【摘要】：隨著網(wǎng)絡(luò)的日漸普及，校園網(wǎng)的應(yīng)用范圍和規(guī)模不斷擴(kuò)大，用戶(hù)數(shù)量也不斷增加，如何保證校園網(wǎng)絡(luò)安全，實(shí)現(xiàn)合法用戶(hù)認(rèn)證管理以及高效安全的接入控制機(jī)制是當(dāng)前面臨的重要任務(wù)。諸如PPPOE認(rèn)證和Portal認(rèn)證等傳統(tǒng)的接入認(rèn)證手段，處理用戶(hù)數(shù)據(jù)包的方式繁瑣，難以滿(mǎn)足用戶(hù)對(duì)網(wǎng)絡(luò)的高效性、安全性、多樣性和低成本的需求。IEEE802.1X接入認(rèn)證雖然能解決傳統(tǒng)認(rèn)證方式存在的問(wèn)題，但在復(fù)雜的網(wǎng)絡(luò)環(huán)境中，，其接入方式單一，仍不能滿(mǎn)足接入設(shè)備多樣性的要求，所以采用多種接入認(rèn)證方式組合進(jìn)行用戶(hù)接入控制越來(lái)越普遍。本文采用IEEE802.1X接入認(rèn)證和MAC地址認(rèn)證結(jié)合的端口安全技術(shù)，結(jié)合校園網(wǎng)的認(rèn)證需求，設(shè)計(jì)了一種校園網(wǎng)AAA系統(tǒng)，以實(shí)現(xiàn)對(duì)用戶(hù)的認(rèn)證、授權(quán)、計(jì)費(fèi)。 ①分析了IEEE802.1X接入認(rèn)證、MAC地址認(rèn)證、Portal認(rèn)證等多種技術(shù)的認(rèn)證體系、認(rèn)證方式和觸發(fā)條件；闡述了RADIUS協(xié)議的工作原理、報(bào)文格式以及與IEEE802.1X接入認(rèn)證、MAC地址認(rèn)證之間的關(guān)系。 ②根據(jù)校園網(wǎng)的功能需求，確定了設(shè)計(jì)原則，選擇IEEE802.1X接入認(rèn)證和MAC地址認(rèn)證結(jié)合的端口安全技術(shù)，采用集中組網(wǎng)方式設(shè)計(jì)了一種校園網(wǎng)AAA系統(tǒng)；分析了AAA系統(tǒng)提供的三種服務(wù)類(lèi)型；闡述了端口安全模塊、RADIUS服務(wù)器、數(shù)據(jù)庫(kù)表等的設(shè)計(jì)原理和實(shí)現(xiàn)方式。 ③針對(duì)基于端口安全的校園網(wǎng)AAA系統(tǒng)進(jìn)行了測(cè)試驗(yàn)證，主要從功能性測(cè)試、安全性測(cè)試和穩(wěn)定性測(cè)試進(jìn)行驗(yàn)證，測(cè)試涵蓋了手動(dòng)測(cè)試和自動(dòng)化測(cè)試；根據(jù)測(cè)試點(diǎn)針對(duì)性不同又進(jìn)行了壓力測(cè)試、功能測(cè)試、異常測(cè)試，并對(duì)測(cè)試中發(fā)現(xiàn)的部分典型問(wèn)題進(jìn)行分析。
[Abstract]:With the increasing popularity of the network, the application scope and scale of campus network is expanding, and the number of users is also increasing. How to ensure the security of campus network, It is an important task to realize legitimate user authentication management and efficient and secure access control mechanism. The traditional means of access authentication such as PPPOE authentication and Portal authentication are difficult to satisfy the high efficiency and security of the network. The requirement of diversity and low cost. IEEE 802.1X access authentication can solve the problems of traditional authentication methods, but in the complex network environment, its access mode is single, and still can not meet the requirements of the diversity of access equipment. So it is more and more common to use multiple access authentication methods to control user access. Based on the port security technology of IEEE802.1X access authentication and MAC address authentication and the authentication requirement of campus network, a campus network AAA system is designed to realize user authentication and authorization. Accounting. 1 the authentication system, authentication mode and trigger condition of IEEE802.1X access authentication, MAC address authentication and portal authentication are analyzed, and the working principle of RADIUS protocol is expounded. According to the function requirement of campus network, the design principle is determined, and the port security technology which combines IEEE802.1X access authentication with MAC address authentication is selected. This paper designs a campus network AAA system by means of centralized networking, analyzes three kinds of service types provided by AAA system, expounds the port security module and radius server. The design principle and implementation method of database table. 3. Test and verify the campus network AAA system based on port security, mainly from functional test, security test and stability test. The test includes manual test and automation test, stress test, function test and abnormal test according to different test points, and some typical problems found in the test are analyzed.
【學(xué)位授予單位】：重慶大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.18

【參考文獻(xiàn)】

相關(guān)期刊論文 前8條

1 孟彥;;無(wú)線局域網(wǎng)網(wǎng)絡(luò)安全問(wèn)題研究[J];信息安全與技術(shù);2012年01期

2 陳萍;莊報(bào)春;;一種基于EAP/Diameter的移動(dòng)Iv6 AAA系統(tǒng)優(yōu)化方案P[J];硅谷;2012年07期

3 高煥超;;ACL技術(shù)在網(wǎng)絡(luò)安全中的應(yīng)用[J];電腦知識(shí)與技術(shù);2014年01期

4 趙玉亭;張治;李立欣;慕德俊;戴冠中;;安全RADIUS認(rèn)證、授權(quán)、計(jì)費(fèi)系統(tǒng)的構(gòu)建[J];計(jì)算機(jī)工程;2006年09期

5 李丹;閆曉弟;耶健;李娟;;基于開(kāi)放源碼軟件Freeradius的無(wú)線網(wǎng)絡(luò)認(rèn)證系統(tǒng)實(shí)現(xiàn)[J];中國(guó)現(xiàn)代教育裝備;2012年17期

6 毛熠;陳娜;;MD5算法的研究與改進(jìn)[J];計(jì)算機(jī)工程;2012年24期

7 羅飛;;論高校數(shù)字校園建設(shè)中身份認(rèn)證方式的選擇[J];科學(xué)咨詢(xún)(科技·管理);2012年08期

8 許蕾;周建明;龍湘明;;基于Kerberos的第三方AAA系統(tǒng)研究與設(shè)計(jì)[J];軟件;2011年09期

本文編號(hào)：2157022