Oct 01

CHAP Basic Set-up Steps

CHAP basic set-up steps

Authentication is a highly recommended way to secure a network against intrusion. Challenge-Handshake Authentication Protocol (CHAP) performs a three-way handshake to verify the identity of a peer by sending a challenge message to the peer after the Link Control Protocol (LCP) phase is completed. The peer then responds by sending the value calculated by performing the one-way hash function. And if the value sent by the peer matches the value calculated by itself, then the authentication is successful. CHAP is considered more secure than PAP (Password Authentication Protocol) as it saves the connection against the replay attacks by the peer, and unlike PAP, it does not send secret as plain text over the network.

To use CHAP, first, we have to enable point-to-point protocol (PPP) by using the encapsulation ppp command on the interface. Once PPP has been enabled we use the ppp authentication chap command on both the routers to enable CHAP. Finally, we configure the usernames and passwords by using username username password password command. Make sure that the same password is used on both the routers. CHAP is normally one-way authentication but we can create two-way authentication as well. To enable two-way CHAP we have to initiate the CHAP authentication from both the routers. To define an interface-specific CHAP hostname we use the command ppp chap hostname username. We can even set a password for a specific interface by using the command ppp chap password password. We can also set the authentication direction by issuing the command ppp direction callin | callout | dedicated. The CHAP authentication requests can be refused or the peer can be asked to wait until the peer authenticates itself first, and the commands for these actions are ppp chap refuse and ppp chap wait, respectively. When the authentication process fails we can configure the point-to-point interface to do a certain number of retries, before it resets itself, by using the command ppp max-bad-auth value (default value is 0). We can verify whether the CHAP authentication is enabled on the interface and whether it is a one-way or two-way handshake (by this end, by the peer, by both) by using the debug ppp negotiation and debug ppp authentication commands. A misconfiguration of the username or password on any of the two peers can result in the failure of the authentication process, so we have to make sure that we provide correct username and password on both the peers.

Info about Cisco Exam

Looking for an IT Job?

Please call us on 1800 159 151, or complete the form below.

  • This field is for validation purposes and should be left unchanged.

Recent Posts

Demand for Cybersecurity in Australia – How to learn cybersecurity?

Demand for Cybersecurity in Australia – How to learn cybersecurity?

Are you thinking of a career in cybersecurity? Do you wish to change your career to cybersecurity? Are you interested to learn cybersecurity? Are you.. Read More →
Can you get a job with just a CCNA certificate?

Can you get a job with just a CCNA certificate?

People often worry about getting jobs after acquiring a few years of education or a specific certificate. This is the exact situation with people who.. Read More →
Does a CCNA Certification help in getting Good Jobs?

Does a CCNA Certification help in getting Good Jobs?

The CCNA certificate will surely help you get in a better position right now. This certificate holds much power because of its course. It mainly.. Read More →

The supply of this course/package/program is governed by our terms and conditions. Please read them carefully before enrolling, as enrolment is conditional on acceptance of these terms and conditions. Courses run subject to registrations.


Find out why we are the leading choice to help boost your career in Australia

Prepare to get IT job ready in 8 weeks

Trained 10,000+ professionals and counting

Experienced Provider: Operating Since 2004

Trained staff from 1000+ Australian Businesses

We Have Placed Candidates In

Over 1000 organisations have relied on Logitrain to be their trusted training partner.

High-quality, cost-effective training in Australia
Learn More
  • OpenPay
  • This field is for validation purposes and should be left unchanged.

Dont’ Wait. Fill the form for a free no-obligation information session with our course specialists.

About The Author

Delivering Classroom and Live Virtual Training with Price Beat Guarantee

COVID discounts on Job Programs end soon, register today.