EasyManuals Logo

H3C S3600 Series User Manual

H3C S3600 Series
966 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #484 background imageLoading...
Page #484 background image
Operation Manual – AAA-RADIUS-HWTACACS-EAD
H3C S3600 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-8
Table 1-3 Differences between HWTACACS and RADIUS
HWTACACS RADIUS
Adopts TCP, providing more reliable
network transmission.
Adopts UDP.
Encrypts the entire message except the
HWTACACS header.
Encrypts only the password field in
authentication message.
Separates authentication from
authorization. For example, you can use
one TACACS server for authentication
and another TACACS server for
authorization.
Combines authentication and
authorization.
Is more suitable for security control. Is more suitable for accounting.
Supports configuration command
authorization.
Does not support.
In a typical HWTACACS application (as shown in Figure 1-5), a dial-up or terminal user
needs to log into the switch to perform some operations. As a HWTACACS client, the
switch sends the username and password to the TACACS server for authentication.
After passing authentication and being authorized, the user successfully logs into the
switch to perform operations.
TACACS server
129.7.66.66
TACACS server
129.7.66.67
ISDN / PSTN
Dial -up user
HWTACACS client
Terminal user
TACACS server
TACACS server
129..66.67
IS DN/ PSTN
Dial -up user
HWTACACS client
Terminal user
TACACS server
TACACS server
129.7.66.67
ISDN / PSTN
Dial -up user
HWTACACS client
Terminal user
TACACS server
TACACS server
IS DN/ PSTN
Dial -up user
HWTACACS client
Terminal user
TACACS server
129.7.66.66
TACACS server
129.7.66.67
ISDN / PSTN
Dial -up user
HWTACACS client
Terminal user
TACACS server
TACACS server
129..66.67
IS DN/ PSTN
Dial -up user
HWTACACS client
Terminal user
TACACS server
TACACS server
129.7.66.67
ISDN / PSTN
Dial -up user
HWTACACS client
Terminal user
TACACS server
TACACS server
IS DN/ PSTN
Dial -up user
HWTACACS client
Terminal user
Figure 1-5 Network diagram for a typical HWTACACS application
II. Basic message exchange procedure in HWTACACS
The following text takes telnet user as an example to describe how HWTACACS
implements authentication, authorization, and accounting for a user.
Figure 1-6
illustrates the basic message exchange procedure:

Table of Contents

Other manuals for H3C S3600 Series

Preview: Command Manual
Command Manual1277 pages
Preview: Installation Manual
Installation Manual98 pages
Preview: Datasheet
Datasheet10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the H3C S3600 Series and is the answer not in the manual?

H3C S3600 Series Specifications

General IconGeneral
BrandH3C
ModelS3600 Series
CategorySwitch
LanguageEnglish

Related product manuals