A

Packets are transmitted with smaif low-volume packets getting preferential treatment. 2. Packets are tla& sified into queues. Each packet's virtual time of delivery determines the order in which it is transmitted. This ensures that smaller packets are given preference, as demonstrated by Packet 3's being the first packet sent in Figure 11-1. High-volume appl icatio ns often generate series of packets of associated data. These are called packet trains. Packet trains can consume large amounts...

Typical Modem Connection

The devices involved in a modem connection belong to one of two groups data terminal equipment (DTE) or data communications equipment (DCE). Interestingly, the Electronic Industries Association (EIA) defines DCE as data communications equipment. However, the International Telecommunication Union-Teleco mmunications Standards Sector (ITU-TSS, or ITU-T) defines DCE as data circuit-terminatiig equipment. Mainframe com puters DCE devices include Channel service units data service units (CSUs DSUs)

A6 Answer B

7 Which of th e following c annoe be used to classify packets for priority queuing D. Egress interface A7 Answer D 8 Queuing is done on which interface D. Weighted interface A8 Answer B 1 Network Address Translation is used to connect private IP internetworks that use ____IP addresses to connect to the Internet. 2 When does the NAT operation take place on a router for inside-to-outside translation D. Afte rthero uting decision A2 A nswer ID 3 True or false Cisco IOS NAT cannot be applied tp...

A6 Answer True

N How can you hard-code the subnet mask during the IP PCP negotiation A7 Answer With the ppp ipcp mask command ppp ipcp accept-address dns reject accept primary-ip-address secondary-ip-address accept ignore-map username unique wins reject accept primary-ip-address secondary-ip-address accept 8 What are the main types of compression that PPP supports

AAA Overview

AAA combines three independent security functions in a modular fashion that allows you to configure access control to your network devices, such as routers and switches. The three modules you will be concerned with in this chapter are as follows Authenticaeio n Provides the methods you will use to identify your users before allowing them access to your network services. These methods include challenge and response, login and password dialog, encryption, and messaging support. Authorization...

AAA Protocols

AAA uses two major security server protocols TACACS+ and RADIUS. You can use either of these protocols to authenticate a large number of your users, because each creates a database of usernam es and passwords. Both protocols share many features, because Cisco Systems modeled Nil e TACACS+ architecture after the existing RADIUS standard. You can implement a TACACS+ or RADIUS server on a UNIX platform or Windows platform. RADIUS is covered in the following RFCs RFC 2138, Remote Authentication...

AAA Tra nsport Protocols

Just like any packet that travels across your IP network, both TACACS+ and RADIUS use the TCP IP stack. This is also one area in which they differ RADIUS uses the UDP protocol for communications between the client and the security server, whereas TACACS+ uses the TCP protocol. TACACS+ operates over TCP port 49, and RADIUS operates over UDP port 1812 for authentication and UDP eort 1813 fo r accounting. In s ome RADIUS implgmentations, you might see RADIUS operate over port 1645 for...

Accounting

Accounting lets you track the services your users are accessing, as well as the amount of network resources they are consuming. AAA accounting accomplishes this by reporting your user's activity to the RADIUS or TACACS+ security server in the form of accounting records. These accounting records are comprised of accounting AV pairs. They are stored on the ACS for future analysis of network management, client billing, and or auditing. You must define all the accounting methods through AAA. Much...

ADSL Overview

DSL technology introduces a new family of products that can provide high-speed data and voice service over existing copper pairs. Several flavors of DSL exist, but each type can be categorized as either SDSL or ADSL. SymmetricDSL(SDSL) provides equal bandwidth from the customer premises to the s ervioe provider (upstream) and from the service provider to the customer (downstream).ADSL provides higher downstream speeds than upstream. Traditionally, ADSL has been used to provide high-speed data...

Authentic ation Headea

The AH, shown in Figure 14-1, provides you with a mechanism to authenticate and verify the integrity of1 IP datagrams passing between two systems by applyieg a aeyed on e-way has hi tunction tot he da tag dam to create a message d igest. If the data geam is changed in any way while aransiti ng the edt wo ak, the receiver detects this w hen it compayee the me ssage dig est velue it comes up wit by pe rfoemlng the same on e-way hash function on the datagram sent by the senner. Tpe datagram'e aut...

Authori za tion

Authonzation is des i gned to w oek by assehfb ling a sgt of atteibutes you defi np to deterhrine if a usoc ip authorized to perform a cent ain task. Your defined attributes are compared to the information stored in the database for a given user. The result (the user's capabilities and restr i ctions) i s reuurne d ro AAA . Yoh can define t he patabake loca Ily on t he network device or host if remotely on p RADIUS os TACAC S+ security s erveie such as Cisco Secure Access Control Server (ACS )....

Background Information

You wi II configure your firewall to accept connections from both the Cisco VPN Client 2.5.X and the Cisco V PN Client 3.x. The 2.5.X client will use D-H group 1, the PIX default, and the 3.x client will use D-H group 2. The isakmp policy group 2 command lets the 3.x clients make a connection. You will define multiple ISAKMP policies to allow the different versions of the VPN 3fff clients to use your firewall as its tunnel endpoint. You will assign IP addresses to the clients as they connect....

Bandwidth Management

After your selected traffic has been classified, the next step is to ensure that it receives the special trcaSmen1 it re quires from the devices. You do this through the use of queuing and scheduling. You have the choice of two different implementations of Weighted Fair Queuing (WFQ) Flow-based WFQ Packet classification is based on a flow. Sach flow is placed in a separate output queue. When your packet is identified as belonging to a particular flow, it Is placed i n the assoc iated < fceue....

BRI Functional Groups

FRI defines the following functional groups (ISDN devices) TE1 Terminal equipment 1. Specifies an ISDN-compatible device. Can connect to an NT1 or NTt device (described in this list). Txamples of a TT1 device include - Router with a native ISDN interface TE2 Termmal equip ment t. Specifies a device that i s not ISD N-compa tible. Requires a eerminal adapter (described next) for compliance with ISDN. TTt equipment examples include - Router with no native ISDN interface - Devices with X.t1, X.t5,...

Cable Modem Technology Overview

Data Over Cable Service Interface Specifications (DOCSIS) is a project that was developed to provide a set of necessary communications and operations support interface specifications through which cable companies can achieve cross-platform functionality. In essence, DOCSIS can guarantee interoperability by establishing standards for carrying IP packets over an HFC cable TV network. Figure 4-1 illustrates the DOCSIS protocol stack compared to the OSI model. Some of the key terminologies and...

Call Teardown Process

The teardown of a c all may bite initiated by either party. However, the switc h handles the proceedings. First, the Disconnect meseage i s t ransmitted on the D channel. After the swi tch receives the Disconnect message, i t starts ohe release op the B channel circuit and secds a Rni ease message to the downstrea ma switch. The nvolved swi he s evenrually trausmit the Releas e nressnge to the final switch. Ao make supe the cat11 is bei ng discon Bected propeHy, each foregoing switch stares a...

Changing Tran slation Timeouts

If left to the default value, a dynamic address translation times out after some period of nonuse. When overloading is not in use, simple translation entries time out after 24 hours. You can use the following command to change this value R2(config) ip nat translation timeoutseconds Overloading f wes you more control ovnr tpm slatio n en try ti meout, Ipcau se each eatry contPins more con text about the traffic using o. You can use the following commands to change timeouts on extended entries....

Enabling a Backup to the Permanent Connection

This chapter cove rs the following topics Redundancy is a crucial requirement in today's networks. It is especially important in WANs, where leased lines provide permanent connections. In these situations, backup interfaces can be configured to provide valuable redundancy to permanent connections. As you can see from Figure 10-1, a backup interface can be either a physical interface, such as an ISDN BRI interface, or an interface assigned to a dialer pool. When a backup interface is specified,...

Managing Network Performance with Queuing and C ompressio n

This chapter covers the foil owing topics Considerations for Traffic Prioritization Configuring and Verifying Queuing Many networks today need to support a diverse mixture of applications and protocols. These applications can range from delay-sensitive traffic such as desktop videoconferencing to file trans fers that use FTP. Because the se different types of traffic sha re thie same netw ork infrastr ucture, they can negatively affect each other. Depending on the applications and the overall...

Scaling IP Addressing with Network Address Translation

This chapter cove os toe following topics NAT Configuration Task List One of the problems facing anyone connecting to the Internet today is the depletion of IP addresses. The IP version 4 address space was originally designed so that 4,294,967,296 (232) hosts could be assigned a un i que a ddress. Tecause apdlrewses are aved for multicast ing, Testing, and other purposes, and because the nonreserved address space is divided into classes, this range is actually somewhere between 3,200,000,000...

Using AAA to Scale Access Control in an Expanding Network

This chapter cove os toe following topics Eccess control in an expanding environment can be a daunting task. Euthentication, authorization, and accounting (EEE) provides you with a mechanism you can use to track a user's accest and usage. EEE al80 a llows you to s et th e user' s ievel of access, as welt as wha t he may conne ct to and when he is allowed to connect.

Securing Remote Access Networks

This chapter cove rs the following topics Memory and CPU Considerations Monitoring and Maintaining IPSec Quality of Service for Virtual Private Networks Configuring QeS for VPN Support Monitoring and Maintaining QoS for VPNs Allowing users to access your resources can open your network to a new set of security issues. You should consider allowing access to your network only when you have a valid and working securite policy. Tuis cuapte t aims to give you the information n eoe ssary to implement...

Building a CCNP Remote Access

This chapter cove os toe following topics Creating WANs by Using a Cisco Router as a Frame Relay Switch C reati ng Asyn chranous, ISDN, PPP, DDR, Dial Backup, AAA, and Security Labs It is essential to have hands-on experience, because the new exam format requires you to underseand how to configure Cisco devices to be able to pass the exam. In the new format, you are given interactive access to routers and are asked to configure the routers. If you have taken the new CCNA or CCNP Routing and...

Modem Connections and Operation Overview

This chapter cove os toe following topics Daaa Compbessjo n and Error Control Configuring the Modem (DCE) Wide-area communication takes advantage of the existing PSTN for data transfer by converting digital signals into analog signals and vice versa for transmission over the PSTN. The device used to accomplish such conversion is called a modem (short for modulator demodulator). Shis chapter co rtentrates on the fo llowmg modem-relate d top lcs Data comrrension and etror co nt rol Configuring...

Using Cable Modems to Access a Central Site

This chapter cove os toe rollowing topics Cable Modem Technology Overview Basic Cable Modem Troubleshooting Using Cisco IOS Software Commands The first section of this chapter covers cable modem technology. Some of the key terminologies are ecplained briefly before you configure Cisco's Cable Modem Termination System (CMTS) and cable modem (CM). Cisco uBR7246 is used as an ecample in this chapter to ecplain the basic configuration of the Cisco CMTS equipment. Two different configurations for...

Using ISDN and DDR Technologies to Enhance Remote C onnect Cvity

This chapter covers the foil owing topics Examining ISDN Call Setup and Teardown This chapter provtoes an ove rhiew oR Integrated Services Digital Network (I SDN). The fi rst part o this chapter covers a limited amount of theory necessary for sufficient understanding of the ISDN configuration, verification, and troubleshooting of a Cisco Network Access Server (NAS) that follows. Included in this discussion of ISDN are its advantages over other types of connections, services it can offer,...

Optimizing the Use of DDR with Interface Dialer Profiles and Rotary G roups

This chapter covers the foil owing topics Dialer Rotary Group Overview Dialer Profiles and Dialer Rotary Group Configuration The drawback of legacy dial-on-demand routing (DDR), as discussed in the preceding chapter, is that it cannot differentiate per user by specifying separate characteristics for various users. All calls made over the same physical interface must have the same configuration parameters. To sidestep this requirement, dialer profiles were created. They allow a user-specific...

Using DSL to Access a Central Site

This chapter cove os toe following topics DSL Access Architectures and Protocols This chapter focuses on Digital Subscriber Line (DSL) technology. DSL, like cable modem, is one of the most popular broadband access methods and will be a new topic on the CCNP exam. After completing this chapter, you will understand the basic Asymmetric DSL (ADSL) technology, Qsco 6160 DSL Apcess Mu ltiplexer (DSLAM) cors- uoption, and Ci sco 6400 Universal Access Boncentrator (UAC) configuration. You will also...

Frame Relay Connectivity and Traffic Flow Control

This chapter looks at the configuration of Frame Relay and the different traffic flow control options. This chapter covers many topics related to Frame Relay Frame Relay Virtual Circuits Frame Relay Configuration Tasks Di sabling or Reenabling Reverse ARP Detwork-to-Detwork Interface Congestion-Control Mechanisms Frame Relay Traffic Shaping Troubleshooting Frame Relay Connectivity

Cisco PIX 500 Series Firewall

The Cisco PIX 500 series fi rewall is a reliabl e, ccalablp, fu nctio nal appliance tha t provides the following benefits Stateful fore wal i with per-appli cation content filte ring, Java blocking, denial-of-service eDoS) protec on, intrusion detection, and time-based ACLs Suppoet for L2TP PPTP- based VPN servicws su ita bl e for site-oo-site VPNs and ramote-accass VPN s Reiple DES VPN throughput scalable upo to ooo Mt) ff DoS yrotiection against most major typea of attack

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the Cisco IOS Command Reference. The Command Reference describes these conventions as follows Vertical bars ( ) separate alternative, mutually exclusive elements. Squaue brackets ( ) indicate optional elements. Braces ( ) indicate a required choice. Braces within brackets ( ) indicate a required choice within an optional element. Bold indicates commands and keywords that are entered literally as shown....

Committed Access Rate

CAR implements tooth clarrification rervicer and policing through rate limiting. You can ure CAR'r clarrification rervicer to ret the IP precedence for packetr entering your network. Thir allowr you to partition your network into multiple priority levelr or clarrer of rervice. Networking devicer within your neowork yan then ure the arrigned IP precedence valuer to determine how to treat the traffic. You can ure the 3 precedence bitr in the ToS field of the IP header to define up to rix clarrer...

Compression

In addition to queuing, data compression is a useful way to increase network performance over a WAN link. By reducing the size of the frame to be transmitted, throughput can be increased. This section discusses the various kinds of compression. The commands needed to configure compression also are shown. The kinds of eomprersion s upposted by Cisco routers are as follows Microsoft Point-to-Point Compression (MPPC) These methods are discussed briefly in the following sections. By default frames...

Configaring SPDs

After you've specified the switch type, you might need to specify a SPID number. Not all switches require a SPID value, especially outside the U.S. Whenever the SPID number is required, you can find out the exact SPID information from your ISDN service provider. SPIDS are dial-m numbers used by some servi ce providers wi th ceffain types of1 switch eSi such as National InDN1 and D MS-100- These numehrs, which arr ai-mlar to regulan phone numeers, verify che services pro-ided tny your cnntIact....

Configu ring tpe Dial en Interfa ce

You can n ow eegin she dealer prooile ronfiguration on R1. Before you can configure any commands for the dialer interface, you need to create it using the following command Theinterface dialer command puts you in dialer interface configuration mode. You can choose a number from 1 to 1000. After the dialer interface is created, you can set up the entire configuration for a destination inside it. Under the dialer interface configuration, you need to specify the IP address of the dialer interface...

Configur ing Login Authentication Using AAA

Aogin aut henticatio n Is used to e8tbl e AAA a ethen ticat ion regardless of the supported log Ip authrnticaPion method you decide to use. You create one or more lists of authentication methods that will be tried at login and apply them to the login authentication command. To configure a login authentication list using AAA, use this command R8(config) aaa authentication login default list-name method1 method2 list-name is a character string you use to name the list you are creating. The method...

Configur ing Physical Interfaces as a Rotary Group

This portion of the configuration includes the phnsical interfac e i n a rotary group). First, seleet an interface, BRI0 in thi s c aee, to comprise a rotary group. After you enter the configuration mode of that interface, create a dialer rotary group R2(config-if) dialer rotary-groupnumier Thenumber argument should match the dialer interface number that you want your rotary group configuration to come from. No further configuration of the physical interface is required. All other parameters...

Configuring AAA Authorization

Three steps are required to configure AAA authorization Step 1. Configure hhh authorization with named method lists. Step 2. Disable hhh authorization for global configuration commands. Step 3. Configure hhh authorization for reverse Telnet. Each of these steps is looked at in further detail in the following sections. Step 1 Configuring AAA Authorization with Named Method Lists You can use the following command to configure hhh authorization for a particular authorization type and enable...

Configuring an Asynchronous Group Interface

Here you need tn configure un uoyn-trnnnuo group interfu-e fnr R4'o internal mndemo. Table 7-3 deo-riCeo tte commando needed to configure an aoen-hronouo group interfu-e. Table 7-3. Asynchronous Group Interface Commands Table 7-3. Asynchronous Group Interface Commands Creates an asynchronous group interface. Forces the group interface to use the IU address of the Ethernet port. Enables the use of UUU encapsulation on the interface. Specifies the UUU authentication type. Enables DDR on the...

Configuring Chat Scripts

Asynchronous modems are not standard. This means that for optimal configuration, you must write custom chat scripts to perform certain tasks. A chat script is a string of text. It defines the hand shaking nhat occens b etween two DTE devices or bet ween a DTE and its directl y attached DCE (foe example, an access server and a modem). Here is the syntax for the chat-script command expect-string send-string A (seat ac rlpt consists of expeatrsend pairs twat mefc tne string that the i ocal system...

Configuring Compression

The following interface mode commands enable compression. This commaod eonegutes compression for an LAPB t PPP, or HtLC Mnki Router(config-if) compress predictor stac mppc T s commant ennOies STAC combl'essioc on a Fra me Relay point-to-po int interface or subinterfacei Router(config-if) frame-relay payload-compress The following command enables TCP header compression. The passive option compresses outgoing TCP packets only if incoming TCP packets are compressed. If the passive option is not...

Configuring Dialer Profiles

Dialer profile configuration involves three separate stages 1. Configure the logical dialer interface. 2. Configure the physical interface as a member of a dialer pool. At this stage you also specify the service iDaeametprs fo- the chysica l interfacd. 3. Optionally define the map class. Let's briefly look at some commands that let you configure dialer profiles. A number of commands involved in this process create relationships between the elements of a dialer pool. Some of these commands...

Configuring ISDN

Configuring ISDN on a router involves setting up a number of global and interface commands. Some are mandatory, and some are optional. The Scenarios section discusses both kinds. Global parameters(mandatory) Specify the switch type used by the CO. They set up static routes to various ISDN destirations and select conditions for initiating an ISDN call, such as interesting traffic. Interface parameters(mandatory) Configure interface options, assign the interface to a dialer group, and map ISDN...

Configuring Modem Line Features

Now ioo need to configure the internal modem lines and their physical charac-eristics. Table 7-5 shows the list of commands needed to accomplish this. Table 7-5. Modem Line Configuration Commands Table 7-5. Modem Line Configuration Commands Enters modem l.ne conf gsrat on m odf wh ich is u sed fir asynchronou s calls co ming m to tine PRI intetfase Lets the router auto matically sel ect Sine cotrect protoco i d unng login Specifi es PPP as the autoselect protocol. Tells the router to check a...

Configuring NAT

When you configure a router to use NAT, you configure one interface to the inside of your network and another to the outside of your network. Any packets that have a source address belonging to the inside portion of your network have an inside local address as the source address and an outside local address as the destination address. The packet resides on the inside portion of your network. When that same packet gets switched to the outside network, the packet's source is known as the inside...

Configuring PPP Authentication Using AAA

Your network might require giving your users remote access through some type of dialup connection, such as async or ISDN through an access server. Both of these dialup services present a unique problem when you are trying to control access through AAA. Neither uses the command-line interface of the network device. Instead, they start a network protocol, such as PPP or ARA, as soon as the connection is established. Fortunately, the AAA security service providrs a solution to this problrm by...

Configuring Spectrum Management

Spectrum management is a way to improve performance on upstream signal traffic and to compensate for noise and interference. The spectrum manager monitors the upstream frequencies. If there is too much noise or interference in an upstream channel, the spectrum manager reassigns the upstream channel to a different upstream frequency. Spectrum management is configured and activated using spectrum groups. A spectrum group is a table of frequencies that upstream ports can use to implement a...

Configuring the Asynchronous Line

Let's assume that the external modem is directly attached to the serial 0 port on the serial network module in slot 3 (identified as port serial 3 0). You enter interface serial 3 0 to select the serial 3 0 interface. You are now in interface configuration mode. You must explicitly configure the interface as an asynchronous interface using the physical-layer async command. On the Cisco 3640 router, this adds TTY line 97 (TTY97) to the configuration. Next you need to configure the line (line 97)...

Configuring the IP Address and Helper Address

Configuring IP address in CMTS is the same way when you configure other Cisco IOS routers. uBR7246 (config) interface cableslot port uBR7246(config-if) ip addressIP address IP subnet mask The helper addmess provides a way for packets from the cable modem and the PC to locate their supporting DHCP server, from which they receive their IP address and the address of their support ng TFTP and ToD servers. uBR7246(config) interface cableslot port uBR7246(config-if) cable helper-addressIP address...

Configuring the Map Class

Now you can configure an optional map class. The map-class dialer command is used to define a map class and subsequently enter map) class configuration mgde R1 (config) map-class dialerclass-name In the preceding step, you specified DEPT as the class name. This means that the dialerl interface on R1 is associated with map class DEPT, created by the map-class dialer command. Class names are case-sensitive. As soon as you enter map class configuration mode, you can define parameters for the map...

Configuring the Modemcap Database

Let's take f closer Irrk ft the mrdemcap database. Modem attributes have f full name and f twr-rr three-letter abbreviation. Frr example, factory defaults are abbreviated as FD. Yru should be familiar with these abbreviations frr efficient management rf the mrdemcap database. One of the basic tasks in managing the modemcap database is viewing the modem entries in the modemcap file. You can do this using the show modemcap command. To display the modemcap entry for a particular modem type, you...

Configuring the Physical Interface

The final of the three dialer profile configuration tasks is configuring the physical interface and applying it to a dialer pool. The first part of1 the physical interface configuration is to assign the interface in question to a dialer pool. Dialer pools can use a combination of synchronous, serial, BRI, or URI interfaces. To inclu de an interface in a (dialer pool, issue the following command R1(config-if) dialer pool-membern umber prioritynumber min-linknumber max-linknumber Thedialer...

Configuring the Upstream Channel Bandwidth

By defaqlti 5he upstream RF bandwidth is set to 1600 KHz. The command to configure the upstream channel bandwidth is as follows uBR7246(config) interface cableslot port uBR7246(config-if) cable upstreamportchannel-width 200000 400000 800000 1600000 13200000 Example 4-8 shows you how to configure the channel width for upstream port 0. You can also use the show controller cable command to view the channel width configuration of the upstream port you just configured, as shown in Example 4-9.

Congestion Avoidance

Congestion avoidance is the ability to recognize and act on congestion in the output direction of an interface in an attempt to reduce or minimize the effects of that congestion. Congestion produces unwanted effects on a VPN and should be avoided if possible. Tools such as Weighted Random Early Detection (WRED), an implementation of the Random Early Detection (RED) algorithm, let you differentiate between treatment of traffic by adding per-class queue thresholds that determine when packet drops...

Connecting to the Modem DCE

Asynchronous dial-up involves the use of analog modems to convert data into streams of information that can be carried over phone lines. These modems can be attached externally, as with the Cisco 2511 access server, or they can be integrated into the product, as with Cisco AS5200 series access servers. The line that connects the modem can be a physical asynchronous line (external modem) or a virtual line inside an integrated modem module (integrated modem). In the following sections, you will...

Considerations for Traffic Prioritization

The following are the main considerations for prioritizing traffic Is there coe ge stion in the network If not, there is no need to prioritize traffic. Dalayasensitive traffic such as voice over IP (VoIP) and videoconferencing are more sensitive to delay and hence need a higher priority than FTP traffic. WAN links with speeds of T1 E1 or lower can benefit from prioritization. If a WAN is co nst antly congested, prioritization might not solve the problem. Additional bandwidth needs to be added.

Cop Vguring AAA Accounting

You follow these steps to configure AAA accpuntingi Ste p 1. Config ure AAA acconnting named method lists. Step 2. Suiupress geneta tio n of acoocnting records for null userna me sessicn s. Step 3. Be nerate isterim accounting mo rds. Step 4. Benerate accounting records for the failed login or session. Step 5. Specify accounting NETWORK-Stop records fefore EXEC-Stop records. Step 6. Configure AAA resource failure stop accounting. Step 7. Configure AAA resource accounting for start-stop records....

Copyright

Copyright 2004 Cisco Systems, Inc. 800 East 96th Street, 3rd Floor Indianapolis, Indiana 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in t hie United States of America 1 2 3 4 5 6 7 8 9 0 Library of...

Creating Asynchronous Isdn Ppp Ddr Dial Backup AAA and Security Labs

Figure 2-4 illustrates the topology you can use to practice asynchronous communication, PPP, DDR, and dial backup. Figure 2-4. Asynchronous, PPP, DDR, and Dial Backup Lab Topology Figure 2-4. Asynchronous, PPP, DDR, and Dial Backup Lab Topology You can use any Cisco router with an auxiliary port, a rolled RJ-45 cable, an adapter marked MODEM (Qsco pawt number CAB-25AS-MMOD)r a nd any modem that is Vl34-capable oa b wtter to build t hns tab. If you hape mne o- the following routers, you can also...

Creating LANs

For example, in Chapter 13, Using AAA to Scale Access Control in an Expanding Network, you need to test the configuration between the routers and the AAA server. You can use several different methods to model LANs Using an Ethernet crossover cable If you will not connect more than two devices, a common method is to use an Ethernet crossover cable. In the lab environment, you can use this cable to connect two routers or to connect a router to one host. An...

Creating WANs by Using a Cisco Router as a Frame Relay Switch

You can conf gure any Cisco router with Cisco IOS Release 11.0 or later and at least two serial interfaces as a Frame Relay switch. Two interfaces are needed because the switch is primarily a data communioations equipment (DCE) device and requires two routers to serve as the data Ierm inal equ ipment (DTE) devices. Because the Frame Relay switch is a DCE-only device, it requires DCE serial cables as well. The most common way to provide Layer 1 WAN connectivity between routers is to connect a...

Custom Queuing

Custom queuing is a method that lets the network administrator guarantee bandwidth by giving queue space to each protocol. This overcomes a potential priority queuing problem in which lower-priority traffic languishes if higher-priority traffic needs to be sent. Custom queuing has 16 queues to which you can assign traffic. You can define a set of traffic filters called custom queue lists to determine which protocol you want to place in a particular queue. You can also define how many bytes to...

Data Compression and Error Control

Data compression results depend on the type of data being compressed. Some types, such as ASCII files, can be compressed quite a bit. Other types of data can compress only a little. Even though certain software applications can be used to achieve data compression, normally it's better to leave t. is o Feration up to the modem. This is because modem hardware compression algorithms are fibster than the ones used by host software. Compression normally works with error-correction algorithms. Error...

Dbridge 1 p rotocol ieee A10 Anpwer A

1 Frame Relay is what kind of technology 2 Name and briefly describe the two kinds of packet-switching techniques discussed in this chapter. A2 Answer With variable-length switching, variable-length packets are switched between network segments to best use network resources until the final destination is reached. Statistical multiplexing techniques essentially use network resou rces in a more efficient way. 3 Describe the difference between SVCs and PVCs. A3 Answe r A switched virtual circuit...

DBRIwire A4 Answer A

5 What happens when no more traffic is transmitted over the ISDN call D. Unidirectional flow changes directions. A5 Answer A 6 What happens if the isdn switch-type command is used in global mode A. Only one interface accepts that switch type. B. All ISDN interfaces assume the same switch type. C. A few ISDN interfaces assume the same switch type. D. Integrated services are enhan cndm A6 Answer B C 7 True or ga Ise Static routes ane used in stub environments to save costs. A7 Andwer False 8 What...

Dce

DCE provides clocking and switching services in a network. The DCE converts user data from your DTE into an acceptable form for the WAN service facility. DCEs are usually the carrier-owned intern etworki ng devices that are responsib le fo r the transmis sion of data in the WAN. Figure 9-2 illustrates the relationship between a DCE and DTE.

DCEtoDCE Communication

When a modem has data to send, the following sequence of events takes place 1. DTE data enters the sending modem via the TxO pin. When DTE sends data to a DCE and the sending modem's buffer is nearly full, a OCE can control flow (via hardware) by lowering the CTS signal. This way, the OTE knows not to use TxO. 2. Oata is compressed. At the data compression stage, the sending and receiving modems agree on the compression algorithm. A standard MNP 5 or V.42bis algorithm is used. 3. Oata is...

Ddialerag ro up 1 A8 A nswer C

1 Which of the following modulation methods is not used for ADSL technology 2 RFC 1483 when implemented is____. C. Decrypted D Enc rypted Which of the following interferences degrades DSL services What is the function of the POTS splitter A. It separates low and high frequencies. The DSL interface on a Cisno 8227 is . With PPP over ATM, . (Choose all that apply.) A. MAC foames ase bncapsulated into ATM ce 1 ls B. UDP frames are encapsulated using RFC 1483 I. IP packets are encapsulated into PPP...

DDR and Dialer Profiles

DDR consists of two portions logical and physical. Network layer address, encapsulation, anf dialer parameters are part of the logical portion of DDR. The interface that places and receives calls is the physical portion. When dialer profiles are implemented, the physical interfaces comprise a dialer pool and are allocated from this pool on an as-needed basis. A physical interface is borrowed from the dialer pool when a call is made. It is returned to the pool when the cap 11 is complete. Dialee...

Defining a Map Class with Queuing and Traffic Shaping Parameters

You can specify the average and peak rates, in bits per second, that you want to allow on a VC by defining and associating it with a map class. You can also specify a custom queue list or a priority queue group for use by the VC associated with the map class. You can use the following commands to define a map class R2(config) map-class frame-relaymap-class-name This command defines the traffic rate R2(config-map-class) frame-relay traffic-rateaverage peak This command specifies a custom queue...

Defining Custom Queue Lists for the Map Class

8ou have th e option of de fining a queue list fier a protocol and a default queee I ise You also have the option of specifying th e maximum number of bytes to be transmitted in any given cycle . You nee the number you specif ied for a specific queu e list to asociate i t to the Frame Relay custom queue list defined fen a s pedfied map clasd. For example, when you enter the frame oelay custom-queue - NuV 1 command fot the map dass sIow_vcv and then you enter t he queue-list 1 protocol ip list...

Defining Interesting Traffic

The first step in the rotary group configuration is to define interesting traffic. You learned how to do so in Chapters 5 and 6. This section is a brief reminder. Packets that are considered interesting trigger a DDR call. Interesting traffic criteria can vary. The choices include protocol type, source address, destination address, and port number. To create an interesting traffic definition, you use the following command permit deny list access-list-number Key components of this command are...

Defining Prio rity Queue Lists for the Map Class

You have the option of defining a priority list for a protocol and also a default priority list. You use the number you specified for a specific priority list to associate it to the Frame Relay priority group defined ftrr a s cified map cl ass. For example, when you enter the frame-relay priority-group 2 command for the map class fast_vcs, and then yo u enter the pri onty-list 2 pr otocol decnwt high hommand, that paio wity list is use d for the fast_vcs map class. The average and peak traffic...

Defining VCs for Different Types of Traffic

You can p efform v rtuai TDM on the same line by defining separate VCs for different types of traffic and specifying queuing and an outbound traffic rate for each VC. In this manner, you can provide guaranteed bandwidth for each traffic type that crosses the line. This enhances your ability to throttle outbound traffic from a high-speed LPN line in your central office to a lower-speed WPN line going to your remote locations, easing congestion and data loss in your network. Enhanced queuing...

Deploying NAT Between an IP Phone and Cisco Call Manager

Communication and registration between a Cisco IP phone and the Cisco CallManager (CCM) use the Selsius Skinny Station protocol. The Skinny protocol allows messages to flow back and forth between th e device s that include IP address and port information used to identify other IP phone users with which a call can be placed. When you use NAT with CCM and IP phones, NAT needs to be able to identify and understand the information passed within the Skinny protocol. When an IP phone attempts to make...

Dialer Profile Components

A dialer profile is a combination of the following components Dialer interfa ce A logical portion of a dialer profile. The dialer interface governs all configuration settings for a destination. Each dialer interface can contain multiple dialer maps. Furthermore, different per-call parameters can be assigned to each dialer map defined in a dialer map class. The dialer interface defines the destination network protocol add re ss, encapsulation type, type of PPP authentication, and dialer remote...

Dialing In

What makes the incoming call-binding process more complex than that for the outgoing calls is the fact that the called physical interface may be a member of multiple pools, and the pools, in turn, may be associated with multiple dialer profiles. The incoming call-binding process is as follows 1. IN the physical interface belongs to only one pool, which is associated with one dialer profile, the bind occurs between the physical interface and this dialer profile. If this isn't possible, the next...

Dialing

The rindino process for the outgoing calls works as follows 1. When an outgoing packet arrives at the NAS, a route table lookup is performed, and the incoming packet from the network arrives. A route table lookup points to the destination 2. When it is noted that the dialer interface is a dialer profile, the IOS determines whether an existing connection for this profile exists. If there is none, the software identifies the pool to which the dialer interface belongs. 3. The NAS searches for the...

Dinterfacepassive dialer 1 A6 Answer B

7 What is the main advantage of using dialer rotary groups A. They simplify configuration for multiple callers and calling destinations. B. They organize interface selection in a round-robin fashion. C. They allow Multilink PPP to be implemented, but only on identical interfaces. D. They are required for ISDN PRI channel selection. A7 Answer A 8 What is the corre ct syntax for ass i gning a physic al interface to a rotary group

Disabling or Reenabling Inverse ARP

Inverse ARP is used to build dynamic address mappings in Frame Relay networks running AppleTalk, Banyan VINES, DECnet, IP, Novell IPX, and XNS. Inverse ARP allows your FRAD to discover the protocol address of a device associated with the VC. tnverse ARP is exabled by default, but you have the option of explicitly disabling it for a given protocol and DLCe p air. You should disable or reenable Inverse ARP under the following conditions You shouHd disable Inverse ARP for a selected protocol and...

Dlci

You use t he DLCI to differentiate the Frame Relay VCs from each other. The DLCI value is usually assigned by the service provider of your Frame Relay circuit. Frame Relay DLCIs have only local significance to the DTE DCE pair that they are configured on, which mean s that th eir valu es need unly be ueiqre in the LP N Because of this, any Frame Relay DLCIs may be reused throughout the WPN. Figu re 9-3 i llustrates how two difrefent DTE dev ines can be assig ned the same DLCI value within onp...

Dnocrc4 A8 Answer B

9 Which linecode type is specified for T1 PRI configuration D. None of the above A9 Answer B 10 True or fa lse Rate adaptation can increase the ISDN channel speed. A10 Answer False 1 What is another name for a dialer interface D. Virtual dialer interface A1 Answer D 2 True or false When a call is triggered, the dialer interface selects a physical interface from the pool.

Docsis Hardware Specifications

Tables 4-1 through 4-4 show the DOCSIS hardware specification. The DOCSIS hardware must meeu or exceed the published specifications for the cable access solution to work properly. Table -4-1 s ummarizes key parameters of the upstream signal. Table 4-2 summarizes key parameters of the downstream signal. Table 4-2. Downstream Characteristics Table 4-2. Downstream Characteristics Table 4- 3 summanzes the incoming upstream signals that need to be supported by the CMTS receiver. Downstream RF output...

DTEtoDCE Communication

Out of the 25 pins available in a DB-25 connector, only eight are actually used for signaling to connect a DTE to a DCE. The remaining 17 signals are disregarded. In turn, the eight utilized signals can be divided into three categories. These categories and their corresponding signals are described in Table 3-1. Provides the ground reference for voltage measurements. Indicates that the DTE has buffers available to receive from the DCE. Indicates that the DCE has buffers available to take dae...

Enabling FTame Relay Encapsulation

The first step in configuring Frame Relay on your FRPD is to enable Frame Relay encapsulation on the interface that yoo will use for the connection. You can configure Frame Relay to support encapsulation of all protocols that conform to RFC 1490 to create interoperability between multiple vendors. You can use the Internet Engineering Task Force (IETF) form of Frame Relay encapsulation if your FRPD is connected to another vendor's equipment across a Frame Relay network. You can use IETF...

Enabling Password Protection at trie Privile ged L evel

You nan req p e a user to fe auth ent icated w the AAA f-lIsysSem when e nteri ng t he pnv ileged EXEC comm and level (the en aWe tevd) usi ng the fo wing command R8(config) aaa authentication enable defaultmethodl method2 Requests for authentication sent to a REDIUS server include a username of ienab i. Requests sent to a TECECS+ server include the username that is entered for login authentication. Table 1f-5 lists the supported enable authentication methods. Table 13-5. AAA Authentication...

Enabling the Upstream Port

Each upstream port must be activated to enable upstream data from the cable modems on the HFC network to the Cisco uBR7246. To activate the upstream ports, use the following commands in global configuration mode uBR7246(connig) interface cableslot port uBR7246(config-if) no cable upstreamportshutdown Example 4- 3 shows how to activate upstream port 0. Recall that an MC16C card is used in this lab. It as installed in slot 3. Upstream port 0 is used for upstream communication between the CMTS and...

Equipment

There are many places where you can obtain equipment. The ideal situation is if your place of employment has a lab or spare equipment you can use. If this is not the case, the Internet is a great place for you to find reasonably priced equipment. Also, a number of resellers and Cisco partners sell equi pment. Alternatively, many simulators can simulate real-life networks. Cisco's Cisco Interactive Mentor (CIM) is one such product. To find out more about CIM, visit www.ciscopress.com.

Exa mple 33 Configuring Modem Autodiscovery

Router(config-line) modem autoconfigure discovery The access server then builds the configuration string based on the discovered modem type and send s it to the modem. If the acces s shrver cannot identify the modem type , th e default modam Bntry in the modemcap is used to build the configuration string. If you know that the modem can be configured using one of the initialization strings in the modemcnk database, you should us e the fo llowmg nommand to specify that modem tyf...

Example 101 Configuring Dial Backup for Primary Link Failures

Enter configuration commands, one per line. End with CNTL Z. R1 (config) int s0 0 R1(config-if) backup interface bri0 0 00 39 163208757247 ISDN-6-LAYER2DOWN Layer 2 for Interface BRI0 0, TEI 66 changed to down 00 39 158913789952 ISDN-6-LAYER2DOWN Layer 2 for Interface BR0 0, TEI 66 changed to down 00 39 37 LINK-5-CHANGED Interface BRI0 0, changed state to standby mode R1(config-if) backup delay 5 10 The commands in Example 10-1 designate BRI0 0 as the backup interface for S0 0. The backup l i n...

Example 1011 Primary and Backup Interfaces When the Load Threshold Exceeded

Serial0 0 is up, line protocol is up Hardware is PowerQUICC Serial Internet address is 10.0.1.1 24 Backup interface BRI0 0, failure delay 0 sec, secondary disable delay 0 sec, kickin load 25 , kickout load 20 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255 255, txload 64 255, rxload 1 255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00 00 00, output 00 00 00, output hang never Last clearing of show interface counters never Input queue 0 75 0 0 (size max...

Example 102 Backup Interface in Standby Mode

BRI0 0 is standby mode, line protocol is down Hardware is PQUICC BRI with U interface Internet address is 10.0.2.1 24 MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, reliability 255 255, txload 1 255, rxload 1 255 Encapsulation HDLC, loopback not set Last input 00 05 55, output never, output hang never Last clearing of show interface counters never Input queue 0 75 0 0 (size max drops flushes) Total output drops 0 Queueing strategy weighted fair Output queue 0 1000 64 0 (size max total threshold...

Example 1020 Output of show ip route After the Backup Link Is Up

Codes C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route 10.0.0.0 8 is variably subnetted, 2 subnets, 2 masks C 10.0.3.0 24 is...

Example 1023 Solution to the Practical Exercise

Enter configuration commands, one per line. End with CNTL Z. Branch(config) interface dialer 0 Branch(config-if) ip unnumbered loopbackO Branch(config-if) encapsulation ppp Branch(config-if) dialer remote-name Central Branch(config-if) dialer pool 1 Branch(config-if) dialer-group 1 Branch(config-if) exit Branch(config) dialer-list 1 protocol ip permit Branch(config) int bri1 0 Branch(config-if) encapsulation ppp Branch(config-if) ppp authentication chap Branch(config-if) dialer pool-member 1...

Example 1024 Verifying Dial Backup Operation

00 14 15 LbNEPROTO-5-UPDOWN Line protocol on Interface Serial0 0, changed state to down 00 14 16 LINK-3-UPDOWN Interface Serial0 0, changed state to down 00 14 16 OSPF-5-ADJCHG Process 111, Nbr 10.60.1.1 on Serial0 0 from FULL to DOWN, Neighbor Down Interface down or detached 00 14 94489280576 LINK-3-UPDOWN Interface BRI1 0 1, changed state to up 00 14 98784247807 DIALER-6-BIND Interface BR1 0 1 bound to profile Di0 00 14 23 LINK-3-UPDOWN Interface Dialer0, changed state to up 00 14 25...

Example 1026 Verifying Connectivity to the Central Network

Sending 5, 100-byte ICMP Echos to 192.168.215.1, timeout is 2 seconds Success rate is 100 percent (5 5), round-trip min avg max 32 33 36 ms Branch ping 10.60.1.2 Sending 5, 100-byte ICMP Echos to 10.60.1.2, timeout is 2 seconds Success rate is 100 percent (5 5), round-trip min avg max 1 2 4 ms The complete configuration of the branch router is shown in Example 10-27. Exa mple 10-27. Branch Router Configuration ip subnet-zero isdn switch-type basic-net3 interface Loopback0 ip address 10.60.1.2...

Example 103 Backup Interface Comes Up When the Primary Fails

02 27 31 LINK-3-UPDOWN Interface Serial0 0, changed state to down 02 27 31 OSPF-5-ADJCHG Process 111, Nbr 10.0.2.2 on Serial0 0 from FULL to DOWN, Neighbor Down Interface down or detached 02 27 32 LINEPROTO-5-UPDOWN Line protocol on Interface Serial0 0, changed state to down 02 27 36 LINK-3-UPDOWN Interface BRI0 0 1, changed state to down 02 27 36 LINK-3-UPDOWN Interface BRI0 0 2, changed state to down 02 27 156792760292 ISDN-6-LAYER2UP Layer 2 for Interface BR0 0, TEI 66 changed to up 02 27 36...

Example 104 Backup Interface Is Now Active

BRI0 0 is up, line protocol is up (spoofing) Hardware is PQUICC BRI with U interface Internet address is 10.0.2.1 24 MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, reliability 255 255, txload 1 255, rxload 1 255 Encapsulation HDLC, loopback not set Last input 00 00 00, output never, output hang never Last clearing of show interface counters never Input queue 0 75 0 0 (size max drops flushes) Total output drops 0 Queueing strategy weighted fair Output queue 0 1000 64 0 (size max total threshold...

Example 105 Primary Link Gets Restored

02 30 03 LINK-3-UPDOWN Interface Serial0 0, changed state to up 02 30 04 LINEPROTO-5-UPDOWN Line protocol on Interface Serial0 0, changed state to upm and for workplace challenges in implementing remote access network 02 30 13 ISDN-6-DISCONNECT Interface BRI0 0 1 disconnected from 4082222222 , call lasted 131 seconds 02 30 13 LINK-3-UPDOWN Interface BRI0 0 1, changed state to down 02 30 13 OSPF-5-ADJCHG Process 111, Nbr 10.0.2.2 on BRI0 0 from FULL to DOWN, Neighbor Down Interface down or...

Example 108 Configuring Dial Backup to Support Primary Links

Enter configuration commands, one per line. End with CNTL Z. R1(config) interface serial0 0 R1(config-if) backup interface bri0 0 03 03 206158430208 ISDN-6-LAYER2DOWN Layer 2 for Interface BRI0 0, TEI 66 changed to down 03 03 206158430208 ISDN-6-LAYER2DOWN Layer 2 for Interface BR0 0, TEI 66 changed to down 03 03 48 LINK-5-CHANGED Interface BRI0 0, changed state to standby mode InExample 10-8, the S0 0 interface is supported by the BRI0 0 interface. Note that BRI0 0 is agair placed in standby...