CN102891793A - Ports physical isolation method and device - Google Patents
Ports physical isolation method and device Download PDFInfo
- Publication number
- CN102891793A CN102891793A CN2011102033595A CN201110203359A CN102891793A CN 102891793 A CN102891793 A CN 102891793A CN 2011102033595 A CN2011102033595 A CN 2011102033595A CN 201110203359 A CN201110203359 A CN 201110203359A CN 102891793 A CN102891793 A CN 102891793A
- Authority
- CN
- China
- Prior art keywords
- isolation
- port
- ports
- information
- data flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a ports physical isolation method and device. The ports physical isolation method comprises the steps of performing monitoring on data streams among ports of network equipment, connected to a scheduled gateway, matching the flow direction of the data streams with a preset ports isolation rule, and obtaining a matching result; and carrying out and/or removing the physical isolation of corresponding ports according to the matching result. By dint of a technical scheme of the invention, according to the ports physical isolation method and device which are disclosed by the invention, the automatic physical isolation of networks is achieved, the safety of the networks is truly ensured at the level of physical isolation, the whole isolation process is completed automatically without the need of initiative intervention of a user, and no extra hardware is required, thus the cost of a system is reduced. In addition, the technical scheme of the embodiment of the invention supports not only the isolation of the internal and external network but also the isolation of intranet ports, thereby being used more flexibly.
Description
Technical field
The present invention relates to field of mobile communication, particularly relate to a kind of ports physical partition method and device.
Background technology
At present, along with the development of network service and network application, the user wishes that the information that relates to individual privacy or commercial interest is subject to secret when transmission over networks, complete sum is protected really.
Home gateway plays an important role in Modern Family's network, on the one hand, it provides interface channel for each LA Management Room of household internal, and for the data communication of each LA Management Room of home network inside provides support, these internal datas are usually directed to user's privacy information; On the other hand, in order to connect internet (Internet), the network equipment of household internal needs again to be connected to external network, more than the existence of two kinds of application, buried hidden danger to network security.
In existing home gateway, also considered safety problem, for example, forbid illegal invasion by technology such as fire compartment wall, medium access control (Media Access Control is referred to as MAC) filtrations, forbid that external network is to the access of the household internal network equipment, but these technology normally realize by software, do not accomplish real physical network isolation, by special means, the outside mutual data of internal network that still can view.Based on the problems referred to above, proposed physical card equipment is carried out physically-isolated technical scheme, but used technique scheme to carry out physical isolation, need to increase extra hardware, indirectly increased user's cost, and the isolation rule of physical isolation card is more single, flexibility is relatively poor.
Summary of the invention
The invention provides a kind of ports physical partition method and device, when carrying out the ports physical isolation in the prior art to solve owing to need to increase cost height that extra hardware causes and the problem of very flexible.
The invention provides a kind of ports physical partition method, comprising:
Data flow between the port that is connected to each network equipment of being scheduled to gateway is monitored, the information that flows to and the port isolation rule that sets in advance of data flow are mated, and obtain matching result;
According to matching result the corresponding port is carried out physical isolation and/or removed physical isolation.
The present invention also provides a kind of ports physical spacer assembly, comprising:
The Network Data Control module is used for the data flow between the port that is connected to each network equipment of being scheduled to gateway is monitored, and the information that flows to and the port isolation rule that sets in advance of data flow is mated, and obtain matching result;
Network port isolation module is used for according to matching result the corresponding port being carried out physical isolation and/or being removed physical isolation.
Beneficial effect of the present invention is as follows:
By the information that flows to of data flow is mated with the port isolation rule that sets in advance, and according to matching result the corresponding port is carried out physical isolation and/or removed physical isolation, solved when carrying out the ports physical isolation in the prior art owing to needing to increase the cost height that extra hardware causes, and the problem of very flexible, can realize the automatic physical isolation of network, the real safety that guarantees network on the physically-isolated aspect, whole isolation processes is finished automatically, need not user's pro-active intervention, do not need to increase additional hardware, thereby can reduce system cost.In addition, the technical scheme of the embodiment of the invention is not only supported the isolation of intranet and extranet, also supports the isolation between the Intranet port, uses more flexible.
Description of drawings
Fig. 1 is the structural representation of the ports physical spacer assembly of the embodiment of the invention;
Fig. 2 is that the automatism isolation gateway of the embodiment of the invention carries out the schematic diagram that port isolation is processed;
Fig. 3 is the process chart of the Network Data Control module of the embodiment of the invention;
Fig. 4 is the process chart of the port isolation control module of the embodiment of the invention;
Fig. 5 is the flow chart of the ports physical partition method of the embodiment of the invention.
Embodiment
The cost height that causes owing to the extra hardware of needs increase when carrying out the ports physical isolation in the prior art in order to solve and the problem of very flexible, the invention provides a kind of ports physical partition method and device, below in conjunction with accompanying drawing and embodiment, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, does not limit the present invention.
Device embodiment
According to embodiments of the invention, a kind of ports physical spacer assembly is provided, (for example be positioned at gateway, home gateway), Fig. 1 is the structural representation of the ports physical spacer assembly of the embodiment of the invention, as shown in Figure 1, comprise according to the ports physical spacer assembly of the embodiment of the invention: Network Data Control module 10 and network port isolation module 12 below are described in detail the modules of the embodiment of the invention.
Network Data Control module 10 is used for the data flow between the port of each network equipment that is connected to predetermined gateway is monitored, and the information that flows to and the port isolation rule that sets in advance of data flow is mated, and obtain matching result; Preferably, above-mentioned predetermined gateway can be home gateway, also can be other gateway devices.Need to prove that the technical scheme of the embodiment of the invention not only supports the isolation of outer net port also to support the isolation between the Intranet port.
Particularly, above-mentioned port isolation rule comprises: the information that flows to of data flow and the mapping relations between the isolated port, be in isolation at certain port, and there are other data flow need to use in the situation of this port, whether continue the first special rules that this port is isolated and be at certain port to remove isolation and determine current need to the isolation this port, but there are other data flow need to use in the situation of this port, whether continue the second special rules that this port is isolated;
Network Data Control module 10 specifically comprises: matching result determination module and message transmission module, wherein:
The matching result determination module is used for the data flow between the port of each network equipment that is connected to predetermined gateway is monitored, with the monitoring data flow flow to information and mapping relations are mated, if the match is successful, determine that then matching result is for needing the one or more ports of isolation, if it fails to match, determine that then matching result is not for needing isolated port; Be in isolation at certain port, and monitor other data flow and need to use in the situation of this port, determine matching result according to the first special rules; Be in the releasing isolation and determine current need to the isolation this port at certain port, but have other data flow need to use in the situation of this port, determine matching result according to the second special rules.
Message transmission module is for being to need in the situation of the one or more ports of isolation at matching result, and transmit port isolation message wherein, carries information and the isolation information of the one or more ports that need to isolate in the port isolation message; Be in isolation at one or more ports, and matching result is not for to need to isolate in the situation of one or more ports, transmit port is removed isolation message, and wherein, port is removed and carried the information of the one or more ports that need to remove isolation in the isolation message and remove isolation information;
Network port isolation module 12 is used for according to matching result the corresponding port being carried out physical isolation and/or being removed physical isolation.
Network port isolation module 12 specifically comprises: port isolation control module and port isolation realize module, wherein:
The port isolation control module is used for information and the isolation information of one or more ports of the needs isolation of port isolation message are analyzed, send isolated instructions, and/or to port remove needs in the isolation message remove isolation one or more ports information and remove isolation information and analyze, send and remove isolated instructions;
Port isolation realizes module, is used for carrying out hardware configuration according to isolated instructions, one or more ports is isolated, and/or carry out hardware configuration according to removing isolated instructions, and one or more ports are removed isolation.
Preferably, ports physical spacer assembly according to the embodiment of the invention also comprises: the isolation rule configuration module, for the configuration that the port isolation rule is increased, revises and/or deletes, and the rule of the port isolation after will disposing generates the isolation rule database.
The below is take home gateway as example, and the technique scheme of the embodiment of the invention is elaborated.
Fig. 2 is that the automatism isolation gateway of the embodiment of the invention carries out the schematic diagram that port isolation is processed, as shown in Figure 2, in this example, network automatism isolation gateway is on the basis that comprises the home gateway general module, also comprise above-mentioned ports physical spacer assembly, specifically comprise: isolation rule configuration module, isolation rule database, Network Data Control module, port isolation control module, port isolation realize module.
Wherein, the isolation rule configuration module is used for offering user's configuration interface, to dispose and to revise corresponding port isolation rule, simultaneously the port isolation rule is preserved, and is convenient to the Network Data Control module and inquires about;
Particularly, the isolation rule configuration module is mainly used in receiving the configuration of user isolation rule, and the rule after the configuration is generated the isolation rule database; When gateway uses for the first time, the user needs configured port isolation rule, if the user is not configured, the port isolation rule of then taking to give tacit consent to, the port isolation rule mainly comprises: which data some ports cannot receive, if when data that these cannot receive occurring, the port that needs to receive carries out physical isolation; Simultaneously, the isolation rule configuration module is also supported increase, modification and the deletion action of port isolation rule.
The Network Data Control module is used for the data that monitoring is connected to each network equipment of home gateway, according to the situation that flows to of data and the port isolation rule of isolation rule configuration module, sends relevant information to the port isolation control module;
Particularly, Fig. 3 is the process chart of the Network Data Control module of the embodiment of the invention, as shown in Figure 3, the Network Data Control module comprises following processing: data flow and type between each network port of Network Data Control module monitors, data flow and port isolation rule are mated, to determine whether coupling, if matching result show to need the some or a plurality of ports of isolation, then send the information of corresponding port and isolation information to the port isolation control module; When some ports are in isolation, if showing this moment, the data stream monitoring situation can remove the isolation of some or several ports, then send the information of corresponding port and isolation information to the port isolation control module; The Network Data Control module can record the state of all of the port simultaneously, when some ports are in isolation, can remove the isolation to this port if the data stream monitoring situation shows this moment, and this isolation information that sends this port is to the port isolation control module; When some ports are in isolation, if showing, the data stream monitoring situation have another data flow need to use this port, but this port still is in isolation, in such cases, treat the processing of this port and need to according to the first special rules in the predefined port isolation rule, isolate or remove the operation of isolation to this port; When some ports are in the releasing isolation, if the data stream monitoring situation shows that this moment need to be to this port isolation, but showing simultaneously, the data stream monitoring situation have another data flow need to use this port, in such cases, treat the processing of this port and need to according to the second special rules in the predefined port isolation rule, isolate or remove the operation of isolation to this port.
The port isolation control module is used for port information and the isolation information that the receiving network data monitoring module sends, port and isolation information are analyzed, determine whether the port in external network or the internal network is isolated according to the information that receives, and isolated instructions is sent to port isolation realization module; In actual applications, the port isolation control module can the calling module port isolation realize the isolating interface that module provides, and finally realizes the physical isolation of the network port.
Port isolation realizes that module provides isolating interface, the instruction of receiving port isolated controlling module, mode by configure hardware, realize the physical isolation of networking port or the physical isolation of releasing port, in embodiments of the present invention, the physical isolation of physical isolation or releasing port realizes by the hardware register of h.323-configured gateway.
Fig. 4 is the process chart of the port isolation control module of the embodiment of the invention, as shown in Figure 4, the isolation that port isolation control module receiving network data monitoring module sends or releasing isolation information, comprise isolation in the information or remove isolated instructions, comprise simultaneously corresponding port information, resolve comprising isolation or releasing isolated instructions and corresponding port information in the information, according to instruction and port information, call the configuration interface that port isolation realizes module, finish the isolation of corresponding port or remove isolation.
When home gateway uses for the first time, the user needs configured port isolation rule, the port isolation rule definition in which kind of situation the isolation which port, and the dependency rule of removing which port of isolation in which kind of situation, the embodiment of the invention is by the monitoring of Network Data Control module to system data, port isolation rule in conjunction with the configuration of isolation rule configuration module, the Network Data Control module can send relevant isolation/some or a plurality of port informations of releasing isolation to the port isolation control module, by the parsing of port isolation control module to isolation/releasing isolation information and port information, call the configuration interface that port isolation realizes that module provides, realize the physical isolation of corresponding port, in embodiments of the present invention, the physical isolation of the physical isolation of port and releasing port is not limited to the external network port, also can isolate/contact some or a plurality of ports of segregate internal network.
In sum, by means of the technical scheme of the embodiment of the invention, at gateway (for example, when home gateway) using, can be regular according to the port isolation that the user disposes, and according to data flow situation in the network, realize the automatic physical isolation of different port, guaranteed the real safety of network; Compare with other physically-isolated technical schemes in the prior art, the technical scheme of the embodiment of the invention need not to increase any isolation hardware, has reduced complexity, has reduced cost; In addition, the embodiment of the invention also supports the dynamic-configuration of isolating rule to revise, and not only supports the outer net isolation also to support the isolation between the Intranet port, uses more flexible.
Embodiment of the method
According to embodiments of the invention, a kind of ports physical partition method is provided, Fig. 5 is the flow chart of the ports physical partition method of the embodiment of the invention, as shown in Figure 5, comprises following processing according to the ports physical partition method of the embodiment of the invention:
Step 501 is monitored the data flow between the port that is connected to each network equipment of being scheduled to gateway, the information that flows to and the port isolation rule that sets in advance of data flow is mated, and obtain matching result; Preferably, above-mentioned predetermined gateway can be home gateway.Need to prove that the technical scheme of the embodiment of the invention not only supports the isolation of outer net port also to support the isolation between the Intranet port.
Above-mentioned port isolation rule specifically comprises: the information that flows to of data flow and the mapping relations between the isolated port, be in isolation at certain port, and there are other data flow need to use in the situation of this port, whether continue the first special rules that this port is isolated and be at certain port to remove isolation and determine current need to the isolation this port, but there are other data flow need to use in the situation of this port, whether continue the second special rules that this port is isolated.
Step 501 specifically comprises following processing: 1, the data flow between the port that is connected to each network equipment of being scheduled to gateway is monitored, with the monitoring data flow flow to information and mapping relations are mated, if the match is successful, determine that then matching result is for needing the one or more ports of isolation, if it fails to match, determine that then matching result is not for needing isolated port; 2, the data flow between the port of each network equipment of being connected to predetermined gateway is monitored, be in isolation at certain port, and monitor other data flow and need to use in the situation of this port, determine matching result according to the first special rules; 3, the data flow between the port that is connected to each network equipment of being scheduled to gateway is monitored, be in the releasing isolation and determine current need to the isolation this port at certain port, but there are other data flow need to use in the situation of this port, determine matching result according to the second special rules.
Step 502 is carried out physical isolation and/or is removed physical isolation the corresponding port according to matching result.
Step 502 specifically comprises: 1, in the situation of matching result for the one or more ports of needs isolation, transmit port isolation message wherein, carries information and the isolation information of the one or more ports that need isolation in the port isolation message; 2, information and the isolation information of one or more ports of the needs in port isolation message isolation are analyzed, sent isolated instructions, and carry out hardware configuration according to isolated instructions, one or more ports are isolated; 3, be in isolation at one or more ports, and matching result is not for to need to isolate in the situation of one or more ports, transmit port is removed isolation message, and wherein, port is removed and carried the information of the one or more ports that need to remove isolation in the isolation message and remove isolation information; 4, to port remove needs in the isolation message remove isolation one or more ports information and remove isolation information and analyze, send and remove isolated instructions, and carry out hardware configuration according to removing isolated instructions, one or more ports are removed isolation.
Preferably, the ports physical partition method of the embodiment of the invention can also comprise following processing: the configuration that 1, the port isolation rule is increased, revises and/or deletes; 2, the rule of the port isolation after will disposing generates the isolation rule database.
The below is take home gateway as example, and the technique scheme of the embodiment of the invention is elaborated.
The method that this method embodiment relates to can be realized by the device that said apparatus embodiment relates to, be specially: as shown in Figure 2, the isolation rule configuration module is used for offering user's configuration interface, to dispose and to revise corresponding port isolation rule, simultaneously the port isolation rule is preserved, be convenient to the Network Data Control module and inquire about;
Particularly, the isolation rule configuration module is mainly used in receiving the configuration of user isolation rule, with the rear rule generation isolation rule database of configuration; When gateway uses for the first time, the user needs configured port isolation rule, if the user is not configured, the port isolation rule of then taking to give tacit consent to, the port isolation rule mainly comprises: which data some ports cannot receive, if when data that these cannot receive occurring, the port that needs to receive carries out physical isolation; Simultaneously, the isolation rule configuration module is also supported increase, modification and the deletion action of port isolation rule.
The Network Data Control module is used for the data that monitoring is connected to each network equipment of home gateway, according to the situation that flows to of data and the port isolation rule of isolation rule configuration module, sends relevant information to the port isolation control module;
As shown in Figure 3, data flow and type between each network port of Network Data Control module monitors, data flow and port isolation rule are mated, to determine whether coupling, if matching result show to need the some or a plurality of ports of isolation, then send the information of corresponding port and isolation information to the port isolation control module; When some ports are in isolation, if showing this moment, the data stream monitoring situation can remove the isolation of some or several ports, then send the information of corresponding port and isolation information to the port isolation control module; The Network Data Control module can record the state of all of the port simultaneously, when some ports are in isolation, can remove the isolation to this port if the data stream monitoring situation shows this moment, and this isolation information that sends this port is to the port isolation control module; When some ports are in isolation, if showing, the data stream monitoring situation have another data flow need to use this port, but this port still is in isolation, in such cases, treat the processing of this port and need to according to the first special rules in the predefined port isolation rule, isolate or remove the operation of isolation to this port; When some ports are in the releasing isolation, if the data stream monitoring situation shows that this moment need to be to this port isolation, but showing simultaneously, the data stream monitoring situation have another data flow need to use this port, in such cases, treat the processing of this port and need to according to the second special rules in the predefined port isolation rule, isolate or remove the operation of isolation to this port.
Port information and isolation information that port isolation control module receiving network data monitoring module sends, port and isolation information are analyzed, determine whether the port in external network or the internal network is isolated according to the information that receives, and isolated instructions is sent to port isolation realization module; In actual applications, the port isolation control module can the calling module port isolation realize the isolating interface that module provides, and finally realizes the physical isolation of the network port.
Port isolation realizes that module provides isolating interface, the instruction of receiving port isolated controlling module, mode by configure hardware, realize the physical isolation of networking port or the physical isolation of releasing port, in embodiments of the present invention, the physical isolation of physical isolation or releasing port realizes by the hardware register of h.323-configured gateway.
As shown in Figure 4, the isolation that port isolation control module receiving network data monitoring module sends or releasing isolation information, comprise isolation in the information or remove isolated instructions, comprise simultaneously corresponding port information, resolve comprising isolation or releasing isolated instructions and corresponding port information in the information, according to instruction and port information, call the configuration interface that port isolation realizes module, finish the isolation of corresponding port or remove isolation.
When home gateway uses for the first time, the user needs configured port isolation rule, the port isolation rule definition in which kind of situation the isolation which port, and the dependency rule of removing which port of isolation in which kind of situation, the embodiment of the invention is by the monitoring of Network Data Control module to system data, port isolation rule in conjunction with the configuration of isolation rule configuration module, the Network Data Control module can send relevant isolation/some or a plurality of port informations of releasing isolation to the port isolation control module, by the parsing of port isolation control module to isolation/releasing isolation information and port information, call the configuration interface that port isolation realizes that module provides, realize the physical isolation of corresponding port, in embodiments of the present invention, the physical isolation of the physical isolation of port and releasing port is not limited to the external network port, also can isolate/contact some or a plurality of ports of segregate internal network.
In sum, by means of the technical scheme of the embodiment of the invention, at gateway (for example, when home gateway) using, can be regular according to the port isolation that the user disposes, and according to data flow situation in the network, realize the automatic physical isolation of different port, guaranteed the real safety of network; Compare with other physically-isolated technical schemes in the prior art, the technical scheme of the embodiment of the invention need not to increase any isolation hardware, has reduced complexity, has reduced cost; In addition, the embodiment of the invention also supports the dynamic-configuration of isolating rule to revise, and not only supports the outer net isolation also to support the isolation between the Intranet port, uses more flexible.
Although be the example purpose, the preferred embodiments of the present invention are disclosed, it also is possible those skilled in the art will recognize various improvement, increase and replacement, therefore, scope of the present invention should be not limited to above-described embodiment.
Claims (10)
1. a ports physical partition method is characterized in that, comprising:
Data flow between the port that is connected to each network equipment of being scheduled to gateway is monitored, the information that flows to and the port isolation rule that sets in advance of described data flow are mated, and obtain matching result;
According to described matching result the corresponding port is carried out physical isolation and/or removed physical isolation.
2. the method for claim 1, it is characterized in that, described port isolation rule comprises: the information that flows to of data flow and the mapping relations between the isolated port, be in isolation at certain port, and there are other data flow need to use in the situation of this port, whether continue the first special rules that this port is isolated and be at certain port to remove isolation and determine current need to the isolation this port, but there are other data flow need to use in the situation of this port, whether continue the second special rules that this port is isolated.
3. method as claimed in claim 2, it is characterized in that, data flow between the port of each network equipment of being connected to predetermined gateway is monitored, the information that flows to and the port isolation rule that sets in advance of described data flow is mated, and obtain matching result and specifically comprise:
Data flow between the port of each network equipment of being connected to described predetermined gateway is monitored, the information that flows to and the described mapping relations of described data flow of monitoring are mated, if the match is successful, determine that then described matching result is for needing the one or more ports of isolation, if it fails to match, determine that then described matching result is not for needing isolated port;
Data flow between the port of each network equipment of being connected to described predetermined gateway is monitored, be in isolation at certain port, and monitor other data flow and need to use in the situation of this port, determine described matching result according to described the first special rules;
Data flow between the port of each network equipment of being connected to described predetermined gateway is monitored, be in the releasing isolation and determine current need to the isolation this port at certain port, but there are other data flow need to use in the situation of this port, determine described matching result according to described the second special rules.
4. the method for claim 1 is characterized in that, the corresponding port is carried out physical isolation and/or removed physical isolation specifically comprise according to described matching result:
For needing to isolate in the situation of one or more ports, transmit port isolation message wherein, carries information and the isolation information of the described one or more ports that need isolation in the described port isolation message at described matching result;
Described information and the described isolation information of described one or more ports of isolation of needing in the described port isolation message analyzed, sent isolated instructions, and carry out hardware configuration according to described isolated instructions, described one or more ports are isolated;
Be in isolation at one or more ports, and matching result is not for to need to isolate in the situation of described one or more ports, transmit port is removed isolation message, wherein, described port is removed to carry in the isolation message needs to remove the information of described one or more ports of isolating and removes isolation information;
Described information and the described releasing isolation information that needs to remove described one or more ports of isolating that described port is removed in the isolation message analyzed, send and remove isolated instructions, and carry out hardware configuration according to described releasing isolated instructions, described one or more ports are removed isolation.
5. the method for claim 1 is characterized in that, described method also comprises:
The configuration that described port isolation rule is increased, revises and/or deletes;
Generate the isolation rule database according to the described port isolation rule after the configuration.
6. the method for claim 1 is characterized in that, described predetermined gateway is home gateway.
7. a ports physical spacer assembly is characterized in that, comprising:
The Network Data Control module is used for the data flow between the port that is connected to each network equipment of being scheduled to gateway is monitored, and the information that flows to and the port isolation rule that sets in advance of described data flow is mated, and obtain matching result;
Network port isolation module is used for according to described matching result the corresponding port being carried out physical isolation and/or being removed physical isolation.
8. device as claimed in claim 7 is characterized in that,
Described port isolation rule comprises: the information that flows to of data flow and the mapping relations between the isolated port, be in isolation at certain port, and there are other data flow need to use in the situation of this port, whether continue the first special rules that this port is isolated and be at certain port to remove isolation and determine current need to the isolation this port, but there are other data flow need to use in the situation of this port, whether continue the second special rules that this port is isolated;
Described predetermined gateway is home gateway.
9. device as claimed in claim 8 is characterized in that,
Described Network Data Control module specifically comprises:
The matching result determination module, be used for the data flow between the port of each network equipment of being connected to described predetermined gateway is monitored, the information that flows to and the described mapping relations of described data flow of monitoring are mated, if the match is successful, determine that then described matching result is for needing the one or more ports of isolation, if it fails to match, determine that then described matching result is not for needing isolated port; Be in isolation at certain port, and monitor other data flow and need to use in the situation of this port, determine described matching result according to described the first special rules; Be in the releasing isolation and determine current need to the isolation this port at certain port, but have other data flow need to use in the situation of this port, determine described matching result according to described the second special rules;
Message transmission module, for being to need in the situation of the one or more ports of isolation at described matching result, transmit port isolation message wherein, carries information and the isolation information of the described one or more ports that need to isolate in the described port isolation message; Be in isolation at one or more ports, and matching result is not for to need to isolate in the situation of described one or more ports, transmit port is removed isolation message, wherein, described port is removed to carry in the isolation message needs to remove the information of described one or more ports of isolating and removes isolation information;
Described network port isolation module specifically comprises:
The port isolation control module, be used for described information and the described isolation information of described one or more ports of isolation of needing of described port isolation message analyzed, send isolated instructions, and/or described port is removed described information and the described releasing isolation information that needs to remove described one or more ports of isolating of isolating in the message analyze, send the releasing isolated instructions;
Port isolation realizes module, is used for carrying out hardware configuration according to described isolated instructions, described one or more ports is isolated, and/or carry out hardware configuration according to described releasing isolated instructions, and described one or more ports are removed isolation.
10. device as claimed in claim 7, it is characterized in that, described device also comprises: the isolation rule configuration module, for the configuration that described port isolation rule is increased, revises and/or deletes, and the described port isolation rule after will disposing generates the isolation rule database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102033595A CN102891793A (en) | 2011-07-20 | 2011-07-20 | Ports physical isolation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102033595A CN102891793A (en) | 2011-07-20 | 2011-07-20 | Ports physical isolation method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102891793A true CN102891793A (en) | 2013-01-23 |
Family
ID=47535167
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011102033595A Pending CN102891793A (en) | 2011-07-20 | 2011-07-20 | Ports physical isolation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102891793A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105391704A (en) * | 2015-10-29 | 2016-03-09 | 国网智能电网研究院 | Configuration port isolation exchange equipment based on service type and application method |
| CN111398786A (en) * | 2020-04-02 | 2020-07-10 | 上海燧原科技有限公司 | Switching control circuit, system-on-chip, chip test system and method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050198523A1 (en) * | 2004-01-29 | 2005-09-08 | Brocade Communications Systems, Inc. | Isolation switch for fibre channel fabrics in storage area networks |
| CN101159713A (en) * | 2007-11-14 | 2008-04-09 | 杭州华三通信技术有限公司 | Method, system and device of limiting instant communication application |
| CN101631121A (en) * | 2009-08-24 | 2010-01-20 | 杭州华三通信技术有限公司 | Message control method and access equipment in endpoint admission defense |
-
2011
- 2011-07-20 CN CN2011102033595A patent/CN102891793A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050198523A1 (en) * | 2004-01-29 | 2005-09-08 | Brocade Communications Systems, Inc. | Isolation switch for fibre channel fabrics in storage area networks |
| CN101159713A (en) * | 2007-11-14 | 2008-04-09 | 杭州华三通信技术有限公司 | Method, system and device of limiting instant communication application |
| CN101631121A (en) * | 2009-08-24 | 2010-01-20 | 杭州华三通信技术有限公司 | Message control method and access equipment in endpoint admission defense |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105391704A (en) * | 2015-10-29 | 2016-03-09 | 国网智能电网研究院 | Configuration port isolation exchange equipment based on service type and application method |
| CN111398786A (en) * | 2020-04-02 | 2020-07-10 | 上海燧原科技有限公司 | Switching control circuit, system-on-chip, chip test system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102340400B (en) | Method and apparatus for bearer and server independent parental control of a smartphone, using a second smartphone | |
| JP6475306B2 (en) | System and method for managing a wireless network | |
| CN103249047A (en) | Wireless local area network hotspot access authentication method and device | |
| CN104105163B (en) | Sound wave sending method, method of reseptance, dispensing device, reception device and system | |
| US20080270511A1 (en) | Method and system for managing home network | |
| CN109451487A (en) | Virtual card method for down loading, terminal and intermediate equipment | |
| CN112261339A (en) | Video communication method, video communication device, electronic equipment and computer-readable storage medium | |
| CN103514075A (en) | Method and device for monitoring API function calling in mobile terminal | |
| CN114339719B (en) | DPI data acquisition method and related device | |
| CN103763754A (en) | Method, device and system for processing data | |
| CN104539454A (en) | Equipment management method, device and system | |
| CN104185057B (en) | A kind of Wi Fi Display display methods and device | |
| CN103246840B (en) | A kind of method that user right distributes and device | |
| US9516262B2 (en) | System and methods for managing telephonic communications | |
| CN102891793A (en) | Ports physical isolation method and device | |
| Rondon et al. | HDMI-watch: Smart intrusion detection system against HDMI attacks | |
| CN103078813A (en) | Simple network management protocol (SNMP)-based terminal security access control method | |
| CN108702315B (en) | Establishing a connection between two local devices connected to different networks | |
| CN101572616A (en) | Method, device and system for collocating terminal device | |
| CN105681352B (en) | A kind of wireless network access safety management-control method and system | |
| CN105163336B (en) | Optimize the method and system of wireless network stability | |
| TW201633204A (en) | Protection method and computer system thereof for network interface controller | |
| CN106331051B (en) | Document transmission method and system and reception file device send file device | |
| US20180176388A1 (en) | POTS Telephony over High Speed Data Networks | |
| US8994830B2 (en) | Access to video streams on mobile communication devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130123 |
|
| WD01 | Invention patent application deemed withdrawn after publication |