| 摘要 |
<p>The present invention discloses an access control method, an access device, and a system, including: receiving an access request, and acquiring an IP address and a MAC address; when the MAC address is already bound, a port bound to the MAC address is different from a current port, and a binding relationship between the MAC address and the bound port is invalid, deleting the binding relationship between the MAC address and the bound port, and establishing a binding relationship between the MAC address and the current port; when the MAC address is not bound, the quantity of MAC addresses bound to the current port already reaches a maximum value, and binding relationships of the current port include an invalid binding relationship, deleting the invalid binding relationship, and establishing a binding relationship between the MAC address and the current port. By using the access control method disclosed in the present invention, the validity of a binding relationship is detected to determine whether a received protocol request is address spoofing or authorized address migration caused by a normal service requirement is determined. In this way, not only a requirement for a security feature is satisfied, but also a requirement in a special scenario is satisfied.</p> |
