3com 8807 User Guide
238
C
HAPTER
26: AAA
AND
RADIUS/HWTACACS P
ROTOCOL
C
ONFIGURATION
Figure 61 illustrates the basic message exchange procedures.
Figure 61 Basic message exchange procedures
Implementing
AAA/RADIUS on a
Switch
By now, we understand that in the above-mentioned AAA/RADIUS framework,
3Com Series Switches, serving as the user access device (NAS), is the client end of
RADIUS. In other words, the AAA/RADIUS concerning client-end is implemented
on 3Com Series Switches. Figure 62 illustrates the RADIUS authentication network
including 3Com Series Switches.
3Com Series Switches, serving as the user access device (NAS), is the client end of
RADIUS. In other words, the AAA/RADIUS concerning client-end is implemented
on 3Com Series Switches. Figure 62 illustrates the RADIUS authentication network
including 3Com Series Switches.
User
TACACS
Client
TACACS
Server
Server
User logs on
Authentication start packet
Authentication response packet,
requesting username
The user inputs username
Authentication continuance packet,
sending username to the server
sending username to the server
Authentication response packet,
requesting password
requesting password
Requests the user
for password
for password
User inputs the password
Authentication continuance packet,
sending password to the server
sending password to the server
Authentication response packet.
Authentication succeeds
Authorization request packet
Authorization response
packet. Authorization
succeeds
packet. Authorization
succeeds
The user logs on successfully
Accounting start packet
Accounting start packet response
User logs off
Accounting stop packet
Accounting stop packet response
Requests the user for
username
username
User
TACACS
Client
TACACS
Server
Server
User logs on
Authentication start packet
Authentication response packet,
requesting username
The user inputs username
Authentication continuance packet,
sending username to the server
sending username to the server
Authentication response packet,
requesting password
requesting password
Requests the user
for password
for password
User inputs the password
Authentication continuance packet,
sending password to the server
sending password to the server
Authentication response packet.
Authentication succeeds
Authorization request packet
Authorization response
packet. Authorization
succeeds
packet. Authorization
succeeds
The user logs on successfully
Accounting start packet
Accounting start packet response
User logs off
Accounting stop packet
Accounting stop packet response
Requests the user for
username
username