Send documentation comments to mdsfeedback-doc@cisco.com
41-25
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 41 Configuring RADIUS and TACACS+
MSCHAP Authentication
About Enabling MSCHAP
By default, the switch uses Password Authentication Protocol (PAP) authentication between the switch
and the remote server. If you enable MSCHAP, you need to configure your RADIUS server to recognize
the MSCHAP vendor-specific attributes. See the
“About Vendor-Specific Attributes” section on
page 41-13. Table 41-1 shows the RADIUS vendor-specific attributes required for MSCHAP.
Enabling MSCHAP Authentication
To enable MSCHAP authentication using Device Manager, follow these steps:
Step 1 Click Security > AAA.
You see the AAA configuration in the Information pane as shown in Figure 41-8.
Figure 41-8 AAA Configuration in Device Manager
Step 2 Click the General tab.
You see the MSCHAP configuration as shown in Figure 41-9.
Figure 41-9 MSCHAP Configuration
Step 3 Check the AuthTypeMSCHAP check box to use MSCHAP to authenticate users on the switch.
Ta b l e 41-1 MSCHAP RADIUS Vendor-Specific Attributes
Vendor-ID
Number
Vendor-Type Number Vendor-Specific Attribute Description
311 11 MSCHAP-Challenge Contains the challenge sent by an AAA server to an
MSCHAP user. It can be used in both
Access-Request and Access-Challenge packets.
211 11 MSCHAP-Response Contains the response value provided by an
MS-CHAP user in response to the challenge. It is
only used in Access-Request packets.
To Next Page
Loading...
Need help?
General
