Appendix D
RADIUS Attributes
Table D-9
Microsoft MPPE RADIUS VSAs
Attribute
MS-CHAP-Response
MS-CHAP-Error
MS-CHAP-CPW-1
MS-CHAP-CPW-2
MS-CHAP-LM-Enc-PW
MS-CHAP-NT-Enc-PW
MS-MPPE-Encryption-Policy
MS-MPPE-Encryption-Types
78-13751-01, Version 3.0
Microsoft to encrypt point-to-point (PPP) links. These PPP connections can be via
a dial-up line, or over a VPN tunnel such as PPTP. MPPE is supported by several
RADIUS network device vendors that Cisco Secure ACS supports. The following
Cisco Secure ACS RADIUS protocols support the Microsoft RADIUS VSAs:
•
Cisco IOS
Cisco VPN 3000
•
Ascend
•
Table D-9
lists the supported MPPE RADIUS VSAs.
Number
Type of Value
1
string
2
string
3
string
4
string
5
string
6
string
7
integer
8
integer
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
Microsoft MPPE Dictionary of RADIUS VSAs
Description
—
—
—
—
—
—
The MS-MPPE-Encryption-Policy
attribute signifies whether the use of
encryption is allowed or required. If the
Policy field is equal to 1
(Encryption-Allowed), any or none of the
encryption types specified in the
MS-MPPE-Encryption-Types attribute
can be used. If the Policy field is equal to
2 (Encryption-Required), any of the
encryption types specified in the
MS-MPPE-Encryption-Types attribute
can be used, but at least one must be used.
The MS-MPPE-Encryption-Types
attribute signifies the types of encryption
available for use with MPPE. It is a four
octet integer that is interpreted as a string
of bits.
D-19