Filter
Top Products
3Com Switch 8800 Configuration Guide
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con
figuration
40-5
User
TACACS
Client
TACACS
Server
User logs on
Authentication start packet
Authentication response packet,
requesting username
The user inputs username
Authentication continuance packet,
sending username to the server
Authentication response packet,
requesting password
Requests the user
for password
User inputs the password
Authentication continuance packet,
sending password to the server
Authentication response packet.
Authentication succeeds
Authorization request packet
Authorization response
packet. Authorization
succeeds
The user logs on successfully
Accounting start packet
Accounting start packet response
User logs off
Accounting stop packet
Accounting stop packet response
Requests the user for
username
User
TACACS
Client
TACACS
Server
User logs on
Authentication start packet
Authentication response packet,
requesting username
The user inputs username
Authentication continuance packet,
sending username to the server
Authentication response packet,
requesting password
Requests the user
for password
User inputs the password
Authentication continuance packet,
sending password to the server
Authentication response packet.
Authentication succeeds
Authorization request packet
Authorization response
packet. Authorization
succeeds
The user logs on successfully
Accounting start packet
Accounting start packet response
User logs off
Accounting stop packet
Accounting stop packet response
Requests the user for
username
Figure 40-2 Basic message exchange procedures
40.1.4 Implementing AAA/RADIUS on a Switch
By now, we understand that in the above-mentioned AAA/RADIUS framework, a
Switch 8800, serving as the user access device (NAS), is the client end of RADIUS. In
other words, the AAA/RADIUS concerning client-end is implemented on the Switch
8800.
Figure 40-3 illustrates the RADIUS authentication network including the Switch
8800.