I have been flying though some of the labs and the experience is really humbling there is tonnes of stuff that I have never configured before and it takes me a little bit of time to get used to. One of these items is dot1x authentication so below is a brief command reference/primer for the commands.

Right first off we need to enable the aaa new model

DistSwitch(config)#aaa new-model

Then we need to configure dot1x to be used for authentication and as dot1x uses radius define the radius server, pretty standard stuff

DistSwitch(config)#aaa authentication dot1x default group radius
DistSwitch(config)#radius-server host 10.10.10.100 key secretkey

To prevent bad things from happening such as locking yourself out use the following command to only use local login for the lines

DistSwitch(config)#aaa authentication login default line

Now for the interface configuration, to use dot1x the ports must be access ports so lets sort that out

interface FastEthernet0/1
 switchport mode access

This is the most important command and specifies that the port should be either force-authorised where the port is always allowed on the network, force-unauthorised where the port is never allowed on the network, and finally auto where the port is either authorised if dot1x authentication succeeds or unauthorised if it doesnt.

DistSwitch(config-if)#dot1x port-control ?
  auto                PortState will be set to AUTO
  force-authorized    PortState set to Authorized
  force-unauthorized  PortState will be set to UnAuthorized

Still on the interface there are are a couple more useful commands, the next command puts the port into the specified vlan if authentication fails

DistSwitch(config-if)#dot1x auth-fail vlan 666

And this command puts the port in the specified vlan if the connected host does not support dot1x, handy for guests

DistSwitch(config-if)#dot1x guest-vlan 90

And always there is a couple of show commands that we need to do to check that everything is working correctly. To check the queries and responses sent to each radius server just use;

DistSwitch#show aaa servers

RADIUS: id 1, priority 1, host 10.10.10.100, auth-port 1645, acct-port 1646
     State: current UP, duration 1743s, previous duration 0s
     Dead: total time 0s, count 0
     Quarantined: No
     Authen: request 0, timeouts 0
             Response: unexpected 0, server error 0, incorrect 0, time 0ms
             Transaction: success 0, failure 0
     Author: request 0, timeouts 0
             Response: unexpected 0, server error 0, incorrect 0, time 0ms
             Transaction: success 0, failure 0
     Account: request 0, timeouts 0
             Response: unexpected 0, server error 0, incorrect 0, time 0ms
             Transaction: success 0, failure 0
     Elapsed time since counters last cleared: 12m

And to see the dot1x interface specific information the following command provides that information

DistSwitch#show dot1x interface fa0/1
Dot1x Info for FastEthernet0/1
-----------------------------------
PAE                       = AUTHENTICATOR
PortControl               = AUTO
ControlDirection          = Both
HostMode                  = SINGLE_HOST
Violation Mode            = PROTECT
ReAuthentication          = Disabled
QuietPeriod               = 60
ServerTimeout             = 0
SuppTimeout               = 30
ReAuthPeriod              = 3600 (Locally configured)
ReAuthMax                 = 2
MaxReq                    = 2
TxPeriod                  = 30
RateLimitPeriod           = 0
Auth-Fail-Vlan            = 666
Auth-Fail-Max-attempts    = 3
Guest-Vlan                = 90

Last month was a bit crazy so I didn’t have time to blog, I was away at Hacking at Random in the Netherlands where I gave a talk (I never appreciated how much time it takes preparing a talk). The network guys there created something I think many of us will appreciate, for outside distribution facilities they turn portaloos containing switching equipment to allow for ethernet to the tent door! See the picture below its probably more reliable than some data centers I have been in…

I was also away on my annual holiday, and I took across the audio lectures from my IPX BLS to watch by the pool and on the beach so I could go over some points as my girlfriend prohibited me from taking text books with me

I also gave a lighting talk at another networking event in the UK into my bit of research into routing protocol CPU utilisation.

Anyway I have now finally booked my lab date sometime next year and working out what study methods work for me lab wise and I should have some sort of schedule in about a week or so and will be back blogging regularly until I pass the lab.

Right first off full disclosure – I purchased the Blended Learning Solution from IPExpert with my own money I did get a minor discount but nothing that any person enquiring still couldn’t get off, eg it still cost me way over US$1000 and I have absolutely no agreements to write or not write about their stuff. I am just choosing to do it as buying training material is a investment for anybody following the CCIE track.

Workbooks – The Workbooks are of a really good quality, I am still on volume 1 but the solutions to the tasks in the work books are very easy to understand and  written informally in a way you think so they don’t bore you (see below). The tasks also flow well and are interesting to complete. I also purchased Narbik’s Soup to Nuts which is comparative to the Volume 1 workbook and the IPExpert book is significantly easier to follow and more enjoyable. The files are heavily watermarked to deter piracy and there is encryption software which I will come onto in a bit.

Video – There is just tonnes and tonnes of video, the Video on Demand stuff is split into days if you wanted to simulate a boot camp type experience. The Video on Demand content appears to be all made by Scott Morris so I am suspecting that this has not been updated for a while and I would be interested to know if this will change for the CCIE R&S track updates. There is also video to cover solutions for the Volume 3 labs, I have not used volume 3 so have not tried this out yet. Its all of very high bitrates so much so the fans have to start spinning audibly on my MacBook but the raw files are not accessible.

Audio – Alot (all?) of the audio lectures are just audio versions of the video lectures I am not sure if its all recycled but it is handy to refresh on the move but its not totally unique content. All the audio is provided as 160kbps MP3 files.

Windows/Mac Support – The interface to the Blended Learning Solution is an application I tested it on Windows XP, Vista, 7, Mac Leopard and Snow Leopard and no problems I have not tried it on a Linux based system yet so cant vouch for support.

Disk Images – I am not to fond of having to carry around the portable hard drive every time I want to use it, luckily its pretty easy on a Mac and with the right software in Windows to create and image of the disk, the image is about 34GB in size and means you don’t actually have to have the portable hard drive, I did not come across any restrictions preventing me from dong this.

PDF Encryption - The PDFs are encrypted with a bit of software called fileopen which is no way near as bad as locklizard when it was used by INE as it works on pretty much any OS Windows,Mac, Linux, even.. Solaris. It only works with Adobe reader and appears to be pretty stable with every OS I have tried including Windows 7 and Snow Leopard, but it does crash with an error when I close the encrypted PDF in Snow Leopard, but I am sure this will be fixed by fileopen soon.

When you open the PDF you are prompted to enter your username/password which is checked online, therefore you must be online when you open the PDF but you can disconnect later once it is open. Fileopen is a slight annoyance although probably necessary even though the files are really heavily watermarked to prevent piracy.

Ugly DRM – Maybe DRM isn’t the best word for it but I have purchased a product with lots of media including video and audio and I would like to be able to use this media however I please. The audio is provided in easy to use MP3s so you can load up your generic music player and listen to it on the go, unfortunately the videos are not accessible as they appear to be hidden in the many packages on the disk but I really want to extract them and have then in lower bitrates to store in portable devices.

Hidden shipping charge – Its not clear on the site but when even for the electronic copy where they ship you the hard drive I had to pay a US$90 shipping charge, I don’t know if this was as I live in the UK but that’s an extortionate amount for shipping a hard drive. To top it off I had to pay GDP£16 in import duty, if you paying 4 figures for something I don’t think you should have to pay a shipping charge and it should be made clear before you start to purchase the item.

Updates – Product updates are provided on the IPExpert website and a update to one of the workbooks has recently been released, the disk can be updated using a program available by their website. I spoke to Mike Down and he mentioned updates will be made at some point to cover the new material notably the troubleshooting section.

Overall – The training materials are of really high quality and I would defiantly buy it again and recommend it to anybody studying for the CCIE R&S track. The only big letdown is the lack of access to the video files to encode onto my portable media player or so I can play on the train without my laptop fans whirring as they are of a very high bitrate, it would also be handy to have them really small in the corner but this is difficult when you can only play them using the interface. Fileopen is also a bit annoying as I don’t with to use Adobe reader, but they have to do what they can to prevent piracy I just wish it didn’t get in the way.