I have a switch setup to use radius. I have the aaa-new model list applied to my console and telnet ports, but they only work with pap. If I try chap in my remote access policy, login is not allowed, and the radius server's event viewer reads, incorrect authentication type. If I allow pap at the remote access policy, it works fine. I don't know how to change the authentication protocol used on the console and telnet ports. Can you change it? I know you can change it on serial interfaces with ppp. Isn't telnet clear text only? If so, what good is radius when trying to account for who has been accessing, and who is allowed to access the cisco equipment via telnet or the console? I don't want active dir domain account's passwords being sent clear text. Is there a better alternative?
thank you,