Which of the following is a Point-to-Point Protocol (PPP) authentication protocol that supports sending of
hashed values instead of sending passwords in clear text?
A.
LCP
B.
NCP
C.
PAP
D.
CHAP
Explanation:
There are two authentication methods available when implementing a PPP connection: Password
Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).Challenge Handshake Authentication Protocol (CHAP) uses a one-way hash function based on the Message
Digest 5 (MD5) hashing algorithm to hash the password. This hashed value is then sent across the wire. In this
situation, the actual password is never sent. No one tapping the wire will be able to reverse the hash to come
up with the original password. This is why MD5 is referred to as a one-way function. It cannot be reverse
engineered. CHAP uses a three-way handshake process to perform the authentication. Moreover, CHAP
periodically repeats the authentication process after link establishment.
When configuring PPP with CHAP authentication, both routers must be configured with a username that will be
presented by the other router with a password. Therefore, the username to configure on Router A will be the
username of Router B. The password should be the same on both machines. If these settings are not correct,
then authentication will fail. The authentication process can be displayed as it happens with the debug PPP
authentication command.
Link Control protocol (LCP) is defined in Request for Comments (RFCs) 1548 and 1570 and has primary
responsibility to establish, configure, authenticate, and test a PPP connection. LCP negotiates the following
when setting up a PPP connection:
Authentication method used (PAP or CHAP), if any
Compression algorithm used (Stacker or Predictor), if any
Callback phone number to use, if defined
Multilink; other physical connections to use, if configured
Network Control Protocol (NCP) defines the process for how the two PPP peers negotiate which network layer
protocols, such as IP and IPX, will be used across the PPP connection. LCP is responsible for negotiating and
maintaining a PPP connection whereas NCP is responsible for negotiating upper-layer protocols that will be
carried across the PPP connection.
Password authentication Protocol (PAP) is simpler than CHAP, but less secure. During the authentication
phase, PAP goes through a two-way handshake process. In this process, the source sends its user name (or
hostname) and password in clear text, to the destination. The destination compares this information with a list
of locally stored user names and passwords. If it finds a match, the destination returns an accept message. If it
does not find a match, it returns a reject message.
Objective:
WAN Technologies
Sub-Objective:
Configure, verify, and troubleshoot PPPoE client-side interfaces using local authenticationCisco > Internetworking Technology Handbook > Point-to-Point Protocol
Cisco > Support > Technology Support > WAN > Point-to-Point Protocol (PPP) > Design > Design TechNotes >
Understanding and Configuring PPP CHAP Authentication > Document ID: 25647