CompuCorGP

Whether you’re just starting your Information Technology career, or wanting to get further ahead in your current IT career, you have probably thought about earning one of the many popular computer certifications such as the Cisco Certified Network Associate (CCNA) certification, or the MCSE (Microsoft Certified Systems Engineer) cert.

A major point of frustration for individuals pursuing one of these certifications is a possible lack of experience with these technologies. Many future CCNAs or MCSEs simply stop trying to earn their certification, feeling that their lack of experience will hold them back.

Adding to this are those in IT who will stop everything they’re doing at the drop of a hat to stomp on the dreams of others. I recently saw a post by an IT newcomer on a popular website where he declared his intention of earning his CCNA. Within minutes, several naysayers popped up and told him that he shouldn’t bother, it wouldn’t do any good due to his lack of experience, etc. (Did you ever notice that people who bash certifications generally don’t have any themselves?)

I am in no way discounting the importance of experience. What I am saying is that every single one of us was a beginner at one point, and a lot of IT professionals forget this. None of us was born knowing everything we know today, and we shouldn’t spend any time dismissing the goals of others in the IT field, or those just breaking in.

I am speaking from experience on this point. I had a tough time breaking into the IT field, and made a lot of calls and knocked on a lot of doors before I got in. I found out later that the reason I got that entry-level job is that I had a professional certification where the other candidates did not.

The pursuit of certification is the pursuit of knowledge, and in our field, you can never have too much knowledge. If your work is strictly on the Local Area Network side, don’t let that stop you from pursuing a CCNA. If you work exclusively on the WAN side, don’t let that stop you from going after your MCSE. If you’re just breaking into Information Technology, don’t let a lack of experience prevent you from studying for your A+, Network+, or even your MCSE or CCNA.

Because one day, opportunity is going to knock - and the more you know, the readier you’ll be to answer that knock! Use your long-range vision to envision the day when you will have both experience and certification - an unbeatable combination.

To purchase great quality products, visit Electronics.

When you earned your CCNA, you thought you learned everything there is to know about RIP. Close, but not quite! There are some additional details you need to know to pass the BSCI exam and get one step closer to the CCNP exam, and one of those involves RIP update packet authentication.

You’re familiar with some advantages of using RIPv2 over RIPv1, support for VLSM chief among them. But one advantage that you’re not introduced to in your CCNA studies is the ability to configure routing update packet authentication.

You have two options, clear text and MD5. Clear text is just that - a clear text password that is visible by anyone who can pick a packet off the wire. If you’re going to go to the trouble of configuring update authentication, you should use MD5. The MD stands for “Message Digest”, and this is the algorithm that produces the hash value for the password that will be contained in the update packets.

Not only must the routers agree on the password, they must agree on the authentication method. If one router sends an MD5-hashed password to another router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a great command for troubleshooting authenticated updates.

R1, R2, and R3 are running RIP over a frame relay cloud. Here is how RIP authentication would be configured on these three routers.

R1#conf t

R1(config)#key chain RIP

R1(config-keychain)#key 1

R1(config-keychain-key)#key-string CISCO

R1(config)#int s0

R1(config-if)#ip rip authentication mode text

R1(config-if)#ip rip authentication key-chain RIP

R2#conf t

R2(config)#key chain RIP

R2(config-keychain)#key 1

R2(config-keychain-key)#key-string CISCO

R2(config)#int s0.123

R2(config-subif)#ip rip authentication mode text

R2(config-subif)#ip rip authentication key-chain RIP

R3#conf t

R3(config)#key chain RIP

R3(config-keychain)#key 1

R3(config-keychain-key)#key-string CISCO

R3(config)#int s0.31

R3(config-subif)#ip rip authentication mode text

R3(config-subif)#ip rip authentication key-chain RIP

To use MD5 authentication rather than clear-text, simply replace the word “text” in the ip rip authentication mode command with md5.

Here’s what a successfully authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in effect and the password is “cisco”.

3d04h: RIP: received packet with text authentication cisco

3d04h: RIP: received v2 update from 150.1.1.3 on Ethernet0

3d04h: 100.0.0.0/8 via 0.0.0.0 in 1 hops

3d04h: 150.1.2.0/24 via 0.0.0.0 in 1 hops

Here’s what it looks like when the remote device is set for MD5 authentication and the local router is set for clear-text. You’ll also see this message if the password itself is incorrect.

3d04h: RIP: ignored v2 packet from 150.1.1.3 (invalid authentication)

“Debug ip rip” may be a simple command as compared to the debugs for other protocols. but it’s also a very powerful debug. Start using debugs as early as possible in your Cisco studies to learn how router commands really work!

You can purchase great products at Electronics.