3Com Switch 8800 Advanced Software V5 Configuration Guide
AAA, RADIUS and HWTACACS Configuration Overview 887
Figure 261 Basic message exchange process of HWTACACS for a Telnet user
1 A user requests to access the NAS. Upon receiving the request, the HWTACACS
client sends a start-authentication packet to the TACACS server.
2 The HWTACACS server sends back an authentication response requesting for the
username. Upon receiving the request, the HWTACACS client asks the user for the
username.
3 After receiving the username from the user, the HWTACACS client sends to the
server an authentication continuance packet carrying the username.
4 The HWTACACS server sends back an authentication response, requesting for the
login password. Upon receipt of the response, the HWTACACS client requests the
user for the login password.
5 After receiving the login password, the HWTACACS client sends to the
HWTACACS server an authentication continuance packet carrying the login
password.
6 The HWTACACS server sends back an authentication response indicating that the
user has passed authentication.
7 The HWTACACS client sends the user authorization packet to the HWTACACS
server.
User
HWT ACACS
client
HWT ACACS
server
The user logs i n
St art -aut hent icat i on pack et
Aut hent icat i on resp onse re quest i ng for t he usern ame ˈ
Requ est f or username
Usernam e
Aut hent icat i on cont i nua nce pack et wit h t he usern ame ˈ
Aut hent icat i on resp onse re quest i ng for t he log in pass word
Requ est f or password
Password
Aut hent icat i on resp onse i ndic at ing succ essf ul aut h ent icat i on
User aut hor izat io n packet
Aut horizat i on resp onse i ndic at ing succ essf ul aut h orizat i onˈ
The user logs i n successf ul ly
St art -account in g requ est
Account in g respo nse in dicati ng t he st art of accountin g
The user exit s
St op-accou nt ing re quest
St op-accou nt ing res pons e
Aut hent icat i on cont i nua nce pack et wit h t he log in pass word