CHAP Basic Setup Steps | Blog

Aug 23
CHAP Basic Setup

CHAP Basic Setup Steps

The Challenge Handshake Authentication Protocol (CHAP) is a built-in authentication protocol defined in PPP (point to point protocol) and is used for identity verification of two devices involved in point to point link. CHAP uses three-way handshake mechanism. These are different steps performed in CHAP:

Once LCP (Link Control Protocol) process has completed, and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer.

The peer responds with a value calculated using one-way hash algorithm, called message digest 5 (MD5).

The authenticator checks the response value and its own calculated hash value. If the values are same, the authentication is successful or else, the connection is terminated.

This authentication process depends on a “secret” which is pre-shared by the authenticator and the peer. The authentication can either be one-way or two way(mutual).

To configure CHAP authentication along with PPP on an interface that has all default configuration on the serial interfaces of both Cisco routers, follow these steps:

Step1: Use the encapsulation ppp command in interface configuration mode, on the serial interfaces of both routers, to enable PPP on the interfaces.

Step2: Define the usernames and passwords used by the two routers:

  1. Use the hostname name command in global configuration mode on each router, to set the local router’s name to use when authenticating.
  2. Use the username name password password command in global configuration mode on each router, to define the name (case-sensitive) used by the neighbouring router, and the matching password(case-sensitive). The name in the username command should match the name in the neighbouring router’s hostname command.

Step3: Use the ppp authentication chap command in interface configuration mode on each router to enable CHAP on each interface.

Example: On first device,


Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#hostname Schap

Schap(config)#username Rchap password pass1

Schap(config)#interface se0

Schap(config-if)#ip address

Schap(config-if)#encapsulation ppp

Schap(config-if)#ppp authentication chap


On another device,


Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#hostname Rchap

Rchap(config)#username Schap password pass1

Rchap(config)#interface se0

Rchap(config-if)#ip address

Rchap(config-if)#encapsulation ppp

Rchap(config-if)#ppp authentication chap


To check, if chap authentication has succeeded or not, there are several ways.

Firstly, if CHAP authentication is enabled but chap authentication fails, the protocol status of the interface fails to a down state and “LCP open” will not be there in the show output. To check that status, use the show interfaces type number command or show interfaces status command.

You can also use show ppp all command to verify if chap authentication is working or not.

Learn more about Cisco Exam

The supply of this course/package/program is governed by our terms and conditions. Please read them carefully before enrolling, as enrolment is conditional on acceptance of these terms and conditions. Courses run subject to registrations.


Find out why we are the leading choice to help boost your career in Australia

Prepare to get IT job ready in 8 weeks

Trained 10,000+ professionals and counting

Experienced Provider: Operating Since 2004

Trained staff from 1000+ Australian Businesses

We Have Placed Candidates In

Over 1000 organisations have relied on Logitrain to be their trusted training partner.

High-quality, cost-effective training in Australia
Learn More
  • OpenPay
  • This field is for validation purposes and should be left unchanged.

Dont’ Wait. Fill the form for a free no-obligation information session with our course specialists.

About The Author

Delivering Classroom and Live Virtual Training with Price Beat Guarantee

COVID discounts on Job Programs end soon, register today.