beautypg.com

The basic message interaction flow of tacacs, 2 the basic message interaction flow of tacacs – 3Com 10014303 User Manual

Page 18

background image

2.2 The Basic Message Interaction Flow of TACACS+

For example, use TACACS+ to implement AAA on a telnet user, and the basic

message interaction flow described below is used:

1) A user requests access to the router. The router(TACACS+ client) sends the

authentication start packet to the TACACS+ server upon receipt of the request.

2) The TACACS+ server sends an authentication response packet requesting the

user name. The router (TACACS+ client) asks the user for the user name upon

receipt of the response packet.

3) After receiving the user name from the user, the router (TACACS+ client) sends

the authentication packet to the TACACS+ carrying the user name.

4)

The TACACS+ server sends back an authentication response packet, requesting

the login password. Upon receipt of the response packet, the router (TACACS+

client) requests the user for the login password.

5) The router (TACACS+ client) sends an authentication packet carrying the login

password to the TACACS+ server.

6) The TACACS+ server sends back the authentication response packet indicating

that the user has passed the authentication.

7) The router (TACACS+ client) sends the user authorization packet to the

TACACS+ server.

8) The TACACS+ server sends back the authorization response packet, indicating

that the user has passed the authorization.

9) Upon receipt of the response packet indicating an authorization success, the

router (TACACS+ client) pushes the configuration interface of the router to the

user.

10) The router (TACACS+ client) sends the accounting start request packet to the

TACACS+ server

11) The TACACS+ server sends back an accounting response packet, indicating that

it has received the accounting start request packet.

12) The user quits, and the router (TACACS+ client) sends the accounting stop

packet to the TACACS+ server.

13) The TACACS+ server sends back the accounting stop packet, indicating that the

accounting stop request packet has been received.

The following figure illustrates the basic message interaction flow:

3Com Router Configuration Guide Addendum for V1.20

18

See also other documents in the category 3Com Hardware: