Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
1
Replies

authentication type is pap

WILLIAM STEGMAN
Level 4
Level 4

‎07-25-2005 06:51 PM - edited ‎03-10-2019 02:14 PM

I have a switch setup to use radius. I have the aaa-new model list applied to my console and telnet ports, but they only work with pap. If I try chap in my remote access policy, login is not allowed, and the radius server's event viewer reads, incorrect authentication type. If I allow pap at the remote access policy, it works fine. I don't know how to change the authentication protocol used on the console and telnet ports. Can you change it? I know you can change it on serial interfaces with ppp. Isn't telnet clear text only? If so, what good is radius when trying to account for who has been accessing, and who is allowed to access the cisco equipment via telnet or the console? I don't want active dir domain account's passwords being sent clear text. Is there a better alternative?

thank you,

Labels:
0 Helpful
1 Reply 1

WILLIAM STEGMAN
Level 4
Level 4

‎07-27-2005 06:24 AM

I think I found the answer to part of my question in the CCSP SECUR text, "If you are using the Windows NT or Windows 2000 user database to authenticate users, you must use PAP password encryption" Further down, "If you are using the Cisco Secure ACS for Windows users databse for authentication, you can use either PAP or CHAP."

0 Helpful
Customers Also Viewed These Support Documents