CN103905236A - Terminal positioning method, system and device - Google Patents
Terminal positioning method, system and device Download PDFInfo
- Publication number
- CN103905236A CN103905236A CN201210583420.8A CN201210583420A CN103905236A CN 103905236 A CN103905236 A CN 103905236A CN 201210583420 A CN201210583420 A CN 201210583420A CN 103905236 A CN103905236 A CN 103905236A
- Authority
- CN
- China
- Prior art keywords
- terminal
- authentication request
- switch
- access server
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention discloses a terminal positioning method, system and device. The method comprises the steps that after a switch receives a first authentication request sent by a terminal, a VLAN identifier corresponding to the terminal is added into the first authentication request, and a second authentication request is generated and sent to an access server; the access server adds the device identifier of the access server and port information connected with the switch into the second authentication request, a third authentication request is generated and sent to a Radius server for authentication; and a positioning device positions the position of the terminal by acquiring the third authentication request. According to the invention, the problem of inaccurate access ports of users of different access modes is solved; through the VLAN identifier, the access position of the terminal can be accurately positioned; and when a fault occurs, fault positioning can be accurately carried out.
Description
Technical field
The present invention relates to network management technology field, relate in particular to a kind of method of locating terminal, system and device.
Background technology
Remote customer dialing authentication system (Remote Authentication Dial In User Service, RADIUS) is by RFC2865, and RFC2866 definition, is current most widely used aaa protocol.Because radius protocol is simply clear and definite, extendible, therefore be widely applied, comprise plain old telephone online, ADSL online, partial wideband online, IP phone, the business such as Virtual Private Dialup Network business (Virtual Private Dialup Networks, VPDN), mobile phone pre-payment based on dial user.User accesses NAS, NAS uses Access-Require packet to submit user profile to radius server, comprises the relevant information such as user name, password, and wherein user cipher is through md5 encryption, both sides use shared key, and this key is without Internet communication; Radius server is tested to the legitimacy of username and password, can propose if desired a Challenge, requires further user to be authenticated, and also can similarly authenticate NAS; If legal, return to Access-Accept packet to NAS, allow user to carry out further work, otherwise return to Access-Reject packet, refusal user access; If allow access, NAS proposes charging request Account-Require to radius server, and radius server response Account-Accept, starts user's charging, and user can carry out the associative operation of oneself simultaneously.
In recent years, the scale of carrier network is increasing, and the port user quantity that can provide in metropolitan area network has reached 100,000 ranks, mainly solves by following scheme at present:
(1) DSLAM BAS Broadband Access Server obtains the method for broadband user's incoming end slogan
Realize the binding function of user and IPDSLAM or Ethernet switch physical port, Real-time Obtaining user internet information, and allowing just can to know user port state before user's access; The present invention has solved the variety of issues such as the safety that exists in the broadband access network access waies such as the up xDSL of current IP or Ethernet, expense, business development preferably; And realize easily, only need software upgrading, cost is lower, does not need to change existing networking mode, can make full use of and protect current Internet resources, makes it to have continuity.
(2) on GPON access device, realize the method that user port is located
GPON access device creates GPON port on OLT groove position, under its pattern, create ONUID to identify different subscriber terminal equipments, and create one or more different GEMPORT, while binds with the different user network interface port of the subscriber terminal equipment of ONUID mark, the VLAN relevant information of GEMPORT and uplink port under GP configuring ON port, and open the port locations function of specifying ONU ID under GPON port according to access authentication of user agreement; When subscriber terminal equipment is initiated access request, GPON access device adds user's GPON port information in access request protocol package to, BAS Broadband Access Server is being received the GPON port information of resolving user after user's access request message, and is sent to certificate server and carries out the binding authentication of user account number, password and this user's GPON port information.
(3) method of bis-layers of transparent transmission port user name binding checking of PPPoE
The traffic classification function of utilizing three layers of exchange chip to have, carry authenticated user account authentication data packet and be different from the feature field of other PPPoE packet according to ppp protocol session stage, from PPPoE packet, filter out the message identifying that comprises authentication username and deliver to CPU, carry out port numbers user name binding checking and make subsequent treatment by CPU.Under bis-layers of transparent transmission mode of access switch configuration PPPoE, realize user name port numbers binding checking.Can reduce operator's purchase cost, prevent that user account is stolen, strengthen broadband network fail safe.Can be widely used in network communication field.
(4) access terminal and the method for operator binding
Access terminal and from user profile, extract the Operator ID comparison of identifier and the described middle storage that accesses terminal, if both unanimously, carry out follow-up dialing process, otherwise stop dialing process.Adopt technical scheme of the present invention can effectively prevent that user from utilizing accessing terminal that operator provides to be linked into the network of other operators, avoids the harmful competition between operator.
Broadband user mostly adopts the mode of dialing to authenticate at present, and operator carries out verification to user's account number cipher, because number of users is huge, each equipment manufacturer and operator have all found out the whole bag of tricks user is managed, but still have following problem:
(1) only respectively the access way such as GPON, DSLAM is studied, dissimilar access user is not unified to consider, thereby solve most users' access-in resource problem, various types of users' port is mated.
(2) be mainly to rely on the technical data of setting up while opening, because broadband services variation is frequent, the accuracy of data is subject to very large adjustment, and the information that the way of broadband line port locations uses complex steps and acquisition is also unreliable.
(3) existing network management platform is the alarm for concrete equipment substantially, associates with customer service, alarm association is not arrived to particular user.
Elaborate the shortcoming of prior art below for above-mentioned several method:
In method (), the good authentication information of DSLAM port is not suitable for current metropolitan area network, and metropolitan area network is the networking plan that adopts Ethernet switch or PON substantially at present, and DSLAM access way user is less.
Method (two) only, for locating the user of GPON, can not be used for locating the user of other access styles.
Method (three) is mainly the port binding inspection for local authentication user, the less situation of broadband user's number is to use in early days, at present in metropolitan area network, broadband number of users all calculates take 100,000 as unit, obviously BRAS can not support other local authentication of the order of magnitude like this user, need to can store as the authentication administrative system of this far-end of radius the user authentication information of quantity like this.。
Method (four) mainly judges customer location by the special indications that accesses terminal, and because terminal need to have specific kind, is not suitable for spread.
In sum, although existing scheme can solve the maintenance of the user's access-in resource under part scene, but for the user of whole metropolitan area network, lack versatility, cannot obtain all users' access-in resource, cannot Dynamic Maintenance and renewal subscriber data, the more precedent for network management system lifting fault location efficiency by user resources information.
Summary of the invention
In order to solve the technical problem that cannot obtain user's intervention position in prior art, the present invention proposes a kind of method of locating terminal, system and device.
One aspect of the present invention, provides a kind of method of locating terminal, comprising:
Switch receives after the first authentication request of terminal transmission, adds VLAN mark corresponding to described terminal in described the first authentication request, generates the second authentication request and sends to access server;
The port information that described access server adds the device identification of described access server, is connected with switch in described the second authentication request, generation the 3rd authentication request sends to Radius server and authenticates;
Positioner positions the position of described terminal by obtaining described the 3rd authentication request.
Another aspect of the present invention, provides a kind of positioner, comprising:
Acquisition module, for obtaining the 3rd authentication request corresponding to described terminal;
Parsing module, the port information that for resolving described the 3rd authentication request, obtain the device identification of described access server, connects with switch and VLAN mark corresponding to terminal;
The first locating module, for authenticating the access server passing through according to the device identification locating terminal of described access server;
The second locating module, for authenticating according to the described port information locating terminal being connected with switch the switch passing through;
The 3rd locating module, for according to terminal described in described VLAN mark location.
Another aspect of the present invention, provides a kind of Terminal Position Location System, comprising:
Switch for receiving after the first authentication request of terminal transmission, adds VLAN mark corresponding to described terminal in described the first authentication request, generates the second authentication request and sends to access server;
Described access server, for the port information that adds the device identification of described access server, is connected with switch in described the second authentication request, generation the 3rd authentication request sends to Radius server and authenticates;
Positioner, for positioning the position of described terminal by obtaining described the 3rd authentication request.
Method of locating terminal of the present invention, system and device by unique VLAN mark is set for each terminal, add this VLAN mark in the authentication information of terminal, make to navigate to the terminal under switch by obtaining the authentication information of terminal.Like this, solved the user's of different access waies the inaccurate problem of access interface; Meanwhile, identify the on-position that can accurately navigate to terminal by VLAN; In the time breaking down, can carry out exactly fault location.
Accompanying drawing explanation
Fig. 1 is the flow chart of method of locating terminal embodiment of the present invention;
Fig. 2 is the particular flow sheet of positioner position fixing process of the present invention;
Fig. 3 is the structure chart of switch embodiment of the present invention;
Fig. 4 is the structure chart of positioner embodiment of the present invention;
Fig. 5 is the structure chart of Terminal Position Location System embodiment of the present invention.
Embodiment
The present invention on metropolitan area network to VLAN (Virtual Local Area Network, VLAN) plan, guarantee VLAN mark corresponding to user under the each port of BAS Broadband Access Server (Broadband Access Server/Broadband Remote Access Server BAS).If support QINQ technology (also claiming Stacked VLAN or Double VLAN), can make each broadband ports and a unique QINQ VLAN correspondence in metropolitan area network by rational planning so.Below in conjunction with accompanying drawing, the present invention is described in detail.
As shown in Figure 1, method of locating terminal embodiment of the present invention comprises:
The account that user authenticates adopts cell-phone number as authentication account, and different business goes up the different territory of configuration by BAS and distinguishes, and user configures corresponding domain name and authenticates after account.
User initiates after authentication request, this message identifying can be stamped corresponding VLAN mark in process associated switch, simultaneously at Point-to-Point Protocol over Ethernet (point-to-point protocol over ethernet, PPPOE) connect after foundation, user terminal and Broadband Remote Access Server (Broadband Remote Access Server, BRAS) between, can start PPP and connect, in order to information such as mutual line parameter circuit value, authentications between user terminal and BAS.
BAS initiates authentication request to corresponding Radius server, this message carries the information such as the domain name of the BAS equipment of vlan information, access of user's authentication account, password, access and port information, access style, access, intercepting and capturing this Radius message by metropolitan area network resolves, or by reading the user authentication information of the upper storage of Radius, obtain the relevant informations such as user's access VLAN, the access device VLAN planning table of simultaneously safeguarding with metropolitan area network carries out associated, thereby confirms concrete equipment and the port of user's access.
Based on same inventive concept, the present invention also provides a kind of switch embodiment, and as shown in Figure 3, this embodiment comprises: receiver module 31, generation module 32, sending module 33.Wherein, the first authentication request that receiver module receiving terminal sends.Generation module adds VLAN mark corresponding to described terminal in described the first authentication request, generates the second authentication request.Described the second authentication request is sent to access server by sending module.
In addition, the present invention also provides a kind of positioner embodiment, and as shown in Figure 4, this embodiment comprises: acquisition module 41, parsing module 42, the first locating module 43, the second locating module 44 and the 3rd locating module 45.
Wherein, acquisition module obtains the 3rd authentication request corresponding to described terminal.Parsing module is resolved described the 3rd authentication request, the port information that obtain the device identification of described access server, connects with switch and VLAN mark corresponding to terminal.The first locating module authenticates the access server passing through according to the device identification locating terminal of described access server.The second locating module authenticates according to the described port information locating terminal being connected with switch the switch passing through.The 3rd locating module is according to terminal described in described VLAN mark location.
Based on same inventive concept, the present invention also provides a kind of Terminal Position Location System embodiment, and as shown in Figure 5, this embodiment comprises: switch 51, access server (BAS) 52, positioner 53.
Switch receives after the first authentication request of terminal transmission, adds VLAN mark corresponding to described terminal in described the first authentication request, generates the second authentication request and sends to access server.The port information that access server adds the device identification of described access server, is connected with switch in described the second authentication request, generation the 3rd authentication request sends to Radius server and authenticates.Positioner positions the position of described terminal by obtaining described the 3rd authentication request.
Method of locating terminal of the present invention, system and device embodiment by unique VLAN mark is set for each terminal, add this VLAN mark in the authentication information of terminal, make to navigate to the terminal under switch by obtaining the authentication information of terminal.Like this, solved the user's of different access waies the inaccurate problem of access interface; Meanwhile, identify the on-position that can accurately navigate to terminal by VLAN.
In the time having subscriber complaint fault, can in network management system, inquire about the account of its dialing, whether have relevant alarm etc., promote treatment effeciency if obtaining its corresponding access device, carry out exactly fault location.Utilize the user of storage and the related information of port, read these information by develop corresponding module on webmaster, simultaneously carry out associatedly with equipment alarm, user related this alarm is represented.
The information table of safeguarding can also be managed for the users' such as IPTV authentication-exempt, Set Top Box MAC information and sequence number that user carries, by contrasting with this user's port information, as the authentication-exempt foundation to user to IPTV Broadcast Control platform, promote fail safe and the controllability to business.
It should be noted that: above embodiment is only unrestricted in order to the present invention to be described, the present invention is also not limited in above-mentioned giving an example, and all do not depart from technical scheme and the improvement thereof of the spirit and scope of the present invention, and it all should be encompassed in claim scope of the present invention.
Claims (6)
1. a method of locating terminal, is characterized in that, comprising:
Switch receives after the first authentication request of terminal transmission, adds VLAN mark corresponding to described terminal in described the first authentication request, generates the second authentication request and sends to access server;
The port information that described access server adds the device identification of described access server, is connected with switch in described the second authentication request, generation the 3rd authentication request sends to Radius server and authenticates;
Positioner positions the position of described terminal by obtaining described the 3rd authentication request.
2. method according to claim 1, is characterized in that, described switch is the unique VLAN mark of each terminal distribution.
3. method according to claim 2, is characterized in that, positioner positions and comprises the position of described terminal by obtaining described the 3rd authentication request:
Described positioner is resolved described the 3rd authentication request, the port information that obtain the device identification of described access server, connects with switch and VLAN mark corresponding to terminal;
Described positioner authenticates the access server passing through according to the device identification locating terminal of described access server; Authenticate according to the described port information locating terminal being connected with switch the switch passing through; According to terminal described in described VLAN mark location.
4. a positioner, is characterized in that, comprising:
Acquisition module, for obtaining the 3rd authentication request corresponding to described terminal;
Parsing module, the port information that for resolving described the 3rd authentication request, obtain the device identification of described access server, connects with switch and VLAN mark corresponding to terminal;
The first locating module, for authenticating the access server passing through according to the device identification locating terminal of described access server;
The second locating module, for authenticating according to the described port information locating terminal being connected with switch the switch passing through;
The 3rd locating module, for according to terminal described in described VLAN mark location.
5. a Terminal Position Location System, is characterized in that, comprising:
Switch for receiving after the first authentication request of terminal transmission, adds VLAN mark corresponding to described terminal in described the first authentication request, generates the second authentication request and sends to access server;
Described access server, for the port information that adds the device identification of described access server, is connected with switch in described the second authentication request, generation the 3rd authentication request sends to Radius server and authenticates;
Positioner, for positioning the position of described terminal by obtaining described the 3rd authentication request.
6. system according to claim 5, is characterized in that, described positioner, the port information that for resolving described the 3rd authentication request, obtain the device identification of described access server, connects with switch and VLAN mark corresponding to terminal; Authenticate the access server passing through according to the device identification locating terminal of described access server; Authenticate according to the described port information locating terminal being connected with switch the switch passing through; According to terminal described in described VLAN mark location.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210583420.8A CN103905236A (en) | 2012-12-28 | 2012-12-28 | Terminal positioning method, system and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210583420.8A CN103905236A (en) | 2012-12-28 | 2012-12-28 | Terminal positioning method, system and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103905236A true CN103905236A (en) | 2014-07-02 |
Family
ID=50996392
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210583420.8A Pending CN103905236A (en) | 2012-12-28 | 2012-12-28 | Terminal positioning method, system and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103905236A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618259A (en) * | 2014-12-25 | 2015-05-13 | 杭州华三通信技术有限公司 | Method and device for limiting speed of terminal device |
| CN105323232A (en) * | 2014-08-01 | 2016-02-10 | 中国移动通信集团江苏有限公司 | Account binding method and account binding device |
| CN105516378A (en) * | 2014-09-25 | 2016-04-20 | 华为技术有限公司 | Method and device for providing access position |
| WO2016191942A1 (en) * | 2015-05-29 | 2016-12-08 | 华为技术有限公司 | Optical network unit authentication method, optical line terminal and optical network unit |
| CN108011932A (en) * | 2017-11-22 | 2018-05-08 | 新华三技术有限公司 | Access processing method and device |
| CN108206758A (en) * | 2016-12-20 | 2018-06-26 | 中兴通讯股份有限公司 | A kind of ether L 2 virtual private network service localization method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050044265A1 (en) * | 2003-07-04 | 2005-02-24 | France Telecom | Method for automatic configuration of an access router compatible with the DHCP protocol, for specific automatic processing of IP flows from a client terminal |
| CN1863199A (en) * | 2005-09-30 | 2006-11-15 | 华为技术有限公司 | Method for carrying out service in wideband network |
| CN101047618A (en) * | 2006-03-29 | 2007-10-03 | 华为技术有限公司 | Method and system for acquiring network route information |
| CN101188614A (en) * | 2007-11-28 | 2008-05-28 | 华为技术有限公司 | A method, system and device for secure control of the user access |
| CN102064970A (en) * | 2010-12-31 | 2011-05-18 | 华为技术有限公司 | Management method and system for user line and access node |
| CN102098278A (en) * | 2009-12-15 | 2011-06-15 | 华为技术有限公司 | Subscriber access method and system as well as access server and device |
| CN102480399A (en) * | 2010-11-30 | 2012-05-30 | 中国电信股份有限公司 | Multi-service authentication method and system based on IPoE |
-
2012
- 2012-12-28 CN CN201210583420.8A patent/CN103905236A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050044265A1 (en) * | 2003-07-04 | 2005-02-24 | France Telecom | Method for automatic configuration of an access router compatible with the DHCP protocol, for specific automatic processing of IP flows from a client terminal |
| CN1863199A (en) * | 2005-09-30 | 2006-11-15 | 华为技术有限公司 | Method for carrying out service in wideband network |
| CN101047618A (en) * | 2006-03-29 | 2007-10-03 | 华为技术有限公司 | Method and system for acquiring network route information |
| CN101188614A (en) * | 2007-11-28 | 2008-05-28 | 华为技术有限公司 | A method, system and device for secure control of the user access |
| CN102098278A (en) * | 2009-12-15 | 2011-06-15 | 华为技术有限公司 | Subscriber access method and system as well as access server and device |
| CN102480399A (en) * | 2010-11-30 | 2012-05-30 | 中国电信股份有限公司 | Multi-service authentication method and system based on IPoE |
| CN102064970A (en) * | 2010-12-31 | 2011-05-18 | 华为技术有限公司 | Management method and system for user line and access node |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323232A (en) * | 2014-08-01 | 2016-02-10 | 中国移动通信集团江苏有限公司 | Account binding method and account binding device |
| CN105323232B (en) * | 2014-08-01 | 2018-12-04 | 中国移动通信集团江苏有限公司 | account binding method and device |
| CN105516378A (en) * | 2014-09-25 | 2016-04-20 | 华为技术有限公司 | Method and device for providing access position |
| CN105516378B (en) * | 2014-09-25 | 2019-02-12 | 华为技术有限公司 | The method and apparatus of on-position is provided |
| CN104618259A (en) * | 2014-12-25 | 2015-05-13 | 杭州华三通信技术有限公司 | Method and device for limiting speed of terminal device |
| WO2016191942A1 (en) * | 2015-05-29 | 2016-12-08 | 华为技术有限公司 | Optical network unit authentication method, optical line terminal and optical network unit |
| CN106489250A (en) * | 2015-05-29 | 2017-03-08 | 华为技术有限公司 | Optical network unit authentication method, optical line terminal and optical network unit |
| US10819708B2 (en) | 2015-05-29 | 2020-10-27 | Huawei Technologies Co., Ltd. | Method for authenticating optical network unit, optical line terminal, and optical network unit |
| CN108206758A (en) * | 2016-12-20 | 2018-06-26 | 中兴通讯股份有限公司 | A kind of ether L 2 virtual private network service localization method and device |
| CN108206758B (en) * | 2016-12-20 | 2021-11-23 | 中兴通讯股份有限公司 | Ethernet two-layer virtual private network service positioning method and device |
| CN108011932A (en) * | 2017-11-22 | 2018-05-08 | 新华三技术有限公司 | Access processing method and device |
| CN108011932B (en) * | 2017-11-22 | 2020-11-27 | 新华三技术有限公司 | Access processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103905236A (en) | Terminal positioning method, system and device | |
| CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
| US9749320B2 (en) | Method and system for wireless local area network user to access fixed broadband network | |
| CN101141492B (en) | Method and system for implementing DHCP address safety allocation | |
| CN107404485A (en) | A kind of self-validation cloud connection method and its system | |
| CN104581875B (en) | Femto cell cut-in method and system | |
| CN108900484B (en) | Access right information generation method and device | |
| CN102611597A (en) | Method for accessing internet through broadband in free of inputting account and password in different family environments | |
| CN104125567B (en) | Home eNodeB accesses method for authenticating, device and the Home eNodeB of network side | |
| CN101867476A (en) | 3G virtual private dialing network user safety authentication method and device thereof | |
| CN109104475A (en) | Connect restoration methods, apparatus and system | |
| CN101640689B (en) | Static user access method and device thereof | |
| US12114157B2 (en) | Service start method and communication system | |
| CN112929387B (en) | Broadband network multiple authentication and encryption method applied to intelligent community | |
| JP5670933B2 (en) | Authentication information conversion apparatus and authentication information conversion method | |
| CN108834146A (en) | A kind of Bidirectional identity authentication method between terminal and authentication gateway | |
| CN105871782B (en) | Network service processing method, device, business router and platform authentication system | |
| CN108494627A (en) | Portal pressure testing systems and method based on cloud AC | |
| CN109788528A (en) | Access point and its internet business activating method and system | |
| CN102299924A (en) | Information interaction and authentication methods between RADIUS server and 8.2.1x client and RADIUS system | |
| CN209882108U (en) | Device for mobile phone terminal to safely access information network | |
| WO2009155818A1 (en) | Method of access device location verification and the access device, network equipment, and system thereof | |
| CN110138622A (en) | Wireless local area network management system based on cloud | |
| JP5432825B2 (en) | Login ID issuing system | |
| CN105610667B (en) | The method and apparatus for establishing Virtual Private Network channel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140702 |