cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2856
Views
20
Helpful
8
Replies

RADIUS on Cisco 1941 router

danielsffs
Level 1
Level 1

Hello everyone,

I have a question about the configuration of RADIUS on a Cisco 1941 router.

I am using Microsoft Policy Server as a RADIUS server for my router and I got it working but only when using the unencrypted protocol PAP. I wish to use the more secure variants like CHAP, MS-CHAP and MS-CHAP-v2 but they get rejected by my server for some reason. Does anyone have experience with this? Does the 1941 router even support the more secure protocols? 

I added a picture containing the settings which are giving me problems. 

Any help would be appreciated.

 

Regards Daniel

 

 

 

2 Accepted Solutions

Accepted Solutions

Richard Burts
Hall of Fame
Hall of Fame

In absolute terms yes your 1941 does support protocols like CHAP but in the context of PPP. For communication with the Radius server those protocols are not supported.

HTH

Rick

View solution in original post

Daniel

I am glad that our discussion has been helpful.  Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick

View solution in original post

8 Replies 8

Richard Burts
Hall of Fame
Hall of Fame

In absolute terms yes your 1941 does support protocols like CHAP but in the context of PPP. For communication with the Radius server those protocols are not supported.

HTH

Rick

I guess I'll have to use the less secure PAP for my radius configuration.
Thanks for answering my question on such a short notice!

Best regards,

Daniel


Hello.

 

what does your current RADIUS configuration on the 1941 look like ? As far as I recall:

 

--> aaa authentication ppp user-radius if-needed group radius

 

should configure the router use PAP or CHAP...

My configuration now is:

 

AAA new-model 

 

AAA group server radius RAD_SERVERS 

 

Server-private 192.168.50.104 auth-port 1812 acct-port 1813 key Test

 

AAA-authentication login default group RAD_SERVERS local

 

 

danielsffs
Level 1
Level 1

I am not really familiar with the PPP configuration. Is it possible to configure a Cisco router with Microsoft Policy Server in combination with PPP? 

For Cisco routers PPP is used in conjunction with point to point serial interfaces or dialer interfaces or other similar interfaces. The post with partial config makes it clear that this is a traditional router to Radius over a traditional network. So PPP does not come into play here.

For Radius the only data element that is encrypted in transmission is the password. All other data is not encrypted. By contrast in TACACS all of the transmission is encrypted. This link about those protocols might provide helpful information.

https://www.geeksforgeeks.org/difference-between-tacacs-and-radius/

 

HTH

Rick

danielsffs
Level 1
Level 1

Ah yes ofcourse, thanks for the information it has been helpful. Anyways in the correct configuration I got it working and I understand I wanted something that isn't possible. 

 

Best regards,

 

Daniel 

Daniel

I am glad that our discussion has been helpful.  Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick