校园网用户分类策略的实现

20085May2008()JOURNALOFSOUTHCHINANORMALUNIVERSITY(NATURALSCIENCEEDITION)20082No.2,2008:2007-06-28:(1967-),,,,Email:lcs@scnu.edu.cn.:1000-5463(2008)02-0056-06,(,510631):802.1X,DHCPOption82ACL,,.:802.1X;DHCPOption82;DHCP;ACL;:TP393.08:ATHEIMPLEMENTATIONOFCLASSIFICATIONPOLICIESFORCAMPUSNETWORKUSERSLIAOChun-sheng,ZHAOQiong(NetworkCenter,SouthChinaNormalUniversity,Guangzhou510631,China)Abstract:Thecampusnetworkuserswereclassifiedandthenetworkaccesscontrolpolicieswereimplementedbyusing802.1Xauthentication,DHCPOption82andACLtechniques.Keywords:802.1X;DHCPOption82;DHCP;ACL;RelayAgentIP-MACPPPoEVPN802.1X.802.1X,PPPoEWeb/Portal,[1].802.1XDHCPIP,MAC,.,,,,Internet.,DHCPserverIP,VLANIP,VLAN,802.1X,DHCPOption82(DynamicHostConfigura2tionProtocolOption82)ACL,,.1802.1X802.1X,802.1X.Authenti2catorSystem3:(1)ForceAuthorized:,;(2)ForceUnauthorized:,;(3)Auto.802.1X,,,,802.1X(Auto)(unauthorized).,unauthorized,EAPOL802.1X;,authorized,,IPVLANCAR;,,.802.1X1.1802.1X802.1X,.,,PPPoEWeb,PPPoEWeb,,,,[2].(1).802.1X,IP,,,.(2).IEEE802.1X,,L3L2IPDSLAM,,.(3).IEEE802.1X,.,,,,,,.(4).,MAC,.(5)NAT.,.752:2DHCPOption822.1DHCP(1)DHCPOption82:DHCP312Option(2),(Vendor-SpecificArea),(:NetmaskGatewayDNS).DHCPRelayAgentDHCPDHCP,,DHCP,IP.82,Option82[3].DHCP,2DHCP34:DHCPrelaya2gentinformationoption(),DHCPDHCPDHCP,IP.(2)Option82.3,N.AgentInforma2tionFieldSU2BOPT/LENGTH/VALUE,4.,255.CircuitIDREMOTEID.2.2DHCPOption825Option82(1)Option82.DHCPOption82,Option82CircuitIDRe2moteID,DHCP,DHCPIP,5.VLAN,Op2tion8285()2008Option82CircuitIDRemoteIDDHCPServer,DHCPServerVLANID,IP,DHCPServerIP,IPIP[4].(2)Option82.DHCP,,IP..,IP,.IP,IP,,WebPortal.,.,,,DHCPOption82,.,,Option82,DHCP.DHCPOption82IP.,,,,.3802.1XDHCPOption82,,,,..:,Internet,.:Internet,.,DHCPserverIP,VLANIP,VLAN,VLAN,,;IP,.,802.1Xoption82,.802.1X,DHCPOption82,VLANIP,IP,IP,.3.1,RFC3046(DHCPRe2layAgentInformationOption),SAMVLAN952:CircuitIDRemoteID,RedHatFedoraCore5.0DHCPserver,DHCP3.0,6.6SAMDHCPSever,.(1)SAM.:pctest2,pctest3,23.(2)DHCPServer.CircuitIDSAM,LinuxDHCP.class0{matchifoptionagent.circuit-id=00:00:01:5e;}#0,.class2{matchifoptionagent.circuit-id=00:02:01:5e;}#2,2.class3{matchifoptionagent.circuit-id=00:03:01:5e;}#3,3.shared-networktest{#testsubnet10.10.103.0netmask255.255.255.0{optionrouters10.10.103.1;}subnet222.201.74.0netmask255.255.255.0{optionrouters222.201.74.1;}subnet222.200.159.0netmask255.255.255.0{optionrouters222.200.159.1;}pool{range10.10.103.6010.10.103.70;allowmembersof0;}#,.pool{range222.201.74.2222.201.74.254;allowmembersof2;}#,2.pool{range222.200.159.2222.200.159.254;allowmembersof3;}#,3.}(3).option82.06()2008RG2150:vlan350#VLANaaaauthorizationip-auth-modedhcp-server#servicedhcp#DHCPRelayAgentiphelper-address222.200.129.150#DHCPServeripdhcprelayinformationoptiondot1x#IPDHCPrelayinformationoption,802.1X.interfacerangefastEthernet0/1-3switchportaccessvlan350#vlan350,.dot1xport-controlautointerfacevlan350ipaddress10.10.103.3255.255.255.0#ipipdefault-gateway10.10.103.1#(4).trunk,.(5).,23,IP,3IP,,:interfaceVlan-interface350#vlan350VLANipaddress10.10.103.1255.255.255.0#ipaddress222.200.159.1255.255.255.0sub#3ipaddress222.201.74.1255.255.255.0sub#2,IP,ACLPBRIP,IP,,ACL,IP,,,.63PCRG-2150fa0/1fa0/2fa0/3,PC1(0)IP10.10.103.60,PC2pctest2IP222.201.74.254,PC3pctest3IP222.200.159.254.ACL,:PC1;PC2;PC3.3.2802.1X+DHCPoption82.802.1XNAT,;DHCPOption82,DHCP,IP.DHCP.DHCPRelay,iphelpaddressDHCP,DHCP,:(config)#aaaauthorizationip-auth-modedhcp-server.DHCPIP,DHCPiphelp-address,DHCP.(83)162:[10],,.SBR[J].,2004,3(126):26.[11],,,.SBR[J].,1999,25(2):122.[12].:[M].:,1996:375.[13],,.[M].:,2003:393-397.[14]FRANTAJ,WILDERERPA,MIKSCHK,etal.EffectsofoperationconditionsonadvancedCODremovalinactivated-sludgesystems[J].WaterScienceandTechnology,1994,29(7):189-192.[15]FRANTAJ,HELMREICHB,PRIBYLM,etal.Advancedbiologicaltreatmentofpaper-millwastewaters-effectsofoperationconditionsonCODremovalandproductionofsolubleorganiccompoundsactivatedsludgesystems[J].WaterScienceandTechnology,1994,30(3):199-207.[16]FRANTAJR,WILDERERPA.Biologicaltreatmentofpapermillwastewaterbysequencingbatchreactortechnologytoreduceresidualorganics[J].WaterScienceandTechnology,1997,35(1):129-136.[17].[M].:,2004:188-189.[18],,.[J].,2004,55(3):418-421.(61),ACL,IP,ACL,IP.4RG-SAMSTAR-S2126G/2150G,,DHCPOption82.,,.:[1].802.1X[J].,2003,23(3):85-87.[2],.PPPoE[J].:,2003(2):34-36.[3]PATRICKM.DHCPRelayAgentInformationOption[EB/OL].[4].RGNOS10.1[EB/OL].:SBR