Manualshelf

R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
11121314151617181920
7
Figure 5 Format of attribute 26
HWTACACS
HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol
based on TACACS (RFC 1492). Similar to RADIUS, it uses a client/server model for information
exchange between the NAS and the HWTACACS server.
HWTACACS typically provides AAA services for PPP, VPDN, and terminal users. In a typical
HWTACACS scenario, some terminal users need to log in to the NAS for operations. Working as the
HWTACACS client, the NAS sends users' usernames and passwords to the HWTACACS sever for
authentication. After passing authentication and getting authorized rights, a user logs in to the device
and performs operations. The HWTACACS server records the operations that each user performs.
Differences between HWTACACS and RADIUS
HWTACACS and RADIUS have many features in common, such as using a client/server model, using
shared keys for data encryption, and providing flexibility and scalability. Table 3 lists the
ir primary
differences.
Table 3 Primary differences between HWTACACS and RADIUS
HWTACACS RADIUS
Uses TCP, providing more reliable network
transmission.
Uses UDP, providing higher transport efficiency.
Encrypts the entire packet except for the HWTACACS
header.
Encrypts only the user password field in an
authentication packet.
Protocol packets are complicated and authorization is
independent of authentication. Authentication and
authorization can be deployed on different
HWTACACS servers.
Protocol packets are simple and the authorization
process is combined with the authentication process.
Supports authorization of configuration commands.
Commands a user can use depend on both the user's
roles and authorization. A user can use only
commands that are permitted by the user roles and
authorized by the HWTACACS server.
Does not support authorization of configuration
commands. Commands a user can use solely depend
on the user's roles. For more information about user
roles, see the chapter on RBAC in Fundamentals
Configuration Guide.
Basic HWTACACS packet exchange process
Figure 6 describes how HWTACACS performs user authentication, authorization, and accounting for a
Telnet user.