beautypg.com

H3C Technologies H3C S3100 Series Switches User Manual

Page 308

background image

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-9

User

HWTACACS

Client

HWTACACS

Server

Requests to log in

Authentication start request

Authentication respon

requesting username

se,

Requests username
Enters username

Authentication continuanc

carrying username

e message,

Authentication respon

requesting password

se,

Requests password

Enters password

Authentication continuanc

carrying password

e message,

Authentication success response

Authorization request

Authorization success response

Allows user to log in

Accounting start request

Accounting start response

Exits the switch

Accounting stop request

Accounting stop response

User

HWTACACS

Client

HWTACACS

Server

User

HWTACACS

Client

HWTACACS

Server

Requests to log in

Authentication start request

Authentication respon

requesting username

se,

Requests username
Enters username

Authentication continuanc

carrying username

e message,

Authentication respon

requesting password

se,

Requests password

Enters password

Authentication continuanc

carrying password

e message,

Authentication success response

Authorization request

Authorization success response

Allows user to log in

Accounting start request

Accounting start response

Exits the switch

Accounting stop request

Accounting stop response

User

HWTACACS

Client

HWTACACS

Server

Figure 1-6

AAA implementation procedure for a telnet user

The basic message exchange procedure is as follows:
1) A user sends a login request to the switch acting as a TACACS client, which then

sends an authentication start request to the TACACS.

2) The TACACS server returns an authentication response, asking for the username.

Upon receiving the response, the TACACS client requests the user for the
username.

3) After receiving the username from the user, the TACACS client sends an

authentication continuance message carrying the username.

4) The TACACS server returns an authentication response, asking for the password.

Upon receiving the response, the TACACS client requests the user for the login
password.

5) After receiving the password, the TACACS client sends an authentication

continuance message carrying the password to the TACACS server.

6) The TACACS server returns an authentication response, indicating that the user

has passed the authentication.

7) The TACACS client sends a user authorization request to the TACACS server.

See also other documents in the category H3C Technologies Routers: