System DescriptionH3C S3600 Series Ethernet Switches Chapter 3 Software Features3-17II. RADIUSRADIUS is a distributed system in the client/server model. It can fend off invalid usersand is often used in a network environment where both high security and remote useraccess are desired. For example, it can be used to manage the access based on802.1x.RADIUS is based on the client/server model where user authentication always involvesa device that can provide the proxy function, such as NAS. Between the RADIUS clientand server, the exchanged messages are authenticated using a shared key and userpasswords are sent encrypted over the network. The security is thus ensured.III. HWTACACSHuawei terminal access controller access control system (HWTACACS) is anenhanced security protocol based on TACACS (RFC 1492). Similar to the RADIUSprotocol, HWTACACS adopts the server-client mode to implement authentication,authorization and accounting (AAA) of different access users, including PPP users,VPDN users and login users. (PPP: point to point protocol; VPDN: virtual private datanetwork)Compared with RADIUS, HWTACACS is more reliable in transmission and encryption,and so is more suitable for security control.3.9.12 MAC-IP-Port BindingAfter MAC-IP-port binding is enabled on a port, the port can pass IP and ARP packetsfor only those hosts whose IP and MAC addresses have been bound to the port. Thebinding configuration on the port neither affects the passing of other types of packets onthe port, nor affects the other ports on the switch.3.10 Reliability3.10.1 VRRP Note:A VRRP-enabled Ethernet switch can function as a router. The routers mentioned inthis manual refer to common routers and VRRP-enabled Layer 3 switches.