Hello! Does Ruckus ZoneDirector support MSCHAPV2 in 9.6 build 15 ?

  • 1
  • Question
  • Updated 3 years ago
Photo of Khaqan Faridi

Khaqan Faridi

  • 4 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Sid Sok

Sid Sok, Official Rep

  • 102 Posts
  • 48 Reply Likes
It should work, for client authentication the ZD/AP is only a tunnel between the client and the radius server. The client and server will negotiate what to use, the AP and ZD should only forward traffic between the two.

The UG notice for PAP and now CHAP is only in reference to the ability to use the ZD to run a test against the radius server. The ZD's test of the radius server only uses PAP or CHAP.
Photo of Rodrigus Feitosa

Rodrigus Feitosa

  • 1 Post
  • 0 Reply Likes
But CHAP is not the same MSCHAP. How can that work?
Photo of Sid Sok

Sid Sok, Official Rep

  • 102 Posts
  • 48 Reply Likes
Are you talking about Test the AAA server or are you talking about an actual client authenticating?

If you are talking about a real client, there is not much you need to set on the ZD, just the IP address of the Radius server, the Shared Secret and the Auth port. 

The rest, negotiation for security protocol to use is done between the Client and the radius server.

The ZD will just tunnel the authentication traffic between the client and Radius.  If the client and Radius server are configured to use MSCHAPv2 it will work.