September 25 2020

How to Configure Challenge Handshake Authentication Protocol (CHAP)

Challenge Handshake Authentication Protocol (CHAP) periodically checks the character of the far off hub utilizing a three-way handshake. The hostname on one switch must match the username the other switch has designed. The passwords should likewise coordinate. The password value is variable and changes unpredictably while the link exists.

When the PPP link establishment phase is complete, the local router sends a challenge message to the remote node containing Challenge Handshake Authentication Protocol (CHAP) user name and a hash value that is based on the Challenge Handshake Authentication Protocol (CHAP)Password.

The remote router compares the local routers username and password in its local database and calculates hash value with the value sent from local router. The remote node then responds with a calculated value using a one way hash function, usually with Message Digest 5 (MD5) based on the password and challenge message. The figure1 illustrates the CHAP 3 way handshake.

The local router checks the reaction against its own calculation of the likely hash value. In case of value match, the initiating node acknowledges the authentication; otherwise, the initiating node immediately terminates the connection.

Challenge Handshake Authentication Protocol (CHAP) provides better protection then PAP because it protects devices from playback attacks using a variable challenge value that is unique and unpredictable. The challenge and resulted hash value are unique and random. The use of repetitive challenges limits the time of vulnerability to any single attack. The local router or a third-party authentication server is in control of the frequency and timing of the challenges.

Challenge Handshake Authentication Protocol (CHAP) Configuration

We have learnt in the previous section that CHAP periodically identifies the remote node using a three-way handshake. The hostname on one router should match the username the other router has configured. The passwords also required to match. This occurs on initial link establishment and can be repeated any time after the link has been established. The commands for configuring CHAP on R1 are the following:

Router R-1 (Local)

Router>enable

Router#config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname R1

R1(config)#username R2 password Cisco

R1(config)# interface serial0/0/0

R1(config-if)#no shut

R1(config-if)# ip address 192.168.10.1 255.255.255.252

R1(config-if)# ipv6 address 2001:AD01:BD00::1/64

R1(config-if)# clock rate 64000

R1(config-if)#encapsulation PPP

R1(config-if)#ppp authentication chap

R1(config-if)#exit

Router R-2 (Remote)

Router>enable

Router#config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname R2

R2(config)#username R2 password ccna12345

R2(config)# interface serial0/0/0

R2(config-if)#no shut

R2(config-if)# ip address 192.168.10.2 255.255.255.252

R2(config-if)# ipv6 address 2001:AD01:BD00::2/64

R2(config-if)# clock rate 64000

R2(config-if)#encapsulation PPP

R2(config-if)#ppp authentication chap

R2(config-if)#exit

Asad Ijaz

Hey there, I'm Asad Ijaz Khattak, and I'm not your typical writer and blogger – I'm the voice behind the scenes at the renowned website, "networkustad.com." When it comes to the digital realm, I'm all about technology, networking, and cybersecurity. Picture this: I'm not just someone who writes about tech; I'm a certified expert in the field. I proudly hold the titles of Cisco Certified Network Professional (CCNP) and Cisco Certified Network Associate (CCNA). So, when I talk about networking, I'm not just whistling in the dark; I know my stuff! My website is like a treasure trove of knowledge. You'll find a plethora of articles and tutorials covering a wide range of topics related to networking and cybersecurity. It's not just a website; it's a learning hub for anyone who's eager to dive into the world of bits, bytes, and secure connections. And here's a fun fact: I'm not a lone wolf in this journey. I'm a proud member and Editor of Team NetworkUstad. Together, we're on a mission to empower people with the knowledge they need to navigate the digital landscape safely and effectively. So, if you're ready to embark on a tech-savvy adventure, stick around with me, Asad Ijaz Khattak. We're going to unravel the mysteries of technology, one article at a time!"

→ Asad Ijaz

7 Comments

Leon Bridges
October 12, 2020 @ 10:08 am

This is a PPP protocol right? When should consider implementing it?

Loading...

Reply
- Shahab Ali
  October 12, 2020 @ 12:25 pm
  
  PPP is a relatively old communications protocol, usually, used as a point-to-point WAN protocol, working at the datalink layer of the OSI model. PPP is one of the more stable protocols due to its error checking mechanism.
  PPP can operate with different types of DTEs/DCEs physical interfaces, including asynchronous serial, synchronous serial, HSSI, and ISDN.
  
  in the PPP operation on a link, it will negotiate with the other side of the link. PPP negotiation has three different phases: LCP, Authentication, and NCP. which is earlier discussed.
  
  Loading...
  
  Reply
Alert Gerison
October 18, 2020 @ 12:11 pm

The information on this eventually hits the best ever information in the market. You are one of the best supportive for the required content whenever required. However, your value experience into the relevant topic is on top-priority basis. I also read tremendous and eye-catching articles over here. Just Visit Hereand get evolved with more enhanced content.

Loading...

Reply
- Shahab Ali
  October 18, 2020 @ 5:37 pm
  
  Thanks for visiting and comment on this article
  
  Loading...
  
  Reply
Alert Gerison
October 29, 2020 @ 2:49 am

Well you provide one of the authenticate information till now, I was waiting for the same since a long time and I found your help in regards to the topic I was searching for.
Just Visit Hereand get evolved with more enhanced content.

Loading...

Reply
Fios
July 4, 2021 @ 9:40 am

This is what we were literally looking for guys!! Thank you so much!

Loading...

Reply
Atif Ullah
August 12, 2021 @ 8:52 am

Good post. I learn something totally new and challenging on websites
I StumbleUpon every day. It will always be exciting to read articles from other authors and practice something from their sites.

Loading...

Reply

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Email

How to Configure Challenge Handshake Authentication Protocol (CHAP)