Studies On The Accounting Gateway Combined With 802.1x Authentication Technology

With the upgrading and capacity extending of the backbone bandwidth of the internet, the increasing demand for a high-speed access to the internet by the users as well as its high cost comes into conflict with the development of college campus network. An authentication system geared to the environment of its campus network is an effective means to solve this conflict. Only through the"resources and costs sharing"principle can we guarantee the stability of Campus Network operation and the healthy development of the Campus Network.After conducting further research into the operational principle and the strengths and weaknesses of the current two popular authentication systems accounting Gateway Authentication Accounting System and 802.1x Authentication accounting System, combined with the real environment of the campus network, this paper presents an authentication accounting system on the combination of the two above-mentioned systems, which reduces IP embezzlement and clash, enhances the security of the intranet and achieves the control over network flow fee for the access to the external websites besides exercising strict controls over users who have access to the intranet.This paper mainly constructs and actualizes the Accounting Gateway based on Linux and combined with 802.1x authentication technology. The main research points are as follows:1. The Accounting Gateway is established on the basis of the framework of Netfilter under Linux kernel 2.6, which carries out the accounting of the data flow as well as the control over users in User Mode, and accomplishes the collection of users'data log in Kernel Mode. Consequently, it provides a flexible accounting way and control rule, enormously decreases the complexity of kernel space and ensures the accuracy and real time of the charging data.2. Employing Free Radius as Radius Authentication Sever, connected with Switch which supports 802.1x Authentication, the system implements the Access Authentication for intranet users. Through revising Free Radius source code and strengthening the message-passing function of authentication monitoring module, 802.1x Authentication is closely associated with Accounting Gateway and accomplishes the transparent process of"Once Input, Twice Authentication".3. Accounting Gateway is required to extract IP address in every forwarding packet so as to make inquiry and orientation in the users'information table, as a result, it is an important means to construct an efficient users'information table preferable to the storage structure of sequence table to improve the efficiency of data forwarding. In view of the relative centralization of IPV4 address in College Campus Network together with the pre-judgment of whether an IP is intranet address, Hash algorism is adopted to reconstruct the users'information table, thus improving the efficiency of inquiry and orientation and shortening the time of data queuing.Self-designing 802.1x Authentication Client can fulfill the functions of the active control over Client and information distributions more effectively in C/S Mode.After applied to practice and tested, this accounting system has been running smoothly. Compared with the former accounting system based on Netflow Technology, it solved the problem of weak control over intranet users, remedied the deficiency in real-time billing, simplified the administrator's work flow and met the demand for the management of College Campus Network. Thus, it has certain practical value.