Abstract

With the expansion of the campus network, various security risks have appeared. Most campus networks have implemented AAA, but seldom implemented admission control, which decreases the efficiency of dynamic allocation of IP addresses and makes it possible for users to avoid traffic billing. In order to realize the admission control of IPv4/IPv6 dual-stack network in large-scale campus network, we design and implement IPoE-based dual-stack admission control for the campus network in Tsinghua University. In IPoE, users can obtain IP address by DHCP with Ethernet physical link access. Authentication is achieved through a variety of user authentication methods. IP packets are encapsulated in Ethernet and pass through the access network to BRAS devices. BRAS devices find the user's address assignment information based on the client hardware address and the current Vlan ID after receiving the client's DHCP confirmation request message. Our main contributions include: for the various application scenarios under unified IPv4/IPv6 network, session-level IPoE technology is proposed; with the application of different configuration template in different protocol stack, various account control policy is submitted to AAA servers to achieve multi-type, multi-scenario requirements; to deal with the risk in large scale campus network, BRAS, AAA server, DHCP server can cooperate to realize that only authorized users are permitted to obtain addresses, thus avoid the security threats from unauthorized users; to cope with the high load pressure under large-scale deployment, the whitelist of webportal configured on the BRAS side reduces the load on webportal servers. The actual deployment shows that the dual-stack access authentication system has achieved the design objectives and runs smoothly.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.