Configuring Security Features on an External AAA Server
Table 6: MSCHAP RADIUS Vendor-Specific Attributes
Vendor-ID Number
Vendor-Type
Number
311
11
211
11
Enabling MSCHAP Authentication
To enable MSCHAP authentication, follow these steps:
Procedure
Step 1
switch# configure terminal
Enters configuration mode.
Step 2
switch(config)# aaa authentication login mschap enable
Enables MSCHAP login authentication.
Step 3
switch# no aaa authentication login mschap enable
(Optional) Disables MSCHAP login authentication.
Enabling MSCHAPv2 Authentication
To enable MSCHAPv2 authentication, follow these steps:
Procedure
Step 1
switch# configure terminal
Enters configuration mode.
Step 2
switch(config)# aaa authentication login mschapv2 enable
Enables MSCHAPv2 login authentication.
Step 3
switch# no aaa authentication login mschapv2 enable
Vendor-Specific Attribute
Description
MSCHAP-Challenge
Contains the challenge sent by an AAA server to an MSCHAP
user. It can be used in both Access-Request and
Access-Challenge packets.
MSCHAP-Response
Contains the response value provided by an MS-CHAP user
in response to the challenge. It is only used in Access-Request
packets.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Enabling MSCHAP Authentication
89