Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Terminal admission control method based on switch port management

A technology of access control and switch, applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the problems of ARP spoofing, difficulty, unimaginable, etc., and achieve the effect of ensuring integrity and accurate access control

Inactive Publication Date: 2014-07-16
尹志超
View PDF4 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] In the existing technology, due to the diversity of access methods (wired, wireless, virtual private network, dial-up, etc.), and the diversity of terminal devices (desktops, notebooks, PADs, smart phones, etc.), it is difficult to accurately define network boundaries Network management mainly faces the following problems: ① external terminals access the network at will, ② the security of access terminals cannot be confirmed or guaranteed, ③ legal terminals do not comply with the IT internal control system
However, a DHCP server needs to be deployed on each network segment, which increases hardware and maintenance costs. Terminals can easily bypass DHCP, set their own IP access network, and cannot collect statistics on terminal information.
Only suitable for small and medium networks
[0006] (3) Access control mode based on gateway products and terminals: this control mode is very comprehensive and can basically meet most of the needs of users; 802.1x access control, but 802.1x cannot solve problems such as HUB access and terminal statistics; access control relies heavily on desktop security, and terminals without Agent installed (or terminals with Agent uninstalled illegally) can still access the LAN. Unable to implement security access control of LAN
[0007] (4) Access control mode based on ARP enforcement and desktop management: the advantages of this control mode are low cost and rapid deployment; however, the technical problem exists: ARP enforcement is actually ARP spoofing, and the consequences are serious and unimaginable; as long as Users who understand technology can bypass ARP interference and enforcement; therefore, it is impossible to isolate unsafe computers
[0009] The disadvantages of the control scheme based on 802.1x admission control emphasizing the switch port are: ①. Poor compatibility, all access layer switches must support the 802.1x protocol; ②. High technical complexity requirements for deployment; ③. Terminal; ④. Unable to manage the access of HUB and virtual machine
[0010] The disadvantages of the admission control mode based on the DHCP server and the terminal are: ①. A DHCP server needs to be deployed on each network segment, which increases hardware and maintenance costs. The terminal can easily bypass DHCP, set the IP access network by itself, and cannot collect terminal information. ;②. Only suitable for small and medium-sized networks
[0011] The disadvantages of the access control mode based on gateway products and terminals are: ①. Gateway-type equipment is relatively expensive and needs to change the topology structure. Only 802.1x access control can be used, but 802.1x cannot solve HUB access and terminal statistics ②. Access control relies heavily on desktop security. Terminals without Agent installed (or terminals with Agent uninstalled illegally) can still access the LAN, and security access control of the LAN cannot be realized.
[0012] The disadvantages of the access control mode based on ARP enforcement and desktop management are: ①. ARP enforcement is actually ARP spoofing, with serious and unimaginable consequences; users can easily bypass ARP interference and enforcement; ②. Cannot isolate unsafe Computer; ③. The management of visitors is a serious problem; ④. The effective range of ARP jammers is small. In a large network, its own management is a problem, especially in the case of a wide area network, it is even more difficult
[0013] At present, there is no effective terminal admission control method based on switch port management to solve the above problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Terminal admission control method based on switch port management

Examples

Experimental program
Comparison scheme
Effect test

preparation example Construction

[0048] In a preferred embodiment, figure 1 It exemplarily shows a schematic flow chart of a preparation method of a terminal admission control method based on switch port management in the present invention, including:

[0049] A: After a new terminal is connected to the network, the identity information of the newly connected terminal is collected through the switch;

[0050] B: the switch extracts the unique identifier in the identity information of the terminal; the switch associates the terminal with a port of the switch;

[0051] C: comparing the unique identifier with the MAC address in the access database on the server side, querying the preset access database, and judging the identity information of the terminal;

[0052] If the unique identifier is found in the access database, the terminal is legal and no action is taken;

[0053] If the unique identifier cannot be found in the access database, it is an illegal terminal or external terminal, immediately close the p...

specific Embodiment

[0074] HUB device management:

[0075] When collecting terminal information, the present invention associates the MAC of the terminal with the port of the switch. When a switched port corresponds to two or more MACs, it indicates that a HUB is connected to the port. When this situation is found, the present invention will close the switch port.

[0076] Virtual machine MAC management:

[0077] It should be noted that when a virtual machine is installed and running on a legal terminal in the intranet, there will be two MACs on the switch port corresponding to the terminal (one for the terminal and the other for the virtual machine). situation, the present invention automatically filters the virtual machine MAC according to the built-in MAC address range, and then performs multi-MAC detection.

[0078] Terminal MAC address management:

[0079]Because the MAC address on the network card used for networking on the computer is not fixed and cannot be changed in the system, once ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of terminal admission control, and particularly discloses a terminal admission control method based on switch port management. The method includes the steps that after a new terminal gets access to a network, the new terminal is collected through a switch, the unique identification of the terminal is extracted, and the terminal is interrelated with a port of the switch; the unique identification is compared with MAC addresses of an admission database and judged; if the unique identification is inquired, the new terminal is a legal terminal, and no action is generated; if the unique identification is not inquired, the new terminal is an illegal terminal or an external terminal, the corresponding port of the switch is closed immediately, and close information is recorded in the admission database; when a new terminal gets access to the network again, the new terminal is joined after window period processing; the previous steps are executed again to start processing; if no new terminal gets access to the network, the closed port of the switch is automatically opened after appointed time. MAC address management is adopted for the terminals, a terminal user is forbidden to change an MAC address without authorization, a virtual machine is managed, HUB access is stopped, and terminal admission control is accurate and strict.

Description

technical field [0001] The invention relates to the technical field of terminal admission control, in particular to a terminal admission control method based on switch port management. Background technique [0002] In the existing technology, due to the diversity of access methods (wired, wireless, virtual private network, dial-up, etc.), and the diversity of terminal devices (desktops, notebooks, PADs, smart phones, etc.), it is difficult to accurately define network boundaries Network management mainly faces the following problems: ① external terminals access the network at will, ② the security of access terminals cannot be confirmed or guaranteed, and ③ legitimate terminals do not comply with the IT internal control system. Preventing external risks from entering the interior is one of the issues that network management must pay attention to. Under this background, a terminal access control system has emerged: access control is the abbreviation of real-name network access...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/911
Inventor 尹志超
Owner 尹志超
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products