To facilitate network operation management, different kinds of authentication modes for access subscribers are widely used in networks. Presently, in networks that provide access service through ADSL (Asymmetric Digital Subscriber Line), VDSL (Very High Bit Rate Digital Subscriber Line), FE (Fast Ethernet), or G.shdsl (Single-Pair High-Speed Digital Subscriber Line), usually PPPoE (Point to Point Protocol over Ethernet), 802.1x, Web (World Wide Web) authentication, and DHCP+ (DHCP: Dynamic Host Configuration Protocol) authentication modes, etc., are used. In those authentication modes, authentication request messages sent from subscriber ends are processed by an access server, which obtains subscriber identity and location information, i.e., the access server also obtains subscriber location information besides obtaining subscriber account and password information for identity authentication from the request messages through authentication messages based on the above authentication protocols, so as to implement extended service features when performing local and Radius (remote) authentication and accounting according to the subscriber location information; said location information comprises port number and slot number of the network access device where the subscriber accesses; said extended service features comprise: restricting the subscriber related to a specific account to access the network via only one single subscriber access port through binding subscriber account and location information, providing the subscriber with a private line access network; providing a function of tracking down to a physical port according to the subscriber location information.
Therefore, in order to implement extended service features in the network communication system, not only subscriber identity information but also subscriber location information needs to be transferred in the network communication system. Hereunder the currently used method for transferring subscriber location information in a network communication system is introduced.
In a broadband network communication system, subscriber location information is transferred mainly through VLAN (Virtual Local Area Network) protocol specified in IEEE 802.1Q (IEEE: Institute of Electrical and Electronics Engineers). This may comprise establishing the correspondence between location information (subscriber access port information or PVC (Permanent Virtual Connection) ID information, etc) and subscriber VLAN ID (Virtual LAN Identifier). The network structure of a typical broadband network is shown in FIG. 1. When a subscriber connected with a network access device accesses the network, it sends an authentication request message carrying its own VLAN ID and identity information to the access server. The access server receives the authentication request message and communicates with the Authentication, Authorization and Accounting Center to authenticate an identity of the accessed subscriber. At the same time, the access server determines the subscriber location information according to the VLAN ID information in the message and the establishes correspondence between the VLAN ID and the subscriber location information, by determining a device ID of the network access device where the subscriber accesses as well as the slot number and port number of the subscriber's access card accessing the network access device according to the access subscriber's VLAN ID, so as to obtain the location information of the accessed subscriber in the access network.
With the above technical solution, the access server in the network communication system can obtain the subscriber location information in the access network successfully, so as to implement corresponding extended service features. However, as the network communication technology develops and the network structure becomes increasingly complex, the disadvantages of foresaid method of obtaining accessed subscriber location information becomes more and more obvious. A premise for implementing the existing technical solution is: enough VLAN ID resource should be provided in the network; however, as specified in IEEE802.1Q protocol, there are at most 4096 VLAN IDs in the entire L2 network; therefore, the access server has to be connected directly with the network access devices, so that each port in the access server is a L3 port and has 4096 VLAN IDs, in order to meet the demands of applications.
However, usually there are convergence devices between the access server and the network access devices in networking applications, for example, when there are network convergence devices such as L2 and L3 switches between the access server and subscribers, the subscribers converged to the intermediate L2 and L3 switches usually exceed 4K, as the consequence, the permitted VLAN IDs in the network can't meet the requirement. Therefore, the above technical solution of obtaining subscriber location information on the basis of VLAN IDs are unable to implement. Furthermore, the higher the access server's position in the network is, the more the convergence devices between the access server and the network access devices will be, and thereby the more severe the problem of insufficient VLAN IDs will be.
In addition, even though the network access devices are connected directly to the access server in the network, often, a plurality of network access devices have to be cascaded and then connected with the access server in actual network, resulting in the number of subscribers connected with the access server exceeds 4096; in this case, there is still the problem of insufficient VLAN IDs.
Therefore, the technical solution of obtaining subscriber location information by the access server in the prior art is increasingly unable to meet the demand of obtaining location information, due to its constraint in permitted VLAN IDs in the network.