About Enabling MSCHAP

About Enabling MSCHAP

By default, the switch uses Password Authentication Protocol (PAP) authentication between the switch and the remote server. If you enable MSCHAP, you need to configure your RADIUS server to recognize the MSCHAP vendor-specific attributes. See the "About Vendor-Specific Attributes" topic. Table 30-1 shows the RADIUS vendor-specific attributes required for MSCHAP.

Table 30-1 MSCHAP RADIUS Vendor-Specific Attributes

Vendor-ID Number

Vendor-Type Number

Vendor-Specific Attribute

Description

311

11

MSCHAP-Challenge

Contains the challenge sent by an AAA server to an MSCHAP user. It can be used in both Access-Request and Access-Challenge packets.

211

11

MSCHAP-Response

Contains the response value provided by an MS-CHAP user in response to the challenge. It is only used in Access-Request packets.

Copyright 2010-2013, Cisco Systems, Inc. All rights reserved.

Vendor-ID Number	Vendor-Type Number	Vendor-Specific Attribute	Description
311	11	MSCHAP-Challenge	Contains the challenge sent by an AAA server to an MSCHAP user. It can be used in both Access-Request and Access-Challenge packets.
211	11	MSCHAP-Response	Contains the response value provided by an MS-CHAP user in response to the challenge. It is only used in Access-Request packets.