Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
Huawei Technologies Proprietary
1-10
User
HWTACACS
Client
HWTACACS
Server
User logs in
Authentication Start Request packet
Authentication response packet,
requesting for the user name
Request User for the user name
User enters the user name
Authentication continuance packet
carrying the user name
Authentication response packet,
requesting for the password
Request User for the password
User enters the password
Authentication continuance packet
carrying the password
Authentication succ ess packet
Authorization request packet
Authorization success packet
User is permitted
Accounting start request packet
Accounting start response packet
User quits
Accounting stop packet
Accounting stop response packet
User
HWTACACS
Client
HWTACACS
Server
User logs in
Authentication Start Request packet
Authentication response packet,
requesting for the user name
Request User for the user name
User enters the user name
Authentication continuance packet
carrying the user name
Authentication response packet,
requesting for the password
Request User for the password
User enters the password
Authentication continuance packet
carrying the password
Authentication succ ess packet
Authorization request packet
Authorization success packet
User is permitted
Accounting start request packet
Accounting start response packet
User quits
Accounting stop packet
Accounting stop response packet
Figure 1-6 The AAA implementation procedure for a telnet user
The basic message exchange procedure is as follows:
1) A user requests access to the switch; the TACACS client sends an authentication
start request packet to TACACS server upon receipt of the request.
2) The TACACS server sends back an authentication response requesting for the
username; the TACACS client asks the user for the username upon receipt of the
response.
3) The TACACS client sends an authentication continuance packet carrying the
username after receiving the username from the user.
4) The TACACS server sends back an authentication response, requesting for the
password. Upon receipt of the response, the TACACS client requests the user for
the login password.
5) After receiving the login password, the TACACS client sends an authentication
continuance packet carrying the login password to the TACACS server.
6) The TACACS server sends back an authentication response indicating that the
user has passed the authentication.
To Next Page
Loading...
Need help?
General