5 results about "Access control list" patented technology

The method includes following steps: the method collocates multiple restriction groups, and each restriction group contains one or more access control list as well as the method sets up counter and maximal value of session number; receiving and parsing request for building session, and carrying out matching between requests and restriction groups; determining whether value of the counter for counting matched number between requests and restriction groups is smaller than or equal to maximal value of session number; if yes, establishing session, and increasing value of the counter; otherwise, prohibiting establishing session. The invention can effectively prevent the issue that other applications are unable to carry out caused by a sort of application uses a great number of session. The invention also provides a device for restricting number of session.

The invention discloses a switch loop detection method and device. The method comprises the steps: sending, by a port, a first link layer discovery protocol message with first switch equipment information to a network; receiving all data messages from the network through the port and forwarding the data messages to the central processing unit; screening out a second link layer discovery protocol message from all the data messages; copying the second link layer discovery protocol message by using an auxiliary mirroring function of the access control list so as to transmit the second link layerdiscovery protocol message to the baseboard management controller; analyzing, bythe baseboard management controller, the second link layer discovery protocol message to extract second switch equipmentinformation; and determining the switch to be connected to the loop in response to the first switch device information matching the second switch device information. According to the invention, the network bandwidth overhead can be reduced when the loop is detected, the traffic storm is avoided, and the burden of the CPU is reduced.

The invention discloses a service message processing method and equipment based on a network address translation protocol, which are used for solving the technical problem that network address translation loopback can be realized only by carrying out an exchange chip flow twice through an internal loopback port in the existing message translation. The method comprises the following steps: receiving a service message from a host and/or a server of a local network through a switch; according to the first access control list rule, carrying out the source address conversion on the service message, obtaining a corresponding next skip list index through a routing table, and according to the second access control list rule, carrying out the destination address conversion on the service message to obtain a corresponding next skip list index; and determining an exit corresponding to the next hop address according to the next hop list index corresponding to the second access control list rule, thereby realizing forwarding of the service message. According to the method, access control list rules are inquired in parallel in a plurality of blocks of the access control list, so source address translation and destination address translation are performed at the same time.