36 results about "DHCP snooping" patented technology

Disclosed are mechanisms for facilitating the use of DHCP (dynamic host configuration protocol) binding data. In general, certain applications include mechanisms for intercepting data being sent from a node and then determining whether the data corresponds to a valid IP address and MAC address binding. Embodiments of the present invention provide mechanisms for sharing such DHCP binding data between routers (or other type of network devices) in a redundancy group so that any of the routers may take over the data inspection to validate DHCP bindings. In particular aspects of the invention, the DHCP binding data is validated in procedures related to DHCP snooping, dynamic ARP (address resolution protocol) inspection, and the like.

A network relay device includes a communication unit, an authentication processing unit, a DHCP snooping processing unit, and a terminal search processing unit. The authentication processing unit creates first information specifying an authenticated terminal device according to web authentication, and manages whether relay of communication data between a terminal device and a node on the specified network is permissible based on the first information. The DHCP snooping processing unit executes snooping of DHCP communication data between a terminal device and a DHCP server, and creates second information specifying a layer 3 address allocated to each terminal device. The terminal search processing unit specifies an authenticated terminal device based on the first information, specifies a layer 3 address allocated to the specified authenticated terminal device based on the second information, and causes the communication unit to send, to the specified layer 3 address, confirmation communication data.

The present invention provides a method and device for supporting port migration detection. The method includes: when a MAC address is learned on a first port, querying a Dynamic Host Configuration Protocol (DHCP) Snooping entry according to the MAC address; If the corresponding target DHCP Snooping entry is found, and the second port recorded in the target DHCP Snooping entry is inconsistent with the first port, then detect whether the target client corresponding to the target DHCP Snooping entry is currently connected At the second port; if it is detected that the target client is not currently connected to the second port, it is determined that port migration occurs in the target client, and the port recorded in the target DHCP Snooping entry is replaced by The second port is changed to the first port. The application of the embodiment of the present invention can ensure that the port migration can be carried out normally when the DHCP Snooping security mechanism is applied.

The embodiment of the present invention discloses a method and device for sending a DHCP message. The AP establishes a multi-user multi-input multi-output monitoring table item, wherein the monitoring table item includes an antenna ID, a user terminal ID, and a DHCP-related user terminal MAC. Address mapping relationship: when the AP receives a DHCP message related to a user terminal, the AP only transmits the DHCP message on the antenna corresponding to the user terminal according to the listening entry. Through the method and device of the embodiment of the present invention, the access point realizing the DHCP snooping function can "snooping" (listen) to the antenna.

The invention discloses a DHCP monitoring method. When the received user message fails to hit the DHCP binding table, a DHCP blacklist binding table is established, and the frequency information of the DHCP blacklist binding table being hit is recorded, so as to achieve tracking attacker's purpose. The invention also discloses a DHCP monitoring device. Through the invention, the attacker's attack behavior can be tracked and necessary information can be obtained, which is convenient for the network administrator to analyze.

Embodiments of the present invention provide a security entry configuration method, device, SDN controller and medium, and relate to the technical field of communications. The embodiment of the present application includes: collecting the DHCP Snooping entry, the ARP Snooping entry and the WLAN Snooping entry of each AP in the controlled network topology; according to the collected DHCP Snooping entry, ARP Snooping entry and WLAN Snooping The table item generates a security table item; receives the information of the terminal to be bound, and statically binds the security table item of each terminal to be bound to the switch or AP connected by the terminal to be bound, so that the switch and AP in the network topology are based on the static The bound security entry performs packet filtering. On the premise of ensuring terminal access security, the configuration workload can be reduced and configuration efficiency can be improved.

The invention discloses a method and a system for realizing a proxy ARP (Address Resolution Protocol) function based on DHCP (Dynamic Host Configuration Protocol) interception. The method comprises the following steps that: a DHCP interception function is started up in an access layer switch, the proxy ARP function is started up in an aggregation layer switch, and the IP (Internet Protocol) address of the aggregation layer switch is configured in the access layer switch; the access layer switch intercepts a DHCP requesting process of a client-side, creates and stores binding information, and uploads the binding information to the aggregation layer switch; the aggregation layer switch stores the binding information into a binding information table; and the client-side sends an ARP requesting message to the aggregation layer switch, and the aggregation layer switch queries the binding information table, and sends an ARP response message to the client-side when the binding information table contains the destination IP address of the ARP requesting message. With the adoption of the technical scheme provided by the invention, the accessibility in the detection of the destination IP address by using proxy ARP equipment can be achieved, so that the communication between a requesting terminal and a destination terminal is ensured.

This application provides a method and switching equipment for preventing MAC address drift in a DHCP network, which relates to the field of data communication, and can prevent the MAC address of a host bound with an assigned IP address from drifting under the premise that the IP address can be dynamically allocated. . The method includes: after the host obtains the IP address of the Internet protocol, if the switching device has configured a DHCP monitoring function, then the switching device establishes a DHCP monitoring table; if the first port has configured a MAC address static binding function, then the switching device establishes a static MAC address table; the switching device configures the prohibition migration flag for the DHCP snooping table; wherein, the DHCP snooping table includes the IP address of the host, the media access control MAC address and the first port of the host, and the static MAC address table includes the MAC address, the first port, and the static Binding flag, the first port is the port connected to the host in the switching device, the static binding flag prohibits the switching device from modifying the static MAC address table, and the migration prohibition flag prohibits the switching device from modifying the DHCP listening table.