Dec 10

The Basic CHAP Setup Steps


CHAP (Challenge Handshake Authentication Protocol) is an authentication protocol that helps to verify the identity of a user or network host to an authenticator.

The CHAP’s working cycle is as follows:

  1. After the link (LCP) is established and the CHAP is negotiated between the two devices, the authenticator sends a “challenge” message to the connection requestor.
  2. The requestor then responds with a value that can be calculated by using a one way hash function (MD5).
  3. The authenticator then compares the response value with its own calculation of the expected hash value. The authentication is termed as successful if the values match otherwise the connection is terminated.

The authentication method over here is based on the secret value known only to the authenticator and the requestor.

Let’s see how to setup CHAP:

The CHAP is a one-way authentication protocol but it is also possible to create a two-way authentication too where the three-way handshake is initiated by each side. Mostly one-way authentication is used where non-Cisco devices are involved.

For example, let us consider one-way authentication method. We got two routers and now we have to configure CHAP between them.


The steps mentioned below have to be followed by each router:

  1. On the interface where the connection is requested or authentication is required, provide “encapsulation ppp” command.
  2. Use the command “ppp authentication chap” to enable the use of CHAP authentication on both the routers.
  3. Next, you have to configure usernames and passwords to both the routers. Write the command, username username password password, where remember that here username is the hostname of the peer router. But we need to ensure the following –
  4. The router name and password are case sensitive, so they have to be in the same format.
  5. The passwords are identical to both the routers.

So, we can write the commands for Router 1:

Router1(config)# hostname R1

Router1(config)# username R2 password SAME

Router1(config)# int s0/0

Router1(config-if)# encapsulation ppp

Router1(config-if)# ppp authentication CHAP

So, we can write the commands for Router 2:

Router1(config)# hostname R2

Router1(config)# username R1 password SAME

Router1(config)# int s0/0

Router1(config-if)# encapsulation ppp

Router1(config-if)# ppp authentication CHAP

Some of the CHAP configuration commands are:

  1. ppp authentication {chap | ms-chap | ms-chap-v2 | eap |pap} [callin] – enables local authentication of the remote peer with specified protocol.
  2. ppp chap hostname username define CHAP hostname for a specific interface.
  3. ppp chap password password define CHAP password for a specific interface.
  4. ppp direction callin | callout | dedicated when a device is confused if a call is incoming or outgoing, it forces the call direction.
  5. ppp chap refuse [callin] – disables remote authentication by a peer.
  6. ppp chap wait – authenticator specifies that the requestor needs to authenticate itself first.
  7. ppp max-bad-auth value specifies the number of times you can retry for authentication.
  8. ppp chap splitnames – allows different hostnames for CHAP authentication.
  9. ppp chap ignoreus – ignores the CHAP challenge for the local name.

List of top IT Certification

Looking for an IT Job?

Please call us on 1800 159 151, or complete the form below.

  • This field is for validation purposes and should be left unchanged.

Recent Posts

The supply of this course/package/program is governed by our terms and conditions. Please read them carefully before enrolling, as enrolment is conditional on acceptance of these terms and conditions. The sale price is valid for registrations between 01 Dec and 10 Jan.


Find out why we are the leading choice to help boost your career in Australia

Prepare to get IT job ready in 8 weeks

Trained 10,000+ professionals and counting

Experienced Provider: Operating Since 2004

Trained staff from 1000+ Australian Businesses

We Have Placed Candidates In

Over 1000 organisations have relied on Logitrain to be their trusted training partner.

High-quality, cost-effective training in Australia
Learn More
  • This field is for validation purposes and should be left unchanged.

Dont’ Wait. Fill the form for a free no-obligation information session with our course specialists.

About The Author

Train with Confidence with our Price Beat Guarantee

Hurry, Covid discounts on Job Programs end soon

Open chat