Refers to the granting of specific types of service (including "no service") to a user, based on their authentication.
May be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user.
Examples of services include, but are not limited to: IP address filtering, address assignment, route assignment, encryption, QoS/differential services, bandwidth control/traffic management.
Refers to the tracking of the consumption of network resources by users.
Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended.
May be used for management, planning, billing etc.
AAA server provides all the above services to its clients.
TACACS is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. Unix daemon is TACACSD and runs on port 49. It uses TCP.
TACACS+ is a protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. It uses TCP and provides separate authentication, authorization and accounting services. Port is 49.
Remote Authentication Dial In User Service is an AAA protocol for applications such as Network Access or IP Mobility. We will see more about RADIUS in subsequent chapters.
Diameter is a planned replacement of RADIUS.
The Network Access Server(NAS) is a service element that clients dial in order to get access to the network. A Network Access Server is a device which usually has interfaces both to the backbone and to the telco (POTS or ISDN) and receives calls from hosts that want to access the backbone by dialup services. A NAS is located at an internet provider's point of presence to give their customers internet access.
A Network Access Server(NAS) is:
A single point of access to a remote resource
Remote Access Server, because it allows remote access to a network.
Initial Entry Point to a network
Gateway to guard access to protected resource
Few examples are:
Internet Access Verification using User ID and Password
Using VoIP, FoIP, VMoIP require valid Phone Number or IP Address.
Telephone Prepaid Card uses Prepaid Card Number.