Prerequisites for Configurable CHAP Challenge Length
The PPP encapsulation must be configured on the interface.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Configurable Challenge Handshake Authentication Protocol (CHAP) Challenge Length feature allows you to configure the length of the CHAP challenge by specifying the minimum and maximum allowable challenge lengths in bytes.
The PPP encapsulation must be configured on the interface.
Information About Configurable CHAP Challenge Length
Challenge Handshake Authentication Protocol (CHAP) along with PPP is used to provide remote-device information to the central site. It verifies the identity of the peer by means of a three-way handshake.
When CHAP is enabled on any interface that supports PPP encapsulation, and a remote device attempts to connect to it, the local device or the access server sends a CHAP packet to the remote device. The CHAP packet requests or “challenges” the remote device to respond.
By default, the CHAP challenge is sent with a fixed 16-byte length to the peer. The Configurable CHAP Challenge Length feature allows the configuration of variable CHAP challenge lengths. A variable challenge length reduces the probability of an attacker predicting the challenge, thus optimizing the security.
Use the ppp chap challenge-length command to configure the CHAP challenge lengths.
How to Configure Configurable CHAP Challenge Length
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
Step 3 |
interface virtual-template number Example:
|
Creates a virtual template interface and enters interface configuration mode. The range is from 1 to 4095. |
Step 4 |
ppp authentication chap Example:
|
Enables CHAP authentication. |
Step 5 |
ppp chap challenge-length min-length max-length Example:
|
Configures the minimum and maximum CHAP challenge lengths in bytes. The range is from 16 to 63. |
Step 6 |
end Example:
|
Exits interface configuration mode and returns to privileged EXEC mode. |
Configuration Examples for Configurable CHAP Challenge Length
The following example shows how to configure the Challenge Handshake Authentication Protocol (CHAP) challenge lengths:
Device> enable
Device# configure terminal
Device(config)# interface virtual-template 1
Device(config-if)# ppp authentication chap
Device(config-if)# ppp chap challenge-length 20 30
Device(config-if)# end
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
PPP commands |
|
Wide-area networking commands |
Description |
Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
Configurable CHAP Challenge Length |
Cisco IOS XE Release 3.12S |
The Configurable Challenge Handshake Authentication Protocol (CHAP) feature allows you to configure the length of the CHAP challenge by specifying the minimum and maximum allowable challenge length in bytes. The following command was introduced: ppp chap challenge-length . |