03 December 2008

Crazy Home Lab

Actually I found this site quite long time ago, I'm amazed by the craziness of the owner's home lab. You've probably seen this site before, since this site is quite famous.

This site is named Uber Geek, the owner of this site is Scott Morris. His resume alone is outstanding, he's a quadruple CCIE, meaning he owns all four of the CCIE tracks.
And he also wins all other networking certifications that you can dream of.

Once you see the lab he has, you'd understand what I'm saying:

I can't say anything but this lab is just crazy, not only Cisco devices but also Juniper, Sun, Dell, etc.
Some of the small ISPs in my country don't even have these kind of devices I think.

Of course with those four big racks and massive amount of devices comes a great requirements. From the heat come from the devices he made special air conditioning environment at his basement.

I know the idea to build this kind of lab is no where near possible for people that just want to pass certification exams like CCNA or even CCNP. Especially if you don't get enough income from your networking projects.
Nevertheless having a lab like this will make your future clients won't doubt about your expertise.

So I say, start building your home network lab, add in some Cisco or other devices one by one and maybe eventually you'll come close to Scott Morris' lab.

Read more!

02 December 2008

Configuring SSH for Cisco

In the CCNA level, we only know how to connect to Cisco devices using console connection and telnet connection.

We know that no one can tap on the console connection since it's directly connected to the Cisco device, but different story for the telnet connection.
Anyone can tap messages from the telnet session.

All messages send in clear text, so it's dangerous to leave default communication with Cisco devices just using telnet.

We can use SSH for secure connection to the Cisco devices. The SSH will encrypt all messages going from your computer to the Cisco devices.

First you're going to need Cisco IOS image that support SSH or IPSec, DES, or 3DES. How would you know that. Well you can just issue the following command:

router> ena
router# show ip ssh
% Invalid input detected at '^' marker.

If it's showing % Invalid input detected at '^' marker., then the IOS does not support SSH.

Now start with the configuration, you have to define a hostname for the Cisco device, and also the domain name for it.
In this example I use hostname of "netrouter" and domain name of "ciscolab.home".

router (config)# hostname netrouter
netrouter (config)# ip domain-name ciscolab.home

Next is to generate the rsa keypair used for the encryption, your device name plus the domain name will be the name of the key.
The modulus is the length of the key, the default value is 512 bits, Cisco recommends a length of 1024 bits.

netrouter (config)# crypto key generate rsa

The name for the keys will be: netrouter.ciscolab.home
Choose the size of the key modulus in the range of 360 to 2048
for your General Purpose Keys. Choosing a key modulus greater than
512 may take a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys ...[OK]

You can also configure some additional parameters for the SSH Connection:

netrouter (config)# ip ssh authentication-retries 5
netrouter (config)# ip ssh time-out 120
netrouter (config)# ip ssh version 2

The first command sets the number of retries if you failed or mistyped the username and password.
The second command sets the time out, the time required to enter the username and password in seconds.
The last command sets the version you want to use for the SSH.

Now we have generated keypair for the encryption, how will the Cisco device authenticates the users coming with SSH connection.
You can either use a AAA server like RADIUS or TACACS+ or you can just use the Cisco device local username and password. For now I'd just use local authentication, first set the username and password then configure the device to accept local authentication for the line vty connections.

netrouter (config)# username Cisco password homelab
netrouter (config)# line vty 0 4
netrouter (config-line)# login local

By now you have successfully configure SSH for Cisco, lets try the SSH, you can use putty for SSH connection, the default port for SSH is 22, you can use other port if you want by issuing ip ssh port 2000 from the global configuration mode.
Change the 2000 with other port ranging from 2000 to 10,000.

Here I'm using the default terminal from Macintosh:

Macintosh:~ krishananda$ ssh Cisco@
Cisco@'s password:


There, the SSH is working. But the telnet session is also still working, now I want to restrict the Cisco device to only accept SSH connection and deny telnet connection.


Do not disconnect from your current connection especially if it's telnet session, in case you messed up with the configuration, you can always undo the changes.

netrouter (config)# line vty 0 4
netrouter (config-line)# transport input ssh

Now if I try to connect using telnet, the router will deny it:

Macintosh:~ krishananda$ telnet
telnet: connect to address Connection refused
telnet: Unable to connect to remote host

Hope this is useful for you.


If you're using macintosh, and you change the rsa key by issuing crypto key generate rsa again on the same device,
Your mac will deny the SSH connection, telling you a warning about a man in the middle attack or the rsa key has changed.
All you need to do is open your text editor, open a file /users/yourname/.ssh/known_hosts
wipe out the content of known_hosts file and save.
That should do the trick.

Read more!

01 December 2008

3 Books to Definitely Help You Pass CCNA Exam

You might be struggling to save money for joining the Cisco Networking Academy or other courses just to pass CCNA exam.

The Cisco Networking Academy is great, yet the other courses, well in my experience, I joined a CCNA course - not the Cisco academy - but to be honest the result was not as I expected.
I don't know if this happens in other countries or not, the instructors were not as qualified as they said, sure they passed the CCNA exam also but their experiences in handling Cisco devices were just poor.

So, not satisfied with the result, I browsed the internet and found these three books are valuable to help me passed the CCNA exam.

CCNA: Cisco Certified Network Associate Study Guide: Exam 640-802

The first book is CCNA study guide from Todd Lammle. If you search for CCNA guide from google then you'd find the name of Todd Lammle popping up everywhere.

Todd Lammle successfully authored books that can easily understand even by newbies, you can find all topics covered in the CCNA exam.

You can buy the book from amazon for US$ 31 for the new one and for the old one you can get for US$ 26.56.
I also provide the links to the amazon, you can click on the link above or the image to straightly go to the amazon site.

CCNA Practice Questions (Exam 640-802) (3rd Edition) (Exam Cram)

Now this is interesting, I bought this book because it is authored by Jeremy Ciaora, my all time favorite Cisco mentor.

Jeremy Ciaora authored successful series of video tutorials from CBTNuggets, and without any hesitation I bought this book, turns out great.

I practiced with questions provided in this book and the best part that it does not contain illegal materials according to certguard, I've checked.

I read the materials in the Todd Lammle's book and after I got myself deep in the subject I switched back to cram myself in exam questions in Jeremy Ciaora's book. This method works great for me.

Cisco Access Lists Field Guide

You might or might not need this book, but for me I had some difficulties in understanding about Cisco access list before the exam.

I bought this book and happily found that this book offers more than Cisco access list subject in CCNA exam.

I learned much more, time-based access list, encryption and IPSec, QoS, and others that help me in configuring my Cisco home lab and also preparing for the next CCNP exams.

Some people say that this book is not that great and blah blah, for me, I really like this book.

Those are the books that help me got through the CCNA exam, with budget of US$ 76.98 for new books and much less if you buy used ones in amazon you can prepare well for the CCNA exam.

Read more!