CN103401706A - Method and device for configuring port security - Google Patents

Method and device for configuring port security Download PDF

Info

Publication number
CN103401706A
CN103401706A CN2013103182492A CN201310318249A CN103401706A CN 103401706 A CN103401706 A CN 103401706A CN 2013103182492 A CN2013103182492 A CN 2013103182492A CN 201310318249 A CN201310318249 A CN 201310318249A CN 103401706 A CN103401706 A CN 103401706A
Authority
CN
China
Prior art keywords
port
address
main frame
mac address
switch
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013103182492A
Other languages
Chinese (zh)
Other versions
CN103401706B (en
Inventor
何斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maipu Communication Technology Co Ltd
Original Assignee
Maipu Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maipu Communication Technology Co Ltd filed Critical Maipu Communication Technology Co Ltd
Priority to CN201310318249.2A priority Critical patent/CN103401706B/en
Publication of CN103401706A publication Critical patent/CN103401706A/en
Application granted granted Critical
Publication of CN103401706B publication Critical patent/CN103401706B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The embodiment of the invention provides a method and a device for configuring port security, and relates to the technical field of network communication, which can automatically acquire an MAC (media access control) address and an IP (internet protocol) address of a host computer which is connected with all ports of a switch and can automatically bind the MAC address and the IP address. The method comprises the following steps of receiving a port of to-be-started port security designated by a user through the switch; acquiring the MAC address of the host computer which is connected with the port through the switch by reading a local stored MAC address list; acquiring the IP address of the host computer through the switch by reading a stored ARP (address resolution protocol) list and utilizing the acquired MAC address of the host computer; and automatically binding the MAC address and the IP address of the host computer onto all ports through the switch. The method and the device are suitable for being used when the port security is configured.

Description

A kind of method of configured port safety and device
Technical field
The present invention relates to network communications technology field, relate in particular to a kind of method and device of configured port safety.Background technology
In the ether switching network,, for preventing illegal host invasion network, need to enable port security feature on access switch, define legal subscriber's main station.(Media Access Control is controlled in media interviews by binding access host on switch ports themselves, MAC) address and Internet protocol (Internet Protocol, IP) address, define legal subscriber's main station, only allow legal host access network, and other main frames all can not accesses network, guarantees the fail safe of network data.
In the prior art, the MAC Address of network O﹠M engineer configured port safety on switch and IP address and with MAC Address and IP address binding on interface the time, need to know in advance MAC Address and the IP address of the legal hosts that each port of switch connects, combing is clear one by one the corresponding relation of switch ports themselves and main frame, then on a large amount of switch ports themselves, MAC Address and the IP address of thousands of main frame is bound.
Yet, while adopting the prior art arrangement port security, the network O﹠M personnel need to be known MAC Address and the IP address of the legal hosts that each port of switch connects in advance, and with the MAC Address of legal hosts and IP address binding to corresponding port, make complicated operation, efficiency is lower.
Summary of the invention
Embodiments of the invention provide a kind of method and device of configured port safety, and can automatically know MAC Address and the IP address of the main frame that the switch all of the port connects, and automatically bind, thus simple to operate, improved operating efficiency.
First aspect, embodiments of the invention provide a kind of method of configured port safety, comprising:
Switch receives the port of the port security to be enabled of user's appointment;
Control mac address table by reading local media interviews of preserving, described switch obtains the MAC Address of the main frame that connects described port;
The MAC Address of the described main frame that utilization is obtained, described switch is by the ARP table of reading and saving, the Internet protocol IP address that obtains described main frame;
Described switch is tied to the IP address of the MAC Address of described main frame and described main frame on described port automatically.
Second aspect, embodiments of the invention provide a kind of switch of configured port safety, comprising:
The first receiver module, for the port of the port security to be enabled that receives user's appointment;
The first acquisition module, be used for controlling mac address table by reading local media interviews of preserving, and obtains the MAC Address of the main frame that connects described port;
The second acquisition module,, for the MAC Address of utilizing the described main frame that obtains,, by the ARP table of reading and saving, obtain the Internet protocol IP address of described main frame;
Binding module, be used for the IP address of the MAC Address of described main frame and described main frame is tied to described port automatically.
Method and the device of a kind of configured port safety that the embodiment of the present invention provides, receive the port of the port security to be enabled of user's appointment by switch; By reading the local mac address table of preserving, described switch obtains the MAC Address of the main frame that connects described port; The MAC Address of the described main frame that utilization is obtained, described switch is by the ARP table of reading and saving, the IP address that obtains described main frame; Thereby obtain MAC Address and the IP address of the main frame of each port connection of described switch, automatically complete the described MAC Address of the legal hosts that described switch all of the port is connected and the port security binding of described IP address finally.In prior art configured port safety the time, the network O﹠M personnel need to be known MAC Address and the IP address of the legal hosts that each port of switch connects in advance, and with the MAC Address of legal hosts and IP address binding to corresponding port, make complicated operation, efficiency is lower, and the embodiment of the present invention can be known MAC Address and the IP address of the main frame that the switch all of the port connects automatically, and automatically binds, thereby simple to operate, improved operating efficiency.
Description of drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, below will the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The flow chart of the method for a kind of configured port safety that Fig. 1 provides for one embodiment of the invention;
The schematic diagram of the mac address table that Fig. 2 provides for another embodiment of the present invention;
The access-layer switch that Fig. 3 provides for another embodiment of the present invention and the schematic diagram of gateway device;
The schematic diagram that the ARP that Fig. 4 provides for another embodiment of the present invention shows;
The flow chart of the method for the another kind of configured port safety that Fig. 5 provides for another embodiment of the present invention;
The corresponding relation schematic diagram of the MAC Address of the port of the port security to be enabled on the switch that Fig. 6 provides for another embodiment of the present invention and the main frame of connectivity port, the IP address of main frame;
The block diagram of a kind of switch that Fig. 7 provides for another embodiment of the present invention;
The block diagram of the another kind of switch that Fig. 8 provides for another embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills, not making under the creative work prerequisite the every other embodiment that obtains, belong to the scope of protection of the invention.
The embodiment of the present invention provides a kind of method of configured port safety, and the executive agent of the method is switch, and as shown in Figure 1, the method comprises:
Step 101, switch receives the port of the port security to be enabled of user's appointment.
Optionally, in this step, the port of the port security to be enabled of user's appointment can be that the user carrys out appointment according to the difference in functionality of dissimilar port, the port of port security to be enabled can be the part port of switch, can be also whole ports of this switch, namely the port of the port security to be enabled of described user's appointment be at least one.
When the user specifies certain interface enabling port security, these ports can be connected main frame.For example, the port C that in described switch, the port A of port security to be enabled has connected host A, port security to be enabled port B has connected host B, port security to be enabled has connected host C.
Step 102, control mac address table by reading local media interviews of preserving, and described switch obtains the MAC Address of the main frame that connects described port.
Wherein, preserved port-mark corresponding to each port of connecting with at least one main frame and the MAC Address of described at least one main frame in described mac address table, and port-mark corresponding to described each port is corresponding one by one with the MAC Address of the main frame of described each port of connection.
Wherein, in this step main frame communicate by described switch process in, described switch automatic learning has arrived the MAC Address of these main frames, forms mac address table.
Optionally, the local mac address table of preserving comprises at least one port on described switch and the correspondence relationship information of the MAC Address of the main frame that is connected with port as shown in Figure 2, MAC Address such as port A respective hosts A, the MAC Address of host A can be: 0001.7A00.0011, the MAC Address of port B respective hosts B, the MAC Address of host B can be: 0001.7A00.0012, and the MAC Address of port C respective hosts C, the MAC Address of host C can be: 0001.7A00.0013.Can get the MAC Address of the main frame of arbitrary port connection by the mac address table of described switch.
Step 103, the MAC Address of the described main frame that utilization is obtained, described switch is by address resolution protocol (Address Resolution Protocol, the ARP) table of reading and saving, obtain Internet protocol (Internet Protocol, the IP) address of described main frame.
Wherein, as shown in Figure 3, switch can be different equipment from gateway device in the actual sets network process, and switch is only born two layers of forwarding, and the forwarding of completing respectively separately with the gateway device of bearing three layers of forwarding operates; In addition, described switch and gateway device also can be merged into an equipment, and namely switch is directly born two layers of forwarding and original three layers of forwarding being born by gateway device.
Optionally, when described switch and gateway device are different equipment, main frame is by in described switch and process that gateway device is communicated by letter, and the MAC Address of these main frames that gateway device arrives according to study by the ARP agreement and the corresponding relation of IP address, form the ARP table.At this moment, described ARP table is kept in gateway device, the switch IP address that obtains described main frame corresponding to described MAC Address comprises: described switch logs on described gateway device, read the ARP table of preserving in described gateway device, and, by the ARP table that described gateway device is preserved, obtain IP address corresponding to described MAC Address.
When switch and gateway device are same equipment, be that described switch is except bearing two layers of forwarding, also simultaneously as the gateway device of bearing three layers of forwarding, the ARP table is kept in described switch, by reading the local ARP table of preserving, described switchboard direct obtain get described main frame the IP address.
Further alternative, preserved the IP address of at least one main frame that connects described each port and the MAC Address of described at least one main frame in described ARP table, and the IP address of described at least one main frame is corresponding one by one with the MAC Address of described at least one main frame.
The ARP table of gateway device as shown in Figure 4 possesses the MAC Address of each main frame and the correspondence relationship information of IP address.Such as the corresponding relation of the IP address of the MAC Address of host A and host A is: the corresponding 192.168.1.11 of 0001.7A00.0011; The corresponding relation of the IP address of the MAC Address of host B and host B is: the corresponding 192.168.1.12 of 0001.7A00.0012; The corresponding relation of the IP address of the MAC Address of host C and host C is: the corresponding 192.168.1.13 of 0001.7A00.0013.
Step 104, described switch is tied to the IP address of the MAC Address of described main frame and described main frame on described port automatically.
Optionally, before this step, after step 103, the IP address of the port of the port security to be enabled of the described user's appointment of described switch preservation and the MAC Address of the main frame under described port and main frame is to mapping table; Show that successively the corresponding relation list item information in described mapping table supplies the user to confirm; Receive the sign that the user confirms the corresponding relation list item at legal hosts place.
Optionally, this step comprises: according to the legal hosts MAC Address in the described corresponding relation list item of described user ID, IP address and corresponding port, described switch with the MAC Address of described legal hosts be connected the IP address of legal hosts and automatically be tied on the corresponding ports that described legal hosts connects.
Optionally, may there is corresponding relation record corresponding to disabled user in described mapping table, this is to have the disabled user to be linked into network because can not get rid of before described switch is being enabled port security, so the user's that the main frame that need to allow the user check that on switch, each port connects is corresponding legitimacy, get rid of the disabled user.Then provide whether legal option to every corresponding relation list item, confirmed one by one the legitimacy of every main frame list item by the user, receive and the corresponding relation list item corresponding to legal hosts of record user identifications.
Further alternative, when the MAC Address of the completing port of switch described in this step safety and the automatic binding of IP address, can be by calling the port security interface function on described switch, each port according to the port security to be enabled of user's appointment,, to confirming every legal main frame, the MAC Address of legal hosts is connected the IP address automatically to be tied on the corresponding ports that legal hosts connects with legal hosts.
The invention provides a kind of method of configured port safety, receive the port of the port security to be enabled of user's appointment by switch; By reading the local mac address table of preserving, described switch obtains the MAC Address of the main frame that connects described port; The MAC Address of the described main frame that utilization is obtained, described switch is by the ARP table of reading and saving, the IP address that obtains described main frame; Described switch is tied to the IP address of the MAC Address of described main frame and described main frame on described port automatically, make the present invention can automatically know MAC Address and the IP address of the main frame that the switch all of the port connects, and automatically bind, make simple to operately, improved operating efficiency.
The embodiment of the present invention provides a kind of method of configured port safety, and as shown in Figure 5, the method comprises:
Step 501, switch receives the port of the port security to be enabled of user's appointment.
Optionally, in this step, the port of the port security to be enabled of user's appointment can be that the user carrys out appointment according to the difference in functionality of dissimilar port, the port of port security to be enabled can be the part port of switch, can be also whole ports of this switch, namely the port of the port security to be enabled of described user's appointment be at least one.
When the user specifies certain interface enabling port security, these ports can be connected main frame.For example, the port C that in described switch, the port A of port security to be enabled has connected host A, port security to be enabled port B has connected host B, port security to be enabled has connected host C.
Step 502, by reading the local mac address table of preserving, described switch obtains the MAC Address of the main frame that connects described port.
Optionally, main frame communicate by described switch process in, described switch automatic learning has arrived the MAC Address of these main frames, and the MAC Address of the different main frames that arrive according to study forms mac address table.Wherein, preserved port-mark corresponding to each port of connecting with at least one main frame and the MAC Address of described at least one main frame in described mac address table, and port-mark corresponding to described each port is corresponding one by one with the MAC Address of the main frame of described each port of connection.
Optionally, the mac address table that preserve as shown in Figure 2 this locality comprises at least one port on described switch and the correspondence relationship information of the MAC Address of the main frame that is connected with port, MAC Address such as port A respective hosts A, the MAC Address of host A can be: 0001.7A00.0011, the MAC Address of port B respective hosts B, the MAC Address of host B can be: 0001.7A00.0012, and the MAC Address of port C respective hosts C, the MAC Address of host C can be: 0001.7A00.0013.Can get the MAC Address of the main frame of arbitrary port connection by the mac address table of described switch.
Step 503, the MAC Address of the described main frame that utilization is obtained, described switch is by the ARP table of reading and saving, the IP address that obtains described main frame.
Optionally, this step is identical with step 103 in accompanying drawing 1, and switch obtains the process of the IP address of described main frame corresponding to described MAC Address specifically can be referring to the description of step 103, and this is no longer going to repeat them.
Need to prove, step 501, step 502 and step 503 have been completed MAC Address and the IP address of the main frame that obtains the switch ports themselves connection automatically, compare with the IP address with the MAC Address that needs the network O﹠M engineer manually to obtain the main frame that is connected with port in prior art, the scheme that the embodiment of the present invention provides is simple to operate, and efficiency is higher.
Step 504, the IP address of the port of the port security to be enabled of the described user's appointment of described switch preservation and the MAC Address of the main frame under described port and main frame is to mapping table.
Step 505, described switch show that successively the corresponding relation list item information in described mapping table supplies the user to confirm.
Specifically, each main frame according to the switch ports themselves connection, and the MAC Address of each main frame that obtains and the IP address of each main frame, form the corresponding relation of switch ports themselves, host MAC address and host IP address, and the mapping table of switch ports themselves and host MAC address, host IP address is shown.As shown in Figure 6, the mapping table of switch ports themselves and host MAC address, host IP address can be MAC Address and the IP address of port A respective hosts A, the MAC Address of host A can be 0001.7A00.0011, and the IP address of host A can be 192.168.1.11; MAC Address and the IP address of port B respective hosts B: the MAC Address of host B can be 0001.7A00.0012, and the IP address of host B can be 192.168.1.12; MAC Address and the IP address of port C respective hosts C, the MAC Address of host C can be 0001.7A00.0013, the IP address of host C can be 192.168.1.13.
Step 506, described switch receives the sign that the user confirms the corresponding relation list item at legal hosts place.
Optionally, may there is corresponding relation record corresponding to disabled user in the mapping table of the switch ports themselves shown in accompanying drawing 6 and host MAC address, host IP address, this is because may there be the disabled user to be linked into network before described switch is being enabled port security, the user's that the main frame that therefore need to allow the user check that on switch, each port connects is corresponding legitimacy, the mapping table of eliminating disabled user's main frame.Optionally, whether legal option be set after every corresponding relation record in mapping table,, by the legitimacy that the user confirms every corresponding relation record one by one, record the user and confirm the corresponding relation record of legal main frame.
Step 507, described switch is tied to the IP address of the MAC Address of described main frame and described main frame on described port automatically.
Optionally, described switch is according to the legal hosts MAC Address in the described corresponding relation list item of described user ID, IP address and corresponding port, described switch with the MAC Address of described legal hosts be connected the IP address of legal hosts and automatically be tied on the port of the correspondence that described legal hosts connects.
Further alternative, the MAC Address of the completing port of switch described in this step safety and the automatic binding of IP address, can be by calling the port security module interface function on described switch, according to each port of the port security to be enabled of user's appointment and confirm every legal main frame, the MAC Address of legal hosts is connected the IP address automatically to be tied on the corresponding ports that legal hosts connects with legal hosts.
The invention provides a kind of method of configured port safety, by reading the local mac address table of preserving, described switch obtains the MAC Address of the main frame of the port that connects port security to be enabled; The MAC Address of the described main frame that utilization is obtained, described switch is by the ARP table of reading and saving, the IP address that obtains described main frame; Thereby obtain MAC Address and the IP address of the main frame of each port connection of described switch, automatically complete the described MAC Address of the legal hosts that described switch all of the port is connected and the port security binding of described IP address finally; In the ethernet local area network environment, when need to be on the switch a large amount of configured port secure mac address of network O﹠M engineer and IP address binding,, by adopting technical scheme of the present invention, network O﹠M engineer's operating efficiency will be improved greatly.
The invention provides a kind of switch, as shown in Figure 7, this switch comprises: the first receiver module 701, the first acquisition module 702, the second acquisition modules 703, binding module 704.
The first receiver module 701, for the port of the port security to be enabled that receives user's appointment.
Optionally, the port of the port security to be enabled of user's appointment can be that the user carrys out appointment according to the difference in functionality of dissimilar port, and the port of port security to be enabled can be the part port of switch, can be also whole ports of this switch.
The first acquisition module 702, be used for obtaining by reading the local mac address table of preserving the MAC Address that connects described port main frame.
Wherein, preserved port-mark corresponding to each port of connecting with at least one main frame and the MAC Address of described at least one main frame in described mac address table, and port-mark corresponding to described each port is corresponding one by one with the MAC Address of the main frame of described each port of connection.
Optionally, main frame communicate by described switch process in, the MAC Address of these main frames that described switch arrives according to automatic learning, form mac address table.Be the correspondence relationship information that the described local mac address table of preserving possesses port and MAC Address, according to reading the local mac address table of preserving, the first acquisition module 702 just can obtain corresponding MAC Address.
The second acquisition module 703, for the MAC Address of utilizing the described main frame that obtains, by the ARP table of reading and saving, the IP address that obtains described main frame.
Binding module 704, be used for the IP address of the MAC Address of described main frame and described main frame is tied to described port automatically.
Optionally, in the actual sets network process, switch can be different equipment from gateway device, and switch is only born two layers of forwarding, and the forwarding of completing respectively separately with the gateway device of bearing three layers of forwarding operates; In addition, described switch and gateway device also can be merged into an equipment, and namely switch is directly born two layers of forwarding and original three layers of forwarding being born by gateway device.
Optionally, when described switch and gateway device are different equipment, main frame is by in described switch and process that gateway device is communicated by letter, and the MAC Address of these main frames that gateway device arrives according to study by the ARP agreement and the corresponding relation of IP address, form the ARP table.
When switch and gateway device are same equipment, be about to gateway device and be arranged in described switch, the ARP table is kept in described switch, by the ARP table of reading and saving, described switchboard direct obtain get described main frame the IP address.
Optionally, preserved the IP address of at least one main frame that connects described each port and the MAC Address of described at least one main frame in described ARP table, and the IP address of described at least one main frame is corresponding one by one with the MAC Address of described at least one main frame.
Further alternative, as shown in Figure 8, described the second acquisition module 703 comprises: the first acquiring unit 7031, perhaps, second acquisition unit 7032.
The first acquiring unit 7031, be used for when described switch is only born two layers of forwarding, the ARP table of preserving by reading gateway device, the IP address that obtains described main frame; Perhaps,
Second acquisition unit 7032, be used for when the gateway device of three layers of forwarding is born in described switch conduct, by reading the local ARP table of preserving, the IP address that obtains described main frame.
Further alternative, as shown in Figure 8, described switch also comprises: preserve module 705, display module 706, the second receiver modules 707.
At the ARP table of the second acquisition module 703 by preserving, after obtaining the Internet protocol IP address of described main frame corresponding to described MAC Address, preserve module 705, be used for preserving the IP address of the MAC Address of the port of port security to be enabled of described user's appointment and the main frame under described port and main frame to mapping table;
Display module 706, be used for showing successively that the corresponding relation list item information of described mapping table supplies the user to confirm;
The second receiver module 707, be used for receiving the sign that the user confirms the corresponding relation list item at legal hosts place.
Optionally, described binding module 704 is used for:
According to the legal hosts MAC Address in the described corresponding relation list item of described user ID, IP address and corresponding port, described switch with the MAC Address of described legal hosts be connected the IP address of legal hosts and automatically be tied on the corresponding ports that described legal hosts connects.
Optionally, may there is corresponding relation record corresponding to disabled user in described corresponding relation list item, this is to have the disabled user to be linked into network because can not get rid of before described switch is being enabled port security, so legitimacy of the user that the main frame that need to allow the user check that on switch, each port connects is corresponding, get rid of the disabled user, receive finally the mapping table of the legal hosts of user ID.
Optionally, when binding module 704 is carried out the automatic binding of the MAC Address of port security and IP address, can be by calling the port security module interface function on described switch, each port for user's appointment, to confirming every legal main frame, binding module 704 is tied to the IP address of the MAC Address of legal hosts and legal hosts on described port automatically.
Need to prove, in accompanying drawing 7 and accompanying drawing 8 shown devices, the specific implementation process of its modules and the contents such as information interaction between modules, due to the inventive method embodiment based on same inventive concept, can, referring to embodiment of the method, at this, not repeat one by one.
The invention provides a kind of device of configured port safety, receive the port of the port security to be enabled of user's appointment by the first receiver module; By reading the local mac address table of preserving, the first acquisition module obtains the MAC Address of the main frame that connects described port; The MAC Address of the described main frame that utilization is obtained, by the ARP table of reading and saving, the second acquisition module obtains the IP address of described main frame; Binding module is tied to the IP address of the MAC Address of described main frame and described main frame on described port automatically, make the present invention can automatically know MAC Address and the IP address of the main frame that the switch all of the port connects, and automatically bind, make simple to operately, improved operating efficiency.
It should be noted that, device embodiment described above is only schematic, wherein said unit as the separating component explanation can or can not be also physically to separate, the parts that show as unit can be or can not be also physical locations, namely can be positioned at a place, perhaps also can be distributed on a plurality of network element.Can select according to the actual needs wherein some or all of module to realize the purpose of the present embodiment scheme.Those of ordinary skills in the situation that do not pay creative work, namely can understand and implement.
Through the above description of the embodiments, the those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential common hardware, can certainly comprise that application-specific integrated circuit (ASIC), dedicated cpu, private memory, special-purpose components and parts etc. realize by specialized hardware, but in a lot of situation, the former is better execution mode.based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium that can read, floppy disk as computer, USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc., comprise that some instructions are with so that a computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and between each embodiment, identical similar part is mutually referring to getting final product, and each embodiment stresses is difference with other embodiment.Especially, for device and system embodiment, substantially similar in appearance to embodiment of the method, so describe fairly simplely, relevant part gets final product referring to the part explanation of embodiment of the method due to it.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by described protection range with claim.

Claims (10)

1. the method for a configured port safety, is characterized in that, comprising:
Switch receives the port of the port security to be enabled of user's appointment;
Control mac address table by reading local media interviews of preserving, described switch obtains the MAC Address of the main frame that connects described port;
The MAC Address of the described main frame that utilization is obtained, described switch is by the ARP table of reading and saving, the Internet protocol IP address that obtains described main frame;
Described switch is tied to the IP address of the MAC Address of described main frame and described main frame on described port automatically.
2. method according to claim 1, is characterized in that,
The port of the port security to be enabled of described user's appointment is at least one.
3. method according to claim 2, is characterized in that, described switch is by the ARP table of reading and saving, and the concrete grammar that obtains the IP address of described main frame comprises:
When described switch is only born two layers of forwarding, the ARP table that described switch is preserved by reading gateway device, the IP address that obtains described main frame; Perhaps,
When the gateway device of three layers of forwarding was born in described switch conduct, described switch was by reading the local ARP table of preserving, the IP address that obtains described main frame.
4. the described method of any one according to claim 1-3, it is characterized in that, described switch is by reading gateway device or the local ARP table of preserving, after obtaining the IP address of described main frame, and before described switch is tied to the IP address of the MAC Address of described main frame and described main frame on described port automatically, also comprise:
The IP address of the port of the port security to be enabled of the described user's appointment of described switch preservation and the MAC Address of the main frame under described port and main frame is to mapping table;
Show that successively the corresponding relation list item information in described mapping table supplies the user to confirm;
Receive the sign that the user confirms the corresponding relation list item at legal hosts place.
5. method according to claim 4, is characterized in that, described switch is tied to the IP address of the MAC Address of described main frame and described main frame on described port automatically, comprising:
According to the legal hosts MAC Address in the described corresponding relation list item of described user ID, IP address and corresponding port, described switch with the MAC Address of described legal hosts be connected the IP address of legal hosts and automatically be tied on the port of the correspondence that described legal hosts connects.
6. a switch, is characterized in that, comprising:
The first receiver module, for the port of the port security to be enabled that receives user's appointment;
The first acquisition module, be used for controlling mac address table by reading local media interviews of preserving, and obtains the MAC Address of the main frame that connects described port;
The second acquisition module,, for the MAC Address of utilizing the described main frame that obtains,, by the ARP table of reading and saving, obtain the Internet protocol IP address of described main frame;
Binding module, be used for the IP address of the MAC Address of described main frame and described main frame is tied to described port automatically.
7. device according to claim 6, is characterized in that,
The port of the port security to be enabled of described user's appointment is at least one.
8. device according to claim 7, is characterized in that, described the second acquisition module comprises:
The first acquiring unit, be used for when described switch is only born two layers of forwarding, the ARP table of preserving by reading gateway device, the IP address that obtains described main frame; Perhaps,
Second acquisition unit, be used for when the gateway device of three layers of forwarding is born in described switch conduct, by reading the local ARP table of preserving, the IP address that obtains described main frame.
9. the described device of any one according to claim 6-8, is characterized in that, described switch also comprises:
Preserve module, be used for preserving the IP address of the MAC Address of the port of port security to be enabled of described user's appointment and the main frame under described port and main frame to mapping table;
Display module, be used for showing successively that the corresponding relation list item information of described mapping table supplies the user to confirm;
The second receiver module, be used for receiving the sign that the user confirms the corresponding relation list item at legal hosts place.
10. device according to claim 9, is characterized in that, described binding module comprises:
According to the legal hosts MAC Address in the described corresponding relation list item of described user ID, IP address and corresponding port, described switch with the MAC Address of described legal hosts be connected the IP address of legal hosts and automatically be tied on the corresponding ports that described legal hosts connects.
CN201310318249.2A 2013-07-26 2013-07-26 A kind of method and device for configuring port security Active CN103401706B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310318249.2A CN103401706B (en) 2013-07-26 2013-07-26 A kind of method and device for configuring port security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310318249.2A CN103401706B (en) 2013-07-26 2013-07-26 A kind of method and device for configuring port security

Publications (2)

Publication Number Publication Date
CN103401706A true CN103401706A (en) 2013-11-20
CN103401706B CN103401706B (en) 2017-07-21

Family

ID=49565237

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310318249.2A Active CN103401706B (en) 2013-07-26 2013-07-26 A kind of method and device for configuring port security

Country Status (1)

Country Link
CN (1) CN103401706B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701784A (en) * 2013-12-17 2014-04-02 迈普通信技术股份有限公司 Host machine protection method
CN105024949A (en) * 2014-04-28 2015-11-04 国网山西省电力公司电力科学研究院 Port automatically binding method and system
CN105357125A (en) * 2015-09-24 2016-02-24 上海斐讯数据通信技术有限公司 System and method for acquiring online terminal list
CN105594161A (en) * 2014-08-06 2016-05-18 株式会社Kt Method for determining connection structure of home terminal, and management server and system therefor
WO2019140958A1 (en) * 2018-01-22 2019-07-25 西安中兴新软件有限责任公司 Forwarding method and device, electronic device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050055570A1 (en) * 2003-09-04 2005-03-10 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus using dynamic user policy assignment
CN101193116A (en) * 2007-07-09 2008-06-04 福建星网锐捷网络有限公司 A method, system and router for coordinated prevention from address parsing protocol attack
CN101610171A (en) * 2009-07-22 2009-12-23 天津市电力公司 A kind of switch method of automatic configuration based on the IEC61850 model
CN102546396A (en) * 2011-12-15 2012-07-04 广东电网公司电力科学研究院 Configuration method and system of instation exchanger of electric device remote supervision system
CN102594704A (en) * 2012-03-20 2012-07-18 神州数码网络(北京)有限公司 Control method for address accessing network based on security port

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050055570A1 (en) * 2003-09-04 2005-03-10 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus using dynamic user policy assignment
CN101193116A (en) * 2007-07-09 2008-06-04 福建星网锐捷网络有限公司 A method, system and router for coordinated prevention from address parsing protocol attack
CN101610171A (en) * 2009-07-22 2009-12-23 天津市电力公司 A kind of switch method of automatic configuration based on the IEC61850 model
CN102546396A (en) * 2011-12-15 2012-07-04 广东电网公司电力科学研究院 Configuration method and system of instation exchanger of electric device remote supervision system
CN102594704A (en) * 2012-03-20 2012-07-18 神州数码网络(北京)有限公司 Control method for address accessing network based on security port

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701784A (en) * 2013-12-17 2014-04-02 迈普通信技术股份有限公司 Host machine protection method
CN103701784B (en) * 2013-12-17 2017-02-15 迈普通信技术股份有限公司 Host machine protection method
CN105024949A (en) * 2014-04-28 2015-11-04 国网山西省电力公司电力科学研究院 Port automatically binding method and system
CN105594161A (en) * 2014-08-06 2016-05-18 株式会社Kt Method for determining connection structure of home terminal, and management server and system therefor
CN105594161B (en) * 2014-08-06 2020-08-21 株式会社Kt Method, management server and system for determining connection structure of home device
CN105357125A (en) * 2015-09-24 2016-02-24 上海斐讯数据通信技术有限公司 System and method for acquiring online terminal list
CN105357125B (en) * 2015-09-24 2018-07-17 上海斐讯数据通信技术有限公司 A kind of system and method obtaining online terminal list
WO2019140958A1 (en) * 2018-01-22 2019-07-25 西安中兴新软件有限责任公司 Forwarding method and device, electronic device and storage medium

Also Published As

Publication number Publication date
CN103401706B (en) 2017-07-21

Similar Documents

Publication Publication Date Title
CN105430108B (en) Test environment access method and proxy server
CN102845123B (en) Virtual private cloud connection method and tunnel proxy server
CN103401706A (en) Method and device for configuring port security
CN107743075B (en) Multi-system network interconnection equipment, method and device
CN103475726A (en) Virtual desktop management method, server and client side
CN105245638A (en) Address distribution method, equipment and system
CN110034984A (en) A kind of cut-in method, equipment and system
CN103763407A (en) Method for achieving address resolution protocol proxy through two-layer virtual local area network and local area network system
US20150026322A1 (en) Configuring a network device
CN109302466A (en) Data processing method, relevant device and computer storage medium
CN106452873B (en) Control method, control device and processor in software defined network
CN105517104B (en) Terminal establishes the method and terminal of network connection by APN
CN104391687A (en) Method and system for realizing internet APP (application) public platform of enterprise and association
CN102148881A (en) Address processing method and device
CN105208560A (en) WiFi certification-free log-in method, device and system
CN109120746A (en) Method for network address translation, device and address-translating device
CN105812221B (en) The device and method of data transmission in virtual expansible Local Area Network
CN103916320A (en) Method and device for message processing after cross-network relocation of VM device
CN105450494A (en) Virtual network and method for implementing same
CN102739619B (en) A kind of data communications method and device
CN104301446B (en) A kind of message processing method, switch device and system
CN108259295B (en) MAC address synchronization method and device
CN103973753B (en) A kind of method and apparatus of data processing
CN104506405B (en) The method and device of cross-domain access
CN102447703B (en) A kind of heat backup method and system, CGN equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant