Administratively Down State for an ATM Interface

This topic describes troubleshooting situations in which the interface is down because of an administrative action. This is the simplest problem to resolve. Is the ATM Interface in an Administratively Down State ATM interface is administratively disabled. ATM0 is administratively down, line protocol is down < rest of the output omitted > Enable administratively disabled interface. Enter configuration commands, one per line. End with CNTL Z. router(config) interface atm 0 router(config-if)...

ADSL operation and performance is influenced by different impairments

ADSL service is deployed between ADSL modems at the subscriber and the CO locations. The CPE ADSL modem is known as the ADSL Transmission Unit-Remote (ATU-R). The CO modem is also called ADSL Transmission Unit-central office (ATU-C). Special devices called DSLAMs are located at the CO a DSLAM encompasses multiple ATU-Cs. The basic line-coding techniques associated with ADSL are as follows Single-carrier Carrierless Amplitude and Phase Modulation (CAP) Multicarrier with DMT Discrete Multi-Tone...

After the Introduction of the PHP

A label is removed on the router before the last hop within an MPLS domain. The term pop means to remove the top label in the MPLS label stack instead of swapping it with the next-hop label. The last router before the egress router, therefore, removes the top label. PHP slightly optimizes MPLS performance by eliminating one LFIB lookup at the egress edge LSR. 3-36 Implementing Secure Converged Wide Area Networks (ISCW) v1.0

Before the Introduction of the PHP

Double lookup is not an optimal way of forwarding labeled packets. A label can be removed one hop earlier. The check marks show which tables are used on individual routers. The egress router in this example must do a lookup in the LFIB table to determine whether the label must be removed and if a further lookup in the FIB table is required. PHP removes the requirement for a double lookup to be performed on egress LSRs. 2006 Cisco Systems, Inc. Frame Mode MPLS Implementation 3-35

Cisco Easy VPN Components

Cisco Easy VPN consists of two components Cisco Easy VPN Server and Cisco Easy VPN Remote. Cisco Easy VPN Server enables Cisco IOS routers, Cisco PIX Firewalls, and Cisco VPN 3000 Series Concentrators to act as VPN headend devices in site-to-site or remote-access VPNs, in which the remote office devices use the Easy VPN Remote feature. Using this feature, security policies defined at the headend are pushed to the remote VPN device, ensuring that those connections have up-to-date policies in...

Cisco Enterprise Architecture

The Cisco Enterprise Data Center Architecture A cohesive, adaptive network architecture that supports the requirements for consolidation, business continuance, and security, while enabling emerging service-oriented architectures, virtualization, and on-demand computing. IT staff can easily provide departmental staff, suppliers, or customers with secure access to applications and resources. This simplifies and streamlines management, significantly reducing overhead. Redundant data centers...

Cisco Hierarchical Network Model

Traditionally, the three-layer hierarchical model has been used in network design. The model provides a modular framework that allows flexibility in network design, and facilitates ease of implementation and troubleshooting. The hierarchical model divides networks or their modular blocks into the access, distribution, and core layers, with these features Access layer Used to grant user access to network devices. In a network campus, the access layer generally incorporates switched LAN devices...

Cisco SONA Framework

With its vision of the IIN, Cisco is helping organizations to address new IT challenges, such as the deployment of service-oriented architectures, web services, and virtualization. The Cisco Service-Oriented Network Architecture (SONA) is an architectural framework that guides the evolution of enterprise networks to an IIN. The SONA framework provides these advantages to enterprises Outlines the path towards the IIN Illustrates how to build integrated systems across a fully converged IIN...

Component Architecture of LSR

Wide Area Component

The primary function of an LSR is to forward labeled packets. Therefore, every LSR needs a Layer 3 routing protocol (for example, OSPF, EIGRP, or IS-IS) and a label distribution protocol (for example, LDP). LDP populates the LFIB table in the data plane that is used to forward labeled packets. 3-18 Implementing Secure Converged Wide Area Networks (ISCW) v1.0 Edge LSRs also forward IP packets based on their IP destination addresses and, optionally, label them if a label exists. A received IP...

Configuration of the Dsl Atm Interface

This topic lists commands and explains the procedure, in four steps, to configure a DSL ATM interface. Use the dsl operating-mode auto interface configuration command to specify that the router automatically detect the DSL modulation that the service provider is using and set the DSL modulation to match. An incompatible DSL modulation configuration can result in failure to establish a DSL connection to the DSLAM of the service provider. Use the pvc interface configuration command to set the...

Configuring MPLS on a Frame Mode Interface

This topic describes how to enable MPLS on a frame mode interface. This topic describes how to enable MPLS on a frame mode interface. Enable Tag Distribution Protocol (TDP) or Label Distribution Protocol (LDP) on the interface by using either tag switching or label switching. You enable the support for MPLS on a device by using mpls ip global configuration command, although this should be on by default, and then individually on every frame mode interface that participates in MPLS processes....

Connection between subscriber and CO

Several years ago, research by Bell Labs identified that a typical voice conversation over a local loop only required the use of bandwidth of 300 Hz to 3 kHz. For years the bandwidth above 3 kHz went unused. Advances in technology allowed DSL to use the additional bandwidth from 3 kHz up to 1 MHz to deliver high-speed data services over ordinary copper lines. For example, asymmetric DSL (ADSL) uses a frequency range from approximately 20 kHz to 1 MHz. In order to deliver high-bandwidth data...

Course Goal and Objectives

This topic describes the course goal and objectives. The goal of the ISCW course is to expand the reach of the enterprise network to teleworkers and remote sites. The theme of implementing a highly available network with connectivity options, such as VPN and wireless, is highlighted. Implementing Secure Converged Wide Area Networks Implementing Secure Converged Wide Area Networks Upon completing this course, you will be able to meet these objectives Describe the remote connectivity requirements...

Data Cable Technology Issues

The data cable technology issues relate to the fact that subscribers in a certain service area share a coaxial cable line. A shared coaxial cable line has these consequences Bandwidth available to a subscriber may vary based on how many subscribers use the service at the same time. The cable operator can resolve this issue by adding RF channels and splitting the service area into multiple smaller areas. There is a risk of privacy loss. This can be addressed by encryption and other privacy...

Data circuits are offloaded from the voice switch

The major benefit of ADSL is the ability to provide data services along with voice. When analog voice is integrated with ADSL, the POTS channel is split off from the ADSL modem by filters or splitters, which guarantees uninterrupted regular phone service even if ADSL fails. A user is able to use the phone line and the ADSL connection simultaneously without adverse effects on either service if filters or splitters are in place. ADSL offloads the data (modem) traffic from the voice switch and...

Data over ADSL

DSL is a high-speed Layer 1 transmission technology that works over copper wires. The DSL Layer 1 connection from the CPE is terminated at the DSLAM. The data link layer protocol that is usually used over DSL is ATM. A DSLAM is basically an ATM switch containing DSL interface cards (ATU-Cs). The DSLAM terminates the ADSL connections, and then switches the traffic over an ATM network to an aggregation router. The aggregation router is the Layer 3 device where IP connection from the subscriber...

Debug PPP Authentication

CPE debug ppp authentication CPE configure terminal Enter configuration commands, one per line. End with CNTL Z. CPE(config) interface ATM 0 0 CPE(config-if) no shutdown 00 19 05 LINK-3-UPDOWN Interface ATM 0 0, changed state to up 00 19 06 LINEPROTO-5-UPDOWN Line protocol on Interface ATM0 0, changed state to up 00 19 29 DIALER-6-BIND Interface Vi2 bound to profile Di1 00 19 29 Vi2 PPP Using dialer call direction 00 19 29 Vi2 PPP Treating connection as a callout 00 19 29 Vi2 PPP Authorization...

Default GRE Characteristics

Identifies the type of payload EtherType 0x800 is used for IP Identifies the presence of optional header fields Tunneling of arbitrary OSI Layer 3 payload is the primary goal of GRE Stateless (no flow control mechanisms) No security (no confidentiality, data authentication, or integrity assurance) 24-byte overhead by default (20-byte IP header and 4-byte GRE header) GRE encapsulation uses a protocol type field in the GRE header to support the encapsulation of any Open Systems Interconnection...

Determine if the PPPoE connect phase is successful

CPE show pppoe session Total PPPoE sessions 1 Get the status of the PPPoE session. Get the status of the PPPoE session. The significant fields shown in the output are 15 13 41.991 Sending PADI Interface Ethernet1 A broadcast Ethernet frame that requests a PPPoE server. 15 13 44.091 PPPOE we've got our pado and the pado timer went off This is a unicast reply from a PPPoE server (similar to a DHCP offer). 15 13 44.091 OUT PADR from PPPoE Session This is a unicast reply that accepts the offer. 15...

DSL Variants Examples

ADSL is designed to deliver more bandwidth downstream than upstream, and supports data and voice simultaneously over existing copper lines. ADSL is oriented towards residential subscribers, where usually more bandwidth is required in the downstream for applications such as downloading music, movies, playing online games, surfing the Internet, or receiving e-mail with large attachments. The downstream rate ranges from 256 kbps to 8 Mbps, while upstream speed can reach 1 Mbps. RADSL refers to...

Endto End Routing Information Flow

These steps describe the stages of routing information flow from the IPv4 routing updates entering the MPLS VPN backbone through their propagation as VPNv4 routes across the backbone Step 1 PE routers receive IPv4 routing updates from the CE routers and install them in the appropriate VRF table. Step 2 The customer routes from VRF tables are exported as VPNv4 routes into MPBGP and propagated to other PE routers. Step 3 The PE routers receiving MPBGP updates import the incoming VPNv4 routes into...

Enterprise Architecture Framework

Proper prioritization and delivery of traffic across the WAN using various QoS mechanisms Proper prioritization and delivery of traffic across the WAN using various QoS mechanisms Each building block addresses different enterprise network requirements The WAN building block Used to connect the campus, data center, branch, and teleworker into an enterprise network. The Enterprise Campus architecture Addresses the core infrastructure intelligent switching and routing integrated with advanced...

Example PAT Configuration

The access list will match any source address in the 10.0.0.0 8 network. In this example, the Dialer0 interface is the outside interface, and the Ethernet0 0 interface is the inside interface. The 10.x.x.x source addresses will be translated using PAT to the Dialer0 IP address. The Dialer0 interface receives its IP address from the service provider aggregation router using IPCP. 2006 Cisco Systems, Inc. Teleworker Connectivity 2-73

Frame Mode MPLS

The ingress edge router performs these tasks after it receives an IP packet It performs a routing lookup to determine the outgoing interface. If the outgoing interface is enabled for MPLS and if a next-hop label for the destination exists, it assigns and inserts a label between the Layer 2 frame header and the Layer 3 packet header. The router then changes the Layer 2 Ethertype value to indicate that this is a labeled packet. The router sends the labeled packet. Note Other routers in the core...

GRE over IPsec Characteristics

IPsec encapsulates unicast IP packet (GRE) - Tunnel mode (default) IPsec creates a new tunnel IP packet - Transport mode IPsec reuses the IP header of the GRE (20 bytes less overhead) The top figure shows the tunnel mode in which both tunneling technologies (IPsec and GRE) introduce their own tunnel IP header. The bottom figure illustrates the usage of transport mode in which IPsec reuses the IP header of the packet that it is protecting, and thus reduces the...

HFC Architecture

The HFC architecture is the evolution of an initial cable system and signifies a network that incorporates both optical fiber along with coaxial cable to create a broadband network. By upgrading a cable plant to an HFC architecture, you can deploy a data network over an HFC system to offer high-speed Internet services and you can serve more subscribers. The cable network is segmented into smaller service areas in which fewer amplifiers are cascaded after each optical node typically five or...

IKE authentication method

IP addressing and routing for clients You should also install these prerequisite services, depending on the chosen design RADIUS or TACACS+ server installation and configuration. CA installation and configuration if the public key infrastructure (PKI) is used for authentication. The router should also be enrolled with the CA to get the CA certificate and the identity certificate of the router that can later be used to enable PKI for the VPN. DNS resolution for the addresses of the VPN servers....

Interim Packet Propagation

Forwarded IP packets are labeled only on the path segments where the labels have already been assigned. Step 1 An unlabeled IP packet arrives at router A. Step 2 The packet is forwarded based on the information found in the FIB table on router A. Step 3 Label 25, found in the FIB table, is used to label the packet and it is forwarded to the next-hop router, router B. Step 4 Router B must remove the label because LSR B has not yet received any next-hop label (the action in the LFIB is untagged)....

Psec NAT Traversal

Need NAT traversal with IPsec over TCP UDP UDP encapsulation of IPsec packets UDP encapsulated process for software engines NAT traversal is negotiated with these factors UDP encapsulation of IPsec packets for NAT traversal UDP encapsulated process for software engines During IKE phase 1 negotiation, two types of NAT detection occur before IKE quick mode begins NAT support and NAT existence along the network path. To detect NAT support, the vendor ID string is exchanged with the remote peer....

Psec quick mode completes the connection

When an Easy VPN Remote client initiates a connection with an Easy VPN Server gateway, the conversation that occurs between peers generally consists of these steps Step 1 The VPN Client initiates the IKE Phase 1 process. Step 2 The VPN Client establishes an ISAKMP security association (SA). Step 3 The Easy VPN Server accepts the SA proposal. Step 4 The Easy VPN Server initiates a username and password challenge. Step 5 The mode configuration process is initiated. Step 6 The Reverse Route...

LIB and LFIB Setup

When a label is assigned to an IP prefix, it is stored in two tables LIB and LFIB. LIB and LFIB structures have to be initialized on the LSR allocating the label. Untagged action will remove the label from the frame and the router will send a pure IP packet. The LIB table is used to maintain the mapping between the IP prefix (network X), the assigned label (25), and the assigning router (local). The LFIB table is modified to contain the local label mapped to the forwarding action. In this case,...

Maximum distance is achieved at lowest data rate

The maximum data rate describes the maximum achievable downstream and upstream bandwidth with the shortest operational distance (distance between the subscriber and the CO). The maximum operational reach is the maximum achievable distance with the lowest operational data rate. The relation between bandwidth and distance is inversely related. ADSL offers greater distance reachability but the achievable speed is degraded as the distance increases. The maximum distance is limited to approximately...

Microfilters at customer premises

POTS splitters are used to separate the DSL traffic from the POTS traffic. The POTS splitter is a passive device. In the event of a power failure, the voice traffic will still be carried to the voice switch in the CO. Splitters may be located at the customer premises but are certainly used A microfilter is a passive low-pass filter with two ends. One end connects to the telephone, and the other end connects to the telephone wall jack. The local loop terminates on the customer premises at the...

Mode Configuration

Mechanism used to push attributes to IPsec VPN clients The mode configuration option is heavily used for Easy VPN. Easy VPN allows remote clients to receive security policies from an Easy VPN Server, minimizing configuration requirements at the client. Implementing Secure Converged Wide Area Networks (ISCW) v1.0 Cisco Easy VPN greatly simplifies VPN deployment for remote offices and teleworkers. The Cisco Easy VPN solution centralizes VPN management across all Cisco VPN devices, thus reducing...

Mpls Vpn Architecture

This topic describes the components of an MPLS VPN and how they are interconnected to enable enterprise network connectivity between sites. The MPLS VPN architecture offers service providers a peer-to-peer VPN architecture that combines the best features of overlay VPNs (support for overlapping customer address spaces) with the best features of peer-to-peer VPNs. The following describes these characteristics PE routers participate in customer routing, guaranteeing optimum routing between...

Option 1 Single Source and Destination Subnet

IPSec rules define the traffic, such as file transfers (FTP) and e-mail (SMTP) that will be protected by this VPN connection. Other data traffic will be sent unprotected to the remote device. Vou can protect all traffic between a particular source and destination subnet, or specify an IPSec rule that defines the traffic types to be protected. i* Protect all traffic between the following subnets Enterthe IP address and subnet mask of the network where IPSec traffic originates. C CreateiSelect an...

Option 1 Static Routing

Disable split tunneling by choosing the Tunnel all traffic option, which results in a default route pointing into the tunnel. Alternatively, you can choose the Do split tunneling option, and specify the IP address and subnet mask of the destination that is reachable through the tunnel. All other destinations are reachable by bypassing the tunnel. 4-114 Implementing Secure Converged Wide Area Networks (ISCW) v1.0

Option 2 Dynamic Routing Using EIGRP

S Select an existing EIGRP AS number r Create a new EIGRP AS number Add the private networks that you want to advertise to the other routers in this GRE over IPSec VPN. Other routers in this GRE over IPSec VPN must be in the same autonomous system. -Private networks advertised using EIGRP S Select an existing EIGRP AS number r Create a new EIGRP AS number Add the private networks that you want to advertise to the other routers in this GRE over IPSec VPN. Other routers in this GRE over IPSec VPN...

Optional GRE Extensions

Used for basic plaintext authentication and to distinguish between tunnels using the same source and destination addresses (i.e., parallel tunnels) Used for basic plaintext authentication and to distinguish between tunnels using the same source and destination addresses (i.e., parallel tunnels) GRE can optionally contain any one or more of these fields - Tunnel packet sequence number GRE keepalives can be used to track tunnel path status. Optional header information can include the following...

Overlay VPNs Frame Relay Example

The customer needs to connect three sites to Site A (central site, or hub) and orders connectivity between Site A (hub) and Site B (spoke), between Site A and Site C (spoke), and between Site A and Site D (spoke). The service provider implements this request by providing three permanent virtual circuits (PVCs) across the Frame Relay network. Note The implementation displayed in this example does not provide full connectivity data flow between spoke sites is through the hub. 3-56 Implementing...

Peerto Peer VPNs

For example, if you need to have full mesh connectivity between four sites, you will need a total of six point-to-point links or VCs. To overcome this drawback and provide the customer with optimum data transport across the service provider backbone, the peer-to-peer VPN concept was introduced. Here, the service provider actively participates in customer routing, accepting customer routes, transporting those customer routes across the service provider backbone, and finally propagating them to...

PKI Environment

This topic describes the public key infrastructure (PKI). Registration and Certification Issuance A PKI provides a hierarchical framework for managing digital security attributes of entities that will engage in secured communications. In addition to human users, there are encryption gateways, secure web servers, and other resources that require close control of identity and encryption. Peers communicating on a secure network At least one CA that grants and maintains certificates Digital...

Proper PPP Negotiation

This topic describes the procedure for determining if PPP is negotiating successfully. This topic describes the procedure for determining if PPP is negotiating successfully. Use the debug ppp negotiation command to negotiation process. Use the debug ppp authentication command authentication. With Layer 1 set up properly, correct VPI VCI being used, PVC being active, and data being received and sent, the next step is to ensure that a PPP session is established properly between the Cisco CPE...

Quick mode

Phase 1 is the initial negotiation of SAs between two IPsec peers. Optionally, phase 1 can also include an authentication in which each peer is able to verify the identity of the other. This conversation between two IPsec peers can be subject to eavesdropping with no significant vulnerability of the keys being recovered. Phase 1 SAs are bidirectional data may be sent and received using the same key material generated. Two modes are available for phase 1 SA negotiations main mode or aggressive...

Remote Site Requirements

Must provide access to multiple users and control network costs Must be able to access the central site Must access company information on demand from various remote locations A company with multiple sites that vary in size will need a remote network to connect the various locations. Typical locations include these sites Central site The central site is a large site that is often the corporate headquarters or a major office. Regional offices, SOHOs, and mobile workers may need to connect to the...

Requires knowledge of Cisco Ios Cli commands

To display messages about IKE events, use the debug crypto isakmp command in EXEC mode. To debug the authentication and authorization of Easy VPN tunnels, you can use the commands listed in the table. Use for troubleshooting user authentication Use for troubleshooting group policy configuration access via RADIUS Use to troubleshoot RADIUS communication 2006 Cisco Systems, Inc. IPsec VPNs 4-187

Sets IP address to be negotiated with the remote peer using IPCP

Use the commands in the table for PPPoE DSL dialer configuration. Dialer Commands for DSL Enables a dynamic address from the service provider using IP Control Protocol (IPCP). With IPCP, DSL routers automatically negotiate a globally unique (registered or public) IP address for the dialer interface from the service provider aggregation router. Specifies PPP encapsulation for the dialer interface. Stops Cisco Discovery Protocol (CDP) advertisements from going out the dialer interface. 2-68...

Siteto Site IPsec Configuration Apply VPN Configuration

In the last part of the IPsec configuration, the crypto map is applied to the interface. The crypto map is placed on the outgoing interface of the VPN tunnel. The example also shows static route configuration for packets to be sent into the tunnel. 2006 Cisco Systems, Inc. IPsec VPNs 4-65 This topic describes how to configure an interface ACL for IPsec. This topic describes how to configure an interface ACL for IPsec. In a typical scenario, using only IPsec VPN on the router interface, any...

Slow upstream for undemanding data requests

ADSL coexists with POTS over the same twisted-pair telephone line. Three information channels usually exist over the same wiring (depending on the variety of ADSL) a POTS channel for analog voice if that is desired, a varying-speed duplex channel, and a high-speed downstream channel. A user can use the phone line and the ADSL connection simultaneously without adverse effects on either service. ADSL is characterized by asymmetric data rates, with higher data rates toward the user (downstream)...

Symmetric Encryption 3DES

Mode of operation decides how to process DES three times Normally encrypt, decrypt, encrypt 3DES requires more processing than DES 3DES is defined as performing a DES encryption, then a DES decryption, and then a DES encryption again. 3DES has a key length of 168 bits (three 56-bit DES keys), but it has an effective key size of 112 bits. 2006 Cisco Systems, Inc. IPsec VPNs 4-33 AES, also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. It is...

Task 1 Install Cisco VPN Client

This topic describes how to install the VPN Client on your PC and includes the following Verifying system requirements Gathering the information that you need Installing the VPN Client through InstallShield Installing the VPN Client through MSI If you have not removed a previously installed VPN Client, when you execute the vpnclient_en.exe command or vpnclient_en.msi command, an error message displays. You must uninstall the previously installed VPN Client before proceeding with the new...

Task 4 Configure Transparent Tunneling

NAT-T enables IPsec and IKE over a standard UDP port 4500, allowing the VPN Client to be behind a NAT or PAT device. NAT-T enables IPsec and IKE over a standard UDP port 4500, allowing the VPN Client to be behind a NAT or PAT device. Transparent tunneling allows secure transmission between the VPN Client and a secure gateway through a router serving as a firewall, which may also be performing Network Address Translation (NAT) or Port Address Translation (PAT). Transparent tunneling encapsulates...

The Challenge of Connecting the Teleworker

This topic describes the challenges of connecting the teleworker, and describes the Business-Ready Teleworker solution that addresses these challenges. The enterprise teleworker solution provides an always-on, secure, centrally managed connection from the home of a user to the corporate network, to enable businesses to meet these Provide continuity of operations in case of loss of employee access to the workplace by inclement weather, commuter issues, man-made and natural disasters, and so on....

The MPLS Conceptual Model

You can connect sites using different topologies. For optimal routing between sites, a full mesh topology is required. The full mesh topology provides a dedicated virtual circuit between any two customer edge (CE) routers in the network, but the full mesh solution is very expensive. For a less expensive solution, you may use partial mesh topology or hub-and-spoke topology, but routing is not optimal with these solutions. The partial mesh topology reduces the number of virtual circuits, usually...

The PE router appears as another router in the Cnetwork

The CE routers run standard IP routing software and exchange routing updates with the PE routers, which appear to them as normal routers in the C-network. After you configure VRFs and establish MPBGP connectivity between PE routers, you have to configure routing protocols between the PE router and the attached CE routers. The PE-CE routing protocols on the PE router need to be configured for individual VRFs. Configuring routing protocol on the CE site is very simple. The customer has no...

The Teleworker Components

The required home office components are broadband access (cable or DSL), remote VPN router with QoS functionality, and laptop or desktop, while the optional components are IP phone, wireless LAN (WLAN) access point, and Cisco video telephony (VT) camera. Corporate components are a VPN headend router, VPN concentrator or a multifunction security appliance such as the Cisco Adaptive Security Appliance (ASA), authentication, and central management devices for resilient aggregation and termination...

Traditional vs Business Ready Teleworker

Level of accessibility to applications and services Advanced application support (voice and video) Controlled and remotely pushed by IT The traditional teleworker solution is characterized by these drawbacks Lower level of accessibility for example, the inability to deploy and support advanced applications, such as voice, video, and videoconferencing No QoS for efficient delivery and prioritization of traffic Inadequate security security relies on the end user, therefore leaving no control to...

Using DPD and Cisco IOS Keepalive Features with Multiple Peers in the Crypto

DPD and IOS keepalive features can be used in conjunction with multiple peers in the crypto map to allow for stateless failover. DPD allows the router to detect a dead IKE peer, and when the router detects the dead state, the router deletes the IPsec and IKE SAs to the peer. If you configure multiple peers, the router will switch over to the next listed peer for a stateless failover. This topic describes IPsec backup peers. One HA design option is to use native IPsec and its HA mechanisms...

Usually not needed

To enable CEF, use the ip cef command in global configuration mode. ip cef distributed (Optional) Enables the distributed CEF operation. Distributes the CEF information to the line cards. The line cards perform express forwarding. CEF is enabled by default only on these platforms CEF is enabled on the Cisco 7100 series router. CEF is enabled on the Cisco 7200 series router. CEF is enabled on the Cisco 7500 series Internet router. Distributed CEF is enabled on the Cisco 6500 series router....

Verifying a PPPoE Configuration

Displays PPPoE protocol messages about events that are part of normal session establishment or shutdown Displays authentication protocol messages, including CHAP and pAp packet exchanges Displays basic information about currently active PPPoE sessions To verify proper PPPoE session establishment and PPP authentication, use the debug commands in the table. Displays PPPoE protocol messages about events that are part of normal session establishment or shutdown Displays authentication protocol...

VPN Wizards

Pa Cisco Router and Security Device Manager (SDM) 10.1.1.1 e -4 COn,ISU,B S M n Refresh sJe Create Easy VPN Se rver Edit E a sy VP N S e rve r SDM can guide you through Easy VPN Server configuration tasks. AM is disabled on the router. AAA must tie enabled to configure Easy VPN Server. Enable AAA Create Easy VPN Se rver Edit E a sy VP N S e rve r SDM can guide you through Easy VPN Server configuration tasks. Configure Easy VPN Server J U Internet Client i AM is disabled on the router. AAA must...

What Are the VPN Implementation Technologies

Traditional VPN implementations were all based on the Layer 2 overlay model, in which the service provider sold virtual circuits (VCs) between customer sites as a replacement for dedicated point-to-point links. The Layer 2 overlay model had a number of drawbacks. To overcome these drawbacks (particularly in IP-based customer networks), a new model called the peer-to-peer VPN was introduced. In this model, the service provider actively participates in customer routing. In the Layer 1 overlay VPN...

What is Cable

A coaxial cable is a type of wire that consists of a center conductor surrounded by insulation, and then a grounded shield of braided wire. The shield is designed to minimize electrical and RF interference. CATV was developed to solve the problem of poor TV reception with the over-the-air method (via radio waves), in which a television antenna is required. In the beginning, the typical cable TV system consisted of a shared antenna (replaced later with a satellite dish) placed in some high...

X509 v3 Certificate

Subject Public Algorithm ID Key Info Public Key Value Signing Algorithm, e.g., SHA-1 with RSA User's Public Key (Bound to User's Subject Name) Other User Info, e.g., subAltName, CDP A certificate may be revoked if it is discovered that its related private key has been compromised, or if the relationship between an entity and a public key, embedded in the certificate, is discovered to be incorrect or has changed this might occur, for example, if a person changes jobs or names. A revocation is a...

Configuring the MTU Size in Label Switching

This topic describes how to configure the MTU size in label switching. This topic describes how to configure the MTU size in label switching. Optionally, you may change the maximum size of labeled packets. Because of the additional label header, increase the MTU on LAN interfaces to prevent IP fragmentation. The MPLS MTU size has to be increased on all routers attached to a LAN segment. The default MTU size on the LAN segments is 1500 bytes. The size of the MPLS MTU depends on the application...

Digital Signals over Radio Waves

Cable uses a part of RF electromagnetic frequencies. Cable can transmit signals simultaneously in either direction. RF portion used is subdivided for the two paths - Downstream Headend-to-subscriber has 810 MHz of RF bandwidth. - Upstream Subscriber-to-headend has 37 MHz of RF bandwidth. Cable uses a part of RF electromagnetic frequencies. Cable can transmit signals simultaneously in either direction. RF portion used is subdivided for the two paths - Downstream Headend-to-subscriber has 810 MHz...

Example Enterprise Network

A branch office or remote site typically has fewer users, and therefore needs a WAN connection with lower requirements in terms of bandwidth and availability. Remote sites typically connect to the central site and also sometimes connect to some other remote sites. Telecommuters may also require access to remote sites. Remote site traffic can vary, but is typically sporadic. The network designer must determine whether it is more cost-effective to offer either a permanent or on-demand solution....

Cisco SONA Layers

Network Infrastructure Vlrtuallzation Network Infrastructure Vlrtuallzation Intelligent Information Network - Intelligent Information Network - The SONA framework brings forth the notion that the network is the common element that connects and enables all components of the IT infrastructure. The SONA outlines these three layers of the IIN The networked infrastructure layer This is where all the IT resources are interconnected across a converged network foundation. The IT resources include...

Users on a segment share upstream and downstream bandwidth

A headend CMTS communicates with cable modems located in subscriber homes. In addition, a headend incorporates a computer system with databases for providing Internet services to cable subscribers. In a modern HFC network, typically 500 to 2000 active data subscribers are connected to a certain cable network segment, all sharing the upstream and downstream bandwidth. The actual bandwidth for Internet service over a CATV line can be up to 27 Mbps on the download path to the subscriber, and about...

Student Guide

Editorial, Production, and Graphic Services 07.21.06 Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel 408 526-4000 800 553-NETS (6387) Fax 408 526-4100 Cisco Systems International BV Haarlerb ergp ark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands www-europe.cisco.com Tel 31 0 20 357 1000 Fax 31 0 20 357 1100 Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel 408 526-7660 Fax 408 527-0883 www.cisco.com Tel +65...