Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > force use of MSCHAP

Reply
Thread Tools

force use of MSCHAP

 
 
Dan Lanciani
Guest
Posts: n/a
 
      04-12-2006
If a peer requests a Cisco to authenticate itself with MSCHAPv2 and
the Cisco does not support MSCHAPv2 (e.g., in IOS older than ~12.2T)
the Cisco will NAK to conventional CHAP even though if it supports
MSCHAP. If the peer is not clever enough to suggest MSCHAP then
authentication may succeed with conventional CHAP, but subsequent
attempts to negotiate MPPE will fail for lack of keying material.
(Alternately, the link may simply be terminated because the peer
requires some MSCHAP variation but doesn't propose v1.)

Assuming one cannot change the peer's authentication choice ordering
is there any way to force the Cisco box to NAK to MSCHAP? All the
configuration options appear to deal with the type of authentication
that the Cisco will request from the peer and not the reverse.

Dan Lanciani
ddl@danlan.*com
 
Reply With Quote
 
 
 
 
Merv
Guest
Posts: n/a
 
      04-12-2006

> is there any way to force the Cisco box to NAK to MSCHAP?


for inbound refusal, checkout these commands:

ppp chap refuse

ppp ms-chap refuse

ppp ms-chap-v2 refuse

 
Reply With Quote
 
 
 
 
Dan Lanciani
Guest
Posts: n/a
 
      04-12-2006
In article <(E-Mail Removed). com>, http://www.velocityreviews.com/forums/(E-Mail Removed) (Merv) writes:
|
| > is there any way to force the Cisco box to NAK to MSCHAP?
|
| for inbound refusal, checkout these commands:
|
| ppp chap refuse
|
| ppp ms-chap refuse
|
| ppp ms-chap-v2 refuse

I don't have any 'ppp ms-chap*' commands available and 'ppp chap refuse'
appears to refuse any flavor of chap. I suspect that if I had the 'ppp
ms-chap*' commands I'd also have MSCHAPv2 support in the image and the
problem would be moot.

Dan Lanciani
ddl@danlan.*com
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Nike air force one, air force 1, air force one low cut, air force one abdul_razak@indiatimes.com Digital Photography 2 12-31-2008 04:29 PM
Nike Air Force Ones,Air Force One Air Force One-1 lky52193@gmail.com Computer Support 0 01-17-2008 04:40 PM
Nike Air Force Ones,Air Force One Air Force One-1,25th anniversary lky52112@gmail.com Digital Photography 0 01-15-2008 04:46 PM
Nike Air Force Ones,Air Force One Air Force One-1,25th anniversary lky52112@gmail.com Digital Photography 0 01-15-2008 04:34 PM
Problems connecting with Aironet 350 PEAP/mschap Adam Ryan Cisco 1 10-03-2004 10:07 PM



Advertisments