Table of Contents
Advertisement
•
The Attributes field (variable in length) includes authentication, authorization, and accounting
information. This field can contain multiple attributes, each with the following subfields:
Type—Type of the attribute.
Length—Length of the attribute in bytes, including the Type, Length, and Value subfields.
Value—Value of the attribute. Its format and content depend on the Type subfield.
Extended RADIUS attributes
The RADIUS protocol features excellent extensibility. The Vendor-Specific attribute (attribute 26)
allows a vendor to define extended attributes. The extended attributes can implement functions that
the standard RADIUS protocol does not provide.
A vendor can encapsulate multiple subattributes in the TLV format in attribute 26 to provide extended
functions. As shown in
parts:
•
Vendor-ID—ID of the vendor. The most significant byte is 0. The other three bytes contains a
code compliant to RFC 1700.
•
Vendor-Type—Type of the subattribute.
•
Vendor-Length—Length of the subattribute.
•
Vendor-Data—Contents of the subattribute.
The device supports RADIUS subattributes with a vendor ID of 25506. For more information, see
"Appendix C RADIUS subattributes (vendor ID
Figure 5 Format of attribute 26
HWTACACS
HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security
protocol based on TACACS (RFC 1492). HWTACACS is similar to RADIUS, and uses a client/server
model for information exchange between the NAS and the HWTACACS server.
HWTACACS typically provides AAA services for PPP, VPDN, and terminal users. In a typical
HWTACACS scenario, terminal users need to log in to the NAS. Working as the HWTACACS client,
the NAS sends users' usernames and passwords to the HWTACACS server for authentication. After
passing authentication and obtaining authorized rights, a user logs in to the device and performs
operations. The HWTACACS server records the operations that each user performs.
Differences between HWTACACS and RADIUS
HWTACACS and RADIUS have many features in common, such as using a client/server model,
using shared keys for data encryption, and providing flexibility and scalability.
primary differences between HWTACACS and RADIUS.
Table 2 Primary differences between HWTACACS and RADIUS
HWTACACS
Uses TCP, which provides reliable network
transmission.
Figure
5, a subattribute encapsulated in attribute 26 consists of the following
5
25506)."
RADIUS
Uses UDP, which provides high transport efficiency.
Table 2
lists the
Advertisement
Table of Contents
Troubleshooting
