Re: PAP

Nick O · ‎10-18-2022

Hey Guys, I have a test switch I am working with and connected to my ISE server.

It seems to be using PAP for authentication but I want to change that to CHAP or MS-CHAPv1.

I have already done that on the ISE side now I have to do that on the switch but there is no documentation or forum that can assist me with my issue.

I have also tied in AD to the ISE as well. The switches I am working with are 2960 and 9200. The error code is 15024

balaji.bandi · ‎10-18-2022

is the question-related user authentication ? or device authentication?

how is your config on the switch?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Nick O · ‎10-18-2022

so for the device once I switch the authentication from PAP to CHAP it does not allow access to the switch that has been connected to ISE. the switch us done in the ISE GUI. It seems to be defaulting to PAP but the goal is to be able to switch the authentication on the switch to CHAP or MS-CHAPv1

MHM Cisco World · ‎10-18-2022

Yes ISE with error you share is indicate that SW use PAP and you need CHAP or MS-CHAPv1.
can you share the config of
aaa auth

Nick O · ‎10-19-2022

aaa authentication login VTY group ise-servers local
aaa authentication enable default group ise-servers enable
aaa authorization exec VTY group ise-servers local
aaa authorization config-commands
aaa authorization console
aaa accounting exec default start-stop group ise-servers
aaa accounting system default start-stop group ise-servers
no aaa accounting system guarantee-first