--> AAA works based upon two protocols
i) TACACS+
ii) RADIUS
TACACS+
--> It uses TCP port number 49 to provide communication between Tacacs+ client and Tacacs+ Server.
Ex: Switch is Tacacs+ client and ISE/ACS is Tacacs+ Server.
--> TACACS+ Authorization and Accounting works using two messages
i) Request --- Requesting the server the user can access particular service ( Command in CLI).
ii) Response--Response from the server the user can access or deny the particular service
i) TACACS+
ii) RADIUS
TACACS+
--> It uses TCP port number 49 to provide communication between Tacacs+ client and Tacacs+ Server.
Ex: Switch is Tacacs+ client and ISE/ACS is Tacacs+ Server.
--> It encrypts entire packet/payload.
--> Separates Authentication, Authorization and Accounting as separate process.
--> Used in Device Administration.
TACACS+ Authentication Session Flow
i) AAA client ( Switch) starts the session by sending START message indicating AAA server authentication request is coming.
ii) AAA Server Sends REPLY message asking AAA client tell me the UserName.
iii) AAA Client Sends CONTINUE message with UserName to AAA server.
iv) AAA Server Sends REPLY message asking AAA client tell me the Password.
v) AAA Client Sends CONTINUE message with Password to AAA server.
vi) AAA Server Sends FINAL REPLY message indicating with following status
--> Accept ( Authentication is Success and Authorization Process Will begin)
--> Reject ( Authentication is Failed)
--> Error ( There is an error in authentication method).
--> Continue ( Prompted with more information for authentication to success).
TACACS+ Authorization and Accounting Session Flow
--> TACACS+ Authorization and Accounting works using two messages
i) Request --- Requesting the server the user can access particular service ( Command in CLI).
ii) Response--Response from the server the user can access or deny the particular service
0 comments:
Post a Comment