A CHAP packet consists of an 8-bit Code field, an 8-bit Identifier field, a 16-bit Length field,
and a variable-length Data field. The Code field identifies the type of CHAP packet; there are
four type options:
Challenge
Response
Success
Failure
The Identifier field contains an incrementally changing identifier, which the remote end copies
into the response packet. Frequently changing the identifier provides protection against a playback
attack. The Length field is 16 bits long and indicates the length of the CHAP packet, including the
Code, Identifier, Length, and Data fields. Octets outside the range will be ignored. The Data field is
zero or more octets and is determined by the Code field.
Configuring CHAP authentication is a pretty straightforward process. Here’s an example:
Router#config t
Router(config)#username todd password cisco
Router(config)#interface bri0
Router(config-if)#encapsulation ppp
Router(config-if)#ppp authentication chap
Router(config-if)#^Z
Router#
The username name password password command is used to configure authentication
between two routers. The username is the host name of the router you want to connect to. The
passwords must be the same on each side for this to work. For example, if you had a corporate
router with a host name of Acmecorporate and a remote router with a host name of Acmeremote,
the configuration of the corporate router would look like this:
Acmecorporate(config)#username Acmeremote password sameone
The remote router’s configuration would be this:
Acmeremote(config)#username Acmecorporate password sameone
Code Identifier Length
Data