IPOE在校園網(wǎng)中的應(yīng)用
發(fā)布時間:2019-06-10 02:05
【摘要】:隨著Internet的普及,計算機網(wǎng)絡(luò)影響著社會的各行各業(yè),同時也在不斷的沖擊著傳統(tǒng)的教育模式。大批高校為了適應(yīng)新的形勢,都在積極的進行著教育信息化建設(shè)。而高校信息化建設(shè)的基礎(chǔ)就是校園網(wǎng),在校園網(wǎng)之上可以將教學(xué)、科研、辦公等各類系統(tǒng)有效的結(jié)合起來,實現(xiàn)各個不同系統(tǒng)之間的信息交互。傳統(tǒng)的校園網(wǎng)只能夠?qū)崿F(xiàn)簡單的上網(wǎng)、辦公,而現(xiàn)代化的校園網(wǎng)不僅需要提供web站點、郵件系統(tǒng)、財務(wù)、ftp等業(yè)務(wù),同時也需要提供視頻點播、視頻會議、電子交易等業(yè)務(wù),最重要的是需要支撐幾萬終端的上網(wǎng)業(yè)務(wù)。目前,大多數(shù)校園網(wǎng)采用的是802.1X認證方式,這種認證方式本身存在一定缺陷,難以進行精細化管理和監(jiān)控,這不符合國家對網(wǎng)絡(luò)的監(jiān)控政策要求。為了更好的滿足用戶各種需求以及政策要求,若繼續(xù)采用傳統(tǒng)的校園網(wǎng)三層架構(gòu)通常需更換設(shè)備,但是更換大量設(shè)備帶來的巨大資金壓力是我們不想看到的。為了解決這些矛盾,我們嘗試采用新型扁平化架構(gòu)來改造校園網(wǎng)。校園網(wǎng)的扁平化架構(gòu)可以只更換核心設(shè)備來解決上述問題,并且在扁平化架構(gòu)之上綜合運用IPOE技術(shù)、QinQ、組播VLAN,實現(xiàn)對用戶的精細化管理。 本論文主要包括以下內(nèi)容: ①回顧了校園網(wǎng)的發(fā)展歷程,分析了當前國內(nèi)的校園網(wǎng)現(xiàn)狀,指出當前校園網(wǎng)中存在的問題,并提出解決方法; ②通過對傳統(tǒng)的核心層、匯聚層、接入層的三層校園網(wǎng)架構(gòu)以及新型的扁平化校園網(wǎng)架構(gòu)進行比較,闡述了新型扁平化校園網(wǎng)架構(gòu)的優(yōu)點; ③重點介紹了幾種校園網(wǎng)扁平化架構(gòu)的相關(guān)技術(shù),如IPOE、QinQ、Radius協(xié)議,并重點說明了802.1X接入認證方式與IPOE的區(qū)別; ④重點闡述了基于IPOE的校園網(wǎng)的核心架構(gòu),以及用戶認證的整個流程,VBAS技術(shù)的詳細原理,IPOE與組播技術(shù)的完美融合; ⑤通過參與某高校的IPOE項目實施,從校園網(wǎng)拓撲的實現(xiàn)、IP地址和VLAN標簽的規(guī)劃、認證計費系統(tǒng)的部署、各個層面設(shè)備的相關(guān)配置幾個方面對扁平化網(wǎng)絡(luò)的具體實施做了詳盡的描述。 本文的特色之處在于將扁平化相關(guān)技術(shù)與項目實施結(jié)合起來,創(chuàng)新之處在于通過引入了VBAS技術(shù),使得傳統(tǒng)的Radius、Portal等精細化的控制手段與扁平化結(jié)合,既實現(xiàn)了靈活性又兼顧了高性能。 本次項目實施中,匯聚層交換機與接入層交換機采用H3C、華為等品牌,核心路由采用JMX960。用戶采用IPOE認證方式接入校園網(wǎng),自動獲取雙棧地址后通過Portal認證訪問外網(wǎng),運用QinQ技術(shù)實現(xiàn)用戶的安全隔離。
[Abstract]:With the popularity of Internet, computer network affects all kinds of social industries, but also constantly impact on the traditional education model. In order to adapt to the new situation, a large number of colleges and universities are actively carrying out the construction of educational informatization. The foundation of information construction in colleges and universities is campus network, which can effectively combine all kinds of systems, such as teaching, scientific research, office and so on, to realize the information exchange among different systems. The traditional campus network can only realize simple Internet access and office, while the modern campus network not only needs to provide web site, mail system, finance, ftp and other services, but also needs to provide video-on-demand, videoconferencing, electronic transactions and other services. The most important thing is to support the Internet service of tens of thousands of terminals. At present, most campus networks adopt 802.1X authentication, which has some defects and is difficult to carry out fine management and monitoring, which does not meet the requirements of the national monitoring policy for the network. In order to better meet the needs and policy requirements of users, it is usually necessary to replace equipment if we continue to adopt the traditional three-tier architecture of campus network, but we do not want to see the huge financial pressure caused by the replacement of a large number of equipment. In order to solve these contradictions, we try to use a new flattened architecture to transform the campus network. The flattening architecture of campus network can only replace the core equipment to solve the above problems, and the QinQ, multicast VLAN, can realize the fine management of users by using IPOE technology on the basis of flattening architecture. This paper mainly includes the following contents: (1) the development process of campus network is reviewed, the current situation of campus network in China is analyzed, the problems existing in campus network are pointed out, and the solutions are put forward; (2) by comparing the three-tier campus network architecture of traditional core layer, convergence layer and access layer, and the new flattened campus network architecture, the advantages of the new flattened campus network architecture are expounded. (3) several related technologies of campus network flattening architecture, such as IPOE,QinQ,Radius protocol, are introduced in detail, and the difference between 802.1X access authentication mode and IPOE is emphasized. (4) the core architecture of campus network based on IPOE, the whole process of user authentication, the detailed principle of VBAS technology and the perfect integration of IPOE and multicast technology are described in detail. (5) through participating in the implementation of IPOE project in a university, from the realization of campus network topology, the planning of IP address and VLAN label, the deployment of authentication and billing system, The implementation of flattened network is described in detail in several aspects of equipment configuration at all levels. The characteristic of this paper is to combine flattening related technology with project implementation, and the innovation is that through the introduction of VBAS technology, the traditional Radius,Portal and other fine control means are combined with flattening. It not only realizes flexibility but also takes into account high performance. In the implementation of this project, the convergence layer switches and access layer switches adopt H3C, Huawei and other brands, and the core routing adopts JMX960.. The user accesses the campus network by IPOE authentication, automatically obtains the double stack address, accesses the external network through Portal authentication, and uses QinQ technology to realize the security isolation of the user.
【學(xué)位授予單位】:陜西師范大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.18
本文編號:2496083
[Abstract]:With the popularity of Internet, computer network affects all kinds of social industries, but also constantly impact on the traditional education model. In order to adapt to the new situation, a large number of colleges and universities are actively carrying out the construction of educational informatization. The foundation of information construction in colleges and universities is campus network, which can effectively combine all kinds of systems, such as teaching, scientific research, office and so on, to realize the information exchange among different systems. The traditional campus network can only realize simple Internet access and office, while the modern campus network not only needs to provide web site, mail system, finance, ftp and other services, but also needs to provide video-on-demand, videoconferencing, electronic transactions and other services. The most important thing is to support the Internet service of tens of thousands of terminals. At present, most campus networks adopt 802.1X authentication, which has some defects and is difficult to carry out fine management and monitoring, which does not meet the requirements of the national monitoring policy for the network. In order to better meet the needs and policy requirements of users, it is usually necessary to replace equipment if we continue to adopt the traditional three-tier architecture of campus network, but we do not want to see the huge financial pressure caused by the replacement of a large number of equipment. In order to solve these contradictions, we try to use a new flattened architecture to transform the campus network. The flattening architecture of campus network can only replace the core equipment to solve the above problems, and the QinQ, multicast VLAN, can realize the fine management of users by using IPOE technology on the basis of flattening architecture. This paper mainly includes the following contents: (1) the development process of campus network is reviewed, the current situation of campus network in China is analyzed, the problems existing in campus network are pointed out, and the solutions are put forward; (2) by comparing the three-tier campus network architecture of traditional core layer, convergence layer and access layer, and the new flattened campus network architecture, the advantages of the new flattened campus network architecture are expounded. (3) several related technologies of campus network flattening architecture, such as IPOE,QinQ,Radius protocol, are introduced in detail, and the difference between 802.1X access authentication mode and IPOE is emphasized. (4) the core architecture of campus network based on IPOE, the whole process of user authentication, the detailed principle of VBAS technology and the perfect integration of IPOE and multicast technology are described in detail. (5) through participating in the implementation of IPOE project in a university, from the realization of campus network topology, the planning of IP address and VLAN label, the deployment of authentication and billing system, The implementation of flattened network is described in detail in several aspects of equipment configuration at all levels. The characteristic of this paper is to combine flattening related technology with project implementation, and the innovation is that through the introduction of VBAS technology, the traditional Radius,Portal and other fine control means are combined with flattening. It not only realizes flexibility but also takes into account high performance. In the implementation of this project, the convergence layer switches and access layer switches adopt H3C, Huawei and other brands, and the core routing adopts JMX960.. The user accesses the campus network by IPOE authentication, automatically obtains the double stack address, accesses the external network through Portal authentication, and uses QinQ technology to realize the security isolation of the user.
【學(xué)位授予單位】:陜西師范大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.18
【參考文獻】
相關(guān)期刊論文 前10條
1 王云芳;趙霞;任念群;;IPoE部署優(yōu)化方案[J];電信工程技術(shù)與標準化;2010年08期
2 吳平;王敏;;電信運營商IPoE技術(shù)部署[J];電信快報;2012年03期
3 任治洪;;局域網(wǎng)Portal認證研究及應(yīng)用[J];甘肅科技;2012年12期
4 李長隆;;校園網(wǎng)規(guī)劃與設(shè)計[J];電腦與電信;2007年05期
5 吳乃忠;;基于扁平化架構(gòu)的下一代高校校園網(wǎng)的建設(shè)研究[J];電子世界;2012年18期
6 李林江;;WLAN無感知認證關(guān)鍵技術(shù)探討[J];電信科學(xué);2013年09期
7 秦文勝;辛繼勝;;基于Portal認證的電信寬帶接入在校園網(wǎng)中的應(yīng)用[J];中國教育信息化;2011年21期
8 梁娟;趙開新;;IP組播技術(shù)及其應(yīng)用[J];科技信息(科學(xué)教研);2008年08期
9 申繼年;邱家學(xué);;校園網(wǎng)組網(wǎng)架構(gòu)的比較與分析 三層交換架構(gòu)vs扁平純路由架構(gòu)[J];中國教育網(wǎng)絡(luò);2012年01期
10 劉向東;李志潔;焉德軍;王德高;;IEEE 802 1Q VLAN原理實驗的設(shè)計與實現(xiàn)[J];實驗室研究與探索;2011年04期
,本文編號:2496083
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2496083.html
最近更新
教材專著
