Network access server
Encyclopedia
A Network Access Server (NAS) is a single point of access to a remote resource.
Communications processor that connects asyncronous devices to a LAN or WAN through network and terminal emulation software. Performs both synchronous and asynchronous routing of supported protocols. Sometimes called a network access server (NAS).
The NAS is meant to act as a gateway
to guard access to a protected resource. This can be anything from a telephone
network
, to printers
, to the Internet
.
The client
connects to the NAS. The NAS then connects to another resource asking whether the client's supplied credentials are valid. Based on that answer the NAS then allows or disallows access to the protected resource.
(AAA) servers. Of the AAA protocols available, RADIUS
tends to be the most widely used. The Diameter base protocol extends RADIUS services by providing error handling and inter-domain communications. This protocol is used in networks like the IP Multimedia Subsystem
(IMS).
Overview
Concentrates dial-in and dial-out user communications. An access server may have a mixture of analog and digital interfaces and support hundreds of simultaneous users.Communications processor that connects asyncronous devices to a LAN or WAN through network and terminal emulation software. Performs both synchronous and asynchronous routing of supported protocols. Sometimes called a network access server (NAS).
The NAS is meant to act as a gateway
Gateway (telecommunications)
In telecommunications, the term gateway has the following meaning:*In a communications network, a network node equipped for interfacing with another network that uses different protocols....
to guard access to a protected resource. This can be anything from a telephone
Telephone
The telephone , colloquially referred to as a phone, is a telecommunications device that transmits and receives sounds, usually the human voice. Telephones are a point-to-point communication system whose most basic function is to allow two people separated by large distances to talk to each other...
network
Telecommunications network
A telecommunications network is a collection of terminals, links and nodes which connect together to enable telecommunication between users of the terminals. Networks may use circuit switching or message switching. Each terminal in the network must have a unique address so messages or connections...
, to printers
Computer printer
In computing, a printer is a peripheral which produces a text or graphics of documents stored in electronic form, usually on physical print media such as paper or transparencies. Many printers are primarily used as local peripherals, and are attached by a printer cable or, in most new printers, a...
, to the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
.
The client
Client (computing)
A client is an application or system that accesses a service made available by a server. The server is often on another computer system, in which case the client accesses the service by way of a network....
connects to the NAS. The NAS then connects to another resource asking whether the client's supplied credentials are valid. Based on that answer the NAS then allows or disallows access to the protected resource.
Examples
The above translates into different implementations for different uses. Here are some examples.- An Internet Service ProviderInternet service providerAn Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
which provides network access via common modem or modem-like devices (be it PSTN, DSL, cableCable modemA cable modem is a type of network bridge and modem that provides bi-directional data communication via radio frequency channels on a HFC and RFoG infrastructure. Cable modems are primarily used to deliver broadband Internet access in the form of cable Internet, taking advantage of the high...
or GPRS/UMTS) can have one or more NAS (network access server) devices which accept PPPPoint-to-Point ProtocolIn networking, the Point-to-Point Protocol is a data link protocol commonly used in establishing a direct connection between two networking nodes...
, PPPoE or PPTP connections, checking credentials and recording accounting data via back-end RADIUSRADIUSRemote Authentication Dial In User Service is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for computers to connect and use a network service...
servers, and allowing users access through that connection.
- A sample use is the captive portalCaptive portalThe captive portal technique forces an HTTP client on a network to see a special web page before using the Internet normally. A captive portal turns a Web browser into an authentication device. This is done by intercepting all packets, regardless of address or port, until the user opens a browser...
mechanism used by many WiFiWIFIWIFI is a radio station broadcasting a brokered format. Licensed to Florence, New Jersey, USA, the station is currently operated by Florence Broadcasting Partners, LLC.This station was previously owned by Real Life Broadcasting...
providers: a user wants to access to the Internet. He opens his browserWeb browserA web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
. The NAS detects that the user is not currently authorized to have access to the Internet, so the NAS prompts the user for their username and password. The user supplies them and sends them back to the NAS. The NAS then uses the RADIUSRADIUSRemote Authentication Dial In User Service is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for computers to connect and use a network service...
protocol to connect to an AAAAAA protocolIn computer security, AAA commonly stands for authentication, authorization and accounting.- Authentication :Authentication refers to the process where an entity's identity is authenticated, typically by providing evidence that it holds a specific digital identity such as an identifier and the...
server and passes off the username and passwordPasswordA password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
. The RADIUS server searches through its resources and finds that the credentials are valid and notifies the NAS that it should grant the access. The NAS then grants the user access to the internet.
- Another use of a NAS would be in VoIP. However, instead of using a username and password, many times a phone number or IP AddressIP addressAn Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
are used. If the phone number is a valid customer then the call can be completed. Other uses might be if the phone number has long distance access or if a telephone cardTelephone cardA telephone card, calling card or phone card for short, is a small plastic card, sized and shaped like a credit card, used to pay for telephone services. It is not necessary to have the physical card except with a stored-value system; knowledge of the access telephone number to dial and the PIN is...
has minutes left.
Associated Protocols
Although not required, NASs are almost exclusively used with Authentication, Authorization, and AccountingAAA protocol
In computer security, AAA commonly stands for authentication, authorization and accounting.- Authentication :Authentication refers to the process where an entity's identity is authenticated, typically by providing evidence that it holds a specific digital identity such as an identifier and the...
(AAA) servers. Of the AAA protocols available, RADIUS
RADIUS
Remote Authentication Dial In User Service is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for computers to connect and use a network service...
tends to be the most widely used. The Diameter base protocol extends RADIUS services by providing error handling and inter-domain communications. This protocol is used in networks like the IP Multimedia Subsystem
IP Multimedia Subsystem
The IP Multimedia Subsystem or IP Multimedia Core Network Subsystem is an architectural framework for delivering Internet Protocol multimedia services. It was originally designed by the wireless standards body 3rd Generation Partnership Project , as a part of the vision for evolving mobile...
(IMS).