Sybex ICND2/CCNA R/S Chapter 21: Wide Area Networks Instructor & Todd Lammle.

Sybex ICND2/CCNA R/SChapter 21: Wide Area

NetworksInstructor & Todd Lammle

Chapter 21 Objectives

• The ICND2 Topics Covered in this chapter include:

• IP Routing Technologies– Configure and verify operation status of a Serial interface.

• WAN Technologies– Identify different WAN Technologies– Metro Ethernet– VSAT– Cellular 3G / 4G– MPLS– T1 / E1– ISDN– DSL– Frame relay– Cable– VPN– Configure and verify a basic WAN serial connection– Configure and verify a PPP connection between Cisco routers– Configure and verify Frame Relay on Cisco routers– Implement and troubleshoot PPPoE

• Troubleshooting– Troubleshoot and Resolve WAN implementation issues– Serial interfaces– PPP– Frame relay 2

WAN terms

WAN connection types

Broadband access using cable or DSL

Cable network and terms

xDSL connection from home user to central office. All types of DSL are layer

1 technologies.

PPPoE with ADSL

DTE-DCE-DTE WAN

DTE-DCE-DTE WAN connection: Clocking is typically provided by the DCE network to routers. In nonproduction environments, a DCE network is not always present.

Cisco’s HDLC frame format:

Each vendor’s HDLC has a proprietary data field to support multiprotocol environments.

Configuring Cisco’s HDLC proprietary WAN encapsulation

Corp(config)#int s0/0Corp(config-if)#ip address 172.16.10.1 255.255.255.252Corp(config-if)#no shut Corp#sh int s0/0Serial0/0 is up, line protocol is up Hardware is PowerQUICC Serial Internet address is 172.16.10.1/30 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) 

the PPP protocol stack compared to the OSI reference model.

PPP session establishment

PPP authentication example

Failed PPP authentication

Mismatched WAN encapsulations

Mismatched IP addresses

Before Frame Relay

After Frame Relay

DLCIs are local to your router.

RouterA uses DLCI 100 to send data to RouterB.

Configuring Subinterfaces

Corp(config)#int s0/0Corp(config-if)#no shutCorp(config-if)#encapsulation frame-relayCorp(config-if)#int s0/0.102 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point linkCorp(config-if)#int s0/0.102 point-to-pointCorp(config-subif)#ip address 10.1.12.1 255.255.255.0Corp(config-subif)#frame-relay interface-dlci 102Corp(config-subif)#int s0/0.103Corp(config-subif)#ip address 10.1.13.1 255.255.255.0Corp(config-subif)#frame-relay interface-dlci 103

Frame Relay mappings

So why can’t RouterA talk to RouterB across the Frame Relay network in Figure 7.20? To find that out, take a close look at the frame-relay map statement. See the problem now? You cannot use a remote DLCI to communicate to the Frame Relay switch; you must use your DLCI number! The mapping should have included DLCI 100 instead of DLCI 200.

Frame Relay routing problems

The correct line for RouterA would look like this:

frame-relay map ip 172.16.100.1 100 broadcast

Frame Relay OSPF routing problems

Since Frame Relay nonbroadcast multi-access (NBMA) networks won’t allow broadcasts or multicasts, an OSPF router will not attempt to dynamically discover any OSPF neighbors on the Frame-Relay interface. Also, since this means that elections won’t be allowed, you’d have to statically configure OSPF neighbors, plus the Corp router would need to be configured as a DR. But the easiest way to fix this problem is to use the command ip ospf network point-to-multipoint on all router Frame-Relay interfaces

Frame Relay EIGRP routing problemsThe hosts behind the Corp router can communicate to all hosts in all remote networks,

but hosts in SF, LA, and NY cannot communicate to each other.

Let’s take a look at the configuration of the Corp router:

interface Serial0/0 ip address 192.168.10.1 255.255.255.0 encapsulation frame-relayframe-relay interface-dlci 101frame-relay interface-dlci 102frame-relay interface-dlci 103

We can solve this problem with subinterfaces.

Take a look at the Corp router’s new configuration with subinterfaces, which solves the split horizon issues. Here are the steps to take:

1. Remove the IP address and interface-dlci commands from under the physical interface.

2. 2. Create a subinterface (logical interface) for each PVC.3. Design and implement a separate subnet (address space) for each

subinterface.4. Add the command frame-relay interface-dlci dlci under

each subinterface.interface Serial0/0 no ip address (notice there is no IP address on the physical interface!) encapsulation frame-relay!interface Serial0/0.101 point-to-point ip address 192.168.10.1 255.255.255.252frame-relay interface-dlci 101!interface Serial0/0.102 point-to-point ip address 192.168.10.5 255.255.255.252frame-relay interface-dlci 102!interface Serial0/0.103 point-to-pointip address 192.168.10.9 255.255.255.252frame-relay interface-dlci 103!

Example of using a VPN

Benefits of VPN’s

SecurityVPNs can provide very good security by using advanced encryption and authentication protocols, which will help protect your network from unauthorized access. IPsec and SSL fall into this category. Secure Sockets Layer (SSL) is an encryption technology used with web browsers, which has native SSL encryption, and are known as Web VPN. You can also use the Cisco AnyConnect SSL VPN client installed on you PC to provide a SSL VPN solution, as well as the Clientless Cisco SSL VPN. Cost Savings

By connecting the corporate remote offices to their closest Internet provider, and then creating a VPN tunnel with encryption and authentication, I gain a huge savings over opting for traditional leased point-to-point lines. This also permits higher bandwidth links and security, all for far less money than traditional connections.

ScalabilityVPNs scale very well to quickly bring up new offices or have mobile users connect securely while traveling or when connecting from home.

Compatibility with broadband technologyFor remote and traveling users and remote offices, any Internet access can provide a connection to the corporate VPN. This allows users to take advantage of the high-speed Internet access of DSL or cable modems.

Generic Routing Encapsulation (GRE) tunnel structure

Written Labs and Review Questions

– Read through the Exam Essentials section together in class

– Open your books and go through all the written labs and the review questions.

– Review the answers in class.

30