Design and Implementation of Network Access Control based on IPv6

IPv6 기반의 네트워크 접근제어 시스템 설계 및 구현

  • Received : 2014.06.05
  • Accepted : 2014.10.10
  • Published : 2014.10.31


The increase in the Internet and smart device users requires high-level network security. Network security consists of Web Firewall, Network Firewall, IPS, DDoS system, UTM (Unified Treat Management), VPN, NAC (Network Access Control), Wireless security, Mobile security, and Virtualization. Most network security solutions running on IPv4, and IPv6 network services are not sufficiently ready. Therefore, in this paper, this study designed and implemented important functions of Network Access Control (NAC), which include IPv6 host detection, isolation, blocking and domain assignment for the IPv6 network. In particular, domain assignment function makes 128 bits IPv6 address management easy. This system was implemented on a KISA IPv6 test-bed using well known devices. Finally, the test result showed that all IPv6 based wired and wireless devices were well-controlled (detection, blocking, isolation and domain assignment).


Pv6;Network Access Control;Host Detection;Network Blocking;Domain Assignment


  1. KANI, "The reference model for IPv6 network conversion", pp.10, 2013, Available From : (accessed May 26 2014)
  2. Ministry of Science, ICT and Future Planning, "Roadmap of expanding IPv6 for promotion of new internet industry", 2014, Available From : (accessed May 26 2014)
  3. KISIA, KDCA, "Survey for Information Security Industry in Korea : Year 2013", pp.54, 2014
  4. Jae-Ho Lee, "IPv6 deployment state and expanding strategy on government area", Proc. of IPv6 day 2103 Korea, pp.23-34, 2013
  5. Joel Snyder, "Selecting An Approach For NAC Enforcement: Five Key Issues", pp.2-4, Whitepaper, Opus One, Sept. 2007. Available From : (accessed June 4 2014)