Hwtacacs - HPE FlexFabric 7900 Series Security Configuration Manual

No.
33
34
35
36
37
38
39
40
41
42
43
44
Extended RADIUS attributes
The RADIUS protocol features excellent extensibility. The Vendor-Specific attribute (attribute 26)
allows a vendor to define extended attributes. The extended attributes implement functions that the
standard RADIUS protocol does not provide.
A vendor can encapsulate multiple subattributes in the TLV format in attribute 26 to provide extended
functions. As shown in
parts:
•
Vendor-ID—ID of the vendor. The most significant byte is 0. The other three bytes contains a
code compliant to RFC 1700.
•
Vendor-Type—Type of the subattribute.
•
Vendor-Length—Length of the subattribute.
•
Vendor-Data—Contents of the subattribute.
For more information about the proprietary RADIUS subattributes of HPE, see
RADIUS subattributes."
Figure 5 Format of attribute 26

HWTACACS

HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security
protocol based on TACACS (RFC 1492). HWTACACS is similar to RADIUS, and uses a client/server
model for information exchange between the NAS and the HWTACACS server.
Attribute
Proxy-State
Login-LAT-Service
Login-LAT-Node
Login-LAT-Group
Framed-AppleTalk-Link
Framed-AppleTalk-Network
Framed-AppleTalk-Zone
Acct-Status-Type
Acct-Delay-Time
Acct-Input-Octets
Acct-Output-Octets
Acct-Session-Id
Figure 5, a subattribute encapsulated in attribute 26 consists of the following
No. Attribute
80 Message-Authenticator
81 Tunnel-Private-Group-id
82 Tunnel-Assignment-id
83 Tunnel-Preference
84 ARAP-Challenge-Response
85 Acct-Interim-Interval
86 Acct-Tunnel-Packets-Lost
87 NAS-Port-Id
88 Framed-Pool
89 (unassigned)
90 Tunnel-Client-Auth-id
91 Tunnel-Server-Auth-id
6
"HPE proprietary