ACS 5.4 Wireless Leap Authentication

Ben Cargill — Fri, 21 Feb 2020 12:49:35 GMT

I have ACS 5.4 setup and I'm trying to enable Leap for athentication with our wireless controller. Under Allowed services I have a network access rule created for wireless. Has identity and Authorization seutp. The allowed protocols I have checked. Leap.

When I connect to a WLAN pointing to this ACS Radius it will authenticate but it using ms-chap version 1. Thats what I see in the authentication sucessfull logs under athentication method. The PC has the wireless profile setup for WPA2 and AES using Cisco Leap.

Any thoughts on why this is using ms-chap when I have leap defined? Any assistance would be appreciated.

ACS 5.4 Wireless Leap Authentication

GRANT GATHAGAN — Wed, 05 Jun 2013 23:55:04 GMT

Don't know if you ever got an answer to this question, but LEAP is basically a modified version of MS-CHAPv1

From the "Cisco Wireless LAN Security" book:

LEAP uses 802.1x EAPOL messages, performs server authentication, achieves username/password (over MS-CHAP) as the user authentication mechanism, uses a RADIUS server as the authentication server, and provides mechanisms for deriving and distributing encryption keys.

For more on LEAP, PEAp and the other flavors of EAP:

https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol

topic ACS 5.4 Wireless Leap Authentication in Network Security

ACS 5.4 Wireless Leap Authentication

ACS 5.4 Wireless Leap Authentication