CHAP – Challenge Handshake Authentication Protocol
- RFC 1994
- Verify identity of peer
- Uses 3way handshake
- After LCP phase is complete,
- CHAP is negotiated, authenticator sends a challenge message to peer
- Peer responds with value calculated through 1 way hash (MD5)
- Authenticator checks the response against its own calculation
Configuration
PPP must be enabled on the interface Interface > ppp authentication chap Configure username and password Username [username] password [password] Default username sent is hostname of the peer router Default username can be changed under the interface PPP chap username Passwords must match on both ends PPP chap passowrd
PAP – Password Authentication Protocol
- RFC 1334
- Simple method for authentication
- 2 way handshake after LCP completes
- Username and password are sent in clear text across link
- Not a secure authentication protocol