Hwtacacs, Differences between hwtacacs and radius, Figure 133 – H3C Technologies H3C SecPath F1000-E User Manual

Page 165

Advertising
background image

155

Vendor-ID—Indicates the ID of the vendor. Its most significant byte is 0, and the other three bytes

contains a code that is compliant to RFC 1700. The vendor ID of H3C is 2011. For more information
about the proprietary RADIUS sub-attributes of H3C, see "

Proprietary RADIUS sub-attributes of

H3C

."

Vendor-Type—Indicates the type of the sub-attribute.

Vendor-Length—Indicates the length of the sub-attribute.

Vendor-Data—Indicates the contents of the sub-attribute.

Figure 133 Segment of a RADIUS packet containing an extended attribute

HWTACACS

HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol

based on TACACS (RFC 1492). Similar to RADIUS, it uses a client/server model for information
exchange between the NAS and the HWTACACS server.
HWTACACS typically provides AAA services for Point-to-Point Protocol (PPP) users, Virtual Private Dial-up

Network (VPDN) users, and terminal users. In a typical HWTACACS scenario, some terminal users log

in to the NAS for operations. Working as the HWTACACS client, the NAS sends the usernames and
passwords of the users to the HWTACACS sever for authentication. After passing authentication and

being authorized, the users log in to the NAS and performs operations, and the HWTACACS server

records the operations that each user performs.

Differences between HWTACACS and RADIUS

HWTACACS and RADIUS both provide authentication, authorization, and accounting services. They
have many features in common, such as using a client/server model, using shared keys for user

information security, and providing flexibility and extensibility.

Table 45

lists the differences.

Table 45 Primary differences between HWTACACS and RADIUS

HWTACACS RADIUS

Uses TCP, providing more reliable network
transmission.

Uses UDP, providing higher transport efficiency.

Encrypts the entire packet except for the HWTACACS
header.

Encrypts only the user password field in an
authentication packet.

Protocol packets are complicated and authorization is
independent of authentication. Authentication and
authorization can be deployed on different

HWTACACS servers.

Protocol packets are simple and the authorization
process is combined with the authentication process.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals