Table of Contents
Advertisement
Figure 1-6 AAA implementation procedure for a telnet user
User
Requests to log in
Requests username
Enters username
Requests password
Enters password
Allows user to log in
Exits the switch
The basic message exchange procedure is as follows:
1)
A user sends a login request to the switching engine acting as a TACACS client, which then sends
an authentication start request to the TACACS server.
2)
The TACACS server returns an authentication response, asking for the username. Upon receiving
the response, the TACACS client requests the user for the username.
3)
After receiving the username from the user, the TACACS client sends an authentication
continuance message carrying the username.
4)
The TACACS server returns an authentication response, asking for the password. Upon receiving
the response, the TACACS client requests the user for the login password.
5)
After receiving the password, the TACACS client sends an authentication continuance message
carrying the password to the TACACS server.
6)
The TACACS server returns an authentication response, indicating that the user has passed the
authentication.
7)
The TACACS client sends a user authorization request to the TACACS server.
8)
The TACACS server returns an authorization response, indicating that the user has passed the
authorization.
TACACS client
Authentication start request
Authentication response , requesting username
Authentication continuous message ,
carrying username
Authentication response , requesting password
Authentication continuous message ,
Authentication success response
Authorization request
Authorization success response
Accounting start request
Accounting start response
Accounting stop request
Accounting stop response
1-8
TACACS server
carrying password
- Quick Links:
- Cli Configuration
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
