As we reported last April, Cisco changed the CCIE Lab Exam retake policy to an exponential backoff, meaning that the more attempts you took at the lab the more time you had to wait between attempts.
In a sudden change of heart, today Cisco announced that they are reversing their policy change until at least December 31st 2015. Per Cisco:
“For a limited time, we will waive the current lab retake policy so that all lab candidates will be able to retest for their lab exam with only a 30-day wait period.” “If you register for any CCIE lab exam between now and December 31, 2015, you will have the option of retaking the exam with only a 30-day wait regardless of the number of attempts you may have already made.”
Frequently Asked Questions about the policy changes:
Q: Does this mean that between now and December 31, I can take the lab every 30 days?
Q: Is the original policy back in place after December 31?
A: What happens after December 31 is dependent on the results of our research from now until that date.
Q: What does this mean if my current wait period is 90 days and I’m in the middle of the waiting period? Can I sign up now or do I have to continue to wait?
A: Yes, you can sign up now. You do not have to wait. The policy that is active at the time you schedule your lab will determine the time you have to wait. If you are beyond the 30-day wait period, you can book the earliest available seat you find.
Q: What if I’m already scheduled for a lab that I had to schedule out 90 days because of the original policy?
A: You will have the option to reschedule your lab attempt to an earlier date through the system.
INE’s CCIE Service Provider v4 Advanced Technologies Class continues today at 08:00 PDT (15:00 UTC) with Inter-AS MPLS L3VPN. All Access Pass subscribers can attend at http://live.INE.com. Recordings of some of the previous class sessions up to this point are now available via AAP library here.
Hope to see you in class!
INE CCIE RSv5 Lab Cram Session is now available for viewing in our All Access Pass Library. This course includes over 35 hours of new content for CCIE Routing & Switching Version 5, including both technology review sessions as well as a step-by-step walkthrough of two new CCIE RSv5 Mock Lab Exams. These new Mock Labs are available here as part of INE’s CCIE RSv5 Workbook.
This class is designed as a last minute review of technologies and strategy before taking the actual CCIE RSv5 Lab Exam. Each of the two Mock Labs covered in class are subdivided into three sections – just like the actual exam – Troubleshooting, Diagnostics, and Configuration.
Rack rentals are available for these mock labs here. Technical discussion of the labs is through our Online Community, IEOC.
The following question was recently sent to me regarding PPP and CHAP:
At the moment I only have packet tracer to practice on, and have been trying to setup CHAP over PPP.
It seems that the “PPP CHAP username xxxx” and “PPP CHAP password xxxx” commands are missing in packet tracer.
I have it set similar to this video… (you can skip the first 1 min 50 secs)
As he doesn’t use the missing commands, if that were to be done on live kit would it just use the hostname and magic number to create the hash?
Also, in bi-directional authentication, do both routers have to use the same password or can they be different as long as they match what they expect from the other router?
Here was my reply:
When using PPP CHAP keep in mind four fundamental things:
- The “magic number” that you see in PPP LCP messages has nothing to do with Authentication or CHAP. It is simply PPPs way of trying to verify that it has a bi-directional link with a peer. When sending a PPP LCP message a random Magic Number is generated. The idea is that you should NOT see your own Magic Number in LCP messages received from your PPP Peer. If you DO see the same magic number that you transmited, that means you are talking to yourself (your outgoing LCP CONFREQ message has been looped back to you). This might happen if the Telco that is providing your circuit is doing some testing or something and has temporarily looped-back your circuit.
- At least one of the devices will be initiating the CHAP challenge. In IOS this is enabled with the interface command, “ppp authentication chap”. Technically it only has to be configured on one device (usually the ISP router that wishes to “challenge” the incoming caller) but with CHAP you can configure it on both sides if you wish to have bi-directional CHAP challenges.
- Both routers need a CHAP password, and you have a couple of options on how to do this.
- The “hash” that is generated in an outgoing PPP CHAP Response is created as a combination of three variables, and without knowing all three values the Hash Response cannot be generated:
- A router’s Hostname
- The configured PPP CHAP password
- The PPP CHAP Challenge value
I do all of my lab testing on real hardware so I can’t speak to any “gotchas” that might be present in simulators like Packet Tracer. But what I can tell you, is that on real routers the side that is receiving the CHAP challenge must be configured with an interface-level CHAP password.
The relevant configurations are below as an example.
ISP router that is initiating the CHAP Challenge for incoming callers:
username Customer password cisco ! interface Serial1/3 encapsulation ppp ppp authentication chap ip address x.x.x.x y.y.y.y !
Customer router placing the outgoing PPP call to ISP:
hostname Customer ! interface Serial1/3 encapsulation ppp ppp chap password cisco ip address x.x.x.x y.y.y.y !
If you have a situation where you expect that the Customer Router might be using this same interface to “call” multiple remote destinations, and use a different CHAP password for each remote location, then you could add the following:
Customer router placing the outgoing PPP call to ISP-1 (CHAP password = Bob) and ISP-2 (CHAP password = Sally):
hostname Customer ! username ISP-1 password Bob
username ISP-2 password Sally
interface Serial1/3 encapsulation ppp ppp chap password cisco ip address x.x.x.x y.y.y.y !
Notice in the example above, the “username x password y” commands supercede the interface-level command, “ppp chap password x”. But please note that the customer (calling) router always needs the “ppp chap password” command configured at the interface level. A global “username x password y” in the customer router does not replace this command. In this situation, if the Customer router placed a call to ISP-3 (for which there IS no “username/password” statement) it would fallback to using the password configured at the interface-level.
Lastly, the “username x password y” command needs to be viewed differently depending on whether or not it is configured on the router that is RESPONDING to a Challenge…or is on the router that is GENERATING the Challenge:
- When the command “username X password Y” is configured on the router that is responding to the CHAP Challenge (Customer router), the router’s local “hostname” and password in this command (along with the received Challenge) will be used in the Hash algorithm to generate the CHAP RESPONSE.
- When the command “username X password Y” is configured on the router that is generating the CHAP Challenge (ISP Router), once the ISP router receives the CHAP Authentication Response (which includes the hostname of the Customer/calling router) it will match that received Hostname to a corresponding “username X password Y” statement. If one is found that matches, then the ISP router will perform its own CHAP hash of the username, password, and Challenge that it previously created to see if its own, locally-generated result matches the result that was received in the CHAP Response.
Lastly, you asked, “ Also, in bi-directional authentication, do both routers have to use the same password or can they be different as long as they match what they expect from the other router?”
Hopefully from my explanations above it is now clear that in the case of bi-directional authentication, the passwords do indeed have to be the same on both sides.
Hope that helps!
Edit: Thanks for playing! You can find the official answer and explanation here.
I had an interesting question come across my desk today which involved a very common area of confusion in OSPF routing logic, and now I’m posing this question to you as a challenge!
The first person to answer correctly will get free attendance to our upcoming CCIE Routing & Switching Lab Cram Session, which runs the week of June 1st 2015, as well as a free copy of the class in download format after it is complete. The question is as follows:
Given the below topology, where R4 mutually redistributes between EIGRP and OSPF, which path(s) will R1 choose to reach the network 220.127.116.11/32, and why?
- What will R2′s path selection to 18.104.22.168/32 be, and why?
- What will R3′s path selection to 22.214.171.124/32 be, and why?
- Assume R3′s link to R1 is lost. Does this affect R1′s path selection to 126.96.36.199/32? If so, how?
Tomorrow I’ll be post topology and config files for CSR1000v, VIRL, GNS3, etc. so you can try this out yourself, but first answer the question without seeing the result and see if your expected result matches the actual result!
Good luck everyone!
Edit: Recordings of these video series are now available per the below links.
- CCIE Routing & Switching v5 Overview and Preparation
- CCIE Service Provider v4 Kickoff
- Intro to IPv4 & IPv6 Multicast
This week I will be running the following free online classes:
- CCIE Service Provider v4 Kickoff – Tues April 14th @ 09:00 PDT (16:00 UTC)
- CCIE Routing & Switching v5 Overview and Preparation – Thurs April 16th @ 09:00 PDT (16:00 UTC)
- Intro to IPv4 & IPv6 Multicast* – Fri April 17th @ 09:00 PDT (16:00 UTC)
*Free for AAP Members
INE will also be offering the following free upcoming online classes:
- CCNA R&S Overview and Preparation – Tues April 21st @ 09:00 PDT (16:00 UTC)
- CCNP R&S Overview and Preparation – Thurs April 23rd @ 09:00 PDT (16:00 UTC)
- CCNP R&S TSHOOT Overview and Preparation – Thurs April 30th @ 09:00 PDT (16:00 UTC)
CCIE Service Provider v4 Kickoff
This class marks the kickoff of INE’s CCIE SPv4 product line for the New CCIE Service Provider Version 4 Blueprint, which goes live May 22nd 2015! In this class we’ll cover the v3 to v4 changes, including exam format changes and topic adds and removes, recommended readings and resources, INE’s new CCIE SPv4 hardware specification and CCIE SPv4 Workbook, and the schedule for INE’s upcoming CCIE Service Provider Version 4 Advanced Technologies Class. Class runs tomorrow, Tuesday April 14th at 09:00 PDT (16:00 UTC), and is free to attend. Simply sign up for an INE Members account or visit this direct link for the class.
CCIE Routing & Switching v5 Overview and Preparation
This class is an update for our previous How to pass the CCIE R&S with INE’s 4.0 Training Program write-up. This session covers in detail the recommended process of preparing for, and ultimately passing, the CCIE R&Sv5 Lab Exam. Class topics include how to develop a study plan, recommended readings and resources, how to get the most out of INE’s CCIE RSv5 Workbook & Advanced Technologies Class (ATC), an overview of our new upcoming CCIE Routing & Switching Lab Cram Session, and final strategy for the actual day of the Lab Exam. Class runs Thurs April 16th at 09:00 PDT (16:00 UTC), and is free to attend. Simply sign up for an INE Members account or visit this direct link for the class.
Intro to IPv4 & IPv6 Multicast
This class is for engineers looking to get their feet wet in learning why and how to implement IP Multicast Routing for both IPv4 and IPv6 based networks. This one-day class will focus on IPv4 & IPv6 Multicast practical use cases, how Protocol Independent Multicast (PIM), IPv4 Internet Group Management Protocol (IGMP), & IPv6 Multicast Listener Discovery (MLD) work from a theory point of view, and implementation examples of configuring and verifying multicast routing operations on Cisco IOS based platforms. This class will also benefit candidates preparing for the CCIE RSv5 or CCIE SPv4 certifications. Class runs Friday April 17th at 09:00 PDT (16:00 UTC), and is free to attend for All Access Pass members. More information on All Access Pass subscriptions and benefits can be found here. AAP members will find the link to this class on Friday via their INE Members account, or via this direct link for the class.
I hope to see you all in class this week!
In an effort to make our CCIE Data Center Rack Rentals have a better fair scheduler, we’ve implemented a new QoS policy for them as follows:
- Users can have a maximum of 3 concurrent sessions scheduled
- Sessions can be a maximum of 9 hours apiece
- Maximum hours per month limit is now removed
- Base sessions (Nexus 7K/5K) and add-ons (UCS/SAN & Nexus 2K/SAN) are now 8 tokens per hour
Note that these changes will only affect new session bookings, not any sessions that you already have reserved.
For those of you looking for more dedicated rack time I would suggest to look into our CCIE Data Center Bootcamp, where students get 12 days of 24/7 access to all hardware platforms in our racks (Nexus 7K/5K/2K, MDS, & UCS).
Do you think you have what it takes to become a featured instructor at INE? We are looking for talented individuals to propose and execute new courses across multiple domains including: networking, programming, systems administration, and security. If you’re an expert in any of these domains, or related topics, then it’s time to share your knowledge with the world! Speak a language other than English? That’s great! We’re open to ideas for courses in different languages.
Not interested in becoming an instructor but have some ideas for content you’d like to see us cover? Drop us a line at email@example.com.
Troubleshooting Lab 3 and Full Scale Lab 3 have now been added to the CCIE RSv5 Workbook!
The new Troubleshooting Lab 3 uses the Full Scale Lab 1 logical topology, but breaks all of the protocols you’ve previously built. I suggest you take your time with each ticket so that you can fully digest why each fault occurs. Practice your time and knowledge skills by taking the Troubleshooting Lab 3 challenge!
Full Scale Lab 3 is built on a brand new logical topology, and has a strong focus in MPLS and BGP technologies. The solution guide features detailed breakdowns of each topic domain to give you a better understanding of the solutions used to solve each task. Keep in mind that there are multiple ways to solve most problems.
For discussion on these new labs visit our online community, IEOC.
Foundation Lab 2 has now been added to the CCIE RSv5 Workbook. This lab is great for working on your configuration speed and accuracy when combining multiple technologies together. It also has a great redistribution section that I hope you’ll all enjoy More Full Scale, Troubleshooting, and Foundation labs are in progress and will be posted soon. I’ll post another update about them when they are available.
In addition to this we’ve added some feature enhancements to the workbook in response to customer requests and feedback. First, there is a new Table of Contents for the workbook that allows you to view all tasks, and to check off tasks that you’ve already completed. This will help you track your progress as you’re going through the workbook.
You can additionally check off the progress of a task in the upper right hand portion of the individual lab page.
Multiple bookmarks are now supported, and will be added to a section under the Table of Contents. When you open the workbook it will now also prompt you to load your latest bookmark.
Lastly, configuration solutions are now hidden by default when you open a lab. This will help prevent “spoilers” in the config before you’ve had a chance to attempt the lab. To see the solution configs, click the Expand button as seen below.
If you want to hide the configuration solution again you can click to collapse.
We’re always looking for additional ways to improve our products, so if you have any suggestions you can submit feedback through the workbook labs themselves, post on our Online Community, or feel free to send me an email directly at firstname.lastname@example.org.