1-8
1.2.2 Introduction to HWTACACS
I. What is HWTACACS
Huawei Terminal Access Controller Access Control System (HWTACACS) is an
enhanced security protocol based on TACACS (RFC 1492). Similar to the RADIUS
protocol, it implements AAA for different types of users (such as PPP, VPDN, and
terminal users) through communicating with TACACS server in client-server mode.
Compared with RADIUS, HWTACACS provides more reliable transmission and
encryption, and therefore is more suitable for security control.
Table 1-3 lists the
primary differences between HWTACACS and RADIUS.
Table 1-3 Differences between HWTACACS and RADIUS
HWTACACS RADIUS
Adopts TCP, providing more reliable network
transmission.
Adopts UDP.
Encrypts the entire message except the
HWTACACS header.
Encrypts only the password field in
authentication message.
Separates authentication from authorization.
For example, you can use one TACACS
server for authentication and another
TACACS server for authorization.
Combines authentication and
authorization.
Is more suitable for security control. Is more suitable for accounting.
Supports configuration command
authorization.
Does not support.
In a typical HWTACACS application (as shown in
Figure 1-5), a terminal user needs to
log into the switch to perform some operations. As a HWTACACS client, the switch
sends the username and password to the TACACS server for authentication. After
passing authentication and being authorized, the user successfully logs into the switch
to perform operations.
Host
HWTACACS client
HWTACACS server
HWTACACS server
Figure 1-5 Network diagram for a typical HWTACACS application
To Next Page
Loading...
Need help?
General