Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1351
Views
0
Helpful
1
Replies

ACS 5.4 Wireless Leap Authentication

Ben Cargill
Level 1
Level 1

‎01-30-2013 09:51 AM - edited ‎02-21-2020 04:49 AM

I have ACS 5.4 setup and I'm trying to enable Leap for athentication with our wireless controller.  Under Allowed services I have a network access rule created for wireless.  Has identity and Authorization seutp.  The allowed protocols I have checked. Leap.

When I connect to a WLAN pointing to this ACS Radius it will authenticate but it using ms-chap version 1.  Thats what I see in the authentication sucessfull logs under athentication method.  The PC has the wireless profile setup for WPA2 and AES using Cisco Leap.

Any thoughts on why this is using ms-chap when I have leap defined?  Any assistance would be appreciated.

0 Helpful
1 Reply 1

GRANT GATHAGAN
Level 1
Level 1

‎06-05-2013 04:55 PM

Don't know if you ever got an answer to this question, but LEAP is basically a modified version of MS-CHAPv1

From the "Cisco Wireless LAN Security" book:

LEAP uses 802.1x EAPOL messages, performs server authentication, achieves username/password (over MS-CHAP) as the user authentication mechanism, uses a RADIUS server as the authentication server, and provides mechanisms for deriving and distributing encryption keys.

For more on LEAP, PEAp and the other flavors of EAP:

https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card