[TABS_R id=8782]
On a Cisco ASA, which of the following authentication protocols is not supported by the TACACS+ server? (Select the best answer.)
- ASCII
- CHAP
- PAP
- MSCHAPv1
- MSCHAPv2
Explanation:
The Terminal Access Controller Access Control System Plus (TACACS+) server on a Cisco Adaptive
Security Appliance (ASA) does not support Microsoft Challenge Handshake Authentication Protocol version
2 (MSCHAPv2). Remote Authentication DialIn User Service (RADIUS) and TACACS+ server groups on a Cisco ASA support Challenge Handshake Authentication Protocol (CHAP), MSCHAP version 1 (MSCHAPv1), and Password Authentication Protocol (PAP).
A Cisco ASA supports a number of different Authentication, Authorization, and Accounting (AAA) server types, such as RADIUS, TACACS+, Lightweight Directory Access Protocol (LDAP), Kerberos, and RSA Security Dynamics, Inc. (SDI) servers.
When authenticating with a TACACS+ server, a Cisco ASA can use the following authentication protocols:
– ASCII
– PAP
– CHAP
– MSCHAPv1
When authenticating with a RADIUS server, a Cisco ASA can use the following authentication protocols:
– PAP
– CHAP
– MSCHAPv1
– MSCHAPv2
– Authentication Proxy Mode (for example, RADIUS to RSA/SDI, RADIUS to Active Directory, and others)
[TABS_R id=8782]