I have configured a Cisco 877 router to send RADIUS requests when a user logs in to the console (Line Console or Line VTY) using the following config:
aaa authentication login default group radius
aaa authentication ppp default group radius
radius-server host 10.0.0.1 auth-port 1812 acct-port 1812 key mysharedkey
When I log the RADIUS packets I see that the Cisco router is sending the initial AccessRequest using PAP.
How can I configure the router to send it's inial AccessRequest packet using CHAP?
Apologies if this has already been discussed, I have searched high and low for an answer.
Thanks in advance.
PPP connection do support CHAP as there is a configuration command to enable CHAP as the challenge-response protocol. However, Console, VTY and AUX connections will always go over PAP when using RADIUS authentication. There is no such command to enable CHAP for those type of connections.