3Com 7757 Configuration Manual page 513

customized sub-attributes (containing Type, Length and Value) to obtain extended
RADIUS implementation.
Figure 130 Part of the RADIUS packet containing extended attribute
0
Introduction to What is HWTACACS
HWTACACS
HW Terminal Access Controller Access Control System (HWTACACS) is an
enhanced security protocol based on TACACS (RFC1492). Similar to the RADIUS
protocol, it implements AAA for different types of users (such as PPP/VPDN login
users and terminal users) through communications with TACACS servers in the
Client-Server mode.
Compared with RADIUS, HWTACACS provides more reliable transmission and
encryption, and therefore is more suitable for security control. Table 397 lists the
primary differences between HWTACACS and RADIUS protocols.
Table 397 Comparison between HWTACACS and RADIUS
HWTACACS
Adopts TCP, providing more reliable network
transmission.
Encrypts the entire packet except the
HWTACACS header.
Separates authentication from authorization. For
example, you can provide authentication and
authorization on different TACACS servers.
Suitable for security control.
Supports to authorize the use of configuration
commands.
In a typical HWTACACS application, a dial-up or terminal user needs to log in to
the device for operations. As the client of HWTACACS in this case, the switch
sends the username and password to the TACACS server for authentication. After
passing authentication and being authorized, the user can log in to the switch to
perform operations, as shown in Figure 131.
7
Code Identifier
15
Authenticator
Attribute
RADIUS
Adopts UDP.
Encrypts only the password field in
authentication packets.
Brings together authentication and
authorization.
Suitable for accounting.
Not support.
Overview 513
3
7
Length