Posts from ‘CCNA’
The following question was recently sent to me regarding PPP and CHAP:
At the moment I only have packet tracer to practice on, and have been trying to setup CHAP over PPP.
It seems that the “PPP CHAP username xxxx” and “PPP CHAP password xxxx” commands are missing in packet tracer.
I have it set similar to this video… (you can skip the first 1 min 50 secs)
As he doesn’t use the missing commands, if that were to be done on live kit would it just use the hostname and magic number to create the hash?
Also, in bi-directional authentication, do both routers have to use the same password or can they be different as long as they match what they expect from the other router?
Here was my reply:
When using PPP CHAP keep in mind four fundamental things:
- The “magic number” that you see in PPP LCP messages has nothing to do with Authentication or CHAP. It is simply PPPs way of trying to verify that it has a bi-directional link with a peer. When sending a PPP LCP message a random Magic Number is generated. The idea is that you should NOT see your own Magic Number in LCP messages received from your PPP Peer. If you DO see the same magic number that you transmited, that means you are talking to yourself (your outgoing LCP CONFREQ message has been looped back to you). This might happen if the Telco that is providing your circuit is doing some testing or something and has temporarily looped-back your circuit.
- At least one of the devices will be initiating the CHAP challenge. In IOS this is enabled with the interface command, “ppp authentication chap”. Technically it only has to be configured on one device (usually the ISP router that wishes to “challenge” the incoming caller) but with CHAP you can configure it on both sides if you wish to have bi-directional CHAP challenges.
- Both routers need a CHAP password, and you have a couple of options on how to do this.
- The “hash” that is generated in an outgoing PPP CHAP Response is created as a combination of three variables, and without knowing all three values the Hash Response cannot be generated:
- A router’s Hostname
- The configured PPP CHAP password
- The PPP CHAP Challenge value
I do all of my lab testing on real hardware so I can’t speak to any “gotchas” that might be present in simulators like Packet Tracer. But what I can tell you, is that on real routers the side that is receiving the CHAP challenge must be configured with an interface-level CHAP password.
The relevant configurations are below as an example.
ISP router that is initiating the CHAP Challenge for incoming callers:
username Customer password cisco ! interface Serial1/3 encapsulation ppp ppp authentication chap ip address x.x.x.x y.y.y.y !
Customer router placing the outgoing PPP call to ISP:
hostname Customer ! interface Serial1/3 encapsulation ppp ppp chap password cisco ip address x.x.x.x y.y.y.y !
If you have a situation where you expect that the Customer Router might be using this same interface to “call” multiple remote destinations, and use a different CHAP password for each remote location, then you could add the following:
Customer router placing the outgoing PPP call to ISP-1 (CHAP password = Bob) and ISP-2 (CHAP password = Sally):
hostname Customer ! username ISP-1 password Bob
username ISP-2 password Sally
interface Serial1/3 encapsulation ppp ppp chap password cisco ip address x.x.x.x y.y.y.y !
Notice in the example above, the “username x password y” commands supercede the interface-level command, “ppp chap password x”. But please note that the customer (calling) router always needs the “ppp chap password” command configured at the interface level. A global “username x password y” in the customer router does not replace this command. In this situation, if the Customer router placed a call to ISP-3 (for which there IS no “username/password” statement) it would fallback to using the password configured at the interface-level.
Lastly, the “username x password y” command needs to be viewed differently depending on whether or not it is configured on the router that is RESPONDING to a Challenge…or is on the router that is GENERATING the Challenge:
- When the command “username X password Y” is configured on the router that is responding to the CHAP Challenge (Customer router), the router’s local “hostname” and password in this command (along with the received Challenge) will be used in the Hash algorithm to generate the CHAP RESPONSE.
- When the command “username X password Y” is configured on the router that is generating the CHAP Challenge (ISP Router), once the ISP router receives the CHAP Authentication Response (which includes the hostname of the Customer/calling router) it will match that received Hostname to a corresponding “username X password Y” statement. If one is found that matches, then the ISP router will perform its own CHAP hash of the username, password, and Challenge that it previously created to see if its own, locally-generated result matches the result that was received in the CHAP Response.
Lastly, you asked, “ Also, in bi-directional authentication, do both routers have to use the same password or can they be different as long as they match what they expect from the other router?”
Hopefully from my explanations above it is now clear that in the case of bi-directional authentication, the passwords do indeed have to be the same on both sides.
Hope that helps!
Between now and the end of the week we will be releasing our January to June 2013 schedule. You will see a lot of new classes/bootcamps added covering a wide range of topics. These include CCNA Data Center, CCNP Data Center, CCNP Wireless, CCNA Service Provider, CCNP Service Provider, Nexus 1000v & Open vSwitch, UCS & OpenStack, Nexus Live Online Bootcamps, Nexus Live Onsite Bootcamps, etc. You will also notice we are adding new 2 day online courses covering a wide range of topics (ISE, WSE, IOS XR, IOS XE, OpenFlow, etc).
The biggest change that you will notice for 2013 is that for ALL of our new products we will offer hands-on labs and equipment rentals. We’ve made a big push for new hardware in 2012 and we’ll be making an even bigger push for 2013. During the first week of January you will see the new CCNP and CCIE Security racks along with the new CCIE Data Center racks coming online. Additionally our new CCNP Security course will have hands-on labs available around the same time frame.
In 2013 we will be making all of our CCNA courses available free of charge like how our CCNA and CCNA Voice courses are now. Not only will they be free to stream online, we will offer hands-on labs and equipment access for all tracks (CCNA Service Provider, CCNA Data Center tracks, etc). Some of the equipment will be offered free of charge for AAP members and some equipment even free of charge to the general public. The key to learning at this level isn’t to be bored to death with some “professional presenter” going over hours and hours of PowerPoint slides or some low budget video production with a “professional presenter” dancing around the screen. You need to be engaged by watching a real instructor cover the topics hands-on while you also following along on the equipment. Lastly in regards to the CCNA, you will see the current courses redone to allow for this new format.
For the workbooks will be retiring the workbook volume structure (Vol 1, Vol 2, etc) that we first introduced years ago and is now copied by nearly every vendor. We will be moving to a new format that is a single solution laid out in a structured manner as opposed to a portfolio of products. This new format allows for quicker updates and additions to the products along with many other benefits. The new CCIE Security and CCIE Data Center products will be the first to be offered in our new format.
Lastly I will be making a separate post later this month in regarding a new series of online classes that I personally will be doing next year.
Just ahead of our brand new CCNA Voice live online bootcamp beginning this Monday, I thought it might be nice to provide an easy-to-follow graphic for those starting out in Voice (or on any other Cisco networking track). This graphic was from last year, but remains quite easy to follow for each and every Cisco track.
Be sure you have a high resolution set if you wish to see the entire thing, otherwise scrolling may be necessary.
INE is proud to announce the release of two brand new video products, the CCNA Routing & Switching Exam Course and the CCNA Routing & Switching Video Flashcards. Both of these products were written and delivered by Brian McGahan – three times CCIE #8593 in Routing & Switching, Security, and Service Provider – one of the most highly regarded and experienced CCIE instructors in the industry. Best of all, until Jan 1st 2012, streaming access is FREE to both the CCNA R&S Exam Course and CCNA R&S Video Flashcards, while download access to the CCNA R&S Exam Course is only $99! Additionally these classes support streaming to iPhone/iPad, Android, and Windows phone platforms, so you can take your training on the go.
To view these classes create a free account on the INE Members Site, then follow the links there once logged in.
Specifically the CCNA R&S Exam Course is a comprehensive look at the technologies covered in the Cisco Certified Network Associate (CCNA) Routing & Switching exams. With over 25 hours of instructor-led videos, this class contains both easy to understand and in-depth explanations, along with hands-on examples on the Cisco IOS Command Line Interface. The class will not only fully prepare you for the latest 640-822 ICND1 (CCENT), 640-816 ICND2, and 640-802 CCNA exams, but it will also expand your understanding of core technologies that are essential to know for beginning or advancing your career with today’s networks.
The CCNA R&S Video Flashcards are designed to help you test you knowledge before you sit for the actual ICND1, ICND2, or CCNA Composite exams. The thing that sets the Video Flashcards apart from other practice tests is that after every question, the instructor goes through a detailed explanation as to what the answer is, why it is the answer, and includes visual and hands on examples of the pertinent technology. We are considering adding Video Flashcard products for our other CCNA, CCNP, and CCIE tracks, so please post your comments below and give us some feedback about what you think of the Video Flashcard format!
Both of the above products are part of our larger All Access Pass video library. Available as a $159 per month or $1599 per year subscription, INE’s All Access Pass contains hundreds of hours of videos covering topics such as:
- CCNA Routing & Switching
- CCNA Voice
- CCNA Security
- CCNP Routing & Switching
- CCNP Voice
- CCNP Security
- CCIE Routing & Switching
- CCIE Voice
- CCIE Security
- CCIE Service Provider
- And more!
Feel free to post your feedback about the new CCNA videos here, or email Brian McGahan directly at firstname.lastname@example.org.
We have a new feature on our All Access Pass streaming video playlists that we believe will help tremendously help you in your studies – but we’ll leave you to be the judge of that. We have added the ability for you to save unlimited bookmarks (and take notes on those bookmarks) for each video playlist you have in your online, streaming All Access Pass. Please login to your members account, then navigate to one of the streaming video playlists in order to access the new bookmark feature (i.e. you won’t see it on the sample video playlists).
Here is a sample screenshot of the new feature in action. Click to see it larger.
By the way, one other important thing to note about this new feature is that if you take a bookmark, it is not specific to the streaming quality that you chose when saving the bookmark. So if you were watching in the “High” quality, and save a bookmark for a specific spot, you can always choose a different quality level (e.g. “HD”) and then click your bookmark, or vice-versa, to watch that bookmark at the different streaming quality. Also, you will be able to copy the links from those bookmarks, and send them to your peers studying with you, that also have an INE AAP membership, and they will be able to access that same spot to comment on something important that you found, and would like to share with them. You will find the appendix to the existing video URL very
similar to that of the way YouTube codes theirs, for easy use.
Enjoy, and be sure to tell us how you like the new feature and if or how it is helping you in your studies, in the comments section!
A while back, in May, we asked you all what you thought of adding closed captioning to all of our videos, and your response – both in comments and private emails – was overwhelmingly positive. This functionality would not only provide better assistance for those with difficulty hearing, but also give everyone the incredible ability to search anywhere within any video for a particular topic or keyword that had been spoken about in the audio track, and immediately jump to that timecode spot in the video. This would every single minute of every video we have the ablility to be searched and subsequently accessed within just a few moments vs. having to watch the entire video over and over each time you wished to return to a particular spot in it for some remedial learning.
Well, you needn’t wait much longer.
We’re pleased to announce that our recently released, highly acclaimed Routing and Switching CCIE Advanced Technologies Class is available for download. The RS ATC consists of 156 videos totaling over 80 hours of hands down the best CCIE training on the market today. You can download it now for just $299 or as an All Access Pass subscriber you can download it for only $149. For All Access Pass subscriber the online streaming version is included free of charge.
Each of the 156 videos can be individually downloaded without the need to download the whole class. This will enable you to selectively load them onto any computer or mobile device and watch them at your leisure. Although we do not place any DRM on the files themselves we do limit each purchase to two downloads. You can purchase an additional download for $29.95 in the future if needed under our Investment Protection Program.
Android customers should note that these are .mov files and you will need to download a player for them. We tested several freely available .mov players and didn’t run across any issues playing the downloaded videos.
Additionally we’re going to upload a new version of the streaming videos next week to help with any compatibility issues regarding streaming to these devices. Update – June 11th 2100 GMT – All of the streaming videos are now working on Android enabled devices using the default browser.
If you’ve been wondering what we’ve been up to lately here at INE well you can now see that we’re once again changing the CCIE training industry. You can watch hundreds of hours of the best CCIE training for just $159 a month and download our newest courses for just $149 as an AAP subscriber. We’ve just wrapped post-production on our brand new CCIE Voice ATC class and have made some sample videos available now and are releasing the full product next week. This weekend you can pre-order the $299 downloadable version for $249 with the coupon code VATC50.
Also in the pipeline are completely redone CCNA, CCNA Voice and CCNA Security courses as well as CCNP Voice and CCNP Security courses. All Access Pass subscribers will be able to stream them for free and download them for only $149. These are scheduled for release in July.
One of the most important technical protocols on the planet is Open Shortest Path First (OSPF). This highly tunable and very scalable Interior Gateway Protocol (IGP) was designed as the replacement technology for the very problematic Routing Information Protocol (RIP). As such, it has become the IGP chosen by many corporate enterprises.
OSPF’s design, operation, implementation and maintenance can be extremely complex. The 3-Day INE bootcamp dedicated to this protocol will be the most in-depth coverage in the history of INE videos.
This course will be developed by Brian McGahan, and Petr Lapukhov. It will be delivered online in a Self-Paced format. The course will be available for purchase soon for $295.
Here is a preliminary outline:
Day 1 OSPF Operations
● Dijkstra Algorithm
● Neighbors and Adjacencies
○ OSPF Packet Formats
○ OSPF Authentication
○ Link-State information Flooding
About the Protocol
- The algorithm used for this advanced Distance Vector protocol is the Diffusing Update Algorithm.
- As we discussed at length in this post, the metric is based upon Bandwidth and Delay values.
- For updates, EIGRP uses Update and Query packets that are sent to a multicast address.
- Split horizon and DUAL form the basis of loop prevention for EIGRP.
- EIGRP is a classless routing protocol that is capable of Variable Length Subnet Masking.
- Automatic summarization is on by default, but summarization and filtering can be accomplished anywhere inside the network.
EIGRP forms “neighbor relationships” as a key part of its operation. Hello packets are used to help maintain the relationship. A hold time dictates the assumption that a neighbor is no longer accessible and causes the removal of topology information learned from that neighbor. This hold timer value is reset when any packet is received from the neighbor, not just a Hello packet.