Sybex CCNA 640-802 Chapter 16: Wide Area Networks Instructor & Todd Lammle.

Sybex CCNA 640-802 Chapter 16: Wide Area Networks

Instructor & Todd Lammle

Chapter 14 Objectives

The CCNA Topics Covered in this chapter include:

• Introduction to WAN’s• HDLC• PPP• Frame Relay• Introduction to VPN’s

2

Defining WAN Terms

• Customer Premises Equipment (CPE)• Demarcation (demarc)• Local loop• Central Office (CO)• Toll network

WAN Connection Bandwidth• Digital Signal 0 (DS0) This is the basic digital signaling rate of 64Kbps, equivalent to one channel.

Europe uses the E0 and Japan uses the J0 to reference the same channel speed. Typically used in a T-carrier transmission, this is the generic term used by several multiplexed digital carrier systems. This is the smallest capacity digital circuit. 1 DS0 = 1 voice/data line.

• T1 Also referred to as a DS1, this contains 24 DS0 circuits bundled together with a total bandwidth of 1.544Mbps.

• E1 European equivalent of the T1. Contains 30 DS0 circuits bundled together with a bandwidth of 2.048Mbps.

• T3 Referred to as a DS3, this has 28 DS1s bundled together, or 672 DS0s, with a bandwidth of 44.736Mbps.

• OC-3 Optical Carrier (OC) 3, uses fiber, is made up of three DS3s bundled together, and contains 2,016 DS0s with a total bandwidth of 155.52Mbps.

• OC-12 Optical Carrier 12 is make up of four OC-3s bundled together and contains 8,064 DS0s with a total bandwidth of 622.08Mbps.

• OC-48 Optical Carrier 48 is made up of four OC12s bundled together and contains 32,256 DS0s with a total bandwidth of 2488.32Mbps.

WAN Connection Types

WAN Support

• Frame Relay• ISDN• LAPB• LAPD• HDLC• PPP• ATM• PPPoE• Cable • DSL• MPLS• DWDM

Cable and DSL

Comparisons– Speed– Security– Popularity– Customer satisfaction

Cable Terms• Headend• Distribution network

• DOCSIS (Data Over Cable Service

Interface Specification)

Digital Subscriber Line (DSL)• Symmetrical DSL

• Asymmetrical DSL

ADSL

• PPPoE

• RFC1483 Routing

• PPPoA

PPPoE with ADSL

DTE-DCE-DTE

HDLC Protocol

• Bit-oriented Data Link layer ISO standard protocol

• Specifies a data encapsulation method

• No authentication can be used

HDLC Frame Format

Point-to-Point Protocol (PPP)

• Purpose:– Transport layer-3 packets across a

Data Link layer point-to-point link

• Can be used over asynchronous serial (dial-up) or synchronous serial (ISDN) media– Uses Link Control Protocol (LCP)

• Builds & maintains data-link connections

Point-to-Point Protocol Stack

PPP Main Components

• EIA/TIA-232-C– Intl. Std. for serial communications

• HDLC– Serial link datagram encapsulation method

• LCP– Used in P-t-P connections:

• Establishing• Maintaining• Terminating

• NCP– Method of establishing & configuring Network

Layer protocols– Allows simultaneous use of multiple Network

layer protocols

LCP Configuration Options

• Authentication– PAP– CHAP

• Compression– Stacker– Predictor

• Error detection– Quality– Magic Number

• Multilink– Splits the load for PPP over 2+ parallel

circuits; a bundle

PPP Session Establishment

• Link-establishment phase

• Authentication phase

• Network-layer protocol phase

PPP Session Establishment

PPP Authentication Methods

• Password Authentication Protocol (PAP)– Passwords sent in clear text– Remote node returns username &

password

• Challenge Authentication Protocol (CHAP)– Done at start-up & periodically– Challenge & Reply

• Remote router sends a one-way hash ~ MD5

Configuring PPPon Router A to talk to Router B

• Step #1: Configure PPP RouterA#config t

RouterA(config)#int s0

RouterAconfig-if)#encapsulation ppp

RouterA(config-if)#^Z

• Step #2: Define the username & password RouterA(config)#username RouterB password cisco

RouterB(config)#username RouterA password cisco

NOTE: (1) Username maps to the remoteremote router

(2) Passwords must match

• Step #3: Choose Authentication type for each router; CHAP/PAPRouterA(Config)#int s0

RouterA(config-if)#ppp authentication chap

RouterA(config-if)#ppp authentication pap

RouterA(config-if)#^Z

PPP Example 1

PPP Example 2

PPP Example 3

PPP Example 4

Frame Relay

• Background– High-performance WAN encapsulation

method– OSI Physical & data Link layer– Originally designed for use across ISDN

• Supported Protocols– IP, DECnet, AppleTalk, Xerox Network

Service (XNS), Novell IPX, Banyan Vines, Transparent Bridging, & ISO

Frame Relay

• Purpose– Provide a communications

interface between DTE & DCE equipment

– Connection-oriented Data Link layer communication

• Via virtual circuits• Provides a complete path from the

source to destination before sending the first frame

Before Frame Relay

After Frame Relay

Frame Relay Terminology

• Committed Information Rate (CIR)• Access rate

Committed Information Rate (CIR)

• Definition: Provision allowing customers to purchase amounts of bandwidth lower than what they might need– Cost savings– Good for bursty traffic– Not good for constant amounts of

data transmission

Frame Relay Encapsulation

• Specified on serial interfaces• Encapsulation types:

– Cisco (default encapsulation type)– IETF (used between Cisco & non-

Cisco devices)

RouterA(config)#int s0

RouterA(config-if)#encapsulation frame-relay ?

ietf Use RFC1490 encapsulation

<cr>

Data Link Connection Identifiers (DLCIs)

• Frame Relay PVCs are identified by DLCIs• IP end devices are mapped to DLCIs

– Mapped dynamically or mapped by IARP

• Global Significance: – Advertised to all remote sites as the same PVC

• Local Significance: – DLCIs do not need to be unique

• ConfigurationRouterA(config-if)#frame-relay interface-dlci ?

<16-1007> Define a DLCI as part of the current

subinterface

RouterA(config-if)#frame-relay interface-dlci 16

DLCI’s are Locally Significant

Local Management Interface (LMI)

• Background

• Purpose

• LMI Messages– Keepalives– Multicasting– Multicast addressing– Status of virtual circuits

LMI Types

• Configuration:RouterA(config-if)#frame-relay lmi-type ? cisco ansi q933a

– Beginning with IOS ver 11.2+ the LMI type is auto-sensed

– Default type: cisco

• Virtual circuit status:– Active– Inactive– Deleted

Congestion Control

• Discard Eligibility (DE)

• Forward-Explicit Congestion Notification (FECN)

• Backward-Explicit Congestion Notification (BECN)

Frame Relay Implementation Single Interface

Partial Meshed Networks

Sub-interfaces

• Definition– Multiple virtual circuits on a single

serial interface– Enables the assignment of different

network-layer characteristics to each sub-interface

• IP routing on one sub-interface• IPX routing on another

– Mitigates difficulties associated with:• Partial meshed Frame Relay networks• Split Horizon protocols

Creating Sub-interfaces

Configuration:#1: Set the encapsulation on the serial interface

#2: Define the subinterfaceRouterA(config)#int s0

RouterA(config)#encapsulation frame-relay

RouterA(config)#int s0.?

<0-4294967295> Serial interface number

RouterA(config)#int s0.16 ?

multipoint Treat as a multipoint link

point-to-point Treat as a point-to-point link

Mapping Frame Relay

Necessary to IP end devices to communicate– Addresses must be mapped to

the DLCIs– Methods:

• Frame Relay map command• Inverse-arp function

Using the map command

RouterA(config)#int s0

RouterA(config-if)#encap frame

RouterA(config-if)#int s0.16 point-to-point

RouterA(config-if)#no inverse-arp

RouterA(config-if)#ip address 172.16.30.1 255.255.255.0

RouterA(config-if)#frame-relay map ip 172.16.30.17 16 ietf broadcast

RouterA(config-if)#frame-relay map ip 172.16.30.18 17 broadcast

RouterA(config-if)#frame-relay map ip 172.16.30.19 18

Using the inverse arp command

RouterA(config)#int s0.16 point-to-point

RouterA(config-if)#encap frame-relay ietf

RouterA(config-if)#ip address 172.16.30.1 255.255.255.0

Monitoring Frame Relay

RouterA>sho frame ?

ip show frame relay IP statistics

lmi show frame relay lmi statistics

map Frame-Relay map table

pvc show frame relay pvc statistics

route show frame relay route

traffic Frame-Relay protocol statistics

RouterA#sho int s0

RouterB#show frame map

Router#debug frame-relay lmi

Troubleshooting Frame Relay

Why can’t RouterA talk to RouterB?Why can’t RouterA talk to RouterB?

Troubleshooting Frame Relay

Why is RIP not sent across the PVC?Why is RIP not sent across the PVC?

Introduction to VPN’s

• VPNs are used daily to give remote users and disjointed networks connectivity over a public medium like the Internet instead of using more expensive permanent means.

49

Types of VPN’s

• REMOTE ACCESS VPNSRemote access VPNs allow remote users like telecommuters to securely

access the corporate network wherever and whenever they need to.

• SITE-TO-SITE VPNSSite-to-site VPNs, or, intranet VPNs, allow a company to connect its remote

sites to the corporate backbone securely over a public medium like the Internet instead of requiring more expensive WAN connections like Frame Relay.

• EXTRANET VPNSExtranet VPNs allow an organization’s suppliers, partners, and customers to

be connected to the corporate network in a limited way for business-to-business (B2B) communications.

50

Cisco IOS IPsec

• IPSec Transforms specify a single security protocol with its corresponding security algorithm

• Security Protocols–Authentication Header (AH)–Encapsulating Security Payload (ESP)

51

IpSec benefits

• Confidentiality

• Data origin authentication and connectionless integrity

• Anti-replay service

• Traffic flow

52

Encryption

• Symmetric encryption

• Asymmetric Encryption

• Private keys

• Public keys

53

Written Labs and Review Questions

– Open your books and go through all the written labs and the review questions.

– Review the answers in class.

54