Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
21222324252627282930
Overview 29
Figure 7 Network diagram for a typical HWTACACS application
Basic message exchange procedures in HWTACACS
For example, use HWTACACS to implement authentication, authorization, and
accounting for a telnet user. The basic message exchange procedures are as
follows:
1 A user requests access to the security gateway; the TACACS client sends a
start-authentication packet to TACACS server upon receipt of the request.
2 The TACACS server sends back an authentication response requesting for the
username; the TACACS client asks the user for the username upon receipt of the
response.
3 The TACACS client sends an authentication continuance packet carrying the
username after receiving the username from the user.
4 The TACACS server sends back an authentication response, requesting for the
login password. Upon receipt of the response, the TACACS client requests the user
for the login password.
5 After receiving the login password, the TACACS client sends an authentication
continuance packet carrying the login password to the TACACS server.
6 The TACACS server sends back an authentication response indicating that the user
has passed the authentication.
7 The TACACS client sends the user authorization packet to the TACACS server.
8 The TACACS server sends back the authorization response, indicating that the user
has passed the authorization.
9 Upon receipt of the response indicating an authorization success, the TACACS
client pushes the configuration interface of the security gateway to the user.
10 The TACACS client sends a start-accounting request to the TACACS server.
11 The TACACS server sends back an accounting response, indicating that it has
received the start-accounting request.
12 The user logs off; the TACACS client sends a stop-accounting request to the
TACACS server.
13 The TACACS server sends back a stop-accounting packet, indicating that the
stop-accounting request has been received.
The following figure illustrates the basic message exchange procedures:
TACACS server
129.7.66.66
TACACS server
129.7.66.67
ISDN\PSTN
Dialup user
Terminal user
TACACS server
129.7.66.66
TACACS server
129.7.66.67
ISDN\PSTN
Dialup user
Terminal user
Switch 8800