基于端口安全的校园网AAA系统设计与测试
发布时间:2018-08-01 08:45
【摘要】:随着网络的日渐普及,校园网的应用范围和规模不断扩大,用户数量也不断增加,如何保证校园网络安全,实现合法用户认证管理以及高效安全的接入控制机制是当前面临的重要任务。诸如PPPOE认证和Portal认证等传统的接入认证手段,处理用户数据包的方式繁琐,难以满足用户对网络的高效性、安全性、多样性和低成本的需求。IEEE802.1X接入认证虽然能解决传统认证方式存在的问题,但在复杂的网络环境中,,其接入方式单一,仍不能满足接入设备多样性的要求,所以采用多种接入认证方式组合进行用户接入控制越来越普遍。本文采用IEEE802.1X接入认证和MAC地址认证结合的端口安全技术,结合校园网的认证需求,设计了一种校园网AAA系统,以实现对用户的认证、授权、计费。 ①分析了IEEE802.1X接入认证、MAC地址认证、Portal认证等多种技术的认证体系、认证方式和触发条件;阐述了RADIUS协议的工作原理、报文格式以及与IEEE802.1X接入认证、MAC地址认证之间的关系。 ②根据校园网的功能需求,确定了设计原则,选择IEEE802.1X接入认证和MAC地址认证结合的端口安全技术,采用集中组网方式设计了一种校园网AAA系统;分析了AAA系统提供的三种服务类型;阐述了端口安全模块、RADIUS服务器、数据库表等的设计原理和实现方式。 ③针对基于端口安全的校园网AAA系统进行了测试验证,主要从功能性测试、安全性测试和稳定性测试进行验证,测试涵盖了手动测试和自动化测试;根据测试点针对性不同又进行了压力测试、功能测试、异常测试,并对测试中发现的部分典型问题进行分析。
[Abstract]:With the increasing popularity of the network, the application scope and scale of campus network is expanding, and the number of users is also increasing. How to ensure the security of campus network, It is an important task to realize legitimate user authentication management and efficient and secure access control mechanism. The traditional means of access authentication such as PPPOE authentication and Portal authentication are difficult to satisfy the high efficiency and security of the network. The requirement of diversity and low cost. IEEE 802.1X access authentication can solve the problems of traditional authentication methods, but in the complex network environment, its access mode is single, and still can not meet the requirements of the diversity of access equipment. So it is more and more common to use multiple access authentication methods to control user access. Based on the port security technology of IEEE802.1X access authentication and MAC address authentication and the authentication requirement of campus network, a campus network AAA system is designed to realize user authentication and authorization. Accounting. 1 the authentication system, authentication mode and trigger condition of IEEE802.1X access authentication, MAC address authentication and portal authentication are analyzed, and the working principle of RADIUS protocol is expounded. According to the function requirement of campus network, the design principle is determined, and the port security technology which combines IEEE802.1X access authentication with MAC address authentication is selected. This paper designs a campus network AAA system by means of centralized networking, analyzes three kinds of service types provided by AAA system, expounds the port security module and radius server. The design principle and implementation method of database table. 3. Test and verify the campus network AAA system based on port security, mainly from functional test, security test and stability test. The test includes manual test and automation test, stress test, function test and abnormal test according to different test points, and some typical problems found in the test are analyzed.
【学位授予单位】:重庆大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.18
本文编号:2157022
[Abstract]:With the increasing popularity of the network, the application scope and scale of campus network is expanding, and the number of users is also increasing. How to ensure the security of campus network, It is an important task to realize legitimate user authentication management and efficient and secure access control mechanism. The traditional means of access authentication such as PPPOE authentication and Portal authentication are difficult to satisfy the high efficiency and security of the network. The requirement of diversity and low cost. IEEE 802.1X access authentication can solve the problems of traditional authentication methods, but in the complex network environment, its access mode is single, and still can not meet the requirements of the diversity of access equipment. So it is more and more common to use multiple access authentication methods to control user access. Based on the port security technology of IEEE802.1X access authentication and MAC address authentication and the authentication requirement of campus network, a campus network AAA system is designed to realize user authentication and authorization. Accounting. 1 the authentication system, authentication mode and trigger condition of IEEE802.1X access authentication, MAC address authentication and portal authentication are analyzed, and the working principle of RADIUS protocol is expounded. According to the function requirement of campus network, the design principle is determined, and the port security technology which combines IEEE802.1X access authentication with MAC address authentication is selected. This paper designs a campus network AAA system by means of centralized networking, analyzes three kinds of service types provided by AAA system, expounds the port security module and radius server. The design principle and implementation method of database table. 3. Test and verify the campus network AAA system based on port security, mainly from functional test, security test and stability test. The test includes manual test and automation test, stress test, function test and abnormal test according to different test points, and some typical problems found in the test are analyzed.
【学位授予单位】:重庆大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.18
【参考文献】
相关期刊论文 前8条
1 孟彦;;无线局域网网络安全问题研究[J];信息安全与技术;2012年01期
2 陈萍;庄报春;;一种基于EAP/Diameter的移动Iv6 AAA系统优化方案P[J];硅谷;2012年07期
3 高焕超;;ACL技术在网络安全中的应用[J];电脑知识与技术;2014年01期
4 赵玉亭;张治;李立欣;慕德俊;戴冠中;;安全RADIUS认证、授权、计费系统的构建[J];计算机工程;2006年09期
5 李丹;闫晓弟;耶健;李娟;;基于开放源码软件Freeradius的无线网络认证系统实现[J];中国现代教育装备;2012年17期
6 毛熠;陈娜;;MD5算法的研究与改进[J];计算机工程;2012年24期
7 罗飞;;论高校数字校园建设中身份认证方式的选择[J];科学咨询(科技·管理);2012年08期
8 许蕾;周建明;龙湘明;;基于Kerberos的第三方AAA系统研究与设计[J];软件;2011年09期
本文编号:2157022
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2157022.html
