Network access server

Last updated April 01, 2023

A network access server (NAS) is a group of components that provides remote users with a point of access to a network.^[1]^[2]

Overview

A NAS concentrates dial-in and dial-out user communications. An access server may have a mixture of analog and digital interfaces and support hundreds of simultaneous users. A NAS consists of a communications processor that connects asynchronous devices to a LAN or WAN through network and terminal emulation software. It performs both synchronous and asynchronous routing of supported protocols.

The NAS is meant to act as a gateway to guard access to a protected resource. This can be anything from a telephone network, to printers, to the Internet. A client connects to the NAS. The NAS then connects to another resource asking whether the client's supplied credentials are valid. Based on that answer the NAS then allows or disallows access to the protected resource.

Examples

The above translates into different implementations for different uses. Here are some examples.

An Internet service provider which provides network access via common modem or modem-like devices (be it PSTN, DSL, cable or GPRS/UMTS) can have one or more NAS (network access server) devices which accept PPP, PPPoE or PPTP connections, checking credentials and recording accounting data via back-end RADIUS servers, and allowing users access through that connection.
The captive portal mechanism used by many WiFi providers: a user wants to access the Internet and opens a browser. The NAS detects that the user is not currently authorized to have access to the Internet, so the NAS prompts the user for their username and password. The user supplies them and sends them back to the NAS. The NAS then uses the RADIUS protocol to connect to an AAA server and passes off the username and password. The RADIUS server searches through its resources and finds that the credentials are valid and notifies the NAS that it should grant the access. The NAS then grants the user access to the Internet.
Another use of a NAS would be in voice over IP (VoIP). However, instead of using a username and password, many times a phone number or IP Address are used. If the phone number is a valid customer then the call can be completed. Other uses might be to verify whether a phone number has long distance access or a telephone card has minutes left.

Associated protocols

Although not required, NASs are almost exclusively used with authentication, authorization, and accounting (AAA) servers. Of the AAA protocols available, RADIUS tends to be the most widely used. The Diameter base protocol extends RADIUS services by providing error handling and inter-domain communications. This protocol is used in networks like the IP Multimedia Subsystem (IMS).

Related Research Articles

<span class="mw-page-title-main">Dial-up Internet access</span> Online access with a land-line (home) phone

Dial-up Internet access is a form of Internet access that uses the facilities of the public switched telephone network (PSTN) to establish a connection to an Internet service provider (ISP) by dialing a telephone number on a conventional telephone line. Dial-up connections use modems to decode audio signals into data to send to a router or computer, and to encode signals from the latter two devices to send to another modem at the ISP.

Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Internet telephony, broadband telephony, and broadband phone service specifically refer to the provisioning of communications services over the Internet, rather than via the public switched telephone network (PSTN), also known as plain old telephone service (POTS).

Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information.

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. RADIUS was developed by Livingston Enterprises in 1991 as an access server authentication and accounting protocol. It was later brought into IEEE 802 and IETF standards.

A digital subscriber line access multiplexer is a network device, often located in telephone exchanges, that connects multiple customer digital subscriber line (DSL) interfaces to a high-speed digital communications channel using multiplexing techniques. Its cable internet (DOCSIS) counterpart is the Cable modem termination system.

In computer networking, the Point-to-Point Protocol over ATM (PPPoA) is a layer 2 data-link protocol typically used to connect domestic broadband modems to ISPs via phone lines. It is used mainly with DOCSIS and DSL carriers, by encapsulating PPP frames in ATM AAL5. Point-to-Point Protocol over Asynchronous Transfer Mode (PPPoA) is specified by The Internet Engineering Task Force (IETF) in RFC 2364.

An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities. It allows the receiving entity to authenticate the connecting entity as well as authenticate itself to the connecting entity by declaring the type of information needed for authentication as well as syntax. It is the most important layer of protection needed for secure communication within computer networks.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

A business telephone system is a multiline telephone system typically used in business environments, encompassing systems ranging in technology from the key telephone system (KTS) to the private branch exchange (PBX).

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.

Direct inward dialing (DID), also called direct dial-in (DDI) in Europe and Oceania, is a telecommunication service offered by telephone companies to subscribers who operate a private branch exchange (PBX) system. The feature provides service for multiple telephone numbers over one or more analog or digital physical circuits to the PBX, and transmits the dialed telephone number to the PBX so that a PBX extension is directly accessible for an outside caller, possibly by-passing an auto-attendant.

<span class="mw-page-title-main">VoIP phone</span> Phone using one or more VoIP technologies

A VoIP phone or IP phone uses voice over IP technologies for placing and transmitting telephone calls over an IP network, such as the Internet. This is in contrast to a standard phone which uses the traditional public switched telephone network (PSTN).

<span class="mw-page-title-main">DSL modem</span> Type of computer network modem; network equipment

A digital subscriber line (DSL) modem is a device used to connect a computer or router to a telephone line which provides the digital subscriber line (DSL) service for connection to the Internet, which is often called DSL broadband. The modem connects to a single computer or router, through an Ethernet port, USB port, or is installed in a computer PCI slot.

A home network or home area network (HAN) is a type of computer network that facilitates communication among devices within the close vicinity of a home. Devices capable of participating in this network, for example, smart devices such as network printers and handheld mobile computers, often gain enhanced emergent capabilities through their ability to interact. These additional capabilities can be used to increase the quality of life inside the home in a variety of ways, such as automation of repetitive tasks, increased personal productivity, enhanced home security, and easier access to entertainment.

Internet fax, e-fax, or online fax is the use of the internet and internet protocols to send a fax (facsimile), rather than using a standard telephone connection and a fax machine. A distinguishing feature of Internet fax, compared to other Internet communications such as email, is the ability to exchange fax messages with traditional telephone-based fax machines.

Origination in VOIP telephony refers to calls that originate in the PSTN public switched telephone network and are carried to their destination over the Internet.

The SIP URI scheme is a Uniform Resource Identifier (URI) scheme for the Session Initiation Protocol (SIP) multimedia communications protocol. A SIP address is a URI that addresses a specific telephone extension on a voice over IP system. Such a number could be a private branch exchange or an E.164 telephone number dialled through a specific gateway. The scheme was defined in RFC 3261.

A residential gateway is a small consumer-grade gateway which bridges network access between connected local area network (LAN) hosts to a wide area network (WAN) via a modem, or directly connects to a WAN, while routing. The WAN is a larger computer network, generally operated by an Internet service provider.

A modulator-demodulator or modem is a computer hardware device that converts data from a digital format into a format suitable for an analog transmission medium such as telephone or radio. A modem transmits data by modulating one or more carrier wave signals to encode digital information, while the receiver demodulates the signal to recreate the original digital information. The goal is to produce a signal that can be transmitted easily and decoded reliably. Modems can be used with almost any means of transmitting analog signals, from light-emitting diodes to radio.

A mobile broadband modem, also known as wireless modem or cellular modem, is a type of modem that allows a personal computer or a router to receive wireless Internet access via a mobile broadband connection instead of using telephone or cable television lines. A mobile Internet user can connect using a wireless modem to a wireless Internet Service Provider (ISP) to get Internet access.

References

↑ Clark, Martin P. (2003-05-07). Data Networks, IP and the Internet: Protocols, Design and Operation. John Wiley & Sons. p. 542. ISBN 978-0-470-84856-2.
↑ Held, Gilbert (2000-05-31). Network Design: Principles and Applications. CRC Press. p. 205. ISBN 978-1-4200-9375-9.

External links

RFC 2881, Network Access Server Requirements Next Generation (NASREQNG)

This computer networking article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Clark, Martin P. (2003-05-07). Data Networks, IP and the Internet: Protocols, Design and Operation. John Wiley & Sons. p. 542. ISBN 978-0-470-84856-2.

[2] Held, Gilbert (2000-05-31). Network Design: Principles and Applications. CRC Press. p. 205. ISBN 978-1-4200-9375-9.

[1]

[2]