Table of Contents
Advertisement
Table 1-3 Differences between HWTACACS and RADIUS
Adopts TCP, providing more reliable network
transmission.
Encrypts the entire message except the HWTACACS
header.
Separates authentication from authorization. For
example, you can use one TACACS server for
authentication and another TACACS server for
authorization.
Is more suitable for security control.
Supports configuration command authorization.
In a typical HWTACACS application (as shown in 0), a terminal user needs to log into the switch to
perform some operations. As a HWTACACS client, the switch sends the username and password to the
TACACS server for authentication. After passing authentication and being authorized, the user
successfully logs into the switch to perform operations.
Figure 1-5 Network diagram for a typical HWTACACS application
HWTACACS client
Host
Basic message exchange procedure in HWTACACS
The following text takes telnet user as an example to describe how HWTACACS implements
authentication, authorization, and accounting for a user.
exchange procedure:
HWTACACS
HWTACACS server
HWTACACS server
Adopts UDP.
Encrypts only the password field in
authentication message.
Combines authentication and
authorization.
Is more suitable for accounting.
Does not support.
Figure 1-6
1-7
RADIUS
illustrates the basic message
- Quick Links:
- Cli Configuration
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
