Operation Manual – AAA-RADIUS-HWTACACS
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-11
5) After receiving the login password, the HWTACACS client sends to the
HWTACACS server an authentication continuance packet carrying the login
password.
6) The HWTACACS server sends back an authentication response indicating that
the user has passed authentication.
7) The HWTACACS client sends the user authorization packet to the HWTACACS
server.
8) The HWTACACS server sends back the authorization response, indicating that
the user is authorized now.
9) Knowing that the user is now authorized, the HWTACACS client pushes the
configuration interface of the router or switch to the user.
10) The HWTACACS client sends a start-accounting request to the HWTACACS
server.
11) The HWTACACS server sends back an accounting response, indicating that it has
received the start-accounting request.
12) When the user logs off, the HWTACACS client sends a stop-accounting request to
the HWTACACS server.
13) The HWTACACS server sends back a stop-accounting packet, indicating that the
stop-accounting request has been received.
1.2 AAA/RADIUS/HWTACACS Configuration Task List
I. AAA configuration task list
Task
Remarks
Creating an ISP Domain
Required
Configuring ISP Domain Attributes
Optional
Configuring an AAA Authentication
Scheme for an ISP Domain
Required
For local authentication, refer to
Configuring Local User Attributes
.
For RADIUS authentication, refer to
Configuring RADIUS
.
For HWTACACS authentication, refer to
Configuring HWTACACS
.
Configuring an AAA Authorization
Scheme for an ISP Domain
Optional
Configuring an AAA Accounting Scheme
for an ISP Domain
Optional
Configuring Local User Attributes
Optional
Tearing down User Connections
Forcibly
Optional