Summary of the invention
In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kindState a kind of method and system for preventing port Vlan configuration error of problem.The present invention provides one kind to prevent port Vlan from configuringThe method of mistake leads to the de- pipe of switching equipment for preventing, which is characterized in that this method comprises:
When in the received ARP message of the switching equipment destination IP and purpose MAC be itself IP and MAC when, VlanJudge the ARP message reception VlanID whether be Vlan receiving port PVID, as the reception VlanID of the ARP messageWhether be Vlan receiving port PVIDVlan, then judge whether the port PVID is tag attribute;
When the port PVID is tag attribute, then a VlanID is sent to terminal device from the port and be equal to endThe ARP message with tag of mouth PVID, when the response for receiving terminal device in first time period, then terminal device can identify bandTag message;
When the response for not receiving terminal device in first time period, the ARP report for sending a untag is forced from portText;When the response for receiving terminal device in second time period, then forcing the attribute modification by port in PVID is untag.
The switching equipment receives destination IP and purpose MAC and also wraps for the ARP message of the IP and MAC of the switching equipmentInclude, first determine whether destination IP and purpose MAC in the ARP message whether be the switching equipment IP and MAC, when describedWhen destination IP and purpose MAC in ARP message are not IP and MAC of the switching equipment, the ARP message is abandoned.
It is described to judge whether port is that tag attribute includes in PVID, sentenced according to attribute setting of the port in Vlan tableWhether Vlan of the interruptive port in PVID is tag attribute.
The switching equipment is the interchanger for supporting IEEE802.1q agreement.
When the response for receiving terminal device in second time period further include: switching equipment opens its port in PVIDThe setting of attribute modification.
The present invention provides a kind of systems for preventing port Vlan configuration error, lead to the de- pipe of switching equipment for preventing,It is characterized in that, the system comprises:
Judge port PVID for tag attribute device, in the received ARP message of the switching equipment destination IP andWhen purpose MAC is IP and MAC of itself, Vlan judges whether the reception VlanID of the ARP message is Vlan receiving portWhether PVID, the VlanID where the port PVID in the ARP message is the ARP message, then judge the port PVIDFor tag attribute;
Tag device is identified, for when the port PVID is tag attribute, then sending from the port to terminal deviceOne VlanID is equal to the ARP message with tag of port PVID, when the response for receiving terminal device in first time period, thenTerminal device can identify band tag message;
Untag device is identified, for forcing to send from port when the response for not receiving terminal device in first time periodThe ARP message of one untag is then forced port in PVID when the response for receiving terminal device in second time periodAttribute modification is untag.
It is described to judge that port PVID for tag attribute device further includes the destination IP and mesh first determined whether in the ARP messageMAC whether be the switching equipment IP and MAC, when in the ARP message destination IP and purpose MAC be not the exchangeWhen IP and MAC of equipment, the ARP message is abandoned.
Judge that port PVID is to judge whether port is that tag attribute further includes in PVID in tag attribute device, according toAttribute setting of the port in Vlan table judges whether Vlan of the port in PVID is tag attribute.
Switching equipment in the system is the interchanger for supporting IEEE802.1q agreement.
In the identification untag device when receiving the response of terminal device in second time period further include: exchange is setThe setting of attribute modification of standby its port of opening in PVID.
The present invention provides a kind of methods for preventing port Vlan configuration error, lead to the de- pipe of switching equipment for preventing,Wherein switching equipment Vlan judge the ARP message reception VlanID whether be Vlan receiving port PVID, as the ARPVlanID where port PVID in message is the ARP message, then judge whether the port PVID is tag attribute;Work as instituteWhen to state port PVID be tag attribute, then the band tag of VlanID equal to port PVID is sent from the port to terminal deviceARP message, when the response for receiving terminal device in first time period, then terminal device can identify band tag message;WhenThe ARP message for sending a untag is forced in the response for not receiving terminal device in one period from port;When in the second timeThe response of terminal device is received in section, then forcing the attribute modification by port in PVID is untag, efficiently solves terminal and setsIt is standby to visit again switching equipment, i.e., the problems such as de- pipe or equipment can not access.
To which bandwidth resources effectively be utilized, the efficiency of transmission of data message is improved, data-message transmission is metReal-time demand.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage canIt is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Specific embodiment
For effective data message transmission, meet the real-time demand of data message, the embodiment of the invention provides oneKind prevents the method and system of port Vlan configuration error.
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawingExemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth hereIt is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosureIt is fully disclosed to those skilled in the art.
Below with reference to attached drawing is illustrated, the embodiment of the present invention is illustrated.
Fig. 1 is a kind of method and step figure for preventing port Vlan configuration error provided in an embodiment of the present invention, for preventingLead to the de- pipe of switching equipment, the process the following steps are included:
S101: when in the received ARP message of the switching equipment destination IP and purpose MAC be itself IP and MAC when,Judge the port PVID in the ARP message whether be Vlan where the ARP message ID, the end in the ARP messageVlanID where mouth PVID is the ARP message, then judge whether the port PVID is tag attribute;
In this step, the ARP message that switching equipment receiving terminal apparatus first here is sent, is judged by switching equipmentThe destination IP and purpose MAC of the received ARP message of this equipment whether the IP and mac of this equipment, based on IP and MAC comparison judgementAs a result, as the IP of the two and MAC inconsistent, switching equipment here is by the ARP packet loss;
When the IP of the two is consistent with MAC, judge whether the port PVID in the ARP message is the ARP message instituteIn the ID of Vlan, where port PVID is not ARP message when the ID of Vlan, which will report according to the atp receivedText responds an icmp packet to the terminal device for sending the ARP message;The ID of Vlan where port PVID is ARP messageWhen, illustrate that the virtual LAN ID number of port is consistent with the ID number of Vlan where ARP message, to judge port on this basisWhether PVID is tag attribute.
It leads in this entire step to illustrate that switching equipment judges end according to the port PVID of its received ARP messageWhether mouth PVID is tag attribute.
Here by ARP message when applicable message, actually it is also possible to ping message.
S102: when the port PVID is tag attribute, then a VlanID is sent to equipment from the port and be equal to endThe ARP message with tag of mouth PVID;
When the response for receiving terminal device in first time period, then terminal device can identify band tag message, without being spyDifferent operation;When the response for not receiving terminal device in first time period, illustrate that terminal device is nonrecognition band tag message,At this moment the ARP message of one untag of transmission is forced from port again.
In this step, it is mainly used for judging whether terminal device can identify tag, that is to say, that terminal device is sent shouldWhether the port of arp message identifies tag, and main method is that switching equipment sends a VlanID to terminal device and is equal to portThe ARP message with tag of PVID, check terminal device can identify band tag message, that is, if switching equipment at the first timeWhen can receive response in section, illustrate that terminal device can identify band tag message;If do not received in first time periodTo response, illustrate that terminal device is nonrecognition band tag message at least, further, switching equipment passes through hair to terminal deviceSend the ARP message with untag.
Here first time period is artificially arranged, and can be adjusted according to actual needs.
S103: when the response for receiving terminal device in first time period, illustrate that terminal device is only to support untag messageEquipment, then force attribute modification of the port in PVID to be untag;When not receiving response within the second time, then illustrateTerminal device is offline, or opens ping protection, does not also do specially treated.
In this step, switching equipment is by sending an ARP message with untag to terminal device, to determine terminalEquipment is identification untag, and the specific steps are switching equipment by sending an ARP message with untag to terminal device, is checkedThe response that the ARP message to band untag whether is received in second time period illustrates that the terminal is only to prop up if receivedThe equipment for holding untag message, switching equipment are forced attribute modification of the port in PVID to be untag, if not theTwo periods received response, then illustrated that the terminal device is offline, and switching equipment does not process attribute of the port in PVID.
Specified otherwise is needed, the technical solution that this programme is related to mainly is suitable for the port Hybrid, while also partSuitable for the port Trunk, certain application purpose also not only for data isolation, can be used for setting data priority.
Further, from the point of view of security standpoint: switching equipment receives the response of terminal device in second time period, saysBright terminal device is the equipment for only supporting untag text further include: switching equipment opens attribute modification of its port in PVIDSetting.
Further, described to judge whether port is that tag attribute includes in PVID, according to category of the port in Vlan tableProperty setting judge whether Vlan of the port in PVID is tag attribute.
Below by a specific embodiment, the present invention is described in detail.
If Fig. 2 is a kind of method specific steps figure for preventing port Vlan configuration error, wherein equipment includes switching equipmentAnd terminal device,.
Specific steps include: S201: switching equipment sends the ARP message with tag.
In this step, the ARP message that switching equipment receiving terminal apparatus first here is sent judges this by switching equipmentThe destination IP and purpose MAC of the received ARP message of equipment whether the IP and mac of this equipment, comparison based on IP and MAC judges knotFruit, as the IP of the two and MAC inconsistent, switching equipment here is by the ARP packet loss;
When the IP of the two is consistent with MAC, judge whether the port PVID in the ARP message is the ARP message instituteIn the ID of Vlan, where port PVID is not ARP message when the ID of Vlan, which will report according to the arp receivedText responds an icmp packet to the terminal device for sending the ARP message;The ID of Vlan where port PVID is ARP messageWhen, illustrate that the virtual LAN ID number of port is consistent with the ID number of Vlan where ARP message, to judge port on this basisWhether PVID is tag attribute.
Here judge that the step of whether port is tag attribute in PVID includes, according to category of the port in Vlan tableProperty setting judge whether Vlan of the port in PVID is tag attribute.
In this example, the equipment that switching equipment can be interchanger or other functions of exchange should be supportedIEEE802.1q agreement.
S202: terminal device responds the ARP message with tag.
In this step, when the port PVID is tag attribute, then a VlanID is sent from the port to equipmentThe ARP message with tag equal to port PVID;
When the response for receiving terminal device in first time period, then terminal device can identify band tag message, without being spyDifferent operation;When the response for not receiving terminal device in first time period, illustrate that terminal device is nonrecognition band tag message,At this moment the ARP message of one untag of transmission is forced from port again.
Judge whether terminal device can identify tag, that is to say, that whether know the port that terminal device sends the arp messageOther tag, main method are the ARP messages with tag that switching equipment sends that a VlanID is equal to port PVID to terminal device,Check that terminal device can identify band tag message, that is, if switching equipment is can receive in first time period when responding,Illustrate that terminal device can identify band tag message;If illustrating that terminal is set at least being not received by response in first time periodStandby is nonrecognition band tag message, and further, switching equipment is to terminal device by sending the ARP report with untagText.
S203: switching equipment sends the ARP message with untag.
In step, when terminal device is message of the nonrecognition with tag, switching equipment sends band untag to terminal deviceARP message.
S204: terminal device responds the ARP message with untag.
When the response for receiving terminal device in second time period, illustrate that terminal device is only to support setting for untag messageStandby, then forcing the attribute modification by port in PVID is untag;When not receiving response within the second time, then illustrate terminalEquipment off-line, or ping protection is opened, also do not do specially treated.
In this step, switching equipment is by sending an ARP message with untag to terminal device, to determine terminalEquipment is identification untag, and the specific steps are switching equipment by sending an ARP message with untag to terminal device, is checkedThe response that the ARP message to band untag whether is received in second time period illustrates that the terminal is only to prop up if receivedThe equipment for holding untag message, switching equipment are forced attribute modification of the port in PVID to be untag, if not theTwo periods received response, then illustrated that the terminal device is offline, and switching equipment does not process attribute of the port in PVID.
In this step, when the response for receiving terminal device in second time period, illustrate that terminal device is only to supportWhen the equipment of untag text, at this point, switching equipment opens the setting of attribute modification of the port in PVID, from the view of security,Attribute modification of the port in PVID is prevented by malice or is arbitrarily modified.
Fig. 3 is a kind of system for preventing port Vlan configuration error provided in an embodiment of the present invention, causes to hand over for preventingThe de- pipe of exchange device, the system comprises:
Port PVID is judged for tag attribute device 31, for when the destination IP in the received ARP message of the switching equipmentWhen with purpose MAC being itself IP and MAC, Vlan judges whether the reception VlanID of the ARP message is Vlan receiving portPVID, the VlanID where the port PVID in the ARP message is the ARP message then judges that the port PVID isNo is tag attribute;
Tag device 32 is identified, for when the port PVID is tag attribute, then sending out from the port to terminal deviceThe ARP message with tag for sending a VlanID to be equal to port PVID, when the response for receiving terminal device in first time period,Then terminal device can identify band tag message;
Untag device 33 is identified, for forcing to send out from port when the response for not receiving terminal device in first time periodThe ARP message for sending a untag is then forced port in PVID when the response for receiving terminal device in second time periodAttribute modification be untag.
It is described judge port PVID for tag attribute device 31 further include first determine whether destination IP in the ARP message andPurpose MAC whether be the switching equipment IP and MAC, when in the ARP message destination IP and purpose MAC be not the friendshipWhen IP and MAC of exchange device, the ARP message is abandoned.
Judge that port PVID be the port that judges in tag attribute device 32 whether be tag attribute in PVID further includes rootJudge whether Vlan of the port in PVID is tag attribute according to attribute setting of the port in Vlan table.
Switching equipment in the system is the interchanger for supporting IEEE802.1q agreement.
In the identification untag device 33 when receiving the response of terminal device in second time period further include: exchangeEquipment opens the setting of attribute modification of its port in PVID.
Algorithm and display be not inherently related to any certain computer, virtual system or terminal device provided herein.Various general-purpose systems can also be used together with teachings based herein.As described above, it constructs required by this kind of systemStructure be obvious.In addition, the present invention is also not directed to any particular programming language.It should be understood that can use variousProgramming language realizes summary of the invention described herein, and the description done above to language-specific is to disclose this hairBright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the inventionExample can be practiced without these specific details.In some instances, well known method, structure is not been shown in detailAnd technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects,Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimesIn example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protectShield the present invention claims features more more than feature expressly recited in each claim.More precisely, as followingClaims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itselfAll as a separate embodiment of the present invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodimentChange and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodimentMember or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement orSub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use anyCombination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosedAll process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint powerBenefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purposeIt replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodimentsIn included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the inventionWithin the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointedMeaning one of can in any combination mode come using.
Various component embodiments of the invention can be implemented in hardware, or to run on one or more processorsSoftware module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practiceMicroprocessor or digital signal processor (DSP) come realize it is according to an embodiment of the present invention pass through link congestion when dynamic roadDiameter adjusts device, some or all functions of some or all components in terminal device and system.The present invention can be withSome or all device or device programs for executing method as described herein are embodied as (for example, computerProgram and computer program product).It is such to realize that program of the invention can store on a computer-readable medium, Huo ZhekeWith in the form of one or more signals.Such signal can be downloaded from an internet website to obtain, or in carrierIt provides, or is provided in any other form on signal.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and abilityField technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims,Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of notElement or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple suchElement.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer realIt is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branchTo embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fameClaim.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the artMind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologiesWithin, then the present invention is also intended to include these modifications and variations.