portal is the meaning of entrance in English.Portal authentication website, usually also referred to as web authentication, is generally called portal website by Portal certification.As for the certification of portal second level address, it refers to that user obtains a private network IP address by DHCP (DHCP) before certification, this private network IP address only allows user to access Portal server, and the free access address of setting, after user authentication passes through, user can apply for a public network IP address, utilizes this public network IP address and addressable network resource.This portal second level address certification solves IP addresses assign and assignment problem, does not distribute public network IP address to the unverified user passed through, and such as operator only just distributes public network IP when visited cell external resource for partial wideband user.
Portal second level address identifying procedure figure is shown see Fig. 1, Fig. 1.As shown in Figure 1, this flow process can comprise the following steps:
Step 101, client is started shooting, and applies for a private network IP address by DHCP.
DHCP, it is used for as network configuration parameters such as network equipment dynamic IP address allocations.DHCP adopts client/server communication pattern, is filed an application to Dynamic Host Configuration Protocol server by client, and Dynamic Host Configuration Protocol server is returned as the IP address that client is distributed, to realize the dynamic assignment of IP address.
Step 102, client sends the HTTP message being used for user being carried out to certification by http protocol.
When access device receives HTTP message, for the HTTP message of free access address of access Portal server or setting, access device allows it to pass through; For the HTTP message of other network address of access, access device is redirected to Portal server.
Step 103, carries out certification mutual between Portal server and access device.
Portal server provides Web page to user by access device, and to make user at this Web page input username and password, the username and password that user inputs is sent to Portal server by access device.
Step 104, the username and password that user inputs is assembled into authentication request packet and mails to access device by Portal server, and authentication response message waited for by opening timing device simultaneously.
Step 105, when access device receives authentication request packet, the state starting recording user is not by authentication state, and and carries out the mutual of radius protocol message between radius server.
Username and password in authentication request packet sends to radius server to carry out certification by the radius protocol message of standard by access device, and radius server return authentication result is to access device.
Step 106, access device the authentication result that radius server returns be certification by time, send authentication response message to Portal server, and upgrade User Status for passing through authentication state.
Step 107, Portal server sends certification by message to client, the success of notice client certificate.
Step 108, client receive certification by message after, client software notice Dynamic Host Configuration Protocol server discharges the private network IP address that this client applied for.
The software that the terminal that this client software is the described client of operation is installed, for trigger clients release private network IP address, and trigger clients again applies for public network IP address after release private network IP address.
Step 109, client software is after the private network IP address that client has been applied for is released, and trigger clients applies for public network IP address again by DHCP.
Client is applied for the mode of public network IP address by DHCP and is applied for that the mode of private network IP address is similar by DHCP.
Step 110, client software, after client obtains public network IP address, informs Portal server.
Step 111, Portal server notice access device client obtains public network IP address, and notifies that client is reached the standard grade successfully.
So far, the Portal second level address identifying procedure shown in Fig. 1 is completed.
As can be seen from the flow process shown in Fig. 1, the certification of existing Portal second level address relies on the client software being arranged on terminal, need client software after user is by certification, the private network IP address that notice Dynamic Host Configuration Protocol server release client has been applied for, and trigger clients applies for public network IP address again.But, for not installing client software or the equipment of client software cannot being installed due to system configuration problem, as the cell phone apparatus in mobile network, user by after certification, the private network IP address just not having mechanism triggering release client to obtain and trigger clients apply for the operation of public network IP address again, even if this can cause client can not apply for public network IP address by certification, more Internet resources cannot be accessed.
Summary of the invention
The invention provides a kind of Portal secondary address authentication method, for when without Portal client software, still can realize the certification of Portal second level address.
Technical scheme provided by the invention comprises:
A kind of Portal secondary address authentication method, the method is applied to the network access equipment with DHCP relay relay function, and the method comprises:
A, intercepts and captures the DHCP renewed treaty message for renewing a contract to the IP address of having applied for that client sends, if the authentication state of this client user of self record be by certification, then and execution step B;
B, revises described DHCP renewed treaty message, makes to carry public network gateway address in DHCP renewed treaty message, and is sent to Dynamic Host Configuration Protocol server and sends DHCP to renew a contract unsuccessful NAK message to trigger Dynamic Host Configuration Protocol server;
C, receive from Dynamic Host Configuration Protocol server send DHCP NAK message, and be forwarded to client with trigger clients release the current IP address used and again apply for IP address.
Be applied to a network access equipment for Portal second level address certification, this network access equipment has DHCP relay relay function, comprising:
Record cell, for recording the authentication state of each client user of described network access equipment access;
Intercept and capture unit, for intercepting and capturing the DHCP renewed treaty message for renewing a contract to the IP address of having applied for sent from client, if the authentication state of this client user of described recording unit records be by certification, then transmission processing notifies to processing unit;
Processing unit, for receiving described process notice, revising described DHCP renewed treaty message, making to carry public network gateway address in described DHCP renewed treaty message, and is sent to Dynamic Host Configuration Protocol server and renews a contract unsuccessful NAK message to trigger Dynamic Host Configuration Protocol server transmission DHCP;
Receiving element, for receiving the DHCPNAK message sent from Dynamic Host Configuration Protocol server, and is forwarded to client, also again applies for IP address with the current IP address used of trigger clients release.
Be applied to a Dynamic Host Configuration Protocol server for Portal second level address certification, this Dynamic Host Configuration Protocol server comprises:
Receiving element, receive the DHCP renewed treaty message from network access equipment, described network access equipment has DHCP relay realy function, it sends DHCP renewed treaty message by following steps: intercept and capture the DHCP renewed treaty message for renewing a contract to the IP address of having applied for sent from client, when in self record, the authentication state of this client user is by certification, revise described DHCP renewed treaty message, make to carry public network gateway address in DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server;
Comparing unit, for comparing IP address that client using and whether the public network gateway address that described DHCP renewed treaty message carries mates, if not, then send DHCP to described network access equipment to renew a contract unsuccessful NAK message, to make described network access equipment by described DHCP NAK message repeating to client, to trigger the described client current IP address used of release and again to apply for IP address.
As can be seen from the above technical solutions, in the present invention, network access equipment intercepts and captures DHCP renewed treaty message, and when the authentication state of client user is by certification, in DHCP renewed treaty message, carry public network gateway address and be sent to Dynamic Host Configuration Protocol server and send DHCP NAK message to trigger Dynamic Host Configuration Protocol server, and after client receives DHCP NAK message, discharge the current IP address used and again apply for IP address.That is, the present invention, not by means of Portal client software, namely by DHCP and Portal interlock, when achieving without Portal client software, still can carry out the certification of Portal second level address.
Accompanying drawing explanation
Fig. 1 shows Portal second level address identifying procedure figure;
The method flow diagram that Fig. 2 provides for the embodiment of the present invention;
The detail flowchart that Fig. 3 provides for the embodiment of the present invention;
Another detail flowchart that Fig. 4 provides for the embodiment of the present invention;
The network access equipment structure chart that Fig. 5 provides for the embodiment of the present invention;
Fig. 6 is Dynamic Host Configuration Protocol server structure chart provided by the invention.
Embodiment
In order to make the object, technical solutions and advantages of the present invention clearly, describe the present invention below in conjunction with the drawings and specific embodiments.
Portal secondary address authentication method provided by the invention, do not need the Portal client software described in extra loading background technology in terminal, namely, when without Portal client software, the certification of Portal second level address is realized by DHCP and Portal interlock.Below method provided by the invention is described:
See the method flow diagram that Fig. 2, Fig. 2 provide for the embodiment of the present invention.The method is applied to the network access equipment with DHCP relay (relay) function, that is, this network access equipment has dhcp relay feature on the one hand, and on the other hand, access client, has the function of three layers of access device.As shown in Figure 2, this network access equipment performs following operation:
Step 201, intercepts and captures the DHCP renewed treaty message for renewing a contract to the IP address of having applied for that client sends, if the authentication state of this client user of self record be by certification, then and execution step 202.
Preferably, in this step 201, if described network access equipment have recorded the authentication state of this client user for not pass through certification, then comprise further: amendment DHCP renewed treaty message, make to carry private network gateway address in DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server, IP address that client using is compared and whether the private network gateway address that described DHCP renewed treaty message carries mates by Dynamic Host Configuration Protocol server, if not, send DHCP renewed treaty unsuccessful (NAK) message by Dynamic Host Configuration Protocol server to described network access equipment, return afterwards and perform step 203.
Step 202, revises described DHCP renewed treaty message, makes to carry public network gateway address in DHCP renewed treaty message, and is sent to Dynamic Host Configuration Protocol server to trigger Dynamic Host Configuration Protocol server transmission DHCPNAK message.
Preferably, in this step 202, after Dynamic Host Configuration Protocol server receives DHCP renewed treaty message, compare IP address that client using and whether the public network gateway address that described DHCP renewed treaty message carries mates, if not, DHCPNAK message is sent by Dynamic Host Configuration Protocol server to described network access equipment.
In this step 202, whether the public network gateway address that relatively the IP address that using of client and described DHCP message are carried mates can be: compare IP address that client using and whether the public network gateway address that described DHCP message is carried is in the same network segment, if, then determine the IP address that client is using and the public network gateway address that described DHCP message is carried coupling, otherwise, determine that the IP address that client is using and the public network gateway address that described DHCP message is carried do not mate.
Step 203, receives the DHCP NAK message sent from Dynamic Host Configuration Protocol server, and is forwarded to client, also again applies for IP address with the current IP address used of trigger clients release.
So far, the flow process shown in Fig. 2 is completed.In the flow process shown in Fig. 2, amendment DHCP renewed treaty message specifically can be the giaddr field in amendment DHCP renewed treaty message, wherein, this giaddr field for after filling client and sending message through first IP address with the equipment of dhcp relay feature, this first equipment with dhcp relay feature also i.e. above-mentioned public network gateway or private network gateway.In addition, flow process shown in Fig. 2 is just that example is described for DHCP renewed treaty message, and for DHCP request message, the present invention also has similar handling process, describes the present invention on the whole below from user reaches the standard grade:
See the detail flowchart that Fig. 3, Fig. 3 provide for the embodiment of the present invention.This detailed process specifically comprises the following steps:
Step 301, client is started shooting, and sends the DHCP message (being called for short DHCP request message) for applying for IP address afterwards by DHCP.
Step 302, when network access equipment intercepts DHCP request message, fills the giaddr field in described DHCP request message with private network gateway address, and is sent to Dynamic Host Configuration Protocol server, is that described client distributes private network IP address by described Dynamic Host Configuration Protocol server.
Because the user of now client is also unverified, therefore, network access equipment is the authentication state record that can not find this user, so, preferably, in the present invention, network access equipment private network gateway address fills the giaddr field in described DHCP request message.
This step 301 to step 302 is compared to prior art, and difference is: in the present invention, and network access equipment has got involved the operation that Dynamic Host Configuration Protocol server is client distributing IP address, is Dynamic Host Configuration Protocol server and provides foundation to client distributing IP address; And in prior art, network access equipment is just for transmitting effect, namely only transmission of dhcp message, to Dynamic Host Configuration Protocol server, does not participate in the concrete operations that Dynamic Host Configuration Protocol server is client distributing IP address.
Step 303, client sends the HTTP message being used for user being carried out to certification by http protocol.
Step 304, when network access equipment receives HTTP message, for the HTTP message of free access address of access Portal server or setting, allows it to pass through, for the HTTP message of other network address of access, is redirected to Portal server.
Step 305, carries out certification mutual between Portal server and network access equipment.
Portal server provides Web page to user by access device, and to make user at this Web page input username and password, the username and password that user inputs is sent to Portal server by network access equipment.
Step 306, the username and password that user inputs is assembled into authentication request packet and mails to network access equipment by Portal server, and authentication response message waited for by opening timing device simultaneously.
Step 307, when network access equipment receives authentication request packet, the state starting recording user is not by authentication state, and and carries out the mutual of radius protocol message between radius server.
Username and password in authentication request packet sends to radius server to carry out certification by the radius protocol message of standard by network access equipment, and radius server return authentication result is to access device.
Step 308, network access equipment the authentication result that radius server returns be certification by time, send authentication response message to Portal server, and upgrade User Status for passing through authentication state.
Step 309, Portal server sends certification by message to client, the success of notice client certificate.
Step 310, client receives certification by after message, continues to use private network IP address, when the rental period of private network IP address reaches the renewed treaty time in rental period, sends the DHCP message (being called for short DHCP renewed treaty message) of the private network IP address applied for for renewing a contract.
The so-called rental period renews a contract the time, and the lease time limit that it typically is the IP address such as private network IP address applied for reaches the time of half.
Step 311, network access equipment intercepts and captures DHCP renewed treaty message, due to self record, the authentication state of this client is by certification, then the giaddr field in DHCP renewed treaty message is made into public network gateway address, has revised rear continuation and has forwarded DHCP renewed treaty message to Dynamic Host Configuration Protocol server.
Step 312, Dynamic Host Configuration Protocol server receives DHCP renewed treaty message, check whether the IP address of the current use of client mates with the address in giaddr field, if coupling, then send and renew a contract successfully (ACK) message to client, otherwise, by network access equipment, DHCP NAK message is sent to client.
Description based on each step above can be known, when performing this step 312, the IP address of the current use of client is private network IP address, and the address in giaddr field is public network gateway address, both obviously do not mate, so, DHCP NAK message is sent to client by network access equipment by Dynamic Host Configuration Protocol server.
Step 313, after client receives DHCP NAK message, discharges the current private network IP address used, and resends one for applying for the DHCP request message of IP address.
Step 314, after network access equipment intercepts and captures the DHCP request message of client transmission, due to self record, the authentication state of this client is by certification, then the giaddr field in DHCP request message is made into public network gateway address, and send DHCP request message to Dynamic Host Configuration Protocol server.
Step 315, Dynamic Host Configuration Protocol server is that client distributes a public network IP address according to the giaddr field in DHCP request message.
So far, client obtains new public network IP address, realizes client and carries out the switching of private network IP address to public network IP address.The all DHCP message sent due to client all will through access device, so access device can perceive the public network IP address that client obtains, and authorizes user according to user right.
So far, the flow process shown in Fig. 3 is completed.Flow process shown in Fig. 3 to be reached the standard grade description for user, present invention also offers for flow process corresponding to user offline:
See another detail flowchart that Fig. 4, Fig. 4 provide for the embodiment of the present invention.This flow process is for user offline, and as shown in Figure 4, this flow process can comprise the following steps:
Step 401, network access equipment, when knowing user offline, upgrades the authentication state of this user of self record for not pass through certification.
Here, client rolls off the production line and can be user and initiatively rolled off the production line by webpage or be forced to roll off the production line, and the present invention does not specifically limit.
Separately, can know based on the description (description of such as step 315) of reaching the standard grade of the user shown in Fig. 3, before user offline, client has been applied for and the IP address used is public network IP address.
Step 402, client, when the rental period of the public network IP address applied for reaches the renewed treaty time in rental period, sends the DHCP renewed treaty message for this public network IP address applied for of renewing a contract.
Step 403, network access equipment intercepts and captures DHCP renewed treaty message, due to self record, the authentication state of this client respective user is not by certification, then the giaddr field in DHCP renewed treaty message is made into private network gateway address, has revised rear continuation and has forwarded DHCP renewed treaty message to Dynamic Host Configuration Protocol server.
Step 404, after Dynamic Host Configuration Protocol server receives DHCP renewed treaty message, checks whether the IP address of the current use of client mates with the address in giaddr field, if coupling, then send successful message of renewing a contract to client, otherwise, by network access equipment, DHCP NAK message is sent to client.
Due to before user offline, client has been applied for and the IP address used is public network IP address, so, when performing this step 404, the IP address of the current use of client is public network IP address, and the address in giaddr field is private network gateway address, and both obviously do not mate, so, DHCP NAK message is sent to client by network access equipment by Dynamic Host Configuration Protocol server.
Step 405, after client receives DHCP NAK message, discharges the current public network IP address used, and resends one for applying for the DHCP request message of IP address.
Step 406, after network access equipment intercepts and captures the DHCP request message of client transmission, due to self record, the authentication state of this client is not by certification, then the giaddr field in DHCP request message is made into private network gateway address, and send DHCP request message to Dynamic Host Configuration Protocol server.
Step 407, Dynamic Host Configuration Protocol server is that client distributes a private network IP address according to the giaddr field in DHCP request message.
So far, the flow process shown in Fig. 4 is completed.By the flow process shown in Fig. 4, the IP address of client application can be switched to the private network network segment from public network IP address.
It should be noted that, in the method flow shown in above-mentioned Fig. 2 to Fig. 4, network access equipment can have multiple when intercepting and capturing the method specific implementation of DHCP message, such as ACL is redirected rule, or the message identification of multinuclear datum plane, or device hardware identification etc., because this is not emphasis of the present invention, so do not introduce one by one at this.
So far, complete method provided by the invention to describe.Below device provided by the invention is described:
See the network access equipment structure chart that Fig. 5, Fig. 5 provide for the embodiment of the present invention.This network access equipment has DHCP relay relay function, as shown in Figure 5, can comprise:
Record cell, for recording the authentication state of each client user of described network access equipment access;
Intercept and capture unit, for intercepting and capturing the DHCP renewed treaty message for renewing a contract to the IP address of having applied for sent from client, if the authentication state of this client user of described recording unit records be by certification, then transmission processing notifies to processing unit;
Processing unit, for receiving described process notice, revising described DHCP renewed treaty message, making to carry public network gateway address in described DHCP renewed treaty message, and is sent to Dynamic Host Configuration Protocol server and renews a contract unsuccessful NAK message to trigger Dynamic Host Configuration Protocol server transmission DHCP;
Receiving element, for receiving the DHCPNAK message sent from Dynamic Host Configuration Protocol server, and is forwarded to client, also again applies for IP address with the current IP address used of trigger clients release.
Preferably, in the present invention, described processing unit is when the authentication state of this client user is not by certification in described recording unit records further, amendment DHCP renewed treaty message, make to carry private network gateway address in DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server, sending DHCP NAK message to trigger Dynamic Host Configuration Protocol server when comparing IP address that client using and the private network gateway address that described DHCP renewed treaty message carries does not mate, triggering described receiving element afterwards and performing corresponding operating.
Preferably, in the present invention, described intercepting and capturing unit intercepts and captures the DHCP request message for applying for IP address sent from client further; Based on this, described processing unit is when the authentication state of this client user is by certification in described recording unit records further, revise described DHCP request message, make to carry public network gateway address in DHCP request message, and be sent to Dynamic Host Configuration Protocol server with trigger Dynamic Host Configuration Protocol server be described client distribute public network IP address, otherwise
Revise described DHCP request message, make to carry private network gateway address in described DHCP request message, and be sent to Dynamic Host Configuration Protocol server with trigger described Dynamic Host Configuration Protocol server be described client distribute private network IP address.
In addition, present invention also offers a kind of Dynamic Host Configuration Protocol server structure being applied to the certification of Portal second level address.Be Dynamic Host Configuration Protocol server structure chart provided by the invention see Fig. 6, Fig. 6.As shown in Figure 6, this Dynamic Host Configuration Protocol server comprises:
Receiving element, receive the DHCP renewed treaty message from network access equipment, described network access equipment has DHCP relay realy function, it sends DHCP renewed treaty message by following steps: intercept and capture the DHCP renewed treaty message for renewing a contract to the IP address of having applied for sent from client, when in self record, the authentication state of this client user is by certification, revise described DHCP renewed treaty message, make to carry public network gateway address in DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server;
Comparing unit, for comparing IP address that client using and whether the public network gateway address that described DHCP renewed treaty message carries mates, if not, then send DHCP to described network access equipment to renew a contract unsuccessful NAK message, to make described network access equipment by described DHCP NAK message repeating to client, to trigger the described client current IP address used of release and again to apply for IP address.
Wherein, if the authentication state that described network access equipment have recorded this client user is not by certification, then described network access equipment amendment DHCP renewed treaty message, makes carry private network gateway address in DHCP renewed treaty message and be sent to described receiving element;
Based on this, described comparing unit compares IP address that client using further and whether the private network gateway address that the DHCP renewed treaty message that described receiving element receives carries mates, if not, DHCP NAK message is sent, to make described network access equipment by described DHCPNAK message repeating to client to described network access equipment by Dynamic Host Configuration Protocol server.
Preferably, in the present invention, described receiving element receives the described client of described network access equipment transmission further for applying for the DHCP request message of IP address; Wherein, if the authentication state that described network access equipment have recorded this client user is by certification, then carry public network gateway address in described DHCP request message, otherwise, carry private network gateway address in described DHCP request message; Based on this, described Dynamic Host Configuration Protocol server comprises further:
Allocation units, for when described DHCP request message carries public network gateway address, for described client distributes public network IP address, when described DHCP request message carries private network gateway address, for described client distributes private network IP address.
So far, complete device provided by the invention to describe.
As can be seen from the above technical solutions, in the present invention, network access equipment intercepts and captures DHCP renewed treaty message, and when the authentication state of client user is by certification, in DHCP renewed treaty message, carry public network gateway address and be sent to Dynamic Host Configuration Protocol server and send DHCP NAK message to trigger Dynamic Host Configuration Protocol server, and after client receives DHCP NAK message, discharge the current IP address used and again apply for IP address.That is, the present invention, not by means of Portal client software, namely by DHCP and Portal interlock, when achieving without Portal client software, still can carry out the certification of Portal second level address.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (9)
1. a Portal secondary address authentication method, is characterized in that, the method is applied to the network access equipment with DHCP relay relay function, and the method comprises:
A, intercepts and captures the DHCP renewed treaty message for renewing a contract to the IP address of having applied for that client sends, if the authentication state of this client user of self record be by certification, then and execution step B;
B, revise described DHCP renewed treaty message, make to carry public network gateway address in DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server, IP address that client using is compared and whether the public network gateway address that described DHCP renewed treaty message carries mates to trigger Dynamic Host Configuration Protocol server, if not, send DHCP NAK by Dynamic Host Configuration Protocol server to described network access equipment to renew a contract unsuccessful message;
C, receive from Dynamic Host Configuration Protocol server send DHCP NAK message, and be forwarded to client with trigger clients release the current IP address used and again apply for IP address.
2. method according to claim 1, is characterized in that, in steps A, if the authentication state of this client user is that then the method comprises further not by certification:
Amendment DHCP renewed treaty message, make to carry private network gateway address in DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server, sending DHCP NAK message to trigger Dynamic Host Configuration Protocol server when comparing IP address that client using and the private network gateway address that described DHCP renewed treaty message carries does not mate, returning and performing step C.
3. method according to claim 1, is characterized in that, the method comprises further:
Intercept and capture the DHCP request message for applying for IP address sent from client,
If the authentication state of this client user of self record is for passing through certification, then revise described DHCP request message, make to carry public network gateway address in DHCP request message, and be sent to Dynamic Host Configuration Protocol server with trigger Dynamic Host Configuration Protocol server be described client distribute public network IP address, otherwise
Revise described DHCP request message, make to carry private network gateway address in described DHCP request message, and be sent to Dynamic Host Configuration Protocol server with trigger described Dynamic Host Configuration Protocol server be described client distribute private network IP address.
4. be applied to a network access equipment for Portal second level address certification, it is characterized in that, this network access equipment has DHCP relay relay function, comprising:
Record cell, for recording the authentication state of each client user of described network access equipment access;
Intercept and capture unit, for intercepting and capturing the DHCP renewed treaty message for renewing a contract to the IP address of having applied for sent from client, if the authentication state of this client user of described recording unit records be by certification, then transmission processing notifies to processing unit;
Processing unit, for receiving described process notice, revise described DHCP renewed treaty message, make to carry public network gateway address in described DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server, compare IP address that client using and whether the public network gateway address that described DHCP renewed treaty message carries mates to trigger Dynamic Host Configuration Protocol server, if not, send DHCP NAK by Dynamic Host Configuration Protocol server to described network access equipment and to renew a contract unsuccessful message;
Receiving element, for receiving the DHCP NAK message sent from Dynamic Host Configuration Protocol server, and is forwarded to client, also again applies for IP address with the current IP address used of trigger clients release.
5. network access equipment according to claim 4, it is characterized in that, described processing unit is when the authentication state of this client user is not by certification in described recording unit records further, amendment DHCP renewed treaty message, make to carry private network gateway address in DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server, sending DHCP NAK message to trigger Dynamic Host Configuration Protocol server when comparing IP address that client using and the private network gateway address that described DHCP renewed treaty message carries does not mate, triggering described receiving element afterwards and performing corresponding operating.
6. network access equipment according to claim 4, is characterized in that, described intercepting and capturing unit intercepts and captures the DHCP request message for applying for IP address sent from client further;
Described processing unit is when the authentication state of this client user is by certification in described recording unit records further, revise described DHCP request message, make to carry public network gateway address in DHCP request message, and be sent to Dynamic Host Configuration Protocol server with trigger Dynamic Host Configuration Protocol server be described client distribute public network IP address, otherwise
Revise described DHCP request message, make to carry private network gateway address in described DHCP request message, and be sent to Dynamic Host Configuration Protocol server with trigger described Dynamic Host Configuration Protocol server be described client distribute private network IP address.
7. be applied to a Dynamic Host Configuration Protocol server for Portal second level address certification, it is characterized in that, this Dynamic Host Configuration Protocol server comprises:
Receiving element, receive the DHCP renewed treaty message from network access equipment, described network access equipment has DHCP relay realy function, it sends DHCP renewed treaty message by following steps: intercept and capture the DHCP renewed treaty message for renewing a contract to the IP address of having applied for sent from client, when in self record, the authentication state of this client user is by certification, revise described DHCP renewed treaty message, make to carry public network gateway address in DHCP renewed treaty message, and be sent to Dynamic Host Configuration Protocol server;
Comparing unit, for comparing IP address that client using and whether the public network gateway address that described DHCP renewed treaty message carries mates, if not, then send DHCP to described network access equipment to renew a contract unsuccessful NAK message, to make described network access equipment by described DHCP NAK message repeating to client, to trigger the described client current IP address used of release and again to apply for IP address.
8. Dynamic Host Configuration Protocol server according to claim 7, it is characterized in that, if described network access equipment have recorded the authentication state of this client user for not pass through certification, then described network access equipment amendment DHCP renewed treaty message, makes carry private network gateway address in DHCP renewed treaty message and be sent to described receiving element;
Described comparing unit compares IP address that client using further and whether the private network gateway address that the DHCP renewed treaty message that described receiving element receives carries mates, if not, DHCP NAK message is sent, to make described network access equipment by described DHCPNAK message repeating to client to described network access equipment by Dynamic Host Configuration Protocol server.
9. Dynamic Host Configuration Protocol server according to claim 7, is characterized in that, described receiving element receives the described client of described network access equipment transmission further for applying for the DHCP request message of IP address; Wherein, if the authentication state that described network access equipment have recorded this client user is by certification, then carry public network gateway address in described DHCP request message, otherwise, carry private network gateway address in described DHCP request message;
Described Dynamic Host Configuration Protocol server comprises further:
Allocation units, for when described DHCP request message carries public network gateway address, for described client distributes public network IP address, when described DHCP request message carries private network gateway address, for described client distributes private network IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210032667.0A CN102594938B (en) | 2012-02-14 | 2012-02-14 | Portal secondary address authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210032667.0A CN102594938B (en) | 2012-02-14 | 2012-02-14 | Portal secondary address authentication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102594938A CN102594938A (en) | 2012-07-18 |
| CN102594938B true CN102594938B (en) | 2015-09-16 |
Family
ID=46483131
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210032667.0A Active CN102594938B (en) | 2012-02-14 | 2012-02-14 | Portal secondary address authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102594938B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104955025B (en) * | 2014-03-29 | 2018-11-30 | 华为技术有限公司 | A kind of address resource method for releasing and device, system |
| CN106412146B (en) * | 2016-11-01 | 2019-09-06 | 杭州迪普科技股份有限公司 | The method and apparatus that a kind of dhcp client updates IP |
| CN111478879B (en) * | 2020-02-29 | 2022-05-24 | 新华三信息安全技术有限公司 | DHCP (dynamic host configuration protocol) continuation method and device, electronic equipment and machine-readable storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101184099A (en) * | 2007-12-14 | 2008-05-21 | 中兴通讯股份有限公司 | Second IP address assignment method based on dynamic host machine configuration protocol access authentication |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6768743B1 (en) * | 1999-10-26 | 2004-07-27 | 3Com Corporation | Method and system for address server redirection for multiple address networks |
| CN100349433C (en) * | 2004-06-11 | 2007-11-14 | 华为技术有限公司 | Method of distributing switchin-in address for user terminal |
| CN1845554B (en) * | 2005-12-06 | 2010-05-05 | 华为技术有限公司 | Control method for dynamically distributing IP address in 3G network |
| DE102007036962A1 (en) * | 2007-08-04 | 2009-02-05 | Hirschmann Automation And Control Gmbh | DHCP Server Configuration Procedure Using DHCP Option 82 |
| CN101626406B (en) * | 2009-08-20 | 2011-09-07 | 杭州华三通信技术有限公司 | DHCP address pool configuration method, DHCP address assignment method, DHCP address assignment system and DHCP server |
| CN102244866B (en) * | 2011-08-18 | 2016-01-20 | 杭州华三通信技术有限公司 | Gate verification method and access controller |
-
2012
- 2012-02-14 CN CN201210032667.0A patent/CN102594938B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101184099A (en) * | 2007-12-14 | 2008-05-21 | 中兴通讯股份有限公司 | Second IP address assignment method based on dynamic host machine configuration protocol access authentication |
Non-Patent Citations (1)
| Title |
|---|
| 马燕,等.Web/Portal认证技术研究.《微电子学与计算机》.2004,第21卷(第8期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102594938A (en) | 2012-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2556468C2 (en) | Terminal access authentication method and customer premise equipment | |
| CN100591013C (en) | Implementing authentication method and system | |
| EP2698957B1 (en) | Method, device and system for realizing communication after virtual machine migration | |
| US20150281172A1 (en) | Method, relay agent, and system for acquiring internet protocol address in network | |
| US20100223655A1 (en) | Method, System, and Apparatus for DHCP Authentication | |
| CN108737585B (en) | IP address allocation method and device | |
| CN102572005A (en) | IP address allocation method and equipment | |
| CN101291205A (en) | Backup data transmitting method, system, mirror-image server and customer terminal | |
| CN113206894A (en) | DNS server discovery method and device, computer equipment and storage medium | |
| CN111194035B (en) | Network connection method, device and storage medium | |
| CN101795449A (en) | Wireless network terminal access control method and device thereof | |
| CN110769482B (en) | Method and device for network connection of wireless equipment and wireless router equipment | |
| CN105592180B (en) | A kind of method and apparatus of Portal certification | |
| CN108235083B (en) | Television log information acquisition method and device | |
| CN104601743A (en) | IP (internet protocol) forwarding IPoE (IP over Ethernet) dual-stack user access control method and equipment based on Ethernet | |
| CN102594938B (en) | Portal secondary address authentication method and device | |
| CN107294910B (en) | Login method and server | |
| CN105681258A (en) | Session method and session device based on third-party server | |
| CN101682659B (en) | Method and apparatus for verification of dynamic host configuration protocol (dhcp) release message | |
| CN106790734B (en) | Network address allocation method and device | |
| CN108600207A (en) | Network authentication based on 802.1X and SAVI and access method | |
| CN103024737A (en) | Trusted non-3GPP (3rd-Generation Partnership Project) access network element, method for accessing mobile network and detaching method | |
| CN102882994B (en) | IP address assignment method and device and IP address acquisition method and device | |
| CN103957194A (en) | IP access method and device | |
| CN106302838B (en) | Domain Name System DNS Resolution Processing Method and Device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address |