| In any network, the gateway always has a special function, especially for the Ethernet. With the research in the field of network security deepening and network security awareness growing in our country, function of the gateway is required more and more deeply. The function of this key node is not confined to authentication, but gradually extended to authorization and accounting. However, in our country the gateway for the access layer oriented node is only authentication gateway currently and has not achieved the complete function of authorization and accounting.The research purpose of this paper is to implement the fine-grained authentication and authorization gateway. This paper researches the implementation mechanism of authorization and Captive Portal deeply on the basis of the research about the authentication and accounting of the traditional authentication gateway. Based on the study of domestic and foreign AAA (Authentication, Authorization, Accounting) standards, this paper analyzes different forwarding mechanisms of kernel data packets, compares the methods of forwarding data packets based on Linux Netfilter module and FreeBSD kernel of PF(packet filter). On the basis of this, this paper realizes authentication by the method of Web Portal and fine-grained control over the authorization combined with PF technology and RBAC (Role Based Access Control) method, implementing control over different users for the allowed time to login, the protocols each time period allowed and the bandwidth allocation with QoS (Quality of Service) for each protocol, in order to push the research of authentication gateway to a new stage where the authentication and authorization is combined. Through actual test, the system has good forwarding characteristics. |
PDF Full Text Request