Supported Platforms
Related Documentation
Modifying the CHAP Challenge Length
You can modify the default minimum length and maximum length of the Challenge Handshake Authentication Protocol (CHAP) challenge message that the router sends to a PPP client. The CHAP challenge message, which contains information that is unique to a particular PPP subscriber session, is used as part of the authentication mechanism between the router and the client to verify the identity of the client for access to the router.
By default, the minimum length of the CHAP challenge is 16 bytes, and the maximum length is 32 bytes. You can override this default to configure the CHAP challenge minimum length and maximum length in the range 8 bytes through 63 bytes.
 | Best Practice: We recommend that you configure both the minimum length and the maximum length of the CHAP challenge to at least 16 bytes. |
Before you begin:
- Configure the CHAP protocol on the interface.
- For dynamic PPP subscriber interfaces, see Configuring Dynamic Authentication for PPP Subscribers.
- For static interfaces with PPP encapsulation, see Configuring the PPP Challenge Handshake Authentication Protocol.
To configure the minimum and maximum length of the CHAP challenge message:
- Specify that you want to configure PPP options.
- For dynamic PPP subscriber interfaces:[edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit”]user@host# edit ppp-options
- For static interfaces with PPP encapsulation:[edit interfaces pp0 unit logical-unit-number]user@host# edit ppp-options
- For dynamic PPP subscriber interfaces:
- Specify that you want to configure CHAP options.
- Specify the minimum length and maximum length of the CHAP
challenge.
- For dynamic PPP subscriber interfaces:[edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit” ppp-options chap]user@host# set challenge-length minimum minimum-length maximum maximum-length
- For static interfaces with PPP encapsulation:[edit interfaces pp0 unit logical-unit-number ppp-options chap]user@host# set challenge-length minimum minimum-length maximum maximum-length
For example, the following challenge-length statement in a dynamic profile named pppoe-client-profile sets the minimum length of the CHAP challenge to 20 bytes, and the maximum length to 40 bytes.
[edit dynamic-profiles pppoe-client-profile interfaces pp0 unit “$junos-interface-unit” ppp-options chap]user@host# set challenge-length minimum 20 maximum 40 - For dynamic PPP subscriber interfaces:
