Browse Prior Art Database

A Method and Apparatus to Detect the Availability of TACACS Server

IP.com Disclosure Number: IPCOM000231000D
Publication Date: 2013-Sep-22
Document File: 7 page(s) / 117K

Publishing Venue

The IP.com Prior Art Database

Abstract

The invention can detect TACACS server's availability without actual user access, which can be very easy to locate and test the practical problems. To detect the availability of the TACACS server group, and display the test results: send time, response time, and attribute information, the user name and password used for dection should be configured. The TACACS server constructs authentication and accounting data structures (including detection callback function) in accordance with user information and the given server group information, then call the normal TACACS process flow. Time and content are displayed before calling this process flow, time and content are also displayed after receiving response package.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 32% of the total text.

Page 01 of 7

A Method and Apparatus to Detect the Availability of TACACS Server

Figure 1

As a broadband access server device, BRAS (Broadband Remote Access Server) is responsible for the management of access users.

Authentication and accounting for users are important functions of the BRAS equipment. Authentication and accounting BRAS

devices generally need to send relevant information to TACACS (Terminal Access Controller Access-Control System) server to achieve final authentication and accounting.

Communication between the BRAS and TACACS server is IP-based. The connectivity between the BRAS device and TACACS server can be detected by ping or trace, but if customers want to detect the availability and functionality of the TACACS server, a real user to access is needed. It's inconvenient to locate and test this practical problems.

As Figure 1 shows, users must be authenticated by TACACS server to access the WAN. To test the connection between BRAS and TACACS server, we can use"ping" or "trace". But the availability of authentication and accounting of TACACS server can not be test by "ping" or "trace". Then a new technology "TACACS Ping" is proposed, which can detect the availability of both

1


Page 02 of 7

authentication and accounting servers.

The purpose of the invention can detect TACACS server's availability without actual user access, which can be very easy to locate

and test the practical problems.

To detect the availability of the TACACS server group, and display the test results: send time, response time, and attribute information, the user name and password used for dection should be configured. The TACACS server constructs authentication and accounting data structures (including detection callback function) in accordance with user information and the given server group information, then call the normal TACACS process flow. Time and content are displayed before calling this process flow, time and content are also displayed after receiving response package.

TACACS protocol does not provide a special type for detection packet, we need to build a request packet as a detection packet to

use, in order to reuse the original process flow and show the test results as more details as possible.

In the request and response packet of TACACS waiting for the authentication and accounting , a flag should be set to distinguish the detection packet from common request packet.

So customers can do special operations for detection packet at every step. (Mainly when send and receive packets). The transmission policy can be configured in accordance with server group's configuration (e.g. timeout, max-retries).

Accounting server detection requires special procession, because there is a begining and ending for accounting packet, if only the transmission beginning packet without an ending packet, it will cause account hanged. So beginning packet and ending packet are necessary for detection, and also can't be cached.

The accounting end packet should be sent...