$ vlan b ; ` h€¦ · wireless lan system using dynamic vlan assignments ° ¾† | h Ü [† | ~...
TRANSCRIPT
-
VLAN
LANNetwork design and operation for Niigata University
wireless LAN system using dynamic VLAN assignments
† † †Kazuyuki YAMAMOTO†, Shigeyoshi AOYAMA†, Kenji MIKAWA†
†Center for Academic Information Service, Niigata University
18 LAN
DHCP IP HTTP
24 IP
IP
IP
IP
VLAN IP
LAN
AbstractThe wireless network system on Niigata University campus installed in 2007 has worked well. Below is an
overview of how university members use this system; wireless network computers are assigned global IP addresses bya DHCP server and any HTTP communications are redirected to a web authentication page in order to authenticatethe members. The system contributed to reducing the management burden of network operations because of easytracking of users and their computers. The number of smartphone and tablet users increased very rapidly at recentNiigata University, and since about 2012, we recognized a serious problem that the system run out of global IPaddresses for being assigned to wireless network computers. Since in our wireless network design, always-on wirelessnetwork devices were assigned global IP addresses before authentication, they might have occupied the addresseswithout authentication. It followed that the other members who really wanted to use wireless network could notaccess the network. In order to solve the shortage of global IP addresses with maintenance of easy tracking of users,we improved the existing system to assign wireless network computers which have passed user authentication withglobal IP addresses using dynamic VLAN assignments. In this paper, we detail an overview of the improved wirelessnetwork system and finally, evaluate the benefits of our system from the result of network operations.
LAN IP VLANKeywords
Network design, Wireless LAN system, Saving IP address, Dynamic VLAN assignment
学術情報処理研究 No.18 2014 pp.43−52
- 43 -
-
1
14 7 LAN
100 AP
AP IP
IP NAPT
IDS
IDS
IP
IP
IP
IP AP
IP
19 1 LAN
NAPT
DHCP IP
HTTP
LAN ID
IP
AP 24
200 AP
IP
19
878
24
IP
IP
IP
NAPT
DHCP IP
HTTP
- 1: 19
LAN 1
AP 215
RADIUS 1
DHCP 1
IP
RADIUS
VLAN
IP IP
24 10
26 3
1 9
LAN
ID
IP
LAN
3 IP
2 LAN
LAN 19
LAN
19
LAN
26 LAN
2.1
19
AP 1
4
IP
3
- 44 -
-
AP
RADIUS
AP AP LAN
WLC
DHCP-G
L3
(a)
RADIUS
DHCP-G
LAN
AP AP AP
WLC L3
(b) IP
RADIUS
DHCP-G
LAN
AP AP AP
WLC L3
(c)
- 1:
250 250 128
1 250 IP
1(a) LAN
WLC AP
GRE Generic Routing Encapsulation
AP
LAN LAN
AP
LAN RADIUS
DHCP
IP
1 L3
IP
DHCP GRE
AP L3
L3
L3 2
AP GRE
AP
L3 DHCP
L3
DHCP DHCP
L3
L3
DNS DHCP
2
LAN
AP GRE
1⃝ SSID AP
2⃝ DHCP IP
3⃝ DHCP IPIP
4⃝ HTTP
5⃝ HTTPURL HTTPS
6⃝ ID
7⃝ IDRADIUS
8⃝
DHCP
IP
IP
1(b) 2⃝3⃝ 2⃝ 3⃝ AP
DHCP IP
AP GRE
DHCP
DHCP 2⃝ DHCP
3⃝
- 45 -
-
AP L3
DHCP
Access with SSID
RADIUS
DHCPREQUEST
DHCPACK
HTTP Connection
HTTP Redirection (Auth-URL)
Input UID/PASSWD
RADIUS Access-Request
RADIUS Access-Accept
DHCPRELAY
- 2:
1(c)
IP
DNS DHCP
HTTP 4⃝URL 5⃝ID 6⃝
RADIUS 7⃝8⃝
AP
IP
DHCP
2.2
IP
24 10 26 2
LAN
26 3
2
4 IP
IP DHCP
1 LAN
LAN
VLAN
IP
- 2: 26
LAN 1
AP 307
RADIUS 1
DHCP 2
4
3 1
2,000 8,000
IP
1,000
3(a)
4 VLAN
VLAN VLAN
L3
L3
VLAN IP
VLAN IP
DHCP DHCP
GRE
LAN
L3 L2
- 46 -
-
AP
RADIUS
AP AP LAN
SW
SW
SW
SW
WLC DHCP-P
DHCP-G
L3
(a)
RADIUS SW
SW
SW
SW
WLC DHCP-P
DHCP-G
AP AP LAN
AP
L3
(b) IP
RADIUS SW
SW
SW
SW
WLC DHCP-P
DHCP-G
AP AP LAN
AP
L3
(c)
RADIUS SW
SW
SW
SW
WLC DHCP-P
DHCP-G
AP AP LAN
AP
L3
(d) IP
- 3:
AP L3
L3
L3 2
AP GRE
AP
L3
DHCP
L3 DHCP
DHCP L3
L3
IP
DNS
DHCP
4
1⃝ SSID AP
2⃝ DHCP IP
3⃝ DHCP IP
4⃝ HTTP
5⃝ HTTPURL HTTPS
6⃝ ID
7⃝ IDRADIUS
8⃝VLANID VLANID
VLANID
VLANID
9⃝ IP DHCPIP VLANID
IP
DHCP
10⃝ DHCP IP
DHCP IP
IP
- 47 -
-
AP L3
DHCP
P Access with SSID
RADIUS
DHCPREQUEST
DHCPACK
HTTP Connection
HTTP Redirection (Auth-URL)
Input UID/PASSWD
RADIUS Access-Request
RADIUS Access-Accept
DHCP
G
DHCPACK
DHCPREQUEST
DHCPRELAY
DHCPRELAY
- 4:
3(b) 2⃝ 3⃝ 2⃝ 3⃝AP DHCP
IP DHCP
L3
DHCP 2⃝ DHCP
3⃝3(c)
DNS DHCP
HTTP 4⃝URL 5⃝ID 6⃝ RADIUS
7⃝ 8⃝VLAN
MAC VLANID
VLANID VLANID
IP
3(d) 9⃝ 10⃝ 9⃝ 10⃝VLAN DHCP
IP DHCP
IP DHCP
IP
DHCP
IP 9⃝IP 10⃝
IP
20
DHCP
IP
20
OS
IP
10
3
Internet Systems Consortium ISC DHCP
IP
MAC
dhcpd.leases
ISC-DHCP IP
dhcpd.leases
IP
3.1 IP
IP
dhcpd.leases
10 IP
IP
10 dhcpd.leases
- 48 -
-
0
500
1000
1500
2000
2500
3000
3500
4000
4500
05/19 00:00
05/21 00:00
05/23 00:00
05/25 00:00
05/27 00:00
05/29 00:00
05/31 00:00
06/02 00:00
TotalGlobalPrivate
- 5: 26 5 19 26 6 1 IP
0
500
1000
1500
2000
2500
3000
3500
4000
4500
06/02 00:00
06/04 00:00
06/06 00:00
06/08 00:00
06/10 00:00
06/12 00:00
06/14 00:00
06/16 00:00
TotalGlobalPrivate
- 6: 26 6 2 26 6 15 IP
IP
IP
IP
dhcpd.leases 10
IP
IP
20
IP
IP
IP
IP
N T
IP ∆t
dhcpd.leases IP
T/∆t = 30 N
30
IP
MAC N
N = |Scur − (Scur ∩ Sprev)|T
∆t+ |Scur ∩ Sprev| (1)
Scur
IP
MAC |S|S Sprev
- 49 -
-
0
500
1000
1500
2000
2500
3000
3500
4000
4500
06/16 00:00
06/18 00:00
06/20 00:00
06/22 00:00
06/24 00:00
06/26 00:00
06/28 00:00
06/30 00:00
TotalGlobalPrivate
- 7: 26 6 16 26 6 29 IP
IP MAC
Sprev
Scur Scur ∩ SprevT
N
Sprev − (Scur ∩ Sprev) IP
26 5 19 26 6 30
IP (1)
5 19 6 1 5
6 2 6 15 6
6 16 6 30 7
3.2
(1) N
(1) 2 |Scur ∩ Sprev|1
IP
|Scur − (Scur ∩ Sprev)| T/∆t
IP
IP
R =|Scur − (Scur ∩ Sprev)|
|Scur ∩ Sprev|(2)
R
5 6 7
26 5 19 26 6 1
(2) 8
IP
5 19
6 30 7 30 20
R 9
1 8 30 2 10 15 3 12
55 4 14 40 5 16 25
9
IP
1.5
0.5
IP
0.5
(1)
3.3
5 6 7 IP
IP
- 50 -
-
0
1
2
3
4
5
6
7
8
05/19 00:00
05/21 00:00
05/23 00:00
05/25 00:00
05/27 00:00
05/29 00:00
05/31 00:00
06/02 00:00
|Scu
r-(S c
ur∩
S pre
v)T/∆
t|/|S
cur∩
S pre
v|
- 8: IP IP
0
0.5
1
1.5
2
2.5
3
3.5
4
4.5
08:00 10:00 12:00 14:00 16:00 18:00 20:00
avg(
|Scu
r-(S c
ur∩
S pre
v)T/∆
t|/|S
cur∩
S pre
v|)
- 9: IP IP
6 11 IP
4
1
IP
IP
IP
8 8 30
IP
IP
IP
IP
14
14 25 3 3
24 IP
IP
10
6 11 IP
IP 2,000 2,500
IP
600
- 51 -
-
0
500
1000
1500
2000
2500
3000
3500
4000
4500
Mon Tue Wed Thu Fri
05/19-05/23 global05/19-05/23 private05/26-05/30 global
05/26-05/30 private06/02-06/06 global
06/02-06/06 private06/09-06/13 global
06/09-06/13 private06/16-06/20 global
06/16-06/20 private06/23-06/27 global
06/23-06/27 private
- 10: IP
1,000
1,000
IP
IP
IP
10
IP
2,000 2,500
24
IP 878
IP
4
IP 20
24 10
10
OS
20
OS
OS
VLAN IP
IP
AP
VLAN VLAN
VLAN
GRE AP
LAN VLAN
AP
LAN
ID
3
ID (1) IDS IP
(2) LAN
IP IP
MAC (3)
MAC MAC
ID
(3)
MAC
IP MAC
ID
ID
5
LAN
IP
IP
LAN
LAN
- 52 -
answer-referee-reportsrevised