Chapter 2 Configuring
is facilitated with AAA to control PPP, VPDN, and login access to routers.
CISCO ACS is the only application software that is supported.
Compared to RADIUS, features more reliable transmission and encryption,
and is more suitable for security control. The following table lists the primary
differences between and RADIUS protocols.
Table 2-1 Comparison between the protocol and the RADIUS protocol
protocol
RADIUS protocol
Adopts TCP and hence can provide more reliable network
transmission.
Adopts UDP.
Encrypts the entire main body of the packets except for
the standard header.
Encrypts only the password field in the
authentication packets.
Supports separate authentication and authorization. For
example, you can use RADIUS for authentication but
for authorization.
If RADIUS is used for authentication before authorizing
with , RADIUS is responsible for confirming
whether a user can be accepted, and is
responsible for the authorization.
Processes authentication and authorization
together.
Is well suited to security control.
Is well suited to accounting.
Supports authorization before the configuration commands
on the Router can be used.
Does not support authorization before
configuration.
In a typical application, a dial-up or terminal user needs to log in the router
for operations. Working as the client in this case, the router sends the user
name and password to the server for authentication. After passing the
authentication and getting the authorization, the user can log in to the router to
perform operations, as shown in the following figure.
Router
HWTACACS server
129.7.66.66
HWTACACS server
129.7.66.67
ISDN\PSTN
Dial-up
Terminal
HWTACACS client
Router
HWTACACS server
129.7.66.66
HWTACACS server
129.7.66.67
ISDN\PSTN
Dial-up user
Terminal user
HWTACACS client
Router
HWTACACS server
129.7.66.66
HWTACACS server
129.7.66.67
ISDN\PSTN
Dial-up
Terminal
HWTACACS client
Router
HWTACACS server
129.7.66.66
HWTACACS server
129.7.66.67
ISDN\PSTN
Dial-up
Terminal
HWTACACS client
Router
HWTACACS server
129.7.66.66
HWTACACS server
129.7.66.67
ISDN\PSTN
Dial-up user
Terminal user
HWTACACS client
Figure 2-2 Networking for a typical application
3Com Router Configuration Guide Addendum for V1.20
17