312-50V11 · Question #124
An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Fram
The correct answer is B. RADIUS. RADIUS is the standard AAA protocol for ISP environments, purpose-built to authenticate subscribers connecting via diverse access technologies including dial-up, DSL, wireless, and VPN.
Question
An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol is the most likely able to handle this requirement?
Options
- ADIAMETER
- BRADIUS
- CTACACS+
- DKerberos
How the community answered
(21 responses)- A5% (1)
- B90% (19)
- C5% (1)
Why each option
RADIUS is the standard AAA protocol for ISP environments, purpose-built to authenticate subscribers connecting via diverse access technologies including dial-up, DSL, wireless, and VPN.
DIAMETER is RADIUS's successor but is primarily deployed in mobile carrier core networks (3GPP/LTE) rather than traditional ISP multi-access environments built on Frame Relay infrastructure.
RADIUS (Remote Authentication Dial-In User Service) was specifically designed for ISP network access scenarios and integrates natively with Network Access Servers (NAS) deployed over infrastructure such as Frame Relay. It supports authentication for analog modems, DSL, wireless data services, and VPN tunnels through a common AAA framework, making it the de facto standard for subscriber access management. Its widespread NAS client support and UDP-based transport make it operationally suited for high-volume ISP subscriber environments.
TACACS+ is designed for administrative authentication to network devices such as routers and switches, not for authenticating end-user subscriber connections across heterogeneous access technologies.
Kerberos is a ticket-based protocol designed for enterprise LAN single sign-on and does not natively support network access authentication for ISP subscribers connecting via modem, DSL, or VPN.
Concept tested: RADIUS protocol for ISP multi-access subscriber AAA
Source: https://www.rfc-editor.org/rfc/rfc2865
Topics
Community Discussion
No community discussion yet for this question.