1-8
Figure 1-6 AAA implementation procedure for a telnet user
TACACS server
User
TACACS client
Requests to log in
Authentication start request
Authentication response, requesting username
Requests username
Enters username
Authentication continuous message,
carrying username
Authentication response, requesting password
Requests password
Enters password
Authentication success response
Authorization request
Authorization success response
Allows user to log in
Accounting start request
Accounting start response
Exits the switch
Accounting stop request
Accounting stop response
Authentication continuous message,
carrying password
The basic message exchange procedure is as follows:
1) A user sends a login request to the switching engine acting as a TACACS client, which then sends
an authentication start request to the TACACS server.
2) The TACACS server returns an authentication response, asking for the username. Upon receiving
the response, the TACACS client requests the user for the username.
3) After receiving the username from the user, the TACACS client sends an authentication
continuance message carrying the username.
4) The TACACS server returns an authentication response, asking for the password. Upon receiving
the response, the TACACS client requests the user for the login password.
5) After receiving the password, the TACACS client sends an authentication continuance message
carrying the password to the TACACS server.
6) The TACACS server returns an authentication response, indicating that the user has passed the
authentication.
7) The TACACS client sends a user authorization request to the TACACS server.
8) The TACACS server returns an authorization response, indicating that the user has passed the
authorization.
