1 - 2 - 3 - 6 - 7 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W
NAS
Click on the red underlined text to get to the source
... routers and network access servers (NAS) have increased in complexity
and density, putting new demands on AAA protocols.
...
... AAA protocols were first introduced, the
capabilities of Network Access Server (NAS) devices have increased
substantially. As a result, while Diameter is a considerably more
...
... policy decisions relating to resource usage and provisioning.
This is typically accomplished by tracking the state of NAS
devices. While proxies typically do not respond to client
Requests ...
... AVPs
and realm forwarding tables they do not keep state on NAS resource
usage or sessions in progress.
...
... Diameter clients, such as Network Access Servers (NASes) and Mobility
Agents MUST support IP Security ...
... AAA proxy. This also eases the requirements on the NAS to
support certificates. It is also suggested that inter-domain ...
... - They can be used for concentration of requests from an number of
co-located or distributed NAS equipment sets to a set of like user
groups.
...
... Relays MAY be used to aggregate requests from multiple Network Access
Servers (NASes) within a common geographical area (POP). The use of
Relays is advantageous since it eliminates the need for NASes ...
... NASes) within a common geographical area (POP). The use of
Relays is advantageous since it eliminates the need for NASes to be
configured with the necessary security information they would
...
... realms. Likewise, this reduces the configuration load on Diameter
servers that would otherwise be necessary when NASes are added,
changed or deleted.
...
... +------+ ---------> +------+ ---------> +------+
| | 1. Request | | 2. Request | |
| NAS | | DRL | | HMS |
| | 4. Answer | | 3. Answer | |
+------+ <--------- +------+ <--------- +------+
...
... Diameter messages
The example provided in Figure 2 depicts a request issued from NAS,
which is an access device, for the user bob@example.com. Prior to
issuing the request, NAS ...
... NAS,
which is an access device, for the user bob@example.com. Prior to
issuing the request, NAS performs a Diameter route lookup ...
... route lookup as NAS, and relays the message to HMS, which is
example.com's Home Diameter Server. HMS identifies that the request
...
... authentication and/or authorization request, and replies with an
answer, which is routed back to NAS using saved transaction state.
...
... It is important to note that although proxies MAY provide a value-add
function for NASes, they do not allow access devices to use end-to-
end security, since modifying messages breaks authentication ...
...
The example provided in Figure 3 depicts a request issued from the
access device, NAS, for the user bob@example.com. The message is
forwarded by the NAS to its relay, DRL, which does not have a routing ...
... access device, NAS, for the user bob@example.com. The message is
forwarded by the NAS to its relay, DRL, which does not have a routing
entry in its Diameter ...
... +------+ ---------> +------+ ---------> +------+
| | 1. Request | | 4. Request | |
| NAS | | DRL | | HMS |
| | 6. Answer | | 5. Answer | |
+------+ <--------- +------+ <--------- +------+
...
... RADIUS Request | | Diameter Request | |
| NAS | | TLA | | HMS |
| | RADIUS Answer | | Diameter ...
... +------+ ------> +------+ ------> +------+
| | (Request) | | (Request) | |
| NAS +-------------------+ DRL +-------------------+ HMS |
| | | | | |
+------+ <------ +------+ <------ +------+
...
... Diameter clients, such as Network Access Servers (NASes) and Mobility
Agents MUST support IP Security ...
... edges for intra-
domain exchanges. For NAS devices without certificate support, pre-
shared keys can be used between the NAS ...
... NAS devices without certificate support, pre-
shared keys can be used between the NAS and a local AAA proxy.
...
... Mitton, D. and M. Beadles, "Network Access Server Requirements Next Generation (NASREQNG) NAS Model", RFC 2881, July 2000. ...