Cisco Cisco Prime Optical 10.6 Références techniques
2
Cisco Prime Optical 10.6 Basic External Authentication
Overview
illustrates the basic external authentication workflow.
Figure 1
Basic External Authentication Workflow
Note
Basic external authentication is not available when Prime Optical is installed with Cisco Prime Central.
For more information about Prime Central, see
For more information about Prime Central, see
RADIUS
RADIUS is a distributed client/server system that secures networks against unauthorized access.
The Prime Optical server acts as a RADIUS client and sends authentication requests to a RADIUS access
server implementing a single sign-on (SSO) application. The RADIUS access server verifies user
identity by using Password Authentication Protocol (PAP).
server implementing a single sign-on (SSO) application. The RADIUS access server verifies user
identity by using Password Authentication Protocol (PAP).
The RADIUS access server is a centralized network server that stores user and credential information.
Network devices such as routers, network elements (NEs), and software applications request access
permission from the access server.
Network devices such as routers, network elements (NEs), and software applications request access
permission from the access server.
Once a user logs in, the RADIUS client sends a request to the access server for user access
(Access-Request). Upon receiving the user credentials, the access server either accepts (Access-Accept)
or rejects (Access-Reject) the request.
(Access-Request). Upon receiving the user credentials, the access server either accepts (Access-Accept)
or rejects (Access-Reject) the request.
TACACS+
Terminal Access Controller Access Control System Plus (TACACS+) is a Cisco proprietary version of
TACACS. TACACS+ is a security application that provides centralized validation of users attempting to
gain access to a router or network access server.
TACACS. TACACS+ is a security application that provides centralized validation of users attempting to
gain access to a router or network access server.
1. Authentication request
4. Local
profile
validation
Cisco Prime Optical
database
Cisco Prime Optical
server
Cisco Prime Optical
Access
server
Cisco Prime Optical
client
Cisco Prime Optical
client
5. Authentication result
2. External authentication request
3. External authentication result
5. A
uthentication result
1. A
uthentication request
310141