摘要
提出了一个基于域活动目录的网络准入控制方案,利用活动目录中的应用目录,分区存储网络准入控制中的主机信息、安全策略配置、站点网络环境等数据,集成域用户身份认证,同时利用VMPS协议实现动态VLAN划分,隔离认证与未认证主机,合格与不合格主机。
This article established an active-directory-based network access control system. The system utilizes the active directory application directory partition to store host info, security policy, site-network configuration and other control-related data. It also provides non-domain-service network a way to authenticate host user as a domain user. The system uses vmps protocol for dynamic vlan assignment, to make sure authenticated hosts and non-authenticated users, qualified host and non-qualified hosts are isolated.
出处
《微型电脑应用》
2010年第10期16-18,1,共3页
Microcomputer Applications
基金
上海市科委科研项目(08dz1500603)