Symptom
When chap is enabled/configured on the switch for authentication type, the switch triggers a pap instead.
Conditions
-N5K-C5672UP
TAC lab recreate and CU version
-version 7.0(3)N1(1)
GDP lab recreate
7.2(1)N1(1)
When CHAP is configured in CLI, it gets set to PAP during authentication request.
Workaround
Customer can use MSChap as an alternate instead of CHAP.
Note: Customer will not see a failure, authentication will still happen, but as PAP.
Further Problem Description
When CHAP (not MSCHAP) is enabled in the switch, it attempts to do PAP authentication. The password passed back is not the attribute three password as called out in the rfc.
https://tools.ietf.org/html/rfc2865#page-8
-
