Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
1
Replies

cisco2800 VPNclient support with radius auth

Riccardo Veraldi
Level 1
Level 1

‎01-14-2011 02:40 PM

Hello,

I enabled VPNclient support on my cisco 2811 and users are authenticated using external radius authentication.

Everything works.

The radius server is freeradius.

I would like to ask if connection between cisco 2811 router and radius server is encrypted or if user authentication data

is cleartext on the wire ?

thank you

Riccardo

Labels:
0 Helpful
1 Reply 1

Yudong Wu
Level 7
Level 7

‎01-14-2011 02:54 PM

Radius only encrypts the passoword.

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml

RADIUS encrypts only the password in the access-request packet, from       the client to the server. The remainder of the packet is unencrypted. Other       information, such as username, authorized services, and accounting, can be       captured by a third party.

TACACS+ encrypts the entire body of the packet but leaves a standard       TACACS+ header. Within the header is a field that indicates whether the body is       encrypted or not. For debugging purposes, it is useful to have the body of the       packets unencrypted. However, during normal operation, the body of the packet       is fully encrypted for more secure communications.

0 Helpful
Customers Also Viewed These Support Documents