公开(公告)号：US20170063863A1

公开(公告)日：2017-03-02

申请号：US15254451

申请日：2016-09-01

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhichong Han ,  Bin Yu

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/083 ,  H04L63/0876 ,  H04L63/1458 ,  H04W12/06 ,  H04W12/08 ,  H04W12/12

Abstract: An access control device and an authentication control method, where the method includes detecting whether a packet that arrives at an access control device is an authentication start packet, where the authentication start packet is used to start an authentication process of a terminal that sends the authentication start packet, and restricting a rate at which the access control device receives an authentication start packet. It is detected whether the packet that arrives at the access control device is an authentication start packet, and the rate at which the access control device receives the authentication start packet is restricted. The rate at which the authentication start packet is received is restricted to control a quantity of terminals that enter subsequent authentication, which avoids an avalanche effect of wireless authentication caused when an excessively large quantity of terminals enter subsequent authentication simultaneously.

Abstract translation: 一种访问控制装置和认证控制方法，其中，所述方法包括检测到达访问控制装置的分组是否是认证开始分组，其中认证开始分组被用于开始发送认证的终端的认证处理 开始分组，并限制接入控制设备接收到认证开始分组的速率。 检测到达访问控制装置的分组是否是认证开始分组，并且访问控制装置接收到认证开始分组的速率受到限制。 接收认证开始分组的速率被限制为控制进入后续认证的终端数量，这避免了当过多的终端同时进入后续认证时引起的无线认证的雪崩效应。

公开(公告)号：US09883010B2

公开(公告)日：2018-01-30

申请号：US14272613

申请日：2014-05-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhichong Han ,  Bin Yu

IPC: G06F15/173 ,  G06F15/16 ,  H04L29/06 ,  H04L29/12 ,  H04L12/26

CPC classification number: H04L67/42 ,  H04L43/08 ,  H04L61/103 ,  H04L61/2015 ,  H04L63/0876 ,  H04L63/1483 ,  H04L63/162

Abstract: A method, an apparatus, a device, and a system for generating a Dynamic Host Configuration Protocol snooping (DHCP) Snooping binding table. The method includes: constructing a request packet for obtaining information about a DHCP client, and sending the request packet to a DHCP server; receiving a response packet corresponding to the request packet, and extracting the information about the client from the response packet, where the information about the client includes the client's Internet Protocol (IP) address and Media Access Control (MAC) address; and obtaining the client's virtual local area network (VLAN) number and ingress port number through the MAC address, and generating the DHCP Snooping binding table. The technical solutions solve the problem that traffic of some clients is lost due to a lack of a DHCP Snooping binding table of these clients in a process of enabling DHCP Snooping.

公开(公告)号：US20140244733A1

公开(公告)日：2014-08-28

申请号：US14272613

申请日：2014-05-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhichong Han ,  Bin Yu

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L67/42 ,  H04L43/08 ,  H04L61/103 ,  H04L61/2015 ,  H04L63/0876 ,  H04L63/1483 ,  H04L63/162

Abstract: A method, an apparatus, a device, and a system for generating a Dynamic Host Configuration Protocol snooping (DHCP) Snooping binding table. The method includes: constructing a request packet for obtaining information about a DHCP client, and sending the request packet to a DHCP server; receiving a response packet corresponding to the request packet, and extracting the information about the client from the response packet, where the information about the client includes the client's Internet Protocol (IP) address and Media Access Control (MAC) address; and obtaining the client's virtual local area network (VLAN) number and ingress port number through the MAC address, and generating the DHCP Snooping binding table. The technical solutions solve the problem that traffic of some clients is lost due to a lack of a DHCP Snooping binding table of these clients in a process of enabling DHCP Snooping.

Abstract translation: 一种用于生成动态主机配置协议侦听（DHCP）侦听绑定表的方法，装置，设备和系统。 该方法包括：构建用于获取有关DHCP客户端的信息的请求报文，并向DHCP服务器发送请求报文; 接收与所述请求分组相对应的响应分组，以及从所述响应分组提取关于所述客户端的信息，其中关于所述客户端的信息包括所述客户端的因特网协议（IP）地址和媒体访问控制（MAC）地址; 并通过MAC地址获取客户端的虚拟局域网（VLAN）号码和入口端口号，并生成DHCP Snooping绑定表。 技术解决方案解决了在启用DHCP Snooping的过程中由于缺少这些客户端的DHCP Snooping绑定表而导致某些客户端的流量丢失的问题。