Hwtacacs - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
Figure 5 Segment of a RADIUS packet containing an extended attribute
HWTACACS
HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol
based on TACACS (RFC 1492). Similar to RADIUS, it uses a client/server model for information
exchange between the NAS and the HWTACACS server.
HWTACACS typically provides AAA services for Point-to-Point Protocol (PPP) users, Virtual Private Dial-up
Network (VPDN) users, and terminal users. In a typical HWTACACS scenario, some terminal users need
to log in to the NAS for operations. Working as the HWTACACS client, the NAS sends the usernames
and passwords of the users to the HWTACACS sever for authentication. After passing authentication and
being authorized, the users log in to the switch and performs operations, and the HWTACACS server
records the operations that each user performs.
Differences between HWTACACS and RADIUS
HWTACACS and RADIUS both provide authentication, authorization, and accounting services. They
have many features in common, such as using a client/server model, using shared keys for user
information security, and providing flexibility and extensibility.
Table 3 Primary differences between HWTACACS and RADIUS
HWTACACS
Uses TCP, providing more reliable network
transmission.
Encrypts the entire packet except for the HWTACACS
header.
Protocol packets are complicated and authorization is
independent of authentication. Authentication and
authorization can be deployed on different
HWTACACS servers.
Supports authorization of configuration commands.
Which commands a user can use depends on both the
user level and the AAA authorization. A user can use
only commands that are at, or lower than, the user
level and authorized by the HWTACACS server.
Basic HWTACACS message exchange process
The following takes a Telnet user as an example to describe how HWTACACS performs user
authentication, authorization, and accounting.
Table 3
RADIUS
Uses UDP, providing higher transport efficiency.
Encrypts only the user password field in an
authentication packet.
Protocol packets are simple and the authorization
process is combined with the authentication process.
Does not support authorization of configuration
commands. Which commands a user can use solely
depends on the level of the user. A user can use all the
commands at, or lower than, the user level.
7
lists their primary differences.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
