Operation Manual – AAAH3C S3100 Series Ethernet Switches Chapter 1 AAA Overview1-81.2.2 Introduction to HWTACACSI. What is HWTACACSHuawei Terminal Access Controller Access Control System (HWTACACS) is anenhanced security protocol based on TACACS (RFC 1492). Similar to the RADIUSprotocol, it implements AAA for different types of users (such as PPP, VPDN, andterminal users) through communicating with TACACS server in client-server mode.Compared with RADIUS, HWTACACS provides more reliable transmission andencryption, and therefore is more suitable for security control. Table 1-3 lists theprimary differences between HWTACACS and RADIUS.Table 1-3 Differences between HWTACACS and RADIUSHWTACACS RADIUSAdopts TCP, providing more reliable networktransmission. Adopts UDP.Encrypts the entire message except theHWTACACS header.Encrypts only the password field inauthentication message.Separates authentication from authorization.For example, you can use one TACACSserver for authentication and anotherTACACS server for authorization.Combines authentication andauthorization.Is more suitable for security control. Is more suitable for accounting.Supports configuration commandauthorization. Does not support.In a typical HWTACACS application (as shown in Figure 1-5), a terminal user needs tolog into the switch to perform some operations. As a HWTACACS client, the switchsends the username and password to the TACACS server for authentication. Afterpassing authentication and being authorized, the user successfully logs into the switchto perform operations.Host HWTACACS clientHWTACACS serverHWTACACS serverFigure 1-5 Network diagram for a typical HWTACACS application