Cisco Cisco Prime Optical 9.8 Technical References

The following figure illustrates the basic external authentication workflow.

Basic external authentication is not available when Prime Optical is installed with Cisco Prime Central. 
For more information about Prime Central, see 

RADIUS is a distributed client/server system that secures networks against unauthorized access. 

The Prime Optical server acts as a RADIUS client and sends authentication requests to a RADIUS access 
server implementing a single sign-on (SSO) application. The RADIUS access server verifies user 
identity by using Password Authentication Protocol (PAP).

The RADIUS access server is a centralized network server that stores user and credential information. 
Network devices such as routers, network elements (NEs), and software applications request access 
permission from the access server. 

Once a user logs in, the RADIUS client sends a request to the access server for user access 
(Access-Request). Upon receiving the user credentials, the access server either accepts (Access-Accept) 
or rejects (Access-Reject) the request.

Terminal Access Controller Access Control System Plus (TACACS+) is a Cisco proprietary version of 
TACACS. TACACS+ is a security application that provides centralized validation of users attempting to 
gain access to a router or network access server. 

1. Authentication request

4. Local

 profile

 validation

Cisco Prime Optical

database

Cisco Prime Optical

server

Cisco Prime Optical

Access

server

Cisco Prime Optical

client

Cisco Prime Optical

client

5. Authentication result

2. External authentication request

3. External authentication result

5. A

uthentication result

1. A

uthentication request

310141