Design And Implementation Of Local Area Network Access Authentication System Based On RADIUS Protocol

Enterprises and campus,production business,management and network are gradually integrated under the development of network communication technology and the deepening of information reform in government.At present,the demand for network services is increasing daily.Facing the complex LAN environment,more and more attention has been paid to network security while providing convenient access.It will lead to network security vulnerabilities and external malicious attacks for the lack of effective identity authentication means in the local area network,and the network access terminals can access the network at will.LAN access authentication is an effective means to ensure the security of the intranet,which protects that legitimate users access the network and reducing the occurrence of illegal network security incidents from the root.At present,there are many types of user terminals,various forms of network access,and deep integration of wired and wireless.The traditional LAN access authentication system has many problems,such as single authentication method,inflexible authorization and charging method,lack of authentication log audit and account management,etc.Aiming at the requirements of existing LAN,this paper designs and implements a LAN access authentication system based on RADIUS protocol,which not only includes the functions of authentication,authorization and accounting when users access the network,but also provides services such as unified user management and authentication configuration.The main work is as follows:(1)Design and implement the LAN authentication,authorization and accounting module.The RADIUS protocol and Portal protocol are applied to the system,and the protocol message and workflow are designed in detail.Through the implementation of UDP communication module,the problem of message interaction between RADIUS server,portal server and network equipment is solved.It supports 802.1x authentication,Portal authentication and MAC authentication.It realizes the functions of authentication online,authorization issuing,user active offline and forced offline,and completes the core functions of access authentication system.(2)Design and implement the account management module in LAN authentication system.Starting from the actual business requirements,the account types in LAN access authentication are divided into three types: Internal users,temporary visitors and MAC accounts,and the functions of unified management of various accounts,user group management,real-time display of online users and online and offline log of users are realized,which provides effective information for network managers to audit users' online behavior.(3)Design and implement the access authentication module in LAN authentication system.The physical objects involved in access authentication,such as network equipment,authorization policy,Portal page push policy and charging policy,are abstracted and defined to support the addition,deletion,modification and checking operations of network managers.A policy matching method based on user group and scene is designed,which can flexibly match policies according to user group,terminal IP address,access time,access equipment and other conditions.Based on the microservice architecture,this paper identifies four core microservices from the above functional modules,including AAA microservices,portal microservices,account management microservices and authentication configuration microservices.Each microservice focuses on its own business logic with clear interface,which improves the development and deployment efficiency.By introducing the microservice governance component in Spring Cloud framework,the scalability and reliability of the system are improved.At the same time,a two-level cache scheme based on microservice memory cache and Redis cache is proposed,which can significantly improve the system performance.Finally,the interface test,function test and performance test are carried out for the deployed system.The test verifies that the system can meet the requirements in function and performance indicators and achieve the expected goals.