Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1909
Views
20
Helpful
8
Replies

RADIUS on Cisco 1941 router

Go to solution
danielsffs
Level 1
Level 1

‎08-04-2021 10:36 AM

Hello everyone,

I have a question about the configuration of RADIUS on a Cisco 1941 router.

I am using Microsoft Policy Server as a RADIUS server for my router and I got it working but only when using the unencrypted protocol PAP. I wish to use the more secure variants like CHAP, MS-CHAP and MS-CHAP-v2 but they get rejected by my server for some reason. Does anyone have experience with this? Does the 1941 router even support the more secure protocols? 

I added a picture containing the settings which are giving me problems. 

Any help would be appreciated.

 

Regards Daniel

 

 

 

Labels:
Preview file
46 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎08-04-2021 11:46 AM

In absolute terms yes your 1941 does support protocols like CHAP but in the context of PPP. For communication with the Radius server those protocols are not supported.

HTH

Rick

View solution in original post

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to danielsffs

‎08-05-2021 07:49 AM

Daniel

I am glad that our discussion has been helpful.  Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick

View solution in original post

8 Replies 8

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎08-04-2021 11:46 AM

In absolute terms yes your 1941 does support protocols like CHAP but in the context of PPP. For communication with the Radius server those protocols are not supported.

HTH

Rick

Go to solution
danielsffs
Level 1
Level 1
In response to Richard Burts

‎08-04-2021 12:44 PM

I guess I'll have to use the less secure PAP for my radius configuration.
Thanks for answering my question on such a short notice!

Best regards,

Daniel


0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎08-04-2021 12:57 PM

Hello.

 

what does your current RADIUS configuration on the 1941 look like ? As far as I recall:

 

--> aaa authentication ppp user-radius if-needed group radius

 

should configure the router use PAP or CHAP...

Go to solution
danielsffs
Level 1
Level 1
In response to Georg Pauwen

‎08-04-2021 01:16 PM

My configuration now is:

 

AAA new-model 

 

AAA group server radius RAD_SERVERS 

 

Server-private 192.168.50.104 auth-port 1812 acct-port 1813 key Test

 

AAA-authentication login default group RAD_SERVERS local

 

 

0 Helpful

Go to solution
danielsffs
Level 1
Level 1

‎08-04-2021 01:22 PM

I am not really familiar with the PPP configuration. Is it possible to configure a Cisco router with Microsoft Policy Server in combination with PPP? 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to danielsffs

‎08-04-2021 07:39 PM

For Cisco routers PPP is used in conjunction with point to point serial interfaces or dialer interfaces or other similar interfaces. The post with partial config makes it clear that this is a traditional router to Radius over a traditional network. So PPP does not come into play here.

For Radius the only data element that is encrypted in transmission is the password. All other data is not encrypted. By contrast in TACACS all of the transmission is encrypted. This link about those protocols might provide helpful information.

https://www.geeksforgeeks.org/difference-between-tacacs-and-radius/

 

HTH

Rick

Go to solution
danielsffs
Level 1
Level 1

‎08-04-2021 10:09 PM

Ah yes ofcourse, thanks for the information it has been helpful. Anyways in the correct configuration I got it working and I understand I wanted something that isn't possible. 

 

Best regards,

 

Daniel 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to danielsffs

‎08-05-2021 07:49 AM

Daniel

I am glad that our discussion has been helpful.  Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card