Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Terminal Admission Control Method Based on Switch Port Management

A technology of access control and switch, applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the problems of ARP spoofing, difficulties, legal terminals not complying with IT internal control system, etc., to ensure integrity and access control accurate effect

Inactive Publication Date: 2017-06-20
尹志超
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] In the existing technology, due to the diversity of access methods (wired, wireless, virtual private network, dial-up, etc.), and the diversity of terminal devices (desktops, notebooks, PADs, smart phones, etc.), it is difficult to accurately define network boundaries Network management mainly faces the following problems: ① external terminals access the network at will, ② the security of access terminals cannot be confirmed or guaranteed, ③ legal terminals do not comply with the IT internal control system
[0006] (3) Access control mode based on gateway products and terminals: This control mode is very comprehensive and can basically meet most of the needs of users; however, gateway-type equipment is relatively expensive and needs to change the topology structure, so only 802.1x can be used Access control, but 802.1x cannot solve problems such as HUB access and terminal statistics; access control relies heavily on desktop security, and terminals without Agent installed (or terminals with Agent uninstalled illegally) can still access the LAN, which is impossible Security Access Control of LAN
[0007] (iv) Access control mode based on ARP enforcement and desktop management: This control mode has the advantages of low cost and fast deployment; however, the technical problem is: ARP enforcement is actually ARP spoofing, and the consequences are serious and unimaginable; as long as you know the technology Users can bypass ARP interference and coercion; therefore, it is impossible to isolate unsafe computers
[0009] The disadvantages of the control scheme based on 802.1x admission control emphasizing the switch port are: ①. Poor compatibility, all access layer switches must support the 802.1x protocol; ②. High technical complexity requirements for deployment; ③. Terminal; ④. Unable to manage the access of HUB and virtual machine
[0010] The disadvantages of the admission control mode based on the DHCP server and the terminal are: ①. A DHCP server needs to be deployed on each network segment, which increases hardware and maintenance costs. The terminal can easily bypass DHCP, set the IP access network by itself, and cannot collect terminal information. ;②. Only suitable for small and medium-sized networks
[0011] The disadvantages of the access control mode based on gateway products and terminals are: ①. Gateway-type equipment is relatively expensive and needs to change the topology structure. Only 802.1x access control can be used, but 802.1x cannot solve HUB access and terminal statistics ②. Access control relies heavily on desktop security. Terminals without Agent installed (or terminals with Agent uninstalled illegally) can still access the LAN, and security access control of the LAN cannot be realized.
[0012] The disadvantages of the access control mode based on ARP enforcement and desktop management are: ①. ARP enforcement is actually ARP spoofing, with serious and unimaginable consequences; users can easily bypass ARP interference and enforcement; ②. Cannot isolate unsafe Computer; ③. The management of visitors is a serious problem; ④. The effective range of ARP jammers is small. In a large network, its own management is a problem, especially in the case of a wide area network, it is even more difficult
[0013] At present, there is no effective terminal admission control method based on switch port management to solve the above problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Terminal Admission Control Method Based on Switch Port Management

Examples

Experimental program
Comparison scheme
Effect test

preparation example Construction

[0048] In a preferred embodiment, figure 1 It exemplarily shows a schematic flow chart of a preparation method of a terminal admission control method based on switch port management in the present invention, including:

[0049] A: After a new terminal is connected to the network, the identity information of the newly connected terminal is collected through the switch;

[0050] B: the switch extracts the unique identifier in the identity information of the terminal; the switch associates the terminal with a port of the switch;

[0051] C: comparing the unique identifier with the MAC address in the access database on the server side, querying the preset access database, and judging the identity information of the terminal;

[0052] If the unique identifier is found in the access database, the terminal is legal and no action is taken;

[0053] If the unique identifier cannot be found in the access database, it is an illegal terminal or external terminal, immediately close the p...

specific Embodiment

[0075] HUB device management:

[0076] When collecting terminal information, the present invention associates the MAC of the terminal with the port of the switch. When a switched port corresponds to two or more MACs, it indicates that a HUB is connected to the port. When this situation is found, the present invention will close the switch port.

[0077] Virtual machine MAC management:

[0078] It should be noted that when a virtual machine is installed and running on a legal terminal in the intranet, there will be two MACs on the switch port corresponding to the terminal (one for the terminal and the other for the virtual machine). situation, the present invention automatically filters the virtual machine MAC according to the built-in MAC address range, and then performs multi-MAC detection.

[0079] Terminal MAC address management:

[0080]Because the MAC address on the network card used for networking on the computer is not fixed and cannot be changed in the system, once ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of terminal admission control, and specifically discloses a terminal admission control method based on switch port management. After the new terminal is connected to the network, collect the new terminal through the switch, extract the unique identifier of the terminal, and associate the terminal with the port of the switch; compare the unique identifier with the MAC address of the access database to make a judgment; if the unique identifier is found, It is a legal terminal and no action is taken; if the unique identifier cannot be found, it is an illegal terminal or an external terminal, and the corresponding switch port will be closed immediately, and the closing information will be recorded in the access database; when a new terminal accesses the network , added to the window period after processing; return to start processing again; if no new terminal is connected to the network, the closed switch port will be automatically opened after the specified time. The present invention adopts MAC address management for the terminal, prohibits the terminal user from changing the MAC address privately; manages the virtual machine and prevents the HUB from accessing; the terminal access control of the present invention is accurate and strict.

Description

technical field [0001] The invention relates to the technical field of terminal admission control, in particular to a terminal admission control method based on switch port management. Background technique [0002] In the existing technology, due to the diversity of access methods (wired, wireless, virtual private network, dial-up, etc.), and the diversity of terminal devices (desktops, notebooks, PADs, smart phones, etc.), it is difficult to accurately define network boundaries Network management mainly faces the following problems: ① external terminals access the network at will, ② the security of access terminals cannot be confirmed or guaranteed, and ③ legitimate terminals do not comply with the IT internal control system. Preventing external risks from entering the interior is one of the issues that network management must pay attention to. Under this background, a terminal access control system has emerged: access control is the abbreviation of real-name network access...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/911
Inventor 尹志超
Owner 尹志超
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products