基于无缝漫游的WLAN无感知认证设计与实现

发布时间：2018-03-17 05:14

本文选题：无感知认证　切入点：无缝漫游　出处：《北京交通大学》2017年硕士论文　论文类型：学位论文

【摘要】：为解决断线重连、跨区掉线、跨域无法认证这些问题,世界各地的科研工作者都做出了很多努力,主要研究方向集中在改进认证技术、采用无感知漫游技术和部署Eduroam方案等。但这些独立的技术都仅解决了问题当中的一部分,带有很多局限性。例如,Eduroam仅能在教育网中应用,并没有一个统一普适的方案可供所有类型的园区部署。本文结合前人的研究内容,针对网络结构、认证技术、漫游技术多个方面进行了深入研究和分析,整合了漫游掉线、漫游重认证、跨域认证方面的技术,提出了一套全新的、具有通用性、可推广的设计方案,旨在系统解决无线局域网接入时可能产生认证感知、影响用户体验的问题。该方案在北京交通大学学生宿舍无线网三期项目实际网络环境中经过部署和测试后,证明是行之有效的。本文提出了一套全新的、具有通用性、可推广的设计方案,旨在系统解决无线局域网接入时可能产生认证感知、影响用户体验的问题:1)本文对网络拓扑结构进行改造,在扩大的二层网络之上,通过更改DHCP地址租期策略,使用户在漫游过程中避免IP地址等信息的变更,并在各个控制器之间采用标准漫游协议,使用户在跨无线接入覆盖区域时不会断线;2)采用外部Web Portal服务器集中管理认证请求,使其在用户首次登录时将登录信息记录在Portal服务器上,并在断线重连或漫游切换时无需再次弹出WEB认证页面;3)为解决无缝漫游设计方案基于二层协议可能造成广播风暴的问题,作者通过进行无线网二层隔离和交换机端口隔离避免广播风暴;4)通过更改园区网RADIUS服务器设置,添加用户名携带后缀转发参数,使其接受非本地用户名认证请求并将该类请求转发至用户所属地的认证服务器,接受认证结果后准予接入,以实现非本地用户互联网跨区接入。
[Abstract]:In order to solve the problems of reconnection, cross-area drop, and cross-domain inability to authenticate, researchers all over the world have made a lot of efforts, mainly focusing on improving the authentication technology. These independent technologies only solve part of the problem and have many limitations. For example, Eduroam can only be used in education network. There is not a unified and universal scheme for all types of park deployment. In this paper, combined with the previous research content, the network structure, authentication technology, roaming technology and many aspects of in-depth research and analysis, integrated roaming drop line, Roaming re-authentication, cross-domain authentication technology, proposed a new, universal, popularized design, aimed at solving the problem of WLAN access may produce authentication awareness, This scheme is proved to be effective after being deployed and tested in the actual network environment of the third phase of Beijing Jiaotong University student dormitory wireless network project. The extensible design scheme aims to solve the problem of authentication perception and user experience in WLAN access.) this paper reconstructs the topology of the network, which is based on the extended two-layer network. By changing the DHCP address rental policy, the user can avoid the change of IP address and other information during roaming, and adopt the standard roaming protocol among the controllers. The authentication request is centrally managed by the external Web Portal server so that the user records the login information on the Portal server when he first logs in. In order to solve the problem that seamless roaming design scheme based on layer 2 protocol may cause broadcast storm, it is not necessary to pop up WEB authentication page again when reconnecting or roaming switch. By means of wireless network layer 2 isolation and switch port isolation to avoid broadcast storm 4) by changing the campus network RADIUS server settings, the author adds user names to carry suffix forwarding parameters. It accepts the non-local user name authentication request and forwards the request to the authentication server where the user belongs. After accepting the authentication result, the user is granted access, so as to realize the non-local user's Internet cross-area access.
【学位授予单位】：北京交通大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TN925.93

【相似文献】