Introduction to hwtacacs, What is hwtacacs – H3C Technologies H3C S3100 Series Switches User Manual
Page 412
1-7
depicts the format of attribute 26. The Vendor-ID field used to identify a vendor occupies four
bytes, where the first byte is 0, and the other three bytes are defined in RFC 1700. Here, the vendor can
encapsulate multiple customized sub-attributes (containing vendor-specific Type, Length and Value) to
implement a RADIUS extension.
Figure 1-5 Vendor-specific attribute format
Type
……
Length
0
7
Vendor-ID
7
15
31
Vendor-ID
Type (specified)
Length (specified)
Specified attribute value……
Introduction to HWTACACS
What is HWTACACS
Huawei Terminal Access Controller Access Control System (HWTACACS) is an enhanced security
protocol based on TACACS (RFC 1492). Similar to the RADIUS protocol, it implements AAA for
different types of users (such as PPP, VPDN, and terminal users) through communicating with TACACS
server in client-server mode.
Compared with RADIUS, HWTACACS provides more reliable transmission and encryption, and
therefore is more suitable for security control.
lists the primary differences between
HWTACACS and RADIUS.
Table 1-3 Differences between HWTACACS and RADIUS
HWTACACS
RADIUS
Adopts TCP, providing more reliable network transmission.
Adopts UDP.
Encrypts the entire message except the HWTACACS
header.
Encrypts only the password field in
authentication message.
Separates authentication from authorization. For example,
you can use one TACACS server for authentication and
another TACACS server for authorization.
Combines authentication and
authorization.
Is more suitable for security control.
Is more suitable for accounting.
Supports configuration command authorization.
Does not support.
In a typical HWTACACS application (as shown in
), a terminal user needs to log into the
switch to perform some operations. As an HWTACACS client, the switch sends the username and
password to the TACACS server for authentication. After passing authentication and being authorized,
the user successfully logs into the switch to perform operations.