Table of Contents
Advertisement
3.2 Feature Operation
During the log on process, the TACACS+ client initiates the TACACS+ authentication session with the
server. After successful authentication, if TACACS+ authorization is enabled, the TACACS+ client
initiates the TACACS+ authorization session with the server. After successful authentication, if TACACS+
accounting is enabled, the TACACS+ client sends accounting information to the TACACS+ server.
TACACS+ Packet format – RFC Draft*
0
Version : 0xC0, 0xC1
Seq_No : Always start with 1
then incremented.
Length : Tacacs+ packet body (without header)
Following information in packet are encrypted with MD5 hashes.
3.2.1 TACACS+ Authentication
TACACS + authentication offers complete control of authentication through log on/password dialog and
response. The authentication session provides username/password functionality.
USER login
(Console/Telnet/SSH)
Authentication, Authorization and Accounting (AAA) for ERS and ES
November 2010
8
Version
Type
Session ID
Length ...
(*) The TACACS+ protocol is a draft standard available at:
ftp://ietf.org/internetdrafts/draft-grant-tacacs-02
TACACS+
CLIENT
AUTHENTICATION
Technical Configuration Guide
16
24
Seq_No
Flags
Type : 0x01 Authentication
0x02 Authorization
0x03 Accounting
Flags : 0x01unencryption
0x04 Single connection
Authentication Start
User, port, rem_addr
Authentication Reply
Pass, fail, getdata,
error, follow
Authentication
Continue
data
Authentication Reply
Pass, fail, getdata,
error, follow
avaya.com
31
TACACS+
SERVER
Authentication
Service
40
Advertisement
Table of Contents
