發(fā)布時間：2018-08-01 08:45

【摘要】：隨著網(wǎng)絡的日漸普及，校園網(wǎng)的應用范圍和規(guī)模不斷擴大，用戶數(shù)量也不斷增加，如何保證校園網(wǎng)絡安全，實現(xiàn)合法用戶認證管理以及高效安全的接入控制機制是當前面臨的重要任務。諸如PPPOE認證和Portal認證等傳統(tǒng)的接入認證手段，處理用戶數(shù)據(jù)包的方式繁瑣，難以滿足用戶對網(wǎng)絡的高效性、安全性、多樣性和低成本的需求。IEEE802.1X接入認證雖然能解決傳統(tǒng)認證方式存在的問題，但在復雜的網(wǎng)絡環(huán)境中，，其接入方式單一，仍不能滿足接入設備多樣性的要求，所以采用多種接入認證方式組合進行用戶接入控制越來越普遍。本文采用IEEE802.1X接入認證和MAC地址認證結(jié)合的端口安全技術，結(jié)合校園網(wǎng)的認證需求，設計了一種校園網(wǎng)AAA系統(tǒng)，以實現(xiàn)對用戶的認證、授權、計費。 ①分析了IEEE802.1X接入認證、MAC地址認證、Portal認證等多種技術的認證體系、認證方式和觸發(fā)條件；闡述了RADIUS協(xié)議的工作原理、報文格式以及與IEEE802.1X接入認證、MAC地址認證之間的關系。 ②根據(jù)校園網(wǎng)的功能需求，確定了設計原則，選擇IEEE802.1X接入認證和MAC地址認證結(jié)合的端口安全技術，采用集中組網(wǎng)方式設計了一種校園網(wǎng)AAA系統(tǒng)；分析了AAA系統(tǒng)提供的三種服務類型；闡述了端口安全模塊、RADIUS服務器、數(shù)據(jù)庫表等的設計原理和實現(xiàn)方式。 ③針對基于端口安全的校園網(wǎng)AAA系統(tǒng)進行了測試驗證，主要從功能性測試、安全性測試和穩(wěn)定性測試進行驗證，測試涵蓋了手動測試和自動化測試；根據(jù)測試點針對性不同又進行了壓力測試、功能測試、異常測試，并對測試中發(fā)現(xiàn)的部分典型問題進行分析。
[Abstract]:With the increasing popularity of the network, the application scope and scale of campus network is expanding, and the number of users is also increasing. How to ensure the security of campus network, It is an important task to realize legitimate user authentication management and efficient and secure access control mechanism. The traditional means of access authentication such as PPPOE authentication and Portal authentication are difficult to satisfy the high efficiency and security of the network. The requirement of diversity and low cost. IEEE 802.1X access authentication can solve the problems of traditional authentication methods, but in the complex network environment, its access mode is single, and still can not meet the requirements of the diversity of access equipment. So it is more and more common to use multiple access authentication methods to control user access. Based on the port security technology of IEEE802.1X access authentication and MAC address authentication and the authentication requirement of campus network, a campus network AAA system is designed to realize user authentication and authorization. Accounting. 1 the authentication system, authentication mode and trigger condition of IEEE802.1X access authentication, MAC address authentication and portal authentication are analyzed, and the working principle of RADIUS protocol is expounded. According to the function requirement of campus network, the design principle is determined, and the port security technology which combines IEEE802.1X access authentication with MAC address authentication is selected. This paper designs a campus network AAA system by means of centralized networking, analyzes three kinds of service types provided by AAA system, expounds the port security module and radius server. The design principle and implementation method of database table. 3. Test and verify the campus network AAA system based on port security, mainly from functional test, security test and stability test. The test includes manual test and automation test, stress test, function test and abnormal test according to different test points, and some typical problems found in the test are analyzed.
【學位授予單位】：重慶大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.18

【參考文獻】

相關期刊論文 前8條

1 孟彥;;無線局域網(wǎng)網(wǎng)絡安全問題研究[J];信息安全與技術;2012年01期

2 陳萍;莊報春;;一種基于EAP/Diameter的移動Iv6 AAA系統(tǒng)優(yōu)化方案P[J];硅谷;2012年07期

3 高煥超;;ACL技術在網(wǎng)絡安全中的應用[J];電腦知識與技術;2014年01期

4 趙玉亭;張治;李立欣;慕德俊;戴冠中;;安全RADIUS認證、授權、計費系統(tǒng)的構建[J];計算機工程;2006年09期

5 李丹;閆曉弟;耶健;李娟;;基于開放源碼軟件Freeradius的無線網(wǎng)絡認證系統(tǒng)實現(xiàn)[J];中國現(xiàn)代教育裝備;2012年17期

6 毛熠;陳娜;;MD5算法的研究與改進[J];計算機工程;2012年24期

7 羅飛;;論高校數(shù)字校園建設中身份認證方式的選擇[J];科學咨詢(科技·管理);2012年08期

8 許蕾;周建明;龍湘明;;基于Kerberos的第三方AAA系統(tǒng)研究與設計[J];軟件;2011年09期

本文編號：2157022