authentication type is pap

WILLIAM STEGMAN — Sun, 10 Mar 2019 21:14:47 GMT

I have a switch setup to use radius. I have the aaa-new model list applied to my console and telnet ports, but they only work with pap. If I try chap in my remote access policy, login is not allowed, and the radius server's event viewer reads, incorrect authentication type. If I allow pap at the remote access policy, it works fine. I don't know how to change the authentication protocol used on the console and telnet ports. Can you change it? I know you can change it on serial interfaces with ppp. Isn't telnet clear text only? If so, what good is radius when trying to account for who has been accessing, and who is allowed to access the cisco equipment via telnet or the console? I don't want active dir domain account's passwords being sent clear text. Is there a better alternative?

thank you,

Re: authentication type is pap

WILLIAM STEGMAN — Wed, 27 Jul 2005 13:24:18 GMT

I think I found the answer to part of my question in the CCSP SECUR text, "If you are using the Windows NT or Windows 2000 user database to authenticate users, you must use PAP password encryption" Further down, "If you are using the Cisco Secure ACS for Windows users databse for authentication, you can use either PAP or CHAP."

topic Re: authentication type is pap in Network Access Control

authentication type is pap

Re: authentication type is pap