Security, WIDS/WIPS and Aruba ECS

Reply
Frequent Contributor I
Posts: 82
Registered: ‎02-15-2008

802.1x Termination with EAP-MSCHApv2 as the inner EAP Type

Hello,

i have the following Question. We use SC1 Module on OAW6000 with release 5.0.3.3 and we had configured LDAP Server. Additional we want to use EAP-MSCHAPv2 as the inner EAP Type. But it is only possible to USE EAP-GTC. Is it supported to use EAP-MSCHAPv2 as the inner EAP Type?

Following Error is printed after enabling EAP-MSCHAPv2:

Error processing command 'aaa authentication dot1x "802.1x_Profile_with_Termination_enable" termination inner-eap-type eap-mschapv2':Error: dot1x-server-group 'Server_Group_LDAP' in aaa profile 'Server_Group_LDAP' contains LDAP server(s). To support this configuration dot1x profile '802.1x_Profile_with_Termination_enable' should have termination enabled and eaptype set to eap-tls or eap-peap with gtc as the only innereaptype

Best Regards
Aruba
Posts: 760
Registered: ‎05-31-2007

MSChapV2

MSChapV2 is available as an inner EAP type when using RADIUS as the authentication back-end.
Guru Elite
Posts: 21,547
Registered: ‎03-29-2007

Re: 802.1x Termination with EAP-MSCHApv2 as the inner EAP Type


Hello,

i have the following Question. We use SC1 Module on OAW6000 with release 5.0.3.3 and we had configured LDAP Server. Additional we want to use EAP-MSCHAPv2 as the inner EAP Type. But it is only possible to USE EAP-GTC. Is it supported to use EAP-MSCHAPv2 as the inner EAP Type?

Following Error is printed after enabling EAP-MSCHAPv2:

Error processing command 'aaa authentication dot1x "802.1x_Profile_with_Termination_enable" termination inner-eap-type eap-mschapv2':Error: dot1x-server-group 'Server_Group_LDAP' in aaa profile 'Server_Group_LDAP' contains LDAP server(s). To support this configuration dot1x profile '802.1x_Profile_with_Termination_enable' should have termination enabled and eaptype set to eap-tls or eap-peap with gtc as the only innereaptype

Best Regards




The only way that an LDAP database will allow you to do 802.1x with MSChapv2 is with a 3rd party radius server like Free Radius and your LDAP database uses cleartext, or NT-hash Encrypted storage of passwords: http://deployingradius.com/documents/protocols/compatibility.html


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 82
Registered: ‎02-15-2008

Re: 802.1x Termination with EAP-MSCHApv2 as the inner EAP Type

Hello,

so the "cause" that it is not possible to enable on the profile is the connected LDAP Database? correct?

So it is possible to enable if the internal Database is used?

Thank you for that Information

Best Regards
Guru Elite
Posts: 21,547
Registered: ‎03-29-2007

Re: 802.1x Termination with EAP-MSCHApv2 as the inner EAP Type

Correct.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: