Operation Manual – SecurityH3C S9500 Series Routing SwitchesChapter 2 AAA and RADIUS/HWTACACSProtocol Configuration2-5User TACACSClientTACACSServerUser logs on Authentication start packetAuthentication response packet,requesting usernameThe user inputs username Authentication continuance packet,sending username to the serverAuthentication response packet,requesting passwordRequests the userfor passwordUser inputs the password Authentication continuance packet,sending password to the serverAuthentication response packet.Authentication succeedsAuthorization request packetAuthorization responsepacket. AuthorizationsucceedsThe user logs on successfullyAccounting start packetAccounting start packet responseUser logs offAccounting stop packetAccounting stop packet responseRequests the user forusernameUser TACACSClientTACACSServerUser logs on Authentication start packetAuthentication response packet,requesting usernameThe user inputs username Authentication continuance packet,sending username to the serverAuthentication response packet,requesting passwordRequests the userfor passwordUser inputs the password Authentication continuance packet,sending password to the serverAuthentication response packet.Authentication succeedsAuthorization request packetAuthorization responsepacket. AuthorizationsucceedsThe user logs on successfullyAccounting start packetAccounting start packet responseUser logs offAccounting stop packetAccounting stop packet responseRequests the user forusernameFigure 2-2 Basic message exchange procedures2.1.4 Implementing AAA/RADIUS on a SwitchBy now, we understand that in the above-mentioned AAA/RADIUS framework, H3CSeries Switches, serving as the user access device (NAS), is the client end of RADIUS.In other words, the AAA/RADIUS concerning client-end is implemented on H3C SeriesSwitches. Figure 2-3 illustrates the RADIUS authentication network including H3CSeries Switches.
