Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

IAS Radius authentication

Hi all,

I was configuring AAA radius authentication on a Cisco 1800 series  IOS router, which would authenticate against a Microsoft IAS service. Here is IOS config snippet:

aaa new-model
aaa authentication login MYMETHODS group radius local

radius-server host auth-port 1645 acct-port 1646 key abcdefg

On IAS, it supports PAP, CHAP, MS-CHAP and  MS-CHAPII authentication methods. Whenever PAP was taken out of list of  authentication methods, any attempt to login to the router fails. Only  when PAP is enabled, the above configuration seems to work. Since PAP is  not secure, I am just wondering if we can force Cisco end to use CHAP  or other more secure methods for its radius authentication.

Thank you for assistance.

Everyone's tags (4)
CreatePlease to create content