Operation Manual – AAA & RADIUS & HWTACACS & EADH3C S7500 Series Ethernet SwitchesChapter 1 AAA & RADIUS & HWTACACSConfiguration1-8In the packet structure shown in Figure 1-4, the Vendor-ID field representing the codeof the vendor occupies four bytes. The most significant byte is 0, and the other threebytes are defined in RFC1700. Here, the vendor can encapsulate multiple customizedsub-attributes (Type, Length and Value) for extended RADIUS implementation.VType endor-IDLengthVendor-ID Type(specifiLength(specified)ed)Specified attribute value……VType endor-IDLengthVendor-ID Type(specifiLength(specified)ed)Specified attribute value……Figure 1-4 Part of the RADIUS packet containing extended attribute1.1.4 Introduction to HWTACACSI. What is HWTACACSHUAWEI Terminal Access Controller Access Control System (HWTACACS) is anenhanced security protocol based on TACACS (RFC1492). Similar to the RADIUSprotocol, it implements AAA for different types of users (such as PPP/VPDN login usersand terminal users) through communications with TACACS servers based on aclient/server model.Compared with RADIUS, HWTACACS provides more reliable transmission andencryption, and therefore is more suitable for security control. Table 1-3 lists theprimary differences between HWTACACS and RADIUS protocols.Table 1-3 Comparison between HWTACACS and RADIUSHWTACACS RADIUSAdopts TCP, providing more reliable networktransmission. Adopts UDP.Encrypts the entire packet except the HWTACACSheader.Encrypts only the passwordfield in authenticationpackets.Separates authentication from authorization. Forexample, you can provide authentication andauthorization through different TACACS servers.Combines authenticationand authorization.Suitable for security control. Suitable for accounting.Supports to authorize the use of configurationcommands. Provides no such support