IPOE在校园网中的应用
发布时间:2019-06-10 02:05
【摘要】:随着Internet的普及,计算机网络影响着社会的各行各业,同时也在不断的冲击着传统的教育模式。大批高校为了适应新的形势,都在积极的进行着教育信息化建设。而高校信息化建设的基础就是校园网,在校园网之上可以将教学、科研、办公等各类系统有效的结合起来,实现各个不同系统之间的信息交互。传统的校园网只能够实现简单的上网、办公,而现代化的校园网不仅需要提供web站点、邮件系统、财务、ftp等业务,同时也需要提供视频点播、视频会议、电子交易等业务,最重要的是需要支撑几万终端的上网业务。目前,大多数校园网采用的是802.1X认证方式,这种认证方式本身存在一定缺陷,难以进行精细化管理和监控,这不符合国家对网络的监控政策要求。为了更好的满足用户各种需求以及政策要求,若继续采用传统的校园网三层架构通常需更换设备,但是更换大量设备带来的巨大资金压力是我们不想看到的。为了解决这些矛盾,我们尝试采用新型扁平化架构来改造校园网。校园网的扁平化架构可以只更换核心设备来解决上述问题,并且在扁平化架构之上综合运用IPOE技术、QinQ、组播VLAN,实现对用户的精细化管理。 本论文主要包括以下内容: ①回顾了校园网的发展历程,分析了当前国内的校园网现状,指出当前校园网中存在的问题,并提出解决方法; ②通过对传统的核心层、汇聚层、接入层的三层校园网架构以及新型的扁平化校园网架构进行比较,阐述了新型扁平化校园网架构的优点; ③重点介绍了几种校园网扁平化架构的相关技术,如IPOE、QinQ、Radius协议,并重点说明了802.1X接入认证方式与IPOE的区别; ④重点阐述了基于IPOE的校园网的核心架构,以及用户认证的整个流程,VBAS技术的详细原理,IPOE与组播技术的完美融合; ⑤通过参与某高校的IPOE项目实施,从校园网拓扑的实现、IP地址和VLAN标签的规划、认证计费系统的部署、各个层面设备的相关配置几个方面对扁平化网络的具体实施做了详尽的描述。 本文的特色之处在于将扁平化相关技术与项目实施结合起来,创新之处在于通过引入了VBAS技术,使得传统的Radius、Portal等精细化的控制手段与扁平化结合,既实现了灵活性又兼顾了高性能。 本次项目实施中,汇聚层交换机与接入层交换机采用H3C、华为等品牌,核心路由采用JMX960。用户采用IPOE认证方式接入校园网,自动获取双栈地址后通过Portal认证访问外网,运用QinQ技术实现用户的安全隔离。
[Abstract]:With the popularity of Internet, computer network affects all kinds of social industries, but also constantly impact on the traditional education model. In order to adapt to the new situation, a large number of colleges and universities are actively carrying out the construction of educational informatization. The foundation of information construction in colleges and universities is campus network, which can effectively combine all kinds of systems, such as teaching, scientific research, office and so on, to realize the information exchange among different systems. The traditional campus network can only realize simple Internet access and office, while the modern campus network not only needs to provide web site, mail system, finance, ftp and other services, but also needs to provide video-on-demand, videoconferencing, electronic transactions and other services. The most important thing is to support the Internet service of tens of thousands of terminals. At present, most campus networks adopt 802.1X authentication, which has some defects and is difficult to carry out fine management and monitoring, which does not meet the requirements of the national monitoring policy for the network. In order to better meet the needs and policy requirements of users, it is usually necessary to replace equipment if we continue to adopt the traditional three-tier architecture of campus network, but we do not want to see the huge financial pressure caused by the replacement of a large number of equipment. In order to solve these contradictions, we try to use a new flattened architecture to transform the campus network. The flattening architecture of campus network can only replace the core equipment to solve the above problems, and the QinQ, multicast VLAN, can realize the fine management of users by using IPOE technology on the basis of flattening architecture. This paper mainly includes the following contents: (1) the development process of campus network is reviewed, the current situation of campus network in China is analyzed, the problems existing in campus network are pointed out, and the solutions are put forward; (2) by comparing the three-tier campus network architecture of traditional core layer, convergence layer and access layer, and the new flattened campus network architecture, the advantages of the new flattened campus network architecture are expounded. (3) several related technologies of campus network flattening architecture, such as IPOE,QinQ,Radius protocol, are introduced in detail, and the difference between 802.1X access authentication mode and IPOE is emphasized. (4) the core architecture of campus network based on IPOE, the whole process of user authentication, the detailed principle of VBAS technology and the perfect integration of IPOE and multicast technology are described in detail. (5) through participating in the implementation of IPOE project in a university, from the realization of campus network topology, the planning of IP address and VLAN label, the deployment of authentication and billing system, The implementation of flattened network is described in detail in several aspects of equipment configuration at all levels. The characteristic of this paper is to combine flattening related technology with project implementation, and the innovation is that through the introduction of VBAS technology, the traditional Radius,Portal and other fine control means are combined with flattening. It not only realizes flexibility but also takes into account high performance. In the implementation of this project, the convergence layer switches and access layer switches adopt H3C, Huawei and other brands, and the core routing adopts JMX960.. The user accesses the campus network by IPOE authentication, automatically obtains the double stack address, accesses the external network through Portal authentication, and uses QinQ technology to realize the security isolation of the user.
【学位授予单位】:陕西师范大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.18
本文编号:2496083
[Abstract]:With the popularity of Internet, computer network affects all kinds of social industries, but also constantly impact on the traditional education model. In order to adapt to the new situation, a large number of colleges and universities are actively carrying out the construction of educational informatization. The foundation of information construction in colleges and universities is campus network, which can effectively combine all kinds of systems, such as teaching, scientific research, office and so on, to realize the information exchange among different systems. The traditional campus network can only realize simple Internet access and office, while the modern campus network not only needs to provide web site, mail system, finance, ftp and other services, but also needs to provide video-on-demand, videoconferencing, electronic transactions and other services. The most important thing is to support the Internet service of tens of thousands of terminals. At present, most campus networks adopt 802.1X authentication, which has some defects and is difficult to carry out fine management and monitoring, which does not meet the requirements of the national monitoring policy for the network. In order to better meet the needs and policy requirements of users, it is usually necessary to replace equipment if we continue to adopt the traditional three-tier architecture of campus network, but we do not want to see the huge financial pressure caused by the replacement of a large number of equipment. In order to solve these contradictions, we try to use a new flattened architecture to transform the campus network. The flattening architecture of campus network can only replace the core equipment to solve the above problems, and the QinQ, multicast VLAN, can realize the fine management of users by using IPOE technology on the basis of flattening architecture. This paper mainly includes the following contents: (1) the development process of campus network is reviewed, the current situation of campus network in China is analyzed, the problems existing in campus network are pointed out, and the solutions are put forward; (2) by comparing the three-tier campus network architecture of traditional core layer, convergence layer and access layer, and the new flattened campus network architecture, the advantages of the new flattened campus network architecture are expounded. (3) several related technologies of campus network flattening architecture, such as IPOE,QinQ,Radius protocol, are introduced in detail, and the difference between 802.1X access authentication mode and IPOE is emphasized. (4) the core architecture of campus network based on IPOE, the whole process of user authentication, the detailed principle of VBAS technology and the perfect integration of IPOE and multicast technology are described in detail. (5) through participating in the implementation of IPOE project in a university, from the realization of campus network topology, the planning of IP address and VLAN label, the deployment of authentication and billing system, The implementation of flattened network is described in detail in several aspects of equipment configuration at all levels. The characteristic of this paper is to combine flattening related technology with project implementation, and the innovation is that through the introduction of VBAS technology, the traditional Radius,Portal and other fine control means are combined with flattening. It not only realizes flexibility but also takes into account high performance. In the implementation of this project, the convergence layer switches and access layer switches adopt H3C, Huawei and other brands, and the core routing adopts JMX960.. The user accesses the campus network by IPOE authentication, automatically obtains the double stack address, accesses the external network through Portal authentication, and uses QinQ technology to realize the security isolation of the user.
【学位授予单位】:陕西师范大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.18
【参考文献】
相关期刊论文 前10条
1 王云芳;赵霞;任念群;;IPoE部署优化方案[J];电信工程技术与标准化;2010年08期
2 吴平;王敏;;电信运营商IPoE技术部署[J];电信快报;2012年03期
3 任治洪;;局域网Portal认证研究及应用[J];甘肃科技;2012年12期
4 李长隆;;校园网规划与设计[J];电脑与电信;2007年05期
5 吴乃忠;;基于扁平化架构的下一代高校校园网的建设研究[J];电子世界;2012年18期
6 李林江;;WLAN无感知认证关键技术探讨[J];电信科学;2013年09期
7 秦文胜;辛继胜;;基于Portal认证的电信宽带接入在校园网中的应用[J];中国教育信息化;2011年21期
8 梁娟;赵开新;;IP组播技术及其应用[J];科技信息(科学教研);2008年08期
9 申继年;邱家学;;校园网组网架构的比较与分析 三层交换架构vs扁平纯路由架构[J];中国教育网络;2012年01期
10 刘向东;李志洁;焉德军;王德高;;IEEE 802 1Q VLAN原理实验的设计与实现[J];实验室研究与探索;2011年04期
,本文编号:2496083
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2496083.html
