Thunder Hawk Down–OSPF Authentication /w Area wide and Virtual Links

The sickening screech of scraping metal roared up the embankment on the horizon. Blood curdling screams of terror. brought home the stark reality of the situation. Thunder Hawk Icebane succumbed to Ork Rokkit Fire. “Brother Commander Darius Longfang, deploy the links and secure the channels. We need to re-establish contact with the Icebane.” a voice crackled down the vox caster. As the Wolves pushed their advance, the Orks proved to be a endless green tide of destruction. It was only a matter of time before Icebane was overwhelmed and the survivors of the crash surrounded and killed. Communication must be made to inform them that help was on its way.

Objectives

  • – Configure RID’s/Interface IP’s and Loopbacks.
  • – Establish an OSPF link from Space Wolves HQ Area 0 to Main Gate Comms Tower Area 252.
  • – Secure the link with the strongest authentication possible.
  • – Establish a Virtual link for Area 164 back to Area 0.
  • – Verify and inform the Icebane to hold on.
    • – Good Luck Brother Captain.
  • Thunderhawk Down

I will post the answers shortly.

Advertisements

Petition for Educational IOS emulator – etherealmind.com

Simple. Sign it.  http://etherealmind.com/cisco-ios-petition-reloaded/

 

We the undersigned ask Cisco to consider our petition for an open and usable IOS Emulator for learning, study and training.

We are the people who are learning about Data networking and Cisco IOS software. As students and practitioners, we need to learn theory and knowledge and then to take that knowledge and practice on Cisco IOS software.

We want to be able to practice that knowledge, and demonstrate our competence. We know that you are considering the value. This petition is to show our need for this solution. Wendel Odom discusses the possibility Cisco Considers IOS for Certifcation Self Study and we are calling for Cisco to make an option available.

This experience and knowledge we gain gives us the capability to make the most of Cisco equipment for our employers, your customers. We help drive the best return on investment, and keep the network performing in the way that your customers expect.

We can test configurations prior to making and be better prepared. We can develop more complex configurations than would otherwise be possible, and not blame the equipment afterwards.

We resolve problems more quickly, we make better designs and we have greater confidence in our work. We raise less support cases (and reduce your costs) by being to perform our own testing and validation.

Whether we are resellers, consultants, students or just interested in learning, we all need an practical method to access IOS and practice.

Therefore, we are asking Cisco Systems to make a version of IOS available for educational and testing purposes.

 

OSPF Authentication– Clear Text vs MD5. What is the difference?

 

 

Grimnar’s Black Fangs. Magingald IV.

 

<<<.//TRNMSN.SEC.CH.412-a.\\>>>

…buffering…

 

“The importance of security is paramount, Brother Captain. You must implement the right type of Authentication on our OSPF links. Our secure channels must stay open while we are besieged or all will be lost. The heretics will attempt to compromise your network and you must strengthen our defenses. Praise the Emperor and see you on the other side. Fang Leader Grimnar out”

 

image

 

OSPF authentication is setup under the interface. The command ip ospf authentication enables clear text authentication. Next command specifies the key, in this case cisco. The neighbors with expire due to authentication mismatch.

 

image

 

Now the same is configured on the opposite link and the neighbors agree on authentication and establish a neighbor relationship.

 

image

 

The command show ip ospf interface serial 0/0 shows that Simple password authentication is enabled.

 

image

 

Dangers lurk from beyond the void. If heretics manage to infiltrate the network a simple packet capture could be all that stops them from joining the OSPF process and tampering with your links. This capture of a OSPF hello packet shows the Auth Type: Simple Password. Also shows the Auth Data: cisco captured from the Hex information. 636973636f000000 translates into cisco. This is bad and a major security flaw that Fang Leader Grimnar wanted addressed.

 

image

The ip ospf authentication message-digest command initiates MD5 hashing on the pass key.

The passkey of cisco is set below with the ip ospf message-digest-key 1 md5 cisco

 

image

This is replicated on the other end of the link. The link expires and then comes back online using the MD5 key.

 

image

Above is verification of the implementation of the MD5 key.

 

image

 

Show above is the packet capture of the MD5 key in use. Before it had the plain text key of cisco clearly visible. Now there is Auth Type : Cryptographic which states cryptography is being used. Auth Data this time is hashed. No easy password extraction this time.

 

image

Here is the show running config of the router. Look there. Although we are using MD5 authentication out password is still visible. If the heretics broke into our config our Chapters passwords would be compromised.

 

image

This command will hash and ‘hide’ the passwords we using throughout our routers. Any password stored in clear text will be hashed.

 

image

As mentioned prior, the clear text passwords are now stored in a more secure fashion.

 

As our landing party has made it’s beachhead we now have established secure communication between our landing craft and the landing zone. Well done Brothers. This day is for the Emperor.

Recent Purchases – February 2011

Here is a quick look at some recent purchases. Some are Cisco Related and others aren’t.

 

 

 

IMAG0187

 

Redemption Corps by Rob Sanders

Warrior Priest by Darius Hinks

Towers of Midnight by Robert Jordan and Brandon Sanderson. Book 13 of The Wheel of Time.

 

Some delicious Fantasy to keep me busy in my spare time.

 

IMAG0188

 

Also a new purchase as a part of the Foundation Learning Library. My god, It is a big big book. Seriously dangerous if reading when tired in bed. Extremely thorough thus far and not as dry as I had expected.

ROUTE Exam Blueprint

The ROUTE exam blueprint. Mastering the knowledge that is required for each topic is what stands before me and obtaining ROUTE. Onwards!

 

Implement an EIGRP based solution, given a network design and a set of requirements

Determine network resources needed for implementing EIGRP on a network
Create an EIGRP implementation plan
Create an EIGRP verification plan
Configure EIGRP routing
Verify EIGRP solution was implemented properly using show and debug commands
Document results of EIGRP implementation and verification

Implement a multi-area OSPF Network, given a network design and a set of requirements

Determine network resources needed for implementing OSPF on a network
Create an OSPF implementation plan
Create an OSPF verification plan
Configure OSPF routing
Verify OSPF solution was implemented properly using show and debug commands
Document results of OSPF implementation and verification plan

Implement an eBGP based solution, given a network design and a set of requirements

Determine network resources needed for implementing eBGP on a network
Create an eBGP implementation plan
Create an eBGP verification plan
Configure eBGP routing
Verify eBGP solution was implemented properly using show and debug commands
Document results of eBGP implementation and verification plan

Implement an IPv6 based solution, given a network design and a set of requirements

Determine network resources needed for implementing IPv6 on a network
Create an IPv6 implementation plan
Create an IPv6 verification plan
Configure IPv6 routing
Configure IPv6 interoperation with IPv4
Verify IPv6 solution was implemented properly using show and debug commands
Document results of IPv6 implementation and verification plan

Implement an IPv4 or IPv6 based redistribution solution, given a network design and a set of requirements

Create a redistribution implementation plan based upon the results of the redistribution analysis
Create a redistribution verification plan
Configure a redistribution solution
Verify that a redistribution was implemented
Document results of a redistribution implementation and verification plan
Identify the differences between implementing an IPv4 and IPv6 redistribution solution

Implement Layer 3 Path Control Solution

Create a Layer 3 path control implementation plan based upon the results of the redistribution analysis
Create a Layer 3 path control verification plan
Configure Layer 3 path control
Verify that a Layer 3 path control was implemented
Document results of a Layer 3 path control implementation and verification plan

Implement basic teleworker and branch services

Describe broadband technologies
Configure basic broadband connections
Describe basic VPN technologies
Configure GRE
Describe branch access technologies

Weekend Labbing

This weekend I have finished reading over EIGRP (more study notes to come) and started to lab and put into practice the theory.

I have at my disposal the GNS3 Labs from CBT Nuggets ROUTE track, the Network Academy ROUTE Lab book.

These two resources provide a solid foundation to my practical studies. I have found that they give me directions when trying to lab a new concept. This then gets me rolling and then I can make my own to ensure the topic is firmly embedded in my brain and not leaking out my other ear.

I believe the best way to make it stick is blog examples of my configurations with an imaginary company.

Not sure of the name just yet but I do believe it will help.

New Study Computer

Currently I am in a bit of a dilemma. I need a new computer that will be the foundation for my studies for CCNP and CCIE. I am not sure of the route I want to take yet. Notebook/Desktop.

My requirements are modest I suppose. Something that can run GNS3, Play my CBT nuggets and maybe play Diablo 3. Oh and to use for work occasionally. Any suggestions?