Request chap authentication, Respond to chap challenges – Compatible Systems 5.4 User Manual

Chapter 10 - WAN Link Protocols

167

PPP Link from the Link Type pulldown in the Link Configuration: WAN
Dialog Box (under WAN/Link Configuration), and then clicking on the
CHAP button at the bottom of the dialog box.

CHAP is a security protocol that allows devices using PPP to authenticate
their identities to each other through the use of a message digest (MD5) calcu-
lation. Either or both ends of a link can request that the opposite end of the
link authenticate itself. CHAP requests do not depend on knowing which
device initiated a call, so a calling device can request and/or provide authen-
tication, as can a device that receives a call.

CHAP authentications can be performed at any time after a communications
link is connected. A CHAP authentication sequence begins with a “chal-
lenge” from one end of the link. The challenge includes the name of the chal-
lenging router.

The response to the challenge includes the name of the responding router.
This name will be looked up in the challenging router’s database or on a
configured RADIUS server. The name, along with a “secret” value that is
stored in the database or RADIUS server and is shared by both ends, will be
processed by the challenging end using the MD5 algorithm.

If the result of an identical MD5 calculation performed by the challenging end
is not the same, the challenging end drops the link.

To access the User Authentication Database Configuration Dialog Box, select
Global/User Authentication Database in the Device View. To access the
RADIUS Configuration Dialog Box, select Global/System Configuration in
the Device View and click on the RADIUS button.

v Note: Because the secret is never passed across the link, even in encrypted
form, CHAP is considered to be significantly more secure than PAP.

Request CHAP Authentication

This checkbox controls whether this router will send a CHAP challenge to the
other end before allowing PPP negotiation to complete. Each challenge will
include this router’s Name (as described below), along with a random value
selected by this router.

•

If checked this router will send a CHAP challenge to the device at the
other end of the link.

•

If unchecked this router will not send a CHAP challenge to the device at
the other end of the link.

Respond to CHAP Challenges

This checkbox controls whether this router will respond to CHAP challenges
from the other end.