Unlock instant, AI-driven research and patent intelligence for your innovation.

Authentication method based on configuration information, server, switch and memory medium

A technology for authenticating servers and configuration information, applied to switches and storage media, an authentication method based on configuration information, in the server field, which can solve problems such as potential safety hazards

Active Publication Date: 2018-10-16
北京东土军悦科技有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] However, at present, most network communication devices (including Layer 2 switches, Layer 3 switches, and various gateway devices) do not carry out effective security checks themselves. For example, a very important function of switches is Virtual Local Area Network (Virtual Local Area Network, referred to as : VLAN), VLAN realizes different divisions of logical topology under the premise of unchanged physical topology, and the same port will realize completely different network access under different VLANs
Therefore, once someone illegally modifies the configuration of network communication equipment, it will cause major security risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Authentication method based on configuration information, server, switch and memory medium
  • Authentication method based on configuration information, server, switch and memory medium
  • Authentication method based on configuration information, server, switch and memory medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0080] figure 2 It is a flow chart of the authentication method based on configuration information provided by Embodiment 1 of the present invention. This embodiment is applicable to figure 1 In the shown IEEE802.1x authentication system, the first switch, as the applicant, applies to the authentication server to join the network where the second switch is located, for example figure 1 As shown, the second switch converts the EAPoL message from the first switch into a RADIUS message and sends it to the authentication server, and converts the RADIUS message returned by the authentication server into an EAPoL message and sends it to the first switch. The authentication method based on configuration information specifically includes the following steps:

[0081] Step 101, after the authentication server passes the identity authentication of the first switch, it sends a request message for reporting configuration to the first switch through the second switch;

[0082] For examp...

Embodiment 2

[0100] image 3 It is a flow chart of the authentication method based on configuration information provided in Embodiment 2 of the present invention. This embodiment is applicable to figure 1 In the shown IEEE802.1x authentication system, the first switch, as the applicant, applies to the authentication server to join the network where the second switch is located, for example figure 1 As shown, the second switch converts the EAPoL message from the first switch into a RADIUS message and sends it to the authentication server, and converts the RADIUS message returned by the authentication server into an EAPoL message and sends it to the first switch. The authentication method based on configuration information specifically includes the following steps:

[0101] Step 201, the first switch receives the report configuration request message sent by the authentication server through the second switch after passing the identity authentication of the authentication server;

[0102] T...

Embodiment 3

[0109] Figure 5 For the schematic diagram of the composition structure of the network topology provided by Embodiment 3 of the present invention, refer to Figure 5 , a total of 3 switches and 1 server are used, wherein trusted switch 1 and trusted switch 2 are used as applicants (equivalent to the above-mentioned first switch), and trusted switch 3 is used as an agent (equivalent to the above-mentioned second switch) , the trusted switch 1, the trusted switch 2 and the server perform message transfer through the trusted switch 3. Trusted switch 1 and trusted switch 2 are connected to lower-layer terminal network devices, but in order to prevent direct mutual access between each terminal network device, ports 1, 2, and 3 of trusted switch 1 and trusted switch 2 are connected to each other. VLANs are set up separately, and the three ports are divided into different LANs. The configuration information of the trusted switch 1 and the trusted switch 2 can be saved in the server...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses an authentication method based on configuration information, a server, a switch and a memory medium. The method is applicable to a scene in which a first switch as an applicant applies for joining in a network where a second switch is with the authentication server. The second switch as a proxy transfers messages between the first switch and the authentication server. The method comprises the steps that the authentication server sends a report configuration request message to the first switch through the second switch after identity authentication of the first switch is successful; the authentication server receives a configuration response message of the first switch through the second switch; and the authentication server matches configuration information with set switch configuration information, and after the matching is successful, the authentication server sends an authentication success message to the second switch. According to the embodiment of the invention, the switch is guaranteed to work according to presetting of a network manager, and the possibility of a potential safety hazard resulting from tampering the configuration information is effectively reduced.

Description

technical field [0001] The embodiment of the present invention relates to network communication technology, in particular to an authentication method based on configuration information, a server, a switch and a storage medium. Background technique [0002] The trusted switching network system requires each access user to perform authentication and control to ensure the trusted relationship and control between communication entities. For the existing terminal equipment, the existing Institute of Electrical and Electronics Engineers (Institute of Electrical and Electronics Engineers, IEEE for short) 802.1x protocol has been standardized and implemented. The IEEE802.1x protocol is called a port-based access control protocol. Its main purpose is to solve the problem of access authentication of wireless LAN users, to receive legal user input, and to protect network security. [0003] figure 1 It is a schematic diagram of the composition and structure of the existing IEEE802.1x ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/08H04L63/0876H04L63/102
Inventor 郭冰王立文
Owner 北京东土军悦科技有限公司