H3C Technologies H3C S6300 Series Switches User Manual

8

Figure 6 Basic HWTACACS packet exchange process for a Telnet user

HWTACACS operates using the following workflow:

1.

A Telnet user sends an access request to the HWTACACS client.

2.

The HWTACACS client sends a start-authentication packet to the HWTACACS server when it
receives the request.

3.

The HWTACACS server sends back an authentication response to request the username.

4.

Upon receiving the response, the HWTACACS client asks the user for the username.

5.

The user enters the username.

6.

After receiving the username from the user, the HWTACACS client sends the server a
continue-authentication packet that includes the username.

7.

The HWTACACS server sends back an authentication response to request the login password.

8.

Upon receipt of the response, the HWTACACS client prompts the user for the login password.

Host

HWTACACS client

HWTACACS server

1) The user tries to log in

2) Start-authentication packet

3) Authentication response requesting the username

4) Request for username

5) The user enters the username

6) Continue-authentication packet with the username

7) Authentication response requesting the password

8) Request for password

9) The user enters the password

11) Response indicating successful authentication

12) User authorization request packet

13) Response indicating successful authorization

14) The user logs in successfully

15) Start-accounting request

16) Response indicating the start of accounting

17) The user logs off

18) Stop-accounting request

19) Stop-accounting response

10) Continue-authentication packet with the password