Research Of Network Access Control System Based On 802.1X

With the development of the computer network and the rapid growth of computer business applications, computer network security is becoming increasingly important. The common way to protect network security is to install the internal corporate network firewall and intrusion detection system. Firewall can prevent external attacks, but does not guarantee the internal network security. How to control the access to the enterprise network has become an important aspect of network management. Therefore, a network access control system is needed for the enterprise network. This paper proposed the network access control system based on 802.1x to meet the demand.At the beginning of this paper, a detailed description of the 802.1X protocol, EAP protocol, Radius protocol is provided in theory. Then, the advantage of the 802.1X-based access control system is summed up after the detailed comparison with the Cisco’sNAC, Microsoft’sNPC, ARP-based access control systems and security gateway-based access control system.Based on the above theoretical analysis, the 802.1X-based access control system is implemented in this paper. First, the author introduced the overall composition of the 802.1X-based access control system and the function of every component of it. Second, the agent software based on windows system is developed and the overall architecture and the main function of each module is introduced. Then, the process of how to configure the FreeRadius to authenticate the version of the anti-virus software and to send the corresponding vlan data to the authentication device is provided, also how to generate the security certificate is introduced.Thirdly, the design and development of network access control management system is provided, and the architecture of the software and the function of every module is introduced.After the implementation of the 802.1X-based network access control system, a complex network environment is builded to test the network access control system based on EAP-TTLS authentication. This test verified the correctness and availability of the network access control system. Since the 802.1X-based network access control system can administrate the computer access to the enterprise network effectively, it could be deployed in all companies’network.