Unlock instant, AI-driven research and patent intelligence for your innovation.

Message control method and access equipment in endpoint admission defense

A control method and technology for accessing equipment, applied in the field of data communication, can solve the problem of excessive ACL resource occupation, and achieve the effect of saving ACL resources and increasing access capability

Inactive Publication Date: 2010-01-20
NEW H3C TECH CO LTD
View PDF0 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] The current EAD implementation method can achieve refined management and control for users, but its disadvantages are also obvious: it occupies more ACL resources for access devices

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Message control method and access equipment in endpoint admission defense
  • Message control method and access equipment in endpoint admission defense
  • Message control method and access equipment in endpoint admission defense

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.

[0041] The key of the present invention is to configure isolation VLAN and security VLAN in the access device, and define isolation area and security area by issuing isolation class ACL or security class ACL for VLAN on the uplink interface; when user message is forwarded, according to The user state switches the VLAN of the packet, and matches the VLAN-based ACL on the uplink interface.

[0042] figure 2It is a flowchart of a message control method in endpoint access defense according to an embodiment of the present invention. The method is applied to an access device (that is, a security linkage device) in an EAD, and includes the following steps:

[0043] Step 201: configure two virtual local area networks (VLANs) on the access port and the upl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a message control method and access equipment in endpoint admission defense. The message control method comprises the following steps: configuring an isolation VLAN and a security VLAN at an access port and an ascending interface; configuring an isolation ACL and a security ACL at the ascending port; establishing a congruent relationship between user information and user states; as to ascending messages of a user in the isolation state received at the access port, switching the original VLAN of the ascending messages into the isolation VLAN and then forwarding the isolation VLAN to the ascending interface; as to ascending messages of a user in the security state received at the access port, switching the original VLAN of the ascending messages into the security VLAN and then forwarding the security VLAN to the ascending interface; and as to the ascending message matched with the isolation ACL or the security ACL at the ascending interface, switching the VLAN of the messages into the original VLAN and then forwarding the original VLAN. The invention can reduce the consumption of ACL resources of the access equipment and further strengthen the access ability of the access equipment to a user terminal.

Description

technical field [0001] The invention belongs to the technical field of data communication, and in particular relates to a message control method and an access device in Endpoint Admission Defense (EAD). Background technique [0002] The basic functions of EAD are realized through the linkage of security clients, security linkage devices (such as switches and routers), security policy servers, antivirus servers, and patch servers. The basic principles are as follows: figure 1 Shown: [0003] (1) When a user terminal attempts to access the network, firstly through the security client, the security linkage device (access device) and the security policy server cooperate to perform user identity authentication, and illegal users will be denied access to the network; [0004] (2) The security policy server issues security policies to legitimate users, and requires legitimate users to perform security status authentication; [0005] (3) The security client detects the patch versi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/56H04L12/46H04L29/06H04L12/911
Inventor 王君菠
Owner NEW H3C TECH CO LTD