Network Access Server Requirements (nasreq)

Last Modified: 2002-03-14


David Mitton <>
Mark Beadles <>

Operations and Management Area Director(s):

Randy Bush <>
Bert Wijnen <>

Operations and Management Area Advisor:

Randy Bush <>


Bernard Aboba <>

Mailing Lists:

General Discussion:
To Subscribe:
In Body: (un)subscribe

Description of Working Group:

The purpose of this group is to gather and process the requirements of
modern Network Access Servers (NAS) with respect to user-based service
Authentication, Authorization, and usage Accounting. Services being
considered go beyond simple dial-in access, and include Virtual Private
Network support, smart authentication methods, and roaming concerns.
The common thread is demand-based dynamic services requested within a
user authentication model, viewing the NAS as a tool for implementing
network policy and security.

The RADIUS protocol was developed in response to the previous incar-
nation of the Network Access Servers Requirements (NASREQ) BOFs.  The
protocol was a simple but flexible solution to many of the require-
ments in terminal and network access servers at the time.  The RADIUS
Working Group is about to conclude its work on the basic protocol, but
NAS development continues at a rapid pace, and implementations are
trying to use more standards now than when RADIUS began. As we add
more services to NAS boxes, the RADIUS protocol is often stretched and
bent well beyond the original design goals, and often fails to deliver
the desired reliability, functionality, or security.

As NAS installations become larger and more complex, and as NAS services
are virtualized in other servers, the services being authorized require
more sophisticated mechanisms for coordinating policy and resource state
across multiple systems and servers.

The group will work closely with other Working Groups (including
roamops, pppext, policy, et al.), to serve as input for the group's
requirements and to identify candidate protocols which may meet those

This group will document all of the current requirements for services
which fully meet the needs of modern and next generation NAS systems.

Goals and Work items:

        The first goal of the group will be to collect and organize
        functional requirements.  The focus of the requirements will
        center on NAS user authorization.  Functions provided adequately
        by other standardized protocols will be documented as such.
        Requirements will be generated by the members of the BOF/WG,
        with input from the RADIUS WG, the RoamOps WG, the AAA BOF/WG,
        and other groups as required.  The output of this effort will
        be an informational requirements document.

        In parallel, another document will be a survey of the current
        practices that NAS vendors and deployers are engaging in to
        provide similar services, using extensions to RADIUS or pro-
        prietary protocols. The output will become an informational
        survey document.

        The group will review current draft work on RADIUS extension or
        successor protocols and determine their suitability to meeting
        the WG's requirements. The output of this effort will be an
        informational document detailing the evaluation and

        The charter of the group will be reviewed at that time, and
        adjusted according to any new work items and directions.

Goals and Milestones:

Done    Submit first draft of requirements as an Internet-Draft
Done    Submit first draft of practices as an Internet-Draft
Done    Submit practices document to IESG requesting publication as an RFC
Done    Submit requirements document to IESG requesting publication as an RFC
Done    Meet at DC IETF (Decide on recommendations for final document)
Jan 00    Review/update WG charter

No Current Internet-Drafts

Request For Comments:

Network Access Servers Requirements: Extended RADIUS Practices (RFC 2882) (31431 bytes)
Network Access Server Requirements Next Generation (NASREQNG)NAS Model (RFC 2881) (45029 bytes)
Criteria for Evaluating Network Access Server Protocols (RFC 3169) (35303 bytes)