HOW TO CONFIGURE CHAP AUTHENTICATION ON CISCO ROUTERS .

In this post we will learn how to configure chap authentication on cisco routers .

CHAP stands for Challenge Handshake Authentication Protocol, that verifies the identity of the peer by means of a three way handshake. Network admins configure chap authentication  on routers because it provides protection against replay attacks by the peer and it also provides better security as compared to PAP ( Password Authentication Protocol ). We have to enable PPP on the interface through the encapsulation ppp command. Encapsulation ppp is a Point-to-Point Protocol (PPP) is a data link  protocol used to establish a direct connection between two nodes.

 

chap configuration on cisco routers

 

ROUTER ‘S  CONFIGURATION

ROUTER R1

 

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R1
R1(config)#int fa0/0
R1(config-if)#ip address 1.0.0.1 255.0.0.0
R1(config-if)#no shut

R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R1(config-if)#exit
R1(config)#int se0/0/0
R1(config-if)#ip address 2.0.0.1 255.0.0.0
R1(config-if)#clock rate 64000
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#no shut

%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down
R1(config-if)#exit
R1(config)#int se0/0/0
R1(config-if)#username R2 password ccna
R1(config)#username R2 password ccna
R1(config)#
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up

R1#show int se0/0/0

Serial0/0/0 is up, line protocol is down (disabled)
Hardware is HD64570
Internet address is 2.0.0.1/8
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Closed
Closed: LEXCP, BRIDGECP, IPCP, CCP, CDPCP, LLC2, BACP
Last input never, output never, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

 

ROUTER R2

 

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#host R2
R2(config)#username R1 password ccna

R2(config)#int se0/0/0
R2(config-if)#ip address 2.0.0.2 255.0.0.0
R2(config-if)#no shut

R2(config-if)#
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
R2(config-if)#exit
.

R2(config)#int fa0/0
R2(config-if)#ip address 3.0.0.1 255.0.0.0
R2(config-if)#no shut

R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R2(config-if)#exit
R2(config)#

Ping with the routers interface to check .

R2(config)#do ping 2.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.0.0.2, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

R2(config)#do ping 2.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.0.0.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s