Hierarchical access control method of communication network

Abstract

The invention provides a hierarchy access control method for a communication network, which belongs to the field of the communication network. By adopting the method of the invention, the whole communication network is divided into hierarchic domains and each domain is provided with a domain server. Each port of each domain is provided with a border controller, and furthermore, identity authentication is realized by a call progress and admission control is realized by a routing progress. The technique provided by the invention provides a basic support for the communication network, in particular to service accounting, QoS mechanism, network mobility, and network security, etc. in a vector network.

Description

technical field [0001] The invention relates to the field of network communication, in particular to an access control method of a communication network. Background technique [0002] The purpose of access control is to distinguish the type of user who is using the network, distinguish the user's current access type (QoS requirements and destination), prevent illegal users from using the network, and prevent users from using the network beyond authorization, so as to charge for services, QoS mechanisms, Provide basic support for network mobility and network security. [0003] Currently, the commonly used access control technologies in the network include PPPoE, Web, and 802.1x. The PPPoE protocol is a protocol for transmitting PPP on the Ethernet. It establishes a point-to-point link on the Ethernet by re-encapsulating the PPP frame into the Ethernet frame. Each user of a physical link can be individually controlled and managed using the PPPoE protocol. Therefore, even fo...

AI Technical Summary

Problems solved by technology

There is no PPP packaging process in the authentication process, and there is no participation of IP addresses, so it cannot be authenticated across the Layer 3 network

Normally, 802.1x authentication is enabled on the device closest to the user, and the same port cannot control different users separately

The disadvantage of 802.1x is that the multicast data packets sent at the beginning of user authentication may cause a large amount of data accumulation in an uncertain network, affecting the normal operation of the network. In addition, because the equipment used for authentication is generally a low-cost switch, its Reliability and security are not very good, and the ability to resist attacks is relatively poor

[0006] In summary, there are the following problems in the access control technology in the existing network: First, the existing access control methods have some deficiencies, and the use of a single technical means usually cannot solve the problem of network user access management well ; Secondly, there is no unified access control method for the entire network, and there is no access control method that can fully support service billing, QoS mechanism, network mobility and network security. In different management domains, in order to achieve different purposes, Different access control methods and access control systems are often used

Images