Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Remote Access Overview

    Broadband Remote Access Server (B-RAS) is an application running on your router that:

    • Aggregates the output from digital subscriber line access multiplexers (DSLAMs)
    • Provides user Point-to-Point Protocol (PPP) sessions or IP-over-Asynchronous Transfer Mode (ATM) sessions
    • Enforces quality of service (QoS) policies
    • Routes traffic into an Internet service provider’s (ISP’s) backbone network

    A DSLAM collects data traffic from multiple subscribers into a centralized point so that it can be uploaded to the router over an ATM connection via a DS3, OC3, E3, or OC12 link.

    The router provides the logical termination for PPP sessions, as well as the interface to authentication and accounting systems.

    The following sections provide an overview of remote access:

    B-RAS Data Flow

    The router performs several tasks for a digital subscriber line (DSL) PPP user to establish a PPP connection. This is an example of the way B-RAS data might flow:

    1. Authenticate the subscriber using RADIUS authentication.
    2. Assign an IP address to the PPP/IP session via RADIUS, local address pools, or Dynamic Host Configuration Protocol (DHCP).
    3. Terminate the PPP encapsulation or tunnel a PPP session.
    4. Provide user accounting via RADIUS.

      Note: For information about configuring RADIUS attributes see the Configuring RADIUS Attributes chapter.

    Configuring IP Addresses for Remote Clients

    A remote client can obtain an IP address from one of the following:

    • RADIUS server
    • Local address server
    • DHCP proxy client and server
    • DHCP relay agent (Bridged IP only)
    • DHCP local server
    • DHCP external server

    For information about configuring DHCP support on the E Series router, see the DHCP Overview chapter.

    For information about how to configure a RADIUS server, see your RADIUS server documentation.

    AAA Overview

    Collectively, authentication, authorization, and accounting are referred to as AAA. Each has an important but separate function.

    • Authentication—Determines who the user is, then determines whether that user should be granted access to the network. The primary purpose is to prevent intruders from networks. It uses a database of users and passwords.
    • Authorization—Determines what the user is allowed to do by giving network managers the ability to limit network services to different users.
    • Accounting—Tracks what the user did and when they did it. You can use accounting for an audit trail or for billing for connection time or resources used.

    Central management of AAA means the information is in a single, centralized, secure database, which is much easier to administer than information distributed across numerous devices.


    Published: 2014-08-20