Background technology
In traditional CHINA RFTCOM Co Ltd, the radio and TV operator is subject to the constraint of national policy and technical conditions, can't provide perfect Internet service to the user, and conventional telecommunications operator can't provide visual broadcast service to the user, along with the demand of integrated service is more and more stronger, the integration of three networks is formally listed state key in and is supported project.
The integration of three networks is meant that specifically telecommunications network, computer network and cable television network three macroreticulars by technological transformation, can provide comprehensive multimedia communication services such as comprising voice, data, image, makes full use of coaxial cable, and integrated service is provided.
Coaxial Ethernet system (EOC-Ethernet over Coaxial) is a kind of system of transmitting Ethernet and CATV business on coaxial cable simultaneously, comprises coaxial broadband access terminal (CBAT-CoxialBroadband Access Terminal) and coaxial network unit (CNU-Coaxial Network Unit).This coaxial Ethernet system provides plurality of access modes at user side to the user, comprises CATV, POTS, WIFI, FE or GE etc.Network side provides multiple first line of a couplet mode, and up link can be FE, GE, EPON, GPON etc. in also can the FTTX network, and up link provides CATV signal simultaneously.At network side, coaxial Ethernet system up link is mixed CATV signal and Ethernet and is transmitted, and at user side, CNU separates the CATV signal with Ethernet.
Along with the continuous increase of user to the integrated service demand, coaxial Ethernet system covering radius constantly dwindles, and place capacity constantly increases.Simultaneously, because the particularity of coaxial cable, requirements at the higher level have been proposed for the installation site and the user side multi-service access capability of network equipment.As, network equipment might be deployed in the road limit; Also may be deployed on electric pole, the steel strand wire; Also may hang on the wall or in the corridor.Aspect the user side service access, might be abundanter, as the integrated POTS function of needs, so that speech business to be provided; Also the function of the integrated WLAN of possibility when wired access is provided, increases the mode of wireless access.
For coaxial Ethernet system, because simultaneously integrated data module and CATV module are different from traditional Ethernet connecting system, how coaxial Ethernet system is managed, guarantee that business opens easily smoothly and be maintained as for a challenge.The networking model of coaxial Ethernet system: each CBAT exports after one or more mixed signal, and every road mixed signal is connected to different CNU by a plurality of branch distributors.Since one shared coaxial on, can be for a plurality of CNU provide access, for CBAT, each CNU is connected on the same physical port, therefore can't locate different CNU by the physical port of CBAT, also can't be according to the concrete physical location of port locations CNU.The white list of existing coaxial Ethernet system manages according to the MAC Address of CNU, and when user installation, CNU is to CBAT reporting MAC address information, and CBAT manages the white list catalogue.The own predefined white list catalogue of CBAT and basis is discerned the mac address information that CNU reports, as meets the white list definition, and then customer service is normally open-minded.
The defective of above-mentioned prior art is, CNU need know to be installed under which CBAT in advance to the CBAT reporting MAC address time, install in strict accordance with the concrete deployed position of CBAT, because the configuration of different CBAT white lists is different, this mode can increase project installation personnel workload.In addition, when changing CNU, also need CBAT is configured renewal, process is loaded down with trivial details, makes mistakes easily, is not inconsistent management maintenance theory quickly and easily.
Embodiment
The embodiment of the invention provides the white list collocation method in a kind of coaxial Ethernet system, this method comprises: coaxial broadband access terminal (CBAT:Coaxial Broadband Access Terminal) and/or certificate server are safeguarded the white list of coaxial network unit (CNU:Coaxial Network Unit), and refuse illegal CNU according to the white list of preserving and insert.
As shown in Figure 1, the embodiment of the invention provides the white list collocation method in a kind of coaxial Ethernet system, and the idiographic flow of this method comprises:
Step 101, the white list among authentication initialization server and the CBAT.
Step 102 is added the identification information of all CNU of disposing in the sub-district in the white list that certificate server preserves to.In order to distinguish the white list that certificate server is preserved in the description below the white list of preserving in CBAT and the certificate server is overall white list.
Common CBAT band number of users is in 100, and the certificate server of CBAT can be managed thousands of even up to ten thousand CBAT.When generally in a sub-district, disposing, need tens CBAT usually, but certificate server only needs one.The engineering staff goes to install before the CNU, can't know which CBAT the CNU first line of a couplet equipment of be about to installing is, but knows and belong to which webmaster.So, on webmaster, set up the overall situation/the white list system of inter-network element, solved the difficulty on the engineering.
Step 103, CNU is connected in the coaxial Ethernet system, and the back that powers on sends register requirement to CBAT, carries the identification information of CNU in the register requirement.
Step 104, CBAT mates the CNU identification information of preserving in the identification information of the CNU that receives and the local white list, if coupling is unsuccessful, then sends the inquiry request to certificate server, comprise the identification information of described CNU in this inquiry request, change step 105 over to; Otherwise, change step 109 over to.
Step 105, certificate server authenticates by the identification information of overall white list to described CNU, and will authenticate the CBAT that the authentication information that whether passes through sends to initiation inquiry request; Wherein, preserve the identification information of the CNU that disposes in the sub-district in the described overall white list;
In this step, after certificate server authenticates the identification information of described CNU by overall white list, send authentication information to CBAT.Pass through if determine described CNU authentication, also in overall white list, form the corresponding relation of CNU and CBAT.
Step 106, CBAT receives the authentication information that certificate server issues, and according to described authentication information determine whether the authentication pass through, if pass through, change step 107 over to; Otherwise refuse described register requirement.
Step 107 sends acknowledge message to CNU; CBAT increases the identification information of described CNU in local white list simultaneously.
Determine the CBAT of the first line of a couplet as the CNU of new registration after, the registration of reaching the standard grade once more, the embodiment of the invention comprises:
Step 108:CNU module C1 closes electricity, and powers on once more, and when reaching the standard grade for the second time registration, CBAT searches this CNU identification information in local white list, and authentication is passed through, and C1 sends out acknowledge message to the CNU module.Promptly can finish authentication by local white list.
Step 109: white list configuration and verification process finish.
Further, for the overall white list that guarantees local white list among the CBAT and certificate server keeps synchronously, this method also comprises:
Step 110 when certificate server is made amendment to the CNU in the overall white list or deleted, according to the corresponding relation of CNU described in the overall white list and CBAT, will issue to CBAT and revise or delete corresponding CNU order from white list.
As shown in Figure 2, according to said method, the embodiment of the invention also provides a kind of coaxial Ethernet system, comprises coaxial network unit CNU201, coaxial broadband access terminal CBAT202 and certificate server 203:
Coaxial network unit (CNU) 201 is used for after being connected to coaxial Ethernet system, sends register requirement to coaxial broadband access terminal (CBAT) 202;
Coaxial broadband access terminal (CBAT) 202 and certificate server 203 are used to safeguard the white list of coaxial network unit, and after receiving described register requirement, refuse illegal CNU according to the white list of preserving and insert.
When 203 couples of coaxial network unit CNU of coaxial broadband access terminal (CBAT) 202 and certificate server authenticate, specific implementation can be:
Described coaxial network unit CNU carries the identification information of CNU in described register requirement;
Then coaxial broadband access terminal (CBAT) 202 also is used for the identification information of the identification information of described CNU and self preservation white list is mated, if coupling is unsuccessful, then sends the inquiry request that comprises described CNU identification information to certificate server;
The white list that certificate server 203 is preserved by self authenticates the identification information of described CNU.
If described certificate server also is used for by the white list of self preserving described CNU authentication being passed through, then send acknowledge message to CBAT;
Then CBAT sends out acknowledge message to CNU, and increases the identification information of described CNU in the white list of self preserving.
Common CBAT band number of users is in 100, and the certificate server of CBAT can be managed thousands of even up to ten thousand CBAT.When generally in a sub-district, disposing, need tens CBAT usually, but certificate server only needs one.
After the white list that described certificate server 203 also is used for preserving by self passes through described CNU authentication, determine that described CBAT is the first line of a couplet equipment of CNU, and in overall white list, add the corresponding relation of described CNU and CBAT.
For, guarantee that the overall white list of local white list in the coaxial broadband access terminal (CBAT) 202 and certificate server 203 keeps synchronously;
Described certificate server 203 when self preserving CNU in the white list and make amendment or deleting, according to the corresponding relation of CNU described in the overall white list and CBAT, the order that issues from white list modification or delete corresponding CNU to the CBAT of correspondence.
In embodiments of the present invention, described certificate server can be the third party who is independent of in the Ethernet system, also can be arranged in the network management system.
White list activating method and device that the embodiment of the invention provided, when opening, do not need the CNU that is concerned about new installation specifically to be connected under which CBAT, the identification information that only needs to increase CNU in the overall white list of certificate server gets final product, and increases the convenience of project installation.
Certificate server also possesses overall white list maintenance function.When overall white list being made amendment or deletes, can issue the CBAT that forms CNU and CBAT binding relationship and revise or delete command, synchronous with the overall white list maintenance of local white list among the assurance CBAT and certificate server.
Method of the present invention is not limited to the embodiment described in the embodiment, and those skilled in the art's technical scheme according to the present invention draws other execution mode, belongs to technological innovation scope of the present invention equally.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.