IAS Radius authentication

Unanswered Question
Jul 30th, 2010
User Badges:

Hi all,


I was configuring AAA radius authentication on a Cisco 1800 series  IOS router, which would authenticate against a Microsoft IAS service. Here is IOS config snippet:


aaa new-model
aaa authentication login MYMETHODS group radius local


radius-server host 172.16.1.15 auth-port 1645 acct-port 1646 key abcdefg


On IAS, it supports PAP, CHAP, MS-CHAP and  MS-CHAPII authentication methods. Whenever PAP was taken out of list of  authentication methods, any attempt to login to the router fails. Only  when PAP is enabled, the above configuration seems to work. Since PAP is  not secure, I am just wondering if we can force Cisco end to use CHAP  or other more secure methods for its radius authentication.


Thank you for assistance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

Related Content