Method for insulating inside and outside networks, authentication server and access switch

An access switch and authentication server technology, applied in the field of network access control, can solve the problems of doubling the maintenance workload, increasing the terminal cost, complex network topology, etc., achieving the effect of low management and maintenance difficulty, reduced equipment cost, and simple network topology

Active Publication Date: 2012-04-18
北京紫光通信科技集团有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, since it is necessary to build a separate network for the internal network and the external network, and the two networks are physically isolated, this leads to a complex network topology, double the cost of network equipment, and double the maintenance workload. At the same time, the host needs to be configured to support the isolation mode The dual-network card system and the installation of dual-network card equipment will also lead to an increase in terminal costs
Moreover, the above solution also requires the installation of dual network card isolation software on the terminal, which also increases the difficulty of user operation and the complexity of network management

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for insulating inside and outside networks, authentication server and access switch
  • Method for insulating inside and outside networks, authentication server and access switch
  • Method for insulating inside and outside networks, authentication server and access switch

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] figure 2 It is a schematic diagram of an application environment of the method for isolating internal and external networks described in this embodiment. figure 2 In this method, the terminal is connected to the intranet through an access switch, specifically, the terminal is connected to a port on the access switch. At the same time, the access switch is also connected to the Internet through the egress gateway. An aggregation switch may also be connected between the access switch and the egress gateway, and the aggregation switch is connected to an authentication server. Specifically, the authentication server may be a Remote Authentication Dial-In User Service (RADIUS, Remote Authentication Dial-In User Service) server or a Terminal Access Controller Access Control System (TACACS, Terminal Access Controller Access Control System) server. In this embodiment, the RADIUS server is taken as an example for illustration, and the implementation principles of authenticat...

Embodiment 2

[0095]In Embodiment 1, the terminal needs to pass 802.1x authentication to access the intranet, which can improve the security of intranet access and prevent unauthorized terminals from accessing intranet resources. Portal authentication is required for terminals to access the extranet to prohibit unauthorized users from accessing the extranet. In this embodiment, identity authentication is not performed for the terminal to access the internal network, that is, the terminal can access and access the internal network after startup. For accessing the external network, similar to Embodiment 1, Portal authentication is required.

[0096] The method of isolating internal and external networks described in this embodiment is still applied in figure 2 environment shown. Described method specifically comprises the following steps:

[0097] Step S81, pre-configure and save the association information between the terminal in the intranet, the access switch connected to the terminal, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for separating an internal network from an external network, an authentication server and an access exchanger, wherein the method comprises the steps that: A, the authentication server authenticates the identity of a terminal according to an identity authentication request of the terminal for accessing the external network; B, after identity authentication request of the terminal for accessing the external network is passed, the authentication server sends a first policy to the exit gateway, determines the access exchanger and a first port corresponding to the terminal according to the pre-stored associated information, and sends the access exchanger a second policy aiming at the first port, the first policy is used for notifying the exit gateway to permit the communication between the terminal and the external network, the second policy is used for notifying the access exchanger to just transmit the target address as the message of the exit gateway forthe messages received by the first port. The invention can conveniently and efficiently realize the separation between the internal network and the external network and reduce the cost for realizing the separation between the internal network and the external network.

Description

technical field [0001] The invention relates to the technical field of network access control, in particular to a method for isolating internal and external networks, an authentication server and an access switch. Background technique [0002] With the maturity and high-speed development of network technology and Internet technology, more and more enterprises and institutions have begun to set up networks to realize office automation and share Internet information. The internal network (Intranet, referred to as the Intranet in this text) is relatively safe, and will not be attacked by hackers from the Internet (Internet, referred to as the Internet for short in this text, such as the Internet), nor will it leak secrets. However, the external network is full of insecure factors: hackers, malicious attacks, viruses, etc., which always threaten the security of the internal network. If the user needs to access the intranet while using the Internet, it may cause insecure factors...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/32H04L12/66
Inventor 李蔚
Owner 北京紫光通信科技集团有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products