How to Configure Challenge Handshake Authentication Protocol (CHAP)
Challenge Handshake Authentication Protocol (CHAP) periodically checks the character of the far off hub utilizing a three-way handshake. The hostname on one switch must match the username the other switch has designed. The passwords should likewise coordinate. The password value is variable and changes unpredictably while the link exists.
When the PPP link establishment phase is complete, the local router sends a challenge message to the remote node containing Challenge Handshake Authentication Protocol (CHAP) user name and a hash value that is based on the Challenge Handshake Authentication Protocol (CHAP)Password.
The remote router compares the local routers username and password in its local database and calculates hash value with the value sent from local router. The remote node then responds with a calculated value using a one way hash function, usually with Message Digest 5 (MD5) based on the password and challenge message. The figure1 illustrates the CHAP 3 way handshake.
The local router checks the reaction against its own calculation of the likely hash value. In case of value match, the initiating node acknowledges the authentication; otherwise, the initiating node immediately terminates the connection.
Challenge Handshake Authentication Protocol (CHAP) provides better protection then PAP because it protects devices from playback attacks using a variable challenge value that is unique and unpredictable. The challenge and resulted hash value are unique and random. The use of repetitive challenges limits the time of vulnerability to any single attack. The local router or a third-party authentication server is in control of the frequency and timing of the challenges.
Challenge Handshake Authentication Protocol (CHAP) Configuration
We have learnt in the previous section that CHAP periodically identifies the remote node using a three-way handshake. The hostname on one router should match the username the other router has configured. The passwords also required to match. This occurs on initial link establishment and can be repeated any time after the link has been established. The commands for configuring CHAP on R1 are the following:
Router R-1 (Local)
Router>enable
Router#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#username R2 password Cisco
R1(config)# interface serial0/0/0
R1(config-if)#no shut
R1(config-if)# ip address 192.168.10.1 255.255.255.252
R1(config-if)# ipv6 address 2001:AD01:BD00::1/64
R1(config-if)# clock rate 64000
R1(config-if)#encapsulation PPP
R1(config-if)#ppp authentication chap
R1(config-if)#exit
Router R-2 (Remote)
Router>enable
Router#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#username R2 password ccna12345
R2(config)# interface serial0/0/0
R2(config-if)#no shut
R2(config-if)# ip address 192.168.10.2 255.255.255.252
R2(config-if)# ipv6 address 2001:AD01:BD00::2/64
R2(config-if)# clock rate 64000
R2(config-if)#encapsulation PPP
R2(config-if)#ppp authentication chap
R2(config-if)#exit
October 12, 2020 @ 10:08 am
This is a PPP protocol right? When should consider implementing it?
October 12, 2020 @ 12:25 pm
PPP is a relatively old communications protocol, usually, used as a point-to-point WAN protocol, working at the datalink layer of the OSI model. PPP is one of the more stable protocols due to its error checking mechanism.
PPP can operate with different types of DTEs/DCEs physical interfaces, including asynchronous serial, synchronous serial, HSSI, and ISDN.
in the PPP operation on a link, it will negotiate with the other side of the link. PPP negotiation has three different phases: LCP, Authentication, and NCP. which is earlier discussed.
October 18, 2020 @ 12:11 pm
The information on this eventually hits the best ever information in the market. You are one of the best supportive for the required content whenever required. However, your value experience into the relevant topic is on top-priority basis. I also read tremendous and eye-catching articles over here. Just Visit Hereand get evolved with more enhanced content.
October 18, 2020 @ 5:37 pm
Thanks for visiting and comment on this article
October 29, 2020 @ 2:49 am
Well you provide one of the authenticate information till now, I was waiting for the same since a long time and I found your help in regards to the topic I was searching for.
Just Visit Hereand get evolved with more enhanced content.
July 4, 2021 @ 9:40 am
This is what we were literally looking for guys!! Thank you so much!
August 12, 2021 @ 8:52 am
Good post. I learn something totally new and challenging on websites
I StumbleUpon every day. It will always be exciting to read articles from other authors and practice something from their sites.