1-8Differences Between HWTACACS and RADIUSHWTACACS and RADIUS have many common features, like implementing AAA, using a client/servermodel, using shared keys for user information security and having good flexibility and extensibility.Meanwhile, they also have differences, as listed in Table 1-3.Table 1-3 Primary differences between HWTACACS and RADIUSHWTACACS RADIUSUses TCP, providing more reliable networktransmission. Uses UDP, providing higher transport efficiency.Encrypts the entire packet except for theHWTACACS header.Encrypts only the user password field in anauthentication packet.Protocol packets are complicated andauthorization is independent of authentication.Authentication and authorization can bedeployed on different HWTACACS servers.Protocol packets are simple and authorization iscombined with authentication.Supports authorized use of configurationcommands. For example, an authenticated loginuser can be authorized to configure the device.Does not support authorized use ofconfiguration commands.Basic Message Exchange Process of HWTACACSThe following takes a Telnet user as an example to describe how HWTACACS performs userauthentication, authorization, and accounting. Figure 1-6 illustrates the basic message exchangeprocess of HWTACACS.
