公开(公告)号：US10178129B2

公开(公告)日：2019-01-08

申请号：US15153195

申请日：2016-05-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yibin Xu ,  Bing Sun ,  Jun Li

IPC: H04L29/06

Abstract: A network security method and a device relating to the field of network communication where the method includes, recording a correspondence between an Internet Protocol (IP) address and an security group tag (SGT), and executing a network security policy on a receiver of a data packet according to the recorded correspondence between the IP address and the SGT such that SGT information of the receiver does not need to be specially propagated, thereby decreasing network resource consumption and reducing network complexity.

公开(公告)号：US09787536B2

公开(公告)日：2017-10-10

申请号：US14712235

申请日：2015-05-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yibin Xu ,  Bing Sun

IPC: H04L12/24 ,  H04L12/741 ,  H04L29/06 ,  H04L12/06 ,  H04L12/08 ,  H04W12/06 ,  H04W12/08

CPC classification number: H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L45/74 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

Abstract: A method and an apparatus for configuring a packet forwarding manner. The method includes receiving, by a control node (CN), a connection establishment request packet from a client device, and acquiring a user attribute according to the request packet; according to the user attribute and a forwarding policy, acquiring, by the first CN, a packet forwarding manner corresponding to the client device, where the forwarding policy includes a packet forwarding manner corresponding to the user attribute; and after authentication succeeds, sending, by the first CN, a message carrying the acquired packet forwarding manner to a wireless access point (AP) associated with the client device, so as to instruct the wireless AP to create a forwarding entry of the client device, where the forwarding entry includes the packet forwarding manner. The present invention implements user-based control of a packet forwarding manner, simplifying configuration and maintenance.

公开(公告)号：US09699658B2

公开(公告)日：2017-07-04

申请号：US14700976

申请日：2015-04-30

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wei E ,  Jun Li ,  Bing Sun ,  Guange Shao

IPC: H04W12/06 ,  H04W76/02 ,  H04W48/02 ,  H04W12/08 ,  H04L29/06

CPC classification number: H04W12/08 ,  H04L63/0876 ,  H04L63/101 ,  H04W12/06 ,  H04W48/02 ,  H04W76/10

Abstract: A control method and an apparatus for network admission, which can control network admission of a wireless termination point (WTP) in a condition that a live network is not upgraded. In the method, an access controller (AC) that has a network admission control function receives a join request packet from a WTP and establishes a Control and Provisioning of Wireless Access Points (CAPWAP) connection with the WTP. If the CAPWAP connection between the AC and the WTP is successfully established, the AC enables permission of the WTP. In another control method for network admission disclosed in the present application, an AC receives a join request packet from a WTP and establishes a CAPWAP connection with the WTP. A network admission end enables permission of the WTP according to a result from the AC that the connection between the AC and the WTP is successfully established.

公开(公告)号：US20160261638A1

公开(公告)日：2016-09-08

申请号：US15153195

申请日：2016-05-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yibin Xu ,  Bing Sun ,  Jun Li

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0218 ,  H04L63/0236 ,  H04L63/104

Abstract: A network security method and a device relating to the field of network communication where the method includes, recording a correspondence between an Internet Protocol (IP) address and an security group tag (SGT), and executing a network security policy on a receiver of a data packet according to the recorded correspondence between the IP address and the SGT such that SGT information of the receiver does not need to be specially propagated, thereby decreasing network resource consumption and reducing network complexity.

Abstract translation: 一种网络安全方法和与网络通信领域相关的设备，其中所述方法包括：记录因特网协议（IP）地址和安全组标签（SGT）之间的对应关系，并且在接收机上执行网络安全策略 数据包根据IP地址和SGT之间记录的对应关系，使得接收机的SGT信息不需要特别传播，从而减少网络资源消耗，降低网络复杂度。

公开(公告)号：US20150333958A1

公开(公告)日：2015-11-19

申请号：US14712235

申请日：2015-05-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yibin Xu ,  Bing Sun

IPC: H04L12/24 ,  H04L12/741

CPC classification number: H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L45/74 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

Abstract: A method and an apparatus for configuring a packet forwarding manner. The method includes receiving, by a control node (CN), a connection establishment request packet from a client device, and acquiring a user attribute according to the request packet; according to the user attribute and a forwarding policy, acquiring, by the first CN, a packet forwarding manner corresponding to the client device, where the forwarding policy includes a packet forwarding manner corresponding to the user attribute; and after authentication succeeds, sending, by the first CN, a message carrying the acquired packet forwarding manner to a wireless access point (AP) associated with the client device, so as to instruct the wireless AP to create a forwarding entry of the client device, where the forwarding entry includes the packet forwarding manner. The present invention implements user-based control of a packet forwarding manner, simplifying configuration and maintenance.

Abstract translation: 一种用于配置分组转发方式的方法和装置。 该方法包括：由控制节点（CN）接收来自客户端设备的连接建立请求分组，并根据请求分组获取用户属性; 根据所述用户属性和转发策略，由所述第一CN获取与所述客户端设备相对应的分组转发方式，其中所述转发策略包括与所述用户属性相对应的分组转发方式; 并且在认证成功之后，由第一CN发送携带获取的分组转发方式的消息到与该客户端设备相关联的无线接入点（AP），以指示无线AP创建客户端设备的转发表项 ，其中转发条目包括分组转发方式。 本发明实现了用户对分组转发方式的控制，简化了配置和维护。