基于802.1Q和SNMP实现对802.1X的模拟
摘要
作为区域网技术的一种,以太网技术在80年代以来发展非常迅速。从最初的10兆共享式以太网到快速交换以太网,以至到千兆以太网。IEEE新的标准的不断制定不仅给千兆以太网的广泛应用提供了规范方面的支持,同时在技术上不断地完善以太网技术,使其具有了简单方便、价格低、速度快等优点。以太网开始进入城域网MAN和广域网WAN领域。目前,G位以太网已经成为宽带IP城域网的首选方案,也已经开始用于并将广泛用于MAN和WAN。
随着千兆以太网技术的继续发展,对网络管理的要求也相应增加。AAA概念的出现提出了对以太网用户管理的目标,各种宽带以太网接入认证管理技术也纷纷出现:PPPOE、VLAN+MAC/IP、WEB PORTAL等。最近802.1X作为一种新的以太网接入认证标准正在渐渐被广泛接受。由于802.1X解决了以上各种技术的缺点,802.1X将成为以太网接入认证技术的主要方向。但由于802.1X为比较新的标准,现有的设备对其的支持非常有限。
本文先详细的分析了VLAN+MAC/IP、PPPOE、WEB PORTAL的技术实现以及其优缺点,在此基础上阐述了IEEE 802.1X相对以上技术的优点,接着提出了用目前比较成熟、交换设备普遍支持的802.1Q和SNMP协议模拟实现802.1X的需求。然后在对802.1Q和SNMP协议分析的基础上提出了用VLAN动态配置和异常监控作为主要技术的方法来实现一种对802.1X的模拟,实现802.1X的功能。设计了一个模拟模型、描述了模拟模型的原理和工作流程,并设计实现了一个模拟系统,详细描述了此模拟系统的各个模块组成,在技术上给出了各个模块、关键技术点的实现细节。对模拟系统与802.1X系统进行功能、性能上的对比,最后对模拟系统在测试阶段中发现的问题进行分析并给出了解决方法。
As an important technology of Local Area Network (LAN), Ethernet technology has been developing very rapidly. From the original ten Megabytes sharable Ethernet to fast-speed (100 M) Ethernet and currently multi-gigabytes Ethernet. New standards from IEEE brings not only the full support on criterion but also the improvement on the Ethernet technology, endues it with virtues such as easy to use, low cost of price and high-speed etc. Ethernet has entered the domain of Metropolitan Area Network (MAN) and Wide Area Lan (WAN).
The demand for networking management has been increasing alone with the continuous development of giga-bytes Ethernet technology. The proposal of AAA concept set up the goal of user management in Ethernet network. Different kinds of wide-band Ethernet access authentication technologies has emerged including PPPOE, VLAN+MAC/IP, WEB Portal etc. As a new method of Ethernet access authentication and control, 802.1X has been more and more widely accepted due to its absence of faults in the other methods. But because it is a relatively new standard, the availability of existing switch devices supporting 802. 1x function is very limited.
This paper gives a very detailed analysis of PPPOE, VLAN+MAC/IP, WEB Portal technologies, then discusses the 802.1x's technical superiority to the other technologies. Based on the analysis, the paper puts forward the need for the simulation of 802.1X which is supported by limited amount of devices through using the 802.1Q and SNMP which are supported by almost all mainstream switch devices. The paper goes on introducing the working processes of 802.1q, snmp, 802.1x protocols and gives an idea of simulating the 802.1x access authentication mode by using VLAN dynamic-configuration and abnormality real-time handling as the main technologies employed. Next, the paper gives a design of a simulation model, its principle and working process, introduces a implemented experimentation system of simulation, describes the modules of the system and give the key technical details of the
implementation of every module. Finally, the paper compares the experiment system
with 802.1x system on the aspects of function and performance, and gives the solutions of the problem found during the test of the experiment system.
随着千兆以太网技术的继续发展,对网络管理的要求也相应增加。AAA概念的出现提出了对以太网用户管理的目标,各种宽带以太网接入认证管理技术也纷纷出现:PPPOE、VLAN+MAC/IP、WEB PORTAL等。最近802.1X作为一种新的以太网接入认证标准正在渐渐被广泛接受。由于802.1X解决了以上各种技术的缺点,802.1X将成为以太网接入认证技术的主要方向。但由于802.1X为比较新的标准,现有的设备对其的支持非常有限。
本文先详细的分析了VLAN+MAC/IP、PPPOE、WEB PORTAL的技术实现以及其优缺点,在此基础上阐述了IEEE 802.1X相对以上技术的优点,接着提出了用目前比较成熟、交换设备普遍支持的802.1Q和SNMP协议模拟实现802.1X的需求。然后在对802.1Q和SNMP协议分析的基础上提出了用VLAN动态配置和异常监控作为主要技术的方法来实现一种对802.1X的模拟,实现802.1X的功能。设计了一个模拟模型、描述了模拟模型的原理和工作流程,并设计实现了一个模拟系统,详细描述了此模拟系统的各个模块组成,在技术上给出了各个模块、关键技术点的实现细节。对模拟系统与802.1X系统进行功能、性能上的对比,最后对模拟系统在测试阶段中发现的问题进行分析并给出了解决方法。
As an important technology of Local Area Network (LAN), Ethernet technology has been developing very rapidly. From the original ten Megabytes sharable Ethernet to fast-speed (100 M) Ethernet and currently multi-gigabytes Ethernet. New standards from IEEE brings not only the full support on criterion but also the improvement on the Ethernet technology, endues it with virtues such as easy to use, low cost of price and high-speed etc. Ethernet has entered the domain of Metropolitan Area Network (MAN) and Wide Area Lan (WAN).
The demand for networking management has been increasing alone with the continuous development of giga-bytes Ethernet technology. The proposal of AAA concept set up the goal of user management in Ethernet network. Different kinds of wide-band Ethernet access authentication technologies has emerged including PPPOE, VLAN+MAC/IP, WEB Portal etc. As a new method of Ethernet access authentication and control, 802.1X has been more and more widely accepted due to its absence of faults in the other methods. But because it is a relatively new standard, the availability of existing switch devices supporting 802. 1x function is very limited.
This paper gives a very detailed analysis of PPPOE, VLAN+MAC/IP, WEB Portal technologies, then discusses the 802.1x's technical superiority to the other technologies. Based on the analysis, the paper puts forward the need for the simulation of 802.1X which is supported by limited amount of devices through using the 802.1Q and SNMP which are supported by almost all mainstream switch devices. The paper goes on introducing the working processes of 802.1q, snmp, 802.1x protocols and gives an idea of simulating the 802.1x access authentication mode by using VLAN dynamic-configuration and abnormality real-time handling as the main technologies employed. Next, the paper gives a design of a simulation model, its principle and working process, introduces a implemented experimentation system of simulation, describes the modules of the system and give the key technical details of the
implementation of every module. Finally, the paper compares the experiment system
with 802.1x system on the aspects of function and performance, and gives the solutions of the problem found during the test of the experiment system.
引文
[1]. William Stallings, SNMP 网络管理,2001, 北京:中国电力出版社.
[2]. RFC1213, 1991-3. MIB-Ⅱ
[3] RFC 1757, 1995-2, Remote Network Monitoring Management Information Base
[4] RFC2001, 1997-1, Remote Network Monitoring Management Information Base Ⅱ.
[5] 3COM Corporation, 2000-5, Switch 4007 Implementation Guide
[6] IEEE Standard Board, 1998.8, IEEE Standards for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks
[7] IEEE Standard Board, 2001.10.25, IEEE Standards for Local and Metropolitan Area Networks: Port-Based Network Access Control
[8] RFC2284, 1998-3, PPP Extensible Authentication Protocol
[9] RFC1661, 1994-7, The Point-to-Point Protocol (PPP)
[10] RFC2516, 1999-2, A Method for Transmitting PPP Over Ethernet (PPPoE)
[11] RFC2058, 1997-1, Remote Authentication Dial In User Service (RADIUS)
[12] Douglas E. Comer, Internetworking With TCP/IP Vol Ⅰ: Principles, Protocols and Architechtre, 1998年9月,清华大学出版社
[13] Douglas E. Comer, Internetworking With TCP/IP Vol Ⅱ: Design, Implementation and Interals, 1998年9月,清华大学出版社
[14] Douglas E. Comer, Internetworking With TCP/IP Vol Ⅲ: Client-Server Programming And Application, 1998年9月,清华大学出版社
[15] 徐千样著,Linux 函数库参考手册,2002年1月,中国青年出版社
[16] LinuxAid 网站著,GNU/LINUX 高级网络应用服务指南,2001年1月,机械工业出版社
[17] 陈建宁,颜晓蔚,SNMP 网络管理站的分析与实现,2002年10期,电力系统通信
[18] 姜金梁,郭锐锋,李家霁,PPPoE 协议及客户端软件实现方法的研究,2002年07期,小型微型计算机系统
[19]王璐,曹秀英,EAP 协议及其应用,2002年07期,通信技术
[20]崔晓波,RADIUS 协议的原理(上),2001年02期,中国数据通信
[21]崔晓波,RADIUS 协议的原理(下),2001年03期,中国数据通信
[22]蒋亚静,3A 协议及其应用,2002-5-15,计算机世界网
[23]杨燕群,以太网交换技术走向2002-9-13,计算机世界网
[24]吕志刚,交换式虚拟局域网(VLAN)技术在校园网中的应用,2002年04期,电讯技术
[25]俞安,浅谈计算机虚拟局域网(VLAN)技术与交换机,2002年04期,贵州教育学院学报
[26]RichSeifert,译者:郎波 黄冬泉 张辉 李巍,Gigabit Ethernet: technology and applications for high-speed LANs, 2000-10-30,机械工业出版社
[27]John Goerzen, Linux Programming Bible,2000-10-1,电子工业出版社
[28]TomSwan's GNU C++ for Linux, Tom Swan,译者:邱仲潘,2000-9-1,电子工业出版社
[29]Peter Erik Mellquist, SNMP++ —C++ Based Application Programmers Interface for the Simple Network Management Protocol, HP Corporation,1997年7月
[30]Peter Norton, 网络安全指南,2000-11-1,人民邮电出版社
[2]. RFC1213, 1991-3. MIB-Ⅱ
[3] RFC 1757, 1995-2, Remote Network Monitoring Management Information Base
[4] RFC2001, 1997-1, Remote Network Monitoring Management Information Base Ⅱ.
[5] 3COM Corporation, 2000-5, Switch 4007 Implementation Guide
[6] IEEE Standard Board, 1998.8, IEEE Standards for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks
[7] IEEE Standard Board, 2001.10.25, IEEE Standards for Local and Metropolitan Area Networks: Port-Based Network Access Control
[8] RFC2284, 1998-3, PPP Extensible Authentication Protocol
[9] RFC1661, 1994-7, The Point-to-Point Protocol (PPP)
[10] RFC2516, 1999-2, A Method for Transmitting PPP Over Ethernet (PPPoE)
[11] RFC2058, 1997-1, Remote Authentication Dial In User Service (RADIUS)
[12] Douglas E. Comer, Internetworking With TCP/IP Vol Ⅰ: Principles, Protocols and Architechtre, 1998年9月,清华大学出版社
[13] Douglas E. Comer, Internetworking With TCP/IP Vol Ⅱ: Design, Implementation and Interals, 1998年9月,清华大学出版社
[14] Douglas E. Comer, Internetworking With TCP/IP Vol Ⅲ: Client-Server Programming And Application, 1998年9月,清华大学出版社
[15] 徐千样著,Linux 函数库参考手册,2002年1月,中国青年出版社
[16] LinuxAid 网站著,GNU/LINUX 高级网络应用服务指南,2001年1月,机械工业出版社
[17] 陈建宁,颜晓蔚,SNMP 网络管理站的分析与实现,2002年10期,电力系统通信
[18] 姜金梁,郭锐锋,李家霁,PPPoE 协议及客户端软件实现方法的研究,2002年07期,小型微型计算机系统
[19]王璐,曹秀英,EAP 协议及其应用,2002年07期,通信技术
[20]崔晓波,RADIUS 协议的原理(上),2001年02期,中国数据通信
[21]崔晓波,RADIUS 协议的原理(下),2001年03期,中国数据通信
[22]蒋亚静,3A 协议及其应用,2002-5-15,计算机世界网
[23]杨燕群,以太网交换技术走向2002-9-13,计算机世界网
[24]吕志刚,交换式虚拟局域网(VLAN)技术在校园网中的应用,2002年04期,电讯技术
[25]俞安,浅谈计算机虚拟局域网(VLAN)技术与交换机,2002年04期,贵州教育学院学报
[26]RichSeifert,译者:郎波 黄冬泉 张辉 李巍,Gigabit Ethernet: technology and applications for high-speed LANs, 2000-10-30,机械工业出版社
[27]John Goerzen, Linux Programming Bible,2000-10-1,电子工业出版社
[28]TomSwan's GNU C++ for Linux, Tom Swan,译者:邱仲潘,2000-9-1,电子工业出版社
[29]Peter Erik Mellquist, SNMP++ —C++ Based Application Programmers Interface for the Simple Network Management Protocol, HP Corporation,1997年7月
[30]Peter Norton, 网络安全指南,2000-11-1,人民邮电出版社