cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1284
Views
0
Helpful
1
Replies
Ben Cargill
Beginner

ACS 5.4 Wireless Leap Authentication

I have ACS 5.4 setup and I'm trying to enable Leap for athentication with our wireless controller.  Under Allowed services I have a network access rule created for wireless.  Has identity and Authorization seutp.  The allowed protocols I have checked. Leap.

When I connect to a WLAN pointing to this ACS Radius it will authenticate but it using ms-chap version 1.  Thats what I see in the authentication sucessfull logs under athentication method.  The PC has the wireless profile setup for WPA2 and AES using Cisco Leap.

Any thoughts on why this is using ms-chap when I have leap defined?  Any assistance would be appreciated.

1 REPLY 1
GRANT GATHAGAN
Beginner

Don't know if you ever got an answer to this question, but LEAP is basically a modified version of MS-CHAPv1

From the "Cisco Wireless LAN Security" book:

LEAP uses 802.1x EAPOL messages, performs server authentication, achieves username/password (over MS-CHAP) as the user authentication mechanism, uses a RADIUS server as the authentication server, and provides mechanisms for deriving and distributing encryption keys.

For more on LEAP, PEAp and the other flavors of EAP:

https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol

Create
Recognize Your Peers
Content for Community-Ad