Huawei Quidway S3900 Series Operation Manual page 491

Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510
User User
Reques t User for the us er name Reques t User for the us er name
User enters the user name User enters the user name
Reques t User for the password Reques t User for the password
User enters the password User enters the password
User is permitted User is permitted
Figure 1-6 The AAA implementation procedure for a telnet user
The basic message exchange procedure is as follows:
1) A user requests access to the switch; the TACACS client sends an authentication
start request packet to TACACS server upon receipt of the request.
2) The TACACS server sends back an authentication response requesting for the
username; the TACACS client asks the user for the username upon receipt of the
response.
3) The TACACS client sends an authentication continuance packet carrying the
username after receiving the username from the user.
4) The TACACS server sends back an authentication response, requesting for the
password. Upon receipt of the response, the TACACS client requests the user for
the login password.
5) After receiving the login password, the TACACS client sends an authentication
continuance packet carrying the login password to the TACACS server.
6) The TACACS server sends back an authentication response indicating that the
user has passed the authentication.
HWTACACS HWTACACS
Client Client
User logs in User logs in
User quits User quits
Huawei Technologies Proprietary
1-10
Chapter 1 AAA & RADIUS & HWTACACS
Authentication Start Request packet Authentication Start Request packet
Authentication respons e packet, Authentication respons e packet,
requesting for the user name requesting for the user name
Authentication continuance packet Authentication continuance packet
carrying the user name carrying the user name
Authentication respons e packet, Authentication respons e packet,
requesting for the password requesting for the password
Authentication continuance packet Authentication continuance packet
carry ing the password carry ing the password
Authentication succ ess packet Authentication succ ess packet
Authorization request packet Authorization request packet
Authoriz ation success packet Authoriz ation success packet
Accounting start request packet Accounting start request packet
Accounting start res ponse packet Accounting start res ponse packet
Accounting stop packet Accounting stop packet
Accounting stop respons e packet Accounting stop respons e packet
Configuration
HWTACACS HWTACACS
Server Server