摘要
文章论述了无线高速接入点产品的整体安全解决方案,包括物理层安全、连接层安全、用户层安全、操作维护安全等方面,重点论述了其使用802.1X EAP-TLS实现传输层的安全。由于该产品一个IP端口对应控制模块和通信模块,并有不同的MAC地址,故改进后的方案采用了ACL关联EAP来控制DHCP请求报文是否通过。这种配置方式依赖于交换机的认证模式,该实现机制对将来在无线接入产品中集成安全系统提供了参考。
This paper discussed whole security solution from the following aspects: physical security, user level security, backhaul security, OM security. Focus on the transport level security of MAC address which implements the 802.1x (EAP-TLS) standard with Switch and AAA server. With the complicated situation of two MAC addresses (for Control and Communication Module separately) from one IP Ethernet port, the updated solution chooses ACL to associate EAP to control the DHCP request packet pass or not. This configuration depends on the switch authentication mode. This paper gives a detailed research on the realization of this security mechanism. The conclusion of 802.1x used in Wireless Access Point is a good reference for the future use.
出处
《信息网络安全》
2011年第8期22-24,共3页
Netinfo Security
