3Com Switch 7750 Configuration Guide
Overview 513
customized sub-attributes (containing Type, Length and Value) to obtain extended
RADIUS implementation.
Figure 130 Part of the RADIUS packet containing extended attribute
Introduction to
HWTACACS
What is HWTACACS
HW Terminal Access Controller Access Control System (HWTACACS) is an
enhanced security protocol based on TACACS (RFC1492). Similar to the RADIUS
protocol, it implements AAA for different types of users (such as PPP/VPDN login
users and terminal users) through communications with TACACS servers in the
Client-Server mode.
Compared with RADIUS, HWTACACS provides more reliable transmission and
encryption, and therefore is more suitable for security control. Table 397 lists the
primary differences between HWTACACS and RADIUS protocols.
In a typical HWTACACS application, a dial-up or terminal user needs to log in to
the device for operations. As the client of HWTACACS in this case, the switch
sends the username and password to the TACACS server for authentication. After
passing authentication and being authorized, the user can log in to the switch to
perform operations, as shown in Figure 131.
Code
Attribute
Identifier
0
7
Length
Authenticator
715 3
Table 397 Comparison between HWTACACS and RADIUS
HWTACACS RADIUS
Adopts TCP, providing more reliable network
transmission.
Adopts UDP.
Encrypts the entire packet except the
HWTACACS header.
Encrypts only the password field in
authentication packets.
Separates authentication from authorization. For
example, you can provide authentication and
authorization on different TACACS servers.
Brings together authentication and
authorization.
Suitable for security control. Suitable for accounting.
Supports to authorize the use of configuration
commands.
Not support.