Hwtacacs, Differences between hwtacacs and radius, Figure 133 – H3C Technologies H3C SecPath F1000-E User Manual
Page 165
155
•
Vendor-ID—Indicates the ID of the vendor. Its most significant byte is 0, and the other three bytes
contains a code that is compliant to RFC 1700. The vendor ID of H3C is 2011. For more information
about the proprietary RADIUS sub-attributes of H3C, see "
Proprietary RADIUS sub-attributes of
•
Vendor-Type—Indicates the type of the sub-attribute.
•
Vendor-Length—Indicates the length of the sub-attribute.
•
Vendor-Data—Indicates the contents of the sub-attribute.
Figure 133 Segment of a RADIUS packet containing an extended attribute
HWTACACS
HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol
based on TACACS (RFC 1492). Similar to RADIUS, it uses a client/server model for information
exchange between the NAS and the HWTACACS server.
HWTACACS typically provides AAA services for Point-to-Point Protocol (PPP) users, Virtual Private Dial-up
Network (VPDN) users, and terminal users. In a typical HWTACACS scenario, some terminal users log
in to the NAS for operations. Working as the HWTACACS client, the NAS sends the usernames and
passwords of the users to the HWTACACS sever for authentication. After passing authentication and
being authorized, the users log in to the NAS and performs operations, and the HWTACACS server
records the operations that each user performs.
Differences between HWTACACS and RADIUS
HWTACACS and RADIUS both provide authentication, authorization, and accounting services. They
have many features in common, such as using a client/server model, using shared keys for user
information security, and providing flexibility and extensibility.
lists the differences.
Table 45 Primary differences between HWTACACS and RADIUS
HWTACACS RADIUS
Uses TCP, providing more reliable network
transmission.
Uses UDP, providing higher transport efficiency.
Encrypts the entire packet except for the HWTACACS
header.
Encrypts only the user password field in an
authentication packet.
Protocol packets are complicated and authorization is
independent of authentication. Authentication and
authorization can be deployed on different
HWTACACS servers.
Protocol packets are simple and the authorization
process is combined with the authentication process.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS