CN110933199B - Address allocation method and device - Google Patents
Address allocation method and device Download PDFInfo
- Publication number
- CN110933199B CN110933199B CN201911195277.3A CN201911195277A CN110933199B CN 110933199 B CN110933199 B CN 110933199B CN 201911195277 A CN201911195277 A CN 201911195277A CN 110933199 B CN110933199 B CN 110933199B
- Authority
- CN
- China
- Prior art keywords
- authentication
- client
- relationship
- authentication relationship
- mac address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000011084 recovery Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 13
- 230000001360 synchronised effect Effects 0.000 abstract description 8
- 230000003993 interaction Effects 0.000 abstract description 3
- 238000004590 computer program Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/503—Internet protocol [IP] addresses using an authentication, authorisation and accounting [AAA] protocol, e.g. remote authentication dial-in user service [RADIUS] or Diameter
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Small-Scale Networks (AREA)
Abstract
The application provides an address allocation method and device, which can enable a DHCP server to receive a DHCP request sent by a client and obtain an MAC address of the client from the DHCP request; searching an authentication relation matched with the MAC address in a locally stored authentication relation synchronized by a Radius server, wherein the authentication relation is a corresponding relation between the MAC address and a user account; if the authentication relationship is found and the authentication relationship is determined to be valid, address information is distributed to the client according to the authentication relationship so that the client can access the network according to the distributed address information. The application can establish communication interaction between the DHCP server and the Radius server so that the DHCP server obtains the authentication relationship of the user from the Radius server, and accordingly, the DHCP request of the user is correspondingly processed according to the authentication relationship, the DHCP server can manage the user host conveniently, and the security of the DHCP server is improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to an address allocation method and apparatus.
Background
The DHCP (dynamic host configuration protocol) mainly functions to centrally manage and allocate IP addresses, so that a host in a network environment dynamically obtains information such as IP addresses, gateway addresses, DNS (Domain Name System) server addresses, and the like. Conventional DHCP provides convenience, but it also has certain drawbacks. First of all, the assignment of IP addresses in this way is not manageable and controllable. Because DHCP is mainly performed on a host basis when configuring allocation rules, this configuration is not appropriate if there are a large number of hosts in the network; secondly, the DHCP server has no limitation on the access of users, and as long as any computer is accessed to the network, the correct port address and network configuration can be obtained through the DHCP server, so that the data in the organization can be accessed, and the DHCP server has some potential safety hazards.
Disclosure of Invention
In view of this, the present application provides an address allocation method and an address allocation device, so as to solve the problem that the DHCP server allocates an IP address to a client.
Specifically, the method is realized through the following technical scheme:
in a first aspect, the present application provides an address allocation method, where the method is applied to a DHCP server, and the method includes:
receiving a DHCP request sent by a client, and acquiring an MAC address of the client from the DHCP request;
searching an authentication relation matched with the MAC address in a locally stored authentication relation synchronized by a Radius server, wherein the authentication relation is a corresponding relation between the MAC address and a user account;
and if the authentication relationship is found and the authentication relationship is determined to be valid, allocating address information to the client according to the authentication relationship so that the client accesses the network according to the allocated address information.
In a second aspect, the present application provides an address assignment apparatus, which is applied to a DHCP server, and includes:
the device comprises a receiving unit, a sending unit and a receiving unit, wherein the receiving unit is used for receiving a DHCP request sent by a client and acquiring the MAC address of the client from the DHCP request;
the searching unit is used for searching the authentication relation matched with the MAC address in the authentication relation synchronized by the Radius server and stored locally, wherein the authentication relation is the corresponding relation between the MAC address and the user account;
and the distribution unit is used for distributing address information to the client according to the authentication relationship if the authentication relationship is found and the authentication relationship is determined to be valid, so that the client accesses the network according to the distributed address information.
In a third aspect, the present application further provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements any one of the steps of the address allocation method.
In a fourth aspect, the present application further provides a network device, which includes a memory, a processor, a communication interface, and a communication bus; the memory, the processor and the communication interface are communicated with each other through the communication bus;
the memory is used for storing a computer program;
the processor is configured to execute the computer program stored in the memory, and when the processor executes the computer program, any step of the address assignment method is implemented.
Therefore, the application can enable the DHCP server to receive the DHCP request sent by the client and obtain the MAC address of the client from the DHCP request; searching an authentication relation matched with the MAC address in a locally stored authentication relation synchronized by a Radius server, wherein the authentication relation is a corresponding relation between the MAC address and a user account; and if the authentication relationship is found and the authentication relationship is determined to be valid, allocating address information to the client according to the authentication relationship so that the client accesses the network according to the allocated address information. The application can establish communication interaction between the DHCP server and the Radius server so that the DHCP server obtains the authentication relationship of the user from the Radius server, and accordingly, the DHCP request of the user is correspondingly processed according to the authentication relationship, the DHCP server can manage the user host conveniently, and the security of the DHCP server is improved.
Drawings
Fig. 1 is a schematic diagram of a DHCP networking architecture in an exemplary embodiment of the present application;
FIG. 2 is a process flow diagram of a method for address allocation in an exemplary embodiment of the present application;
FIG. 3 is a flow diagram of another address assignment process in an exemplary embodiment of the present application;
FIG. 4 is a logical block diagram of an address assignment mechanism in an exemplary embodiment of the present application;
fig. 5 is a hardware block diagram of a network device in an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Referring to fig. 1, a DHCP networking structure in an exemplary embodiment of the related art is shown, where a Radius (remote authentication dial-in user service) client accesses a network through a switch, and when a user needs to access the network, the user needs to pass Radius authentication and acquire address information, such as an IP address, allocated by a DHCP server.
In the conventional technology, a user uses an 802.1X authentication client to input a user account and a password, initiate an authentication request, and request Radius server authentication. And after receiving the authentication request, the Radius server inquires a user database for authentication. After the user passes the authentication, the Radius server may notify the switch to open the controlled port where the user is located, and at this time, the network of the user host is in a connected state.
Then, the client will initiate a DHCP request to the DHCP server, apply for obtaining address information from the DHCP server, and after receiving the DHCP request, the DHCP server will distribute address information to the client based on the MAC address of the user host, so that the user can surf the internet based on the address information, and the charging server starts to charge the user.
When the DHCP server allocates the IP address, because the DHCP server allocates the MAC address based on the host, if a large number of hosts exist in the network, the allocation mode is inconvenient for address management, secondly, the DHCP server has no limitation on the access of users, and any computer can obtain the correct port address and network allocation through the DHCP server as long as accessing the network, and then accesses the data inside the organization, thereby causing some potential safety hazards in the DHCP server.
Please refer to fig. 2, which is a flowchart illustrating an address allocation method in an exemplary embodiment of the present application, the method is applied to a DHCP server, and the method includes steps 201 and 203.
in this embodiment, the DHCP server may receive a DHCP request that the client sends a MAC address carrying the client, and thus the DHCP server may obtain the MAC address of the client in the DHCP request.
in one embodiment, the Radius server may send an authentication relationship between the MAC address of the client and the user account to the DHCP server after the user authentication passes, and the system time of the Radius server when the user authentication passes, where the authentication relationship is a correspondence between the MAC address and the user account logged in the client. Before the DHCP server receives a DHCP request sent by a client, the DHCP server can also receive the authentication relationship between the MAC address of the client and a user account sent by the Radius server to the DHCP server after the user authentication is passed, and the system time of the Radius server when the user authentication is passed; the DHCP server may thus record the authentication relationship and create a timestamp with the system time as the initial time of the timestamp.
In this embodiment, after acquiring the MAC address in the DHCP request, the DHCP server may search for an authentication relationship matching the MAC address from locally stored authentication relationships synchronized by the Radius server.
In this embodiment, if the DHCP server finds the authentication relationship matching the MAC address in the DHCP request and determines that the authentication relationship is valid, the client may be allocated with address information according to the authentication relationship, so that the client accesses a network according to the allocated address information. Specifically, the DHCP server may assign address information to the authentication relationship according to a preset configuration file, where the address information includes at least an IP address, a mask, a gateway, and a DNS address. The configuration file is used for carrying out address allocation based on different authorities and access control strategies corresponding to the host MAC address and the user account, so that the user access can be managed in combination with the user account and the host MAC address, and the management mode is optimized.
In one embodiment, the method for determining whether the authentication relationship is valid specifically includes: firstly, acquiring a timestamp corresponding to the authentication relationship as first time, and acquiring system time for receiving the DHCP request as second time; whether the difference between the second time and the first time is less than a preset time length is calculated, wherein the preset time length is a time length specified by an administrator, such as 60 seconds. If the time length is less than the preset time length, determining that the authentication relationship is valid; and if the time length is not less than the preset time length, determining that the authentication relationship is invalid.
In one embodiment, when the DHCP server confirms that the authentication relationship is valid, the system time of the DHCP server that allocates address information to the client may be used as a third time, and the corresponding timestamp in the authentication relationship may be updated at the third time; and deleting the authentication relation and the corresponding timestamp thereof when the authentication relation is determined to be invalid.
In an example, if the DHCP server does not find the authentication relationship, or when it is determined that the authentication relationship is invalid, querying whether an authentication relationship corresponding to the MAC address exists from a Radius server, if so, storing the authentication relationship; if not, the address information is refused to be allocated.
When a traditional DHCP allocates address information to a subscriber, an administrator configures the expiration time of a lease, and when each lease reaches the expiration time, the DHCP server can reallocate the leases. However, if the time setting is too short, it may cause the IP resources to be recycled frequently, and the host re-applies, thereby increasing the performance pressure of the DHCP. If this time setting is too long, it may cause a waste of IP resources. The validity of the authentication relationship can be verified in a mode of setting a timestamp for the authentication relationship, and the authentication relationship is obtained again from the Radius server when the authentication relationship fails, so that the manual lease renewal of a user due to over short lease can be avoided; and when the DHCP server does not know that the user is offline, the authentication relationship is searched for by the Radius server after the preset time length to determine that the user is offline, so that the corresponding relationship is deleted, the address information is recovered, and the waste of IP address resources caused by overlong lease is avoided.
In one example, when a user offline notification carrying a client MAC address sent by a Radius server is received, the MAC address is acquired, an authentication relationship corresponding to the MAC address and address information allocated to the authentication relationship are searched for, the address information is recovered, and the authentication relationship is deleted.
Traditional leases are not deleted when the user is offline, but only after the lease expires. The address information recovery mechanism can send a message to the DHCP server through the Radius server when the user is off-line, and the DHCP server actively recovers the address information, thereby fully utilizing the IP resources of the network.
In the related art, if the DHCP server does not know that the user a on the client goes offline, but continuously stores the authentication relationship between the user a and the MAC address, when the user B goes online from the client, the authentication relationship between the user a is found based on the MAC address to allocate address information to the user B. When the user A goes offline, the Radius server can send a message to the DHCP server, the DHCP server deletes the authentication relationship, and actively recovers the address information; if the DHCP server does not receive the message sent by the Radius server, the DHCP server can also receive the authentication relationship corresponding to the user B sent by the Radius server when the user B is on line, so that the address information is distributed to the user B based on the authentication relationship of the user B. Thereby avoiding the problem of using the authentication relationship of the user A to allocate the address information to the user B in the prior art.
In order to make the objects, technical solutions and advantages of the present application more apparent, the solution of the present application is further described in detail below with reference to fig. 1 and 3.
When the user in fig. 1 uses the Radius client, inputs a user account and a password, and sends an authentication request to the Radius server, the Radius server may query the user database for authentication after receiving the authentication request. After the authentication is passed, the Radius server notifies the authentication device (such as a switch, etc.) to open the controlled port corresponding to the client, so that the network of the client is in a connected state. The DHCP communication agent module on the Radius server may monitor a message from the Radius server, and synchronize the message to the DHCP server for corresponding processing, where the monitored message is, for example, a message that the user passes authentication, or a message that the user is offline. After the user is on line, the client side can initiate a DHCP request to the DHCP server to apply for address information from the DHCP server.
When the DHCP server receives the DHCP request, the process flow of allocating an IP address to the client is shown in fig. 3, which includes:
judging whether the effect is effective specifically as follows: acquiring a timestamp T1 corresponding to the authentication relationship, acquiring system time T2 for receiving the DHCP request, judging whether the value of T2-T1 is less than a preset time (for example, 60 seconds), and if so, determining that the authentication relationship is valid; if not, determining that the authentication relationship is invalid.
the DHCP server may assign address information, such as IP address, mask, gateway, DNS, etc., to the subscriber host according to the authentication relationship and according to the policy specified in the configuration file.
and step 307, refusing to distribute the address information and ending.
After the user is refused to allocate the address information, the authentication may fail, so the user can re-authenticate to the Radius server and re-initiate the request to the DHCP server after the authentication is passed.
After receiving the address information distributed by the DHCP server, the user can start to surf the internet according to the address information, and the Radius server informs the charging server to start charging the user.
When the user does not need to use the network any more, the user initiates an exit request through the authentication client at the moment, and the Radius server informs the charging server to stop charging when confirming the exit of the user, informs the DHCP server to delete the authentication relationship of the user, deletes the timestamp corresponding to the authentication relationship, closes the port accessed by the user, and recovers the address information distributed to the port.
Corresponding to the embodiment of the address allocation method, the application also provides an embodiment of an address allocation device.
Referring to fig. 4, a schematic structural diagram of an address assignment apparatus in an exemplary embodiment of the present application, where the apparatus is applied to a DHCP server, and the apparatus 40 includes:
a receiving unit 401, configured to receive a DHCP request sent by a client, and obtain an MAC address of the client from the DHCP request;
a searching unit 402, configured to search an authentication relationship matching the MAC address in a locally stored authentication relationship synchronized by a Radius server, where the authentication relationship is a correspondence between the MAC address and a user account;
an allocating unit 403, configured to, if the authentication relationship is found and it is determined that the authentication relationship is valid, allocate address information to the client according to the authentication relationship, so that the client accesses a network according to the allocated address information.
As an embodiment, the apparatus further comprises:
a recording unit 404, configured to receive, before receiving a DHCP request sent by a client, an authentication relationship between an MAC address of the client and a user account sent by a Radius server to the DHCP server after user authentication passes, and a system time of the Radius server when user authentication passes; and recording the authentication relation, and creating a time stamp, wherein the system time is used as the initial time of the time stamp.
As an embodiment, the allocating unit 403, executing a process of determining whether the authentication relationship is valid, includes:
acquiring a timestamp corresponding to the authentication relationship as first time, and acquiring system time for receiving the DHCP request as second time; calculating whether the difference value between the second time and the first time is less than a preset time length, and if so, determining that the authentication relationship is valid; if not, determining that the authentication relationship is invalid;
the allocating unit 403 is further configured to, when it is determined that the authentication relationship is valid, use a system time of a DHCP server that allocates address information to the client as a third time, and update a corresponding timestamp in the authentication relationship with the third time; and deleting the authentication relation and the corresponding timestamp thereof when the authentication relation is confirmed to be invalid.
As an embodiment, the apparatus further comprises:
a querying unit 405, configured to query whether an authentication relationship corresponding to the MAC address exists from a Radius server if the authentication relationship is not found, or when it is determined that the authentication relationship is invalid, and if so, store the authentication relationship; if not, the address information is refused to be allocated.
As an embodiment, the apparatus further comprises:
a recovering unit 406, configured to, when receiving a user offline notification carrying a client MAC address sent by a Radius server, obtain the MAC address, search for an authentication relationship corresponding to the MAC address and address information allocated to the authentication relationship, recover the address information, and delete the authentication relationship.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
Corresponding to the foregoing embodiments of the address assignment method, the present application further provides embodiments of a network device implementing the address assignment method.
As shown in fig. 5, the network device includes a memory 51, a processor 82, a communication interface 53, and a communication bus 54; wherein, the memory 51, the processor 52 and the communication interface 53 communicate with each other through the communication bus 54;
the memory 51 is used for storing computer programs;
the processor 52 is configured to execute the computer program stored in the memory 51, and when the processor 52 executes the computer program, any step of the address assignment method provided in the embodiment of the present application is implemented.
The present application further provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements any step of the address allocation method provided in the embodiments of the present application.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for embodiments of the network device and the computer-readable storage medium, since they are substantially similar to the method embodiments, the description is relatively simple, and reference may be made to the partial description of the method embodiments for relevant points.
In summary, the present application may enable a DHCP server to receive a DHCP request sent by a client, and obtain an MAC address of the client from the DHCP request; searching an authentication relation matched with the MAC address in a locally stored authentication relation synchronized by a Radius server, wherein the authentication relation is a corresponding relation between the MAC address and a user account; and if the authentication relationship is found and the authentication relationship is determined to be valid, allocating address information to the client according to the authentication relationship so that the client accesses the network according to the allocated address information. The application can establish communication interaction between the DHCP server and the Radius server so that the DHCP server obtains the authentication relationship of the user from the Radius server, and accordingly, the DHCP request of the user is correspondingly processed according to the authentication relationship, the DHCP server can manage the user host conveniently, and the security of the DHCP server is improved.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (8)
1. An address allocation method, applied to a DHCP server, includes:
receiving the authentication relationship between the MAC address of the client and the user account sent by the Radius server to the DHCP server after the user authentication passes, and the system time of the Radius server when the user authentication passes;
recording the authentication relationship between the MAC address of the client and the user account, and creating a timestamp, wherein the system time is used as the initial time of the timestamp;
receiving a DHCP request sent by the client, and acquiring the MAC address of the client from the DHCP request;
searching an authentication relation matched with the MAC address in the authentication relation between the MAC address of the client and the user account;
if the authentication relationship is found, acquiring a timestamp corresponding to the authentication relationship as first time, and acquiring system time for receiving the DHCP request as second time;
calculating whether the difference value between the second time and the first time is less than a preset time length, and if so, determining that the authentication relationship is valid; if not, determining that the authentication relationship is invalid;
and when the authentication relation is determined to be valid, allocating address information to the client according to the authentication relation so that the client accesses the network according to the allocated address information.
2. The method of claim 1, further comprising:
when the authentication relationship is confirmed to be valid, using the system time of a DHCP server which distributes address information for the client as third time, and updating the corresponding timestamp in the authentication relationship by the third time;
and deleting the authentication relation and the corresponding timestamp thereof when the authentication relation is determined to be invalid.
3. The method of claim 1,
if the authentication relationship is not found, or when the authentication relationship is determined to be invalid, inquiring whether the authentication relationship corresponding to the MAC address exists from a Radius server, if so, storing the authentication relationship; if not, the address information is refused to be allocated.
4. The method of claim 1, further comprising:
when receiving a user offline notification carrying a client MAC address sent by a Radius server, acquiring the MAC address, searching an authentication relationship corresponding to the MAC address and address information allocated for the authentication relationship, recovering the address information, and deleting the authentication relationship.
5. An address allocation apparatus, applied to a DHCP server, comprising:
the device comprises a recording unit, a receiving unit and a processing unit, wherein the recording unit is used for receiving the authentication relation between the MAC address of the client and the user account sent by the Radius server to the DHCP server after the user authentication passes and the system time of the Radius server when the user authentication passes before receiving the DHCP request sent by the client; recording the authentication relation, and creating a time stamp, wherein the system time is used as the initial time of the time stamp;
a receiving unit, configured to receive a DHCP request sent by a client, and acquire an MAC address of the client from the DHCP request;
the searching unit is used for searching the authentication relationship matched with the MAC address in the authentication relationship between the MAC address of the client and the user account; the distribution unit is used for acquiring a timestamp corresponding to the authentication relationship as first time and acquiring system time for receiving the DHCP request as second time if the authentication relationship is found;
calculating whether the difference value between the second time and the first time is less than a preset time length, and if so, determining that the authentication relationship is valid; if not, determining that the authentication relationship is invalid;
and when the authentication relation is determined to be valid, allocating address information to the client according to the authentication relation so that the client accesses the network according to the allocated address information.
6. The apparatus of claim 5, further comprising:
the allocation unit is further configured to, when it is determined that the authentication relationship is valid, use system time of a DHCP server that allocates address information to the client as third time, and update a timestamp corresponding to the authentication relationship with the third time; and deleting the authentication relation and the corresponding timestamp thereof when the authentication relation is determined to be invalid.
7. The apparatus of claim 5, further comprising:
the query unit is used for querying whether the authentication relationship corresponding to the MAC address exists from a Radius server if the authentication relationship is not found or the authentication relationship is determined to be invalid, and storing the authentication relationship if the authentication relationship corresponding to the MAC address exists; if not, the address information is refused to be allocated.
8. The apparatus of claim 5, further comprising:
and the recovery unit is used for acquiring the MAC address when receiving a user offline notification carrying the MAC address of the client sent by the Radius server, searching the authentication relationship corresponding to the MAC address and the address information distributed for the authentication relationship, recovering the address information and deleting the authentication relationship.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911195277.3A CN110933199B (en) | 2019-11-28 | 2019-11-28 | Address allocation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911195277.3A CN110933199B (en) | 2019-11-28 | 2019-11-28 | Address allocation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110933199A CN110933199A (en) | 2020-03-27 |
| CN110933199B true CN110933199B (en) | 2022-08-26 |
Family
ID=69847633
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911195277.3A Active CN110933199B (en) | 2019-11-28 | 2019-11-28 | Address allocation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110933199B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338609B (en) * | 2022-01-25 | 2024-08-20 | 广东省广播电视网络股份有限公司 | IP address allocation management system and method thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141492A (en) * | 2005-04-29 | 2008-03-12 | 华为技术有限公司 | Method and system for implementing DHCP address safety allocation |
| CN101621523A (en) * | 2009-07-22 | 2010-01-06 | 中兴通讯股份有限公司 | User security access control method as well as device and system thereof |
| CN103414709A (en) * | 2013-08-02 | 2013-11-27 | 杭州华三通信技术有限公司 | User identity binding and user identity binding assisting method and device |
| CN104333854A (en) * | 2013-07-22 | 2015-02-04 | 中国电信股份有限公司 | Wifi charging method and system |
| CN105592180A (en) * | 2015-09-30 | 2016-05-18 | 杭州华三通信技术有限公司 | Portal authentication method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244866B (en) * | 2011-08-18 | 2016-01-20 | 杭州华三通信技术有限公司 | Gate verification method and access controller |
-
2019
- 2019-11-28 CN CN201911195277.3A patent/CN110933199B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141492A (en) * | 2005-04-29 | 2008-03-12 | 华为技术有限公司 | Method and system for implementing DHCP address safety allocation |
| CN101621523A (en) * | 2009-07-22 | 2010-01-06 | 中兴通讯股份有限公司 | User security access control method as well as device and system thereof |
| CN104333854A (en) * | 2013-07-22 | 2015-02-04 | 中国电信股份有限公司 | Wifi charging method and system |
| CN103414709A (en) * | 2013-08-02 | 2013-11-27 | 杭州华三通信技术有限公司 | User identity binding and user identity binding assisting method and device |
| CN105592180A (en) * | 2015-09-30 | 2016-05-18 | 杭州华三通信技术有限公司 | Portal authentication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110933199A (en) | 2020-03-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10666661B2 (en) | Authorization processing method and device | |
| US9479611B2 (en) | Method, device, and system for implementing communication after virtual machine migration | |
| JP4200061B2 (en) | Identifier assigning apparatus, method, and program | |
| EP3562091B1 (en) | Highly available dhcp service by running dhcp servers on a blockchain network | |
| CN111107171B (en) | Security defense method and device for DNS (Domain name Server), communication equipment and medium | |
| CN105245629B (en) | Host communication method based on DHCP and device | |
| US20090122798A1 (en) | Ip network system and its access control method, ip address distributing device, and ip address distributing method | |
| CN108418806B (en) | Message processing method and device | |
| EP3512181B1 (en) | Network access control | |
| CN107466456A (en) | The processing method and server of locking request | |
| WO2015192583A1 (en) | Internet protocol (ip) address allocation method and apparatus, server and terminal | |
| CN110784457B (en) | Service access method and device | |
| US11743258B2 (en) | Access authenticating | |
| CN112822160A (en) | Equipment identification method, device, equipment and machine-readable storage medium | |
| CN104506654A (en) | Cloud computing system and backup method of dynamic host configuration protocol server | |
| CN109743357B (en) | Method and device for realizing service access continuity | |
| CN113691646A (en) | Domain name service resource access method, device, electronic equipment and medium | |
| CN110933199B (en) | Address allocation method and device | |
| CN101272247A (en) | Method and equipment and system for implementing user authentication based on DHCP | |
| CN103795584A (en) | Client side identity detection method and gateway | |
| WO2005074188A1 (en) | A method of obtaining the user identification for the network application entity | |
| CN107295504B (en) | Control method for Wi-Fi protection setting and gateway equipment | |
| CN111064819B (en) | Address backup method and device | |
| CN115242722A (en) | Advanced flow control implementation method based on API gateway | |
| CN113556337A (en) | Terminal address identification method, network system, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |