I was configuring AAA radius authentication on a Cisco 1800 series IOS router, which would authenticate against a Microsoft IAS service. Here is IOS config snippet:
aaa authentication login MYMETHODS group radius local
radius-server host 172.16.1.15 auth-port 1645 acct-port 1646 key abcdefg
On IAS, it supports PAP, CHAP, MS-CHAP and MS-CHAPII authentication methods. Whenever PAP was taken out of list of authentication methods, any attempt to login to the router fails. Only when PAP is enabled, the above configuration seems to work. Since PAP is not secure, I am just wondering if we can force Cisco end to use CHAP or other more secure methods for its radius authentication.
Thank you for assistance.