BIGIP RADIUS Auth - ms-chap support?

Question

Hi,&nbsp;
We authenticate our admins who logon to our BIG-IP devices using RADIUS.&nbsp;
Anyone know if BIG-IP can support ms-chap so this can be encrypted?&nbsp;
If we access the BIG-IP of HTTPS should I even be concerned about RADIUS?&nbsp;

what_lies_bene1 · Answer

Whether you should be concerned depends. The connection between client and F5 is secure; whether the connection between the F5 and RADIUS server(s) is, only you know but I assume it's internal and probably via the management interface so it's probably OK. Just FYI, I believe RADIUS is gaining TLS sometime soon.

nitass · Answer

Anyone know if BIG-IP can support ms-chap so this can be encrypted?sol12666: The BIG-IP system RADIUS implementation only supports the PAP authentication method 
&nbsp; http://support.f5.com/kb/en-us/solutions/public/12000/600/sol12666 
&nbsp;  &nbsp;

amolari · Answer

that SOL has been updated yesterday with the same statement.. only PAP is supported.
As far as I know there is no plans by F5 to support RadSec but there is to support APM AAA auth with Diameter.
RFE ID 399198: "Diameter authentication for APM"
At this time, the AAA radius supports only PAP.. what are doing the F5 security evangelists here? :-)&nbsp;

ekerendu · Answer

Thank you​

Forum Discussion

BIGIP RADIUS Auth - ms-chap support?

4 Replies

Recent Discussions

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Related Content

iRule based RADIUS Client Stack

Support and Help for DevCentral and Offline Contact

iRule based RADIUS Health Monitor Builder

iRule based RADIUS Server Stack

Securing Applications using mTLS Supported by F5 Distributed Cloud