Posted: 31 Jul 2015 in CCNA
Tags: , ,
In this tutorial we will learn how to configure CHAP on Cisco Routers.But before we start configuring it we must know what CHAP is and why we configure it.CHAP is an authentication scheme used by Point to Point Protocol  servers to validate the identity of remote clients. It periodically verifies the identity of the client by using a three-way handshake. The verification is based on a shared secret (such as the client user’s password).
  1. One of important feautures of  CHAP is that it doesn’t only require the client to authenticate itself at startup time, but sends challenges at regular intervals to make sure the client hasn’t been replaced by an intruder, for instance by just switching phone lines.

Network admins configure CHAP on routers because it provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value.

Authentication through CHAP is  more secure because it requires that both the client and server know the plaintext of the secret, although it is never sent over the network.

CHAP provides better security as compared to Password Authentication Protocol (PAP).


chap configuration tutorial





Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#host R1

R1(config)#int se0/0/0

R1(config-if)#ip add

R1(config-if)#clock rate 64000

R1(config-if)#encapsulation ppp

R1(config-if)#ppp authentication chap


R1(config)#username R2 password redhat

R1(config)#int se0/0/0

R1(config-if)#no shut





Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#host R2

R2(config)#username R1 password redhat

R2(config)#int se0/0/0

R2(config-if)#ip add

R2(config-if)#no shut


R2(config-if)#encapsulation ppp


%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up

R2(config-if)#ppp authentication chap


Now test communication between these routers:


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/10/50 ms



Test PPP Configuration on Router Interface using below command.

R1#show int se0/0/0
Serial0/0/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)

  1. aneek says:

    i love ur website

    Liked by 1 person

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.