H3C LS-3100-52P-OVS-H3 Operation Manual - page 1311
1-8
Table 1-3 Primary differences between HWTACACS and RADIUS
HWTACACS
RADIUS
Uses TCP, providing more reliable network
transmission.
Uses UDP, providing higher transport efficiency.
Encrypts the entire packet except for the
HWTACACS header.
Encrypts only the user password field in an
authentication packet.
Protocol packets are complicated and
authorization is independent of authentication.
Authentication and authorization can be
deployed on different HWTACACS servers.
Protocol packets are simple and authorization is
combined with authentication.
Supports authorized use of configuration
commands. For example, an authenticated login
user can be authorized to configure the device.
Does not support authorized use of configuration
commands.
Basic Message Exchange Process of HWTACACS
The following takes a Telnet user as an example to describe how HWTACACS performs user
authentication, authorization, and accounting.
Figure 1-6
illustrates the basic message exchange
process of HWTACACS.