Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING

A secure access and user technology, applied in encryption devices with shift registers/memory, data exchange through path configuration, digital transmission systems, etc., can solve the problem that users cannot access the network and exhaust switch resources DHCPSERVER address space , user inconvenience and other problems, to achieve the effect of solving safety and reliability

Active Publication Date: 2012-01-11
武汉神州数码云科网络技术有限公司
View PDF3 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] If the number of DHCP bindings for each switch port is not limited, malicious users will forge a large number of DHCP requests, thus exhausting the resources of the switch and the address space of the DHCP server
[0007] Since the general access switch itself does not have a large-capacity non-volatile storage medium (such as flash), once the switch restarts abnormally, or after it is shut down and restarted, the DHCPSNOOPING binding table stored in the switch memory will disappear, and because the user may If the switch is connected to the switch through other network devices (such as a hub, etc.), the user cannot perceive that the switch is restarted, and the user's DHCP CLIENT will not re-apply for an address or renew the lease. In this case, because there is no user binding information , which will cause users to be unable to access the network, which will cause great inconvenience to users

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING
  • Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING
  • Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0025] The network environment of the inventive method is as figure 1 shown.

[0026] According to the technical scheme of the above-mentioned content of the invention, the detailed steps of its realization are as follows, as figure 2 Shown:

[0027] (1) After the switch starts DHCP SNOOPING, the port sets the DHCP SNOOPING user control mode and sets the hardware table entry, all messages cannot be forwarded, and the DHCP messages are redirected to the CPU. Before a DHCP user obtains an IP dynamically, it cannot access other resources except for requesting an IP from the DHCP server. To configure the added content of DHCP OPTION 82, you can specify a specific character string and hexadecimal string. The default content is the switch CPU MAC, user VLAN and port number.

[0028] (2) The switch configures the background server address and por...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a safe access method based on a dynamic host configuration protocol (DHCP) SNOOPING. The method is characterized by: adding a definition or default-arranged OPTION 82 to a user DHCP request message received by a switchboard; configuring a binding quantity on a port; issuing binding information (IP, MAC, VLAN, PORT) of the user to hardware by using the switchboard; uploading the binding information which is encrypted to a background server. Once the switchboard restarts, the binding information is acquired from the background server and the downloaded binding information needs to send an ARP request so as to confirm the binding. And the binding information can be determined whether to be effective or not. By using a technical scheme of the invention, safety and reliability brought by distributing addresses through the DHCP can be guaranteed; a security problem of accessing network through the DHCP mode can be effectively controlled and managed.

Description

technical field [0001] The invention relates to a computer network access security technology, in particular to a DHCPSNOOPING-based security access method. Background technique [0002] Dynamic Host Configuration Protocol (DHCP) is a LAN network protocol, using UDP protocol to work, mainly for two purposes: to automatically assign IP addresses to users for internal networks or network service providers to internal network administrators as A means of centrally managing all computers. [0003] The DHCP SNOOPING function refers to the process that the switch monitors the DHCP CLIENT to obtain IP through the DHCP protocol. It prevents DHCP attacks and private DHCPSERVER by setting trusted ports and untrusted ports. DHCP messages received from trusted ports can be forwarded without verification. A typical setting is to connect the trusted port to DHCP SERVE or DHCP RELAY agent. If the untrusted port is connected to DHCP CLIENT, the switch will forward the DHCP request messa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/56H04L12/46H04L29/12H04L9/06
Inventor 梁小冰
Owner 武汉神州数码云科网络技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com