https://community.cisco.com/t5/network-access-control/authentication-between-the-acs-and-ad/m-p/1588215#M305860 <HTML><HEAD></HEAD><BODY><P>Thank you Jatin.... <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Mon, 31 Jan 2011 13:06:17 GMT sidcracker 2011-01-31T13:06:17Z https://community.cisco.com/t5/network-access-control/authentication-between-the-acs-and-ad/m-p/1588213#M305832 <P>Hello,</P><P></P><P>I would like to know the kind of authentication mechanism ACS 5.1 uses to talk with the Active Directory. Does it use MSCHAP or MSCHAPv2 or just plain PAP. By default it uses PAP to speak between the Cisco IOS and the ACS on the 5.1.</P><P></P><P>If you llook at the default device admin tab and click on allowed protocols ---&gt; it mentions PAP.</P><P></P><P>DOes it use a secure means of transport between the ACS and AD. Idf so can anyone tell the authentication mechanism?</P><P></P><P></P><P>Thanks</P> Mon, 11 Mar 2019 00:46:35 GMT https://community.cisco.com/t5/network-access-control/authentication-between-the-acs-and-ad/m-p/1588213#M305832 sidcracker 2019-03-11T00:46:35Z https://community.cisco.com/t5/network-access-control/authentication-between-the-acs-and-ad/m-p/1588214#M305843 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #800000;">Any administration session like telnet, ssh and console they always use PAP as an authentication method.</SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">Though pap communication can be captured and read as it happens in clear text. However, since we have tacacs in use, it always encrypt the whole packet with shared secret defined on the IOS and ACS/TACACS so if you capture the traffic between the tacacs and device you won't be able to decrypt it without the key. </SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">In case you have radius then use SSH (Putty) so that it can help you for secure communication.</SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">ACS and AD do support CHAP, MSCHAPv1 and MSCHAPv2 and PAP.</SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">However, these administration doesn't work on other authentication method except PAP.</SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">HTH</SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">Regds,</SPAN></P><P><SPAN style="color: #800000;">Jatin</SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">Do rate helpful posts~</SPAN></P></BODY></HTML> Mon, 31 Jan 2011 13:01:00 GMT https://community.cisco.com/t5/network-access-control/authentication-between-the-acs-and-ad/m-p/1588214#M305843 Jatin Katyal 2011-01-31T13:01:00Z https://community.cisco.com/t5/network-access-control/authentication-between-the-acs-and-ad/m-p/1588215#M305860 <HTML><HEAD></HEAD><BODY><P>Thank you Jatin.... <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Mon, 31 Jan 2011 13:06:17 GMT https://community.cisco.com/t5/network-access-control/authentication-between-the-acs-and-ad/m-p/1588215#M305860 sidcracker 2011-01-31T13:06:17Z https://community.cisco.com/t5/network-access-control/authentication-between-the-acs-and-ad/m-p/1588216#M305893 <HTML><HEAD></HEAD><BODY><P>Your welcome <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P><P></P><P>Rgds,</P><P>Jatin</P></BODY></HTML> Mon, 31 Jan 2011 15:34:13 GMT https://community.cisco.com/t5/network-access-control/authentication-between-the-acs-and-ad/m-p/1588216#M305893 Jatin Katyal 2011-01-31T15:34:13Z