11) The HWTACACS server sends back an authentication response indicating that the user has
12) The HWTACACS client sends the user authorization request packet to the HWTACACS server.
13) The HWTACACS server sends back the authorization response, indicating that the user is
14) Knowing that the user is now authorized, the HWTACACS client pushes the configuration interface
of the NAS to the user.
15) The HWTACACS client sends a start-accounting request to the HWTACACS server.
16) The HWTACACS server sends back an accounting response, indicating that it has received the
17) The user logs off.
18) The HWTACACS client sends a stop-accounting request to the HWTACACS server.
19) The HWTACACS server sends back a stop-accounting response, indicating that the
stop-accounting request has been received.
Protocols and Standards
The protocols and standards related to AAA, RADIUS, HWTACACS include:
RFC 2865: Remote Authentication Dial In User Service (RADIUS)
RFC 2866: RADIUS Accounting
RFC 2867: RADIUS Accounting Modifications for Tunnel Protocol Support
RFC 2868: RADIUS Attributes for Tunnel Protocol Support
RFC 2869: RADIUS Extensions
RFC 1492: An Access Control Protocol, Sometimes Called TACACS
AAA Configuration Task List
The basic procedure to configure AAA is as follows:
Configure the required AAA schemes.
Local authentication: Configure local users and related attributes, including usernames and
passwords of the users to be authenticated.
Remote authentication: Configure the required RADIUS and/or HWTACACS schemes, and
configure user attributes on the servers accordingly.
Configure the AAA methods: Reference the configured AAA schemes in the users' ISP domains.
Authentication method: No authentication (none), local authentication (local), or remote
Authorization method: No authorization (none) , local authorization (local), or remote authorization
Accounting method: No accounting (none), local accounting (local), or remote accounting