QoS for VPN Tunnels

One iss ue you might face when implementing QoS in a VPN tunnel is the requirement that the QoS parameter you normally find in the header of the IP packet needs to be reflected in the tunnel packet header regardless of the type of tunnel you choose to use. The four primary tunneMng protocols used w ith VPNs are Layer e Tunneling Protocol TP) l_2TP is com monly use d fo w node-to-node applications, with the t unnel recminating at trhie edge of Che user's network. e2TP i s based on an IETF-ba sed...

Summary

This chapter covered the theory and configuration of ISDN. ISDN has numerous advantages over the traditional analog service while maintaining the investment in existing technology and providing high-speed service at a low cost. ISDN requires proper configuration for you to make the most of its servicen and avoid pitfalls. In this chapter, you learned how to enable legacy ISDN. You also saw the use of some UUU and DDR techniques and how they relate to ISDN. Table 6-N summarizes the ISDN commands...

Task 1 Solution

At the PIX console, provide all the configuration required to configure the PIX firewall PIX(config) access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 PIX(config) ip local pool ippool 10.1.2.1-10.1.2.254 PIX(config) nat (inside) 0 access-list 101 PIX(config) sysopt connection permit-ipsec PIX(config) isakmp enable outside PIX(config) isakmp identity address Define IKE p arameters for VPN 33000 3.x PIX(config) isakmp policy 10 PIX(config) isakmp policy 10...

Configurid g ARAP Authentication Usine AAA

Aou can use the fol lowi ng command to conNigure AAA authenticatron with the AppleTalk Remote Accics Protocol (ARAP). It enables authentication for ARAP users R8(config) aaa authentication arap default list-name method1 method2 Table 13-3 lists ARAP's supported login authentication methods. Table 13-3. AAA Authentication Methods for ARAP Table 13-3. AAA Authentication Methods for ARAP Guest logins are allowed if the user has already lo gged into EXEC. The line password is used for...

Relationship Between DTE and DCE

The connection between the DTE device and the DCE device exists as a physical layer component, but it also contains a link layer component. The link's physical layer component defines the specifications used to connect the devices. The link's link layer component specifies how the connection is established between the DTE device and the DCE device. The DTE DCE interface is typically used to identify the boundary of responsibility for the traffic passing between you and your service provider....

Scenarios

As you have recently learned, PPP is widely used by many telecommuters to access their private corporate networks remotely. In this section, you will configure a remote-access setup. Although each scenario completes its own task, together the scenarios form one logical implementation. Every scenario builds on the previous one. They are based on the topology shown in Figure 5-7. Configu re the PPP communications protocol Uor o pera-on t Conttro l networF noness wiSM PAP eut hentination

Figure 46 Practical Exercise Cable Modem Lab Topology

Before you begin this exercise, be sure the DHCP, ToD, and TFTP servers are properly configureX and that the DOCSIS configuration file is available on the TFTP server for Cisco cable access router to download. In this exercise, you need to configure the CMTS - Cisco uBR7246 shown in Figure 4-6 as follows Activate upstream port 0 of the cable modem card in slot 3. Configu re spectru m management asing g roup wumber 3 0. Configure tlwree upst re am freq ue ncies 29 MHz, d3 MHz, and 39 M Hz and...

Ddr

Dial-on-demand routing (DDR) determines whether to bring up a connection that is not already active based on interesting and uninteresting traffic coming into the router. Interesting traffic brings up a connection, and uninteresting traffic doesn't. How does a router know which traffic is interesting and which isn't Through preconfigured access lists and dialer lists. Tine section Configuring ISDN shows you how to configure interesting traffic. Figure 6-1 displays the basic process of...

Step 3 Configuring AAA AuHhori zation for Reverse Telnet

In most circumstancrs, you will usr Trlnrt to gain rrmotr accrss to your nrtwork drvicrs. Othrr timrs, you might be required to establish a reverse-Telnet session to a drvicr. A reverse-Telnet session is simply a Trlnrt connection that you establish in thr opposite direction you normally would, such as from inside your nrtwork to an accrss server on your nrtwork edge, to gain accrss to a modem. You would also use reverse Trlnrt to provide your users with dial-out capability using Trlnrt to...

Practical Exercise 121 Solution

Configure your network interfaces Configuration items for R1 R1(config) interface ethernet 0 R1(config-if) ip address 10.10.1.1 255.255.255.0 R1(config-if) exit R1(config) interface Serial0 R1(config-if) ip address 10.10.14.1 255.255.255.252 R1(config-if) exit Configuration items for R4 ion-based questions on the R4(config-if) ip address 10.10.14.2 255.255.255.252 R4(config-if) ip nat outside R4(config-if) exit R4(config) interface ethernet 0 R4(config-if) ip address 172.16.47.1 255.255.255.0...

OSPF Demand Circuit

OSPF Demand Circrnt ( DC) fs anotheo feature that enables routing over ISDN without keeping the link constantly open. Perhaps you already know that to maintain neighbor relationships and ensure the accuracy of its M nlu-sSate da tabases, OSF sends HeNo packeos wedy 10 seconds and link-state advertisements (LSAs) every 30 minutes. Normally, it would keep the link up indefinitely. The OSPF DC option was created to stifle periodic Hellos and LSAs. When DC is configured on a router, its Hello...

Example 35 Editing a Modemcap Entry

Router(config) modemcap edit usr_new caller-id *U1 Router(config) modemcap edit usr_new speed & B1 Router(config) modemcap edit usr_new template usr_courier Theshow modemcap command allows you to verify the access server's new modemcap entryl You can verify the new attribute values for a modemcap entry by specifying the modem name as an argument to the show modemcap command. The display for usr_new would be identical to that for usr_courier, except for the lock DTE speed, caller ID, and...

Configuring DDR

Because yo u will configure the new dialer group number 2 for this scenario, first remove the dialer group f configured in the previous scenario. Then associate the BRI 0 interface with dialer list 2 using the dialer-group command You can apply access lists to a dialer group to initiate dialing. The use of extended access lists when coafiguring ISDN is more common than specifying condiUions in ahe dialer list itsef. Emended TCC accgss list en tries are depmed in the acce ss-list 1 11 deny...

Frame Relay Discard Eligibility

Just like traffic that traverses your LAN, certain traffic crossing your WAN needs to have a higher priority than other traffic. There has to be a mechanism for you to ensure that traffic used for business purposes has a higher priority than traffic used to update someone's stock ticker (unless, of course, the stock market is your business). The Frame Relay DE bit indicates frames of priority lower than frames you identify as business-essential. The DE bit is located in the Address field in the...

Example 829 RFC 1483 Bridging Configuration for the Cisco 827

Interface Ethernet0 no ip address no ip directed-broadcast interface atm0 mac-address 0001.96a4.8fae ip address 10.1.121.2 255.255.255.0 no ip directed-broadcast no ip mroute-cache no atm ilmi-keepalive pvc 1 52 encapsulation aal5snap bundle-enable bridge-group 1 hold-queue 224 in When a PPP connectio n is mrfe, a virtual caei-fa ce is created, as sUown in Example 8-30. The connection is authenticated with PAP C HAP -using) username cisco and uassword ciuco ). IP addresses are uegotiated aad...

Advantages of ISDN

ISDN provides a viable alternative to various fo rms op communication w hile allowing reliable high-speed a ccess no the In ternet and other sdev iceSi Table 6-1 demonstrates h ow ISDN nompares to fe w of these formes of c ommunica tion. ISDNAdva noage Over the Specified Form The transmission rate is up to four times faster. Call retup is less than 1 second versus 350 to 45 seconds.

Example 1210 NAT Pools for Overlapping Networks

R7(config) ip nat pool inside 192.168.48.200 192.168.48.205 prefix-length 24 R7(config) ip nat pool outside 192.168.48.210 192.168.48.215 prefix-length 24 R7(config) ip nat inside source list 7 pool inside R7(config) ip nat outside source list 7 pool outside R7(config) interface loopback 0 R7(config-if) ip address 10.10.7.7 255.255.255.0 R7(config-if) ip nat inside R7 (config-if) exit R7(config-if) ip address 192.168.47.7 255.255.255.0 R7(config-if) ip nat outside R7 (config-if) exit R7(config)...

PPPoE Overview

For PPPoE, the ATU-R is transparent to this function, bridging the MAC PPP frames across the WAN interface. The PPPoE feature allows a PPP session to be initiated on a simple bridging Ether cet-connected cli ant. The sessien is transported over th e ATM link via encapsulated Ethernet-bridged framee. The sgssi oh can be terminated at e itanr a local exch a nge carrier oe ntr l office or an Internet semce ercfvideo poi nt of presen ce. The ter minttion device is a Cisco 6400 UAC . In the PPPop...

Advantages of Dialer Profiles

Table 7-1 discusses the advantages of dialer profiles over legacy DDR. Table 7-1. Dialer Profiles Versus Legacy DDR Table 7-1. Dialer Profiles Versus Legacy DDR All ISDN B channels have the same configuration as the physica l interface. There is one configured logical interface per ISDN B channel. One dialer map is required for every dialer for ev ery psotocoi, which makes multiprotocol configurations very complex. The dialer profile is a point-to-point interface that negate s the requ iremen t...

Background Information

You will configure a VPN between three routers with private networks, as illustrated in Figure 147. Figure 14-7. IPSeu Between Three Routers Using Private Addresses Task 1 Verify Compatibility with Existing Access Lists To run IKS and IPSec, you need to ensure that any existing access lists are compatible with bott protocols. Any existing access lists must allow the ports required by IKS and IPSec to past through them.

System and Hardware Components

The Cisco 6160 can be operated as a carrier class DSLAM with ADSL, SDSL, and Integrated Services Digital Network DSL (IDSL) interfaces. The Cisco 6160 is intended for use in North American central office facilities. The Cisco 6160 DSLAM can support up to 256 subscribers and concentrate traffic onto a single high-speed WAN trunk. ExaeineFigure 8-2. The chassis has 32 short slots for line cards and two double-length slots for Network Interface (NI-2) cards. Slots 10 and 11 hold the NI-2 cards....

LMI Autosense

Cisco FRADs running Cisco IOS Release 11.2 and above support the LMI autosense feature. LMI autosense lets you sense the LMI sent by one device that has the LMI type configured, usually on your service provider's WAN equipment, preventing possible misconfigu ration. LMI autosense is automaei cal ly ena tiled in t he following si tuatlons The router is powered up or the interface changes state to up. The line protocol is down, but the line is up. Thp interface is a Frame Relay DTE. The LMI type...

Dialer Rotary Group Overview

Dialer rotary groups are designed to simplify configuration for multiple callers and multiple-destination environments by binding a single configuration to multiple physical interfaces. Synchronous, asynchronous, ISDN BRI, and ISDN PRI interfaces can make up a dialer rotary group. A physical in terface that is configured as a member of a rotary group assumes configuration parameters for the group. A rotary group consisting of multiple physical interfaces applies the configuration of a logical...

Example 1015 Configuring the Dialer Interface for Dialer Profiles

R1(config) interface dialer 0 R1(config-if) ip unnumbered loopback0 R1(config-if) encapsulation ppp R1(config-if) dialer remote-name R2 R1(config-if) dialer pool 1 R1(config-if) dialer string 4082222222 R1(config-if) dialer-group 1 R1 (config-if) exit R1(config) dialer-list 1 protocol ip permit fnExarriih le 10 5, the dialler interface is configureda Yon can se e how most of the l egacy DDR commands t leat used to be configured on a B RI interface are now conjure d here. You ca n elso see...

A nalog

Analog dinlup men ice is the mosn ublquiSous remofe ncess available. All you need is a phone line and a modem. Speeds, which started out around 300 bps, have steadily increased over the years to 56 kbps. Users using analog dialup usually connect to an access server using a modem. The provider that operates the access server gives the user a phone number. The user connects to the access server usin g that phone number. If in the same calling area, the user can connect to the provider using a...

Example 133 Authentication and Authorization Commands with TACACS

No service single-slot-reload-enable service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption logging rate-limit console 10 except errors aaa new-model aaa authentication login default group tacacs+ local enable aaa authentication login no_login none aaa authorization exec default group tacacs+ local aaa authorization exec no_login none enable secret 5 1 mKTM dS1tLOKpFMXI1gbcmdoMe0 username raymond privilege 7 password 0 raymond username wesley...

Acknowledgments

Wesley Shuo I would like to give special thanks to Brett Bartow and Cisco Press for giving me the once-in-a-lifetime opportunity to work on this book. Many thanks to Dmitry Bokotey, Raymond Morrow, and Deviprasad Konda for working extremely hard with me on this book. Special thanks to Adeel Ahmed for providing me with the lab resource and reviewing my chapter. Thanks to Cisco Systems and my manager, Himanshu Desai, for providing me with such a wonderful learning and working environment. Last...

Example 1018 Output of show interface Commands on the Interfaces

Serial0 0 is up, line protocol is up Hardware is PowerQUICC Serial Internet address is 10.0.1.1 24 Backup interface Dialer0, failure delay 5 sec, secondary disable delay 10 sec, kickin load not set, kickout load not set MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255 255, txload 1 255, rxload 1 255 Encapsulation HDLC, loopback not set Last input 00 00 03, output 00 00 03, output hang never Last clearing of show interface counters never Input queue 0 75 0 0 (size max drops flushes)...

Example 69 Monitoring the ISDN Connection in Real Time

ISDN Se1 0 23 ISDN Se1 0 23 ISDN Se1 0 23 ISDN Se1 0 n3 ISDN Se1 0 23 ISDN Se1 0 23 ISDN Se1 0 23 ISDN Se1 0 23 ISDN Se1 0 23 ISDN Se1 0 23 R4's configuration foNows all -he logical steps discussed in this and previous scenarios. It is not included here to save space. We believe that you can easily configure R4 on your own based on the information you've learned in this chapter.

Figure 41 Docsis Protocol Stack

Digital IF Modulation QPSK or 16 QAM Digital RF Modulation 64 QAM or 256 QAM Figure 4-2 illustrates a typical CATV and two-way data network. The Hybrid Fiber Coax (HFC) portion refers to any configuration of fiber optic and coaxial cable that id used ro distribute 8roadkand communiaations such as voice, video, amd data. The Hrm networt connecls fupscribers to the cable h eadend ayd video flows a s analog radio treoue ncy or optical signals i Optical fiber Orings the signal srom the headeng fo...

Dialer Profile Limitations

Dialer profiles have certain limitations Dialer profiles do not support dynamic encapsulation. The only supported encapsulation types are PPP and HDLC. X.U5 and Frame Relay are not currentIy supported. The physical and dialer interfaces both require PPP authentication to be enabled. The maximum threshold for incoming calls is checked only after the call has beet answered, so the charge applies regardless of whether the call is later disconnected becau se om tee exceeded limit. Each dialer...

Selecting a Traffic Policer Versus a Traffic Shaper

Poiicing is used to dtop excess traffic, a sd siapicg is used to allo w e cxess Infon to be queued. Shaping can be a bet1ec choice where app licatio ns are concerned, beca use shaped tnaffic does not require a retIansmission (dropped traffic does). In this case, Generic Traffic Shaping (GTS) might be the better tool. Be aware that excessive shaping can result in very deep queues on the shaping device. This might cause the sender to retransmit because of a perceived delay. Policing dropping of...

Example 1125 Output of show queueing priority

Current DLCI priority queue configuration Current priority queue configuration 1 low protocol ip tcp port ftp-data Example 1H-26 shows tlee output of the debug prior ity comman d. Note thad pac laets rem network 64.2h6.24 .e 24 are placed in the high- priorioy queue. You can also see that FTP traffic is being pl aced in tlae low-priority queue.

Practical Exercise 92 Configuring Multipoint Subinterfaces

In this Practical Exercise, you will configure a multipoint subinterface on R4 with point-to-point subinterfaces on R1 and R3. You will configure the necessary static mapping to allow IP connectivity across the circuits. Figure 9-8 illustrates your next topology, similar to the topology you used earlier. Th e difOerecce is that here you use a multipoint interface to complete the configuration. Figure 9-8. Multipoint Interface Topology Figure 9-8. Multipoint Interface Topology Follow these steps...

Example 835 Configuration Output for lab6400NRP

Service timestamps debug uptime service timestamps log uptime no service password-encryption i logging rate-limit console 10 except errors no logging console i username cisco password 0 cisco redundancy main-cpu auto-sync standard no secondary console enable ip subnet-zero interface Loopbackl ip address 20.1.1.1 2255.255.255.255 interface ATM0 0 0 no ip address no atm ilmi-keepalive hold-queue 500 in interface ATM0 0 0.135 point-to-point pvc 1 35 encapsulation aal5mux ppp Virtual-Template...

Practical Exercise 91 Unnumbered Frame Relay

In this Practical Exercise, you will configure IP unnumbered over subinterfaces at both ends of a point-to-point connection. You will use the IP addresses of the loopback interfaces for each end of the Frame Relay. Figure 9-7 illustrates the topology you will work with in this Practical Exercise. Follow these steps to configure your Frame Relay topology Step 1. Create your loopback interface. You can choose to create a loopback interface with just about any number you want to use. In this...

Frame Relay Error Checking

Frame Relay uses the CRC, used is masy applications such as the file systems is today's popular operating systems, to provide as error-checkisg mechanism. The CRC works by comparing two calculated values to determise if asy errors is the frames were escoustered alosg the trassmissios path from source to destisatios. Frame Relay uses the CRC to reduce setwork overhead caused by error-checkisg mechasisms. By leavisg the extessive error checkisg up to the higher-layer protocols you rus, Frame...

Step 3 Configuring te P Modem

After configuring the central-site modem, you need to configure the PC modem. The AT commands requised aoe spe ciTic to yuur modem m anufactnrer let's assume that the PC mooem is a U SIR Spo rtster mode l. You cas use the Hyperterminal com munications u tilidy to access tce modem. Hynerterminal is a commu nications software utility ahat comes w Oh Windows O S. Whbt you h ave acce ss, yok nepd to verify connectivity to the mowem by entering the co mmand AT. The modem shou i d respond wO h an OK...

Cisco VPN 3000 Series Concentrators

The Cisco VPN 3000 series concentrators are remote-access VPN platforms that combine high availability, high performance, and scalability with the most advanced encryption and authentication techniques available. Cisco VPN 3000 series concentrator features include the following High-performance, distributed-processing architecture using Cisco SEP modules to provide hardware-based encryption and large-scale tunneling support for IPSec, PPTP, and L2TP IPSec connections. Scalability with modular...

Authentication

Authenticatien is the method used to e ify your use r before he or- she is allowed access to your ieIwo rk and its services. A simple way of looking at configuring AAA authentication is defining a named list consisting of the authentication methods you want and then applying your defined list Vo yo ho id ent ified rnterfa ce You use the meIh od liso to define the types of authenticaPion spu want to tee performed and the sequence in which you want them to be performed. With one exception, the...

Example 1025 Routing Over the Backup Link

Codes C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route 172.16.0.0 24 is subnetted, 1 subnets C 172.16.42.0 is directly...

Example 816 RFC 1483 Bridging Configuration for the Circo 827

No ip routingm and for workplace challenges in implementing remote access network interface Ethernet0 ip address 10.1.121.2 255.255.255.0 . no ip directed-broadcast no ip mroute-cache bridge-group 1 mac-address 0001.96a4.8fae < --- MAC Address from Ethernet 0 ip address 10.1.121.2 255.255.255.0 no ip directed-broadcast no ip mroute-cache no atm ilmi-keepalive pvc 1 51 encapsulation aal5snap bundle-enable bridge-group 1 hold-queue 224 in Scenario 8-2 Config uring RBE over DSL In this scenario,...

Figure 52 PPP Negotiation Phases

Upper-Layer Protocols (such as IP, IPX, AppleTalk) Network Control Protocol (NCP) (Specific to Each Network-Layer Protocol) Physical Layer (such as EIA TIA-232, V.24, V.35, ISDN) The negotiation steps are bid irectio nal and sequen tial. In other words, LCP neg otia tion, including authentication (if configured), must be completed before the NCP negotiation can begin. When a PPP link is operational, it remains in this state until LCP or NCP initiates termination or the physical link fails. When...

Creating the Dialer Interface for Dialer Rotary Groups

The dialer interface created for rotary groups should include all configuration parameters that will later be applied to a physical interface when a call is made. Therefore, configuring a dialer interface has several stages of its own Step 1. Create a dialer interface with the following command Thenumber element is used to produce a dialer interface. It also is used as a reference number for a rotary group. All subsequent configuration steps in this section take place in dialer interface...

Nonstandard Modem Commands

In addition to standard modem commands, a number of nonstandard commands are essential for modems attached to Cisco routers. Let's take a look at some of these commands and how they are used by thwe e prom1 nent m ocixm vendors Microcom, Hayes, and U.S. Robotics (U SR). Any modem attached directly to a Cisco router needs to be configured for hardware flow control. USR modems use rhe commond AT& Ho& R2, where 8(H1 (tran smi t flow control) enables hardware flow control (CTS) and & R2...

Step 1 Initial Configuration

Befory co nfiguring the ahynchronous connection, you need to perform an initial configuration of the central-site router. You can do this from a terminal attached to its console port (line 0). You begin by ent ering g f ot> al co nfiguration mode. You can the n configu re the router name using the hostname command. It is also useful to disable the IP domain name system with the no ip domain-lookup command. This keeps tire system from trying to translate domain names that have typing errors....

Cable Mo dem Initialization Process

This section discusses the events during the registration process of a DOCSIS cable modem. You can view these events on the Cisco CM console port by entering the debug cable-modem mac log command. You can view the corresponding events on the CMTS by using the show cable modem command. Refer to Table 4-6 for explanations of each event that occurs on the CMTS. Examples 4-23 through 4-32 display each event of the CM initialization process. Event 1 Scanning for a Downstream Channel and Establishing...

Example 135 Some Accounting Commands with TACACS

Service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption i enable secret 5 1 mKTM dS1tLOKpFMXI1gbcmdoMe0 username wesley privilege 7 password 0 wesley clock timezone PST -8 aaa new-model aaa authentication login default group tacacs+ local enable aaa authentication login no_login none aaa authorization exec default group tacacs+ local aaa authorization exec no_login none aaa accounting exec default start-stop group tacacs+ aaa accounting...

Configuring a Cisco Router as a Frame Relay Switch

To configure Frame Relay switching, you must perform the following tasks Step 1. Enable Frame Relay switching. You do this with the global configuration command frame-relay switching. Step 2. Configure the interface LMI and the Frame Relay interface type. You need to set the encapsulation to Frame Relay with the encapsulation frame-relay command, and you must set the LMI type with the frame-relay Imi-type ansi cisco q993a command from the interface prompt. To continue configuring the Frame...

Scenario 133 C onfiguring Authorization Using TACACS

In tins scenario, you configsre auth en tication and ntho rization using TACACS+. The default login is th e TACACS+ s erven If there is no response wrom ohe server, use the local username password d araIase os ena the secreti Authentication and autfo rizat ion are app lied oo che Trlneo session I ut not to t he console port. Tie TACACS+ server s cond gored wioh R1 's Etheries IP address and uses the key cisco. The aaa authtrizatitn exec command is used to determine if the user is allowed to...

Task 4 Solution

At the R1 console, provide all the configuration required to set the following IPSec settings R1(config) access-list 105 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 R1(config) access-list 106 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 R1(config) crypto ipsec transform-set encrypt-des esp-des R1(config) crypto map combined local-address serialO R1(config) crypto map combined 20 ipsec-isakmp R1(config-crypto-m) set peer 100.228.202.154 R1(config-crypto-m) set...

Practical Exercise 61 Solution

Example 6-10. Configuration Output username remoteISDN01 password 0 open4u ip subnet-zero i clock source line primary linecode b8zs pri-group timeslots 1-24 i interface Ethernet0 ip address 171.68.186.54 255.255.255.240 interface Serial0 23 encapsulation ppp dialer rotary-group 2 isdn switch-type primary-5ess isdn incoming-voice modem interface Serial1 23 encapsulation ppp dialer rotary-group 2 isdn switch-type primary-5ess isdn incoming-voice modem interface...

Example 32 Chat Script

Router(config) chat-script dial ABORT ERROR ABORT BUSY ATZ OK ATDT T TIMEOUT 30 CONNECT c Chat scripts gene ra lly perform tasks such as Initializing the attached modem Instructing the modem to dial out Logging into a re mote system Thestart-chat command allows you to manually start a chat script on any asynchronous line that is not currently active. The command syntax is Routerfstart-chatregexp line-number dialer-string You can configure chat scripts so that they are executed automatically for...

Which Devices Represent the BRI Reference Points

Reference points are interfaces between functional groups. They might or might not manifest in actual physical interfaces. Reference points include the following U User reference point. Between NT1 and LT. T Terminal reference point. Between NTa and NT2, or between NT1 and TE1 (or TA) if no NT2 is present. S System reference point. Between NT2 and TE1 (or TA). Has the same characteristics as bhe T interface. R Rate reference point. Between TA and TE2. Let's spend a few moments discussing how...

Cisco Cable Access Router Docsiscompliant Bridging Configuration

As mentioned earlier, this is the default mode of operation for a Cisco cable access router. The cable access router Cu-inctions in its plug-and-play DOCSIS-compliant bridging mode and performs as a DOCSIS-compliant two-way cable modem with this configuration. A Cisco DOCSIS-compliant cable modem supports the following minimum set of features It downloads the DOCSIS configuration file from the CMTS or dedicated server at the heade Cd. It provisions and configures itself automatically. It ope...

Caller ID

The caller identification feature allows for screening of incoming ISDN calls. When the call is requested, the number supplied in the message is checked against a preexisting table of permitted numbers. This way, the call is not accepted until it is verified. The syntax for the I SDN caller ID command is as follows Router(config-if) isdn callernumber callback exact This statement is applied to a called router. The number argument can be up to 25 characters long and can specify a range of...

Example 42 Verifying the Upstream Frequency

UBR7246 show controller cable 3 0 upstream 0 Cable3 0 Upstream 0 is up Frequency 38.992 MHz, Channel Width 3.200 MHz, 16-QAM Symbol Nominal Input Power Level 0 dBmV, Tx Timing Offset 2744 Ranging Backoff automatic (Start 0, End 3) Ranging Insertion Interval automatic (60 ms) Tx Backoff Start 0, Tx Backoff End 4 part_id 0x3137, rev_id 0x03, rev2_id 0xFF nb_agc_thr 0x0000, nb_agc_nom 0x0000 Range Load Reg Size 0x58 Request Load Reg Size 0x0E Minislot Size in number of Timebase Ticks is 8 Minislot...

Example 822 Atm Pvc Configuration for the NSP

Interface ATM8 0 0 description OC3 connection to lab-6160 no ip address no ip directed-broadcast no atm ilmi-keepalive atm pvc 1 53 interface ATM1 0 0 1 53 Example 8-23 shows the PPPoA configuration for the NRP. Example 8-23. PPPoA Configuration for the NRP interface ATM0 0 0 no ip address no ip directed-broadcast i interface ATM0 0 0.53 point-to-point description PPPoA Configuration pvc 1 53 encapsulation aal5mux ppp Virtual-Templatel interface Virtual-Templatel description PPPoA ip unnumbered...

Example 1012 Backup Interface Is Put Back in Standby Mode

Layer 2 for Interface BRI0 0, TEI 66 changed to down Layer 2 for Interface BR0 0, TEI 66 changed to downed as a topic-by-topic guide of how to apply remote access concepts in a real 00 11 55 LINK-5-CHANGED Interface BRI0 0, changed state to standby mode BRI0 0 is standby mode, line protocol is down Hardware is PQUICC BRI with U interface Internet address is 10.0.2.1 24 MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, reliability 255 255, txload 1 255, rxload 1 255 Encapsulation HDLC, loopback not...

RJ45 Wiring and Cables

Connector Cartoon

RJ-45 conn eotors are used for the following ports No standards define RJ-45 interface pinouts, but Cisco defines them as DTE. If you were t o cable the access secver port (RJ -45) to an exa rnal device (modem or termina l), you would need RJ-45-to-RJ-45 cable and as RJ -toyDB S adapter. An RJ- 45-to- RJn45 cable ca n be eollover or straight-through . A rollove r cable h as its pins reversed, as in d to) 8, 2 to 7, and so on. A straight-througli cable, o b the other hand, has th e pin s going...

NAT Operation

NAT can be confused with a proxy server, but there are definite differences between the two. NAT is transparent to the source and destination computers, but a proxy server is not. The source computer has to be specifically configured to communicate with a proxy server, whereas the destination com puter thinks that the proxy server is the source computer. Proxy servers usually operate at Layer 4 (the transport layer of the OSI Reference Model) or higher, and NAT operates at Layer 3 (the network...

Example 425 CM Enters the Ranging 1 and Ranging 2 States

Event 4 Establishing IP Connectivity InExample 4-26, the cable modem invokes DHCP requests to obtain a n IP address, which is needed for IP connectivity. The DHCP request also includes the name of a file that contains additional configuration parameters, the TFTP server's address, and the ToD server's address.

Basic Modem Configuration

This portion oft he con figuration se ction introduces y ou to some of the beginn in g stages of modem conf igurati on Modem configuration using standard AT commands Theinterface async command and the line command are used to configure an asynchronous port. The interface async command lets you configure the protocol or logical aspects of the asynchronous port. The line command lets you configure the physical aspects of the same port. You use the interface async command to configure internal...

Cisco Se curity R ouIters and Switches

Cisco has directly integrated security functionality into your network infrastructure through enhanced security features and functionality in Cisco routers and switches, enabling sophisticated security policy enforcement throughout the network. Cisco IOS software's enhanced VPN software features include the following Quality of1 service ( QoS) in the form of appi ication-swary pa cked classification, coegestion management, pa civet ueuing, and traffic shap)ing and polic ing ytatetul IOS1...

Practical Exercise 122 Combining Dynamic and Static NAT

In some situations, you might be required to combine dynamic NET with static NET. Before starting this Practical Exercise, you need to remember a few things. When you work with dynamic NET, a rranslation does not exist in the NET table until your router receives traffic that requires translation. E dynamic translation has a timeout period after which it is purged from your router's translation table. E static NET translation exists in your router's NET translation table as soon as you configure...

Configuring the Downstream Cable Interface

If the external up-converter is used, the downstream frequency is an information-only command. It should reflect the digital carrier frequency, which is the center frequency of the downstream RF carrier for that downstream port. The configuration controlling the digital carrier frrquerny is do ne in the IF -to-RN u p-converter tha t must be insta l led ia the dowhst -eam path Irom th e Cieco uBR7246. The commands to configure the downstream frequency are as follows uBR7246(config) interface...

Configuring QoS for VPN Support

You can configure the QoS for VPNs feature only on tunnel and virtual template interfaces and in crypto map configuration submodes. When used with GR IE and IP-in-IP (IPIP) tunnel protocols, you configure QoS on the tunnel interface, making QoS for VPNs a configuration option on a per-tunnel basis. When used with the L2F and L2TP protocols, you apply the configuration to the virtual template interface. L2TP clients belonging to identical virtual private dialup network (VPDO) groups inherit the...

Table 55 IPCP Parameters

Accepts any nonzero IP address from the peer. Domain Name Server. Accepts a peer request for any nonzero server address. Rejects the IPCP option if received from the peer. Ignores the dialer map when negotiating the peer IP address. Ignones a common username when providing an IP address to the peer. Example 5-9 displays the IPCP options configured on R1. Example 5-9. Configuring IPCP Parameters R1(config) interface async65 R1(config-if) ppp ipcp accept-address R1(config-if) ppp ipcp...

Configuring a Backup Interface for a Subinterface

You can use a backup interface with both a point-to-point subinterface and a multipoint Frame Relay subinterface. This allows individual PVCs to be backed up in case of failure rather than depending on the entire Frame Relay connection to fail before any redundancy takes over. You can configure a subinterface for backup on failure only, not for backup based on loading of the Any backup interface you configure for the main interface has precedence over any subinterface back up interface you have...

Step 7 Configuring Routing

You were previously warned that if you choose to advertise routing updates and inadvertently don't prevent those updates from bringing up the link, you might be unpleasantly surprised whee you receive a bill from your provider. Do n ot despair. ISD N teohnology offers numerous options to successfully accomplish what you need while keeping charges in check Static routes and default routes Dynamic routing with passive interfaces Here you will examine the static route option the rest are discussed...

D edications

Wesley Shuo I'd like to dedicate this book to my uocle and aunt, who passed away in 2001. Many thanks to my parents for always being there. To my sister, Eva, and brother, Jeff, for their continued support. To my best friends, Johnny, Oaniel, and Robinson, for being my mentors. To my dear wife, Flo2a , and two lovely daughters, Priscilla and Kristina, for putting up with me during She nights and weekends spent working on this book. Dmitry Bokotey I would like to dedicate this book to my wife,...

Practical Exercise 31 Configuring a Modem on the AUX Port for EXEC Dialin Connectivity

In many situations, it might be necessary to allow a router to accept interactive command processing oT Cisco COS (EXEC) calls with a modem connected to the router's auciliary (AUX) port. This document provides the necessary configuration tasks to configure such a scenario. This ecercise uses the network setup shown in Figure 3-4. Figure 3-4. Modem on the AUX Port for EXEC Dial-in Connectivity Figure 3-4. Modem on the AUX Port for EXEC Dial-in Connectivity

S

CCNP Practical Studies Remote Access ByWesley Shuo,Dmitry Bokotey,Raymond Morrow,Deviprasad Konda Publisher Cisco Press Pub Date December 22, 2003 ISBN 1-58720-073-2 Pages 528 About the Technical Reviewers Acknowledgments Foreward Intaodu ction Icons Used in This Book Command Syntax Conventions Chapter 1. Introduction to Remote Access Types of Remote-Access Users Rsmote -Access Tech no l bgies Summary Review Question s Chap ter 2. Building a CCNF Remote-RccRss Lab Creating LANs Creating WANs by...

Ddtedte A3 Answer D

4 Wha t command would you use to display sratus informat ion fot all lin e types Which line type would you associate with line number 0 Which of the following AT commands are common to most modem types Why would you use the modem autoconfiguration feature A. To config ure a modem automatically C. To update the m ode mcapda tabase 1 What are the downstream and upstream frequency allocations A1 Answer TheDOCSISupstream frequency is from 5 to 42 MHz. TheDOCSIS downstream frequency is from 88 to...

Practical Exercise 62 Solution

Example 6-11. Configuration Output aaa authentication login default local aaa authentication login NO_AUTHEN none aaa authentication ppp default if-needed local enable secret 5 < deleted> i username admin password 7 < deleted> username R5 password 7 < deleted> i interface LoopbackO ip address 172.17.1.1 255.255.255.0 ip address 192.168.10.2 255.255.255.252 ip address 172.20.10.2 255.255.255.0 dialer map ip 172.20.10.1 name R5 broadcast dialer map ip...

Basic CMTS Troubleshooting

The Cisco uBfh7200 series universal broadband routers maintain a database of flapping cable modems -o assist in locating cable plant problems. It tracks the upstream and downstream performance of all DOCSIS-compliant cable modems on the network. Information such as MAC address, up and down transitions, registration events, missed periodic ranging packets, upstream power adjustments, and the physical interface on the Cisco uBR7200 series is maintained in the flap list. Please note that the flap...

PPP Negotiation Phases

As soon as the encapsulation type described in the preceding section has been confirmed, the link media type is no ronger ralevan t to PPP connectio a esta blishment. PP P estadi shes netw wrk protocol connectivity in throe functiorel phases Link Control Protocol (LCP) Establishes and configures the data-link connection. During this pha se, the protocol uaed in the next phase i o negotiatedi Authentication Applies security functi onality to th e connect i on. Network Control Protocol (NCP)...

AAA Broadcast Accounting

If your networking environment has several AAA servers, you can take advantage of the AAA Iroadcast feature. The AAA Iroadcast feature for accounting allows accounting information to Is Iroadcast to several AAA servers at the same time. Broadcasting can be used for 2 grou b oR RA D US orTACACS+ servero. Each s erver gronp can define fackup servers for failover independently of other groups. BeforE you can s hccessfuNy c onf'igur AAA accpunti ng through named method lists l you compacte the...