Generation method and device for security entries

A security table, table entry technology, applied in the field of communication, can solve the problem of legal upstream discarding, and achieve the effect of avoiding discarding

Active Publication Date: 2015-06-03
NEW H3C TECH CO LTD
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of this, the present application provides a method and device for generating a security entry to solve the problem that the legal upstream flow is discarded

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Generation method and device for security entries
  • Generation method and device for security entries
  • Generation method and device for security entries

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] In order to make the object, technical solution and advantages of the present invention clearer, the technical solution of the present invention will be described in detail below with reference to the accompanying drawings and examples.

[0020] An embodiment of the present application provides a method for generating a security entry, which is applied to a switching device running a DHCP snooping function. When the switching device receives an unknown unicast packet through the uplink port, it learns a DHCP snooping entry for the destination IP address of the unknown unicast packet, and generates a security entry according to the learned DHCP snooping entry. The embodiment provided by the present application can generate the security entry of the downlink host as soon as possible according to the downlink flow, so as to avoid discarding of the legitimate uplink flow.

[0021] see figure 1 , figure 1 This is a schematic diagram of a DHCP network. figure 1 Switching d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a generation method of security entries. The generation method comprises the following steps: when an unknown unicast message is received through an uplink port, switching equipment broadcasts the unicast message and learns a DHCP snooping entry specific to a destination IP address of the unicast message; if the DHCP snooping entry corresponding to the IP address is learnt, a security entry corresponding to the IP address is generated, so that the unicast message received through a downlink port is not abandoned, wherein a source IP address of the unicast message is the IP address. Based on the same inventive concept, the application further provides a generation device of security entries; the generation device can generate the security entry of a host as soon as possible according to a downstream, in order to avoid that a legal upstream is abandoned.

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to a method and device for generating a security entry. Background technique [0002] Dynamic Host Configuration Protocol (Dynamic Host Configuration Protocol, DHCP) snooping (Snooping) is a kind of security feature of DHCP, DHCP Snooping is by monitoring DHCP request message and the DHCP response message that trusted port receives, records DHCP Snooping entry, The content of the table entry includes the client's Media Access Control (Media Access Control, MAC) address, the Internet Protocol (Internet Protocol, IP) address assigned by the DHCP server to the DHCP client, the port connected to the DHCP client, and the Virtual Local Area Network (Virtual Local Area Network). Network, VLAN) and other information. [0003] The DHCP snooping feature can be used together with the security feature to filter access to the network by illegal users who forge IP addresses. Use ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/12H04L12/741H04L45/74
CPCH04L45/54H04L61/5014
Inventor 何川
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products