Filter
Top Products
Appendix C RADIUS Attributes
Microsoft MPPE Dictionary of RADIUS VSAs
C-28
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Microsoft MPPE Dictionary of RADIUS VSAs
Cisco Secure ACS supports the Microsoft RADIUS VSAs used for Microsoft
Point-to-Point Encryption (MPPE). The vendor ID for this Microsoft RADIUS
Implementation is 311. MPPE is an encryption technology developed by
Microsoft to encrypt point-to-point (PPP) links. These PPP connections can be via
a dial-up line, or over a VPN tunnel such as PPTP. MPPE is supported by several
RADIUS network device vendors that Cisco Secure ACS supports. The following
Cisco Secure ACS RADIUS protocols support the Microsoft RADIUS VSAs:
• Cisco IOS
• Cisco VPN 3000
• Ascend
To control Microsoft MPPE settings for users accessing the network through a
Cisco VPN 3000-series concentrator, use the CVPN3000-PPTP-Encryption (VSA
20) and CVPN3000-L2TP-Encryption (VSA 21) attributes. Settings for
CVPN3000-PPTP-Encryption (VSA 20) and CVPN3000-L2TP-Encryption (VSA
21) override Microsoft MPPE RADIUS settings. If either of these attributes is
enabled, Cisco Secure ACS determines the values to be sent in outbound RADIUS
(Microsoft) attributes and sends them along with the RADIUS (Cisco VPN 3000)
attributes, regardless of whether RADIUS (Microsoft) attributes are enabled in
the Cisco Secure ACS HTML interface or how those attributes might be
configured.
Table C-7 lists the supported MPPE RADIUS VSAs.
Table C-7 Microsoft MPPE RADIUS VSAs
Number Attribute
Type of
Value Description
Inbound/
Outbound Multiple
1MS-CHAP-
Response
String — Inbound No
2MS-CHAP-
Error
String — Outbound No
3MS-CHAP-
CPW-1
String — Inbound No
4MS-CHAP-
CPW-2
String — Inbound No