Hi Folks,
I have noticed something in the Tacacs and radius logs that I have a query about. It's not an issue, I'm just looking for some information. I notice that despite having our network devices being configured to use Tacacs+ or radius the 'authentication method' that is specified in the Tacacs and radius logs in ACS 5 is PAP ASCII.
The reason this got my attention is because we use Tacacs+ or radius whch have their own varying levels of encryption this is why we use them but PAP, which is shown as the authentication method is unencrypted which is what we don't want. In order to see what was going on I ran a Wireshark trace and I can definitely see that the tacacs & radius authentications are being successfully encrypted.
So why am I seeing PAP ASCII as the authentication method in the ACS logs?
Is it a case where tacacs+ is just an encrypted payload in the PAP packet or something to that affect?
Regards
Ciaran
