1-8
Differences Between HWTACACS and RADIUS
HWTACACS and RADIUS have many common features, like implementing AAA, using a client/server
model, using shared keys for user information security and having good flexibility and extensibility.
Meanwhile, they also have differences, as listed in
Table 1-3.
Table 1-3 Primary differences between HWTACACS and RADIUS
HWTACACS RADIUS
Uses TCP, providing more reliable network
transmission.
Uses UDP, providing higher transport efficiency.
Encrypts the entire packet except for the
HWTACACS header.
Encrypts only the user password field in an
authentication packet.
Protocol packets are complicated and
authorization is independent of authentication.
Authentication and authorization can be
deployed on different HWTACACS servers.
Protocol packets are simple and authorization is
combined with authentication.
Supports authorized use of configuration
commands. For example, an authenticated login
user can be authorized to configure the device.
Does not support authorized use of
configuration commands.
Basic Message Exchange Process of HWTACACS
The following takes a Telnet user as an example to describe how HWTACACS performs user
authentication, authorization, and accounting.
Figure 1-6 illustrates the basic message exchange
process of HWTACACS.
To Next Page
Loading...
