Hwtacacs - HPE Moonshot 45Gc Security Configuration Manual

No.
33
34
35
36
37
38
39
40
41
42
43
44
Extended RADIUS attributes
The RADIUS protocol features excellent extensibility. The Vendor-Specific attribute (attribute 26)
allows a vendor to define extended attributes. The extended attributes implement functions that the
standard RADIUS protocol does not provide.
A vendor can encapsulate multiple subattributes in the TLV format in attribute 26 to provide extended
functions. As shown in
parts:
•
Vendor-ID—ID of the vendor. The most significant byte is 0. The other three bytes contains a
code compliant to RFC 1700.
•
Vendor-Type—Type of the subattribute.
•
Vendor-Length—Length of the subattribute.
•
Vendor-Data—Contents of the subattribute.
The device supports the RADIUS subattributes with a vendor ID of 25506. For more information, see
"Proprietary RADIUS subattributes (vendor ID
Figure 5 Format of attribute 26

HWTACACS

HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security
protocol based on TACACS (RFC 1492). HWTACACS is similar to RADIUS, and uses a client/server
model for information exchange between the NAS and the HWTACACS server.
Attribute
Proxy-State
Login-LAT-Service
Login-LAT-Node
Login-LAT-Group
Framed-AppleTalk-Link
Framed-AppleTalk-Network
Framed-AppleTalk-Zone
Acct-Status-Type
Acct-Delay-Time
Acct-Input-Octets
Acct-Output-Octets
Acct-Session-Id
Figure 5, a subattribute encapsulated in attribute 26 consists of the following
No. Attribute
80 Message-Authenticator
81 Tunnel-Private-Group-id
82 Tunnel-Assignment-id
83 Tunnel-Preference
84 ARAP-Challenge-Response
85 Acct-Interim-Interval
86 Acct-Tunnel-Packets-Lost
87 NAS-Port-Id
88 Framed-Pool
89 (unassigned)
90 Tunnel-Client-Auth-id
91 Tunnel-Server-Auth-id
25506)."
6