Thursday, May 29, 2014

Hiya Bulldogs!

Thanks to all of you for your messages concerning my mother's recent passing.  I truly appreciate each and every one of them.  : ) 

And now it's time to get back to work!   Right now, watch these two OSPF Video Boot Camps, and I'll see you back here on Monday, June 2, with a brand-new Command Reference and some other goodies!

Chris B.

Thanks for supporting "Certification With A Cause!"

We're donating 20 meals to the Central Virginia FoodBank for every single-exam course signup in May, and 100 meals for every CCNP All-In-One Video Boot Camp and CCNP DVD Special purchase!

CCNA Video Boot Camp -- Just $44 With This Link!

CCNA Security Video Boot Camp -- $44 With This Link!

All 3 CCNP courses for just $99, and we donate 100 meals to

the Central Virginia FoodBank!

From all of us at TBA and everyone at the Central Virginia Food Bank -- thank you!

Wednesday, May 21, 2014

Hi everyone,

I realize the blog posts and new YouTube videos have been infrequent lately, and the promised TBA website update launch date was missed.

I wanted to let you know what was going on here, now that I'm ready to talk about it.

My very dear friend and mother, Norma Gail, passed away recently.

When I say "dear friend", I truly mean it.   Mom was a bundle of fun to be around and had a tight circle of friends who loved her deeply, and until very recently was a highly independent 78-year-old who.....

.... still did her own shopping, banking, errands, etc.  

....  took online courses in Roman history, among many other subjects!  

....  read at least 5 books a week

..... ran a profitable online business on eBay in her 60s and early 70s

....  quite capable of troubleshooting her own computer and Direct TV problems, eventually putting me out of that job entirely ; ) 

She was just one hell of a lot of fun to be around.

She was very open about her desire to go quickly when it was her time, and people on her side of the family tend to hang on a LONG time after an illness or event that would have long ended anyone else's life.   She had no fear of death; what she feared was losing her independence and being unable to read, learn, and talk.

She had been diagnosed with a serious heart valve issue about a year ago, and rather than risk a stroke during what was considered very risky surgery, she decided to ride it out.  She'd slow down once in a while from the valve problem, but overall had a great final year of life.

For the last couple of years, I've taken Wednesday off to visit her. (She still lived, totally independent, in the house I grew up in.)   We'd just hang out like two old friends and solve the problems of the world while watching whatever she had taped for us to watch that week, which was anything from Ken Burns' The War to Bravo's Million Dollar Listing.

It was always a little odd leaving my childhood home at the end of a visit, especially on a spring or summer night.

For just a moment, I'd be 10 years old again, looking at where the school bus would stop to pick me up and where the community basketball court was.

And when I'd get in my car and look back at the house, I'd always give thanks for another great visit, and then I'd say...

.... "If that's the last time we spend together, it sure was fun."

And then one week, it was the last time.

I'm very grateful that Mom passed quickly.  She suffered a stroke on a Monday and passed later that same week, in hospice care.  

So all at once, I had lost my mother, a very dear friend, and my second parent.

I needed some time to absorb that. It was like being hit with massive body blows all at once, and from different directions. 

At different times, I thought the mourning was over, and then some little thing would bring it back.  For obvious reasons, Wednesdays have been tough.

But life rolls on.

Any time during that week that there was a tough decision to be made regarding her care, or a tough moment for any reason, I just imagined what Mom would say if she could sit up and talk for 30 seconds.  

And right now, she'd say "Son, it's time to get back to work!"

(Any sentence that started with "son" was serious stuff.) 

One fast thing I'd like to ask of you:

If you have a will, or are planning to write one, make sure it's a living will that spells out your desire (or lack of same) for extraordinary lifesaving techniques in case you can't speak for yourself.   It truly makes things a lot easier for everyone involved.

Thanks for reading and listening, and I'll see you here on Tuesday!

Chris B.

Tuesday, May 20, 2014

Playing in the TBA workspace today....

(Preview contains a profanity or two. Then again, so do I.  : )   )


Saturday, May 17, 2014

Time for a CCNP SWITCH and TSHOOT practice exam question and discussion!

There's a great (and free!) video in this post you can use for your CCNP success studies, too. 

All I ask in return for this post is a Google +1 if you enjoy it (or a share of any kind).  You're the only advertising The Bryant Advantage has!

Today's question isn't specific to a particular protocol, but it does cover a VERY important real-world situation.

Today's Topic:  "Beep Repaired"

1.  Here's a small and important segment of config from a Cisco switch.  Look it over and then tell me which of the statements below it are true.

Assume the switch supports only the industry standard trunking protocol, and not any Cisco-proprietary trunking protocol.

interface fastethernet 0/1
     switchport mode trunk
     switchport trunk native vlan 10

A.  Every frame that goes through this trunk will be encapsulated.

B.  The native VLAN default has been changed.

C.  Only frames tagged for VLAN 1 will be encapsulated.

D.  The command involving the native VLAN is resetting that value to the Cisco switch default.

E.  All of the above statements are false.

We'll discuss the answers right after this brief message --and if you're even thinking about getting your CCNP, take advantage of this offer right now!

Get your CCNP with over 50 hours of world-class Video Boot Camp DVD training from Chris Bryant for just $99 during our New Website Celebration!

You receive all three of my CCNP DVDs for just $99!


You also get free shipping in the US and to all APO and AE addresses, plus same-day online access to every video in the course!

(International Bulldogs, I have to charge you $50 for shipping, but it's still a great deal!)

All this for just $99 during our Website Refresh promotion!  Click that button to order and you'll be working with yours truly on your CCNP success -- today!

US, APO, AE Orders:  Free Shipping

International Orders:  $50 Shipping

Now let's take a look at each of the answers and discuss their rightness -- or wrongness!

A -- False.   The question mentioned that we're using the industry standard trunking protocol, and that means we're using dot1q.  

Dot1q doesn't totally encapsulate any frames; rather, all frames destined for a VLAN other than the native VLAN have a header placed on them ("tagged").  That results in much less overhead than the Cisco-proprietary trunking protocol ISL.  Frames destined for the native VLAN don't even have that small header placed on them, so there's no additional overhead.

B --  True.  The native VLAN on a Cisco switch is VLAN 1, and that command changes the native VLAN to VLAN 10.

C --  False.  With dot1q, no frames are encapsulated.

D --  False.  As we saw earlier, VLAN 1 is the default VLAN.

E --  Obviously false.  : ) 

Thanks for tackling today's practice exam question!

Here's a bonus video for you, the most popular CCNP SWITCH video I've ever posted on my YouTube channel.  Enjoy, and I'll see you Sunday!

Chris B.


Grab your copy of the only CCNP SWITCH Study Guide written by Amazon Bestselling author Chris Bryant!

It's the highest-rated CCNP SWITCH Study Guide on Amazon!

Friday, May 16, 2014

Hey Bulldogs!

My apologies for being absent from the blog the last week or so.   Regular updates resume today, including the conclusion of the latest CCNA and CCNP Command Reference!

Chris B.

Tuesday, May 13, 2014

Here's your Network+ practice exam question (and a study tip or two!) for Tuesday, May 13!

Your only cost is to is share or Google +1 this post -- and to use the Amazon link in the middle of this post the next time you shop on Amazon.  Let's get to it!

Today, we'll review our OSI model fundamentals.  Identify the OSI layer at which each of the following devices or services run. 

Give the full name AND number associated with the layer.   


1.  Routing

2.  Switching

3.  Repeaters

4.  Bridge

5.  Crossover Cable

We'll hit the answers and a little extra discussion right after this favor I'm asking of you.

The next time you shop at Amazon, please use the following link to head out there.  That way, we get a few cents for sending you there, and that money helps support our fund drive for the Central Virginia FoodBank, as well as keeping our Video Boot Camp and ebook prices as low as possible.

All of us here at The Bryant Advantage thank you for using this link or banner!

Chris Bryant's Amazon Link

And BTW, my new Network+ materials will be out this winter. If you're not already certified by then, check 'em out!

Now, to the answers....

1.  Routing takes place at the Network layer (Layer 3) of the OSI model.   Data is carried in packets at this layer.

2.  Switching runs at the Data Link layer (Layer 2)  of the OSI model.   At Layer 2, data is carried in frames.

3.  Repeaters run at Layer 1, the Physical layer.   Repeaters are called that because they repeat an incoming electric signal in order to avoid attentuation.  You don't see a lot of them in today's networks.

4.   Bridges are Layer 2 devices.

5.   Crossover cables are Layer 1 devices, as are all other cable types.

Thanks for taking today's Network+ practice exam, for using our Amazon link, and for making The Bryant Advantage part of your Network+ exam success.  

See you Wednesday with a new discussion and practice exam question!

Chris Bryant
"The Computer Certification Bulldog"

Wednesday, May 07, 2014

CCNA / CCENT / CCNP In-Depth Lab:

A Guide To The Password Command (And Pals)

Thanks for all your shares and Google +1s for this new series!  : )   

One of the first commands you're introduced to during your CCNA and CCENT studies is the password command, and while that command itself is pretty darn straightforward...

R1(config)#line vty 0 4
R1(config-line)#password ?
  0     Specifies an UNENCRYPTED password will follow
  7     Specifies a HIDDEN password will follow

  LINE  The UNENCRYPTED (cleartext) line password

... knowing where to config it in your Cisco router config is a pretty big deal, as are a couple of related commands.

In this case, we're putting the password command on the VTY lines (or "vty lines" if you prefer -- no requirement to put it in caps).   That means we're protecting our Telnet or SSH lines, and in this lab we'll work strictly with Telnet.

You've probably worked with software that had a default password like "admin".   Not only does a Cisco router not have a ridiculously easy-to-guess default password, there is no default password!    (I'm sure we can agree that it would be a bad thing for Cisco routers to have default passwords for remote access.)

Here's what our VTY line config looks like by default:

line vty 0 4
< nothing here, including this line : )   >

Literally, there's nothing to see here, but don't move along -- we're about to put something there.

Let's see what the result is when we attempt to Telnet to a router that hasn't been configured for remote access. 

CCNA CCNP Telnet Lab

From R1, we can ping with no problem...


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:

Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms

... but we can't telnet to

Trying ... Open

Password required, but none set

[Connection to closed by foreign host]

At first glance, that seems pretty odd, but the router is telling us exactly what the situation is.  We need a password, but none has been configured.   Let's take care of that with the login and password commands on R2's VTY lines.

R2(config)#line vty 0 4
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
% Login disabled on line 6, until 'password' is set

R2(config-line)#password CCNA

True confession time: This output scared the crap out of me the first time I saw it, and from the emails I've gotten over the years, I know I'm not the only one who had that reaction.  It's easy to look at the first part of that output and see "Login Disabled" and start to panic, but read the rest -- it's only disabled until the password is set.

Moral of the story:  It doesn't matter whether you put the login or password commands on the VTY lines first, just that you put them both in.  (If you enter password first, you will not receive any messages regarding the login command.)

We'll continue our CCNA / CCNP Command Reference right after this quick message.   Be sure to click these babies when you're done (right now is good, too!)

Don't wish or hope for CCNA exam success.

Create your success with my CCNA Success! Study Guides!

Working on the single CCNA exam?  Grab the ICND1 and ICND2 guides, and read them with any of the free Amazon Kindle Apps -- you do NOT need a Kindle to read these!

(Their cloud reader is great!)

I personally guarantee you'll be glad you did. - Chris B.

Get 150 Extra Subnetting Practice Questions For Just $4.99!

Thanks for your purchases -- all of us here at TBA appreciate them!  

Now that we have the login and password commands on R2, let's give that R1-to-R2 telnet attempt another shot.

Trying ... Open

User Access Verification



Looks good! 

A couple of important points about that telnet attempt....

1.   The password never appeared on the screen.  Where some applications will display an asterisk for each character entered on the screen, a Cisco router will not do that.  You won't even see the cursor move.

2.   Note that "Password:" appeared twice.  That's a tipoff that I mistyped the password the first time around, and by "mistype", I mean that I entered "ccna" instead of "CCNA".  This password is case-sensitive.

3.   Note the R2 prompt.  By default, an incoming telnet user is placed into user exec mode.

Since you can't do much in user exec mode, let's go into privileged exec mode and start configuring R2 remotely.


% No password set

Whoops!  D'oh!  Dangnabbit!

(Use the exclamation of your choice in this situation.)

The enable secret and enable passwords are another important part of your CCNA study and a vital part of your Telnet configuration.   By default, there must be an enable secret or enable password set on the router you're telnetting to, or you're stuck in user exec mode.

There's a bit of a Catch-22 here in that we need to configure the enable password on R2, but we can't do so without already having the enable password on R2.  Therefore, someone physically present at R2 is going to have to configure that enable password before we can continue.

Luckily for us, I just happen to be at R2, so let me create that password...

R2(config)#enable password CCNP

... and having logged out of the earlier telnet connection, let's give that R1-to-R2 connection another try.

Trying ... Open

User Access Verification



Success!   And for success on your CCNA and CCNP exams, we better be clear on the following points from that config:

1.  We're prompted for a password immediately, and that's the VTY line password "CCNA".

2.  As before, we're placed into user exec mode, and then try to enter enable mode.

3.  Since there is an enable password, we're prompted for that, and I entered "CCNP".  Again, nothing appeared on the screen when I entered the enable password.

4.  After successfully authenticating with the enable password, we're in enable mode!

Let me introduce you to Chris Bryant's First Law Of Networking:

Almost every solution introduces a potential issue.

(If you use that you owe me royalties.)

We've gone over some really important points regarding passwords and Telnet in this lab, but there's one great big issue with this particular setup.   We'll continue the lab right after this quick message -- join us in "Certification With A Cause!"

We're contributing 20 meals to the Central Virginia Food Bank for every paid signup in May to any single-exam course, and a whopping 100 meals for every CCNP All-In-One Video Boot Camp.

Ignore the prices you see below -- every single one of my single-exam courses is just $44 when you use these links, and my CCNP All-In-One course is only $99.

The time to create your future is now, and that includes earning these important certifications.   Click these links and let's get to it!

Chris B.

Thanks for supporting "Certification With A Cause!"

CCNA Video Boot Camp -- Just $44 With This Link!

CCNA Security Video Boot Camp -- $44 With This Link!

All 3 CCNP courses for just $99, and we donate 100 meals to

the Central Virginia FoodBank!

From all of us at TBA and everyone at the Central Virginia Food Bank -- thank you!

Now back to our lab!

Right now, we have Telnet connectivity.  That's great.  

But who is "we"?

"We" is anyone who happens to know (or guess) that particular password.    Anyone.   

That includes former admins on this network, and one of them just might be tempted one day to see if the password they used when they worked there will still work today.

That includes someone who was looking over your shoulder and directly at the Cisco router config in front of both of you, and who noticed what your Telnet password is (and that it wasn't encrypted, so it was easy to read).

What we have right now is what I call a "one-size-fits-all" password.   Anyone who knows it can get in, and there's not even a prompt for a username.  

This is why we'll often create a username / password database on our router.   Each user will have their own individual password, and they have to use that specific password.   If they try to log in with their own name and someone else's password, they can't get in.

Let's see this in action with two users, Randy and Lanny Poffo. Randy's username is RPOFFO with a password of MEMPHIS; Lanny's username is LPOFFO with a password of GENIUS.

The first step is to get over any intimidation you may have about creating a database.  This is the easiest database you're ever going to build, and we do it with the username command.

CCNA Lab: Username / Password Command

Take a deep breath; we don't have to know all of those commands for the CCENT, CCNA, and CCNP commands.  Frankly, you could go through a great part of your career and only use one or two of them.   We'll look at those particular options in a future lab.   

The key is that just about everything there is an option.   The only required values are the username and password values.  No need for database anxiety here!

Note the "privilege" option.  Just as before, by default, each user will be placed into user exec mode upon authentication.

Let's say we want Randy to be placed into privileged exec after he authenticates successfully.  To make this happen, we'll put privilege 15 in the middle of his username / password entry.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#username RPOFFO privilege 15 password MEMPHIS

R1(config)#username LPOFFO password GENIUS

Note the differing output in the config.  (The zero in each output refers to the encryption level.  In this case, there isn't any encryption, hence the zero!)

username RPOFFO privilege 15 password 0 MEMPHIS

username LPOFFO password 0 GENIUS

There's just one more little thing we need to do, and it's really easy to overlook.   So let's not overlook it, and instead use IOS Help to have a look at our options for the login command on the VTY lines.

line vty 0 4
 password CCNA

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#line vty 0 4
R1(config-line)#login ?
  local   Local password checking
  tacacs  Use tacacs server for password checking


Note the options local and tacacs.   You may not have run into tacacs (or tacacs+) at this point in your studies, so for now I'll just mention that this option would allow us to host our password database on separate hardware.

The option we're most interested in now is local.  "local password checking" refers to the use of a username / password database for VTY line authentication, rather than the one-size-fits-all password we placed directly on the VTY lines earlier in this lab.

We already have that database, so let's remove the login command and put login local in its place.  

R1(config-line)#no login
R1(config-line)#login local

Note that I didn't remove the one-size-fits-all password CCNA. In the real world, I would do that for housekeeping, but here I've left it to illustrate that this password is no longer good for entry.

Let's have Randy log in first.

Trying ... Open

User Access Verification

Username: RPOFFO


He goes straight into privileged exec mode.   How about Lanny?

Trying ... Open

User Access Verification

Username: LPOFFO

He's put into user exec, the default for incoming Telnetters.

Thanks for reading today's Command Reference!  Here are some bonus videos from my YouTube channel that deal with Telnet.  Dig in, and I'll see you Wednesday with more!

Chris B.

Blog Archive