交换机端口细分身份集的802.1x接入认证扩展技术  被引量:1

802.1X ACCESS AUTHENTICATION EXTENSION TECHNOLOGY—USER SET SUBDIVIDED ON SWITCH PORT

在线阅读下载全文

作  者:徐培杰[1] 李刚[1] 

机构地区:[1]上海宝信软件股份有限公司,上海201203

出  处:《计算机应用与软件》2012年第8期167-168,184,共3页Computer Applications and Software

摘  要:随着企业信息化建设水平的不断提高,企业内网络接入点也越来越多,不仅传统的有线接入点更多地暴露在公共区域,而且无线网络也逐渐成为企业网络解决方案的一个重要组成部分。为了实现对网络接入用户认证,802.1x技术成为了此问题的很好的解决方案。标准的802.1x认证,没有细分身份集,合法用户可以从任何交换机或者无线AP进行接入。随着企业对信息安全的要求不断提高,粗粒度的控制方式已经不能很好地满足。介绍在802.1x接入认证中按照交换机端口进行接入用户身份集细分的方法,通过对认证包EAP-Message的分析和扩展,使用户只能在规定的交换机端口进行接入。利用介绍的扩展技术,可以实现对接入用户集的细分,从而实现对用户集的细粒度控制,满足高级别的信息安全要求,保障企业信息安全。Along with the growing improvement of enterprises informatisation construction level, the network access points inside the enterprise are getting increased, not just the traditional wired access points are increasingly exposed to public areas, the wireless networks are also gradually becoming an important part of the corporate network solutions. In order to implement the authentication of the network access user, 802. lx technology has become a very good solution in this regard. The standard 802. lx authentication technology does not subdivide user set, legal users can access to the network from any switch or wireless AP. With the increasing enhanced demand of the information security the corporate pursues, coarse-grained control mode can no longer be well satisfied. This paper describes the way of user set subdivision access in 802. lx access authentication based on switch port. Through analysing and expanding the EAP-Message of the certification package, we can achieve the access of user only at specified switch port. Using the extension technology given in this paper, the enterprise can realise subdivision of accessed user set so as to implement fine-grained control on user sets, and to meet high-level information security demand and to protect information security of the enterprises.

关 键 词:802.1x EAP 身份集 认证服务器 认证请求包 动态 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象