Extended Radius Attributes; Introduction To Hwtacacs - HP 4800G Series Configuration Manual

No.
44 Acct-Session-Id
The attribute types listed in

Extended RADIUS Attributes

The RADIUS protocol features excellent extensibility. Attribute 26 (Vender-Specific) defined by RFC
2865 allows a vender to define extended attributes to implement functions that the standard RADIUS
protocol does not provide.
A vendor can encapsulate multiple type-length-value (TLV) sub-attributes in RADIUS packets for
extension in applications. As shown in
26 consists of the following four parts:
Vendor-ID (four bytes): Indicates the ID of the vendor. Its most significant byte is 0 and the other
three bytes contain a code complying with RFC 1700.
Vendor-Type: Indicates the type of the sub-attribute.
Vendor-Length: Indicates the length of the sub-attribute.
Vendor-Data: Indicates the contents of the sub-attribute.
Figure 1-5 Segment of a RADIUS packet containing an extended attribute

Introduction to HWTACACS

HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol
based on TACACS (RFC 1492). Similar to RADIUS, it uses a client/server model for information
exchange between NAS and HWTACACS server.
HWTACACS is mainly used to provide AAA services for terminal users. In a typical HWTACACS
application, a terminal user needs to log into the device for operations, and HWTACACS authenticates,
authorizes and keeps accounting for the user. Working as the HWTACACS client, the device sends the
username and password to the HWTACACS sever for authentication. After passing authentication and
being authorized, the user can log into the device to perform operations.
Attribute
Table 1-2 are defined by RFC 2865, RFC 2866, RFC 2867, and RFC 2568.
Figure 1-5, a sub-attribute that can be encapsulated in Attribute
1-7
No.
91 Tunnel-Server-Auth-id
Attribute