D-19
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
AppendixD RA DIUS Attributes Microsoft MPPE Dictionary of RADIUS VSAs
Microsoft to encrypt point-to-point (PPP) links. These PPP connections can be via
a dial-up line, or over a VPN tunnel such as PPTP. MPPE is supported by several
RADIUS network device vendors that CiscoSecure ACS supports. The following
Cisco Secure ACS RADIUS protocols support the Microsoft RADIUS VSAs:
•Cisco IOS
•Cisco VPN 3000
•Ascend
Tabl e D-9 lists the supported MPPE RADIUS VSAs.
TableD-9 Microsoft MPPE RADIUS VSAs
Attribute Number Type of Value Description
MS-CHAP-Response 1 string —
MS-CHAP-Error 2 string —
MS-CHAP-CPW-1 3 string —
MS-CHAP-CPW-2 4 string —
MS-CHAP-LM-Enc-PW 5 string —
MS-CHAP-NT-Enc-PW 6 string —
MS-MPPE-Encryption-Policy 7 integer The MS-MPPE-Encryption-Policy
attribute signifies whether the use of
encryption is allowed or required. If the
Policy field is equal to 1
(Encryption-Allowed), any or none of the
encryption types specified in the
MS-MPPE-Encryption-Types attribute
can be used. If the Policy field is equal to
2 (Encryption-Required), any of the
encryption types specified in the
MS-MPPE-Encryption-Types attribute
can be used, but at least one must be used.
MS-MPPE-Encryption-Types 8 integer The MS-MPPE-Encryption-Types
attribute signifies the types of encryption
available for use with MPPE. It is a four
octet integer that is interpreted as a string
of bits.