Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S5600 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
Huawei Technologies Proprietary
1-8
1.1.4 Introduction to HWTACACS
I. What is HWTACACS
HUAWEI Terminal Access Controller Access Control System (HWTACACS) is an
enhanced security protocol based on TACACS (RFC1492). Similar to the RADIUS
protocol, it implements AAA for different types of users (such as PPP/VPDN login users
and terminal users) through communications with TACACS servers in the Client-Server
mode.
Compared with RADIUS, HWTACACS provides more reliable transmission and
encryption, and therefore is more suitable for security control.
Table 1-3 lists the
primary differences between HWTACACS and RADIUS protocols.
Table 1-3 Comparison between HWTACACS and RADIUS
HWTACACS RADIUS
Adopts TCP, providing more reliable
network transmission.
Adopts UDP.
Encrypts the entire packet except the
HWTACACS header.
Encrypts only the password field in
authentication packets.
Separates authentication from
authorization. For example, you can
provide authentication and authorization
on different TACACS servers.
Brings together authentication and
authorization.
Suitable for security control. Suitable for accounting.
Supports to authorize the use of
configuration commands.
Not support.
In a typical HWTACACS application, a dial-up or terminal user needs to log in to the
device for operations. As the client of HWTACACS in this case, the switch sends the
username and password to the TACACS server for authentication. After passing
authentication and being authorized, the user can log in to the switch to perform
operations, as shown in
Figure 1-5.
To Next Page
Loading...
Need help?
General