Cisco Cisco Transport Manager 9.1 技术参考
10
Cisco Transport Manager Release 9.1 Basic External Authentication
OL-19366-01
RADIUS System Flow
The following describes the system flow:
1.
The CTM installation installs one user, the SysAdmin. As a SysAdmin user, you configure external
authentication settings in the CTM client Control Panel.
authentication settings in the CTM client Control Panel.
2.
The CTM client forwards the authentication request to the CTM server.
3.
The CTM server’s RADIUS client sends an Access-Request message to the RADIUS access server.
The access server replies with an Access-Accept RADIUS message if the user credentials are
accepted, with an Access-Reject if the user credentials are rejected, or with an Access-Challenge.
For an Access-Challenge, the access server sends a human-readable request to the user; the CTM
client prompts the user with the request, collects the user response, and sends the response back to
the CTM server. The CTM server sends a new Access-Request with the user’s response to the access
server. This process continues cyclically until the access server sends an Access-Accept or
Access-Reject RADIUS message. For details, see
The access server replies with an Access-Accept RADIUS message if the user credentials are
accepted, with an Access-Reject if the user credentials are rejected, or with an Access-Challenge.
For an Access-Challenge, the access server sends a human-readable request to the user; the CTM
client prompts the user with the request, collects the user response, and sends the response back to
the CTM server. The CTM server sends a new Access-Request with the user’s response to the access
server. This process continues cyclically until the access server sends an Access-Accept or
Access-Reject RADIUS message. For details, see
The following table describes the RADIUS attributes that CTM server’s RADIUS client sends in
Access-Request messages.
Access-Request messages.
Table 3
Attributes That the CTM Server’s RADIUS Client Sends in Access-Request Messages
RADIUS Attribute
Description
User-Name value
CTM user’s name
User-Password value
Encrypted user’s password
NAS-IP-Address value
CTM host’s IPv4 address
NAS-Identifier value
ctms
NAS-Port-Type value
5 (virtual)
Note
This attribute instructs the server to indicate that the user is not on a physical port.
NAS-Port value
Process ID of the RADIUS client
Service-Type value
8 (authenticate only)
Note
This attribute is present in the first Access-Request message, but is missing from the
RADIUS server’s Access-Challenge replies. For this reason, the RADIUS server
administrator must not configure the RADIUS server to check for the existence of this
attribute in every Access-Request message.
RADIUS server’s Access-Challenge replies. For this reason, the RADIUS server
administrator must not configure the RADIUS server to check for the existence of this
attribute in every Access-Request message.