Mschap Authentication - Cisco MDS 9000 Series Configuration Manual

Security
Hide thumbs Also See for MDS 9000 Series:
Table of Contents

Advertisement

Enabling CHAP Authentication
Enabling CHAP Authentication
To enable CHAP authentication, follow these steps:
Procedure
Step 1
switch# configure terminal
Enters configuration mode.
Step 2
switch(config)# aaa authentication login chap enable
Enables CHAP login authentication.
Step 3
switch# no aaa authentication login chap enable
(Optional) Disables CHAP login authentication.
Example
You can use the show aaa authentication login chap command to display the CHAP authentication
configuration.
switch# show aaa authentication login chap
chap is disabled

MSCHAP Authentication

Microsoft Challenge Handshake Authentication Protocol (MSCHAP) is the Microsoft version of CHAP.
Cisco MDS 9000 Family switches allow user logins to perform remote authentication using different versions
of MSCHAP. MSCHAP is used for authentication on a RADIUS or TACACS+ server, while MSCHAPv2
is used for authentication on a RADIUS server.
About Enabling MSCHAP
By default, the switch uses Password Authentication Protocol (PAP) authentication between the switch and
the remote server. If you enable MSCHAP, you need to configure your RADIUS server to recognize the
MSCHAP vendor-specific attributes. See the
table shows the RADIUS vendor-specific attributes required for MSCHAP.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
88
Configuring Security Features on an External AAA Server
About Vendor-Specific Attributes, on page
62. The following

Advertisement

Table of Contents
loading

Table of Contents