01-31-2011 04:43 AM - edited 03-10-2019 05:46 PM
Hello,
I would like to know the kind of authentication mechanism ACS 5.1 uses to talk with the Active Directory. Does it use MSCHAP or MSCHAPv2 or just plain PAP. By default it uses PAP to speak between the Cisco IOS and the ACS on the 5.1.
If you llook at the default device admin tab and click on allowed protocols ---> it mentions PAP.
DOes it use a secure means of transport between the ACS and AD. Idf so can anyone tell the authentication mechanism?
Thanks
Solved! Go to Solution.
01-31-2011 05:01 AM
Any administration session like telnet, ssh and console they always use PAP as an authentication method.
Though pap communication can be captured and read as it happens in clear text. However, since we have tacacs in use, it always encrypt the whole packet with shared secret defined on the IOS and ACS/TACACS so if you capture the traffic between the tacacs and device you won't be able to decrypt it without the key.
In case you have radius then use SSH (Putty) so that it can help you for secure communication.
ACS and AD do support CHAP, MSCHAPv1 and MSCHAPv2 and PAP.
However, these administration doesn't work on other authentication method except PAP.
HTH
Regds,
Jatin
Do rate helpful posts~
01-31-2011 05:01 AM
Any administration session like telnet, ssh and console they always use PAP as an authentication method.
Though pap communication can be captured and read as it happens in clear text. However, since we have tacacs in use, it always encrypt the whole packet with shared secret defined on the IOS and ACS/TACACS so if you capture the traffic between the tacacs and device you won't be able to decrypt it without the key.
In case you have radius then use SSH (Putty) so that it can help you for secure communication.
ACS and AD do support CHAP, MSCHAPv1 and MSCHAPv2 and PAP.
However, these administration doesn't work on other authentication method except PAP.
HTH
Regds,
Jatin
Do rate helpful posts~
01-31-2011 05:06 AM
Thank you Jatin....
01-31-2011 07:34 AM
Your welcome
Rgds,
Jatin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide