Which of the following authentication methods are supported by both RADIUS and TACACS+ server groups on
a Cisco ASA firewall? (Select 3 choices.)
A.
ASCII
B.
CHAP
C.
MSCHAPv1
D.
MSCHAPv2
E.
PAP
Explanation:
Remote Authentication DialIn User Service (RADIUS) and Terminal Access Controller Access Control
System Plus (TACACS+) server groups on a Cisco Adaptive Security Appliance (ASA) support Challenge
Handshake Authentication Protocol (CHAP), Microsoft CHAP version 1 (MSCHAPv1), and Password
Authentication Protocol (PAP). A Cisco ASA supports a number of different Authentication, Authorization, and
Accounting (AAA) server types, such as RADIUS, TACACS+, Lightweight Directory Access Protocol (LDAP),
Kerberos, and RSA Security Dynamics, Inc. (SDI) servers.
When authenticating with a TACACS+ server, a Cisco ASA can use the following authentication protocols:
– ASCII
– PAP
– CHAP
– MSCHAPv1
When authenticating with a RADIUS server, a Cisco ASA can use the following authentication protocols:
– PAP
– CHAP
– MSCHAPv1
– MSCHAPv2
– Authentication Proxy Mode (for example, RADIUS to RSA/SDI, RADIUS to Active Directory, and others)Cisco: Configuring AAA Servers and the Local Database: Radius Server Support
Cisco: Configuring AAA Servers and the Local Database: TACACS+ Server Support