Jump to content

Protocol for Carrying Authentication for Network Access

Edit links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Mild Bill Hiccup (talk | contribs) at 04:31, 16 December 2011 (PANA architecture's elements: spelling). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

PANA (Protocol for Carrying Authentication for Network Access) is an IP-based protocol that allows a device to authenticate itself with a network to be granted access. PANA will not define any new authentication protocol, key distribution, key agreement or key derivation protocols. For these purposes, the Extensible Authentication Protocol (EAP) will be used, and PANA will carry the EAP payload. PANA allows dynamic service provider selection, supports various authentication methods, is suitable for roaming users, and is independent from the link layer mechanisms.

PANA is an Internet Engineering Task Force (IETF) protocol and described in RFC 5191.

Architecture's elements

PaC (PANA Client) The PaC is the client part of the protocol. This element is located in the node that wants to reach the access network.

PAA (PANA Authentication Agent) In this entity is the server part of the PANA protocol. Its main task is the message exchange with the PaC for authenticating it and authorizing it for network access. In addition, in some scenarios, the PAA entity has to do other message exchange with the AAA server in order to present its the PaC credentials. When it occurs, it is due to EAP is configured as pass-through. In that case, the AAA server is placed physically in a different place than the PAA.

AS (Authentication Server) In this element is contained the information needed to check the PaC’s credentials. So, this node receives the PaC’s credentials by the PAA and send a packet with the result of credential checking process. Moreover, if the result is OK, in this packet we[who?] can find some information about the access parameters as bandwidth allowed or IP configuration. In that moment, it has established a session between PAA and PaC. This session has a session time. When it expires, it needed a re-authentication process in order to get the network access again by the PaC.

EP (Enforcement Point) It works as a filter of the packets which source is an authenticated PaC. Basically, an EP is a network node which drops packets according some parameters provided as results of the authentication processes. Typically, this function is done by a communication device as an access point or a router. When an authentication process is done successfully, a key is installed in EP and PaC establishing a session between EP and PaC. While this session doesn’t expires, the PaC can access to network services for which it has been authorised. When the session expires, it will have to indicate this situation to the PAA in order to do a re-authentication.

See also

  • RFC 5191 - Protocol for Carrying Authentication for Network Access (PANA)
  • OpenPANA .
  • CPANA
Retrieved from "https://en.wikipedia.org/w/index.php?title=Protocol_for_Carrying_Authentication_for_Network_Access&oldid=466108327"