Summary
Network port authentication more scalable than machine or user auth
Edge more scalable than core authentication
New network access methods should support existing AAA auth model: (CHAP, EAP)
- DHCP for AAA proposals difficult to integrate
Link layer authentication likely to remain mainstream technique
- Dialup, xDSL, 802, VPN already supported
- Inexpensive, fast NAS devices available
- AAA “just works”
Need for Layer 3+ auth rests on need for multiple new link layers
- If there’s a need, it is in wireless WAN
- No need for layer 3+ auth in dialup, LAN, xDSL, wireless LANs