I have ACS 5.4 setup and I'm trying to enable Leap for athentication with our wireless controller. Under Allowed services I have a network access rule created for wireless. Has identity and Authorization seutp. The allowed protocols I have checked. Leap.
When I connect to a WLAN pointing to this ACS Radius it will authenticate but it using ms-chap version 1. Thats what I see in the authentication sucessfull logs under athentication method. The PC has the wireless profile setup for WPA2 and AES using Cisco Leap.
Any thoughts on why this is using ms-chap when I have leap defined? Any assistance would be appreciated.
Don't know if you ever got an answer to this question, but LEAP is basically a modified version of MS-CHAPv1
From the "Cisco Wireless LAN Security" book:
LEAP uses 802.1x EAPOL messages, performs server authentication, achieves username/password (over MS-CHAP) as the user authentication mechanism, uses a RADIUS server as the authentication server, and provides mechanisms for deriving and distributing encryption keys.
For more on LEAP, PEAp and the other flavors of EAP:
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Juniper EX 2300 switch to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnec...
At the core of the new Firewall Threat Defense (FTD) software version 7.x, Snort 3 provides faster and superior threat protection and performance, includes better SecureX integration so SecOPS teams can quickly pivot and correlate events from multiple pr...
This article describes the set of logs that can be verified related to SI feeds, starting from configuring to periodic updates.
The information in this document is based on Cisco FMC and FTD that runs software Version 6.6.5 or later.
pxGrid Integration with Cisco StealthWatch using Microsoft CAObjectiveThis blog will help the readers to configure their Cisco StealthWatch (7.X) and Cisco ISE appliance over pxGrid. What is pxGrid?Cisco pxGrid provides a unified framework that enabl...