Introduction To Hwtacacs - H3C S3100-52P Operation Manual

Operation Manual – AAA
H3C S3100-52P Ethernet switch
0
Type
Figure 1-4 Vendor-specific attribute format

1.2.2 Introduction to HWTACACS

I. What is HWTACACS
Huawei Terminal Access Controller Access Control System (HWTACACS) is an
enhanced security protocol based on TACACS (RFC 1492). Similar to the RADIUS
protocol, it implements AAA for different types of users (such as PPP, VPDN, and
terminal users) through communicating with TACACS server in client-server mode.
Compared with RADIUS, HWTACACS provides more reliable transmission and
encryption, and therefore is more suitable for security control.
primary differences between HWTACACS and RADIUS.
Table 1-3 Differences between HWTACACS and RADIUS
Adopts TCP, providing more reliable network
transmission.
Encrypts the entire message except the
HWTACACS header.
Separates authentication from authorization.
For example, you can use one TACACS
server for authentication and another
TACACS server for authorization.
Is more suitable for security control.
Supports configuration command
authorization.
In a typical HWTACACS application (as shown in
log into the switch to perform some operations. As a HWTACACS client, the switch
sends the username and password to the TACACS server for authentication. After
passing authentication and being authorized, the user successfully logs into the switch
to perform operations.
7 15
Length
Vendor-ID
Specified attribute value......
......
HWTACACS
1-8
7
Vendor-ID
Type (specified) Length (specified)
RADIUS
Adopts UDP.
Encrypts only the password field in
authentication message.
Combines authentication and
authorization.
Is more suitable for accounting.
Does not support.
Figure 1-5), a terminal user needs to
Chapter 1 AAA Overview
31
Table 1-3 lists the