Introduction To The Hwtacacs Protocol - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide

2.1.3 Introduction to the HWTACACS Protocol

I. What is HWTACACS
HWTACACS is an enhanced security protocol based on TACACS (RFC1492). Similar
to the RADIUS protocol, it implements AAA for different types of users (such as
PPP/VPDN/login users) through communications with TACACS servers in the
Server/Client model.
Compared with RADIUS, HWTACACS provides more reliable transmission and
encryption, and therefore is more suitable for security control. The following table lists
the primary differences between HWTACACS and RADIUS protocols.
Table 2-3 Comparison between HWTACACS and RADIUS
Adopts TCP, providing more reliable
network transmission.
Encrypts the entire packet except for the
standard HWTACACS header.
Separates
authorization. For example, you can
provide authentication and authorization
on different TACACS servers.
Suitable for security control.
Supports to authorize the use of
configuration commands.
In a typical HWTACACS application, a dial-up or terminal user needs to log onto the
router for operations. Working as the client of HWTACACS in this case, the router
sends the username and password to the TACACS server for authentication. After
passing authentication and being authorized, the user can log onto the router to
perform operations, as shown in the following figure.
Dial user
Figure 2-5 Network diagram for a typical HWTACACS application
HWTACACS
authentication
Terminal user
ISDN\
PSTN
HWTACACS
3Com Corporation
2-7
Chapter 2 AAA and RADIUS/HWTACACS Protocol
Adopts UDP.
Encrypts only the password field in
authentication packets.
from
Brings together
authorization.
Suitable for accounting.
Not supports.
TACACS server
129.7.66.66
client
TACACS server
129.7.66.67
Configuration
RADIUS
authentication and