On a Cisco ASA, which of the following authentication protocols is not supported by the TACACS+ server?
(Select the best answer.)
A.
ASCII
B.
CHAP
C.
PAP
D.
MSCHAPv1
E.
MSCHAPv2
Explanation:
The Terminal Access Controller Access Control System Plus (TACACS+) server on a Cisco Adaptive
Security Appliance (ASA) does not support Microsoft Challenge Handshake Authentication Protocol version
2 (MSCHAPv2). Remote Authentication DialIn User Service (RADIUS) and TACACS+ server groups on a CiscoASA support Challenge Handshake Authentication Protocol (CHAP), MSCHAP version 1 (MSCHAPv1), and
Password Authentication Protocol (PAP).
A Cisco ASA supports a number of different Authentication, Authorization, and Accounting (AAA) server types,
such as RADIUS, TACACS+, Lightweight Directory Access Protocol (LDAP), Kerberos, and RSA Security
Dynamics, Inc. (SDI) servers.
When authenticating with a TACACS+ server, a Cisco ASA can use the following authentication protocols:
– ASCII
– PAP
– CHAP
– MSCHAPv1
When authenticating with a RADIUS server, a Cisco ASA can use the following authentication protocols:
– PAP
– CHAP
– MSCHAPv1
– MSCHAPv2
– Authentication Proxy Mode (for example, RADIUS to RSA/SDI, RADIUS to Active Directory, and others)Cisco: Configuring AAA Servers and the Local Database: TACACS+ Server Support
Cisco: Configuring AAA Servers and the Local Database: RADIUS Server Support