3com S7906E 설치 설명서
1-8
z
Vendor-Length: Indicates the length of the sub-attribute.
z
Vendor-Data: Indicates the contents of the sub-attribute.
Figure 1-5 Segment of a RADIUS packet containing an extended attribute
Introduction to HWTACACS
HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol
based on TACACS (RFC 1492). Similar to RADIUS, it uses a client/server model for information
exchange between NAS and HWTACACS server.
HWTACACS is mainly used to provide AAA services for terminal users. In a typical HWTACACS
application, a terminal user needs to log into the device for operations, and HWTACACS authenticates,
authorizes and keeps accounting for the user. Working as the HWTACACS client, the device sends the
username and password to the HWTACACS sever for authentication. After passing authentication and
being authorized, the user can log into the device to perform operations.
Differences Between HWTACACS and RADIUS
HWTACACS and RADIUS have many common features, like implementing AAA, using a client/server
model, using shared keys for user information security and having good flexibility and extensibility.
Meanwhile, they also have differences, as listed in
Table 1-3 Primary differences between HWTACACS and RADIUS
HWTACACS
RADIUS
Uses TCP, providing more reliable network
transmission.
transmission.
Uses UDP, providing higher transport efficiency.
Encrypts the entire packet except for the
HWTACACS header.
HWTACACS header.
Encrypts only the user password field in an
authentication packet.
authentication packet.
Protocol packets are complicated and
authorization is independent of authentication.
Authentication and authorization can be
deployed on different HWTACACS servers.
authorization is independent of authentication.
Authentication and authorization can be
deployed on different HWTACACS servers.
Protocol packets are simple and authorization is
combined with authentication.
combined with authentication.
Supports authorization of configuration
commands. Which commands a user can use
depends on both the user level and AAA
authorization. A user can use only commands
that are not only of, or lower than, the user level
but also authorized by the HWTACACS server.
commands. Which commands a user can use
depends on both the user level and AAA
authorization. A user can use only commands
that are not only of, or lower than, the user level
but also authorized by the HWTACACS server.
Does not support authorization of configuration
commands. Which commands a user can use
depends on the level of the user and a user can
use all the commands of, or lower than, the user
level.
commands. Which commands a user can use
depends on the level of the user and a user can
use all the commands of, or lower than, the user
level.