258. Upon receipt of the response, the HWTACACS client asks the user for the login password.9. The user inputs the password.10. After receiving the login password, the HWTACACS client sends to the HWTACACS servera continue-authentication packet carrying the login password.11. The HWTACACS server sends back an authentication response indicating that the user haspassed authentication.12. The HWTACACS client sends the user authorization request packet to the HWTACACSserver.13. The HWTACACS server sends back the authorization response, indicating that the user isauthorized now.14. Knowing that the user is now authorized, the HWTACACS client pushes the configurationinterface of the NAS to the user.15. The HWTACACS client sends a start-accounting request to the HWTACACS server.16. The HWTACACS server sends back an accounting response, indicating that it has receivedthe start-accounting request.17. The user logs off.18. The HWTACACS client sends a stop-accounting request to the HWTACACS server.19. The HWTACACS server sends back a stop-accounting response, indicating that the stop-accounting request has been received.Domain-based user managementAn Internet service provider (ISP) domain accommodates a collection of users. NAS devicesmanage users based on ISP domains. Each user belongs to an ISP domain. The ISP domain of auser is determined by the username used at login. See Figure 7.Figure 7 Determine the ISP domain of a user by the usernameThe authentication, authorization, and accounting of a user depends on the AAA methodsconfigured for the domain that the user belongs to. If no specific AAA methods are configured forthe domain, the defaults are used. By default, a domain uses local authentication, localauthorization, and local accounting.The AAA feature allows you to manage users based on their access or service types: