Manualshelf

3Com Switch 8800 Family Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
231232233234235236237238239240
AAA and RADIUS/HWTACACS Protocol Overview 237
Figure 60 Network diagram for HWTACACS
Basic message exchange procedures in HWTACACS
For example, use HWTACACS to implement authentication, authorization, and
accounting for a telnet user. The basic message exchange procedures are as
follows:
A user requests access to the switch; the TACACS client sends a
start-authentication packet to TACACS server upon receiving the request.
The TACACS server sends back an authentication response requesting for the
username; the TACACS client asks the user for the username upon receiving
the response.
The TACACS client sends an authentication continuance packet carrying the
username after receiving the username from the user.
The TACACS server sends back an authentication response, requesting for the
login password. Upon receiving the response, the TACACS client requests the
user for the login password.
After receiving the login password, the TACACS client sends an authentication
continuance packet carrying the login password to the TACACS server.
The TACACS server sends back an authentication response indicating that the
user has passed the authentication.
The TACACS client sends the user authorization packet to the TACACS server.
The TACACS server sends back the authorization response, indicating that the
user has passed the authorization.
Upon receipt of the response indicating an authorization success, the TACACS
client pushes the configuration interface of the switch to the user.
The TACACS client sends a start-accounting request to the TACACS server.
The TACACS server sends back an accounting response, indicating that it has
received the start-accounting request.
The user logs off; the TACACS client sends a stop-accounting request to the
TACACS server.
The TACACS server sends a stop-accounting response to the client, which
indicates it has received the stop-accounting request packet.
The following figure illustrates the basic message exchange procedures:
TACACS Server
129.7.66.66
TACACS Server
129.7.66.67
User
Terminal User
TACACS Client
TACACS Server
129.7.66.66
TACACS Server
129.7.66.67
User
Terminal User
TACACS Client