HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 16
HWTACACS, Differences between HWTACACS and RADIUS, Basic HWTACACS packet exchange process,
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 16 highlights
Figure 5 Format of attribute 26 HWTACACS HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol based on TACACS (RFC 1492). Similar to RADIUS, it uses a client/server model for information exchange between the NAS and the HWTACACS server. HWTACACS typically provides AAA services for PPP, VPDN, and terminal users. In a typical HWTACACS scenario, some terminal users need to log in to the NAS for operations. Working as the HWTACACS client, the NAS sends users' usernames and passwords to the HWTACACS sever for authentication. After passing authentication and getting authorized rights, a user logs in to the device and performs operations. The HWTACACS server records the operations that each user performs. Differences between HWTACACS and RADIUS HWTACACS and RADIUS have many features in common, such as using a client/server model, using shared keys for data encryption, and providing flexibility and scalability. Table 3 lists their primary differences. Table 3 Primary differences between HWTACACS and RADIUS HWTACACS RADIUS Uses TCP, providing more reliable network transmission. Uses UDP, providing higher transport efficiency. Encrypts the entire packet except for the HWTACACS Encrypts only the user password field in an header. authentication packet. Protocol packets are complicated and authorization is independent of authentication. Authentication and authorization can be deployed on different HWTACACS servers. Protocol packets are simple and the authorization process is combined with the authentication process. Supports authorization of configuration commands. Commands a user can use depend on both the user's roles and authorization. A user can use only commands that are permitted by the user roles and authorized by the HWTACACS server. Does not support authorization of configuration commands. Commands a user can use solely depend on the user's roles. For more information about user roles, see Fundamentals Configuration Guide. Basic HWTACACS packet exchange process Figure 6 describes how HWTACACS performs user authentication, authorization, and accounting for a Telnet user. 7