Network access control method, related equipment and system

A network access and network equipment technology, applied in the field of communication, can solve problems such as poor client security, poor isolation of different services, complex network deployment, etc., to achieve the effect of enhancing isolation, reducing network deployment complexity, and increasing security

Active Publication Date: 2021-02-12
BEIJING HUAWEI DIGITAL TECH
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the present invention provides a network access control method, related equipment and system, with the purpose of solving the problems of poor client security, complex network deployment, and gaps between different services existing in the prior art in network access authentication methods. The problem of poor isolation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network access control method, related equipment and system
  • Network access control method, related equipment and system
  • Network access control method, related equipment and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0078] Such as figure 2 As shown, it is a schematic flowchart of a network access control method provided by Embodiment 1 of the present invention. The network access control method is applicable to network devices in the network access control system. In this embodiment, through service-based authentication, only services that pass the authentication can access the network, so that different services do not interfere with each other. It achieves the purpose of enhancing the isolation between different services, and achieves the purpose of greatly increasing the security of network access compared with only one user authentication, and realizes the purpose of reducing the complexity of network deployment by authenticating each user Purpose.

[0079] When executing the network access control method, such as figure 2 As shown, first execute steps S100 and S101 to pre-set network devices and authentication servers; then execute steps S102 to S110 to perform service authentica...

example 1

[0105] Based on the above-mentioned network access control method disclosed in Embodiment 1 of the present invention, taking the specific application scenario of configuring a controlled port as an example, when the IEEE 802.1p priority of the PORT1 controlled port of the network device is preset as Priority1 and Priority2; The user service authorization information pre-configured by the authentication server indicates that the priority of the service that can be authorized is Priority1;

[0106] When the service types currently available to the user are voice services and streaming media services, the user service types are distinguished through the IEEE 802.1p priority, and the priority of the user's voice service is set as Priority1 (priority 1), and the user's The priority of the streaming media service is set to Priority2 (priority 2); that is, the PORT1 controlled port with the priority of Priority1 corresponds to forwarding the data traffic of the voice service, and the ...

Embodiment 2

[0125]Based on the network access control method disclosed in the above-mentioned embodiments of the present invention, the authentication method adopted in the process of network access control is service authentication. In addition to using the service authentication method, Embodiment 2 of the present invention also discloses Authentication mode network access control, and network access control combined with VLAN authentication mode;

[0126] When combining service authentication and MAC authentication, specifically combining the above-mentioned network access control method disclosed in Embodiment 1 of the present invention, only the difference between the two will be described, and the principles of other execution steps are the same. The description in Embodiment 1 of the invention will not be repeated here:

[0127] When step S100 is performed to pre-set the network device, the network device classifies the service type of the user through the IEEE802.1p priority on th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a network access control method, related equipment and system. The method pre-sets the priority of the service type corresponding to the controlled port in the network device, and pre-sets the authorized service type in the authentication server. Then, in the authentication process of network access control, for users who perform different types of services, only users who have passed the authentication and the priorities of the types of services they perform are consistent with the controlled ports in the authorized state can Access to the network to ensure that different services do not interfere with each other, achieve the purpose of enhancing the isolation between different services, and achieve the purpose of greatly increasing network access security compared with only one user authentication, and for each If each user is authenticated, the purpose of reducing the complexity of network deployment is achieved.

Description

technical field [0001] The present invention relates to the technical field of communications, and more specifically, to a network access control method, related equipment and a system. Background technique [0002] Currently, network access control systems such as figure 1 As shown, it generally consists of client A, network device B and authentication server C. The network device B provides the port for the client A to access the LAN, and the authentication server C provides the authentication service for the network device B, wherein, the authentication system (Authenticator) in the network device B is internally provided with a controlled port and an uncontrolled port; According to the authentication result of the authentication server C, when the controlled port is in the authorized state, the controlled port is in the bidirectional connection state and can accept normal data flow to pass through. [0003] In the process of network access by the client, although the p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04W12/06H04W84/12
CPCH04W12/06H04W84/12
Inventor 王凯章成松
Owner BEIJING HUAWEI DIGITAL TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap