fbpx
Oct 01

CHAP Basic Set-up Steps

CHAP basic set-up steps

Authentication is a highly recommended way to secure a network against intrusion. Challenge-Handshake Authentication Protocol (CHAP) performs a three-way handshake to verify the identity of a peer by sending a challenge message to the peer after the Link Control Protocol (LCP) phase is completed. The peer then responds by sending the value calculated by performing the one-way hash function. And if the value sent by the peer matches the value calculated by itself, then the authentication is successful. CHAP is considered more secure than PAP (Password Authentication Protocol) as it saves the connection against the replay attacks by the peer, and unlike PAP, it does not send secret as plain text over the network.

To use CHAP, first, we have to enable point-to-point protocol (PPP) by using the encapsulation ppp command on the interface. Once PPP has been enabled we use the ppp authentication chap command on both the routers to enable CHAP. Finally, we configure the usernames and passwords by using username username password password command. Make sure that the same password is used on both the routers. CHAP is normally one-way authentication but we can create two-way authentication as well. To enable two-way CHAP we have to initiate the CHAP authentication from both the routers. To define an interface-specific CHAP hostname we use the command ppp chap hostname username. We can even set a password for a specific interface by using the command ppp chap password password. We can also set the authentication direction by issuing the command ppp direction callin | callout | dedicated. The CHAP authentication requests can be refused or the peer can be asked to wait until the peer authenticates itself first, and the commands for these actions are ppp chap refuse and ppp chap wait, respectively. When the authentication process fails we can configure the point-to-point interface to do a certain number of retries, before it resets itself, by using the command ppp max-bad-auth value (default value is 0). We can verify whether the CHAP authentication is enabled on the interface and whether it is a one-way or two-way handshake (by this end, by the peer, by both) by using the debug ppp negotiation and debug ppp authentication commands. A misconfiguration of the username or password on any of the two peers can result in the failure of the authentication process, so we have to make sure that we provide correct username and password on both the peers.

Info about Cisco Exam

Looking for an IT Job?

Please call us on 1800 159 151, or complete the form below.

  • This field is for validation purposes and should be left unchanged.

Recent Posts

The supply of this course/package/program is governed by our terms and conditions. Please read them carefully before enrolling, as enrolment is conditional on acceptance of these terms and conditions. The sale price is valid for registrations between 01 Dec and 10 Jan.

OUR ACCREDITATIONS

Find out why we are the leading choice to help boost your career in Australia

Prepare to get IT job ready in 8 weeks

Trained 10,000+ professionals and counting

Experienced Provider: Operating Since 2004

Trained staff from 1000+ Australian Businesses

We Have Placed Candidates In
SATISFIED CUSTOMERS
SOME OF OUR CLIENTS

Over 1000 organisations have relied on Logitrain to be their trusted training partner.

High-quality, cost-effective training in Australia
Learn More
  • This field is for validation purposes and should be left unchanged.

Dont’ Wait. Fill the form for a free no-obligation information session with our course specialists.

About The Author

Train with Confidence with our Price Beat Guarantee

Hurry, Covid discounts on Job Programs end soon

Open chat