CCIE RS – L2 WAN Circuit Technologies – Authentication (PAP, CHAP)

CHAP – Challenge Handshake Authentication Protocol

  • RFC 1994
    • Verify identity of peer
    • Uses 3way handshake
  • After LCP phase is complete,
    • CHAP is negotiated, authenticator sends a challenge message to peer
    • Peer responds with value calculated through 1 way hash (MD5)
    • Authenticator checks the response against its own calculation


PPP must be enabled on the interface

Interface > ppp authentication chap

Configure username and password
Username [username] password [password]

Default username sent is hostname of the peer router

Default username can be changed under the interface

PPP chap username

Passwords must match on both ends
PPP chap passowrd

PAP – Password Authentication Protocol

  • RFC 1334
  • Simple method for authentication
    • 2 way handshake after LCP completes
    • Username and password are sent in clear text across link
  • Not a secure authentication protocol

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.