CN105162608A - Physical address bypass authentication method and device based on software-defined network - Google Patents
Physical address bypass authentication method and device based on software-defined network Download PDFInfo
- Publication number
- CN105162608A CN105162608A CN201510659060.9A CN201510659060A CN105162608A CN 105162608 A CN105162608 A CN 105162608A CN 201510659060 A CN201510659060 A CN 201510659060A CN 105162608 A CN105162608 A CN 105162608A
- Authority
- CN
- China
- Prior art keywords
- defined network
- physical address
- software defined
- switch
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a physical address bypass authentication method based on a software-defined network. The method is executed on a software-defined network switch and a software-defined network controller and comprises the steps that the software-defined network switch reports physical address information and port information of itself to the software-defined network controller; a physical address bypass technology is configured on the software-defined network controller; the software-defined network switch reports messages unmatched to flow tables; and software-defined network controller issues flow tables according to matched authentication results. According to the invention, all physical address bypass authentication configuration task sequences are concentrated to the software-defined network controller by the physical address bypass authentication method and device based on the software-defined network, so that the configuration work is concentrated and is convenient to modify, and networking is more simple and flexible.
Description
Technical field
The present invention relates to network authentication field, particularly relate to a kind of based on SDN (software defined network, SoftwareDefinedNetwork) MAB (physical address bypass certification, MACAuthenticationBypass) authentication method and device.
Background technology
The equipment that some cannot install Authentication Client is there is, such as printer, PDA equipment etc. in real network.Because these equipment cannot install Authentication Client, 802.1x certification cannot be carried out, therefore their resources of needing to use MAB certification to come in secure access network.
Fig. 1 is the schematic diagram of traditional MAB authentication mode.Traditional MAB authenticating device only supports RADIUS (remote user service dialing authentication, RemoteAuthenticationDialInUserService) mode.Particularly, as shown in Figure 1, when some cannot install the equipment of Authentication Client (such as, personal computer PC 1 and PC2, printer etc.) when needing to use MAB authentication mode to carry out the resource in secure access network, they by least one switch (such as, switch 1 and 2) transfer data to radius server (and update server, internet) carry out certification, and wherein comprise multiple ethernet port rule in each switch (such as, Ethernet 1/0/1, Ethernet 1/0/2, Ethernet 1/0/3, Ethernet 1/0/4 etc.).In traditional MAB authentication mode, use the username and password of MAC Address as certification of MAB user, or use fixing username and password to carry out certification (namely, no matter how the MAC Address of MAB user changes, and all use is used in username and password pre-configured on equipment per family and carries out certification).
But this traditional approach is centralized control that is distributed, that lack controller, and the configuration task of MAB certification needs based on each switch (such as, switch 1 and 2).If the network very huge (such as, switch quantity is too much) built, configuration effort will be very complicated and easily make mistakes (such as, need apply different ethernet port rule).Secondly, traditional MAB certification needs radius server, and whole networking is complicated, lacks flexibility.
Therefore, need a kind of MAB authentication mode of improvement and device to provide more simply, networking authentication mode flexibly.
Summary of the invention
Main purpose of the present invention is to provide more simply, networking authentication mode flexibly.
For achieving the above object, the invention provides a kind of physical address bypass authentication method based on software defined network, software defined network switch and software defined network controller perform, and described method comprises: report oneself physical address information and port information to described software defined network controller by described software defined network switch; Configures physical address bypass authentication techniques on described software defined network controller; The message not mating stream table is reported by described software defined network switch; And issue stream table by described software defined network controller according to the authentication result of described coupling.
Further, described method also comprises: by described software defined network initialization switch open flows passage; And by described software defined network switch by privately owned experimenter's message report described oneself physical address and port information to described software defined network controller.
Further, described method also comprises: after described message enters software defined network, inquires about described stream table; Judge whether described message mates described stream table, if coupling, then described message normally forwards according to described stream table, if do not mated, then described message will be sent to described software defined network controller and processes; And mate described message and physical address bypass certification policy further, if coupling, then described software defined network controller issues stream table and E-Packets, if do not mated, then abandons described message.
Further, described method also comprises: when described software defined network controller receives income package message from described software defined network switch, extract the source physical address of original message, the physical address of corresponding switch and port from described income package message, and judged the state of physical address bypass authentication switch based on described software defined network switch and port by described software defined network controller, if the state of described physical address bypass authentication switch is for closing, then described software defined network controller issues stream table and E-Packets, if the state of described physical address bypass authentication switch is for opening, then judge physical address bypass authentication mode further by described software defined network controller, if wherein described physical address bypass authentication mode is bypass, then described software defined network controller issues stream table and E-Packets, if described physical address bypass authentication mode is switch physical address mode, then the physical address of described software defined network switch is carried out physical address bypass authentication as username and password, if described physical address bypass authentication mode is user's physical address mode, then the physical address of described physical address bypass user is carried out physical address bypass authentication as username and password, when described physical address bypass authentication passes through, described software defined network controller issues stream table and E-Packets, described software defined network switch forwards described message flow.
Further, the expansion of flowing table definition all supported by described software defined network switch and described software defined network controller, and wherein matching field is the source physical address of inbound port and data flow, and action field is for forwarding described data flow.
The present invention also provides a kind of physical address bypass authenticate device based on software defined network, described physical address bypass authenticate device comprises software defined network switch and software defined network controller, it is characterized in that: described software defined network switch configuration is report oneself physical address information and port information to described software defined network controller; Described software defined network controller is configured to configures physical address bypass authentication techniques; Described software defined network switch is also configured to report the message not mating stream table; And described software defined network controller is also configured to issue stream table according to the authentication result of described coupling.
Further, described software defined network switch is also configured to initialization open flows passage, and by privately owned experimenter's message report described oneself physical address and port information to described software defined network controller.
Further, described software defined network switch is also configured to: after described message enters software defined network, inquires about described stream table; Judge whether described message mates described stream table, if coupling, then described message normally forwards according to described stream table, if do not mated, then described message will be sent to described software defined network controller and processes; And mate described message and physical address bypass certification policy further, if coupling, then described software defined network controller issues stream table and E-Packets, if do not mated, then abandons described message.
Further, described software defined network controller is also configured to: when described software defined network controller receives income package message from described software defined network switch, extract the source physical address of original message, the physical address of corresponding switch and port from described income package message, and the state of physical address bypass authentication switch is judged based on described software defined network switch and port, if the state of described physical address bypass authentication switch is for closing, then issue stream table and E-Packet, if the state of described physical address bypass authentication switch is for opening, then judge physical address bypass authentication mode further, if wherein described physical address bypass authentication mode is bypass, then described software defined network controller issues stream table and E-Packets, if described physical address bypass authentication mode is switch physical address mode, then the physical address of described software defined network switch is carried out physical address bypass authentication as username and password, if described physical address bypass authentication mode is user's physical address mode, then the physical address of described physical address bypass user is carried out physical address bypass authentication as username and password, when described physical address bypass authentication passes through, described software defined network controller issues stream table and E-Packets, described software defined network switch forwards described message flow.
Further, the expansion of flowing table definition all supported by described software defined network switch and described software defined network controller, and wherein matching field is the source physical address of inbound port and data flow, and action field is for forwarding described data flow.
All physical address bypass authenticated configuration task sequences all concentrate on software defined network controller by the physical address bypass authentication method based on software defined network provided by the present invention and device, therefore configuration effort is concentrated and is revised conveniently very much, and networking is more simple, flexible.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of traditional MAB authentication mode;
The schematic diagram of a kind of MAB authentication mode based on SDN that Fig. 2 provides for the embodiment of the present invention;
The flow chart of a kind of MAB authentication method based on SDN that Fig. 3 provides for the embodiment of the present invention;
The flow chart of a kind of SDN switch report method that Fig. 4 provides for the embodiment of the present invention;
The schematic diagram of a kind of privately owned experimenter's message that Fig. 5 provides for the embodiment of the present invention;
The schematic diagram of the handling process of a kind of SDN switch that Fig. 6 provides for the embodiment of the present invention;
The schematic diagram of a kind of message format with SDN switch information that Fig. 7 provides for the embodiment of the present invention; And
The schematic diagram of the handling process of a kind of SDN controller that Fig. 8 provides for the embodiment of the present invention.
Realization of the present invention, functional characteristics and advantage will in conjunction with the embodiments, are described further with reference to accompanying drawing.
Embodiment
Below in conjunction with Figure of description, the preferred embodiments of the present invention are described, be to be understood that, preferred embodiment described herein is only for instruction and explanation of the present invention, be not intended to limit the present invention, and when not conflicting, the embodiment in the present invention and the feature in embodiment can combine mutually.
Be different from prior art, the schematic diagram of a kind of MAB authentication mode based on SDN that Fig. 2 provides for the embodiment of the present invention.As shown in Figure 2, be a kind of network access authentication mode based on MAB user access port and MAC Address based on the MAB authentication mode of SDN.MAB user does not need to install any Authentication Client, and after SDN controller receives the message that MAB sends, the MAC Address according to MAB user initiates certification.In SDN controller, store the authentication information corresponding to MAC Address of MAB user, when certification by time to let pass coupling port and the message of source MAC.In whole verification process, do not need the manual input authentication username and password of MAB user.
SDN controller can use the username and password of MAC Address as certification of MAB user for the mode of authentication username and codon usage.In another embodiment, SDN controller also can use fixing username and password to carry out certification.That is, no matter how the MAC Address of MAB user changes, and the MAC Address that all use is used in switch pre-configured on access switch per family carries out certification as username and password.
Particularly, as shown in Figure 2, the MAB authentication mode based on SDN can comprise source host (such as, host A), at least one switch (such as, switch S0-S3), SDN controller, and destination host (such as, host B).Be different from MAB authentication mode traditional in Fig. 1, the MAB authentication mode based on SDN shown in Fig. 2 is controlled by SDN controller and realizes the verification process of MAB, and switch S0-S3 and SDN controller form SDN jointly.In one example, source host (such as, host A) sends original message P1 (as shown in step 1).The switch S1 of this message P1 first in SDN, now switch S1 can attempt coupling original message P1 and stream table, and suppose coupling, then message P1 normally forwards (such as, being transmitted to switch S3 and host B) according to stream table.In the figure 2 example, switch S1 mates the result of original message P1 and stream table for not mate, then switch S1 inserts SDN switch information, and message format original message P1 being packaged into income package (Packet_In) is sent to SDN controller (as shown in step 2).SDN controller receives Packet_In message from switch S1, and from Packet_In message, extract the source MAC of original message P1, the MAC Address of corresponding switch and port, wherein the MAC Address of SDN switch can as the identifier of SDN switch.SDN controller carries out corresponding certification (as shown in step 3) based on SDN switch and port, and verification process comprises: judge the state (such as, opening or closing) of MAB authentication switch and/or judge MAB authentication mode.MAB authentication mode is divided into three kinds: the first is bypass (BYPASS), and the second is using the MAC Address of MAB user as username and password, and the third is as username and password using MAC Address pre-configured in SDN switch.According to above-mentioned authentication result, SDN controller optionally issues stream table (as shown in step 4) and E-Packet switch S3 and host B (as shown in step 5).
In another example as shown in phantom in Figure 2, the position of host A changes, and institute connectivity port also becomes switch S0 from switch S1.Suppose that the authentication mode of SDN controller is the MAC Address based on switch S1, source MAC is X.Originally message (MAC:X) successfully can be forwarded to host B after switch S1 accesses SDN.After the position of host A changes, message (MAC:X) then successfully cannot be forwarded to host B after switch S0 accesses SDN.
In this way, controlled by SDN controller and realize the verification process of MAB, and original message P1 is successfully forwarded to destination host (such as, host B) from source host (such as, host A).SDN controller configures the authentication information of MAB according to user's request, and the configuration task sequence of all MAB authentication informations all concentrates on SDN controller completes, and therefore configuration effort is concentrated and amendment is convenient, thus networking is more convenient and flexible.
The specific works principle of the SDN switch in Fig. 2 and SDN controller will be further elaborated in following Fig. 3-Fig. 8.
The flow chart of a kind of MAB authentication method 300 based on SDN that Fig. 3 provides for the embodiment of the present invention.As shown in Figure 3, the MAB authentication method 300 based on SDN comprises the following steps:
Step 302:SDN switch reports oneself MAC information and port information to SDN controller.
Step 304: configure MAB authentication techniques on SDN controller.
Step 306:SDN switch reports the message not mating stream table.
Step 308:SDN controller issues stream table according to the authentication result in step 306.If message authentication passes through, then SDN controller issues stream table according to authentication result.If message authentication does not pass through, then the direct dropping packets of SDN controller.
Describe from Fig. 3, before carrying out the MAB authentication method 300 based on SDN, SDN switch and SDN controller first must set up passage, and its concrete operations are for shown in Fig. 4.The flow chart of a kind of SDN switch report method 400 that Fig. 4 provides for the embodiment of the present invention.In step 402, SDN switch initialization open flows (OpenFlow) passage.In step 404, SDN switch reports oneself MAC Address and port information to SDN controller by privately owned experimenter (Experimenter) message, and namely the MAC Address of SDN switch can as the identifier of SDN switch.The schematic diagram of a kind of privately owned Experimenter message that Fig. 5 provides for the embodiment of the present invention.As shown in Figure 5, Experimenter value is that 255 needs are applied for open network foundation (ONF) tissue.Experimenter types value is 1 to be shown to be from SDN switch direction to SDN controller.The maximum support of the port numbers reported 128.
The schematic diagram of the handling process 600 of a kind of SDN switch that Fig. 6 provides for the embodiment of the present invention.As shown in Figure 6, the handling process 600 of SDN switch comprises the following steps:
Step 602: message enters into SDN, first inquiry stream table.
Step 604: judge whether message mates stream table.If coupling stream table, then enter step 606, message normally forwards according to stream table; If do not mate stream table, then enter step 608, message will be sent to SDN controller and process.
Step 610: matching message and MAB certification policy further.If coupling MAB certification policy, then enter step 612, SDN controller issues stream table and E-Packets; If do not mate MAB certification policy, then enter step 614, dropping packets.
Particularly, for step 608, if original message does not mate stream table, then need to be inserted SDN switch information by SDN switch, the message format being packaged into Packet_In is sent to SDN controller.The schematic diagram of a kind of message format with SDN switch information that Fig. 7 provides for the embodiment of the present invention.
Particularly, for step 610, further understanding can be done with reference to following table 1 and Fig. 8.MAB certification policy can be as shown in table 1:
Table 1
The schematic diagram of the handling process 800 of a kind of SDN controller that Fig. 8 provides for the embodiment of the present invention.As shown in Figure 8, the handling process 800 of SDN controller comprises the following steps:
Step 802:SDN controller receives Packet_In message from SDN switch, extracts the source MAC of original message, the MAC Address of corresponding switch and port from Packet_In message.As mentioned above, the MAC Address of SDN switch can as the identifier of SDN switch.
Step 804:SDN controller judges the state (such as, opening or closing) of MAB authentication switch based on SDN switch and port.If the state of MAB authentication switch for closing, then enters step 806.If the state of MAB authentication switch for opening, then enters step 808.
Step 806:SDN controller issues stream table and E-Packets, and SDN switch will forward this message flow.
Step 808:SDN controller judges MAB authentication mode further.As described in Table 1, MAB authentication mode is divided into three kinds: the first is bypass (BYPASS), the second is using the MAC Address of MAB user as username and password, and the third is as username and password using MAC Address pre-configured in SDN switch.
If MAB authentication mode is bypass mode, then forward step 810:SDN controller to and issue stream table and E-Packet, SDN switch will forward this message flow.
If MAB authentication mode is switch mac address mode, then forward step 812 to: using the MAC Address of SDN switch as username and password.
If MAB authentication mode is user's MAC address mode, then forward step 814 to: using the MAC Address of MAB user as username and password.
Step 812 and 814 all forwards next step 816 and 818 to: MAC Address, username and password are carried out MAB checking.If MAB checking is not passed through, then enter step 820, dropping packets.If MAB is verified, then enter step 822:SDN controller and issue stream table and E-Packet, SDN switch will forward this message flow.
Above SDN controller and SDN switch all support the expansion of stream table, and it flows the expansion of table definition as shown in the following Table 2:
| Matching field | Action field | Describe |
| Inbound port and data flow | Forward this data flow | Fit into port and data flow |
| Source MAC | Source MAC, forwards this data flow |
Table 2
Those skilled in the art easily should realize the MAB authenticate device based on SDN from the MAB authentication method based on SDN of Fig. 2-Fig. 8.SDN controller and SDN switch should be comprised, for implementing the MAB authentication method based on SDN as Fig. 2-Fig. 8 describes based on the MAB authenticate device of SDN.For for purpose of brevity, separately do not repeat herein.
Advantageously, all concentrate on SDN controller based on the MAB authentication method of SDN and device by all MAB authenticated configuration task sequences, therefore configuration effort is concentrated and amendment is convenient very much, and networking is more simple, flexibly.In addition, expanded stream table based on the MAB authentication method of SDN and device, supported the Access Management Access technology based on SDN.
These are only the preferred embodiments of the present invention; not thereby the scope of the claims of the present invention is limited; every utilize specification of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical field, be all in like manner included in scope of patent protection of the present invention.
Claims (10)
1., based on a physical address bypass authentication method for software defined network, software defined network switch and software defined network controller perform, and described method comprises:
Described software defined network switch reports oneself physical address information and port information to described software defined network controller;
Configures physical address bypass authentication techniques on described software defined network controller;
The message not mating stream table is reported by described software defined network switch; And
Stream table is issued according to the authentication result of described coupling by described software defined network controller.
2. the method for claim 1, is characterized in that, described method also comprises:
By described software defined network initialization switch open flows passage; And
By described software defined network switch by privately owned experimenter's message report described oneself physical address and port information to described software defined network controller.
3. the method for claim 1, is characterized in that, described method also comprises:
After described message enters software defined network, inquire about described stream table;
Judge whether described message mates described stream table, if coupling, then described message normally forwards according to described stream table, if do not mated, then described message will be sent to described software defined network controller and processes; And
The described message of further coupling and physical address bypass certification policy, if coupling, then described software defined network controller issues stream table and E-Packets, if do not mated, then abandons described message.
4. method as claimed in claim 3, it is characterized in that, described method also comprises:
When described software defined network controller receives income package message from described software defined network switch, from described income package message, extract the source physical address of original message, the physical address of corresponding switch and port; And
Judged the state of physical address bypass authentication switch based on described software defined network switch and port by described software defined network controller, if the state of described physical address bypass authentication switch is for closing, then described software defined network controller issues stream table and E-Packets, if the state of described physical address bypass authentication switch is for opening, then judge physical address bypass authentication mode further by described software defined network controller
Wherein, if described physical address bypass authentication mode is bypass, then described software defined network controller issues stream table and E-Packets, if described physical address bypass authentication mode is switch physical address mode, then the physical address of described software defined network switch is carried out physical address bypass authentication as username and password, if described physical address bypass authentication mode is user's physical address mode, then the physical address of described physical address bypass user is carried out physical address bypass authentication as username and password, when described physical address bypass authentication passes through, described software defined network controller issues stream table and E-Packets, described software defined network switch forwards described message flow.
5. the method for claim 1, it is characterized in that, the expansion of flowing table definition all supported by described software defined network switch and described software defined network controller, and wherein matching field is the source physical address of inbound port and data flow, and action field is for forwarding described data flow.
6., based on a physical address bypass authenticate device for software defined network, described physical address bypass authenticate device comprises software defined network switch and software defined network controller, it is characterized in that:
Described software defined network switch configuration is report oneself physical address information and port information to described software defined network controller;
Described software defined network controller is configured to configures physical address bypass authentication techniques;
Described software defined network switch is also configured to report the message not mating stream table; And
Described software defined network controller is also configured to issue stream table according to the authentication result of described coupling.
7. device as claimed in claim 6, is characterized in that:
Described software defined network switch is also configured to initialization open flows passage, and by privately owned experimenter's message report described oneself physical address and port information to described software defined network controller.
8. device as claimed in claim 6, it is characterized in that, described software defined network switch is also configured to:
After described message enters software defined network, inquire about described stream table;
Judge whether described message mates described stream table, if coupling, then described message normally forwards according to described stream table, if do not mated, then described message will be sent to described software defined network controller and processes; And
The described message of further coupling and physical address bypass certification policy, if coupling, then described software defined network controller issues stream table and E-Packets, if do not mated, then abandons described message.
9. device as claimed in claim 8, it is characterized in that, described software defined network controller is also configured to:
When described software defined network controller receives income package message from described software defined network switch, from described income package message, extract the source physical address of original message, the physical address of corresponding switch and port; And
The state of physical address bypass authentication switch is judged based on described software defined network switch and port, if the state of described physical address bypass authentication switch is for closing, then issue stream table and E-Packet, if the state of described physical address bypass authentication switch is for opening, then judge physical address bypass authentication mode further
If wherein described physical address bypass authentication mode is bypass, then described software defined network controller issues stream table and E-Packets, if described physical address bypass authentication mode is switch physical address mode, then the physical address of described software defined network switch is carried out physical address bypass authentication as username and password, if described physical address bypass authentication mode is user's physical address mode, then the physical address of described physical address bypass user is carried out physical address bypass authentication as username and password, when described physical address bypass authentication passes through, described software defined network controller issues stream table and E-Packets, described software defined network switch forwards described message flow.
10. device as claimed in claim 6, it is characterized in that, the expansion of flowing table definition all supported by described software defined network switch and described software defined network controller, and wherein matching field is the source physical address of inbound port and data flow, and action field is for forwarding described data flow.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510659060.9A CN105162608A (en) | 2015-10-13 | 2015-10-13 | Physical address bypass authentication method and device based on software-defined network |
| PCT/CN2016/097682 WO2017063458A1 (en) | 2015-10-13 | 2016-08-31 | Physical address bypass authentication method and apparatus based on software defined networking |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510659060.9A CN105162608A (en) | 2015-10-13 | 2015-10-13 | Physical address bypass authentication method and device based on software-defined network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105162608A true CN105162608A (en) | 2015-12-16 |
Family
ID=54803372
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510659060.9A Pending CN105162608A (en) | 2015-10-13 | 2015-10-13 | Physical address bypass authentication method and device based on software-defined network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105162608A (en) |
| WO (1) | WO2017063458A1 (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105591754A (en) * | 2016-02-26 | 2016-05-18 | 上海斐讯数据通信技术有限公司 | Authentication header authentication method and authentication header authentication system based on SDN |
| CN105681102A (en) * | 2016-03-01 | 2016-06-15 | 上海斐讯数据通信技术有限公司 | Behavioral strategy method and system based on SDN |
| CN105791113A (en) * | 2016-02-25 | 2016-07-20 | 上海斐讯数据通信技术有限公司 | An SDN-based multi-link delay equalization method and system |
| CN105933225A (en) * | 2016-04-20 | 2016-09-07 | 上海斐讯数据通信技术有限公司 | Strategy routing method and system based on SDN |
| CN106059933A (en) * | 2016-05-30 | 2016-10-26 | 杭州华三通信技术有限公司 | Method and device for maintaining software defined network (SDN) |
| CN106100996A (en) * | 2016-05-30 | 2016-11-09 | 上海斐讯数据通信技术有限公司 | Switch based on software defined network, controller and the system of inspection |
| WO2017063458A1 (en) * | 2015-10-13 | 2017-04-20 | 上海斐讯数据通信技术有限公司 | Physical address bypass authentication method and apparatus based on software defined networking |
| CN108055254A (en) * | 2017-12-07 | 2018-05-18 | 锐捷网络股份有限公司 | A kind of method and apparatus of unaware certification |
| CN113612787A (en) * | 2021-08-10 | 2021-11-05 | 浪潮思科网络科技有限公司 | Terminal authentication method |
| CN115412319A (en) * | 2022-08-19 | 2022-11-29 | 浪潮思科网络科技有限公司 | Network authority control method, equipment and medium based on strategy accompanying |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI668987B (en) * | 2018-04-26 | 2019-08-11 | 中華電信股份有限公司 | System of host protection based on moving target defense and method thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101702687A (en) * | 2009-11-27 | 2010-05-05 | 北京傲天动联技术有限公司 | Method for utilizing device with exchange board structure as broadband access server |
| CN103442358A (en) * | 2013-08-30 | 2013-12-11 | 杭州华三通信技术有限公司 | Method for local forwarding concentrated authentication and control device |
| CN104113839A (en) * | 2014-07-14 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Mobile data safety protection system and method based on SDN |
| CN104506511A (en) * | 2014-12-15 | 2015-04-08 | 蓝盾信息安全技术股份有限公司 | Moving target defense system and moving target defense method for SDN (self-defending network) |
| CN104901825A (en) * | 2014-03-05 | 2015-09-09 | 杭州华三通信技术有限公司 | Method and device for realizing zero configuration startup |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104022953B (en) * | 2013-02-28 | 2018-02-09 | 新华三技术有限公司 | Message forwarding method and device based on open flows Openflow |
| US9461967B2 (en) * | 2013-07-18 | 2016-10-04 | Palo Alto Networks, Inc. | Packet classification for network routing |
| CN103595712B (en) * | 2013-11-06 | 2017-04-05 | 福建星网锐捷网络有限公司 | A kind of Web authentication method, apparatus and system |
| CN104618360B (en) * | 2015-01-22 | 2019-05-31 | 盛科网络(苏州)有限公司 | Bypass authentication method and system based on 802.1X agreement |
| CN105162608A (en) * | 2015-10-13 | 2015-12-16 | 上海斐讯数据通信技术有限公司 | Physical address bypass authentication method and device based on software-defined network |
-
2015
- 2015-10-13 CN CN201510659060.9A patent/CN105162608A/en active Pending
-
2016
- 2016-08-31 WO PCT/CN2016/097682 patent/WO2017063458A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101702687A (en) * | 2009-11-27 | 2010-05-05 | 北京傲天动联技术有限公司 | Method for utilizing device with exchange board structure as broadband access server |
| CN103442358A (en) * | 2013-08-30 | 2013-12-11 | 杭州华三通信技术有限公司 | Method for local forwarding concentrated authentication and control device |
| CN104901825A (en) * | 2014-03-05 | 2015-09-09 | 杭州华三通信技术有限公司 | Method and device for realizing zero configuration startup |
| CN104113839A (en) * | 2014-07-14 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Mobile data safety protection system and method based on SDN |
| CN104506511A (en) * | 2014-12-15 | 2015-04-08 | 蓝盾信息安全技术股份有限公司 | Moving target defense system and moving target defense method for SDN (self-defending network) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017063458A1 (en) * | 2015-10-13 | 2017-04-20 | 上海斐讯数据通信技术有限公司 | Physical address bypass authentication method and apparatus based on software defined networking |
| CN105791113B (en) * | 2016-02-25 | 2019-11-29 | 上海斐讯数据通信技术有限公司 | A kind of multilink delay equalization method and system based on SDN |
| CN105791113A (en) * | 2016-02-25 | 2016-07-20 | 上海斐讯数据通信技术有限公司 | An SDN-based multi-link delay equalization method and system |
| CN105591754B (en) * | 2016-02-26 | 2018-09-28 | 上海斐讯数据通信技术有限公司 | A kind of verification head verification method and system based on SDN |
| CN105591754A (en) * | 2016-02-26 | 2016-05-18 | 上海斐讯数据通信技术有限公司 | Authentication header authentication method and authentication header authentication system based on SDN |
| CN105681102A (en) * | 2016-03-01 | 2016-06-15 | 上海斐讯数据通信技术有限公司 | Behavioral strategy method and system based on SDN |
| CN105933225A (en) * | 2016-04-20 | 2016-09-07 | 上海斐讯数据通信技术有限公司 | Strategy routing method and system based on SDN |
| CN106059933A (en) * | 2016-05-30 | 2016-10-26 | 杭州华三通信技术有限公司 | Method and device for maintaining software defined network (SDN) |
| CN106100996A (en) * | 2016-05-30 | 2016-11-09 | 上海斐讯数据通信技术有限公司 | Switch based on software defined network, controller and the system of inspection |
| CN108055254A (en) * | 2017-12-07 | 2018-05-18 | 锐捷网络股份有限公司 | A kind of method and apparatus of unaware certification |
| CN113612787A (en) * | 2021-08-10 | 2021-11-05 | 浪潮思科网络科技有限公司 | Terminal authentication method |
| CN113612787B (en) * | 2021-08-10 | 2023-05-30 | 浪潮思科网络科技有限公司 | Terminal authentication method |
| CN115412319A (en) * | 2022-08-19 | 2022-11-29 | 浪潮思科网络科技有限公司 | Network authority control method, equipment and medium based on strategy accompanying |
| CN115412319B (en) * | 2022-08-19 | 2024-03-26 | 浪潮思科网络科技有限公司 | Network authority control method, device and medium based on strategy following |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017063458A1 (en) | 2017-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105162608A (en) | Physical address bypass authentication method and device based on software-defined network | |
| US10574652B2 (en) | Systems and methods for cloud-based service function chaining using security assertion markup language (SAML) assertion | |
| EP3494682B1 (en) | Security-on-demand architecture | |
| US9178910B2 (en) | Communication system, control apparatus, policy management apparatus, communication method, and program | |
| US10462007B2 (en) | Network address transparency through user role authentication | |
| JP5811171B2 (en) | COMMUNICATION SYSTEM, DATABASE, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM | |
| CN102625310B (en) | Wireless network access method, authentication method and device | |
| CN103457878B (en) | A kind of access control method based on stream | |
| CN106453090B (en) | A kind of data-centered communication means | |
| WO2014142299A1 (en) | Communication terminal, communication control apparatus, communication system, communication control method and program | |
| US9432260B2 (en) | Automated configuration for network devices | |
| CN106131066B (en) | A kind of authentication method and device | |
| US10033734B2 (en) | Apparatus management system, apparatus management method, and program | |
| CN104394080A (en) | Method and device for achieving function of security group | |
| EP3560166B1 (en) | Network authorization in web-based or single sign-on authentication environments | |
| US20240089300A1 (en) | Applying overlay network policy based on users | |
| CN111865633B (en) | Communication method, device and system | |
| CN115428401A (en) | Management of network interception portals of network devices having persistent and non-persistent identifiers | |
| WO2017218694A1 (en) | Seamless wireless device onboarding | |
| CN101860551A (en) | Multi-user authentication method and system under single access port | |
| JP2020529085A (en) | User authentication in BRAS transfer / control separation architecture | |
| CN103401751B (en) | Internet safety protocol tunnel establishing method and device | |
| CN108076459B (en) | Network access control method, related equipment and system | |
| CN103501260B (en) | The network collocating method of enterprise network and access device | |
| CN111756718B (en) | Terminal, access method, system, server and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20190409 |
|
| AD01 | Patent right deemed abandoned |