Got it

Huawei Enterprise Support Community

Community Forums Routing & Switching

HWTacacs Definition and U...

HWTacacs Definition and Use

Created: Oct 21, 2021 07:18:21Latest reply: Nov 8, 2021 17:03:04 405 17 10 0 0

View the author ^1#

Hi community!

Today, Let's talk about the HWTACACS protocol. If you have any comments, please point them out in the comments section and I will revise the article.

What Is HWTACACS?

HWTACACS is an authentication protocol developed by Huawei. It is similar to RADIUS authentication. However, HWTACACS uses TCP transmission. Therefore, HWTACACS is more secure than RADIUS authentication. The HWTACACS protocol also uses the common client/server (C/S) architecture and uses TCP port 49. HWTACACS uses authentication, accounting, and authorization packets in the AAA protocol. The Huawei device functions as the authentication client and sends the user name and password to the server for authentication. After the user is authenticated and authorized, the user can log in to the device and perform operations. According to the document, the HWTACACS protocol is enhanced based on the TACACS (RFC 1492). So what is this enhancement? See the end.

Packet and Authentication Process

Authentication packets:

Authentication start packet: sent by the client to the server to initiate an authentication request.

Authentication response packets: sent by the server to the client to request the user name and password.

Authentication Continuity packet: sent by the client to the server to respond to the account and password requested by the server.

Authorization packet:

Authorization request packet: sent by the client to the server to request the authorization result of the server.

Authorization response packets: sent by the server to the client to obtain the request result of the client.

Accounting packets:

Accounting-Request packets: sent by the client to the server to request accounting start.

Accounting-response packets: sent by the server to the client for corresponding requests.

Authentication Process

HWTACACS VS Radius VS TACACS

Q: What is the enhanced function of the HWTACACS protocol?

A: Document description: "The main difference between the two protocols is that the meanings or types of attributes carried in authorization and accounting packets are different." I compared the packet structure and found that the packet structure was the same, but the interpretation of a certain packet field was different. For example, an authorization request packet is used as an example.

Arg_cnt

Tacacs: indicates the number of parameters.

HWtacacs: indicates the number of attributes carried in authorization request packets.

ArgN

Tacacs: parameter length.

HWtacacs: specifies the attributes of authorization request packets, including cmd and cmd-arg.

hwtacacs tacacs radius

x
convention：
Emotion(0)

Like (10) Dislike (0) Favorite(0) Report

 Previous: A History of the Internet Protocol IP

Next: Summary of Packet Capture Modes

(0) (0)

^2#

little_fish Admin Created Nov 2, 2021 04:27:09

Good case.

View more

x
convention：

(2) (0)

^3#

fuzi_yao Admin Created Nov 2, 2021 07:32:24

Hi guys,
If you have any good comments or suggestions, please leave a message or let me know.

@Unicef @Haseeb_Haris @wissal @zaheernew @sachandio @Vesper_EvenStar @Diego.Silva @Sara_Obaid @Vlada85 @Caroline_Herrera @Laiheang @AL_93 @Kevin_Thomas @Chanbora @user_4326135 @adrian_alucard @Saqib123 @Herediano @IndianKid @Sokrin @hemin88 @simchamnan @Zemo_Mccracken @user_4237671 @andersoncf1 @BAZ @kunthea @Rumana @Anno7 @Precious @Abdussamed @umaryaqub @MahMush @taha_29four @nochhie @chantha @Malik3000 @smileymind @Navin_kay @user_4358465 @Majdi.Chebil @AndresMoreno @shakeela @phuta @Ayeshaali @user_4001805 @VinceD @lucian2003

View more

x
convention：

zaheernew Created Nov 2, 2021 07:48:01 (0) (0)
Useful info

Rumana Created Nov 2, 2021 08:03:44 (0) (0)

umaryaqub Created Nov 2, 2021 08:53:37 (0) (0)

Unicef Created Nov 2, 2021 09:57:19 (0) (0)

andersoncf1 Created Nov 2, 2021 10:40:49 (0) (0)

(0) (0)

^4#

Majdi.Chebil

Author Created Nov 2, 2021 07:50:44

Well done!

View more

x
convention：

(0) (0)

^5#

Majdi.Chebil

Author Created Nov 2, 2021 07:50:58

Thanks for sharing!

View more

x
convention：

fuzi_yao Created Nov 2, 2021 08:04:17 (0) (0)

thanks

(0) (0)

^6#

taha_29four

Created Nov 2, 2021 08:58:15

Thanks for share.

View more

x
convention：

(0) (0)

^7#

Unicef

MVE Created Nov 2, 2021 09:57:35

Good work and useful post

View more

x
convention：

(0) (0)

^8#

IndianKid

Moderator Author Created Nov 2, 2021 10:04:43

very useful post, thanks for sharing

View more

x
convention：

(0) (0)

^9#

wissal

MVE Created Nov 2, 2021 10:42:00

Very important knowledge.

View more

x
convention：

(0) (0)

^10#

andersoncf1

MVE Author Created Nov 2, 2021 10:42:41

Good sharing

View more

x
convention：

Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:

Politically sensitive content
Content concerning pornography, gambling, and drug abuse
Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy

Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.

Please bind your phone number to obtain invitation bonus.