Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device of lateral traffic isolation between terminals in intranet

A horizontal isolation and inter-terminal technology, applied in the field of network security, can solve problems such as IP address shortage, complexity, and waste of IP addresses, so as to avoid large-scale transmission, simplify network management, and improve network security.

Active Publication Date: 2019-03-26
HANGZHOU DPTECH TECH
View PDF5 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] 1) Since the number of VLAN resources available to the switch is limited, if a VLAN is allocated to each terminal, the number of accessible terminals is limited and cannot meet the access requirements of more terminals;
[0005] 2) The topology of each relevant Spanning Tree of each VLAN needs to be managed, and STP (Spanning Tree Protocol, Spanning Tree Protocol) is relatively complicated, and each IP subnet needs to be configured with a corresponding default gateway, resulting in more complex management;
[0006] 3) Due to the need to allocate relevant IP subnets for each terminal, the division of IP subnets will inevitably cause some waste of IP addresses, which will easily lead to a shortage of IP addresses

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device of lateral traffic isolation between terminals in intranet
  • Method and device of lateral traffic isolation between terminals in intranet
  • Method and device of lateral traffic isolation between terminals in intranet

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present invention. Rather, they are merely examples of apparatuses and methods consistent with aspects of the invention as recited in the appended claims.

[0024] The terminology used in the present invention is for the purpose of describing particular embodiments only and is not intended to limit the invention. As used herein and in the appended claims, the singular forms "a", "the", and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It should also be understood that the term "and / or" as use...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a device of lateral traffic isolation between terminals in an intranet. The method includes: when access equipment receives an ARP message, determining whether lateral isolation-operation is carried out on the ARP message according to a pre-stored horizontal-isolation strategy, wherein the horizontal-isolation operation includes at least one part of the following parts: discarding the ARP message sent by a terminal, sending an ARP response message to the terminal of the ARP request message for replying with a gateway MAC address, and modifying a destinationMAC address of the gratuitous ARP message, which is sent by the terminal, as the gateway MAC address and sending the same to gateway equipment; and if the gateway equipment receives the message, determining, by the gateway equipment according to the pre-stored horizontal-isolation strategy, whether the horizontal-isolation operation is carried out on the message. Therefore, isolation of horizontaltraffic between the terminals in the intranet is realized, a shared environment of the intranet is broken, and wide-range propagation of viruses in the intranet is reduced or even avoided; and operation of configuring different VLANs (Virtual Local Area Networks) for all terminals does not need to be carried out, and configuring operation simplification is facilitated.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for isolating horizontal traffic between terminals in an intranet. Background technique [0002] Since the traditional enterprise intranet is a shared network, in this shared network, mutual access between terminals under the same VLAN (Virtual Local Area Network, Virtual Local Area Network) is not controlled, thus preventing the spread of viruses or other attacks Provides great convenience. Once an intranet security incident occurs, it will be impossible to locate and control the source of the attack in the first place. [0003] Therefore, in order to solve the potential safety hazards of the intranet, the traditional solution is to assign different VLANs and related IP subnets to each user terminal, thereby linking each user terminal from the second layer in the network architecture through VLAN to Isolated to prevent any malicious behavior and Et...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12H04L45/74
CPCH04L61/103H04L63/0272H04L45/74H04L61/4511H04L61/5014H04L2101/622H04L12/4641
Inventor 王富涛王乾
Owner HANGZHOU DPTECH TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products