Operation Manual – AAA-RADIUS-HWTACACS-EAD
H3C S3600 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-7
Type field Type field
Attribute type Attribute type
value value
15 Login-Service 37 Framed-AppleTalk-Link
16 Login-TCP-Port 38 Framed-AppleTalk-Network
17 (unassigned) 39 Framed-AppleTalk-Zone
18 Reply-Message 40-59 (reserved for accounting)
19 Callback-Number 60 CHAP-Challenge
20 Callback-ID 61 NAS-Port-Type
21 (unassigned) 62 Port-Limit
22 Framed-Route 63 Login-LAT-Port
The RADIUS protocol has good scalability. Attribute 26 (Vender-Specific) defined in this
protocol allows a device vendor to extend RADIUS to implement functions that are not
defined in standard RADIUS.
Figure 1-4 depicts the format of attribute 26. The Vendor-ID field used to identify a
vendor occupies four bytes, where the first byte is 0, and the other three bytes are
defined in RFC 1700. Here, the vendor can encapsulate multiple customized
sub-attributes (containing vendor-specific Type, Length and Value) to implement a
RADIUS extension.
Vendor-IDType Length
Vendor-ID
Length
(specified)
Type
(specified)
Specified attribute value……
Vendor-IDType Length
Vendor-ID
Vendor-Length
Vendor-Type
Vendor-Value …
Vendor-IDType Length
Vendor-ID
Length
(specified)
Type
(specified)
Specified attribute value……
Vendor-IDType Length
Vendor-ID
Vendor-Length
Vendor-Type
Vendor-Value …
Figure 1-4 Vendor-specific attribute format
1.1.4 Introduction to HWTACACS
I. What is HWTACACS
HWTACACS (Huawei terminal access controller access control system) is an
enhanced security protocol based on TACACS (RFC 1492). Similar to the RADIUS
protocol, it implements AAA for different types of users (such as PPP, VPDN, and
terminal users) through communicating with TACACS server in client-server mode.
Compared with RADIUS, HWTACACS provides more reliable transmission and
encryption, and therefore is more suitable for security control.
Table 1-3 lists the
primary differences between HWTACACS and RADIUS.
To Next Page
Loading...
Need help?
General