Access control method and system based on physical port and mac address of intelligent switch

Abstract

The invention discloses an access control method and system based on a physical interface and MAC addresses of an intelligent exchanger. The method comprises the following steps that 1, MAC table data are read from the exchanger establishing SNMP protocol connection; 2, acquired data are sent to a data merging module; 3, merging and processing are conducted on the data acquired through SNMP via the data merging module, and the data are sent to a filter A; 4, the merged data are sent to a filter B through the data merging module; 5, the filter A determines a newly added MAC address and sends an MAC-PORT corresponding to the newly added MAC address to an MAC identification module; 6, the reduced MAC addresses are determined, the off-line state is written into an MAC identification base; 7, the filer A updates an MAC / PORT cache according to the received data; 8, the MAC identification module searches whether the received MAC addresses are already in the MAC identification base to determine whether the device is legal.

Description

technical field [0001] The invention relates to the technical field of terminal access, in particular to an access control method and system based on a physical port and a MAC address of an intelligent switch. Background technique [0002] There are four main types of existing access control technologies: ①802.1x access control, ②DHCP-based access control, ③Gateway-based access control, ④ARP-based mandatory technology, different technologies use different access control points Enables and disables access. ①The control point is on the protocol port of the switch, and the access is closed. Except for the EAP protocol, all the protocol ports are closed. The client can only complete the access authentication process through the EAP protocol and the authentication server communication, and the access is open. Then all switch protocol ports are opened, and the terminal accesses the network; the access control point of ② is on the gateway address of the network segment, that is, o...

AI Technical Summary

Problems solved by technology

[0003] These four technologies have their own problems and defects. ①It relies on switches supporting the 802.1x protocol, which cannot be implemented on ordinary switches, and the cost is high; there is a problem of access tailing; ②The terminal is required to use DHCP to assign IP addresses. The terminal is invalid; ③Depending on the capability of the gateway device itself, there is a risk of network bottleneck and single point of failure; changing the network structure, the control range is affected by the network topology; there is no access control function for the LAN below the gateway, only access can be controlled; ④ Yes Pure soft means are actually ARP spoofing. There are many ways to change the gateway address assigned to the terminal by this method, resulting in control failure; its characteristics similar to ARP attacks will be blocked by many personal firewall software and cannot play a role

Images