Figure 1-6AAA implementation procedure for a telnet user

User

TACACS client

TACACS server

Requests to log in

Authentication start request

Authentication response, requesting username

Requests username

Enters username

Authentication continuous message, carrying username

Authentication response, requesting password

Requests password

Enters password

Authentication continuous message, carrying password

Authentication success response

Authorization request

Authorization success response

Allows user to log in

Accounting start request

Accounting start response

Exits the switch

Accounting stop request

Accounting stop response

The basic message exchange procedure is as follows:

1)A user sends a login request to the switching engine acting as a TACACS client, which then sends an authentication start request to the TACACS server.

2)The TACACS server returns an authentication response, asking for the username. Upon receiving the response, the TACACS client requests the user for the username.

3)After receiving the username from the user, the TACACS client sends an authentication continuance message carrying the username.

4)The TACACS server returns an authentication response, asking for the password. Upon receiving the response, the TACACS client requests the user for the login password.

5)After receiving the password, the TACACS client sends an authentication continuance message carrying the password to the TACACS server.

6)The TACACS server returns an authentication response, indicating that the user has passed the authentication.

7)The TACACS client sends a user authorization request to the TACACS server.

8)The TACACS server returns an authorization response, indicating that the user has passed the authorization.

1-8

Page 258
Image 258
3Com WX3000 operation manual 6AAA implementation procedure for a telnet user