4 introduction to hwtacacs, I. what is hwtacacs, 4 introduction to hwtacacs -7 – H3C Technologies H3C S3100 Series Switches User Manual
Page 306
Operation Manual – AAA – RADIUS – HWTACACS
H3C S3100-52P Ethernet Switch
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-7
Type field
Type field
Attribute type
Attribute type
value
value
15 Login-Service
37 Framed-AppleTalk-Link
16 Login-TCP-Port
38 Framed-AppleTalk-Network
17 (unassigned)
39 Framed-AppleTalk-Zone
18 Reply-Message
40-59
(reserved
for
accounting)
19 Callback-Number
60 CHAP-Challenge
20 Callback-ID
61 NAS-Port-Type
21 (unassigned)
62 Port-Limit
22 Framed-Route
63 Login-LAT-Port
The RADIUS protocol has good scalability. Attribute 26 (Vender-Specific) defined in this
protocol allows a device vendor to extend RADIUS to implement functions that are not
defined in standard RADIUS.
Figure 1-4 depicts the format of attribute 26. The Vendor-ID field used to identify a
vendor occupies four bytes, where the first byte is 0, and the other three bytes are
defined in RFC 1700. Here, the vendor can encapsulate multiple customized
sub-attributes (containing vendor-specific Type, Length and Value) to implement a
RADIUS extension.
Ve
Type
ndor-ID
Length
Vendor-ID
Type
(specified
Length
(specified)
)
Specified attribute value……
Ve
Type
ndor-ID
Length
Vendor-ID
Vendor-Type Vendor-Length
Vendor-Value …
Ve
Type
ndor-ID
Length
Vendor-ID
Type
(specified
Length
(specified)
)
Specified attribute value……
Ve
Type
ndor-ID
Length
Vendor-ID
Vendor-Type Vendor-Length
Vendor-Value …
Figure 1-4
Vendor-specific attribute format
1.1.4 Introduction to HWTACACS
I. What is HWTACACS
HWTACACS (Huawei terminal access controller access control system) is an
enhanced security protocol based on TACACS (RFC 1492). Similar to the RADIUS
protocol, it implements AAA for different types of users (such as PPP, VPDN, and
terminal users) through communicating with TACACS server in client-server mode.