H3C S9500 Series Operation Manual page 1149
Routing switches
Hide thumbs
Also See for S9500 Series:
- Command manual (1842 pages) ,
- Operation manual (1014 pages) ,
- Operating manual (76 pages)
Table of Contents
Advertisement
Operation Manual – AAA RADIUS HWTACACS
H3C S9500 Series Routing Switches
II. Basic message exchange procedures in HWTACACS
For example, use HWTACACS to implement authentication, authorization, and
accounting for a telnet user. The basic message exchange procedures are as follows:
A user requests access to the switch; the TACACS client sends a
start-authentication packet to TACACS server upon receiving the request.
The TACACS server sends back an authentication response requesting for the
username; the TACACS client asks the user for the username upon receiving the
response.
The TACACS client sends an authentication continuance packet carrying the
username after receiving the username from the user.
The TACACS server sends back an authentication response, requesting for the
login password. Upon receiving the response, the TACACS client requests the
user for the login password.
After receiving the login password, the TACACS client sends an authentication
continuance packet carrying the login password to the TACACS server.
The TACACS server sends back an authentication response indicating that the
user has passed the authentication.
The TACACS client sends the user authorization packet to the TACACS server.
The TACACS server sends back the authorization response, indicating that the
user has passed the authorization.
Upon receipt of the response indicating an authorization success, the TACACS
client pushes the configuration interface of the switch to the user.
The TACACS client sends a start-accounting request to the TACACS server.
The TACACS server sends back an accounting response, indicating that it has
received the start-accounting request.
The user logs off; the TACACS client sends a stop-accounting request to the
TACACS server.
The TACACS server sends a stop-accounting response to the client, which
indicates it has received the stop-accounting request packet.
The following figure illustrates the basic message exchange procedures:
Figure 1-2
illustrates the basic message exchange procedures.
Chapter 1 AAA, RADIUS and HWTACACS
1-4
Protocol Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
