--> There are two different types of messages used during TACACS + Authorization Process:
1) Request ( From AAA client to AAA Server)
2) Response ( From AAA Server to AAA Client)
--> Once the Authentication is done, AAA client( Network Device) is going to send Authorization REQUEST to AAA Server.
--> The Authorization REQUEST contains service requests to CLI Shell or to execute a specific command on the network device.
--> Then the AAA server will send RESPONSE message to AAA client with one of the following messages.
1) FAIL: Means the CLI Shell access or command is denied/not allowed.
2) PASS_ADD: Means the CLI Shell access or command is allowed with Additional Information.
3) PASS_REPL: Means Successful Authorization
4) FOLLOW: Means the AAA Server is asking the AAA client to send the authorization request to another AAA Server mentioned in the Response Message.
5) ERROR: Some Errors happened during the Authorization process.
1) Request ( From AAA client to AAA Server)
2) Response ( From AAA Server to AAA Client)
--> Once the Authentication is done, AAA client( Network Device) is going to send Authorization REQUEST to AAA Server.
--> The Authorization REQUEST contains service requests to CLI Shell or to execute a specific command on the network device.
--> Then the AAA server will send RESPONSE message to AAA client with one of the following messages.
1) FAIL: Means the CLI Shell access or command is denied/not allowed.
2) PASS_ADD: Means the CLI Shell access or command is allowed with Additional Information.
3) PASS_REPL: Means Successful Authorization
4) FOLLOW: Means the AAA Server is asking the AAA client to send the authorization request to another AAA Server mentioned in the Response Message.
5) ERROR: Some Errors happened during the Authorization process.
When you read, everything seems very simple to you, but, on practice, the reality is another. Anyway, you will never know until you try.
ReplyDelete