Non-aware WLAN Authentication Design And Implementation Based On Seamless Roaming

To solve problems like timeout reconnection,roaming reconnection and cross domain authentication,scientists across the world have paied great efforts.Main research direction is to enhance authentication technology,seamless roaming and Eduroam.But those technologies only solve one problem independently,like Eduroam it can only work in campuses,there is no unitied and universal solution for all kind of situations.This article based on previous research,studied and anlyze network structure,authentication methods,roaming tech,combined re-connection,re-authentication and cross domain authentication technologies,proposes a brand new,universal solution to solve problems that would cause sense during WLAN access.Solutions provided in this article are proved to be effective after deployment in Stage 3 of BJTU student dormitory WLAN project.This article demonstrates a brand new,general solution which will solve the heavy drops,roaming roaming authentication,cross domain authentication issues when users access WLAN:1)Re-construct network topology structure,enlarge leve 2 of network.By changing the DHCP address lease strategy,user IP address will not change in the course of roaming and other information,and in various controllers using standard roaming protocol,the user does not cross the AP coverage area is broken at the same time;2)Using external Web Portal server centralized management authentication request,the user first login login information will record on the Portal server,and in the reconnection or roaming switch again without pop-up WEB certification page;3)The design scheme of seamless roaming protocol based on two layer,will cause the broadcast storm,through the wireless network layer two switch port isolation and isolation to avoid broadcasting storm;4)By changing the University RADIUS server settings,add name suffix to carry forward the parameters,the name of the user to accept non authentication request and the request is forwarded to the local user the authentication server,receiving the certification results after the grant of access,to achieve non local users access to the internet.