3Com Switch 8800 Advanced Software V5 Configuration Guide
AAA, RADIUS and HWTACACS Configuration Overview 885
The RADIUS protocol features excellent extensibility. Attribute 26 (Vender-Specific)
allows a vender to define extended attributes to implement functions that the
standard RADIUS protocol does not provide.
Figure 259 illustrates a segment of a
RADIUS packet containing an extended attribute.
Figure 259 Segment of a RADIUS packet containing an extended attribute
Introduction to
HWTACACS
What is HWTACACS
3Com terminal access controller access control system (HWTACACS) is an
enhanced security protocol based on TACACS (RFC 1492). Similar to RADIUS, it
uses the server/client model to implement AAA for the accessing of different types
of users, such as point-to-point protocol (PPP), virtual private dial-up network
(VPDN), and login users.
Compared with RADIUS, HWTACACS provides more reliable transmission and
encryption, and therefore is more suitable for security control.
Table 38 lists the
primary differences between HWTACACS and RADIUS.
18 Reply_Message 40-59 (reserved for
accounting)
19 Callback-Number 60 CHAP-Challenge
20 Callback-ID 61 NAS-Port-Type
21 (unassigned) 62 Port-Limit
22 Framed-Route 63 Login-LAT-Port
Table 37 RADIUS attributes
Type Attribute type Type Attribute type
Type
ĂĂ
Length
0
7
Vendor-ID
715 31
Vendor-ID Type (specified ) Length (specified)
Specified attribute valueĂĂ
Tab le 38 Primary differences between HWTACACS and RADIUS
HWTACACS RADIUS
Uses TCP, providing more reliable network transmission Uses UDP
Encrypts the entire packet except for the HWTACACS header Encrypts only the
password field in an
authentication
packet
Separates authentication from authorization. Authentication and
authorization can be deployed on different TACACS servers.
Performs
authentication and
authorization in
combination