公开(公告)号：US10652205B2

公开(公告)日：2020-05-12

申请号：US16145099

申请日：2018-09-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Yibin Xu ,  Donghui Wang ,  Rong Yang

IPC: G06F15/16 ,  H04L29/12 ,  H04L12/741

Abstract: A NAT entry management method and a NAT device are disclosed. The method includes: receiving and storing, by a NAT device, a connection parameter, where the connection parameter includes an address of a controller; receiving a packet sent by a network device, where a source address of the packet is a private address of the network device and a destination address of the packet is the address of the controller; performing NAT on the packet, where an after-NAT source address of the packet is a public address; and when a static entry condition is met, generating a target static NAT entry, where the static entry condition includes that the destination address of the packet is the address of the controller. This can prevent aging of the NAT entry from affecting communication between the network device and the controller.

公开(公告)号：US09825950B2

公开(公告)日：2017-11-21

申请号：US14991555

申请日：2016-01-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bing Sun ,  Yibin Xu ,  Penghe Tang

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L63/0876 ,  H04L61/6022 ,  H04L63/102 ,  H04L67/141 ,  H04W12/06 ,  H04W12/08

Abstract: A method, an apparatus, and a system for controlling access of a user terminal, where the method includes receiving, by a controller, an authentication packet sent by an access switching node through an established data tunnel; obtaining, by the controller, a source media access control (MAC) address of the authentication packet; after access authentication implemented on a user terminal, determining, from a maintained correspondence between MAC addresses of user terminals and interface identifiers, an interface identifier corresponding to the MAC address of the successfully-authenticated user terminal, where the interface identifier identifies an interface connected to the user terminal; and sending, by the controller, the determined interface identifier to the access switching node through an established control tunnel, and instructing the access switching node to enable the interface corresponding to the interface identifier.

公开(公告)号：US20160127306A1

公开(公告)日：2016-05-05

申请号：US14992085

申请日：2016-01-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Chunning Wang ,  Yibin Xu

IPC: H04L29/12 ,  H04L12/18 ,  H04L12/46

CPC classification number: H04L61/1511 ,  H04L12/18 ,  H04L12/4641 ,  H04L61/1541 ,  H04L61/6013 ,  H04L67/16

Abstract: A packet transmission method, apparatus, and system in a multicast domain name system (mDNS), which are used to resolve a network bandwidth waste problem due to much service information needs to be transmitted in an mDNS-based network. The method includes, converting, by a relay, a known-answer service query packet that is sent by a user terminal and used to query service information in an mDNS, into a unicast known-answer service query packet and sending the unicast known-answer service query packet to a gateway, receiving, by the relay, a unicast known-answer service answer packet that is sent by the gateway and includes service information unknown to the user terminal, and converting, by the relay, the unicast known-answer service answer packet into a multicast known-answer service answer packet and sending the multicast known-answer service answer packet to the user terminal.

Abstract translation: 组播域名系统（mDNS）中的分组传输方法，装置和系统，用于解决由于大量服务信息引起的网络带宽浪费问题需要在基于mDNS的网络中传输。 该方法包括：通过中继将由用户终端发送并用于查询mDNS中的服务信息的已知应答业务查询报文转换为单播已知应答业务查询报文，并发送单播已知答复 服务查询分组发送到网关，由中继接收由网关发送的单播已知应答服务应答分组，并且包括用户终端未知的服务信息，并由中继转换单播已知应答业务 将数据包应答到组播已知应答业务应答报文中，并向用户终端发送组播已知应答业务应答报文。

公开(公告)号：US20160261638A1

公开(公告)日：2016-09-08

申请号：US15153195

申请日：2016-05-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yibin Xu ,  Bing Sun ,  Jun Li

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0218 ,  H04L63/0236 ,  H04L63/104

Abstract: A network security method and a device relating to the field of network communication where the method includes, recording a correspondence between an Internet Protocol (IP) address and an security group tag (SGT), and executing a network security policy on a receiver of a data packet according to the recorded correspondence between the IP address and the SGT such that SGT information of the receiver does not need to be specially propagated, thereby decreasing network resource consumption and reducing network complexity.

Abstract translation: 一种网络安全方法和与网络通信领域相关的设备，其中所述方法包括：记录因特网协议（IP）地址和安全组标签（SGT）之间的对应关系，并且在接收机上执行网络安全策略 数据包根据IP地址和SGT之间记录的对应关系，使得接收机的SGT信息不需要特别传播，从而减少网络资源消耗，降低网络复杂度。

公开(公告)号：US20150333958A1

公开(公告)日：2015-11-19

申请号：US14712235

申请日：2015-05-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yibin Xu ,  Bing Sun

IPC: H04L12/24 ,  H04L12/741

CPC classification number: H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L45/74 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

Abstract: A method and an apparatus for configuring a packet forwarding manner. The method includes receiving, by a control node (CN), a connection establishment request packet from a client device, and acquiring a user attribute according to the request packet; according to the user attribute and a forwarding policy, acquiring, by the first CN, a packet forwarding manner corresponding to the client device, where the forwarding policy includes a packet forwarding manner corresponding to the user attribute; and after authentication succeeds, sending, by the first CN, a message carrying the acquired packet forwarding manner to a wireless access point (AP) associated with the client device, so as to instruct the wireless AP to create a forwarding entry of the client device, where the forwarding entry includes the packet forwarding manner. The present invention implements user-based control of a packet forwarding manner, simplifying configuration and maintenance.

Abstract translation: 一种用于配置分组转发方式的方法和装置。 该方法包括：由控制节点（CN）接收来自客户端设备的连接建立请求分组，并根据请求分组获取用户属性; 根据所述用户属性和转发策略，由所述第一CN获取与所述客户端设备相对应的分组转发方式，其中所述转发策略包括与所述用户属性相对应的分组转发方式; 并且在认证成功之后，由第一CN发送携带获取的分组转发方式的消息到与该客户端设备相关联的无线接入点（AP），以指示无线AP创建客户端设备的转发表项 ，其中转发条目包括分组转发方式。 本发明实现了用户对分组转发方式的控制，简化了配置和维护。

公开(公告)号：US20140119358A1

公开(公告)日：2014-05-01

申请号：US14059562

申请日：2013-10-22

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yibin Xu

IPC: H04W40/02 ,  H04W88/08 ,  H04W84/12

CPC classification number: H04W40/02 ,  H04L12/4633 ,  H04L45/021 ,  H04L45/22 ,  H04L45/66 ,  H04L61/103 ,  H04L61/2015 ,  H04L61/6009 ,  H04W40/248 ,  H04W84/12 ,  H04W88/08

Abstract: Embodiments of the present invention provide a service packet forwarding and processing method and system, and an access point AP. Change information of a packet forwarding path of a mobile terminal STA is obtained. A path update packet is sent to a forwarding device according to the change information of the packet forwarding path of the STA, so that the forwarding device performs update processing on the forwarding path of the STA according to the path update packet.

Abstract translation: 本发明的实施例提供了一种服务分组转发和处理方法和系统以及接入点AP。 获得移动终端STA的分组转发路径的改变信息。 根据STA的分组转发路径的变化信息，向转发设备发送路径更新分组，使得转发设备根据路径更新分组对STA的转发路径进行更新处理。

公开(公告)号：US10917406B2

公开(公告)日：2021-02-09

申请号：US16129333

申请日：2018-09-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yibin Xu

IPC: H04L29/06 ,  H04L12/46 ,  H04L12/931 ,  H04L29/08 ,  H04L29/12 ,  H04W12/08 ,  H04W12/06

Abstract: An access control method, system, and a switch, pertains to the field of network technologies. The access control method includes receiving, by an authentication device, a packet from an access device, where the packet includes a virtual local area network (VLAN) identifier, and authenticating, by the authentication device based on the VLAN identifier and a preconfigured correspondence using an authentication method corresponding to the VLAN identifier, a terminal device sending the packet, where the correspondence includes a mapping from a plurality of VLAN identifiers to at least two authentication methods. Hence, the authentication method of the terminal device is determined based on the VLAN identifier such that different authentication methods may be used for terminal devices in different VLANs. Therefore, an access manner is flexible.

公开(公告)号：US20190081946A1

公开(公告)日：2019-03-14

申请号：US16129333

申请日：2018-09-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yibin Xu

IPC: H04L29/06 ,  H04L12/46

Abstract: An access control method, system, and a switch, pertains to the field of network technologies. The access control method includes receiving, by an authentication device, a packet from an access device, where the packet includes a virtual local area network (VLAN) identifier, and authenticating, by the authentication device based on the VLAN identifier and a preconfigured correspondence using an authentication method corresponding to the VLAN identifier, a terminal device sending the packet, where the correspondence includes a mapping from a plurality of VLAN identifiers to at least two authentication methods. Hence, the authentication method of the terminal device is determined based on the VLAN identifier such that different authentication methods may be used for terminal devices in different VLANs. Therefore, an access manner is flexible.

公开(公告)号：US20160127368A1

公开(公告)日：2016-05-05

申请号：US14991555

申请日：2016-01-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bing Sun ,  Yibin Xu ,  Penghe Tang

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L63/0876 ,  H04L61/6022 ,  H04L63/102 ,  H04L67/141 ,  H04W12/06 ,  H04W12/08

Abstract: A method, an apparatus, and a system for controlling access of a user terminal, where the method includes receiving, by a controller, an authentication packet sent by an access switching node through an established data tunnel; obtaining, by the controller, a source media access control (MAC) address of the authentication packet; after access authentication implemented on a user terminal, determining, from a maintained correspondence between MAC addresses of user terminals and interface identifiers, an interface identifier corresponding to the MAC address of the successfully-authenticated user terminal, where the interface identifier identifies an interface connected to the user terminal; and sending, by the controller, the determined interface identifier to the access switching node through an established control tunnel, and instructing the access switching node to enable the interface corresponding to the interface identifier.

Abstract translation: 一种用于控制用户终端访问的方法，装置和系统，其中所述方法包括由控制器通过建立的数据隧道接收由接入交换节点发送的认证分组; 由所述控制器获取所述认证包的源媒体访问控制（MAC）地址; 在用户终端上实现接入认证之后，从用户终端的MAC地址和接口标识符之间的维持的对应关系中确定与成功认证的用户终端的MAC地址对应的接口标识符，其中，接口标识符标识连接到 用户终端; 并且由所述控制器通过建立的控制隧道将所确定的接口标识符发送到所述接入交换节点，并且指示所述接入交换节点启用与所述接口标识符相对应的接口。

公开(公告)号：US09215642B2

公开(公告)日：2015-12-15

申请号：US14059562

申请日：2013-10-22

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yibin Xu

IPC: H04W4/00 ,  H04W40/02 ,  H04L29/12 ,  H04W88/08 ,  H04W84/12

CPC classification number: H04W40/02 ,  H04L12/4633 ,  H04L45/021 ,  H04L45/22 ,  H04L45/66 ,  H04L61/103 ,  H04L61/2015 ,  H04L61/6009 ,  H04W40/248 ,  H04W84/12 ,  H04W88/08

Abstract: Embodiments of the present invention provide a service packet forwarding and processing method and system, and an access point AP. Change information of a packet forwarding path of a mobile terminal STA is obtained. A path update packet is sent to a forwarding device according to the change information of the packet forwarding path of the STA, so that the forwarding device performs update processing on the forwarding path of the STA according to the path update packet.

Abstract translation: 本发明的实施例提供了一种服务分组转发和处理方法和系统以及接入点AP。 获得移动终端STA的分组转发路径的改变信息。 根据STA的分组转发路径的变化信息，向转发设备发送路径更新分组，使得转发设备根据路径更新分组对STA的转发路径进行更新处理。