Access control method for implementing binding MAC/IP of network device

Abstract

The system includes access control equipment. Through network wire, network port of the access control equipment in the system is connected to port at any vacant network exchange in controlled sub network. Software for managing server and configuring client end in strategy is installed on any PC server or terminal in network. The method includes steps mainly: using broadcast of pseudo ARP response message periodically to inform all hosts in network co cause IP conflict of unauthorized host; meanwhile, using pseudo MAC to refresh ARP buffer of each host in network to prevent communication between authorized host and unauthorized host so as to realize binding MAC / IP addresses. Without need of replacing any existed network equipment, and carrying out any adjustment for structure of network, the invention possesses advantages of saving large funds, easy of implementation, small maintenance work. The invention is applicable to enterprises and institutions of using computer and Ethernet.

Description

Technical field [0001] The invention belongs to the technical field of communication network security, in particular to an access control method for realizing the binding of MAC and IP of network equipment. Background technique [0002] At present, with the development of computers and the Internet, various enterprises and institutions have set up local area networks within the enterprise in order to further realize informatization. However, as the scale of each unit's local area Access control has increasingly become a major security issue faced by enterprises and institutions. Under normal circumstances, a computer can access the internal network of the enterprise as long as it correctly sets the IP address, gateway and other related information, and connects the correct network cable. If it cannot be effectively managed and controlled, the resulting security risks and Security incidents will be inevitable. [0003] Judging from the current solutions of the IT industry, ...

AI Technical Summary

Problems solved by technology

[0004] (1) All access switches or hubs must be replaced with devices with MAC and IP binding functions, which requires a huge investment

[0005] (2) The existing network structure will be changed, and the engineering implementation is complicated

[0006] (3) It is impossible to solve the problem of connecting hubs in series under the switch—if the hubs are connected in series under the access switch, the terminal devices connected under these hubs can bypass the MAC and IP binding function of the switch to access the network or interact with each other. Access—even if some switches support 802.1X MultiHost function, it still cannot solve the problem of mutual access between terminals under the hub

[0007] (4) The maintenance work is huge and cannot be implemented on a large scale—since policies need to be configured separately on all access switches, under the complex network structure of large and medium-sized enterprises, the above method is difficult to implement because it cannot be effectively maintained

[0008] (5) The combination of DHCP and gateway authentication will cause the terminal to obtain some network access rights before authentication

[0009] (6) Users who use gateway authentication must use username and password, which increases the difficulty of use

[0010] (7) Once the authentication system fails, it will directly affect the use of network resources by legitimate users

Images