Configure the authentication method on the answering router

1. On the answering router, specify which authentication method or methods to accept.
   
   By default, the answering router is configured to accept EAP-TLS, MS-CHAP v2, and MS-CHAP.
   
   
   • To increase security, clear the MS-CHAP selection, and, if you plan to use EAP-TLS only, also clear the MS-CHAP v2 selection.
     
     -or-
     
   • To use MS-CHAP v2 with passwords for user authentication, clear the EAP-TLS selection.
     
   For information about how to add or clear authentication methods, see Enable authentication protocols in Help and Support Center for Windows Server 2003.
   
2. If you select EAP-TLS authentication, be sure to perform the steps in "Install Computer and User Certificates for EAP-TLS" earlier in this chapter.