3COM 10014303 User Manual
Size:
1.33 Mb
Download

3Com Router

Configuration Guide for V1.20

http://www.3com.com/

Part No. 10014303

Published January 2004

3Com Router Configuration Guide Addendum for V1.20

1.1. Introduction

1.1.1. Scope

This manual provides configuration information for new software features found in V1.20 of the 3Com Router operating system. Use this addendum to supplement configuration information found in the 3Com Router Configuration Guide.

1.1.2. Online Resources

Download the Router 3000 Installation Guide from: http://support.3com.com/infodeli/tools/routers/R3000Install.pdf Download the Router 5000 Installation Guidefrom: http://support.3com.com/infodeli/tools/routers/5000Install.pdf Download the 3Com Router Command Reference Guidefrom: http://support.3com.com/infodeli/tools/routers/3ComRouterComRef.pdf Download the 3Com Router Configuration Guidefrom:

http://support.3com.com/infodeli/tools/routers/3com_configuration_guide.pdf Download other current software updates and release notes from: http://www.3com.com/

2

3Com Router Configuration Guide Addendum for V1.20

Chapter 1 Configuring Class-BasedQueuing

As an extension of WFQ, class based queuing (CBQ) provides users with class definition support. CBQ assigns individual FIFO reservation queues to the classes defined by each user to buffer data of the same class. When there is network congestion, CBQ matches outbound packets according to the classification rule defined by users to make them enter relevant queues. Before queue entry of packets, the congestion avoidance mechanism (tail-dropor weighted random early detection [WRED]) and bandwidth limit must first be checked. When packets leave the queues, weighted fair scheduling of packets in the queues corresponding to each class should be performed.

 

LLQ

 

 

IP Packets

BQ1

Outgoing first

Sent packets

 

 

 

BQ2

 

 

Classifying

 

 

Sent queue

 

­¡ ­¡

 

 

Scheduling

 

 

BQ64

 

 

Figure 1-1CBQ diagram

If CBQ performs weighted fair treatment to queues of all classes, voice packets, the delay-sensitivedata flow may not be sent out in time. Therefore, PQ is introduced to CBQ to create low latency queuing (LLQ), which provides strictly preferred sending service for suchdelay-sensitivedata flow as voice packets.

LLQ strictly combines PQ with CBQ. When a user defines a class, he can specify it to accept strict priority service. The class of this type is called priority class. All packets of the priority class enter the same priority queue. Before they enter a queue, the bandwidth limit of each class of packets should be checked. When packets go out of the queues, the packets in the priority queue are forwarded before packets in the queues corresponding to other classes. But if the maximum reservation bandwidth configured for LLQ is exceeded, the packets in other queue are sent. Weighted fair scheduling will be performed to the packets in other queues when they are forwarded.

In order to avoid long time delay of packets in other queues, the maximum available bandwidth can be specified for each priority class during LLQ application for traffic

3

3Com Router Configuration Guide Addendum for V1.20

policing upon congestion. If no congestion occurs, the priority class is permitted to use bandwidth exceeding the assigned value. In case of congestion, packets exceeding the assigned bandwidth of the priority class will be discarded. Burst size is also configurable under LLQ.

When the system matches packets with rules, it matches priority classes before other classes. If there are multiple priority classes, they are matched one by one according to configuration sequence. The same procedure is used to match packets and rules in other classes. If there are multiple rules in a class, they are also matched one by one according to the configuration sequence.

1.2 CBQ Configuration Tasks

CBQ (Class Based Queuing) configuration includes:

Define a class and enter the class view

Configure matching rules of a class

Define the policy and enter the policy view

Configure class in policy and enter policy-classview

Configure features of a class

Apply a policy to an interface

1.2.1 Define a Class and Enter the Class View

Defines a class and enters class view.

Perform the following configurations in the system view.

Table 1-1 Define a class and enter the class view

Operation

Command

 

 

Define a Class and Enter the Class

qos class [ logic-and| logic-or] class-name

View

 

Delete a class and enter class view

undo qos class [ logic-and| logic-or] class-name

 

 

By default, a class named default-class is defined in the system. The class name defined by the userclass-namecannot bedefault-class.

By default, the defined class is logic-and and the interrelationship between matching rules in the class view is logical AND.

1.2.2 Configure Matching Rules of a Class

1)Define the rule for matching all packets

Perform the following configurations in class view.

4

3Com Router Configuration Guide Addendum for V1.20

Table 1-2 Define/delete the rule matching all packets

Operation

Command

 

 

Define the rule matching all packets

if-match[logic-not] any

Delete the rule matching all packets

undo if-match[logicnot] any

2)Define the class matching rule

Perform the following configurations in class view.

Table 1-3 Define/delete the class matching rule

Operation

Command

 

 

Define the class matching rule

if-match[ logic-not] classclass-name

Delete the class matching rule

undo if-match[ logic-not] classclass-name

Note:

This command cannot be used circularly. For example, qos class A defines the rules to match qos class B, while qos class B cannot define a rule matching qos class A directly or indirectly.

3)Define the ACL matching rule

Perform the following configurations in class view.

Table 1-4 Define/delete ACL matching rule

Operation

Command

 

 

Define ACL matching rule

if-match[ logic-not] aclacl-number

Delete ACL matching rule

undo if-match[ logic-not] aclacl-number

4)Define the MAC address matching rule

Perform the following configurations in class view.

Table 1-5 Define/delete the matching rule of a MAC address

Operation

Command

 

 

Define MAC address matching rule

if-match[ logic-not] { destination-mac| source-mac} mac-address

Delete MAC address matching rule

undo if-match[logic-not] { destination-mac| source-mac}

 

mac-address

Note:

The matching rules of the destination MAC address are only meaningful for the policies in outbound direction and the interface of Ethernet type.

5

3Com Router Configuration Guide Addendum for V1.20

The matching rules of the source MAC address are only meaningful for the policies in inbound direction and the interface of Ethernet type.

5)Define the inbound interface matching rule of a class

Perform the following configurations in class view.

Table 1-6 Define/delete the inbound interface matching rule of a class

Operation

Command

 

 

Define the inbound interface

if-match[ logic-not] inbound-interfacetype number }

matching rule of a class

 

Delete the inbound interface

undo if-match[ logic-not] inbound-interfacetype number

matching rule of a class

 

6)Define the DSCP matching rule

The differentiated services code point (DSCP) is a refined field from the 6 high bits of ToS bytes in IP header by IETF DiffServ workgroup.In the solution submitted by DiffServ, services are classified and traffic is controlled according to service requirements at the network ingress. Simultaneously, DSCP is set. Communication (including resource allocation, packet discard policy, etc.) is classified and served on the basis of the grouped DSCP values

You can set classified matching rules according to DSCP values.

Perform the following configurations in class view.

Table 1-7 Define/delete DSCP matching rule

Operation

Command

 

 

Define DSCP matching rule

if-match[ logic-not] ip-dscpvalue [ value ] …

 

 

Delete DSCP matching rule

undo if-match[ logic-not] ip-dscpvalue [ value ] …

 

 

7)Define the IP precedence matching rule

Perform the following configurations in class view.

Table 1-8 Define/delete ip precedence matching rule

Operation

Command

 

 

Define IP precedence matching rule

if-match[ logic-not] ip-precedencevalue [ value ] …

 

 

Delete IP precedence matching rule

undo if-match[ logic-not] ip-precedence

 

 

6

3Com Router Configuration Guide Addendum for V1.20

Use the corresponding command to configure the value of ip precedence during the configuration; otherwise, the configuration of theif-match ip precedence command will overwrite the previous configurations.

8)Define the RTP port matching rule

Perform the following configurations in class view.

Table 1-9 Define/delete RTP port matching rule

Operation

Command

 

 

Define RTP port matching rule

if-match[logic-not] rtpstart-portstarting-port-number end-port

end-port-number

 

Delete RTP port matching rule

undo if-match[ logic-not] rtpstart-portstarting-port-number

end-port end-port-number

 

Because the RTP priority queue (RTPQ) has a higher priority than that of CBQ, only RTPQ will take effect if both RTPQ and the queue based on the class matching RTP are configured at the same time.

9)Define the protocol matching rule

Perform the following configurations in class view.

Table 1-10 Define/delete IP matching rule

Operation

Command

 

 

Define IP matching rule

if-match[ logic-not] protocol ip

Delete IP matching rule

undo if-match[ logic-not] protocol ip

10)Define the rule of all packets that do not satisfy the specified matching rule.

Perform the following configurations in class view.

Table 1-11 Define/delete the rule of all packets not satisfying the specified matching rule

Operation

Command

 

 

Define the rule of all packets not satisfying specified

if-matchlogic-notcriteria

matching rule

 

Delete the rule of all packets not satisfying specified

undo if-matchlogic-notcriteria

matching rule

 

Match-criteria:Matching rule of the class, includingacl,any,class,destination-mac,inbound-interface,ip-precedence,ip-dscp,protocol,rtp,source-mac.

1.2.3 Define the Policy and Enter the Policy View

Policy definition includes definition to the feature requirement for each class in the policy, such as queue scheduling, including EF, AF, WFQ, TP, TS, and WRED.

7

3Com Router Configuration Guide Addendum for V1.20

Perform the following configurations in the system view.

Table 1-12 Define the policy and enter the policy view

Operation

Command

 

 

Define the policy and enter the policy

qos policy policy-name

view

 

Delete the specified policy

undo qos policy policy-name

If an interface applies this policy, this policy is not allowed to be deleted. You must remove the application of this policy on the interface and then delete the policy with the undo qos policy command.

1.2.4 Configure Class in Policy and Enter Policy-ClassView

Perform the following configurations in the policy view.

Table 1-13 Configure class in policy and enterpolicy-classview

Operation

Command

 

 

Configure class in policy

qos-classclass-name

Remove the class configuration

undo qos-classclass-name

class-name:Name of a class, of a defined class.

1.2.5 Configure Features of a Class in Policy

1)Configure bandwidth

CBQ can set bandwidth and queuing length for each class.

Bandwidth is the minimum guarantee that the router can provide when congestion occurs. If there is no congestion, each class can use the bandwidth larger than the assigned one, but if there is congestion, for each class, all the packets exceeding the assigned bandwidth will be dropped.

Queuing length is the maximum queue length of the class. When the queue is as long as the preset length, new packets that want to enter the queue will be dropped.

Policy class configured with expedited-forwardingand bandwidth is a priority class and will enter low latency queuing (LLQ).

Policy class configured with assured-forwardingand bandwidth is an ordinary class.

The class that does not match any policy is called the default-class,and it can be configured withassured-forwardingand bandwidth. After thedefault-classis

8

3Com Router Configuration Guide Addendum for V1.20

configured with a maximum bandwidth, the system will assign the class an individual queue, called the default queue.

Theoretically, each class can be configured with bandwidth of any size, but generally, the priority classes can occupy 70% of the total bandwidth, and other ordinary classes and the default class occupy less than 10%. It should be noted that the total bandwidth assigned to each class and the RTP priority queue should not be larger than the available bandwidth (the maximum bandwidth of the interface multiplied by the percentage of the reserved bandwidth).

Please perform the following configurations in policy-classview.

Table 1-14 Configureassured-forwardingand the minimum bandwidth

Operation

Command

 

 

Configure assured-forwardingfor an

af bandwidth { bandwidth| pct percentage}

ordinary class or default class and

configure the minimum bandwidth for them

 

Delete the assured-forwarding

undo af

Configure expedited-forwardingfor priority

ef bandwidth bandwidth [ cbssize ]

class and configure the maximum

bandwidth and CBS for it

 

Delete expedited-forwarding

undo ef

This function can only be applied on the outbound direction.

Note:

Priority classes must be configured with absolute bandwidth, while ordinary classes and the default class can be configured with relative bandwidth (in percentage) or absolute bandwidth.

2)Configure fair queue for the default class

Perform the following configurations in the policy-classview.

Table 1-15 Configure fair queue for the default class

Operation

Command

 

 

Configure WFQ for the default class

wfq [ queue-number total-queue-number]

Remove the configured WFQ of the default

undo wfq

class

 

9

3Com Router Configuration Guide Addendum for V1.20

3)Configure the maximum queue length of the class

Configure maximum queue length of the class and configure the drop type as tail drop.

Perform the following configurations in the policy-classview.

Table 1-16 Configure the maximum queue length of the class

Operation

Command

 

 

Configure the maximum queue length of the

queue-lengthqueue-length

class

 

Delete the configuration of maximum queue

undo queue-length

length

 

This command can be used only after the af command has been configured. Execute theundo af command thenqueue-length will be deleted as well.

For the default-class,this command can be used only after theaf has been configured.

4)Configure the discarding mode of the class as random.

Perform the following configurations in the policy-classview.

Table 1-17 Configure the discarding mode of the class as random

Operation

Command

 

 

Configure the discarding mode of the class

wred [ ip-dscpvalue |ip-precedencevalue ]

as random

 

Restore the default setting

undo wred [ ip-dscpvalue |ip-precedencevalue ]

ip-dscp indicates that the DSCP value is used to calculate the drop probability of a packet.

Ip-precedence:Indicate that the IP precedence value is used to calculate drop probability of a packet, which is the default setting.

This command cannot be used until the af command has been configured. In the case of the default class, this command be used only after theaf command has been configured. Thewred andqueue-length commands are mutually exclusive. Other configurations under the random drop will be deleted simultaneously when this command is deleted. When a QoS policy including WRED is applied on an interface, the original WRED configuration on the interface will be invalid.

The default-classcan only be configured with the random discard mode based on IP precedence.

5)Configure exponential of average queue length calculated by WRED

Perform the following configurations in the policy-classview.

10

3Com Router Configuration Guide Addendum for V1.20

Table 1-18 Configure exponential of average queue length calculated by WRED

Operation

Command

 

 

Configure exponential of average queue

wred weighting-constantexponent

length calculated by WRED

 

Delete the configuration of exponential of

undo wred weighting-constant

average queue length calculated by WRED

 

This command can be used only after the af command has been configured and thewred command has been used to enable WRED discard mode.

6)Configure DSCP lower-limit,upper-limitand discard probability of WRED

Perform the following configurations in the policy-classview.

Table 1-19 Configure DSCPlower-limit,upper-limitand discard probability of WRED

Operation

Command

 

 

Configure DSCP lower-limit,upper-limit

wred ip dscp value low-limitlow-limit hjgh-limithigh-limit

and discard probability of WRED

[ discard-probabilitydiscard-prob ]

Delete the configured DSCP lower-limit,

undo wred ip-dscpvalue

upper-limitand discard probability of

WRED

 

value: DSCP value, in the range from 0 to 63, which can be any of the following keywords:ef,af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43,cs1,cs2,cs3,cs4,cs5 orcs7.

The discard mode based on WRED should have been enabled via the wred ip-dscp command.

When the configuration of qos wred is deleted, thewred ip-dscp will also be deleted.

When the af configuration is deleted, the configuration of discarding parameters will also be deleted.

7)Configure lower-limit,upper-limitand discarding probability of WRED precedence

Perform the following configurations in the policy-classview.

Table 1-20 Configurelower-limit,upper-limitand discarding probability of WRED precedence

Operation

Command

 

 

Configure lower-limit,upper-limitand

wred ip-precedencevalue low-limitlow-limit hjgh-limithigh-limit

discard probability of WRED precedence

[ discard-probabilitydiscard-prob ]

denominator

 

Delete the configuration of lower-limit,

undo wredip-precedencevalue

upper-limitand discard probability of

WRED precedence denominator

 

11

3Com Router Configuration Guide Addendum for V1.20

The discarding mode based on WRED must already have been enabled via the wred ip-precedence command.

When the configuration of qos wred is deleted, thewred ip-precedence is also deleted.

When the af configuration is deleted, the configuration of discarding parameters will also be deleted.

8)Enable/Disable traffic policing

Perform the following configurations in the policy-classview.

Table 1-21 Enable/Disable traffic policing for the class

Operation

Command

 

 

Enable traffic policing for the class

car cir rate [ cbssize ebssize ] [ conformaction [ exceedaction] ]

 

 

Disable traffic policing for the class

undo car

 

 

In the table, action means actions taken on a data packet, including:

discard: Discard a packet.pass: Send a packet.

remark-dscp-pass new-dscp:Set the value ofnew-dscpand send it. This value ranges from 0 to 63.

remark-prec-pass new-prec:Set new IP prioritynew-prec and send it. This value ranges from 0 to 7.

If TP is used in the class-policyapplied on the interface, it can be applied on both inbound and outbound interfaces.

When the class-policyincluding TP feature is applied on an interface, it invalidates the originalqos car command.

If this command is repeatedly configured on the same class policy, the last configuration replaces the previous one.

The class configured with traffic policing without the application of AF or EF enters the default queue if it passes traffic policing but encounters interface congestion.

9)Configure traffic shaping (TS) for a class

Perform the following configurations in the policy-classview.

Table 1-22 Enable/disable TS for a class

Operation

Command

 

 

Enable TS for a class

gts cir rate [ cbsburst-size [ ebssize [ queue-lengthlength ] ] ]

Disable TS for a class

undo gts

12

3Com Router Configuration Guide Addendum for V1.20

If qos gts is used in theclass-policythat is applied to the interface, it can only be applied to the outbound interface.

When the class including TS is applied to the interface, the original qos gts command that is configured on the interface will become invalid.

If this command is repeatedly executed to configure the same class policy, the last configuration replaces the previous one.

The class configured with TS without applying the configuration of AF or EF enters the default queue if it passes traffic shaping but encounters interface congestion.

10) Set DSCP value for the class to identify packets.

Perform the following configurations in the policy-classview.

Table 1-23 Set DSCP value for the class to identify packets

Operation

Command

 

 

Set DSCP value for the class to identify packets

remark ip-dscpvalue

Remove DSCP value that identifies packets

undo remark ip-dscp

11) Set IP precedence value to identify matched packets

Perform the following configurations in the policy-classview.

Table 1-24 Set IP precedence value to identify matched packets

Operation

Command

 

 

Set IP precedence value to identify matched

remark ip-precedencevalue

packets

 

Set IP precedence value to identify matched

undo remark ip-precedence

packets

 

1.2.6 Apply a policy to an interface

The qos apply policy command applies a policy to a specific physical interface. A policy can be used on multiple physical ports.

Perform the following configurations in class view.

Table 1-25 Associate an interface with the set policy

Operation

Command

 

 

Apply an associated policy to an

qos apply policy { inbound| outbound} policy-name

interface

Delete an associated policy from an

undo qos apply policy { inbound| outbound}

interface

13

3Com Router Configuration Guide Addendum for V1.20

The following is the rule for a policy to be applied in interface view.

A policy configured with various features (including remark,car,gts,af,ef,wfq, andwred,) apply to a common physical interface and a virtual template interface over MP.

The policy configured with TS (gts), and ef, af, wfq cannot be applied on the interface as an inbound policy.

The sub-interfacedoes not support ef, af, or wfq but supports TS (gts) and TP (car). The policy configured with TS and TP can be applied on thesub-interface.

Note:

In the case of fast forwarding, CBQ is not supported.

1.2.7 Displaying and debugging CBQ

After the above configuration, execute display command in all views to display the current class-basedqueue configuration, and to verify the effect of the configuration.

Table 1-26 Display and debug CBQ

Operation

Command

 

 

Display class information configured on the

display qos class [ class-name ]

router

 

Display the configuration information of an

display qos policy [ policy-name [ classclass-name ] ]

specified policy or a specified class in all

policies or all classes

 

Display the configuration information and

display qos policy interface [ type number } [ inbound|

running status of an policy on a specified

outbound ]

interface

 

Display the configuration information and

display qos cbq interface type umber

running status of class-basedqueue on a

specified interface

 

Enable the debugging of a CBQ

debugging qos cbq { af| be| ef| class} [ interfacetype

number ]

 

1.2.8 Typical CBQ Configuration Example

A typical CBQ configuration simultaneously transmits multiple service data on the serial interface and satisfies the demand in various service flows by CBQ.

The networking diagram is shown below, wherein the bandwidth of serial0 is 64K, PC1 sends service flow 1 to PC3, PC2 sends a service flow 2 to PC4, and there is also a voice service flow.

14

3Com Router Configuration Guide Addendum for V1.20

In terms of service, service flow 1 must occupy a bandwidth of 10K, service flow 2 must occupy a bandwidth of 20K, under the premise of ensuring voice service.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1.1.1.1/24

 

 

 

 

1.1.4.1/24

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

PC1

 

 

 

 

 

 

 

 

PC3

 

 

 

 

 

 

 

 

E0

s0

E0 1.1.4.2/24

 

 

 

 

 

 

 

 

 

 

 

E1

 

1.1.1.2/24

1.1.6.2/24

 

E1: 10.1.4.2/24

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

10.1.1.2/24

 

 

 

 

 

 

 

 

 

 

 

 

 

10.1.1.1/24

 

 

s0 1.1.6.1

 

10.1.4.1/24

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

PC4

 

 

 

 

 

 

 

 

Router B

 

 

 

 

PC2

 

Router A

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Tel ephone

Tel ephone

 

Figure 1-2 Networking diagram of CBQ configuration

Note:

This example only illustrates configurations corresponding to CBQ. The configurations of various services and routes should be performed by the user independently. This example only configures CBQ on Router A. Router B can be configured similarly.

Configure Router A:

1 Configure ACL rule.

[RouterA] acl 101

[RouterA-acl-101] rule normal permit ip source 1.1.0.0 0.0.255.255 destination

any

[RouterA] acl 102

[RouterA-acl-102] rule normal permit ip source 10.1.0.0 0.0.255.255 destination

any

2 Configure class 1:

[RouterA] qos classlogic-and1

[RouterA-qosclass-1]if-match acl 101

[RouterA-qosclass-1]quit

3 Configure class 2:

[RouterA] qos classlogic-and2

[RouterA-qosclass-2]if-match acl 102

[RouterA-qosclass-2]quit

4 Configure priority class:

[RouterA] qos classlogic-andvoip

15

3Com Router Configuration Guide Addendum for V1.20

[RouterA-qosclass-voip] if-matchrtpstart-port16384end-port32767

[RouterA-qosclass-voip]quit

5 Configure CBQ policy:

[RouterA] qos policy 1

6 Configure the bandwidth of service 1 to be 10K:

[RouterA-qospolicy-1]qos-class 1

[RouterA-qospolicy-c-11]af bandwidth 10

[RouterA-qospolicy-c-11]quit

7 Configure the bandwidth of service 2 to be 20K:

[RouterA-qospolicy-1]qos-class 2

[RouterA-qospolicy-c-12]af bandwidth 20

[RouterA-qospolicy-c-12]quit

8 Configure the voice service to be priority service:

[RouterA-qospolicy-1]qos-class voip

[RouterA-qospolicy-c-1voip]ef bandwidth 10 cbs 1500

[RouterA-qospolicy-c-1voip]quit

9 Apply CBQ policy 1 to Serial0:

[RouterA] interface serial 0

[RouterA-Serial0] qos apply policy outbound 1

10 Remove fast-forwardingon the interface. (The interface does not support CBQ in the case offast-forwarding.)

[RouterA-Serial0]undo ipfast-forwarding

16

3Com Router Configuration Guide Addendum for V1.20

Chapter 2 Configuring TACACS+

TACACS+ is facilitated with AAA to control PPP, VPDN, and login access to routers. CISCO ACS is the only application software that is supported.

Compared to RADIUS, TACACS+ features more reliable transmission and encryption, and is more suitable for security control. The following table lists the primary differences between TACACS+ and RADIUS protocols.

Table 2-1 Comparison between the TACACS+ protocol and the RADIUS protocol

TACACS+ protocol

RADIUS protocol

 

 

Adopts TCP and hence can provide more reliable network

Adopts UDP.

transmission.

 

Encrypts the entire main body of the packets except for

Encrypts only the password field in the

the standard TACACS+ header.

authentication packets.

Supports separate authentication and authorization. For

 

example, you can use RADIUS for authentication but

 

TACACS+ for authorization.

Processes authentication and authorization

If RADIUS is used for authentication before authorizing

together.

with TACACS+, RADIUS is responsible for confirming

 

whether a user can be accepted, and TACACS+ is

 

responsible for the authorization.

 

Is well suited to security control.

Is well suited to accounting.

Supports authorization before the configuration commands

Does not support authorization before

on the Router can be used.

configuration.

In a typical TACACS+ application, a dial-upor terminal user needs to log in the router for operations. Working as the TACACS+ client in this case, the router sends the user name and password to the TACACS+ server for authentication. After passing the authentication and getting the authorization, the user can log in to the router to perform operations, as shown in the following figure.

 

Terminal user

 

 

 

HWTACACS server

 

 

129.7.66.66

 

ISDN\PSTN

 

 

Router

 

Dial-upuser

HWTACACS client

HWTACACS server

 

 

 

 

129.7.66.67

Figure 2-2 Networking for a typical TACACS+ application

17