[go: up one dir, main page]

CN110213285A - A kind of method and system of campus network resource share - Google Patents

A kind of method and system of campus network resource share Download PDF

Info

Publication number
CN110213285A
CN110213285A CN201910506310.3A CN201910506310A CN110213285A CN 110213285 A CN110213285 A CN 110213285A CN 201910506310 A CN201910506310 A CN 201910506310A CN 110213285 A CN110213285 A CN 110213285A
Authority
CN
China
Prior art keywords
network
campus network
authentication
campus
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910506310.3A
Other languages
Chinese (zh)
Inventor
姜欧涅
刘卫忠
冯卓明
杨磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201910506310.3A priority Critical patent/CN110213285A/en
Publication of CN110213285A publication Critical patent/CN110213285A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/20Selecting an access point

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明属于校园网共享接入技术领域,公开了一种校园网资源共享的方法和系统,网络认证客户端通过校园网鉴权后,获得合法的IP地址,与校园网建立通信链接;校园网数据包从以太网接口进入设备,设备内部通过CPU进行数据转发,将数据包从以太网口发送到Wifi接口;接入校园网的设备通过Wifi接口,接入校园网。本发明基于有线接入端口,通过校园网资源共享的方法和系统,将有线网络信号转变成无线网络信号,使得一个账号可以供多台设备同时接入校园网。系统基于嵌入式系统,部署灵活,成本低廉。

The invention belongs to the technical field of campus network shared access, and discloses a method and system for sharing campus network resources. After the network authentication client passes the authentication of the campus network, it obtains a legal IP address and establishes a communication link with the campus network; The data packet enters the device from the Ethernet interface, and the device forwards the data through the CPU, and sends the data packet from the Ethernet port to the Wifi interface; the device connected to the campus network is connected to the campus network through the Wifi interface. Based on the wired access port, the invention converts wired network signals into wireless network signals through the campus network resource sharing method and system, so that one account can be used by multiple devices to access the campus network at the same time. The system is based on an embedded system, with flexible deployment and low cost.

Description

一种校园网资源共享的方法和系统A method and system for sharing campus network resources

技术领域technical field

本发明属于校园网共享接入技术领域,尤其涉及一种校园网资源共享的方法和系统。The invention belongs to the technical field of campus network shared access, and in particular relates to a method and system for sharing campus network resources.

背景技术Background technique

目前,最接近的现有技术:Currently, the closest prior art:

校园网作为一个公共网络,对于接入的终端需要进行鉴权,只有合法的用户才有权限接入到校园网。校园网针对学生账号,只允许一台设备在线。当其他使用此账号的设备上线时,当前设备会被迫下线。因为科研、社交、娱乐等方式的需要,每个大学生除了电脑、手机,可能还有其他网络接入终端产品,例如平板电脑、电子阅读器、智能手表等,因此,一个账号,多个设备同时接入校园网的需求大量存在。As a public network, the campus network needs to be authenticated for access terminals, and only legitimate users are authorized to access the campus network. The campus network only allows one device to be online for student accounts. When other devices using this account go online, the current device will be forced to go offline. Due to the needs of scientific research, social interaction, entertainment, etc., in addition to computers and mobile phones, every college student may have other network access terminal products, such as tablet computers, e-readers, smart watches, etc. Therefore, one account, multiple devices at the same time There is a large demand for accessing the campus network.

目前校园网存在有线和无线两种接入方式。因为无线接入不受网线束缚,使用方便,受到大家的青睐。但是在建筑内部,无线网络信号受建筑结构的影响,想要达到信号全覆盖,需要部署大量的无线网络接入点,成本高。考虑到这一点,建筑内部也会分布一些有线接入端口。但是在网络接入需求增加的情况下,有线接入端口数量扩展起来不方便,涉及到布线,加装交换机,成本高昂,灵活性差。At present, there are two access methods of campus network, wired and wireless. Because wireless access is not bound by network cables and is easy to use, it is favored by everyone. However, inside the building, the wireless network signal is affected by the building structure. To achieve full coverage of the signal, it is necessary to deploy a large number of wireless network access points, which is costly. With this in mind, some wired access ports will also be distributed throughout the building. However, when the demand for network access increases, it is inconvenient to expand the number of wired access ports. It involves wiring and installing switches, which is costly and inflexible.

综上所述,现有技术存在的问题是:In summary, the problems in the prior art are:

(1)有线网络拓扑结构改动起来需要重新布线、加装交换机。(1) The topology of the wired network needs to be rewired and installed with switches.

(2)新无线网络接入点的部署无法利用现有的有线网络端口。(2) Deployment of new wireless network access points cannot utilize existing wired network ports.

(3)没有能力运行校园网认证客户端或者进行网络鉴权的网络设备无法接入校园网。(3) Network devices that are unable to run the campus network authentication client or perform network authentication cannot access the campus network.

解决上述技术问题的难度:The difficulty of solving the above technical problems:

目前没有一个完整的解决方案,将校园网认证、wifi发射热点等功能集成在一个低成本嵌入式系统中。At present, there is no complete solution that integrates functions such as campus network authentication and wifi launch hotspot into a low-cost embedded system.

解决上述技术问题的意义:The significance of solving the above technical problems:

(1)快速扩展校园网无线接入信号覆盖范围,无需重新布线,无需加装交换机。(1) Quickly expand the coverage of campus network wireless access signals without rewiring or installing switches.

(2)使没有能力进行校园网认证的设备能够接入校园网。(2) Enable devices that are not capable of campus network authentication to access the campus network.

(3)每个大学生可以通过自己的账户,使得自己的多个设备能够同时接入校园网。(3) Each college student can use his own account to enable his multiple devices to access the campus network at the same time.

发明内容Contents of the invention

针对现有技术存在的问题,本发明提供了一种校园网资源共享的方法和系统。Aiming at the problems existing in the prior art, the present invention provides a method and system for sharing campus network resources.

本发明是这样实现的,一种校园网资源共享的方法,所述校园网资源共享的方法包括:The present invention is achieved in this way, a method for sharing campus network resources, the method for sharing campus network resources includes:

网络认证客户端通过校园网鉴权后,获得合法的IP地址,与校园网建立通信链接;After the network authentication client passes the campus network authentication, it obtains a legal IP address and establishes a communication link with the campus network;

(1)网络认证客户端发起一个认证请求报文给认证请求代理交换机,认证请求报文中包含了需要鉴权的用户名和密码。(1) The network authentication client sends an authentication request message to the authentication request agent switch, and the authentication request message contains the user name and password to be authenticated.

(2)认证请求代理交换机将此报文转发给认证服务器。同时,认证请求代理交换机将网络认证客户端与校园网之间的网络报文通信端口进行阻塞。(2) The authentication request agent switch forwards this packet to the authentication server. At the same time, the authentication request proxy switch blocks the network message communication port between the network authentication client and the campus network.

(3)认证服务器将认证报文中包含的用户名和密码与数据库信息进行比对。(3) The authentication server compares the user name and password contained in the authentication message with the database information.

(4)当报文中的用户名和密码存在于数据库中,说明该用户名和密码是合法的。于是,认证服务器将包含要分配给网络认证客户端的IP地址等信息,发送给认证请求代理交换机。(4) When the user name and password in the message exist in the database, it means that the user name and password are legal. Therefore, the authentication server sends information including the IP address to be assigned to the network authentication client to the authentication request proxy switch.

(5)认证请求代理交换机接受到这些信息后,打开步骤(2)中阻塞的端口。(5) After receiving the information, the authentication request proxy switch opens the port blocked in step (2).

(6)认证请求代理交换机通过打开的端口,将这些信息发送给网络认证客户端。至此,网络认证客户端与校园网建立了通信链接。(6) Authentication request The proxy switch sends the information to the network authentication client through the opened port. So far, the network authentication client has established a communication link with the campus network.

经由Wifi接口接入校园网的设备发出的数据包,通过系统内部源地址转换,将数据包的源IP地址从wifi接口下挂的网络设备对应的IP地址转换为网络认证客户端获取的校园网IP地址,以此完成数据从wifi下挂的设备到校园网的传递。For data packets sent by devices connected to the campus network through the Wifi interface, the source IP address of the data packet is converted from the IP address corresponding to the network device connected to the Wifi interface to the campus network obtained by the network authentication client through the internal source address translation of the system. IP address, in order to complete the transfer of data from the device connected to the wifi to the campus network.

经由校园网进入到系统内部的数据包,通过系统内部目的地址转换,将数据包的目的IP地址从网络认证客户端获取的校园网IP地址转换为wifi接口下挂的网络设备对应的IP地址,以此完成数据从校园网到wifi下挂的设备的传递。The data packets entering the system through the campus network, through the internal destination address translation of the system, convert the destination IP address of the data packet from the campus network IP address obtained by the network authentication client to the corresponding IP address of the network device connected to the wifi interface, In this way, the transfer of data from the campus network to the devices connected to the wifi is completed.

本发明的另一目的在于提供一种终端,所述终端搭载实现所述校园网资源共享的方法的服务器。Another object of the present invention is to provide a terminal equipped with a server implementing the method for sharing campus network resources.

本发明的另一目的在于提供一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得计算机执行所述的校园网资源共享的方法Another object of the present invention is to provide a computer-readable storage medium, including instructions, which, when run on a computer, cause the computer to execute the method for sharing campus network resources

本发明的另一目的在于提供一种实施所述校园网资源共享的方法的校园网资源共享系统,所述校园网资源共享系统包括:Another object of the present invention is to provide a campus network resource sharing system that implements the method for campus network resource sharing, and the campus network resource sharing system includes:

网络接入认证模块,动态主机设置协议模块,域名解析模块,wifi热点建立与数据加密模块,数据转发模块。Network access authentication module, dynamic host setting protocol module, domain name resolution module, wifi hotspot establishment and data encryption module, data forwarding module.

动态主机设置协议模块,一方面提供客户端服务,为网络接入认证模块提供从校园网获取IP地址的能力。另一方面提供服务器端服务,为下挂在wifi接口的网络设备分配IP地址。The dynamic host configuration protocol module, on the one hand, provides client services, and provides the network access authentication module with the ability to obtain an IP address from the campus network. On the other hand, it provides server-side services and assigns IP addresses to network devices connected to the wifi interface.

域名解析模块,提供将网络域名翻译成IP地址的功能。The domain name resolution module provides the function of translating network domain names into IP addresses.

wifi热点建立与数据加密模块是通过hostapd程序完成的。hostapd将系统的wifi接口模拟成一个无线接入点(AP,Access Point),这样其他网络设备通过这个AP接入到系统中。同时,hostapd程序支持WEP/WPA/WPA-2加密安全模式,支持AES/TKIP的密码加密类型。上述功能,通过一个放在/etc目录下的配置文件实现,hostapd程序在开始运行时,会读取这个配置文件的内容。其中,The establishment of wifi hotspot and the data encryption module are completed through the hostapd program. hostapd simulates the wifi interface of the system as a wireless access point (AP, Access Point), so that other network devices can access the system through this AP. At the same time, the hostapd program supports WEP/WPA/WPA-2 encryption security mode, and supports AES/TKIP password encryption type. The above functions are implemented through a configuration file placed in the /etc directory. When the hostapd program starts running, it will read the content of this configuration file. in,

(1)interface=wlan0:表示需要模拟成AP的网络设备接口名称(1) interface=wlan0: Indicates the name of the network device interface that needs to be simulated as an AP

(2)ssid=test:表示AP对外广播的服务集标识(SSID)名称(2) ssid=test: Indicates the name of the service set identifier (SSID) broadcast by the AP to the outside world

(3)wpa=2:表示仅支持WPA2。wpa=1表示支持WPA,而wpa=3表示二者都支持。(3) wpa=2: It only supports WPA2. wpa=1 means WPA is supported, and wpa=3 means both are supported.

(4)wpa_passphrase=123456789a:表示加密前的密码明文。(4) wpa_passphrase=123456789a: indicates the plaintext of the password before encryption.

(5)wpa_key_mgmt=WPA-PSK:表示加密密钥算法。可以的选择有WPA-PSK、WPA-EAP或两者均使用。PSK是预共享密钥。EAP是可扩展认证协议,是一个支持许多不同身份验证方法的框架。(5) wpa_key_mgmt=WPA-PSK: indicates the encryption key algorithm. Possible choices are WPA-PSK, WPA-EAP or both. PSK is a pre-shared key. EAP is Extensible Authentication Protocol, a framework that supports many different authentication methods.

(6)wpa_pairwise=CCMP:表示控制支持加密数据的密钥,可以使用CCMP、TKIP或两者均使用。CCMP比TKIP更强。(6) wpa_pairwise=CCMP: Indicates that the key to control and support encrypted data can use CCMP, TKIP or both. CCMP is stronger than TKIP.

数据转发模块分为应用层部分和操作系统内核层部分。应用层部分的作用是配置数据端口转发规则,配置的规则通过系统调用接口,传递到数据转发模块的操作系统内核层。然后,通过操作系统操作硬件设备,完成系统内部以太网接口和wifi接口的数据转发功能。The data forwarding module is divided into an application layer part and an operating system kernel layer part. The role of the application layer is to configure data port forwarding rules, and the configured rules are passed to the operating system kernel layer of the data forwarding module through the system call interface. Then, operate the hardware device through the operating system to complete the data forwarding function of the system's internal Ethernet interface and wifi interface.

综上所述,本发明的优点及积极效果为:In summary, the advantages and positive effects of the present invention are:

本发明基于有线接入端口,通过校园网资源共享的方法和系统,将有线网络信号转变成无线网络信号,使得一个账号可以供多台设备同时接入校园网。系统基于嵌入式系统,部署灵活,成本低廉。Based on the wired access port, the invention converts wired network signals into wireless network signals through the campus network resource sharing method and system, so that one account can be used by multiple devices to access the campus network at the same time. The system is based on an embedded system, with flexible deployment and low cost.

与现有系统各项指标对比如下:The comparison with the indicators of the existing system is as follows:

附图说明Description of drawings

图1是本发明实施例提供的校园网资源共享系统示意图。FIG. 1 is a schematic diagram of a campus network resource sharing system provided by an embodiment of the present invention.

图2是本发明实施例提供的校园网资源共享系统内部结构示意图。Fig. 2 is a schematic diagram of the internal structure of the campus network resource sharing system provided by the embodiment of the present invention.

图3是本发明实施例提供的以太网口获取到校园网IP地址;Wifi接口设置为固定私有IP地址效果图。Fig. 3 is the effect diagram that the Ethernet port provided by the embodiment of the present invention obtains the IP address of the campus network; the Wifi interface is set to a fixed private IP address.

图4是本发明实施例提供的同时5台网络设备接入到系统中,每台网络设备都分配到一个私有IP地址效果图。Fig. 4 is an effect diagram provided by the embodiment of the present invention when five network devices are connected to the system at the same time, and each network device is assigned a private IP address.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the examples. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

现有技术没有基于有线接入端口,将有线网络信号转变成无线网络信号,使得一个账号可以供多台设备同时接入校园网。造成现有网络接入系统部署不灵活,成本高。The existing technology does not convert wired network signals into wireless network signals based on wired access ports, so that one account can be used by multiple devices to access the campus network at the same time. As a result, the deployment of the existing network access system is inflexible and the cost is high.

为解决上述问题,下面结合附图对本发明作详细描述。In order to solve the above problems, the present invention will be described in detail below in conjunction with the accompanying drawings.

本发明实施例提供的校园网资源共享的方法包括:网络认证客户端通过校园网鉴权后,获得合法的IP地址,与校园网建立通信链接。校园网数据包从以太网接口进入设备,设备内部通过CPU进行数据转发,将数据包从以太网口发送到Wifi接口,其他需要接入校园网的设备通过此Wifi接口,接入校园网。The method for sharing campus network resources provided by the embodiment of the present invention includes: after the network authentication client passes the authentication of the campus network, obtains a legal IP address, and establishes a communication link with the campus network. Campus network data packets enter the device through the Ethernet interface, and the device internally transmits data through the CPU, and sends the data packets from the Ethernet port to the Wifi interface, and other devices that need to access the campus network access the campus network through this Wifi interface.

如图1-图2所示,本发明实施例提供的校园网资源共享系统,包括:As shown in Figures 1-2, the campus network resource sharing system provided by the embodiment of the present invention includes:

网络接入认证模块,动态主机设置协议模块,域名解析模块,wifi热点建立与数据加密模块,数据转发模块。Network access authentication module, dynamic host setting protocol module, domain name resolution module, wifi hotspot establishment and data encryption module, data forwarding module.

网络接入认证模块,动态主机设置协议模块,域名解析模块,wifi热点建立与数据加密模块,数据转发模块。Network access authentication module, dynamic host setting protocol module, domain name resolution module, wifi hotspot establishment and data encryption module, data forwarding module.

动态主机设置协议模块,一方面提供客户端服务,为网络接入认证模块提供从校园网获取IP地址的能力。另一方面提供服务器端服务,为下挂在wifi接口的网络设备分配IP地址。The dynamic host configuration protocol module, on the one hand, provides client services, and provides the network access authentication module with the ability to obtain an IP address from the campus network. On the other hand, it provides server-side services and assigns IP addresses to network devices connected to the wifi interface.

域名解析模块,提供将网络域名翻译成IP地址的功能。The domain name resolution module provides the function of translating network domain names into IP addresses.

wifi热点建立与数据加密模块是通过hostapd程序完成的。hostapd将系统的wifi接口模拟成一个无线接入点(AP,Access Point),这样其他网络设备通过这个AP接入到系统中。同时,hostapd程序支持WEP/WPA/WPA-2加密安全模式,支持AES/TKIP的密码加密类型。上述功能,通过一个放在/etc目录下的配置文件实现,hostapd程序在开始运行时,会读取这个配置文件的内容。其中,The establishment of wifi hotspot and the data encryption module are completed through the hostapd program. hostapd simulates the wifi interface of the system as a wireless access point (AP, Access Point), so that other network devices can access the system through this AP. At the same time, the hostapd program supports WEP/WPA/WPA-2 encryption security mode, and supports AES/TKIP password encryption type. The above functions are implemented through a configuration file placed in the /etc directory. When the hostapd program starts running, it will read the content of this configuration file. in,

(1)interface=wlan0:表示需要模拟成AP的网络设备接口名称(1) interface=wlan0: Indicates the name of the network device interface that needs to be simulated as an AP

(2)ssid=test:表示AP对外广播的服务集标识(SSID)名称(2) ssid=test: Indicates the service set identifier (SSID) name broadcast by the AP to the outside world

(3)wpa=2:表示仅支持WPA2。wpa=1表示支持WPA,而wpa=3表示二者都支持。(3) wpa=2: It only supports WPA2. wpa=1 means WPA is supported, and wpa=3 means both are supported.

(4)wpa_passphrase=123456789a:表示加密前的密码明文。(4) wpa_passphrase=123456789a: indicates the plaintext of the password before encryption.

(5)wpa_key_mgmt=WPA-PSK:表示加密密钥算法。可以的选择有WPA-PSK、WPA-EAP或两者均使用。PSK是预共享密钥。EAP是可扩展认证协议,是一个支持许多不同身份验证方法的框架。(5) wpa_key_mgmt=WPA-PSK: indicates the encryption key algorithm. Possible choices are WPA-PSK, WPA-EAP or both. PSK is a pre-shared key. EAP is Extensible Authentication Protocol, a framework that supports many different authentication methods.

(6)wpa_pairwise=CCMP:表示控制支持加密数据的密钥,可以使用CCMP、TKIP或两者均使用。CCMP比TKIP更强。(6) wpa_pairwise=CCMP: Indicates that the key to control and support encrypted data can use CCMP, TKIP or both. CCMP is stronger than TKIP.

数据转发模块分为应用层部分和操作系统内核层部分。应用层部分的作用是配置数据端口转发规则,配置的规则通过系统调用接口,传递到数据转发模块的操作系统内核层。然后,通过操作系统操作硬件设备,完成系统内部以太网接口和wifi接口的数据转发功能。The data forwarding module is divided into an application layer part and an operating system kernel layer part. The role of the application layer is to configure data port forwarding rules, and the configured rules are passed to the operating system kernel layer of the data forwarding module through the system call interface. Then, operate the hardware device through the operating system to complete the data forwarding function of the system's internal Ethernet interface and wifi interface.

本发明使得一个校园网账号可以供多台设备同时接入校园网。The invention enables one campus network account to be used by multiple devices to access the campus network at the same time.

本发明为没有显示界面,或者无法运行认证客户端的设备提供一个接入校园网的途径。The invention provides a way to access the campus network for devices without a display interface or unable to run authentication clients.

本发明实施例提供的校园网资源共享的方法包括:The method for sharing campus network resources provided by the embodiments of the present invention includes:

网络认证客户端通过校园网鉴权后,获得合法的IP地址,与校园网建立通信链接;After the network authentication client passes the campus network authentication, it obtains a legal IP address and establishes a communication link with the campus network;

(1)网络认证客户端发起一个认证请求报文给认证请求代理交换机,认证请求报文中包含了需要鉴权的用户名和密码。(1) The network authentication client sends an authentication request message to the authentication request agent switch, and the authentication request message contains the user name and password to be authenticated.

(2)认证请求代理交换机将此报文转发给认证服务器。同时,认证请求代理交换机将网络认证客户端与校园网之间的网络报文通信端口进行阻塞。(2) The authentication request agent switch forwards this packet to the authentication server. At the same time, the authentication request proxy switch blocks the network message communication port between the network authentication client and the campus network.

(3)认证服务器将认证报文中包含的用户名和密码与数据库信息进行比对。(3) The authentication server compares the user name and password contained in the authentication message with the database information.

(4)当报文中的用户名和密码存在于数据库中,说明该用户名和密码是合法的。于是,认证服务器将包含要分配给网络认证客户端的IP地址等信息,发送给认证请求代理交换机。(4) When the user name and password in the message exist in the database, it means that the user name and password are legal. Therefore, the authentication server sends information including the IP address to be assigned to the network authentication client to the authentication request proxy switch.

(5)认证请求代理交换机接受到这些信息后,打开此前阻塞的端口。(5) After receiving the information, the authentication request proxy switch opens the previously blocked port.

(6)认证请求代理交换机通过打开的端口,将这些信息发送给网络认证客户端。至此,网络认证客户端与校园网建立了通信链接。(6) Authentication request The proxy switch sends the information to the network authentication client through the opened port. So far, the network authentication client has established a communication link with the campus network.

经由Wifi接口接入校园网的设备发出的数据包,通过系统内部源地址转换,将数据包的源IP地址从wifi接口下挂的网络设备对应的IP地址转换为网络认证客户端获取的校园网IP地址,以此完成数据从wifi下挂的设备到校园网的传递。For data packets sent by devices connected to the campus network through the Wifi interface, the source IP address of the data packet is converted from the IP address corresponding to the network device connected to the Wifi interface to the campus network obtained by the network authentication client through the internal source address translation of the system. IP address, in order to complete the transfer of data from the device connected to the wifi to the campus network.

经由校园网进入到系统内部的数据包,通过系统内部目的地址转换,将数据包的目的IP地址从网络认证客户端获取的校园网IP地址转换为wifi接口下挂的网络设备对应的IP地址,以此完成数据从校园网到wifi下挂的设备的传递。The data packets entering the system through the campus network, through the internal destination address translation of the system, convert the destination IP address of the data packet from the campus network IP address obtained by the network authentication client to the corresponding IP address of the network device connected to the wifi interface, In this way, the transfer of data from the campus network to the devices connected to the wifi is completed.

下面结合本发明系统制作步骤作进一步描述。Further description will be made below in conjunction with the manufacturing steps of the system of the present invention.

本发明系统制作步骤如下:The manufacturing steps of the system of the present invention are as follows:

(1)在32bit Ubuntu 16.04系统上,安装Buildroot工具软件。(1) On the 32bit Ubuntu 16.04 system, install the Buildroot tool software.

(2)将系统各模块软件包、u-boot软件、Linux内核代码放入Buildroot软件目录下。(2) Put the system software packages, u-boot software, and Linux kernel code into the Buildroot software directory.

(3)通过交叉编译器,将(2)中的软件代码进行编译,形成一个目标机器烧录文件。(3) Compile the software code in (2) through a cross compiler to form a target machine burning file.

(4)将目标机器烧录文件,烧录进BeagleBone Black电路板上的Flash闪存设备中。(4) Burn the files of the target machine into the Flash memory device on the BeagleBone Black circuit board.

下面结合实施效果对本发明作进一步描述。The present invention will be further described below in combination with the implementation effects.

本发明实施效果有:Implementation effect of the present invention has:

如图3所示,以太网口获取到校园网IP地址。Wifi接口设置为固定私有IP地址。As shown in Figure 3, the Ethernet port obtains the IP address of the campus network. The Wifi interface is set to a fixed private IP address.

如图4所示,同时5台网络设备接入到系统中,每台网络设备都分配到一个私有IP地址。As shown in Figure 4, five network devices are connected to the system at the same time, and each network device is assigned a private IP address.

以太网口线速100Mbps,wifi接口实际速率可以稳定在30Mbps左右。The line speed of the Ethernet port is 100Mbps, and the actual speed of the wifi interface can be stabilized at around 30Mbps.

在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用全部或部分地以计算机程序产品的形式实现,所述计算机程序产品包括一个或多个计算机指令。在计算机上加载或执行所述计算机程序指令时,全部或部分地产生按照本发明实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL)或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输)。所述计算机可读取存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘SolidState Disk(SSD))等。In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented wholly or partly in the form of a computer program product, said computer program product comprises one or more computer instructions. When the computer program instructions are loaded or executed on the computer, the processes or functions according to the embodiments of the present invention will be generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server or data center by wired (eg coaxial cable, fiber optic, digital subscriber line (DSL) or wireless (eg infrared, wireless, microwave, etc.)). The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media. The available medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, DVD), or a semiconductor medium (for example, a Solid State Disk (SSD)).

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. within range.

Claims (7)

1.一种校园网资源共享的方法,其特征在于,所述校园网资源共享的方法包括:1. A method for campus network resource sharing, characterized in that, the method for campus network resource sharing comprises: 网络认证客户端通过校园网鉴权后,获得合法的IP地址,与校园网建立通信链接;After the network authentication client passes the campus network authentication, it obtains a legal IP address and establishes a communication link with the campus network; 校园网数据包从以太网接口进入设备,设备内部通过CPU进行数据转发,将数据包从以太网口发送到Wifi接口;The campus network data packet enters the device from the Ethernet interface, and the device internally transmits the data through the CPU, and sends the data packet from the Ethernet port to the Wifi interface; 接入校园网的设备通过Wifi接口,接入校园网。The devices connected to the campus network are connected to the campus network through the Wifi interface. 2.如权利要求1所述的校园网资源共享的方法,其特征在于,网络认证客户端通过校园网鉴权后,获得合法的IP地址,与校园网建立通信链接,进一步包括:2. The method for sharing campus network resources as claimed in claim 1, wherein the network authentication client obtains a legal IP address after passing through the campus network authentication, and establishes a communication link with the campus network, further comprising: (1)网络认证客户端发起一个认证请求报文给认证请求代理交换机,认证请求报文中包含需要鉴权的用户名和密码;(1) The network authentication client initiates an authentication request message to the authentication request agent switch, and the authentication request message includes the user name and password that need to be authenticated; (2)认证请求代理交换机将此报文转发给认证服务器;同时,认证请求代理交换机将网络认证客户端与校园网之间的网络报文通信端口进行阻塞;(2) the authentication request agent switch forwards this message to the authentication server; meanwhile, the authentication request agent switch blocks the network message communication port between the network authentication client and the campus network; (3)认证服务器将认证报文中包含的用户名和密码与数据库信息进行比对;(3) The authentication server compares the user name and password contained in the authentication message with the database information; (4)当报文中的用户名和密码存在于数据库中,所述用户名和密码合法;认证服务器将包含要分配给网络认证客户端的IP地址信息,发送给认证请求代理交换机;(4) When the user name and password in the message exist in the database, the user name and password are legal; the authentication server will include the IP address information to be distributed to the network authentication client, and send it to the authentication request agent switch; (5)认证请求代理交换机接受到这些信息后,打开步骤(2)中阻塞的端口;(5) After the authentication request proxy switch receives the information, it opens the blocked port in the step (2); (6)认证请求代理交换机通过打开的端口,将这些信息发送给网络认证客户端;网络认证客户端与校园网建立通信链接。(6) The authentication request proxy switch sends the information to the network authentication client through the opened port; the network authentication client establishes a communication link with the campus network. 3.如权利要求1所述的校园网资源共享的方法,其特征在于,校园网数据包从以太网接口进入设备,设备内部通过CPU进行数据转发,将数据包从以太网口发送到Wifi接口,进一步包括:经由Wifi接口接入校园网的设备发出的数据包,通过系统内部源地址转换,将数据包的源IP地址从wifi接口下挂的网络设备对应的IP地址转换为网络认证客户端获取的校园网IP地址,完成数据从wifi下挂的设备到校园网的传递。3. the method for campus network resource sharing as claimed in claim 1, is characterized in that, campus network data packet enters equipment from Ethernet interface, and inside equipment carries out data forwarding by CPU, and data packet is sent to Wifi interface from Ethernet interface , further includes: for the data packet sent by the device connected to the campus network through the Wifi interface, through the internal source address translation of the system, the source IP address of the data packet is converted from the IP address corresponding to the network device connected to the wifi interface to the network authentication client The obtained IP address of the campus network completes the transfer of data from the device connected to the wifi to the campus network. 4.如权利要求1所述的校园网资源共享的方法,其特征在于,接入校园网的设备通过Wifi接口,接入校园网,进一步包括:4. The method for sharing campus network resources as claimed in claim 1, wherein the equipment for accessing the campus network accesses the campus network through a Wifi interface, further comprising: 经由校园网进入到系统内部的数据包,通过系统内部目的地址转换,将数据包的目的IP地址从网络认证客户端获取的校园网IP地址转换为wifi接口下挂的网络设备对应的IP地址,完成数据从校园网到wifi下挂的设备的传递。The data packets entering the system through the campus network, through the internal destination address translation of the system, convert the destination IP address of the data packet from the campus network IP address obtained by the network authentication client to the corresponding IP address of the network device connected to the wifi interface, Complete the transfer of data from the campus network to the devices connected to the wifi. 5.一种终端,其特征在于,所述终端搭载实现权利要求1~4任意一项所述校园网资源共享的方法的服务器。5. A terminal, characterized in that the terminal is equipped with a server implementing the method for sharing campus network resources according to any one of claims 1-4. 6.一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得计算机执行如权利要求1~4任意一项所述的校园网资源共享的方法。6. A computer-readable storage medium, comprising instructions, which, when run on a computer, cause the computer to execute the method for sharing campus network resources according to any one of claims 1-4. 7.一种实施权利要求1所述校园网资源共享的方法的校园网资源共享系统,其特征在于,所述校园网资源共享系统包括:7. A campus network resource sharing system implementing the method for campus network resource sharing described in claim 1, wherein said campus network resource sharing system comprises: 网络接入认证模块、动态主机设置协议模块、域名解析模块、wifi热点建立与数据加密模块及数据转发模块;Network access authentication module, dynamic host setting protocol module, domain name resolution module, wifi hotspot establishment and data encryption module and data forwarding module; 动态主机设置协议模块,用于提供客户端服务,为网络接入认证模块提供从校园网获取IP地址的能力;还用于提供服务器端服务,为下挂在wifi接口的网络设备分配IP地址;The dynamic host setting protocol module is used to provide client services and provide the network access authentication module with the ability to obtain IP addresses from the campus network; it is also used to provide server-side services and assign IP addresses to network devices connected to the wifi interface; 域名解析模块,用于将网络域名翻译成IP地址;Domain name resolution module, used to translate network domain names into IP addresses; wifi热点建立与数据加密模块,通过hostapd程序将系统的wifi接口模拟成一个无线接入点,其他网络设备通过此无线接入点接入到系统中;Wifi hotspot establishment and data encryption module, through the hostapd program, the wifi interface of the system is simulated as a wireless access point, and other network devices are connected to the system through this wireless access point; 同时,hostapd程序支持WEP/WPA/WPA-2加密安全模式,支持AES/TKIP的密码加密类型;hostapd程序运行时,读取放在/etc目录下的配置文件的内容;At the same time, the hostapd program supports WEP/WPA/WPA-2 encryption security mode, and supports the password encryption type of AES/TKIP; when the hostapd program is running, it reads the content of the configuration file placed in the /etc directory; 数据转发模块,分为应用层部分和操作系统内核层部分;应用层部分用于配置数据端口转发规则,配置的规则通过系统调用接口,传递到数据转发模块的操作系统内核层;然后,通过操作系统操作硬件设备,完成系统内部以太网接口和wifi接口的数据转发功能。The data forwarding module is divided into the application layer part and the operating system kernel layer part; the application layer part is used to configure the data port forwarding rules, and the configured rules are passed to the operating system kernel layer of the data forwarding module through the system call interface; then, through the operation The system operates hardware devices to complete the data forwarding function of the system's internal Ethernet interface and wifi interface.
CN201910506310.3A 2019-06-12 2019-06-12 A kind of method and system of campus network resource share Pending CN110213285A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910506310.3A CN110213285A (en) 2019-06-12 2019-06-12 A kind of method and system of campus network resource share

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910506310.3A CN110213285A (en) 2019-06-12 2019-06-12 A kind of method and system of campus network resource share

Publications (1)

Publication Number Publication Date
CN110213285A true CN110213285A (en) 2019-09-06

Family

ID=67792237

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910506310.3A Pending CN110213285A (en) 2019-06-12 2019-06-12 A kind of method and system of campus network resource share

Country Status (1)

Country Link
CN (1) CN110213285A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104079636A (en) * 2014-06-18 2014-10-01 深圳技师学院 Mobile campus network based on cloud computing
US20160135041A1 (en) * 2014-11-10 2016-05-12 Qualcomm Incorporated Wi-fi privacy in a wireless station using media access control address randomization
CN208434119U (en) * 2018-07-04 2019-01-25 陈进龙 A portable Wi-Fi voice system and device thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104079636A (en) * 2014-06-18 2014-10-01 深圳技师学院 Mobile campus network based on cloud computing
US20160135041A1 (en) * 2014-11-10 2016-05-12 Qualcomm Incorporated Wi-fi privacy in a wireless station using media access control address randomization
CN208434119U (en) * 2018-07-04 2019-01-25 陈进龙 A portable Wi-Fi voice system and device thereof

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
李茂源: "《基于wi-fi技术的灾后通信基站设计》", 《中国优秀硕士论文辑》 *
董秋迪: "《随身Wi-FI校园网络怎么破》", 《天极网》 *
陆益军: "《网络地址转换技术在校园网建设中的应用》", 《计算机光盘软件与应用》 *

Similar Documents

Publication Publication Date Title
US10326737B2 (en) Mobile hotspot managed by access controller
US8910300B2 (en) Secure tunneling platform system and method
WO2020057163A1 (en) Mec platform deployment method and device
CN105027529B (en) Method and apparatus for authenticating user access to network resources
US20110016309A1 (en) Cryptographic communication system and gateway device
US8611358B2 (en) Mobile network traffic management
CN107404485A (en) A kind of self-validation cloud connection method and its system
CN111182546B (en) Method, equipment and system for accessing wireless network
CN110830990A (en) Identity information processing method, equipment and system
WO2020029754A1 (en) Signing information configuration method and communication device
CN112136299A (en) Facilitating residential wireless roaming via VPN connectivity over a public service provider network
US20250294025A1 (en) Method for expanding public cloud, device, system, and storage medium
WO2015065210A1 (en) Secure mobile access to resources within a private network
JP2021184308A (en) Device and method for remotely managing apparatus, and program therefor
WO2014071841A1 (en) Method, terminal, server, system, and device for synchronizing wireless network parameters
EP3454520B1 (en) Virtual private networks without software requirements
US20190200226A1 (en) Method of authenticating access to a wireless communication network and corresponding apparatus
US20080244262A1 (en) Enhanced supplicant framework for wireless communications
CN112135253B (en) Network connection method and device
CN117278275A (en) Access right adjustment method, device and storage medium
CN207706214U (en) It is a kind of to connect system from verification cloud
CN110213285A (en) A kind of method and system of campus network resource share
CN103916849A (en) Method and device for wireless local area network communication
CN113574840B (en) Method and apparatus for providing multiple authenticated identities for a single wireless association
Salkintzis Experimental Integration of Non-5G Capable Devices into 5G Networks via Untrusted WLAN: The Unif Approach

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190906