CCNA EXPLORATION V4.

0
ACCESSING THE WAN

ACCESSIBLE INSTRUCTOR MATERIALS

POWERPOINT OBJECTIVES

Prepared by
Cisco Learning Institute

June 23, 2008

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES

Chapter 1 – Services in a Converged WAN

Objectives
• Describe how the Cisco Enterprise Composite Model (ECNM) provides integrated
services over an Enterprise network.
• Describe the key WAN technology concepts.
• Identify the appropriate WAN technologies to use when matching ECNM best
practices with typical enterprise requirements for WAN communications.

Describe How ECNM Provides Integrated Services over an Enterprise Network

• Explain the purpose and function of WANs
• Describe the stages of business growth, the corresponding business requirements
for services and how those requirements are reflected in the Enterprise’s changing
network topology
• Describe the problems with the Hierarchical Design Model that Cisco's Enterprise
Composite Model has been designed to address
• Explain the purpose of Cisco Enterprise Architectures

Describe the Key WAN Technology Concepts

• Describe WAN functions in terms of the OSI Reference Model
• Describe the key WAN physical layer concepts for network and Internet
communications
• Describe the key WAN data link layer protocols used in today’s Enterprise WAN
networks
• Describe the switching technologies used for WANs in an Enterprise setting

Select the Appropriate WAN Technology to meet ECNM Requirements

• List the various options for connecting subscribers to the WAN
• Describe how Enterprises use leased line services to provide a WAN connection
• Describe the circuit switching options available to provide a WAN connection
• Describe the packet switching options available to provide a WAN connection
• List factors to consider when selecting a WAN connection

Summary
• A WAN is defined as
o A data communications network that operates beyond the geographic scope of a
LAN
• WAN primarily operate on layer 1 & 2 of the OSI model
• WAN technologies include
o Leased line
o ISDN
o Frame relay

June 23, 2008 Page 1

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
o X.25
o ATM
• Cisco Enterprise Architecture
o This is an expansion of the hierarchical model that further divides the enterprise
network into
ƒ Physical areas
ƒ Logical areas
ƒ Functional areas
• Selecting the appropriate WAN technology requires considering some of the
following:
o WAN’s purpose
o Geographic scope of WAN
o Traffic requirements
o If WAN uses a public or private infrastructure

Chapter 2 – Point-to-Point Protocol (PPP)

Objectives
• Describe the fundamental concepts of point-to-point serial communication including
TDM, demarcation point, DTE-DCE functions, HDLC encapsulation, and serial
interface troubleshooting.
• Describe PPP concepts including PPP layered architecture, PPP frame structure,
PPP session establishment, multiprotocol encapsulation support, link control
protocol (LCP), network control protocol (NCP), and Internet Protocol Control
Protocol (IPCP).
• Configure PPP on a serial interface including enabling PPP encapsulation, verifying
the PPP connection and troubleshooting encapsulation problems.
• Configure PPP authentication including explaining PAP and CHAP authentication
protocols, configuring PPP authentication using PAP and CHAP, and
troubleshooting PPP authentication problems.

Describe the Fundamental Concepts of Point-to-Point Serial Communication

• Describe the concept of serial communication as the basis of WAN technologies
• Explain how two or more data streams are transported across a single physical
connection using TDM
• Define the location of the demarcation point relative to customer and service
provider networks
• Explain the terms DTE and DCE with relative to the location of devices in a network
• Describe how high-level data link control (HDLC) uses one of three frame types to
encapsulate data
• Explain when and how to configure HDLC encapsulation on a router
• Describe the procedure to follow when troubleshooting a serial connection

June 23, 2008 Page 2

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES

Describe Point-to-Point Concepts

• Describe PPP in terms of its use in WAN links
• Describe the general function of each layer of PPP architecture
• Describe the purpose and format of each of the fields in a PPP frame
• Define the three phases of PPP session establishment
• Explain the role of the LCP in PPP
• Describe the characteristics of NCP

Configure PPP on a Serial Interface

• Describe how configuration options are communicated in the LCP frame
• Explain the purpose of the commands used to configure and verify PPP connections
• Explain the output of the show interfaces serial command
• Explain the output of the debug ppp command

Configuring PPP with Authentication

• Differentiate between PAP and CHAP
• Describe how to use PAP to authenticate a PPP connection
• Describe how to use CHAP to authenticate a PPP connection
• Outline the PPP encapsulation and authentication process on a flow chart
• Explain how to configure a PPP connection with authentication
• Explain the output of the debug ppp authentication command

Summary
• PPP is a widely used WAN protocol
• PPP provides multi-protocol LAN to WAN connections
• PPP session establishment – 4 phases
o Link establishment
o Link quality determination
o Network layer protocol configuration negotiation
o Link termination
• WAN Encapsulation
o HDLC default encapsulation
o PPP
• PPP authentication
o PAP
ƒ 2 way handshake
o CHAP
ƒ 3 way handshake
o Use debug ppp authentication to confirm authentication configuration
• PPP configuration
o Done on a serial interface
• After PPP configuration, use show interfaces command to display:

June 23, 2008 Page 3

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
o LCP state
o NCP state

Chapter 3 – Frame Relay

Objectives
• Describe the fundamental concepts of Frame Relay technology in terms of
Enterprise WAN services including Frame Relay operation, Frame Relay
implementation requirements, Frame Relay maps, and LMI operation.
• Configure a basic Frame Relay PVC including configuring and troubleshooting
Frame Relay on a router serial interface and configuring a static Frame Relay map.
• Describe advanced concepts of Frame Relay technology in terms of Enterprise WAN
services including Frame Relay sub-interfaces, Frame Relay bandwidth and flow
control.
• Configure an advanced Frame Relay PVC including solving reachability issues,
configuring Frame Relay sub-interfaces, verifying and troubleshooting Frame Relay
configuration.

Describe the Fundamental Concepts of Frame Relay Technology

• Describe how Frame Relay is used to provide WAN services to the Enterprise
• Describe how Frame Relay uses virtual circuits to carry packets from one DTE to
another
• Explain how Frame Relay encapsulation works
• Describe the types of topologies that are used for implementing Frame Relay in
different environments
• Describe how a router attached to a Frame Relay network uses LMI status
messages and inverse ARP queries to map VCs to layer 3 network IP Addresses

Configure a Basic Frame Relay PVC

• Configure a basic Frame Relay PVC on a router serial interface
• Configure a Basic Frame Relay PVC

Describe Advanced Concepts of Frame Relay Technology

• Explain the reachability issues associated with the Frame Relay NBMA topology
• Describe how to implement bandwidth control in the Frame Relay technology
• Describe how to implement flow control in Frame Relay technology

Configure an Advanced Frame Relay PVC

• Explain the steps to configure point-to-point subinterfaces on a physical interface
• Describe the commands used for verifying Frame Relay operation
• Describe the steps for troubleshooting a Frame Relay configuration

June 23, 2008 Page 4

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
Summary
• Frame relay is the most widely used WAN technology because it:
o Provides greater bandwidth than leased line
o Reduces cost because it uses less equipment
o Easy to implement
• Frame relay is associated with layer 2 of the OSI model and encapsulates data
packets in a frame relay frame
• Frame relay is configured on virtual circuits
o These virtual circuits may be identified by a DLCI
• Frame relay uses inverse ARP to map DLCI to IP addresses
• Configuring frame relay requires
o Enable frame relay encapsulation
o Configuring either static or dynamic mapping
o Considering split horizon problems that develop when multiple VCs are placed on
a single physical interface
• Factor affecting frame relay configuration
o How service provider has their charging scheme set up
• Frame relay flow control
o DE
o FECN
o BECN
• The following commands can be used to help verify frame relay configuration
o Show interfaces
o Show frame-relay lmi
o Show frame-relay pvc ###
o Show frame-relay map
• Use the following command to help troubleshoot a frame relay configuration
o Debug frame-relay lmi

Chapter 4 – Enterprise Network Security

Objectives
• Describe the general methods used to mitigate security threats to Enterprise
networks.
• Configure Basic Router Security.
• Explain how to disable unused Cisco router network services and interfaces.
• Explain how to use Cisco SDM.
• Manage Cisco IOS devices.

June 23, 2008 Page 5

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
Describe the General Methods used to Mitigate Security Threats to Enterprise
Networks
• Explain how sophisticated attack tools and open networks have created an
increased need for network security and dynamic security policies
• Describe the most common security threats and how they impact enterprises
• Describe the most common types of network attacks and how they impact
enterprises
• Describe the common mitigation techniques that enterprises use to protect
themselves against threats
• Explain the concept of the Network Security Wheel
• Explain the goals of a comprehensive security policy in an organization

Configure Basic Router Security

• Explain why the security of routers and their configuration settings is vital to network
operation
• Describe the recommended approach to applying Cisco IOS security features on
network routers
• Describe the basic security measures needed to secure Cisco routers

Explain How to Disable Unused Cisco Router Network Services and Interfaces
• Describe the router services and interfaces that are vulnerable to network attack
• Explain the vulnerabilities posed by commonly configured management services
• Explain how to secure a router with the command-line interface (CLI) auto secure
command

Explain How to Use Cisco SDM

• Provide an overview of Cisco SDM
• Explain the steps to configure a router to use Cisco SDM
• Explain the steps you follow to start SDM
• Describe the Cisco SDM Interface
• Describe the commonly used Cisco SDM wizards
• Explain how to use Cisco SDM for locking down your router

Manage Cisco IOS Devices

• Describe the file systems used by a Cisco router
• Describe how to backup and upgrade a Cisco IOS image
• Explain how to back up and upgrade Cisco IOS software images using a network
server
• Explain how to recover a Cisco IOS software image
• Compare the use of the show and debug commands when troubleshooting Cisco
router configurations
• Explain how to recover the enable password and the enable secret passwords

June 23, 2008 Page 6

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
Summary
• Security Threats to an Enterprise network include:
o Unstructured threats
o Structured threats
o External threats
o Internal threats
• Methods to lessen security threats consist of:
o Device hardening
o Use of antivirus software
o Firewalls
o Download security updates
• Basic router security involves the following:
o Physical security
o Update and backup IOS
o Backup configuration files
o Password configuration
o Logging router activity
• Disable unused router interfaces & services to minimize their exploitation by
intruders
• Cisco SDM
o A web based management tool for configuring security measures on Cisco
routers
• Cisco IOS Integrated File System (IFS)
o Allows for the creation, navigation & manipulation of directories on a cisco device

Chapter 5 – Access Control Lists

Objectives
• Explain how ACLs are used to secure a medium-size Enterprise branch office
network.
• Configure standard ACLs in a medium-size Enterprise branch office network.
• Configure extended ACLs in a medium-size Enterprise branch office network.
• Describe complex ACLs in a medium-size Enterprise branch office network.
• Implement, verify and troubleshoot ACLs in an enterprise network environment.

Explain How ACLs are Used to Secure a Medium-Size Enterprise Branch Office
Network
• Describe the steps that occur in a complete TCP conversation
• Explain how a packet filter allows or blocks traffic
• Describe how ACLs control access to networks
• Use a flow chart to show how ACLs operate
• Describe the types and formats of ACLs

June 23, 2008 Page 7

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
• Explain how Cisco ACLs can be identified using standardized numbering or names
• Describe where ACLs should be placed in a network
• Explain the considerations for creating ACLs

Configure Standard ACLs in a Medium-Size Enterprise Branch Office Network

• Explain why the order in which criteria statements are entered into an ACL is
important
• Explain how to configure a standard ACL
• Describe how to use wildcard masks with ACLs
• Describe how to apply a standard ACL to an interface
• Explain the process for editing numbered ACLs
• Explain how to create a named ACL
• Describe how to monitor and verify ACLs
• Explain the process for editing named ACLs

Configure Extended ACLs in a Medium-Size Enterprise Branch Office Network

• Explain how an extended ACL provides more filtering then a standard ACL
• Describe how to configure extended ACLs
• Describe how to apply an extended ACL to an interface
• Describe how to create named extended ACLs

Describe Complex ACLs in a Medium-Size Enterprise Branch Office Network

• List the three types of complex ACLs
• Explain how and when to use dynamic ACLs
• Explain how and when to use reflexive ACLs
• Explain how and when to use time-based ACLs
• Describe how to troubleshoot common ACL problems

Implement, Verify and Troubleshoot ACLs in an Enterprise Network Environment

• Create, place and verify a standard/ extended ACL and verify its placement.
• Verify ACL’s functionality and troubleshoot as needed.

Summary
• An Access List (ACL) is:
o A series of permit and deny statements that are used to filter traffic
• Standard ACL
o Identified by numbers 1 - 99 and 1300 - 1999
o Filter traffic based on source IP address
• Extended ACL
o Identified by number 100 -199 & 2000 - 2699
o Filter traffic based on
ƒ Source IP address
ƒ Destination IP address

June 23, 2008 Page 8

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
ƒ Protocol
ƒ Port number
• Named ACL
o Used with IOS 11.2 and above
o Can be used for either standard or extended ACL
• ACL’s use Wildcard Masks (WCM)
o Described as the inverse of a subnet mask
ƒ Reason
– 0 Æ check the bit
– 1 Æ ignore the bit
• Implementing ACLs
o 1st create the ACL
o 2nd place the ACL on an interface
ƒ Standard ACL are placed nearest the destination
ƒ Extended ACL are placed nearest the source
• Use the following commands for verifying & troubleshooting an ACL
o Show access-list
o Show interfaces
o Show run
• Complex ACL
o Dynamic ACL
o Reflexive ACL
o Time based ACL

Chapter 6 – Providing Teleworker Services

Objectives
• Describe the enterprise requirements for providing teleworker services.
• Explain how broadband services extend Enterprise Networks including DSL, cable,
and wireless.
• Describe how VPN technology provides secure teleworker services in an Enterprise
setting.

Describe the Enterprise Requirements for Providing Teleworker Services

• Describe the benefits of teleworkers for business, society and the environment.
• List remote connection technologies and describe scenarios in which each would be
implemented.
• Describe the key differences between private and public network infrastructures.

Explain How Broadband Services extend Enterprise Networks

• Briefly describe how broadband services allow teleworkers to use the Internet to
connect to the Enterprise WAN

June 23, 2008 Page 9

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
• Describe how Enterprises use cable connectivity to extend their reach
• Describe how Enterprises use DSL connectivity to extend their reach
• Describe how Enterprises use broadband wireless connectivity to extend their reach
• Describe how Enterprises defend themselves from threats to wireless network
security

Describe How VPN Technology Provides Secure Teleworker Services in an

Enterprise Setting
• Explain the importance and benefits of VPN technology
• Compare site-to-site VPNs to remote-access VPNs
• Describe the hardware and software components that typically make up a VPN
• Describe the characteristics of secure VPNs
• Describe the concept of VPN tunneling
• Describe the concept of VPN encryption
• Describe the concept of IPsec Protocols

Summary
• Requirements for providing teleworker services are:
o Maintains continuity of operations
o Provides for increased services
o Secure & reliable access to information
o Cost effective
o Scalable
• Components needed for a teleworker to connect to an organization’s network are:
o Home components
o Corporate components
• Broadband services used
o Cable
ƒ transmits signal in either direction simultaneously
o DSL
ƒ requires minimal changes to existing telephone infrastructure
ƒ delivers high bandwidth data rates to customers
o Wireless
ƒ increases mobility
ƒ wireless availability via:
– municipal WiFi
– WiMax
– satellite internet
• Securing teleworker services
o VPN security achieved through using
ƒ Advanced encryption techniques
ƒ Tunneling
o Characteristics of a secure VPN
ƒ Data confidentiality
June 23, 2008 Page 10
 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
ƒ Data integrity
ƒ authentication

Chapter 7 – Implementing IP Addressing Services

Objectives
• Configure DHCP in an enterprise branch network.
• Configure NAT on a Cisco router.
• Configure new generation RIP (RIPng) to use IPv6.

Configure DHCP in an Enterprise Branch Network

• Describe the function of DHCP in a network
• Describe how DHCP dynamically assigns an IP address to a client
• Describe the differences between BOOTP and DHCP
• Describe how to configure a DHCP server
• Describe how to configure a Cisco router as a DHCP client
• Explain how DHCP Relay can be used to configure a router to relay DHCP
messages when the server and the client are not on the same segment
• Describe how to configure a Cisco router as a DHCP client using SDM
• Describe how to troubleshoot a DHCP configuration

Configure NAT on a Cisco Router

• Describe the operation and benefits of using private and public IP addressing
• Explain the key features of NAT and NAT overload
• Explain the advantages and disadvantages of NAT
• Describe how to configure static NAT to conserve IP address space in a network
• Describe how to configure dynamic NAT to conserve IP address space in a network
• Describe how to configure NAT Overload to conserve IP address space in a network
• Describe how to configure port forwarding
• Describe how to verify and troubleshoot NAT and NAT overload configurations

Configure New Generation RIP (RIPng) to use IPv6

• Explain the need for IPv6 to provide a long-term solution to the depletion problem of
IP address
• Describe the format of the IPv6 addresses and the appropriate methods for
abbreviating them
• Describe the transition strategies for implementing IPv6
• Describe how Cisco IOS dual stack enables IPv6 to run concurrently with IPv4 in a
network
• Describe the concept of IPv6 tunneling
• Describe how IPv6 affects common routing protocols, and how these protocols are
modified to support IPv6
June 23, 2008 Page 11
 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
• Explain how to configure a router to use IPv6
• Explain how to configure and verify RIPng for IPv6
• Explain how to verify and troubleshoot IPv6

Summary
• Dynamic Host Control Protocol (DHCP)
o This is a means of assigning IP address and other configuration information
automatically.
• DHCP operation
o 3 different allocation methods
ƒ Manual
ƒ Automatic
ƒ Dynamic
o Steps to configure DHCP
ƒ Define range of addresses
ƒ Create DHCP pool
ƒ Configure DHCP pool specifics
• DHCP Relay
o Concept of using a router configured to listen for DHCP messages from DHCP
clients and then forwards those messages to servers on different subnets
• Troubleshooting DHCP
o Most problems arise due to configuration errors
o Commands to aid troubleshooting
ƒ Show ip dhcp
ƒ Show run
ƒ debug
• Private IP addresses
o Class A = 10.x.x.x
o Class B = 172.16.x.x – 172.31.x.x
o Class C = 192.168.x.x
• Network Address Translation (NAT)
o A means of translating private IP addresses to public IP addresses
o Type s of NAT
ƒ Static
ƒ Dynamic
o Some commands used for troubleshooting
ƒ Show ip nat translations
ƒ Show ip nat statistics
ƒ Debug ip nat
• IPv6
o A 128 bit address that uses colons to separate entries
o Normally written as 8 groups of 4 hexadecimal digits
• Cisco IOS Dual Stack

June 23, 2008 Page 12

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
o A way of permitting a node to have connectivity to an IPv4 & IP v6 network
simultaneously
• IPv6 Tunneling
o An IPV6 packet is encapsulated within another protocol
• Configuring RIPng with IPv6
o 1st globally enable IPv6
o 2nd enable IPv6 on interfaces on which IPv6 is to be enabled
o 3rd enable RIPng using either
ƒ ipv6 rotuer rip name
ƒ ipv6 router name enable

Chapter 8 – Network Troubleshooting

Objectives
• Establish a network baseline
• Describe troubleshooting methodologies and troubleshooting tools
• Describe the common issues that occur during WAN implementation
• Troubleshoot enterprise network implementation issues

Establish a Network Baseline

• Explain the importance of network documentation
• Describe the stages of the network documentation process
• Explain the purpose for measuring normal network performance when creating a
baseline
• Describe the steps for establishing a network baseline

Describe Troubleshooting Methodologies and Troubleshooting Tools

• Explain why a systematic method is the generally the best approach to
troubleshooting
• Describe how layered models, such as the OSI reference model or TCP/IP model,
are used for troubleshooting
• Describe the three stages of the general troubleshooting process
• Describe the three main methods for troubleshooting network problems
• Describe the stages for gathering symptoms for troubleshooting a network problem
• Describe the types of software and hardware tools that are commonly used when
troubleshooting networks

Describe the Common Issues that Occur During WAN Implementation

• Describe the fundamentals in WAN design and communication
• Describe the steps for designing or modifying a WAN
• Describe the considerations for analyzing WAN traffic
• Describe the considerations for designing a WAN topology

June 23, 2008 Page 13

 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
• Describe common WAN implementation issues
• Describe the recommended steps for troubleshooting a WAN

Troubleshoot Enterprise Network Implementation Issues

• Explain how network diagrams are used for troubleshooting
• Describe how to troubleshoot network problems occurring at the physical layer
• Describe how to troubleshoot network problems occurring at the data link layer
• Describe how to troubleshoot network problems occurring at the network layer
• Describe how to troubleshoot network problems occurring at the transport layer
• Describe how to troubleshoot network problems occurring in the application layers

Summary
• Network Baseline
o How a network is expected to perform under normal conditions
• Network documentation should include:
o Network configuration table
o End-system configuration table
o Network topology diagram
• Planning for the 1st baseline
o Determine what type of data to collect
o Identify devices and ports of interest
o Determine baseline duration
• 3 stages of the troubleshooting process
o Gather symptoms
o Isolate problem
o Correct problem
• 3 main methods for troubleshooting a network
o Bottom up
o Top down
o Divide & conquer
• Software troubleshooting tools
o Cisco view
o Solar winds
o HP Open view
• Hardware troubleshooting tools
o Network analysis mode
o Digital multi-meters
o Cable testers
o Network analyzer
• Common WAN implementation issues include
o QoS
o Reliability
o Security
o Latency
June 23, 2008 Page 14
 CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
o Confidentiality
o Public or Private
• Using a layered approach to troubleshooting aids in isolating and solving the
problem

June 23, 2008 Page 15