IP-MAC real-name binding based network access control system and control method

Abstract

The invention relates to the technical field of local area network access technologies, in particular to an IP-MAC real-name binding based network access control system and control method. The system comprises a core switch, a DHCP server, an FTP server and an access terminal, wherein the core switch uses a DHCP Snooping function and an ARP Inspection function; and the system further comprises a network access database server, a network access control server, a production network firewall, a server area firewall, an internet firewall and a private firewall. According to the IP-MAC real-name binding based network access control system and control method, Web programs and background programs are built in the network access control server; parameter configuration can be performed on the system through the Web programs; meanwhile, parameters are performed by utilizing the background programs, IP-MAC real-name binding and access authority effective time control can be implemented. Furthermore, due to function configuration of the core switch, shielding on a counterfeit DHCP server and a manually configured IP address can be implemented, so that sequential management of an IP address is facilitated.

Description

technical field [0001] The invention relates to the technical field of local area network access, in particular to a network access control system and control method based on IP-MAC real name binding. Background technique [0002] Generally, IP addresses are used in the local area network to manage the computers in the local area network. In a large LAN, a DHCP server is generally used to automatically assign IP addresses. In the local area network of a large manufacturing enterprise, there may be an office network, a production network, a dedicated line for connection with cooperative enterprises, and a dedicated line for Internet connection. The office network is generally used as the enterprise intranet, the production network is used as the enterprise isolation network, and the private line for connecting with cooperative enterprises and the Internet are generally used as the enterprise extranet. Due to the particularity of the manufacturing industry, it is required to...

AI Technical Summary

Problems solved by technology

[0006] 1. This technology is only aimed at the access rights of the terminal computer to the intranet, and cannot control its access to different resources in the intranet

[0007] 2. This technology does not realize the network real-name system binding of terminal computer equipment

[0008] 3. The IP address of the terminal computer can be manually specified or obtained from the DHCP server, which may easily cause management confusion

[0009] 4. An access control list or static ARP table must be established on each network device, and the management of the table is only for IP and MAC. Administrators manage dazzling IP and MAC addresses in piles of tables, and the time cost and cost of management are high probability of error

[0010] 5. The time when the terminal computer accesses the intranet cannot be automatically controlled, and the administrator needs to manually change the configuration at the approved access time and prohibited access time

[0012] 1. There is no control over terminal access to the intranet

[0013] 2. There is no control over the access time

Images