beautypg.com

Hwtacacs, Overview, Introduction to hwtacacs – H3C Technologies H3C SecPath F1000-E User Manual

Page 430: Differences between hwtacacs and radius

background image

1

HWTACACS

Overview

Introduction to HWTACACS

HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol

based on TACACS (RFC 1492). Similar to RADIUS, it uses a client/server (C/S) model for information

exchange between network access server (NAS) and HWTACACS server.
HWTACACS is mainly used to provide AAA services for Point-to-Point Protocol (PPP) users, Virtual Private

Dial-up Network (VPDN) users, and terminal users. In a typical HWTACACS application, a terminal user

needs to log in to the device for operations, and HWTACACS authenticates, authorizes and keeps

accounting for the user. Working as the HWTACACS client, the device sends the username and
password to the HWTACACS sever for authentication. After passing authentication and being

authorized, the user can log in to the device to perform operations.

Differences Between HWTACACS and RADIUS

HWTACACS and RADIUS have many common features, like implementing AAA, using a client/server
model, using shared keys for user information security and having good flexibility and extensibility.

Meanwhile, they also have differences, as listed in

Table 1

.

Table 1 Primary differences between HWTACACS and RADIUS

HWTACACS RADIUS

Uses TCP, providing more reliable network transmission.

Uses UDP, providing higher transport efficiency.

Encrypts the entire packet except for the HWTACACS

header.

Encrypts only the user password field in an

authentication packet.

Protocol packets are complicated and authorization is
independent of authentication. Authentication and
authorization can be deployed on different HWTACACS

servers. For example, you can configure two HWTACACS

servers, one for authentication, and the other for

authorization.

Protocol packets are simple and authorization is
combined with authentication.

Supports authorization of configuration commands. Which
commands a user can use depends on both the user level

and AAA authorization. A user can use only commands that
are not only of, or lower than, the user level but also

authorized by the HWTACACS server.

Does not support authorization of configuration
commands. Which commands a user can use

depends on the level of the user and a user can
use all the commands of, or lower than, the user

level.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: